-----END RSA PRIVATE KEY not found error when running faas in Azure

Question

I’ve created a function as a service to be deployed in Azure using the “DocuSign APS.NET Core Web Application” project template and it works fine when testing it through my local machine.

However, I’m having issues when I test it in Azure itself due to private key error. I use exactly the same string as the one in the local host testing as well as changing it to have different escape characters for line breaks. The following is the error message that I keep getting:

-----END RSA PRIVATE KEY not found

The string that works local host but does not work in azure has the following string:

-----BEGIN RSA PRIVATE KEY-----\r\n********\r\n-----END RSA PRIVATE KEY-----

I've also tried the following strings for azure but do not work:

-----BEGIN RSA PRIVATE KEY-----
********
-----END RSA PRIVATE KEY-----

-----BEGIN RSA PRIVATE KEY-----
********
-----END RSA PRIVATE KEY-----

I've also entered the one with line break into application settings config:

-----BEGIN RSA PRIVATE KEY-----
*********
-----END RSA PRIVATE KEY-----

My code uses the JWTAuth.cs that's provided from the template and is as follows:

public static class JWTAuth
{
    /// <summary>
    /// Uses Json Web Token (JWT) Authentication Method to obtain the necessary information needed to make API calls.
    /// </summary>
    /// <returns>A tuple containing the accessToken, accountId and baseUri</returns>
    public static (string, string, string) AuthenticateWithJWT()
    {
        var apiClient = new ApiClient();
        // Get environment variables
        string ik = System.Environment.GetEnvironmentVariable("IntegrationKey", EnvironmentVariableTarget.Process);
        string userId = System.Environment.GetEnvironmentVariable("userId", EnvironmentVariableTarget.Process);  
        string authServer = System.Environment.GetEnvironmentVariable("AuthServer", EnvironmentVariableTarget.Process); 
        string rsaKey = System.Environment.GetEnvironmentVariable("RSAKey", EnvironmentVariableTarget.Process); 

        OAuth.OAuthToken authToken = apiClient.RequestJWTUserToken(ik,
                        userId,
                        authServer,
                        Encoding.UTF8.GetBytes(rsaKey),
                        1);

        //string path = "Resources/PrivateKey.pem";
        //StreamReader pk = File.OpenText(path);

        string accessToken = authToken.access_token;
        apiClient.SetOAuthBasePath(authServer);
        OAuth.UserInfo userInfo = apiClient.GetUserInfo(authToken.access_token);
        Account acct = null;

        var accounts = userInfo.Accounts;
        {
            acct = accounts.FirstOrDefault(a => a.IsDefault == "true");
        }
        string accountId = acct.AccountId;
        string baseUri = acct.BaseUri + "/restapi";
        return (accessToken, accountId, baseUri);
    }
}

If I can resolve this issue I want to store the app settings in Azure's key vault as my next step.

Any help would be greatly appreciated. Thank you in advance.

Answer 1

If we want to store the ssh key in KeyVault in ASCII Encoded format then we can use the below command.

az keyvault secret set –-vault-name <KEY_VAULT_NAME> -–name <NAME_OF_THE_KEY> –-file <PATH_OF_THE_SSH_KEY_FILE> -–encoding ascii

Answer 2

I'm probably pretty late to answering this, but we just ran into this and found the solution was to use:

Regex.Unescape(/*Your RSA PRIVATE KEY*/);

My assumption is if your line endings use \r\n, then this line of code should fix it.

Answer 3

The issue is that the PEM format requires hard new lines. But you're providing the private key via an environment value.

Debug by printing / examining the rsaKey variable.

You'll need to further investigate how you can provide an environment value that includes hard newlines via the Azure feature that is setting the environment value.

It would probably be better (and more secure) to use the Azure Key Vault service for the private key instead of an environment variable.