Trouble with writing secret to json gcloud auth

So im trying to write a secret to a json with this

echo "$GOOGLE_TOKEN" > /tmp/gcloud.json

And it writes correctly if i cat the file. But when i try to do an gcloud auth I get this error.

ERROR: (gcloud.beta.auth.activate-service-account) Could not read json file /tmp/gcloud.json: Invalid control character at: line 5 column 46 (char 171)

And im positive its not the json because i was able to authenticate with the same command on my machine, so it seems the error is the echo.

According to the error their is an invalid character in your yaml. But if you can cat the file, and you are positive the json is fine, I guess you need to open an issue with the gcloud support team?

@bradrydzewski Haha I acually did, so i tested it locally and it activated with no problem. I think the problem is something related to this Issues with multiline secrets concealing and being passed to environment

But how would I fix it on drone 0.8?

Sorry, I am not sure I understand. That thread only applies to older versions of drone, and is not relevant to drone 0.8. Please provide more detail including a full copy of your yaml file and the version of drone you are using.

Also please confirm you added the file using the steps described here:

    image: google/cloud-sdk

      - echo -n "$GOOGLE_TOKEN" > /tmp/gcloud.json
      - cat /tmp/gcloud.json
      - gcloud beta auth activate-service-account --key-file=/tmp/gcloud.json
    secrets: [google_token]

I’m using 0.8 and i get the error that i stated above. I reffered to that post because i thought the issue might of been similar.

Can you confirm you added the secret from file using the steps described here:

How do you know for sure there is no special character in your yaml? I see you cat the file, however, a special character would likely be ignored or not rendered in the browser, and you would not see it. If the error message says there is an invalid character, I would assume there is an invalid character. This is something you should be able to verify, by checking character 171 after you write it.

So how would a special character end up in your secret? This would likely happen during upload, which is why we have special instructions for uploading secrets from files to preserve file content and integrity.

OK I reuploaded it and have the same error, also I’m able to use the same secrets in the GCR plugin and it works perfectly, So I would imagine the error is happening when the secret is being pulled into the file with echo.

@ThePixelBro22 echo doesn’t preserve “\n”, and breaks the json. Use printf instead, it will respect the json.

printf "%s" $GOOGLE_TOKEN > /tmp/gcloud.json
1 Like

Hi guys. Sorry to bump such an old thread.

For some reason or another I couldn’t get any combination of printf or echo to output the JSON service credentials without them coming out malformed.

Finally a coworker suggested I base64 encode the credentials before putting them into Drone and then decode them when you need them. I found that to work perfectly.

Also, I put it into a stack overflow question here in hopes that it will be a bit easier for people to discover the solution.