-
Notifications
You must be signed in to change notification settings - Fork 2
Files as String
To have files at disk level is a common practice used ancestrally. It work's very well but what happen if you need an automatic horizontal scaling without human help?
A lot of people will say: I can configure a local docker volume, share a disk o use some disk service of aws, gcp or azure. That will work, but for me, the fewer humans needed, the better :b
So my advice is to develop the application focused on environment variables as bible says including the files or certificates.
I use this to convert a pfx cert to a single base64 string
base64 -w 0 acme_cert.pfx > acme_cert_base64.txt
So you application will receive the certificate as string an do whatever it wants like decode it, persist it as file, etc
Someone could say: WTF?? Pass files as environment string is a bad practice , bla bla
But if you have worked with google and its service client json, handle certificate or files as string is not a crazy or bad practice. Here an example of google service client json exported from google developer console:
{
"type": "service_account",
"project_id": "PROJECT_ID",
"private_key_id": "KEY_ID",
"private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n",
"client_email": "SERVICE_ACCOUNT_EMAIL",
"client_id": "CLIENT_ID",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL"
}
Source: https://cloud.google.com/iam/docs/creating-managing-service-account-keys