After updating from version 4 to version 5, I encountered a problem with Metadata keys. I am unable to perform Share metadata keys from the admin account, as Metadata keys are Missing. All other accounts in the system also have Metadata keys Missing. When I create a new user, even an admin user through the console, they also have Metadata keys Missing. What should I do?
1 Like
Hello @sergei57701,
Can you tell us more about your context:
How did you install passbolt? from packages or something else?
Which version 5.x did you use when enabling encrypted metadata?
How did you upgrade? From the administration settings or something else?
Who did the enabling of encrypted metadata? You or someone else?
What do you see currently in the settings for the keys, etc..?
Your best bet at this stage would be to restore from backups to a working version and try to enable it again.
Best,
1 Like
Hello.
I updated the system according to the instructions on the official website - https://www.passbolt.com/docs/hosting/update/ubuntu/ .
Version 5.6.
Metadata keys Missing for all users.
due to an error, I am unable to generate keys for users from the admin panel. is there a way to do this from the console?
Unfortunately, a lot of data has already been added after the update, and the current system version needs to be fixed.
mod: edited to remove link
1 Like
Hello @sergei57701,
The community forum supports image upload, can you please use the forum to upload image and not any other third services?
Can you please share the output of sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck --metadata" www-data please?
Also do you remember which version did you enable metadata ? e.g., during beta or afterwards? Did it ever work?
1 Like
Unfortunately, the service didn’t allow me to upload a picture, saying it wasn’t available for new users.
I accidentally saw a metadata issue when I wanted to share a folder with another user. I use the system alone most of the time, so I didn’t need this feature, so I’m not sure if it was ever working.
healthcheck says that everything is fine with the metadata, but it seems that the key was not parsed into the database for some reason.
root@passbolt:/usr/share/php/passbolt# sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck --metadata" www-data
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
Healthcheck shell
If you want to have more information about the different checks, please take a look at the documentation: https://www.passbolt.com/docs/admin/server-maintenance/passbolt-api-status/
-------------------------------------------------------------------------------
Metadata
[PASS] The server is able to decrypt the metadata private key.
[PASS] Active metadata key found or not required.
[PASS] The server has access to the metadata keys or does not require access to it.
[PASS] The server metadata private key is valid.
[PASS] No error found. Nice one, sparky!
Can you please log in to the database and share the output of this SQL query?
SELECT COUNT(metadata_key_type) FROM resources;
Thanks in advance
1 Like
mysql> SELECT COUNT(metadata_key_type) FROM resources;
+--------------------------+
| COUNT(metadata_key_type) |
+--------------------------+
| 8 |
+--------------------------+
1 row in set (0.00 sec)
Thanks! Apologies for the back and forth there but since we need to understand how this could have happened, I have a few more SQL queries to run:
To identify the nature of its database resources:
SELECT rt.slug, count(rt.id) from resource_types rt, resources rs where rt.id = rs.resource_type_id group by rt.slug;
To identify the resources that are already using the shared key, and if they are not deleted:
SELECT LEFT(id,8), metadata_key_type, deleted, created, LEFT(created_by,8), modified, LEFT(modified_by,8) from resources where metadata_key_type="shared_key";
To check who created the original shared metadata key, maybe there is a bug:
SELECT LEFT(mk.id,8), created, LEFT(created_by,8), modified, LEFT(modified_by,8) from metadata_keys mk;
To check who has access to the shrared_metadata_key, maybe there is a bug:
SELECT LEFT(u.id,8), u.active, u.deleted, LEFT(mpk.id,8), mpk.created, LEFT(mpk.created_by,8), mpk.modified, LEFT(mpk.modified_by,8) from users u LEFT JOIN metadata_private_keys mpk ON u.id = mpk.user_id;
To check if the server has well a copy of the key in database:
SELECT LEFT(mpk.id,8), user_id, created, LEFT(created_by,8), modified, LEFT(modified_by,8) from metadata_private_keys mpk where user_id is null;
To collect the metadata settings:
SELECT value, created, LEFT(created_by,8), modified, LEFT(modified_by,8) FROM organization_settings where property IN ("metadataKeys");
To collect the metadata types settings:
SELECT value, created, LEFT(created_by,8), modified, LEFT(modified_by,8) FROM organization_settings where property IN ("metadataTypes");
Thanks in advance 
1 Like
mysql> SELECT rt.slug, count(rt.id) from resource_types rt, resources rs where rt.id = rs.resource_type_id group by rt.slug;
+--------------------------+--------------+
| slug | count(rt.id) |
+--------------------------+--------------+
| totp | 38 |
| v5-note | 1 |
| password-string | 51 |
| password-and-description | 578 |
| v5-totp-standalone | 1 |
| v5-default | 6 |
+--------------------------+--------------+
6 rows in set (0.00 sec)
mysql> SELECT LEFT(id,8), metadata_key_type, deleted, created, LEFT(created_by,8), modified, LEFT(modified_by,8) from resources where metadata_key_type="shared_key";
Empty set (0.00 sec)
mysql> SELECT LEFT(mk.id,8), created, LEFT(created_by,8), modified, LEFT(modified_by,8) from metadata_keys mk;
+---------------+---------------------+--------------------+---------------------+---------------------+
| LEFT(mk.id,8) | created | LEFT(created_by,8) | modified | LEFT(modified_by,8) |
+---------------+---------------------+--------------------+---------------------+---------------------+
| 43a9dc01 | 2025-08-19 12:08:23 | fdde394f | 2025-08-19 12:08:23 | fdde394f |
+---------------+---------------------+--------------------+---------------------+---------------------+
1 row in set (0.00 sec)
mysql> SELECT LEFT(u.id,8), u.active, u.deleted, LEFT(mpk.id,8), mpk.created, LEFT(mpk.created_by,8), mpk.modified, LEFT(mpk.modified_by,8) from users u LEFT JOIN metadata_private_keys mpk ON u.id = mpk.user_id;
+--------------+--------+---------+----------------+---------+------------------------+----------+-------------------------+
| LEFT(u.id,8) | active | deleted | LEFT(mpk.id,8) | created | LEFT(mpk.created_by,8) | modified | LEFT(mpk.modified_by,8) |
+--------------+--------+---------+----------------+---------+------------------------+----------+-------------------------+
| 007e59ad | 1 | 1 | NULL | NULL | NULL | NULL | NULL |
| 022fbe5a | 1 | 1 | NULL | NULL | NULL | NULL | NULL |
| 146a39b8 | 0 | 0 | NULL | NULL | NULL | NULL | NULL |
| 1ab3e6cb | 0 | 0 | NULL | NULL | NULL | NULL | NULL |
| 23bee93e | 1 | 1 | NULL | NULL | NULL | NULL | NULL |
| 2a037174 | 1 | 1 | NULL | NULL | NULL | NULL | NULL |
| 3649731f | 1 | 1 | NULL | NULL | NULL | NULL | NULL |
| 37216629 | 1 | 1 | NULL | NULL | NULL | NULL | NULL |
| 39f21491 | 0 | 0 | NULL | NULL | NULL | NULL | NULL |
| 485d8231 | 1 | 1 | NULL | NULL | NULL | NULL | NULL |
| 49e69533 | 0 | 0 | NULL | NULL | NULL | NULL | NULL |
| 4e96c1ce | 1 | 0 | NULL | NULL | NULL | NULL | NULL |
| 50d18ea2 | 0 | 1 | NULL | NULL | NULL | NULL | NULL |
| 674c2fc8 | 1 | 1 | NULL | NULL | NULL | NULL | NULL |
| 70212493 | 1 | 0 | NULL | NULL | NULL | NULL | NULL |
| 7908e1bc | 1 | 1 | NULL | NULL | NULL | NULL | NULL |
| 8862c0cf | 1 | 0 | NULL | NULL | NULL | NULL | NULL |
| 8ffc81ad | 1 | 0 | NULL | NULL | NULL | NULL | NULL |
| 92158b4b | 1 | 0 | NULL | NULL | NULL | NULL | NULL |
| 9a840736 | 1 | 1 | NULL | NULL | NULL | NULL | NULL |
| a3698c16 | 1 | 0 | NULL | NULL | NULL | NULL | NULL |
| c94ffa27 | 0 | 1 | NULL | NULL | NULL | NULL | NULL |
| d5df8941 | 1 | 1 | NULL | NULL | NULL | NULL | NULL |
| d9c7934c | 1 | 1 | NULL | NULL | NULL | NULL | NULL |
| dd6aa962 | 1 | 0 | NULL | NULL | NULL | NULL | NULL |
| e12250c1 | 1 | 1 | NULL | NULL | NULL | NULL | NULL |
| e3ab9a9d | 1 | 0 | NULL | NULL | NULL | NULL | NULL |
| e5d636d2 | 1 | 0 | NULL | NULL | NULL | NULL | NULL |
| f4e1e6d9 | 0 | 1 | NULL | NULL | NULL | NULL | NULL |
+--------------+--------+---------+----------------+---------+------------------------+----------+-------------------------+
29 rows in set (0.00 sec)
mysql> SELECT LEFT(mpk.id,8), user_id, created, LEFT(created_by,8), modified, LEFT(modified_by,8) from metadata_private_keys mpk where user_id is null;
+----------------+---------+---------------------+--------------------+---------------------+---------------------+
| LEFT(mpk.id,8) | user_id | created | LEFT(created_by,8) | modified | LEFT(modified_by,8) |
+----------------+---------+---------------------+--------------------+---------------------+---------------------+
| 214acdfb | NULL | 2025-08-19 12:08:23 | fdde394f | 2025-08-19 12:08:23 | fdde394f |
+----------------+---------+---------------------+--------------------+---------------------+---------------------+
1 row in set (0.00 sec)
mysql> SELECT value, created, LEFT(created_by,8), modified, LEFT(modified_by,8) FROM organization_settings where property IN ("metadataKeys");
Empty set (0.00 sec)
mysql> SELECT value, created, LEFT(created_by,8), modified, LEFT(modified_by,8) FROM organization_settings where property IN ("metadataTypes");
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+--------------------+---------------------+---------------------+
| value | created | LEFT(created_by,8) | modified | LEFT(modified_by,8) |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+--------------------+---------------------+---------------------+
| {"default_resource_types":"v5","default_folder_type":"v4","default_tag_type":"v4","default_comment_type":"v4","allow_creation_of_v5_resources":true,"allow_creation_of_v5_folders":false,"allow_creation_of_v5_tags":false,"allow_creation_of_v5_comments":false,"allow_creation_of_v4_resources":true,"allow_creation_of_v4_folders":true,"allow_creation_of_v4_tags":true,"allow_creation_of_v4_comments":true,"allow_v5_v4_downgrade":false,"allow_v4_v5_upgrade":false} | 2025-10-08 10:08:06 | e3ab9a9d | 2025-10-08 11:38:46 | e3ab9a9d |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+--------------------+---------------------+---------------------+
1 row in set (0.00 sec)
1 Like
Apologies for the delay @sergei57701, based on the outputs, it seems that no resources are using the shared metadata key.
What I’d propose is to first, make sure to have a snapshot of your virtual machine before going any further 
. After that, we will basically reset the whole metadata settings, in the database, you can run:
TRUNCATE metadata_keys;
TRUNCATE metadata_private_keys;
TRUNCATE metadata_session_keys;
DELETE FROM organization_settings WHERE property = 'metadataTypes';
After that, you should be able to reconfigure the E2EE metadata plugin in Organisation Settings > Metadata Key, please let me know if that worked 
2 Likes
executed requests. after execution, in the user list, for all users, the value of Metadata keys changed to All.
and the organization settings in Metadata Key still error: You are missing shared metadata keys. Ask another administrator to share them with you to update the metadata keys settings. in the user list, the button for generating Metadata Key disappeared altogether.
mysql> TRUNCATE metadata_keys;
Query OK, 0 rows affected (0.06 sec)
mysql> TRUNCATE metadata_private_keys;
Query OK, 0 rows affected (0.17 sec)
mysql> TRUNCATE metadata_session_keys;
Query OK, 0 rows affected (0.05 sec)
mysql> DELETE FROM organization_settings WHERE property = 'metadataTypes';
Query OK, 1 row affected (0.00 sec)
have you got any ideas?
Hello,
Can you please run the SQL query below also?
DELETE FROM organization_settings WHERE property = 'metadataKeys';
After that, in order to be sure that all local memories are flushed, can you try to logout and login again?
1 Like
after logging out and logging back in, the metadata keys worked, thank you!
2 Likes
happy to hear that thanks for keeping us posted!
Best regards,
1 Like