cherry.computer / website
My personal site cherry.computer
htmx tailwind axum askama
fork atom

fix: load Apple Music PEM key from file system instead of env var

Fly seems to struggle with storing secrets with newlines, so let's
base64 encode the PEM secret and configure Fly to mount that as a file
(decoded.)

cherry.computer beb83603 ad595938

verified
+9 -5
unified split
+1
.gitignore
··· 1 1 node_modules 2 2 .env 3 + keys/ 3 4 /frontend/fonts 4 5 /frontend/build 5 6 /frontend/src/css/tailwind-out.css
+4
fly.toml
··· 9 9 [env] 10 10 RUST_LOG = "debug" 11 11 12 + [[files]] 13 + guest_path = "/root/keys/AuthKey.p8" 14 + secret_name = "APPLE_DEVELOPER_TOKEN_AUTH_KEY" 15 + 12 16 [experimental] 13 17 allowed_public_ports = [] 14 18 auto_rollback = true
+4 -5
server/src/scrapers/apple_music.rs
··· 1 - use std::{env, time::Duration}; 1 + use std::{env, fs, time::Duration}; 2 2 3 3 use anyhow::Context; 4 4 use cached::proc_macro::once; ··· 65 65 env::var("APPLE_DEVELOPER_TOKEN_KEY_ID").context("missing apple developer key ID")?; 66 66 let team_id = 67 67 env::var("APPLE_DEVELOPER_TOKEN_TEAM_ID").context("missing apple developer team ID")?; 68 - let auth_key = env::var("APPLE_DEVELOPER_TOKEN_AUTH_KEY") 69 - .context("missing apple developer auth key")?; 70 - let key = EncodingKey::from_ec_pem(auth_key.as_bytes()) 71 - .context("failed to parse appple developer auth key")?; 68 + let auth_key = fs::read("keys/AuthKey.p8").context("missing apple developer auth key")?; 69 + let key = EncodingKey::from_ec_pem(&auth_key) 70 + .context("failed to parse apple developer auth key")?; 72 71 let user_token = env::var("APPLE_USER_TOKEN").context("missing apple user token")?; 73 72 74 73 Ok(Self {