如何从Angular 9 Web应用程序服务访问GCP Secret Manager [英] How to access GCP Secret Manager from Angular 9 web app service

问题描述

我正在使用Angular服务(完全由Cloud Run托管)，我想从中通过HTTP客户端调用访问"googleapis" Secret Manager API.

I am having Angular service (Cloud Run fully managed) from which I would like to access 'googleapis' Secret Manager API with HTTP client call.

问题是我找不到获取当前服务帐户的身份验证令牌的方法，我可以将其进一步用于授权标头字段.这是使用Secret Manager API的一种方法，但是除非可以在Agular应用程序中使用它，否则我也可以使用其他解决方案来更改它.

The problem is I do not find a way to get the current service account's auth token that I can further use into the Authorization header field. This is an approach to use Secret Manager API, but I can change this with possible other solutions too unless it is working from the Agular app.

非常感谢.

推荐答案

我找到了解决该问题的概念性方法. Cloud Run文档中对此进行了描述. 通常，它会对元数据服务器进行API调用，以接收服务帐户(默认帐户或其他特定帐户)的访问令牌，该令牌稍后可在标头字段授权"中用于任何其他google API调用. 所描述的解决方案仅在GCP内部有效(我已经在Cloud Shell中使用curl对其进行了测试，并且工作正常). 尽管我遇到网关超时错误，但是从使用httpClient的应用程序中，我将为此提出另一个问题.

I found a conceptual solution to the problem. It is described in the Cloud Run documentation. In general, it makes an API call to metadata server to receive an access token for the service account (default or another particular one) which can be later used in the header field Authorization for any other google APIs calls. The described solution works only from inside GCP (I have tested it from Cloud shell with curl and it works fine). From my application using httpClient though I run into Gateway timeout Error, I will open another question for it.

这篇关于如何从Angular 9 Web应用程序服务访问GCP Secret Manager的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！