Cluster secret in env var PRISMA_MANAGEMENT_API_SECRET does not match for cluster default


#1

Hi,

I am trying to implement a managementApiSecret to secure my prisma application.
My problem is the title of this post. When deploying I get this:
“Cluster secret in env var PRISMA_MANAGEMENT_API_SECRET does not match for cluster default”

I have 3 config files one for my test env one for my dev env and one for my prod env.

My prod.env looks like that:

PRISMA_ENDPOINT=hereIsMyEndpont/prod

PRISMA_SECRET=my-secret

PRISMA_MANAGEMENT_API_SECRET=m-management-secret

I am using this command to deploy to prod:

“prisma deploy -e ./config/prod.env”

My docker-compose.yml file does not contain any managementApiSecret or clusterSecret? Is that the problem? is my docker-compose.yml file even still relevant when I have 3 extra config files for test dev and prod env?

I would appreciate any help regarding my problem and the questions I pointed out.

Best Regards,
Hassan


#2

You need to specify the managment secret in docker-compose.yml. obviously do not hardcode it, use an environment variable.

The prisma secret is set during pisma deploy based on the env variable


#3

If you docker-compose file doesn’t contain managementApiSecret then anyone can deploy to it so don’t use it production. Learn more about it here: https://www.prisma.io/docs/prisma-server/authentication-and-security-kke4/#management-api-secret


#4

Thanks for the answers.

So does it mean I have to delete my docker containers locally and redeploy to make the docker-compose.yml take effect with the new change? Because I tried putting the managementApiSecret into the docker-compose.yml file but it didn’t help me.

Do I need to delete something first?


#5

Once you have updated docker-compose.yml, you should simply re run docker-compose up -d