Multi-line Environment Variables e.g: RSA Private Keys

[nelsonic]

One of our Apps github-backup requires the use of an RSA Private Key as an environment variable:

e.g:

simply copy-pasting the key from the .pem into an .env file or attempting to export it in the terminal e.g:

export PRIVATE_KEY=-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA04up8hoqzS1+
...
l48DlnUtMdMrWvBlRFPzU+hU9wDhb3F0CATQdvYo2mhzyUs8B1ZSQz2Vy==
-----END RSA PRIVATE KEY-----

Does not work ... because of the line breaks.

I did a bit of googling but did not find a workable solution ...
e.g: https://stackoverflow.com/questions/43082918/how-to-sett-multiline-rsa-private-key-environment-variable-for-aws-elastic-beans

Error:

-----END RSA PRIVATE KEY-----': not a valid identifier

followed the instructions in: http://blog.vawter.com/2016/02/10/Create-an-Environment-Variable-from-a-Private-Key
Created a file called keytoenvar.sh with the following lines:

#!/usr/bin/env bash
file=$2
name=$1
export $name="$(awk 'BEGIN{}{out=out$0"\n"}END{print out}' $file| sed 's/\n$//')"

then ran the following command:

 source keytoenvar.sh PRIVATE_KEY ./gitbu.2018-03-23.private-key.pem

That works but it seems like a "long-winded" approach ... 🤔

Does anyone know of a simpler way of doing this?
(I'm trying to make it as "beginner friendly" as possible...)

@SimonLab / @Cleop relates to GitBu environment variables specifically the GitHub App PRIVATE_KEY

[nelsonic]

Created a StackOverflow question:
https://stackoverflow.com/questions/49457787/how-to-export-a-multi-line-environment-variable-in-bash-terminal-e-g-rsa-privat
So whoever answers can get some "points". 🏅

[curioustushar]

@nelsonic Try

export the key

export test_key=`cat ~/.ssh/test.pem`

test.sh

#!/bin/bash

echo $test_key;

Hope it works, if you are satisfied i will post on SO and gain some points 😉

[nelsonic]

Hi @cse-tushar, thank you so much for sharing your thoughts/solution! 🥇

That is a nicer solution than requiring a keytoenvar.sh file (listed above)

export PRIVATE_KEY=`cat ./gitbu.2018-03-23.private-key.pem`

If you post it on StackOverflow I will up-vote.

Feel free to include the following in your answer:

---

If you want to save the key to an .env file with the rest of your environment variables,
all you needed to do is "wrap" the private key string in single quotes
in the .env file ... e.g:

export HELLO_WORLD='-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA04up8hoqzS1+APIB0RhjXyObwHQnOzhAk5Bd7mhkSbPkyhP1
...
iWlX9HNavcydATJc1f0DpzF0u4zY8PY24RVoW8vk+bJANPp1o2IAkeajCaF3w9nf
q/SyqAWVmvwYuIhDiHDaV2A==
-----END RSA PRIVATE KEY-----'

So the following command will work:

echo "export PRIVATE_KEY='`cat ./gitbu.2018-03-23.private-key.pem`'" >> .env

Followed by:

source .env

Now the key will be in your .env file and when ever you source .env it will be exported.

---

Exclude below this point, it's only for "reference" ...

I thought that the problem of including the private key string in the .env file was the new lines ...
so I went down the "rabbit hole" of trying to use "sed" to replace new lines with \n in the .pem file:

echo "export test_key=\"`sed -E 's/$/\\\n/g' ./gitbu.2018-03-23.private-key.pem`\"" >> .env

https://stackoverflow.com/questions/38672680/replace-newlines-with-literal-n
and http://www.grymoire.com/Unix/Sed.html
But I realised that it was "overkill" and the single-quote solution did the trick.

[curioustushar]

@nelsonic awesome bro :) awww sed is a real magician but it overkills sometimes.

[typelogic]

I did not like the 1 .pem file, and then another .sh file approach. There should be only 1 unified file containing both private key and script code. Answer is here

[markhu]

There is a simple answer. Just surround the multi-line literal value with quotes:

export PRIVATE_KEY='-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA04up8hoqzS1+
...
l48DlnUtMdMrWvBlRFPzU+hU9wDhb3F0CATQdvYo2mhzyUs8B1ZSQz2Vy==
-----END RSA PRIVATE KEY-----
'

PR dwyl/github-backup#134

[ideallical]

I ended up replacing \n with a few characters that I could then replace with \n again on reading from the .env file.

something like:

.env
-----

PEM_KEY=-----BEGIN PRIVATE KEY-----||n||MIGTAgsdsd.......wdwIBAQQgKjv4uZPMlEhmZEcJ||n||3l/W8AIWAS32SOdwClwsygCgYIKfdAA....hDcKJgl||n||a0Ydale+vtqCpR.....vH7+CsdsID8||n||fn21...5u||n||-----END PRIVATE KEY-----||n||

settings.py
-----------

SOCIAL_SECRET = env.str("PEM_KEY").replace("||n||", "\n")

[LikeCarter]

I'll add that a more elegant fool-proof way is to encode the env var as base64 and then decode it when you access it.

const base64 = process.env.GITHUB_PRIVATE_KEY
const privateKey = Buffer.from(base64, 'base64')

[cesperian]

@LikeCarter this is the best answer i've seen so far. Seems to works perfectly. Thanks for mentioning it!...

[ivolkoff]

u can try this:

makefile

...
include .env
export

export KAFKA_CERTIFICATE=`cat certificates/WinCAG2.crt`

...

run: 
	go build -o ./bin/ gitlab.com/abc/def/cmd/mycode
	KAFKA_CERTIFICATE=$(KAFKA_CERTIFICATE) ./bin/mycode