Using private key in a .env file

Question

I have a multiline private key in a gatsby .env file:

GATSBY_GOOGLE_CLIENT_ID="12345"
GATSBY_GOOGLE_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\nflkdflkdf...\n-----END PRIVATE KEY-----"

In my gatsby-config file I have:

module.exports = {
    resolve: 'gatsby-source-google-sheets',
    options: {
        credentials: {
            "type": "service_account",
            "private_key": process.env.GATSBY_GOOGLE_PRIVATE_KEY,
            "client_id": process.env.GATSBY_GOOGLE_CLIENT_ID
        }
    }
}

The client_id works fine because it's just a one line string but the private_key doesn't work, presumably because it's multi line.

Is there a way I can get around this?

Thanks

Looks like there was an extra ```{``` and missing ```,``` in the code above. I've corrected these, but I'm not sure if the same mistake is in your original version? — John Sibly, Apr 02 '19 at 08:27

John Sibly · Accepted Answer · 2019-04-01T21:41:29.027

59

You could use string.replace with a regular expression as below to escape the \n characters again:

"private_key": process.env.GATSBY_GOOGLE_PRIVATE_KEY.replace(/\\n/g, '\n'),

edited Apr 01 '19 at 21:41

answered Apr 01 '19 at 16:33

John Sibly

22,782
7
63
80

I get: `Cannot read property 'replace' of undefined: const private_key = process.env.GATSBY_GOOGLE_PRIVATE_KEY.replace(/\\n/g, '\n'); module.exports = {...}` Something to do with the const being declared outside module.exports maybe? – mckeever02 Apr 01 '19 at 16:52
Sounds like it was out of scope where you added the line - I've updated to match your question more closely. – John Sibly Apr 01 '19 at 21:44
Same error unfortunately. Don't seem to be able to use .replace on process.env – mckeever02 Apr 01 '19 at 21:53
Weird - it worked for me. Can you check using a debugger that GATSBY_GOOGLE_PRIVATE_KEY definitely has a string assigned to it? – John Sibly Apr 02 '19 at 08:28
I don't know how, but this solution works. Would love if someone could explain this in layman terms as well :) – Fahad Javed Sep 08 '22 at 11:12
The replace function is searching for all occurrences of the literal string \n (which to avoid being escaped is defined as "\\n") and replacing with the newline character: \n, Unicode : U+000A, ASCII : 10, hex : 0x0a. To ensure that all occurrences are replaced, the /......../g regex expression is used. This question gives a clear explanation https://stackoverflow.com/questions/39031219/what-does-replace-n-g-something-mean. – John Sibly Sep 28 '22 at 13:00

score 36 · Answer 2 · edited Nov 27 '21 at 20:43

36

Solution which worked for me -- Encoding the Private Key in base 64

Step1 - Convert Key to Base 64

// Run this code in a JS file on your Dev Machine.
const privateKey= `-----BEGIN PRIVATE KEY-----\nMIIEvSomeMoreCharacterHererplw==\n-----END PRIVATE KEY-----\n`
const buff = Buffer.from(privateKey).toString('base64');
console.log(buff);

Note: You don't need to commit/include the above code in your project. This is just to generate the base64 string of the key.

Step 2 - Copy the console log data to `.env` file

PRIVATE_KEY = 'akgjhakdgjhasgf'

Step 3 - Using the Key in the code

const key = Buffer.from(process.env.PRIVATE_KEY , 'base64').toString('ascii');
// Use key anywhere in your code.

edited Nov 27 '21 at 20:43

Reece Daniels

1,147
12
16

answered Aug 10 '21 at 16:42

Adarsh Madrecha

6,364
11
69
117

1

why ascii and not utf8 when decoding? – Capaj Jun 10 '22 at 12:20
1

Need to make sure there isn't \n in the end of the key (as in the example) to get it working – Pomo-J Jan 14 '23 at 09:57
2

For anybody reading in the future, this answer is better than the accepted answer – Allen May 05 '23 at 13:28

Marcelo Fonseca · Answer 3 · 2021-06-18T12:04:24.840

17

I'm adding a manual approach that worked for me. Step 1:

echo "PRIVATE_KEY=\"`sed -E 's/$/\\\n/g' my_rsa_2048_priv.pem`\"" >> .env

Your key in the .env file will look something like this:

PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\n
dasdasdadasdasdasdasdasdasdasdadasdasdadasa\n
huehuauhhuauhahuauhauahuauhehuehuauheuhahue\n
-----END RSA PRIVATE KEY-----\n"

Step 2. Printing the value process.env.PRIVATE_KEY in your code will only show the first line: -----BEGIN RSA PRIVATE KEY-----\n. To fix this, edit the variable in .env to a single line. Like this:

PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\ndasdasdadasdasdasdasdasdasdasdadasdasdadasa\nhuehuauhhuauhahuauhauahuauhehuehuauheuhahue\n-----END RSA PRIVATE KEY-----\n"

Now process.env.PRIVATE_KEY will be outputted correctly.

edited Jun 18 '21 at 12:04

answered May 23 '20 at 20:39

Marcelo Fonseca

1,705
2
19
38

I'm able to read the private key and export it to the env file. But I don't understand what step 2 is about. Can you explain? – yoges nsamy Feb 04 '21 at 03:20
1

@yogescicak edit the value to stay in one line. – Marcelo Fonseca Feb 04 '21 at 17:56

score 6 · Answer 4 · answered Nov 30 '22 at 07:47

6

Copy your content from your pem file to the browser's console (add ``):

`-----BEGIN RSA PRIVATE KEY-----
loremipsum...
-----END RSA PRIVATE KEY-----`

Copy the log from the browser (notice \ns were added)
Add it to your env file (notice the ""):

PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\nloremipsum...\n-----END RSA PRIVATE KEY-----"

answered Nov 30 '22 at 07:47

Edan Chetrit

4,713
2
20
20

look no further, googling developer! this is the right answer :) – Fi Li Ppo Aug 21 '23 at 13:36

score 5 · Answer 5 · answered Apr 01 '21 at 07:22

I have similar issues where i have to read .pem file content. The following approach worked for me.

Convert the .pem content into base64 format
Put converted base64 content (this will be single line string) in .env file
Now decode env variable into original content

mckeever02 · Answer 6 · 2019-04-03T10:41:31.947

4

Turns out the path to my .env was incorrect. For some reason the other keys were working but the private key was not.

The correct setup:

require("dotenv").config({
    path: `./.env.${process.env.NODE_ENV}`,
});
const private_key = process.env.GATSBY_GOOGLE_PRIVATE_KEY.replace(/\\n/g, '\n');

module.exports = {
    resolve: 'gatsby-source-google-sheets',
    options: {
        credentials: {
            "private_key": private_key,
        }
    }
}

edited Apr 03 '19 at 10:41

answered Apr 02 '19 at 10:22

mckeever02

641
2
7
14

So did the Private key work as formatted above once you'd changed the path? – JamWill Oct 31 '22 at 09:06

score 1 · Answer 7 · answered Apr 02 '19 at 03:16

1

You'd have to load the env variables into gatsby. The simplest way is to use dotenv:

Setup:

yarn add -D dotenv # or npm install -D dotenv

Then in your gatsby-config.js:

require('dotenv').config();

module.exports = {
  plugins: [ ... ]
}

If your file name is different than .env or you store it in different location, you can pass in a path option:

require('dotenv').config({
  path: 'path/to/env/file'
});

answered Apr 02 '19 at 03:16

Derek Nguyen

11,294
1
40
64

1

Thank you! I actually already had that in but the path was wrong. I'm not sure why the others were working and that wasn't but fixing the path has sorted the issue. – mckeever02 Apr 02 '19 at 10:19

score 0 · Answer 8 · answered Apr 01 '19 at 16:40

0

Put in in a pem file and then right it to your .env with replacements

echo "export test_key=\"`sed -E 's/$/\\\n/g' ./gitbu.2018-03-23.private-key.pem`\"" >> .env

answered Apr 01 '19 at 16:40

Cody Swann

637
6
9

score 0 · Answer 9 · answered Nov 16 '22 at 06:36

0

I just remove ";" from the end of private key in .env file and it worked for me...I know it would seems dumb for some but many made this mistake as they are too used to with Javascript and solidity...

answered Nov 16 '22 at 06:36

VIVEK T

5
1

Using private key in a .env file

9 Answers9

Step1 - Convert Key to Base 64

Step 2 - Copy the console log data to `.env` file

Step 3 - Using the Key in the code

Linked

Using private key in a .env file

9 Answers9

Step1 - Convert Key to Base 64

Step 2 - Copy the console log data to .env file

Step 3 - Using the Key in the code

Linked

Step 2 - Copy the console log data to `.env` file