不使用JSON文件对Google-Cloud-Storage进行身份验证 [英] Authenticate Google-Cloud-Storage not using JSON file
问题描述
我正在使用.Net API并通过环境变量GOOGLE_APPLICATION_CREDENTIALS中的服务帐户JSON文件设置路径来进行身份验证.
但是我想做的是通过在代码中具体指定凭据属性来进行身份验证(就像我对AWS及其ID和KEY所做的一样).
为什么?在我的用例中,我不想让json文件暴露在外",而是希望对自定义XML配置文件中指定的凭据属性进行加密.
我的应用程序将读取配置文件并解密内容(GCS凭据).
不在乎它是服务帐户还是用户帐户,如果可能的话,最适合About设置的是什么?
丑陋的解决方案是动态创建JSON文件,让API读取它,然后删除该文件.
如果是这样,我想尽可能地限制属性的数量,我在下载的JSON文件中具有以下属性.哪些是强制性/必需的,哪些是膨胀的?
I'm using .Net API and authenticate be setting the path to the service account JSON file in the environment variable GOOGLE_APPLICATION_CREDENTIALS.
But what I would like to do is to authenticate by specific specifying the credential-properties in the code (just like I do with AWS and their ID and KEY).
Why? In my use case I don't want to have the json file "exposed" laying around, but want the credential-properties specified in a custom XML config-file encrypted.
My application will read the config-file and decrypt the content (the GCS credentials).
Don't care if it's a service-account or user-account, whatever works best for the about setup, if possible?
And ugly solution would be to dynamically create the JSON file, let the API read it and then delete the file.
If so I would like to limit the amount of properties as much as possible, I have the following properties in a downloaded JSON file. Which are mandatory/needed and which are bloat:
{
"type": "xxx",
"project_id": "xxx",
"private_key_id": "xxx",
"private_key": "xxx",
"client_email": "xxx",
"client_id": "xxx",
"auth_uri": "xxx",
"token_uri": "xxx",
"auth_provider_x509_cert_url": "xxx",
"client_x509_cert_url": "xxx"
}
推荐答案
要将凭据指定为变量(JSON字符串)而不是文件路径:
To specify the credentials as a variable (JSON string) instead of a file-path:
Google.Apis.Auth.OAuth2.GoogleCredential cred = Google.Apis.Auth.OAuth2.GoogleCredential.FromJson(JSONString);
var storage = Google.Cloud.Storage.V1.StorageClient.Create(cred);
这篇关于不使用JSON文件对Google-Cloud-Storage进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
