Protected Resources with Private Keys

We're using the RETOOL_EXPOSED env variables to manage protected resources across deployments for Api Resources. How do we manage resources like GCS that require a private key. I tested and it doesn't map it to the JSON object of the service account key.

Hey @andy.barilla!

Would you mind sharing a bit more about how you're testing and the differences you're seeing? I believe you're generally on the right path and more specific information might help identify what's going wrong.

Feel free to reach out directly too if there's any sensitive information you rather not have posted here!

I managed to fix it so I'll post more info for here for other to find if they need.

This is how I was attempting to access the service key:

The problem was behind the scenes. The env variable was as an escaped string like so:

RETOOL_EXPOSE_GCP_SERVICE_ACCOUNT="{ \"type\": \"service_account\", \"project_id\": \"project-name-yadda-yadda\", \"private_key_id\": ...

Instead of as such:
RETOOL_EXPOSE_GCP_SERVICE_ACCOUNT={ "type": "service_account", "project_id": "project-nmae-yadda-yadda", "private_key_id": ...

Getting it set as the second way fixed things up.

1 Like