This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

google-github-actions/auth@v2 Cannot Parse Google Service Account Key From Secret Manager

Posted on 10-01-2024 12:04 PM
KimGarza
New Member
Reply posted on --/--/---- --:-- AM

 

Hello!
I am building an expo app and at this point I have a yml file for my pipeline which builds eas successfully, but upon submission, I get an error of eas submit seeing my pub/priv key which is part of the Google Service Account json secret. This is a github repository secret.
[logs] /usr/lib/ruby/3.0.0/openssl/pkey.rb:348:in `initialize': [!] Neither PUB key nor PRIV key: unsupported (OpenSSL::PKey::RSAError)
I am adding the service account json data into the github secret as following the guidelines using gemini and chatGPT's suggestions. I have tried both as-is (as google gives it to me in the json to download copy paste) and I have tried removing white space as well and no luck. I get this error every time.

Upon speaking with Gemini it wants me to use Google Secret Manager for security purposes. I have tried using this with the same copy/paste approach as is, the no white space, and EVEN the upload of the actual json file instead of text. This is the 3rd service account key I have tried thinking it was corrupt or something but I do not believe that is the issue.
Ever since using google-github-actions/auth@v2 to look for the path of my google secret now I get this error:
Run google-github-actions/auth@v2 with: credentials_json: *** create_credentials_file: true export_environment_variables: true universe: googleapis.com cleanup_credentials: true access_token_lifetime: 3600s access_token_scopes:  https://www.googleapis.com/auth/cloud- platform id_token_include_email: false Error: google-github-actions/auth failed with: failed to parse service account key JSON credentials: unexpected token '�', "��#y�l�_;�"... is not valid JSON
I have no clue why it thinks there are these random tokens (this occurs with json file or copy paste of the EXACT data google gives me and without white space. Does anyone have any clue what I can try next?
0 1 1,543
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
David-French
Staff
Reply posted on --/--/---- --:-- AM

Here are a few things to try, if you're trying to authenticate using a service account key that's stored as a secret in your GitHub repo.

Can you confirm that your service account key is stored in a GitHub Actions secret within your GitHub repo in the following format? Let's use the secret name "GOOGLE_CREDENTIALS" for this example.

 

{"type":"service_account","project_id":"xxx","private_key_id":"xxx","private_key":"xxx","client_email":"xxx","client_id":"xxx","auth_uri":"xxx","token_uri":"xxx","auth_provider_x509_cert_url":"xxx","client_x509_cert_url":"xxx","universe_domain":"xxx"}

 

Next, can you confirm that your GitHub Actions workflow is configured as per these three lines: https://github.com/google-github-actions/auth/blob/8254fb75a33b976a221574d287e93919e6a36f70/README.m...

 

0 Likes
Top Solution Authors
View all