fix(settings): read PEM files but b64 env vars

- Extract base64 data from PEM files and secret files
- Environment variables are not PEM encoded and only the base64 data
- Affects OpenVPN certificate, key and encrypted key

internal/configuration/sources/env/helpers.go

@@ -1,7 +1,6 @@
 package env
 
 import (
-	"encoding/base64"
 	"fmt"
 	"os"
 	"strconv"
@@ -133,15 +132,6 @@ func lowerAndSplit(csv string) (values []string) {
 	return strings.Split(csv, ",")
 }
 
-func decodeBase64(b64String string) (decoded string, err error) {
-	b, err := base64.StdEncoding.DecodeString(b64String)
-	if err != nil {
-		return "", fmt.Errorf("cannot decode base64 string %q: %w",
-			b64String, err)
-	}
-	return string(b), nil
-}
-
 func unsetEnvKeys(envKeys []string, err error) (newErr error) {
 	newErr = err
 	for _, envKey := range envKeys {

internal/configuration/sources/env/openvpn.go

@@ -30,15 +30,8 @@ func (r *Reader) readOpenVPN() (
 		openVPN.Auth = &auth
 	}
 
-	openVPN.ClientCrt, err = readBase64OrNil("OPENVPN_CLIENTCRT")
-	if err != nil {
-		return openVPN, fmt.Errorf("environment variable OPENVPN_CLIENTCRT: %w", err)
-	}
-
-	openVPN.ClientKey, err = readBase64OrNil("OPENVPN_CLIENTKEY")
-	if err != nil {
-		return openVPN, fmt.Errorf("environment variable OPENVPN_CLIENTKEY: %w", err)
-	}
+	openVPN.ClientCrt = envToStringPtr("OPENVPN_CLIENTCRT")
+	openVPN.ClientKey = envToStringPtr("OPENVPN_CLIENTKEY")
 
 	openVPN.PIAEncPreset = r.readPIAEncryptionPreset()
 
@@ -83,20 +76,6 @@ func (r *Reader) readOpenVPNPassword() (password string) {
 	return password
 }
 
-func readBase64OrNil(envKey string) (valueOrNil *string, err error) {
-	value := getCleanedEnv(envKey)
-	if value == "" {
-		return nil, nil //nolint:nilnil
-	}
-
-	decoded, err := decodeBase64(value)
-	if err != nil {
-		return nil, err
-	}
-
-	return &decoded, nil
-}
-
 func (r *Reader) readPIAEncryptionPreset() (presetPtr *string) {
 	_, preset := r.getEnvWithRetro(
 		"PRIVATE_INTERNET_ACCESS_OPENVPN_ENCRYPTION_PRESET",