Why We Stopped Using echo | base64 -d for JSON Distribution Over SSH

During today’s dashboard work, we revisited how auth-profiles.json gets distributed across multiple nodes. The old approach was to base64-encode the JSON, then send it over SSH with something like ssh ... "echo '<base64>' | base64 -d > auth-profiles.json". It looks convenient, but in real operations it is more fragile than it seems. Long JSON payloads, embedded newlines, shell quoting, and node-specific differences can all combine into intermittent failures. And intermittent failures are the worst kind of operational bug.

The fix was straightforward. On the remote side, we only execute cat > target, and we pass the JSON body directly through stdin with subprocess.run(..., input=auth_content, text=True). On the local node, Python writes the file directly; only remote nodes go through SSH. The key idea is simple: do not treat JSON as a shell string.

Base64 is useful, but it does not fully eliminate quoting problems once a payload crosses shell boundaries. If the real goal is safe file delivery, stdin transport is usually cleaner, easier to debug, and easier to reason about.

This refactor also clarified responsibilities in the code. set_subscription now decides only which keys should be distributed to which node, while the actual write logic is isolated inside write_auth_profiles(). That separation makes failures easier to localize, and it gives us a single place to update if the structure of auth-profiles.json changes later. In SaaS and API-integrated systems, incidents often come less from the API call itself and more from how configuration and secrets are distributed safely. This kind of separation quietly pays off.

The practical lessons are straightforward. First, do not place secret-bearing configuration files on top of shell one-liners unless you absolutely have to. Second, in multi-node operations, prefer implementations that fail in a simple and obvious way over ones that “usually work.” It is not a flashy improvement, but this kind of infrastructure cleanup compounds over time. Before adding more UI, make the distribution path solid.