getSignedJsonWebToken() yields error:0906D06C:PEM routines:PEM_read_bio:no start line

[karlshaver]

Passing a PEM private key (in double quotes with line breaks replaced with \n, as shown in docs) to app.getSignedJsonWebToken() yields "error:0906D06C:PEM routines:PEM_read_bio:no start line". I'm using the function in a node lambda with a simple configuration:

const APP_ID = process.env.GITHUB_APP_ID;
const PRIVATE_KEY = process.env.GITHUB_PRIVATE_KEY;

const app = new App({ id: APP_ID, privateKey: PRIVATE_KEY });
const jwt = app.getSignedJsonWebToken();

As a note, logging the app ID and private key does show them both being brought in correctly.

[wolfy1339]

This doesn't seem like an issue with this package, since I have tested the same method as you, and no problem at all with this package or the upstream jsonwebtoken package.

The following is my code that I have tested;

const key = fs.readFileSync('./private-key.pem').toString();

const app = new App({ id: process.env.APP_ID, privateKey: key });
const jwt = app.getSignedJsonWebToken();

It seems as though the docs need updating, you don't need to do anything with the private key string

[astuyve]

I had the same issue with my PEM key set in env variable. I could dump the ENV, copy and paste the var into a node console, and everything would work - but somehow I would get this error in my logs.

I'll keep playing with it and post again if I find the solution.

[gr2m]

Thank you, much appreciated

[tnolet]

Having the same issue. Saving to disk is not really an option I'm afraid. Need to read this from an ENV variable.

[wolfy1339]

Unfortunately this issue only comes up when using environment variables. The only thing we can do now is discourage their use until a solution can be found

[gr2m]

If someone could provide a reproducible test case that would be great. This package does not read out any environment variables, so the problem seems to be out of scope? Maybe log out the key before passing it to the privateKey and see if it's formatted correctly?

[tnolet]

Ok found it. Environment variables don't respect \n encoding so you need to explicitly replace them...sigh...

This works for me.

1. Store your private key with \n as the new line, as per the documentation.

GITHUB_APP_PRIVATE_KEY=-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEArwgRs2okqD9NC3IrzYmFx82A66eZzkaa+bFBeDwxh0L6MiuI\n/Ngm+9Yq+
... bla bla bla more stuff ....
yMYPNcQu62afq9oBVV1OY0/U5x454eVk6h\nKOz+TQ10QWEkIgkJGl+8aB3iYPzmzSqoCXYy1tu4
ReT\nhRaYHTbStLF4z29OjqkUMsy3KO6REkWqbsEnLkqvRYSRVsKXLM0K\n-----END RSA PRIVATE KEY-----\n

2. Read the variable and do a global replace

const app = new App({
  id: process.env.GITHUB_APP_ID,
  privateKey: process.env.GITHUB_APP_PRIVATE_KEY.replace(/\\n/g, '\n')
})

Sorry @gr2m had nothing to do with the repo or code.
Also see https://stackoverflow.com/questions/30400341/environment-variables-containing-newlines-in-node

[gr2m]

Thanks @tnolet, that's very helpful. As this might be a common mistake, I wonder if we can provide a more helpful error message? Maybe we can recognize the wrong formatting before trying to generate the JWT and throw a helpful error?

[tnolet]

@gr2m just add a little callout somewhere in the docs. That should be enough. Don't clutter the code with stuff that doesn't belong there.

[gr2m]

If only everyone would read the docs 😭

Maybe the fix is as simple as adding a .replace(/\\n/g, '\n') to the code, with a comment referencing this issue?

[thellimist]

In .env I had my variable as

GITHUB_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY----- .....-----END RSA PRIVATE KEY-----"

changed it to

GITHUB_PRIVATE_KEY=-----BEGIN RSA PRIVATE KEY----- .....-----END RSA PRIVATE KEY-----

by removing the " characters then did .replace(/\\n/g, '\n') and it fixed

[gr2m]

This library is being deprecated in favor of https://github.com/octokit/auth-app.js/.

If anyone can reproduce the problem discussed here, I'd very much appreciate a pull request with a failing test to https://github.com/octokit/auth-app.js/ 🙏