Environment Variables
In order to ensure that your cryptographic keys and passwords stay secure, you need to pass them into your site through environment variables.
Here are the variables that are used by jekyll-EWP:
-
EWP_PRIVKEY - your private key
-
EWP_PUBCERT - your public certificate that you uploaded to paypal
-
EWP_PAYPAL_PUBCERT - paypal's public certificate that you downloaded
-
EWP_PRIVKEY_PASS - your private key's password
If you are just testing your site locally, you may find it useful to create a script like this with the values filled in:
#!/bin/bash
export EWP_PRIVKEY_PASS="PASSWORD HERE"
export EWP_PAYPAL_PUBCERT="-----BEGIN CERTIFICATE-----\nMIIDoTCCAw...GiP0PpK48cdF\n-----END CERTIFICATE-----\n"
export EWP_PUBCERT="-----BEGIN CERTIFICATE-----\nMIICrjCCAhegAw...NdQDV1qRk0MSRkR\n-----END CERTIFICATE-----\n"
export EWP_PRIVKEY="-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBA...TsIpfTMw==\n-----END RSA PRIVATE KEY-----\n"
# whatever command you need to run your jekyll site
bundle exec jekyll serve
DO NOT EVER commit this script to your repository or upload it to your site in any way that would allow it to be downloaded or seen by anyone but you. ANYONE WITH ACCESS TO THIS SCRIPT WILL BE ABLE TO MODIFY YOUR BUTTON CODE
If you are deploying to a web host that provides options for environment variables, such as Netlify, then you will need to configure the environment variables as shown below (not all environment variables are shown):
Every private key and certificate needs three newlines in it:
- after
-----BEGIN ----- - after the key itself
- after
-----END -----
Because a lot of web hosts will only give you a single-line box for environment variables, you will need to edit your certificate file to make everything fit on one line and add \n's in the three places indicated. If not done correctly, this step can cause the plugin to prevent your site from building and throw a nested asn1 error. See here for more information.