GuessJS Plugin/PEM Cert env error - JWT

I have added the gatsby guess-js plugin, and have configured the jwt option. I have the pem key in .env.development, wrapped with quotes (the build fails without), which works fine on local builds.

However, when I try to deploy to Netlify the build fails, with the pem set as an environment variable - both with and without quotes. It fails with the error: Error: error:0906D06C:PEM routines:PEM_read_bio:no start line.

Can anyone help with this?

1 Like

Hi @travisreynolds can you share the site you’re testing this on? Also if you log the environment variable, do you see what you are expecting?

Hello @futuregerald -Yes, I can log the variable at build time.

@travisreynolds @futuregerald Any update here? I’m having this same issue attempting to communicate with the Github API as a Github App from Netlify Functions. Is it possible to use a PEM as an environment variable through the Netlify UI? Here’s my use case:
I’m using Github’s @octokit/app node package to create a JWT as follows:
const APP_ID = process.env.GITHUB_APP_ID; const PRIVATE_KEY = process.env.GITHUB_PRIVATE_KEY;
const app = new App({ id: APP_ID, privateKey: PRIVATE_KEY }); const jwt = app.getSignedJsonWebToken();
When I log the env variable, I do see exactly what I entered in the Netlify UI. Is there special formatting necessary for a multi-line variable?

Hi @karlshaver, you shouldn’t need a special setting for a multi-line variable. Are you using \n?

@travisreynolds is ANALYTICS_SERVICE_ACCOUNT_KEY the environment variable name? Did you try adding newlines to it?

Yep, I have tried replacing newlines with \n

Yes, that is the env -And yes, like @karlshaver I originally added it with \n (as it was generated), and have this issue either way.


Can you try BASE64 encoding the PEM key and storing the encoded version in an en var, then decoding it in your JS and using it that way? This may help getting around possible encoding problems.


Ah, good idea - That works perfectly, thanks @futuregerald!:+1::+1:

1 Like

Hi @futuregerald I was having the same problem, apparently my key was too big to be stored in an env variable. Then I followed your advice and base64 encoded it
Now I’m receiving an “invalid grant” error from the auth server the key is supposed to authenticate to
The thing is, the same code works fine in local dev.

So, encoding the key works fine in local dev and the function authenticates, but in production it doesn’t
Any chance I should use a different encoding method?

I’ll post my encoding code here, in case it helps. The object I created has a ‘private_key’ property, see below

'private_key': Buffer.from(process.env.PRIVATE_KEY, 'base64').toString('ascii')

I’ll also add a console.log of the key, comparing production vs development. It looks the same. This is development

This is production

I would appreciate any help! Thanks in advance!

Looks identical to me from your screenshots. I can’t really explain what is happening on your other service. Perhaps you can ask them for help in seeing what is received, to see what is different?

I solved my problem, this debug tool was really important in the process, so I’d like to share it here