1

An app I am building integrates with a 3rd party api. For access to this api it authenticates via oauth using the RSA-SHA1 signature method which requires a certificate file.

The app is continuously deployed on heroku (php) using codeship.

I don't want to check the certificate into source control for a variety of reasons but need a way to copy the certificate to the production dyno every time the app is deployed. This is because Heroku dynos are stateless so revert themselves when the app is deployed (as I understand it).

What is the best way to copy this certificate to my dyno? I thought of using a command like this but it fails to work:

heroku run "echo \"${CERTDATA}\" > ./storage/certs/my_cert.pem"

I could store the actual certificate data in an environment variable on Codeship so it would be always available.

Alternatively I could create the cert file in Codeship and then force add it to the git deployment to Heroku. Can anyone give any guidance here?

harryg
  • 23,311
  • 45
  • 125
  • 198

1 Answers1

0

Why not just store the actual certificate data in an env var on Heroku?

Yoni Rabinovitch
  • 5,171
  • 1
  • 23
  • 34
  • Assuming I have the certificate as a `private_key.pem` file, how would I store it as an environment variable such that [`openssl_pkey_get_private()`](http://php.net/manual/en/function.openssl-pkey-get-private.php) can read it? – harryg Nov 14 '16 at 19:47
  • 1
    The solution I used was to base64 encode the cert file contents (so it can be saved as an env variable) and base64 decode it for use with the oauth library. – harryg Nov 15 '16 at 16:31