Geek Answers Handbook

Reading a secret configuration file on Heroku without using env vars

I am using the Google Cloud Pub Sub API using NodeJS, here . I use Heroku to start my server.

The sample code on the Node JS + Pub Sub page asks me to specify the path to the file:

pubsub = gcloud.pubsub({ projectId: 'my-project', keyFilename: '/path/to/keyfile.json' });

I usually use Heroku configuration files to store API secrets and keys, but in this case it seems that the GCloud API requires me to specify the path to the file. So, I will need to check the file in Heroku, but not my GitHub repository.

I tried the following: Pressing .gitignore files to a specific remote and How do I upload the application to github but delete the confidential authorization information? but the problem is that after I forcibly add the ( git add -f keyfile.json ) json file and commit from it and create a new branch, I cannot push this commit to Heroku, because when I do git push heroku master , he says Everything is up to date . In any case, it seems very dirty. There should be a cleaner way to get Google Cloud to work with Heroku.

What should I do?

+4
source share
2 answers

Great people answered on GoogleCloudPlatform: https://github.com/GoogleCloudPlatform/gcloud-node/issues/761

It is not mentioned in the sample code in the documentation, but you can simply add the credential object and pass it to your configuration. The credential object can read env vars.

More info here: https://googlecloudplatform.imtqy.com/gcloud-node/#/authorization

+3
source

Not for nodejs, but for GO (GOLANG), save each field value as a separate key in environment variables, and then you will need to do something like this, create a structure, convert to json ( replacing each \\n with \n in private_key ), enter the parameter. WithCredentialsJSON :

 type credentialsData struct { Type string 'json:"type"' ProjectId string 'json:"project_id"' PrivateKeyId string 'json:"private_key_id"' PrivateKey string 'json:"private_key"' ClientEmail string 'json:"client_email"' ClientId string 'json:"client_id"' AuthUri string 'json:"auth_uri"' TokenUri string 'json:"token_uri"' AuthProviderX509CertUrl string 'json:"auth_provider_x509_cert_url"' ClientX509CertUrl string 'json:"client_x509_cert_url"' } func firebase_init() *firebase.App { backSlashFix := strings.Replace(os.Getenv("FIREBASE_PRIVATE_KEY"), "\\n", "\n", -1) json_cred := &credentialsData{ Type: os.Getenv("FIREBASE_ACCOUNT_TYPE"), ProjectId: os.Getenv("FIREBASE_PROJECT_ID"), PrivateKeyId: os.Getenv("FIREBASE_PRIVATE_KEY_ID"), PrivateKey: backSlashFix, ClientEmail: os.Getenv("FIREBASE_CLIENT_EMAIL"), ClientId: os.Getenv("FIREBASE_CLIENT_ID"), AuthUri: os.Getenv("FIREBASE_AUTH_URI"), TokenUri: os.Getenv("FIREBASE_TOKEN_URI"), AuthProviderX509CertUrl: os.Getenv("FIREBASE_AUTH_PROVIDER_X509_CERT_URL"), ClientX509CertUrl: os.Getenv("FIREBASE_CLIENT_X509_CERT_URL"), } bytes, e := json.Marshal(json_cred) if e != nil { panic(fmt.Errorf("Could not create json from credentials struct", e)) } opt := option.WithCredentialsJSON([]byte(string(bytes))) app, err := firebase.NewApp(context.Background(), &firebase.Config{ProjectID: "<your project id>"}, opt) if err != nil { panic(fmt.Errorf("error initializing app: %v", err)) } return app }
0
source

More articles:


All Articles