how to set secrets from JSON file?

Hi

how can I set sectrets from Google OAuth JSON file? When I copied the file as a string I got an error

PS C:\Users\> flyctl.exe set GOOGLE_OAUTH2_CLIENT_SECRETS_JSON={"web":{"client_id":"749668-8r68if23dg5hj7vkud2tugqqtcsi1.apps.googleusercontent.com","project_id":"-3630","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"-yMbT_foVRNsnTYVb1bh"}} -a zzrec
At line:1 char:56
+ flyctl.exe set GOOGLE_OAUTH2_CLIENT_SECRETS_JSON={"web":{"client_id": ...
+                                                        ~
Unexpected token ':' in expression or statement.
At line:1 char:69
+ ... {"client_id":"-8r68if23dg0ugqqtcsi1.apps.goog ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Unexpected token ':"-8r68if23de0ugqqtcsi1.apps.googleusercontent.com"' in expression or
statement.
At line:1 char:144
+ ... 8r68if2qqtcsi1.apps.googleusercontent.com","project ...
+                                                                 ~
Missing argument in parameter list.
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

Thank you
Radek

You can base64 it and set it as one big string (as long as it fits the undocumented, unknown size-limit for secrets), like so:

# on a *nix, from a loooong b64:
echo "long-base64-text..." | fly secrets set SECRET_BIG_B64=-

# and, from a file
fly secrets set SECRET_MASSIVE_TXT =- < file.txt

Ref: How are you managing cert files with Fly? - #16 by michael

2 Likes

It was actually good enough to enclose the JSON text in single quote

1 Like

so from a file using< does not work for me. I did not base64 it

PS C:\Users\Radek> flyctl secrets -a zzrec set GOOGLE_OAUTH2_CLIENT_SECRETS_JSON=- < C:\downloads\client_secret_7496673475hj7vku1.apps.googleusercontent.com.txt
At line:1 char:65

  • … tl secrets -a zzrec set GOOGLE_OAUTH2_CLIENT_SECRETS_JSON=- < C:\down …
  •                                                             ~
    

The ‘<’ operator is reserved for future use.
+ CategoryInfo : ParserError: (:slight_smile: , ParentContainsErrorRecordException
+ FullyQualifiedErrorId : RedirectionNotSupported

I solved this issue on Windows by setting each key in the JSON file as a separate environment variable.
Which went well with well. But I was facing an issue with a key in my JSON file because it has a humongous value that spanned many lines in the terminal.

To fix that this Windows Powershell Command that did the job for me:

flyctl secrets set private_key="$((Get-Content secrets.json | ConvertFrom-Json).private_key)" --json 

Here is the bash equivalent of this(Not verified):

flyctl secrets set private_key="$(jq -r '.private_key' secrets.json)" --json

These commands basically extract the key private_key from the secrets.json file in my root directory.
The resulting value is passed as a parameter to the flyctl secrets set command.

1 Like