How to use an entire json file in the ‘secrets’ app settings when deploying on the community cloud?

mudassar18104009 · March 27, 2024, 7:50pm

Hi everyone,

I couldn’t find clear documentation on handling JSON service account files for secrets management in Streamlit Community Cloud deployments. Since this is a common need, I want to share the working solution I found using TOML:

Problem: Streamlit Cloud’s secrets management relies on TOML format, but service accounts often provide credentials as JSON.

Solution:

Manual Conversion:

Choose a section name in your secrets.toml file for example
[GOOGLE_CREDENTIALS]
Remove curly braces {} from your JSON.
Convert commas to newlines.( Remove Commas after each key value pair)
Replace JSON double quotes for keys with simple key names.
Use = instead of colons :.

Example secrets.toml:

[GOOGLE_CREDENTIALS]
type = "service_account"
project_id = "gen-lang-client-1234567"
private_key_id = "123467876656"
# ... other keys

Accessing in Code:

import streamlit as st

google_credentials = st.secrets["GOOGLE_CREDENTIALS"] 
# Now use 'google_credentials' for authentication

Notes:

Deployment: Place secrets.toml in your project’s root directory or use Streamlit Cloud’s UI for secrets.
Security: Never commit secrets.toml to public repositories.

Esteban · June 30, 2024, 8:01am

hi there i have tried a couple of diffrent ways but i cant get secrets.toml to work

[GOOGLE_CREDENTIALS]
type = "service_account"
project_id = "gen-lang-client-1234567"
private_key_id = "123467876656"
# ... other keys

and all i am getting : Authentication error: (‘invalid_grant: Invalid JWT Signature.’, {‘error’: ‘invalid_grant’, ‘error_description’: ‘Invalid JWT Signature.’})

this is my implementation

import json
import streamlit as st
import firebase_admin

from firebase_admin import credentials, auth
from pprint import pprint 

# Function to initialize Firebase app
def initialize_firebase():
    credentials = st.secrets["GOOGLE_CREDENTIALS"]
    cred = credentials.Certificate(credentials)
    firebase_admin.initialize_app(cred)

could you share some light here

system · December 27, 2024, 8:01am

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to use an entire json file in the 'secrets' app settings when deploying on the community cloud? Community Cloud authentication , streamlit-cloud , firebase	3	2894	August 18, 2023
Google Drive API: How to read the secrets.toml file as a json file? Using Streamlit	4	1715	June 26, 2023
How can oauth2client.service_account import ServiceAccountCredentials be used with secrets.toml and secret app settings? Using Streamlit streamlit-cloud , secrets	4	731	October 5, 2023
Google Drive API : use client_secret_file.json within secrets file Deployment streamlit-cloud , secrets	5	1095	May 29, 2024
Streamlit cloud can't find creds.json Community Cloud streamlit-cloud	3	505	June 15, 2023

How to use an entire json file in the ‘secrets’ app settings when deploying on the community cloud?

Related topics