Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PubSub] Use environment variables instead of file for private key? #761

Closed
ShivanKaul opened this issue Jul 30, 2015 · 14 comments
Closed

[PubSub] Use environment variables instead of file for private key? #761

ShivanKaul opened this issue Jul 30, 2015 · 14 comments
Assignees
@stephenplusplus
Labels
core type: question Request for information or clarification. Not an issue.

Comments

@ShivanKaul
Copy link

The sample code on the README asks me to specify a path to a file:

pubsub = gcloud.pubsub({
    projectId: 'my-project',
    keyFilename: '/path/to/keyfile.json'
});

I wanted to use Heroku to run my server, and a GitHub public repo for source control, and the canonical way to handle secrets with Heroku is through setting config vars. It's extremely annoying to check a file into Heroku but not GitHub.

Shouldn't there be some way of specifying secrets individually, i.e. something like:

pubsub = gcloud.pubsub({
    projectId: 'my-project',
    private_key_id: process.env.PRIVATE_KEY_ID,
    private_key: process.env.PRIVATE_KEY,
    client_email: process.env.CLIENT_EMAIL,
    ...
});
@stephenplusplus
Copy link
Contributor

You can provide a credentials object with the contents of your key file. So you can set env vars for each property in your key file, then pass them like you did in your snippet above, except embedded in a credentials object.

More on the ways we support auth: https://googlecloudplatform.github.io/gcloud-node/#/authorization

Let me know if this works!

@ShivanKaul
Copy link
Author

I see, so I can do something like:

pubsub = gcloud.pubsub({
    projectId: 'my-project',
    credentials: {
        private_key: process.env.PRIVATE_KEY,
        client_email: process.env.CLIENT_EMAIL
    }
});

Thanks!

@stephenplusplus
Copy link
Contributor

Yep! Sorry for the lack of a code example earlier, that's exactly right :)

@stephenplusplus stephenplusplus added type: question Request for information or clarification. Not an issue. core labels Jul 30, 2015
@ShivanKaul
Copy link
Author

I'm getting a

Error: error:0906D06C:PEM routines:PEM_read_bio:no start line

when I try to use the code snippet I commented with earlier. I tried setting the environment variable PRIVATE_KEY with and without the "BEGIN PRIVATE KEY..." markers. I don't get this error if I use config.keyFilename=/path/.../...json. What am I doing wrong? It should work based on the documentation at https://googlecloudplatform.github.io/gcloud-node/#/authorization.

(Sorry, my previous comment got deleted accidentally).

@ShivanKaul
Copy link
Author

Should I raise another issue for this? I'd like if someone could attempt to replicate the bug first, to see if it's not just something I'm messing up/is unclear in the documentation.

@stephenplusplus
Copy link
Contributor

I just tried and failed to replicate when using the exact values from my keyfile.json. I did get the error when I changed a single character from the opening and closing markers. So, be sure it's exactly the format that is in the JSON:

-----BEGIN PRIVATE KEY-----\n and \n-----END PRIVATE KEY-----\n

@ShivanKaul
Copy link
Author

Hmm I'm trying the following:

var pubsub = gcloud.pubsub({
    projectId: 'projectId',
    credentials: {
        private_key: process.env.PRIVATE_KEY,
        client_email: process.env.CLIENT_EMAIL
    }
});

I tried generating a new keyfile.json file as well, and using the new private key; still didn't work. Note that I get the error when creating a topic:

pubsub.createTopic('topicname', function (err, topic, apiResponse) {
    if (err) {
        // this is where I get the error
    }
}

Also, the keyfile is for a service account; don't know if that is relevant.

@eduardo-tenorio-guiabolso
Copy link

I see, so I can do something like:

pubsub = gcloud.pubsub({
projectId: 'my-project',
credentials: {
private_key: process.env.PRIVATE_KEY,
client_email: process.env.CLIENT_EMAIL
}
});
Thanks!

I am doing the same thing and running on an AWS instance. However, the error I get is Error: Could not load the default credentials. Browse to https://developers.google.com/accounts/docs/application-default-credentials for more information.

What am I doing wrong?

PS: I am trying to get an existent topic.

@stephenplusplus
Copy link
Contributor

@ShivanKaul sorry that I forgot to respond to your last comment. I hope you found a solution. If not, please re-open so we can figure it out.

@eduardo-tenorio-guiabolso I wonder if that's a new bug. Could you open a new issue? I'll take a look at it tomorrow.

@eduardo-tenorio-guiabolso
Copy link

OK.

@eduardo-tenorio-guiabolso
Copy link

@stephenplusplus here it is: #1173

@joetortorelli
Copy link

Thank you!!! Have been looking for this solution for so long!

@ExtraGG
Copy link

ExtraGG commented Jul 27, 2018

Thanks a lot!

@eysi09 eysi09 mentioned this issue Apr 16, 2020
Closed
@LeoDupont
Copy link

You can provide a credentials object with the contents of your key file. So you can set env vars for each property in your key file, then pass them like you did in your snippet above, except embedded in a credentials object.

More on the ways we support auth: https://googlecloudplatform.github.io/gcloud-node/#/authorization

Let me know if this works!

For anyone looking at this issue in the future, here is an updated link to the documentation:
https://googleapis.dev/nodejs/pubsub/latest/global.html#ClientConfig

sofisl pushed a commit that referenced this issue Nov 9, 2022
@alexander-fenster
fix(deps): use google-gax v3.5.2 (#761)
91d9355
This was referenced Nov 9, 2022
Closed
Merged
@release-please release-please bot mentioned this issue Nov 10, 2022
Merged
@sofisl sofisl mentioned this issue Jan 17, 2023
Merged
4 tasks
sofisl pushed a commit that referenced this issue Jan 17, 2023
@JustinBeckwith
chore: remove unused dev packages (#761)
9c9e6d8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stephenplusplus stephenplusplus

Labels
core type: question Request for information or clarification. Not an issue.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@stephenplusplus @ShivanKaul @joetortorelli @eduardo-tenorio-guiabolso @ExtraGG @LeoDupont