Passing a private key as an environment variable

When working with private keys, one of the awkward things to deal with is how to pass them around to applications. If you're following a twelve-factor app approach where secrets are passed in via the environment variables, but as keys are multi-line there are a few options for how to wrap them into an environment varialbe.

One option is to replace the newlines with an escaped newline (via):

sed ':a;N;$!ba;s/\n/\\n/g' pem.pem

Then, it can for instance consume it using the following Typescript code:

const privateKey = (process.env.PRIVATE_KEY ?? '').replaceAll(/\\n/g, '\n')

Alternatively, we could base64-encode the key, which means we don't need to worry about (un)escaping newlines.

Written by Jamie Tanna's profile image Jamie Tanna on , and last updated on .

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.

#blogumentation #shell #certificates.

This post was filed under articles.

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.