如何通过Android应用安全地使用GCP服务帐户? [英] How to securely use GCP service account from an Android app?

问题描述

我正在开发使用Firebase身份验证和GCP Pubsub的Android应用(Java).要连接到Pubsub，我目前使用服务帐户密钥，该帐户存储在项目的JSON文件中.但这在生产环境中似乎并不安全，因为它公开了我的密钥.

I am developing an Android app (Java) that uses Firebase authentication and GCP Pubsub. To connect to Pubsub I currently use a service account key that is stored in a JSON file in my project. But this is not something that seems secure in a production environment since it exposes my key.

那么在这种情况下的最佳做法是什么?

So what would the best practice in that case ?

我虽然想将类似令牌的内容链接到Firebase用户帐户，但是我不知道如何执行此操作，而Google的此文档表明我应该使用服务帐户，因为我不这样做需要访问特定于用户的信息.

I though about having something like a token linked to the Firebase user account but I don't see how to do this, and this documentation from Google indicates that I should use a service account in my case since since I don't need to access user-specific information.

https://cloud.google.com/docs/authentication/

推荐答案

基本问题是如何管理用于服务器到服务器或应用程序到应用程序通信的服务帐户密钥.以下是来自Google云的一些推荐.

The basic issue is how do you manage the service account keys that are used for Server to Server or App to app communication. Here are some of the recommendation from Google cloud.

Google建议强制实施IAM策略以限制/管理访问.

Google recommends to have enforce an IAM policy to restrict/manage access.

这篇关于如何通过Android应用安全地使用GCP服务帐户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！