How do I store the private key of my server in goo

I'm using "github.com/dgrijalva/jwt-go" to create JSON web tokens.
When I hosted my server locally, I could use my private key as usual. But in GAE it won't work because I don't have access to the file system.

How would you guys do it? Store the key in datastore or any other ideas?

Thanks

Edit:

My app.yaml looks like this (below api_version and stuff):

handlers:
- url: /.*
  script: _go_app

回答1:

On AppEngine you don't have access to the file system of the host operating system, but you can access files of your web application (you have read-only permission, you can't change them and you can't create new files in the app's folder).

So the question is: do you want to change this private key from your application without redeploying your app? Or it is perfectly fine if it is deployed "statically" with your app's code?

If you don't need to change it (or only when you redeploy your app), easiest is to store it as a "static" file as part of your webapp. You may refer to files of your app using relative paths, where the current or working directory is your app's root. E.g. if your app contains a key folder in its root (where app.yaml resides), and there is a my_key.txt file inside the key folder, you can refer to it with the path: key/my_key.txt.

Actually it is quite common to "ship" static files with your app's code: just think of HTML templates which are read and processed by the Go code (e.g. package html/template) to produce HTML result; the content of the HTML template files are not served directly to clients.

If you need to change it from time to time without having to redeploy your app, then store it in the Datastore which your app can read and modify.

Note:

One important note: not every file is readable by code, this depends on the app configuration. Quoting from Configuring with app.yaml / Static file handlers:

Static files are files to be served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. Static file handlers describe which files in the application directory are static files, and which URLs serve them.

For efficiency, App Engine stores and serves static files separately from application files. Static files are not available in the application's file system. If you have data files that need to be read by the application code, the data files must be application files, and must not be matched by a static file pattern.

Static file handlers can be defined in two ways: as a directory structure of static files that maps to a URL path, or as a pattern that maps URLs to specific files.

Read the link how to properly configure application and static files / directories.

回答2:

The solution was to leave app.yaml as it were. Put app.yaml at root lvl in project. Then change all imports from starting at GOPATH to start at project root instead. The problem that made me choose to put app.yaml and main go file in a different folder under project root was because of double imports. Read this for a better understanding: Google Go AppEngine imports and conflicts when serving / testing

The solution made my project find the files I wanted.