I am trying to store pfx certificates on GCP secret manager. My node app works fine when reading the certificate files from local filesystem via fs.readFileSync however when i fetch the certificate via gcp secret manager client library, i am getting a mac verification errorduring the node http request (passphrase is also correct and stored on gcp secret manager, checked it with openssl).
my request is node/https with following options,
const options = {
host: url.host,
path: url.path,
method: "POST",
headers: { "Content-Type": "application/json" },
pfx: IdCert,
ca: CaCert,
passphrase: CertPass,
rejectUnauthorized: true,
};
And the way i am accessing the the certificate is via getSecretData below:
const {SecretManagerServiceClient} = require('@google-cloud/secret-manager');
const asyncConfig = require('config/async').asyncConfig;
const client = new SecretManagerServiceClient();
const getSecretData = ( projectId, name )=>{
const close = async ()=>{
const [version] = await client.accessSecretVersion({
name: `projects/${projectId}/secrets/${name}/versions/latest`,
});
return version.payload.data;
}
return close;
}
PS: using node-config to store certificates inside the instance and access them via
const config = require("config"); // node-config package
const IdCert = config.get('IdCert')
The secrets are stored in base64 format. You need to decode your data before using them.