我对 Ubuntu 很陌生,正在开发一个基于 firebase firestore 数据库的项目。尝试在 ubuntu server 22.04 上运行服务。我可以使用私钥文件连接 firestore 数据库(在 Windows 中,我也可以使用环境变量来执行此操作),并且我想将此文件保密。为了实现这一点,我创建了一个带有机密的文件,并在我的服务配置文件中引用它,如下所示。
[Unit]
Description=myservice
[Service]
Type=simple
Restart=always
RestartSec=5sec
EnvironmetnFile=/etc/mysecrets/mysecret
[Install]
WantedBy=multi-user.target
它适用于诸如
MYSECRET=111111
但不能处理如下文件
MYSECRET= {
"type": "service_account",
"project_id": "my-project-id",
"private_key_id": "1234567890abcdef",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDzq3MW0BWT4skj\n6pSG0ZXl...U6XyUrhRz\n-----END PRIVATE KEY-----\n",
"client_email": "[email protected]",
"client_id": "1234567890abcdef",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/my-project-id%40my-project-id.iam.gserviceaccount.com"
}
private_key 将有 1700 多个字符长\n。
如何在 Ubuntu 服务器中创建包含如此大量信息的安全机密文件?有什么想法吗?
PS:这不是真实或有效的私钥文件
答案1
喜欢穆鲁上面评论说,单一配额解决了我的问题。我刚刚像这样输入了 secret,现在运行得很好。
这回答解决了我的问题。
MYSECRET= '{
"type": "service_account",
"project_id": "my-project-id",
"private_key_id": "1234567890abcdef",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDzq3MW0BWT4skj\n6pSG0ZXl...U6XyUrhRz\n-----END PRIVATE KEY-----\n",
"client_email": "[email protected]",
"client_id": "1234567890abcdef",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/my-project-id%40my-project-id.iam.gserviceaccount.com"
}'