For On-Prem installations of Looker that want to use version 22.8 or higher, migration to AES-256 GCM encryption is needed.
Summary of that process is:
export LKR_MASTER_KEY_FILE=<path_to_key_file>
For this last step, we might be using a command like this one:$ java -jar looker.jar migrate_encryption
Which should return the following message:
Encryption migration succeeded
That command works as intended when we are using the local HyperSQL database that is created by Looker, to use as the internal database, if we use that HyperSQL database, and we get the new jar files, Looker should start with no problem afterwards.
However, if our internal database is not the local HyperSQL database (most of the time it’s an external MySQL database), then, after we get the new jar files and we try to start Looker again like this:
$ ./looker start
We get the following message:
This Looker instance must be migrated to GCM encryption using 'migrate_encryption'
That is because we need to provide the external database credentials on the migrate_encrytpion
command, as described here: https://cloud.google.com/looker/docs/migrating-to-aes-256-gcm-encryption#:~:text=If%20your%20Looker%...
The Encryption migration succeeded
message is a false positive in this case, as it executed on the local HyperSQL database, not the external database, so, the correct command we need to use for this kind of setup is similar to this:$ java -jar looker.jar migrate_encryption -d /path/file