Ok this nearly killed me:

OpenSSL::PKey::RSAError (Neither PUB key nor PRIV key: nested asn1 error)

I was trying to use Google Cloud Storage as my cloud storage provide when utilizing ActiveStorage. But everything seemed kosher apart from that one tiny issue. What was the matter? It was a blasted YAML parser error. This is what you need to do as an overview to get Google Cloud Service hooked up to active storage. It’s like trying to get from Melbourne to Sydney via LAX but it will do nicely for me.

• Get the Figaro gem, or equivalent. Put all your secrets in the application.yml file. There are other solutions out there, DotEnv, or as in Rails 5.2 a new master key facility, but that’s besides the point. They all do basically similar things.

• First Go to the Google Cloud Platform home page, and sign up: https://console.cloud.google.com

• Create a project in GCS (Google Cloud Services):

• After you do that, create a bucket.

• Then after creating a bucket, create a service account API. You will get some credentials to this account. Download the credentials. It will come as a JSON file. Something like gcs.json.

• Then you’ll have to return to the bucket and add users with the appropriate read/write permissions to that bucket. Add the newly created service account (user) as a permitted user on that bucket.

• Now you have your JSON file. Extract the elements and place them in your application.yml file. DO NOT add the json file to your git repository. I’ve added a line in my .gitignore file to specifically exclude this. You will want to avoid putting it on Github because, like any organisation, security is not 100%, and depending on the app that you are building, it might prove extremely costly to your name and reputation - not to mention the deletorious effects on your users from a security breach by malicious users.

My application.yml is below. Take note of:

• the double quotes and

• the \n within the double quotes.

• the begin private key and end private key words.

• the \n at the end of it all.

type: "service_account"
project_id: "Hahahaha"
private_key_id: "Hahahaha"
private_key: "-----BEGIN PRIVATE KEY-----\n-hahahahha--\n-hahaha-\n-----END PRIVATE KEY-----\n"
client_email: "hahah@hahaha.iam.gserviceaccount.com"
client_id: "1111111"
auth_uri: "https://accounts.google.com/o/oauth2/auth"
token_uri: "https://oauth2.googleapis.com/token"
auth_provider_x509_cert_url: "https://www.googleapis.com/oauth2/v1/certs"
client_x509_cert_url: "hahaha_URL"

Here is my storage.yml YAML file.

Take note of the .lines.join("\\n") at the end of the private key.

google:
  service: GCS
  credentials:
    type: "service_account"
    project_id: "<%= ENV["project_id"] %>"
    private_key_id: "<%= ENV["private_key_id"] %>"
    private_key: "<%= ENV["private_key"].lines.join("\\n") %>"
    client_email: "<%= ENV["client_email"] %>"
    client_id: "<%= ENV["client_id"] %>"
    auth_uri: "<%= ENV["auth_uri"] %>"
    token_uri: "<%= ENV["token_uri"] %>"
    auth_provider_x509_cert_url: "<%= ENV["auth_provider_x509_cert_url"] %>"
    client_x509_cert_url: "<%= ENV["client_x509_cert_url"] %>"
  project: "ANOTHER_NAME"
  bucket: "ANOTHER_NAME"

Push those environment variables to heroku and you should be off to the races!