Mandar Vaze
Posted on May 1, 2020
This was originally posted on my blog, here.
Problem
If you have deployed an app on heroku, you know that the only way to get any files there is via git.
Normally this is fine, but Google API expects an environment variable GOOGLE_APPLICATION_CREDENTIALS
that points to a json file.
If you google, you might come across tutorials like this or even SO answer
Essentially they tell you to commit the json
file downloaded from Google into git. Since heroku does not have a file system per se, there is no way to get the json file to heroku.
But ..... this file should never be in git. The file contains your
security credentials, and it is (indirectly) linked to your credit card.
Even if hacker does not get (direct) access to your credit card, if they use your credentials, your account will get billed (once you go over quota) and google will charge your credit card.
So putting the credentials json file in git is a bad idea.
So what should a developer to do ?
Solution
The workaround is to store the contents on json file in an environment variable, and at runtime, create the json file on-the-fly by reading the environment variable.
But there is better option, use this Custom Build pack
Even better, Create .profile
file in your repo, and create the json file from the environment variable. No buildpack required.
Commands
- On your local machine, where you have downloaded the
credentials.json
- Store the JSON contents in environment variable :
heroku config:set GOOGLE_CREDENTIALS="$(< credentials.json)"
- Store the JSON contents in environment variable :
- Create a
.profile
and put this in it :echo ${GOOGLE_CREDENTIALS} >
/app/google-credentials.json- This will create the file on heroku's ephemeral file system each time a dyno is booted.
- Commit this
.profile
in the root of your git repo
- Point to the file as Google API expects.
heroku config:set GOOGLE_APPLICATION_CREDENTIALS=/app/google-credentials.json
- 🎉
Posted on May 1, 2020
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.