Error "secretOrPrivateKey is not valid key material"

Hi guys,

so I just recently set up my machine anew and tried to reinstall a strapi-project which I am working on atm. I didn’t change the configuration, didn’t change the db, just restored the db from a dump, ran npm install and started the devserver.
When trying to login to the backend im getting the following exception in the console:

[2023-03-29 17:08:27.838] error: secretOrPrivateKey is not valid key material
Error: secretOrPrivateKey is not valid key material
    at module.exports [as sign] (/home/chris/WebstormProjects/rhp-strapi-backend/node_modules/jsonwebtoken/sign.js:115:24)
    at Object.createJwtToken (/home/chris/WebstormProjects/rhp-strapi-backend/node_modules/@strapi/admin/server/services/token.js:33:14)
    at /home/chris/WebstormProjects/rhp-strapi-backend/node_modules/@strapi/admin/server/controllers/authentication.js:46:38
    at dispatch (/home/chris/WebstormProjects/rhp-strapi-backend/node_modules/koa-compose/index.js:42:32)
    at /home/chris/WebstormProjects/rhp-strapi-backend/node_modules/@strapi/admin/server/controllers/authentication.js:38:16
    at callback (/home/chris/WebstormProjects/rhp-strapi-backend/node_modules/koa-passport/lib/framework/koa.js:93:25)
    at strategy.success (/home/chris/WebstormProjects/rhp-strapi-backend/node_modules/passport/lib/middleware/authenticate.js:222:18)
    at verified (/home/chris/WebstormProjects/rhp-strapi-backend/node_modules/passport-local/lib/strategy.js:83:10)
    at /home/chris/WebstormProjects/rhp-strapi-backend/node_modules/@strapi/admin/server/services/passport/local-strategy.js:16:43

So I tried changing my keys, namely app.key in server.js and auth.secret and apiToken.salt to a 32chars long alphanumerical string with special chars and mixed case, yet I’m still getting the exception. Also deleted node_modules, rebuilt the backend and then started the devserver again and tried logging in just to get the same exception.
I’m on strapi v 4.6.2.
Is there something I’m missing here? Any help would be greatly appreciated.


One potential solution to this issue is to check if there are any environment variables that may be affecting the key material. Make sure that you have set the environment variables correctly and that they are accessible by the application.

Another thing you can try is to regenerate the keys and API tokens using a different method or tool. This may help to ensure that the key material is valid and compatible with your setup.

It’s also possible that the issue may be related to the version of Strapi you are using. You may want to check the Strapi documentation and release notes for any known issues or updates related to key material or authentication.

If none of these solutions work, it may be helpful to post your question on the Strapi community forum or contact their support team for further assistance. They may be able to provide more specific guidance based on your setup and configuration.

Thanks for the reply, I figured it out relatively quickly. Some of my env vars were interfering. This was some time ago though, so I don’t recall which one it was. But now it’s solved, so the thread can be closed, I guess. (Sry in advance for the dude facing the same problem and not finding the accurate answer in this thread.)