Make googlePlayBilling.credentialsJson not a secret

service/config/sample-secrets-bundle.yml

@@ -4,9 +4,6 @@ stripe.idempotencyKeyGenerator: abcdefg12345678= # base64 for creating request i
 braintree.publicKey: unset
 braintree.privateKey: unset
 
-googlePlayBilling.credentialsJson: |
-  { "json": true }
-
 appleAppStore.encodedKey: unset
 
 directoryV2.client.userAuthenticationTokenSharedSecret: abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG= # base64-encoded secret shared with CDS to generate auth tokens for Signal users

service/config/sample.yml

@@ -48,7 +48,10 @@ braintree:
       }
 
 googlePlayBilling:
-  credentialsJson: secret://googlePlayBilling.credentialsJson
+  credentialsJson: |
+    {
+      "credential": "configuration"
+    }
   packageName: package.name
   applicationName: test
   productIdToLevel: {}

service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java

@@ -768,7 +768,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
         config.getBraintree().graphqlUrl(), currencyManager, config.getBraintree().pubSubPublisher().build(),
         config.getBraintree().circuitBreakerConfigurationName(), subscriptionProcessorExecutor);
     GooglePlayBillingManager googlePlayBillingManager = new GooglePlayBillingManager(
-        new ByteArrayInputStream(config.getGooglePlayBilling().credentialsJson().value().getBytes(StandardCharsets.UTF_8)),
+        new ByteArrayInputStream(config.getGooglePlayBilling().credentialsJson().getBytes(StandardCharsets.UTF_8)),
         config.getGooglePlayBilling().packageName(),
         config.getGooglePlayBilling().applicationName(),
         config.getGooglePlayBilling().productIdToLevel());

service/src/main/java/org/whispersystems/textsecuregcm/configuration/GooglePlayBillingConfiguration.java

@@ -18,7 +18,7 @@ import org.whispersystems.textsecuregcm.configuration.secrets.SecretString;
  *                         signal subscription level
  */
 public record GooglePlayBillingConfiguration(
-    @NotNull SecretString credentialsJson,
+    @NotBlank String credentialsJson,
     @NotNull String packageName,
     @NotBlank String applicationName,
     @NotNull Map<String, Long> productIdToLevel) {}

service/src/main/java/org/whispersystems/textsecuregcm/workers/CommandDependencies.java

@@ -326,7 +326,7 @@ public record CommandDependencies(
     final ServerSecretParams zkSecretParams = new ServerSecretParams(configuration.getZkConfig().serverSecret().value());
     final ServerZkReceiptOperations zkReceiptOperations = new ServerZkReceiptOperations(zkSecretParams);
     GooglePlayBillingManager googlePlayBillingManager = new GooglePlayBillingManager(
-        new ByteArrayInputStream(configuration.getGooglePlayBilling().credentialsJson().value().getBytes(StandardCharsets.UTF_8)),
+        new ByteArrayInputStream(configuration.getGooglePlayBilling().credentialsJson().getBytes(StandardCharsets.UTF_8)),
         configuration.getGooglePlayBilling().packageName(),
         configuration.getGooglePlayBilling().applicationName(),
         configuration.getGooglePlayBilling().productIdToLevel());

service/src/test/resources/config/test.yml

@@ -46,7 +46,16 @@ braintree:
     type: stub
 
 googlePlayBilling:
-  credentialsJson: secret://googlePlayBilling.credentialsJson
+  credentialsJson: |
+    {
+      "type": "external_account",
+      "credential_source": {
+        "file": "/tmp/my-token"
+      },
+      "subject_token_type": "urn:ietf:params:oauth:token-type:jwt",
+      "audience": "//iam.googleapis.com/abc",
+      "token_url": "https://sts.googleapis.com/v1/token"
+    }
   packageName: package.name
   applicationName: test
   productIdToLevel: {}