Copy link to clipboard
Copied
Making sure this gets the correct eyes on so apologize for it beign a dupe of:
https://community.adobe.com/t5/document-services-apis-discussions/how-to-send-private-key-while-crea...
As the person in the post above, I too want to keep the API Cred info in AWS Secret Mgr where we pull them out into process.env variables when the pod starts. But it's not letting me pass the private.key in as a string to .withPrivateKey(). I've tried stripping whitespace, removing the BEGIN/END lines, replacing newlines with "\n" in the string, et al.
I always get the following error:
2022-03-20T16:45:59.663:[INFO]: All validations successfully done. Beginning Combine Operation execution
Error: error:0909006C:PEM routines:get_name:no start line
at Sign.sign (node:internal/crypto/sig:131:29)
at Object.sign (/Users/chrisweicht/g3/adobe/node_modules/jwa/index.js:152:45)
at Object.jwsSign [as sign] (/Users/chrisweicht/g3/adobe/node_modules/jws/lib/sign-stream.js:32:24)
at Object.module.exports [as sign] (/Users/chrisweicht/g3/adobe/node_modules/jsonwebtoken/sign.js:204:16)
at /Users/chrisweicht/g3/adobe/node_modules/@adobe/pdfservices-node-sdk/src/internal/auth/jwt-authenticator.js:46:17
at new Promise (<anonymous>)
at JwtAuthenticator.getPrivateKeyPromise (/Users/chrisweicht/g3/adobe/node_modules/@adobe/pdfservices-node-sdk/src/internal/auth/jwt-authenticator.js:43:10)
at JwtAuthenticator.refreshSessionToken (/Users/chrisweicht/g3/adobe/node_modules/@adobe/pdfservices-node-sdk/src/internal/auth/jwt-authenticator.js:61:15)
at JwtAuthenticator.getSessionToken (/Users/chrisweicht/g3/adobe/node_modules/@adobe/pdfservices-node-sdk/src/internal/auth/jwt-authenticator.js:117:15)
at HttpRequest.authenticate (/Users/chrisweicht/g3/adobe/node_modules/@adobe/pdfservices-node-sdk/src/internal/http/http-request.js:153:31) {
library: 'PEM routines',
function: 'get_name',
reason: 'no start line',
code: 'ERR_OSSL_PEM_NO_START_LINE'
}
A fallback would be to write out the private.key to a file via k8s/helm configuration but I would rather keep it in process.env if possible.
Thanks in advance.
Have something to add?