Setting a secret in JSON format

Hi there,

I’m trying to set the following secret for my app, which is a JSON token:

GCP_AUTH={
  "auth_provider_x509_cert_url"="https://www.googleapis.com/oauth2/v1/certs",
  "auth_uri"="https://accounts.google.com/o/oauth2/auth",
  "client_email"="xxx@xxx",
  "client_id"="xxx",
  "client_x509_cert_url"="https://www.googleapis.com/robot/v1/metadata/x509/xxxxxxxxx",
  "private_key"="-----BEGIN PRIVATE KEY-----\nxxxxxxxxxxx\n-----END PRIVATE KEY-----\n",
  "private_key_id"="xxxxxxxxxxxxx",
  "project_id"="xxx",
  "token_uri"="https://oauth2.googleapis.com/token",
  "type"="service_account"
}

Two questions:

  • How should I format it: escape special characters, remove newlines? It seems like the hash of secrets is different if I do SOME_SECRET=abcd or SOME_SECRET="abcd".
  • Should I set this with fly secrets set GCP_AUTH=... or fly secrets import?

Thanks!

Edit: I’ve tried to escape it with single quotes and got a (Jason.DecodeError) unexpected byte at position 33: 0x3D ("=")... error:

({application_start_failure,goth,{{shutdown,{failed_to_start_child,'Elixir.Goth.Config',{#{'__exception__' => true,'__struct__' => 'Elixir.Jason.DecodeError',data => <<"{\n  \"auth_provider_x509_cert_url\"=\"https://www.googleapis.com/oauth2/v1/certs\",\n  \"auth_uri\"=\"https://accounts.google.com/o/oauth2/auth\",\n  \"client_email\"=\"xxx\",\n  \"client_id\"=\"xxxxxx\",\n
...

Hey @fdeage, I typically run the GCP credentials json file through base64 before setting it as a secret and in my application, I’ll decode it as base64 before using it.

I think the CLI also has a flag for setting a secret from a file.

Thanks @JP_Phillips ! By creating a JSON file I also realized I was using = instead of : in my file :slight_smile: