Skip to content

convex env set fails to handle multi-line environment variable values #128

Open
@smaccoun

Description

@smaccoun

The convex env set command fails when trying to set environment variables that contain multi-line values, such as PEM-formatted private keys. This is particularly problematic for JWT authentication setups where JWT_PRIVATE_KEY needs to be a multi-line PEM-formatted RSA private key.

Steps to Reproduce

  1. Generate a standard PEM-formatted private key:
openssl genrsa -out private.key 2048
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in private.key -out private.pem
  1. Try to set it as an environment variable:
convex env set JWT_PRIVATE_KEY "$(cat private.pem)" --admin-key <admin-key> --url <convex-url>

Expected Behavior

The multi-line PEM key should be stored correctly as an environment variable.

Actual Behavior

The command fails with various errors depending on the attempt:

  • Direct attempt: Command hangs or fails
  • With escaped newlines (\n): May appear to succeed but the value is stored incorrectly
  • Via stdin redirect: Also fails

Environment

  • Convex CLI version: [latest]
  • OS: Linux/macOS
  • Context: Self-hosted Convex backend

Impact

This blocks automated setup of JWT authentication in CI/CD pipelines for self-hosted Convex deployments (which i use for spinning up test envs). Manual intervention through the dashboard is required, which breaks automation workflows.

Workarounds Attempted

  1. Replacing newlines with \n - stores literal \n instead of actual newlines
  2. Single line with spaces - breaks PEM format
  3. Base64 encoding - requires application code changes to decode
  4. Using stdin - still fails
  5. Using heredoc - still fails

Suggested Fix

The CLI should properly handle multi-line values, perhaps by:

  • Supporting a --from-file flag: convex env set JWT_PRIVATE_KEY --from-file private.pem
  • Properly parsing multi-line strings from command arguments
  • Supporting stdin input: cat private.pem | convex env set JWT_PRIVATE_KEY --from-stdin

Related

This issue is mentioned in the Convex auth setup documentation: https://labs.convex.dev/auth/setup/manual

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions