In my serverless.yml file, I’m trying to add an environment variable called GOOGLE_APPLICATION_CREDENTIALS which points to my service account credentials JSON file but when added to the serverless file I'm getting an error Environment variable GOOGLE_APPLICATION_CREDENTIALS must contain string
I tried adding the environment variable GOOGLE_APPLICATION_CREDENTIALS using AWS CLI and it worked fine. But I want to add the environment variable from serverless file.
I’ve tried the below methods but none of the method seem to work
environment:
GOOGLE_APPLICATION_CREDENTIALS: ‘${file(./serviceAccountCreds.json)}’
environment:
GOOGLE_APPLICATION_CREDENTIALS: “${file(./serviceAccountCreds.json)}”
environment:
GOOGLE_APPLICATION_CREDENTIALS: ${file(./serviceAccountCreds.json)}
My use case is I need to load the google application credentials to call the GCP APIs from the AWS lambda. I’ve read answers regarding support for google cloud functions for setting the environment variable but doesn’t seem to help with the AWS functions. Not sure the support in generic one or only to GCP functions.
Edited : Tried setting the environment variable at the run time process.env.GOOGLE_APPLICATION_CREDENTIALS as well and worked. But this still leaves me with a question whether the serverless has support of setting env.variables to JSON files as a whole.
Links I followed:
https://www.serverless.com/framework/docs/providers/aws/guide/variables
https://github.com/serverless/serverless-google-cloudfunctions/issues/122
https://github.com/serverless/serverless-google-cloudfunctions/pull/123
Try setting a variable like this:
GOOGLE_APPLICATION_CREDENTIALS=$(cat ./serviceAccountCreds.json)
wchich will set the value of the variable to whatever content is in your credentials JSON file.
If the value has to contain only the path to a json file then try this:
GOOGLE_APPLICATION_CREDENTIALS=./serviceAccountCreds.json
You may also find this question interesting (very simillar case).
And here's some discussion on how to pass a variable from a file in Bash.
Lastly - some very basic examples on how to work with variables.
Related
I have an issue, my website seems to build and deploy fine but when I visit it does not work. When I inspect element I receive error stating ‘Failed to load resource: the server responded with a status of 404 ()’. I understand that the page isn’t loading because it can’t be found but I don’t understand why it can’t be found, but the website is working fine locally.
website is build on react
Github: https://github.com/aff7n/weather-app
Website: https://profound-muffin-a078da.netlify.app/
I know all this may sound stupid, (bear with me since I'm a beginner with React) but how do I fix this?
You're using process.env in browsers to get the complete URL. This is your code:
const apiUrl = `${process.env.REACT_APP_API_URL}/weather/?lat=${lat}&lon=${long}&units=metric&APPID=${process.env.REACT_APP_API_KEY}`;
process is Node.js API, and it returns undefined in browsers. This is why, the URL is converted to:
https://profound-muffin-a078da.netlify.app/undefined/weather/?lat=19.1981219&lon=72.9600269&units=metric&APPID=undefined
The solution would be to:
Hardcode the actual values of the variables. I don't see why you're using environment variables here. There's nothing sensitive in the URL, anyone can see it anyways.
OR Refer to: https://create-react-app.dev/docs/adding-custom-environment-variables/. Quoting:
You must create custom environment variables beginning with REACT_APP_. Any other variables except NODE_ENV will be ignored to avoid accidentally exposing a private key on the machine that could have the same name. Changing any environment variables will require you to restart the development server if it is running.
Basically, prefix the variables with REACT_APP_. The end result would be same as option 1 though.
Final option: Use Netlify Functions (or Netlify Edge Functions) to make a call to the API and return the response to the client application. Here, you can use process.env (or Deno.env if you use Netlify Edge Functions) and keep the URL a secret.
There is a statement in
https://create-react-app.dev/docs/adding-custom-environment-variables/ :
Any other variables except NODE_ENV will be ignored to avoid accidentally exposing a private key on the machine that could have the same name.
What is meant here by exposing a private key on the machine that could have the same name?
I could get nothing from this sentence. Could you please explain this statement with an example?
Thank you in advance.
As mentioned in the docs, a React app will include the environment variables in the source code when you build the application.
Environment variables are embedded into the build, meaning anyone can view them by inspecting your app's files.
Imagine that you have a React frontend and a backend service, both hosted on the same machine. Also imagine that you accidentally refer to an environment variable in your React app, which contains some secret used by the backend service. Now that secret will be exposed to world in the frontend source.
That is why an "intentionally verbose" prefix is added to the environment variables used by the React app. It forces you to be explicit about what you want exposed in the frontend.
It is intentionally verbose. Otherwise there is a risk of accidentally exposing a private key on the machine that happens to have the same name.
https://github.com/facebook/create-react-app/issues/865#issuecomment-252199527
I built and deploy a next.js web app in which I very carefully choose my environment variables and put them in the next.config.js file, and ignored them using gitignore file. Now when I opened the inspect window on the browser the NEXT_DATA script exposing all my secret variables. Can someone suggest a solution to this?
you have to create an environment variable for production as you do you have to create a file
.env
where you have to put the variable you want to use
here is an example of how to create and use the environment variable
https://www.npmjs.com/package/react-dotenv
remember to create in .env file then add your variable
Sorry if this might be a bit of a trivial question, but I wanna be sure and couldn't exactly find a definitive answer online.
I am writing a small app that uses Mapbox, and I am using react-map-gl for it. They require the access token on the client side, so they suggest using an environment variable. My question is would it be okay to simply create a .env file in the front-end folder and put the variable there?
Thanks!
You can't get away from revealing API keys on the front end. If someone wants to dig around in your source code, they will find them.
However, you should always configure any API key that is visible on the Internet to be restricted to specific referrers, i.e. the domain of your website.
Usually this is done during creation of an API key through your provider's dashboard.
For Mapbox, you can read the documentation on restricting API tokens here. It states:
You can make your access tokens for web maps more secure by adding URL restrictions. When you add a URL restriction to a token, that token will only work for requests that originate from the URLs you specify. Tokens without restrictions will work for requests originating from any URL.
(emphasis my own)
They require the access token on the client side, so they suggest using an environment variable. My question is would it be okay to simply create a .env file in the front-end folder and put the variable there?
There are two reasons one uses environment variables in front-end development:
As a convenience, to keep environment-specific configuration removed from source code.
To keep sensitive information out of source code. You shouldn't commit API tokens or other similarly sensitive details to your version control.
Using environment variables in front-end code will not to keep their values secret from the end user. Whatever the value of an environment variable is at build time will be visible in the compiled output.
Currently I'm getting access to the API though the GOOGLE_APPLICATION_CREDENTIALS environment variable. I created and downloaded a service account key as a .json file and set the environment variable to that file. Due to the requirements of the project I'm working on, I won't be able to do this. I tried using the credentials variable in the constructor for the datastore client object, but I wasn't able to get that to work. How should I be going about this?
I'm running Windows 10, but any solution should be (relatively) OS agnostic. I'm writing in python 3.6.
You can use from_service_account_json():
from google.cloud import datastore
client = datastore.Client.from_service_account_json('/path/to/credentials.json')
var = client.get(client.key('MyKind', '<key value>'))
print(var)
see: https://cloud.google.com/docs/authentication/production#obtaining_and_providing_service_account_credentials_manually