2 months ago
Hi. I'm moving a Django Python app that's working perfectly on Heroku to Railway. I'm doing this gradually. I have ported over all environment variables as is. I'm using the PyJWT library (version 2.3.0 but it shouldn't matter).
My builds are failing once I call:
jwt.encode(payload, secret, algorithm=alg, headers=headers)With:
ValueError: ('Could not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).', [_OpenSSLErrorWithText(code=218570875, lib=13, reason=123, reason_text=b'error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long'), OpenSSLErrorWithText(code=218529894, lib=13, reason=102, reasontext=b'error:0D068066:asn1 encoding routines:asn1_check_tlen:bad object header'), OpenSSLErrorWithText(code=218595386, lib=13, reason=58, reasontext=b'error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error'), OpenSSLErrorWithText(code=151498765, lib=9, reason=13, reasontext=b'error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib')])Since it may be relevant, I'm also using pyOpenSSL==22.0.0.
Again, this is working perfectly both locally and on Heroku.
11 Replies
2 months ago
This thread has been marked as public for community involvement, as it does not contain any sensitive or personal information. Any further activity in this thread will be visible to everyone.
Status changed to Open brody • 2 months ago
2 months ago
@brody - are ENV vars available at build time in Railway? I'm pretty sure they are but I'm very perplexed right now
Never mind. They must be available...
2 months ago
At this point it’s either an SSL version compatibility issue, which isn’t explained by this being a Dockerfile built app.
Or, Railway parses environment variables differently, in a way that transforms values and/or treats spaces/new lines differently.
2 months ago
OK this is really weird. I added logs to print the key (partially). The ENV VAR SECRET_SNIPPET is 100% there, but it's not getting passed down in Railway when the Dockerfile does:
```
RUN if [ "${DEBUG}" = "false" ]; then \
SECRET_KEY=dummyvalue python3 manage.py collectstatic --no-input; \
else mkdir -p /app/public_collected; fi
```
(SECRET_KEY does NOT matter here)
shxkm
OK this is really weird. I added logs to print the key (partially). The ENV VAR SECRET_SNIPPET is 100% there, but it's not getting passed down in Railway when the Dockerfile does:```RUN if [ "${DEBUG}" = "false" ]; then \ SECRET_KEY=dummyvalue python3 manage.py collectstatic --no-input; \ else mkdir -p /app/public_collected; fi```(SECRET_KEY does NOT matter here)
2 months ago
Railway doesn't inject variables during build time by default. You need to specify them as ARG
More on this here: https://docs.railway.com/guides/dockerfiles#using-variables-at-build-time
2 months ago
That's weird. It's considered unsafe to pass secrets as ARG.
shxkm
That's weird. It's considered unsafe to pass secrets as ARG.
2 months ago
No you misunderstand. You do not need to put the value of variable in Dockerfile just specify what variable railway should inject
Like ARG SECRET_KEY
Now railway will find variable SECRET_KEY in your service and inject them during build time. So let's say you need 5 different varaibles you need to specify all 5 of them
Again not values, just their names.
2 months ago
Isn't that still unsafe?
2 months ago
Explain how's that unsafe, instead of injecting all of your variables you get to choose which variables build server gets.
2 months ago
You will have to take it up with railway team, but that's how they recommend it.
2 months ago
I know about them and they are certainly better but none of the mount feature of docker is supported.
AFAIK this is the only way
Status changed to Solved brody • 2 months ago