Last Modified: Jun 19, 2026
Affected Product(s):
F5OS F5OS-A, F5OS-C
Fixed In:
F5OS-A 1.8.4
Opened: Jul 18, 2025 Severity: 1-Blocking
After the F5OS API service gateway (api-svc-gateway) restarts, tenants may experience SecureVault errors while attempting to decrypt the master key. The tenant will be inoperative. Logs similar to the following will be present in F5OS: api-svc-gateway[13]: nodename=blade-2(p3) priority="Err" version=1.0 msgid=0x5803000000000011 msg="Crypto key installation failed:" ERRNOSTR="Lost connection to ConfD" LASTERR="EOF on socket to ConfD" ERRNO=45 api-svc-gateway[13]: nodename=blade-2(p3) priority="Err" version=1.0 msgid=0x5804000000000027 msg="No unit key was found in confd for tenant" TENANT="tenant1" Logs similar to the following in the tenant: err mcpd[5803]: 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure notice mcpd[5803]: 01071029:5: Symmetric Unit Key decrypt notice mcpd[5803]: 01071027:5: Master key OpenSSL error: 4007094004:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:664:
Unable to access tenants. Tenant restarts.
Issue is observed rarely when there is a recent restart (or power-cycle) of the system (specifically after a restart of the F5OS api-svc-gateway container).
Restart the API service gateway and ensure it does not log errors while retrieving the tenant unit keys. If the problem persists, restart the tenants. If the problem continues to persist after number of tenant restarts, deploy new tenant and load UCS.
None