Unclear error: secretOrPrivateKey must be an asymmetric key when using RS256

[SoylentGraham]

I have tried to use this action with a newly created internal github-app and get this error.

I guess it means my secret is wrong? Could I have formatted it incorrectly? Is it likely to be similar to this stackoverflow question? (PEM format, extra whitespace etc) https://stackoverflow.com/questions/75635389/secretorprivatekey-must-be-an-asymmetric-key-when-using-rs256

• I've tried using the app's Client Secret key that I generated (42 char hex string)
• I've tried an app private key: SHA256:<base64 string XYZ0123/=>
• Tried private key without SHA256: prefix

at module2.exports [as sign] (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:10369:26) Error: secretOrPrivateKey must be an asymmetric key when using RS256 at getToken (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:10500:27) at githubAppJwt (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:10516:27) at getAppAuthentication (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:11822:90) at hook (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:12115:41) at newApi (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:30550:36) at getTokenFromOwner (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:29956:26) at /home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:29937:71 at RetryOperation._fn (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:29856:30) at Timeout. (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:12311:14)

[SoylentGraham]

ooof, I created a new private key, and down came a .pem!

Copied the contents of that directly into the secret, and it's worked!

(someone else generated my initial private key + secret, and I guess copied the wrong thing - doing it myself was a bit more obvious what the content should be :)

[SoylentGraham]

Perhaps still, the docs could be clearer that the key is the contents of the .PEM and not the key displayed in the app.

The error could also be better for users

[jozefizso]

It must be documented the SECRET_PEM value MUST be the content of the .pem file and not the base64 of the .pem as it documented elsewhere in the GitHub docs.

[gr2m]

as it documented elsewhere in the GitHub docs

if you could please point us to where it's documented, we will make sure it gets fixed