Problem Description
Aerospike is configured with storage encryption and the encryption key is stored in Amazon Secrets Manager, accessed through Aerospike Secret Agent. Aerospike server fails to start with messages similar to the following:
Jul 17 2025 20:28:04 GMT: WARNING (secrets): (secrets_ee.c:431) error receiving: Connection timed out
Jul 17 2025 20:28:04 GMT: CRITICAL (storage): (drv_common_ee.c:317) {shared} can't get encryption key from secrets:EncryptionKey:StagingKey
Jul 17 2025 20:28:04 GMT: WARNING (as): (signal.c:114) SIGINT received, aborting Aerospike Federal Edition build 6.4.0.27 os amzn2023 arch x86_64 sha a7a45e6 ee-sha 7a91dba
Jul 17 2025 20:28:04 GMT: WARNING (as): (signal.c:251) startup was not complete, exiting immediately
Explanation
This can happen when Secret Agent is up and running, but not able to reach the Amazon Secrets Manager. The Secret Agent will have messages similar to
[ERROR] 2025/07/16 22:17:55 aws.go:75: Failed to retrieve resource arn:aws-us:secretsmanager:us-west-1:747668401544:secret:aerospike/encryption-key-staging-XCaRrm: RequestError: send request failed
caused by: Post "https://secretsmanager.us-west-1.amazonaws.com/": dial tcp 10.100.10.10:443: i/o timeout
[WARN] 2025/07/16 22:17:55 conn_handler.go:84: Failed to get secret: RequestError: send request failed
caused by: Post "https://secretsmanager.us-west-1.amazonaws.com/": dial tcp 10.100.10.10:443: i/o timeout
(The messages may appear on multiple lines as shown here.)
Solution
Make sure the Amazon Secret Manager is reachable from the host where Secret Agent is running. This may require modifying the AWS network settings; details will be on a case-by-case basis.