🔑 feat: Base64 Google Service Keys and Reliable Private Key Formats

[danny-avila]

Summary

I improved the loadServiceKey utility to support base64-encoded keys, robust private key formatting, and expanded corresponding unit tests.

• Add detection and parsing for base64-encoded service keys, enabling secret management compatibility
• Ensure private_key fields are converted from escaped newlines (\n, \n) to actual newlines for PEM compliance
• Implement fallback formatting for private keys without newlines, restoring valid PEM structure
• Expand key.test.ts with new scenarios: escaped/double-escaped newlines, base64 inputs, proper/poor formatting, and invalid cases for greater test coverage
• Maintain backward compatibility for all existing uses of loadServiceKey

Change Type

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)

Testing

I added unit tests covering all new branches, including various newline encodings, malformed and well-formed base64 payloads, valid/invalid formatting, and legacy-support edge cases. Run pnpm run test in the api package to confirm comprehensive coverage. You can also set a base64-encoded credential in the environment to verify live usage.

Test Configuration:

• Node.js v20 LTS
• pnpm 8.x
• Run in packages/api: pnpm run test

Checklist

• My code adheres to this project's style guidelines
• I have performed a self-review of my own code
• I have commented in any complex areas of my code
• I have made pertinent documentation changes
• My changes do not introduce new warnings
• I have written tests demonstrating that my changes are effective or that my feature works
• Local unit tests pass with my changes