This page explains how to handle JSON-formatted GCP credentials in scripts, such as in Run steps or Background steps. The information on this page doesn't apply to
.json credentials supplied to Harness GCP connectors.
Harness secrets with new line characters or other shell-interpreted special characters can cause errors in scripts you run in Harness pipelines. For example, attempting to parse a standard JSON-formatted GCP secret can cause errors such as
Could not read json file secret.json: Invalid control character at: line #, column #.
To avoid these errors, you need to:
Create a base64-encoded secret file from your JSON-formatted GCP secret.
Save the base64-encoded file as a Harness file secret.
In your pipeline, in the step where you need to use the GCP secret, decode the file secret and write it to a
.jsonfile. For example, this command decodes a Harness file secret named
my_secretand writes it to
echo <+secrets.getValue("my_secret")> | base64 -d > /harness/secrets.json
If your secret contains line breaks, you can
catthe secret in a special-purpose code block, for example:
cat > /harness/secrets.json << 'EOF'
Decoded secrets in
cataren't masked in outputs, because Harness no longer recognizes the contents as a secret.
.jsonfile as needed for GCP authentication in your
gcloudcommands, such as:
gcloud auth activate-service-account YOUR_SERVICE_ACCOUNT --key-file=/harness/secrets.json