Providing certificates as in-memory strings instead of paths #51
Comments
|
Hm, It might work if you prior to initializing the BankIDClient save the content of the env vars to temporary files. This should work despite the ephemeral situation on Heroku, because every time the instance is removed it should have to go through the web app initialization and thus saving new temporary files each time. |
|
Sorry, I missed the last sentence in the first section... I believe that doing this in Heroku is secure enough. It is not an accessible server per se and in no fashion more insecure than having the certificates in pem-files on disk as pybankid requires as default. In some sense it is even better. |
This is for sure the best way to implement this. I was struggling trying to use the certificates. Temporary files generated from the config environment variables set in heroku was the way to go. |
|
httpx also does not support this and there seems to be no easy way of doing this directly for the time being: encode/httpx#2114 (We are using |
Description
I am using pybankid for a project on an Heroku-app which is built on an ephemeral file storage and I haven't been able to figure out how to upload the certificates to Heroku. I was thinking of using config variables to upload the certificates but that would mean using strings rather than file-paths for the certificates. After looking into it some people were suggesting monkey-patching the requests Session()-class but I can't get this to work. I have also looked into TempFiles but this is supposedly not a secure solution, according to this post.
I think the easiest way forward might be to mount an AWS S3-bucket and provide the path for the certificates this way as a workaround, but I also saw some examples of people using Heroku with the pybankid-flask app so it should be possible, I just don't know how. Any ideas on how I can do this?
The text was updated successfully, but these errors were encountered: