create-envfile
create-envfile copied to clipboard
SpicyPizza
How to escape multiline values in .env file
First of all, thanks a million for this action, it's super useful.
I was wondering how to escape multiline env vars. let's say I have a cert that I want to pass to my .env file from a github secret. This works locally because I can wrap the cert in quotes in my local .env file. How can I accomplish the same thing with this action? I don't think it does this by default, because right now I'm getting the following error when I try to run docker-compose
Run docker compose -f docker-compose.yml -f production.yml build
unexpected character "+" in variable name near "***\n***\n***\n***\n***\n***\n***\n***\n***\n***\n***\n***\n***\n***\n***\n***\n***\n***\n***\nPOSTGRES_DB=***\nPOSTGRES_HOST=***\nPOSTGRES_PASSWORD=***\nPOSTGRES_PORT=***\nPOSTGRES_USER=***\nREDIS_HOST=***\nREDIS_PASSWORD=***\nREDIS_PORT=***\n"
Error: Process completed with exit code 1.
It seems like something like this should work but it doesn't.
envkey_MULTILINE_ENV_VAR: "${{ secrets.MULTILINE_ENV_VAR }}"
I eventually got this to work by base64 encoding the multiline env var so that it wouldn't be multiline anymore, and then decoding it in the application where I needed to use it. But it seems like may be this is a scenario the lib should handle?
Hmm, I haven't thought about this use case before, but I suppose it isn't too hard to put something with multiple lines in a Github Secret. However, I'm wondering what the semantics of an environment file tend to be, I imagine most parsers would expect one variable per line?
This seems like it would be best as an opt in feature. Like if you accidentally pass a multi-line variable, then I imagine it would normally be better to error than allow it. Something like:
api_key=fgs87ssfg9897sdf
longer_key=adsfhalkjdhfkljash
fadsfjfadshfalkj
something_else=True
Would be an error if parsed I'd assume. Can you give an example of how you'd expect some multiline variables to look?
I'm specifically thinking of an RSA key or some similar value where the line breaks are meaningful and have to be encoded in some way.
In my instance, I was using dotenv in a Node.js project which supports wrapping multiline variables in quotes like this.
PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----
...
HkVN9...
...
-----END DSA PRIVATE KEY-----"
I guess in this situation, create-envfile needs to know if you're intentionally passing in a variable that has linebreaks or if you're not and it should through an error.
This seems a little hacky, but may be just adding something to the prefix like:
envkey_multiline_SECRET_KEY
Would an alternative solution be to format any incoming secrets that are multiline to instead just include newline characters \n at any newline?
From that dotenv readme:
This would be easier to implement, and shouldn't break anything I think. Or rather, are there cases where this wouldn't work?