Login/Register
IntelliJ: Setting private key as environment variable doesn't work (Spring boot project)
Asked Answered
springspring-bootintellij-ideaprivate-key
Y

4

7

I have a spring boot project in which if I use private key (multiline text) it works perfectly fine (which means no issue with the key) but when I am trying to set it as environment variable in intellij it shows

Reason: Property 'spring.cloud.config.server.git.privateKey' is not a valid private key

I am fully aware that this is happening because of new line chars. So I tried to replace new lines with \n (as text) some thing like

-----BEGIN RSA PRIVATE KEY-----\nline1\nline2.....\nlinen\n-----END RSA PRIVATE KEY-----

But it doesn't work either.

The working version in property file is:

privateKey: |
            -----BEGIN RSA PRIVATE KEY-----
           secret data....
            -----END RSA PRIVATE KEY-----
Yellowwood answered 30/1, 2019 at 3:35 Comment(0)
G
4

There is a tricky way to fix it.

  1. close your IDE (Goland, IntelliJ, etc.)
  2. replace \n with 
 (with VisualStudioCode)
  3. open the config file from .idea/workspace.xml.
  4. put the value and save the file
  5. open the IDE

it's become something like:

"-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
...."
Gemmell answered 13/10, 2021 at 7:53 Comment(1)
Not working for GoLand 2023.1 (231.8109.199)Canalize
D
3

IntelliJ environment variables cannot support new lines, see https://unix.stackexchange.com/q/369972.

If you are determined to use environment variables, then I think your best option would be to point to a private key using an environment variable.

Another option would be to parse the environment variable, replacing \n occurrences with actual new lines. This is kind of a mess, because then you are conditionally parsing or not parsing the private key.

Deste answered 30/1, 2019 at 9:2 Comment(0)
V
1

This is an issue regardless of the IDE used. When you set the privateKey as an environment variable which is what will typically be done in a production environment, the key validation fails and you get the error .. is not a valid private key.

I got around this in the following manner.

  1. Just pass in the main content of the key in the environment variable. So for example, if the private key is :
-----BEGIN RSA PRIVATE KEY-----
{keyContent}
-----END RSA PRIVATE KEY-----

and the environment variable is githubKey, the value of githubKey is keyContent. 2. Add a EnvironmentPostProcessor implementation in your code to transform the content inside githubKey to the properly formatted private key and store this formatted value in a new property formattedGithubKey

@Component
public class GithubKeyProcessor implements EnvironmentPostProcessor {

    private static final String START_PK = "-----BEGIN RSA PRIVATE KEY-----";
    private static final String END_PK = "-----END RSA PRIVATE KEY-----";
    private static final String LINE_BREAK = "\n";

    @Override
    public void postProcessEnvironment(ConfigurableEnvironment environment,
                                       SpringApplication application) {

        String githubKey = environment.getProperty("githubKey");

        Map<String, Object> formattedGithubKeyProperties = new HashMap<>();
        formattedGithubKeyProperties.put("formattedGithubKey", formatKey(githubKey));
        environment.getPropertySources()
                .addLast(new MapPropertySource("formattedGithubKeyProperties", formattedGithubKeyProperties));

        System.out.println("Done transforming githubKey to the correct format");
    }

    private String formatKey(String theSshKey) {
        if (theSshKey.indexOf(LINE_BREAK) < 0) {
            String tmpKey = theSshKey.replace(START_PK, "").replace(END_PK, "").trim();
            return START_PK + LINE_BREAK + tmpKey.replaceAll(" ", LINE_BREAK) + LINE_BREAK + END_PK;
        } else {
            return theSshKey;
        }
    }
}

Note that this environment processor has to be registered inside the src/main/resources/META-INF/spring.factories file whose content looks like this:

org.springframework.boot.env.EnvironmentPostProcessor={package}.GithubKeyProcessor
  1. In the application yml file, use this new property for the private key.
spring:
  cloud:
    config:
      server:
        git:
          private-key: ${formattedGithubKey}

This should do the trick.

Vespertilionine answered 9/11, 2021 at 20:11 Comment(0)
Q
0

What I did in my case is to encode the private key in base 64 and then store that string in the environment variable. Then you can decode it and use it.

To encode the key:

cat private_key.p8 | base64
Quail answered 29/8, 2023 at 14:22 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.