Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PubSub] Use environment variables instead of file for private key? #761

Closed
ShivanKaul opened this issue Jul 30, 2015 · 14 comments
Closed
Assignees
Labels
core type: question Request for information or clarification. Not an issue.

Comments

@ShivanKaul
Copy link

The sample code on the README asks me to specify a path to a file:

pubsub = gcloud.pubsub({
    projectId: 'my-project',
    keyFilename: '/path/to/keyfile.json'
});

I wanted to use Heroku to run my server, and a GitHub public repo for source control, and the canonical way to handle secrets with Heroku is through setting config vars. It's extremely annoying to check a file into Heroku but not GitHub.

Shouldn't there be some way of specifying secrets individually, i.e. something like:

pubsub = gcloud.pubsub({
    projectId: 'my-project',
    private_key_id: process.env.PRIVATE_KEY_ID,
    private_key: process.env.PRIVATE_KEY,
    client_email: process.env.CLIENT_EMAIL,
    ...
});
@stephenplusplus
Copy link
Contributor

You can provide a credentials object with the contents of your key file. So you can set env vars for each property in your key file, then pass them like you did in your snippet above, except embedded in a credentials object.

More on the ways we support auth: https://googlecloudplatform.github.io/gcloud-node/#/authorization

Let me know if this works!

@ShivanKaul
Copy link
Author

I see, so I can do something like:

pubsub = gcloud.pubsub({
    projectId: 'my-project',
    credentials: {
        private_key: process.env.PRIVATE_KEY,
        client_email: process.env.CLIENT_EMAIL
    }
});

Thanks!

@stephenplusplus
Copy link
Contributor

Yep! Sorry for the lack of a code example earlier, that's exactly right :)

@stephenplusplus stephenplusplus added type: question Request for information or clarification. Not an issue. core labels Jul 30, 2015
@ShivanKaul
Copy link
Author

I'm getting a

Error: error:0906D06C:PEM routines:PEM_read_bio:no start line

when I try to use the code snippet I commented with earlier. I tried setting the environment variable PRIVATE_KEY with and without the "BEGIN PRIVATE KEY..." markers. I don't get this error if I use config.keyFilename=/path/.../...json. What am I doing wrong? It should work based on the documentation at https://googlecloudplatform.github.io/gcloud-node/#/authorization.

(Sorry, my previous comment got deleted accidentally).

@ShivanKaul
Copy link
Author

Should I raise another issue for this? I'd like if someone could attempt to replicate the bug first, to see if it's not just something I'm messing up/is unclear in the documentation.

@stephenplusplus
Copy link
Contributor

I just tried and failed to replicate when using the exact values from my keyfile.json. I did get the error when I changed a single character from the opening and closing markers. So, be sure it's exactly the format that is in the JSON:

-----BEGIN PRIVATE KEY-----\n and \n-----END PRIVATE KEY-----\n

@ShivanKaul
Copy link
Author

Hmm I'm trying the following:

var pubsub = gcloud.pubsub({
    projectId: 'projectId',
    credentials: {
        private_key: process.env.PRIVATE_KEY,
        client_email: process.env.CLIENT_EMAIL
    }
});

I tried generating a new keyfile.json file as well, and using the new private key; still didn't work. Note that I get the error when creating a topic:

pubsub.createTopic('topicname', function (err, topic, apiResponse) {
    if (err) {
        // this is where I get the error
    }
}

Also, the keyfile is for a service account; don't know if that is relevant.

@eduardo-tenorio-guiabolso

I see, so I can do something like:

pubsub = gcloud.pubsub({
projectId: 'my-project',
credentials: {
private_key: process.env.PRIVATE_KEY,
client_email: process.env.CLIENT_EMAIL
}
});
Thanks!

I am doing the same thing and running on an AWS instance. However, the error I get is Error: Could not load the default credentials. Browse to https://developers.google.com/accounts/docs/application-default-credentials for more information.

What am I doing wrong?

PS: I am trying to get an existent topic.

@stephenplusplus
Copy link
Contributor

@ShivanKaul sorry that I forgot to respond to your last comment. I hope you found a solution. If not, please re-open so we can figure it out.

@eduardo-tenorio-guiabolso I wonder if that's a new bug. Could you open a new issue? I'll take a look at it tomorrow.

@eduardo-tenorio-guiabolso

OK.

@eduardo-tenorio-guiabolso

@stephenplusplus here it is: #1173

@joetortorelli
Copy link

Thank you!!! Have been looking for this solution for so long!

@ExtraGG
Copy link

ExtraGG commented Jul 27, 2018

Thanks a lot!

@LeoDupont
Copy link

You can provide a credentials object with the contents of your key file. So you can set env vars for each property in your key file, then pass them like you did in your snippet above, except embedded in a credentials object.

More on the ways we support auth: https://googlecloudplatform.github.io/gcloud-node/#/authorization

Let me know if this works!

For anyone looking at this issue in the future, here is an updated link to the documentation:
https://googleapis.dev/nodejs/pubsub/latest/global.html#ClientConfig

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
core type: question Request for information or clarification. Not an issue.
Projects
None yet
Development

No branches or pull requests

6 participants