menu

ZEIT

Our mission is to make cloud computing as easy and accessible as mobile computing. You can find our Next.js community here.

Channels
Team

Storing authentication credentials file

April 4, 2019 at 12:33pm
The ZEIT community has a new home. This thread is preserved for historical purposes. The content of this conversation may be innaccurrate or out of date. Go to new community home →

Storing authentication credentials file

April 4, 2019 at 12:33pm
My node.js app uses Google Cloud Platform. Locally, in dev mode, I have the environment variable GOOGLE_APPLICATION_CREDENTIALS set to point to a credentials file on my local machine /home/user/...
Setting the environment variable as a secret on Now seems easy enough. The question though is what file should I make the variable point to? Or how can I safely upload my credentials file to Now?
As Google states in their doc, https://cloud.google.com/docs/authentication/getting-started, GOOGLE_APPLICATION_CREDENTIALS doesn't contain the actual key but the path to the file that contains the key.
I am not sure about how to handle this.

April 4, 2019 at 12:45pm
Is it safe enough to just upload the credentials .json file along with all my other files to deploy?
  • reply
  • like
Ok, I think I've found a related issue: https://github.com/zeit/now-cli/issues/749
  • reply
  • like
It is, but if you want you could encrypt the file, put the key to decrypt as a secret and then generate the file at the build phase. What do you think? i can elaborate my question after...
  • reply
  • like
I like the idea of encrypting the file and storing the key as a secret. It sounds even cleaner than storing the entire base64 encoded key as the secret. I'm planning to look further at it tomorrow. I think I'll go with your suggestion. Thanks.
like-fill
1
  • reply
  • like

April 5, 2019 at 5:39am
actually, I could use some more details :p. I am not sure how I should encrypt the file before deploy? Is there some kind of "pre" script than can be executed before deploy?
  • reply
  • like

April 19, 2019 at 2:51pm
Hello, did you tried to upload your google credentials json and successfully linked it using the environment variable in the now.json file ? On my side I tried "env": {"GOOGLE_APPLICATION_CREDENTIALS": "xxxxxx.json"} and "env": {"GOOGLE_APPLICATION_CREDENTIALS": "./xxxxx.json"} But every time I get the same error on server side UnhandledPromiseRejectionWarning: Error: The file at tracktrace-e43fe-5cefba8d2fee.json does not exist, or it is not a file. Error: ENOENT: no such file or directory, lstat '/var/task/user/xxxxxxx.json any idea of the path that should be passed ?
  • reply
  • like
actually, I could use some more details :p. I am not sure how I should encrypt the file before deploy? Is there some kind of "pre" script than can be executed before deploy?
You would need to keep that locally or in your git repository and then decrypt...
  • reply
  • like
Hello, did you tried to upload your google credentials json and successfully linked it using the environment variable in the now.json file ? On my side I tried "env": {"GOOGLE_APPLICATION_CREDENTIALS": "xxxxxx.json"} and "env": {"GOOGLE_APPLICATION_CREDENTIALS": "./xxxxx.json"} But every time I get the same error on server side UnhandledPromiseRejectionWarning: Error: The file at tracktrace-e43fe-5cefba8d2fee.json does not exist, or it is not a file. Error: ENOENT: no such file or directory, lstat '/var/task/user/xxxxxxx.json any idea of the path that should be passed ?
  • reply
  • like
private
This channel has been archived