3

I am able to store a .pem file but not a .p12 file. When I run the command

heroku config:set P12_CERTIFICATE="$(cat /Users/Brian/certs/pass.com.gym.p12)"

I get an error 

invalid byte sequence in UTF-8
/Users/Brian/.rvm/rubies/ruby-2.0.0-p353/lib/ruby/2.0.0/optparse.rb:1355:in `==='
/Users/Brian/.rvm/rubies/ruby-2.0.0-p353/lib/ruby/2.0.0/optparse.rb:1355:in `block in parse_in_order'
/Users/Brian/.rvm/rubies/ruby-2.0.0-p353/lib/ruby/2.0.0/optparse.rb:1351:in `catch'
/Users/Brian/.rvm/rubies/ruby-2.0.0-p353/lib/ruby/2.0.0/optparse.rb:1351:in `parse_in_order'
/Users/Brian/.rvm/rubies/ruby-2.0.0-p353/lib/ruby/2.0.0/optparse.rb:1345:in `order!'
/Users/Brian/.heroku/client/lib/heroku/command.rb:168:in `prepare_run'
/Users/Brian/.heroku/client/lib/heroku/command.rb:222:in `run'
/Users/Brian/.heroku/client/lib/heroku/cli.rb:45:in `start'
/usr/local/Cellar/heroku-toolbelt/3.0.1/libexec/bin/heroku:24:in `<main>'

According to this accepted answer from a couple of years ago, this used to be possible for p12 files. I really need to be able to store the p12 file in a config var in order to sign passes dynamically. Any help is appreciated.

Community
  • 1
  • 1
fontno
  • 6,642
  • 6
  • 36
  • 43

2 Answers2

2

.p12 (PKCS#12) uses a binary file format so you won't be able to include that as a Heroku configuration variable.

One option is to convert the p12 to separate PEM files for the key and the cert as detailed in this answer

You could then add the contents of the key file and the cert as heroku config variables. You could sign documents using those instead or even create (I think) a PKCS12 file on the fly with OpenSSL:

p12 = OpenSSL::PKCS12.create('pass', 'descriptor',
                      OpenSSL::PKey.read(ENV['PRIVATE_KEY']),
                      OpenSSL::X509::Certificate.new(ENV['CERT']))
p12_binary = p12.to_der
Community
  • 1
  • 1
Lukas Eklund
  • 6,068
  • 1
  • 32
  • 33
1

An alternative to Lukas' answer is to base64 encode your p12 file and then convert it back when you need to use it. For example, in NodeJS you would do something like:

Convert to Base64 String

const p12Buffer = fs.readFileSync("/path/cert.p12");
const base64String = Buffer.from(p12Buffer).toString('base64');

You could then store the contents of the base64String string into your heroku config environment variable P12_CERT

Convert from Base64 String (to use the p12 cert in your code)

const p12Buffer = Buffer.from(process.env.P12_CERT, 'base64');
kingliam
  • 315
  • 3
  • 8