Privnet: could not read full nonce (0) Error

I have a cluster with 4 nodes running with CRDT consensus.
I have set libp2p-multilisten-address, ID, and private key in service.json file to create a separate libp2p host listening on port 9696.

while trying to query api using libp2p host i am getting error as below :

2020/10/28 19:41:37 Get “libp2p://QmSmiLDiPpVVaduZiWnADC6LBSEEgG2RR5ZjnLCCKoDARa/id”: failed to dial QmSmiLDiPpVVaduZiWnADC6LBSEEgG2RR5ZjnLCCKoDARa: all dials failed
[/ip4/127.0.0.1/tcp/9696] failed to negotiate security protocol: privnet: could not read full nonce (0)

NOTE : same command when running via ipfs-cluster-ctl from inside the peer node works

ipfs-cluster-ctl –host /ip4/127.0.0.1/tcp/9696/p2p/QmSmiLDiPpVVaduZiWnADC6LBSEEgG2RR5ZjnLCCKoDARa id
12D3KooWDyGpTNrZjZmK1BytZKtD725zpe7utPTwU9NAJPSP4oG2 | cluster0 | Sees 3 other peers

Addresses:
- /ip4/127.0.0.1/tcp/9096/p2p/12D3KooWDyGpTNrZjZmK1BytZKtD725zpe7utPTwU9NAJPSP4oG2
- /ip4/192.168.48.7/tcp/9096/p2p/12D3KooWDyGpTNrZjZmK1BytZKtD725zpe7utPTwU9NAJPSP4oG2
IPFS: Qme1876UCFSc1QfNc2Jdm45HVDnN2TGsD5AYfg2yU6uPNw
- /ip4/127.0.0.1/tcp/4001/p2p/Qme1876UCFSc1QfNc2Jdm45HVDnN2TGsD5AYfg2yU6uPNw
- /ip4/192.168.48.3/tcp/4001/p2p/Qme1876UCFSc1QfNc2Jdm45HVDnN2TGsD5AYfg2yU6uPNw

while creating cluster client i am passing secret key too but its not working.

Hi,

NOTE : same command when running via ipfs-cluster-ctl from inside the peer node works

What do you mean inside the peer?

while creating cluster client i am passing secret key too but its not working.

If you configured a separate libp2p host for the API (in the restapi section), as I think you did, then there is no private-network secret for this endpoint (and you should not set it when using the client by hand). The purpose of this is to provide a “secure channel” to the API only. You can always add basic authentication on top if you need that.

To sum it up:

• If you do not add a separate key/peer ID to the restapi section, by default you get a libp2p API endpoint listening on the regular /ip4/127.0.0.1/tcp/9096 address, which uses the cluster libp2p peer, which is configured with privnet and needs the “cluster secret”.
• If you add a separate key/peer ID, you get a separate libp2p peer without privnet or “secret”.

Wow ! Thanks for such a nice clarification. I removed the secret key and it worked. Thanks a lot.