What's the correct format of private_key when using it as an environment variable?
I am trying to use private_key for some GCP service nodejs client libraries, e.g. @google-cloud/pubsub, @google-cloud/trace-agent
I got private_key from service account credential json file like this:
I am trying to use it as an environment variable for cloud function.
.env.yaml:
And use it like this:
// ...
credentials: {
private_key: envs.private_key,
client_email: envs.client_email
},
projectId: envs.X_GOOGLE_GCLOUD_PROJECT
But got an error:
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
I check stackdriver logs, here is the private_key environment variable I got:
My guess is the format of private_key is not correct. It's probably caused by the newline symbol \n. So, what's the correct format when using private_key like this?
Setting the key in the .env.yaml file is not a good idea. Indeed, you will be able to commit it to git, maybe in a public repo, and you will set it in plain text as environment variable of your function.
It will be better if you set the file in a bucket, and load it in the runtime. BTW you will keep no secret in the project files.
Another solution is to encrypt with kms the key and decrypt it at runtime. This time you still have the secret in your project files, but encrypted.
But, what do you need another service account? This one on the function is not enough?
- How to set a custom uid inside firebase authentication
- Where is the "user created" event on Firebase Functions V2?
- Why does Google Cloud Storage freeze when I try to upload a large folder (2.5GB of images)?
- How to get a GCP identity-token programmatically with python
- How to route dead letter messages back to the original topic?
- Unable to delete collection from the firestore console
- Is there an API to list all google compute regions
- Error "address already in use" when trying to connect to google cloud SQL using cloud-sql-connector
- In Google Cloud console, safe to grant Firebase Admin SDK role to default compute service account?
- Docker connection issues on Compute Engine
- Generate CSR using the private key store on Google HSM
- download file from google cloud compute instance
- Does Cloud Run supports HTTP streaming?
- Create a dashboard graph with data points in logs
- Getting "Configuration is not authorized" error while deploying GCP Vertex AI Agent on App Engine
- Firebase: maintain user lookup table in GCP
- How to properly assign publisher and subscriber roles to a dead-letter topic using terraform
- Stuck on complying with domain verification requirements
- BigQuery Arrays - check if Array contains specific values
- Which GPU should I use on Google Cloud Platform (GCP)
- Unable to upload file to gdrive using gdrive api with service account
- Persistent Disk SSD (GB) quota related to ZONE_RESOURCE_POOL_EXHAUSTED?
- The location for this project is already set to another value In firebase Storage console
- Error 400: invalid_request for iOS google Sign in
- Handling a Cloud Run container shutdown
- Stripe Error: No signatures found matching the expected signature for payload
- What are the implications of using the select() query on a large Firestore doc versus splitting the data between multiple docs?
- VueJS + Firebase How do I display an image?
- BigQuery Policy Tags: possible as infra as code?
- Sending test events using curl to gcp subscription got 502 error