How to Fix “The configuration file now needs a secret passphrase” Error in phpMyAdmin on AWS AMI


2 views

When setting up phpMyAdmin on an AWS AMI instance, you might encounter the error message: "The configuration file now needs a secret passphrase". This typically occurs after a fresh installation or upgrade of phpMyAdmin, where the configuration file (config.inc.php) lacks the required $cfg['blowfish_secret'] parameter.

phpMyAdmin uses the blowfish algorithm for cookie-based authentication, which requires a secret passphrase. If this isn't set, the application throws this error to prevent security vulnerabilities. The issue is particularly common on AWS AMI instances where the default configuration might be incomplete.

Here's how to properly configure the secret passphrase:


// Open the configuration file
sudo nano /etc/phpMyAdmin/config.inc.php

// Add or modify the blowfish_secret line
$cfg['blowfish_secret'] = 'your_32_character_long_random_string'; // Must be exactly 32 chars

// Example:
$cfg['blowfish_secret'] = '1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q';

On AWS AMI, you should also verify file permissions:


sudo chown -R apache:apache /usr/share/phpMyAdmin/
sudo chmod -R 755 /usr/share/phpMyAdmin/tmp

If the error persists after making these changes:

  1. Clear your browser cache and cookies
  2. Restart Apache: sudo systemctl restart httpd
  3. Check error logs: sudo tail -f /var/log/httpd/error_log

For automated deployments, you can set this during installation:


sudo yum install phpmyadmin -y
sudo sed -i "s/\$cfg$$'blowfish_secret'$$ = '';/\$cfg$$'blowfish_secret'$$ = 'your_random_string';/" /etc/phpMyAdmin/config.inc.php

html

The error message indicates a security enhancement in phpMyAdmin where your config.inc.php file requires a blowfish_secret passphrase for cookie-based authentication. This is particularly important when running phpMyAdmin on cloud instances like AWS AMI.

First, locate your configuration file (typically at /etc/phpMyAdmin/config.inc.php or /usr/share/phpMyAdmin/config.inc.php). Add or modify the following section:


$cfg['blowfish_secret'] = 'your_32_character_random_string_here'; 
/* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

Generate a proper 32-character string using either:


# Using OpenSSL:
openssl rand -base64 32

# Or using PHP CLI:
php -r "echo bin2hex(random_bytes(16));"

AWS AMI instances often have strict permission requirements. Verify:


ls -l /etc/phpMyAdmin/config.inc.php
# Should show ownership by apache/www-data
chown apache:apache /etc/phpMyAdmin/config.inc.php
chmod 644 /etc/phpMyAdmin/config.inc.php

Case 1: Multiple configuration files exist. AMI sometimes maintains both package-managed and custom configs. Check all possible locations:


sudo find / -name config.inc.php 2>/dev/null

Case 2: SELinux contexts on AMI. Run:


restorecon -Rv /etc/phpMyAdmin/

After making changes, restart your web server:


# For Apache:
sudo systemctl restart httpd

# For Nginx + PHP-FPM:
sudo systemctl restart nginx php-fpm

Check phpMyAdmin's error logs for confirmation:


tail -n 20 /var/log/phpMyAdmin/error.log