发表新帖
发表新帖

How to upload a json file with secret keys to Heroku

后端 未结
关注
3 2023
夕颜
夕颜 2021-01-08 01:01

I\'m building a rails app that pulls data from Google Analytics using the Google Api Client Library for Ruby.

I\'m using OAuth2 and can get everything working in dev

相关标签:
3条回答
  • 星月不相逢
    2021-01-08 01:27

    As discussed in this thread, rather than supplying a path to a json key file you can set three ENV variables instead:

    GOOGLE_ACCOUNT_TYPE=service_account
GOOGLE_PRIVATE_KEY=XXX
GOOGLE_CLIENT_EMAIL=XXX

    Source here.

    0 讨论(0)
  • 醉梦人生
    2021-01-08 01:30

    By search github I found that someone had used a different method that used a JSON string as an argument rather than a file path: Google::APIClient::ClientSecrets.new(JSON.parse(ENV['GOOGLE_CLIENT_SECRETS']))

    This lets me wrap up the JSON into an ENV VAR. The world makes sense again.

    0 讨论(0)
  • 醉酒成梦
    2021-01-08 01:42

    I ran into this same problem using Google API. I ended up using openssl to assign a new very secret passphrase to the p12 file, storing that new file in the repo, and then putting the passphrase into app secrets and on Heroku env variables.

    This way, the file is in the repo but it can't be accessed/read without the passphrase.

    This post was helpful in changing the default google p12 passphrase from 'notasecret' to something secure.

    def authorize!
  @client.authorization = Signet::OAuth2::Client.new(
    #...
    :signing_key => key
  )
end

def key
  Google::APIClient::KeyUtils.load_from_pkcs12(key_path, ENV.fetch('P12_PASSPHRASE'))
end

def key_path
  "#{Rails.root}/config/google_key.p12"
end
    0 讨论(0)
 看不清?
提交回复
热议问题