I am using terraform through Gitlab CI/CD to create resources on Google Cloud. To achieve this I have tried two different approaches. (i) Base64 Encoded service account key file locally on my laptop with passphrase and upload that file to repo and then added decoding steps in my .gitlab-ci.yml file in terraform stage. Also, added a path to this decoded file into providers.tf – This approach works without any issues (ii) Base64 Encoded service account key file and added encoded contents as a value to a gitlab CI/CD variable and tried to decode that variable in .gitlab-ci.yml file which runs into error “Error: the string provided in credentials is neither valid json nor a valid file path”

[enter image description here](https://i.sstatic.net/82ztGGwT.png)

Steps to troubleshoot:

(i)Checked typos – not found
(ii)Try to echo <gitlab ci/cd variable> value, to see if gitlab ci/cd variable is interpreting encoded value correctly or not – encode value is as it should be
(iii)Try to print decoded contents in ci/cd and also decoded key file locally and both ways decoded contents are exactly same
(iv)There are no extra characters or new lines found in decoded file which may alter the actual key
(v)Decoded file has 644 permission. Also tried giving it 755 – didn’t resolve the issue.
(vi)Checked json format of a decoded file through jq and it shows valid.
(vii)Checked in ci/cd job log that the decoded file presents at the location which is provided to providers.tf
(viii)To avoid encoding/decoding, tried adding raw service account key contents directly as a gitlab ci/cd variable – got the same error
(ix)Tried using GOOGLE_APPLICATION_CREDENTIALS: $GOOGLE_APPLICATION_CREDENTIALS but got the same erorr
(x)Tried with different service accounts but got the same error

P.S: I’m using gitlab shared runners.