Pass private key as header in curl PUT returning error for illegal character

Question

I have a .pem file containing my private key that I need to pass as an authorization header.

I've tried just using the command $(cat $REPO_ROOT/pulsar/tls/broker/broker.key.pem) but I'm getting the response: <h1>Bad Message 400</h1><pre>reason: Illegal character LF=\n</pre>0

Can I not pass the contents of my .pem straight into the header?

CLUSTER=standalone
TENANT=sandbox
NAMESPACE=integration_test
AUTHORIZATION=$(cat $REPO_ROOT/pulsar/tls/broker/broker.key.pem)


# Create tenant
curl -L -X PUT "http://localhost:$HOST_PULSAR_PORT/admin/v2/tenants/$TENANT" \
    --header "Authorization: Bearer $AUTHORIZATION" \
    --header 'Content-Type: application/json' \
    --data-raw "{\"allowedClusters\": [\"$CLUSTER\"]}"

Answer 1

The private key needs to be carefully secured. You should never have to pass it in an HTTP header.

For Pulsar you should be using the private key to generate a JWT token to use in the HTTP header. You can use the following command:

bin/pulsar tokens create --private-key file:///path/to/my-private.key \
            --subject test-user

The subject of the token should match the authorization role on the Pulsar tenant or namespace. For more details, see https://pulsar.apache.org/docs/en/security-token-admin/

Answer 2

Private keys are never meant to be sent as a header in a web request. Perhaps the public key.

When you try to send this:

Authorization: Bearer $AUTHORIZATION

I suspect you should send a signed JWT token instead?

Also, you try to send a pem file, as application/json, that does not match either. A pem file is typically a multi-line data structure and that needs to be encoded to be able to be sent in a header.