Trouble with writing secret to json gcloud auth

ThePixelBro22 · October 30, 2017, 3:18pm

So im trying to write a secret to a json with this

echo "$GOOGLE_TOKEN" > /tmp/gcloud.json

And it writes correctly if i cat the file. But when i try to do an gcloud auth I get this error.

ERROR: (gcloud.beta.auth.activate-service-account) Could not read json file /tmp/gcloud.json: Invalid control character at: line 5 column 46 (char 171)

And im positive its not the json because i was able to authenticate with the same command on my machine, so it seems the error is the echo.

bradrydzewski · October 30, 2017, 3:29pm

According to the error their is an invalid character in your yaml. But if you can cat the file, and you are positive the json is fine, I guess you need to open an issue with the gcloud support team?

ThePixelBro22 · October 30, 2017, 3:32pm

@bradrydzewski Haha I acually did, so i tested it locally and it activated with no problem. I think the problem is something related to this Issues with multiline secrets concealing and being passed to environment

But how would I fix it on drone 0.8?

bradrydzewski · October 30, 2017, 3:36pm

Sorry, I am not sure I understand. That thread only applies to older versions of drone, and is not relevant to drone 0.8. Please provide more detail including a full copy of your yaml file and the version of drone you are using.

Also please confirm you added the file using the steps described here:
http://docs.drone.io/manage-secrets/#example-from-file

ThePixelBro22 · October 30, 2017, 3:39pm

pipeline:
  gcloud:
    image: google/cloud-sdk

    commands:
      - echo -n "$GOOGLE_TOKEN" > /tmp/gcloud.json
      - cat /tmp/gcloud.json
      - gcloud beta auth activate-service-account --key-file=/tmp/gcloud.json
    secrets: [google_token]

I’m using 0.8 and i get the error that i stated above. I reffered to that post because i thought the issue might of been similar.

bradrydzewski · October 30, 2017, 3:50pm

Can you confirm you added the secret from file using the steps described here:
http://docs.drone.io/manage-secrets/#example-from-file

How do you know for sure there is no special character in your yaml? I see you cat the file, however, a special character would likely be ignored or not rendered in the browser, and you would not see it. If the error message says there is an invalid character, I would assume there is an invalid character. This is something you should be able to verify, by checking character 171 after you write it.

So how would a special character end up in your secret? This would likely happen during upload, which is why we have special instructions for uploading secrets from files to preserve file content and integrity.

ThePixelBro22 · October 30, 2017, 4:04pm

OK I reuploaded it and have the same error, also I’m able to use the same secrets in the GCR plugin and it works perfectly, So I would imagine the error is happening when the secret is being pulled into the file with echo.

enjoylife · January 19, 2018, 6:58am

@ThePixelBro22 echo doesn’t preserve “\n”, and breaks the json. Use printf instead, it will respect the json.

printf "%s" $GOOGLE_TOKEN > /tmp/gcloud.json

RayBB · March 29, 2019, 3:29pm

Hi guys. Sorry to bump such an old thread.

For some reason or another I couldn’t get any combination of printf or echo to output the JSON service credentials without them coming out malformed.

Finally a coworker suggested I base64 encode the credentials before putting them into Drone and then decode them when you need them. I found that to work perfectly.

Also, I put it into a stack overflow question here in hopes that it will be a bit easier for people to discover the solution.