如何将我的服务器的私钥存储在谷歌应用引擎中？ [英] How do I store the private key of my server in google app engine?

问题描述

我使用github.com/dgrijalva/jwt-go创建JSON Web令牌。

当我在本地托管我的服务器时，我可以照常使用我的私钥。但是在GAE中，它无法工作，因为我无法访问文件系统。

你们会怎么做？将密钥存储在数据存储或任何其他想法中？

谢谢

编辑：

我的 app.yaml 看起来像这样（ api_version 和东西）： p>

 处理程序：
  -  url：/.* 
脚本：_go_app 
  
 
 
所以问题是：你是否想在应用程序中更改此私钥而不重新部署应用程序？如果您的应用程序的代码静态部署，那么它是完全正常的吗？
 
 
 
如果您不需要更改它（或仅在重新部署应用程序时） ，最简单的方法是将它作为一个静态文件存储为您的web应用程序的一部分。您可以使用相对路径来引用您的应用的文件，其中当前或工作目录是您应用的根目录。例如。如果您的应用程序的根目录中包含键文件夹（其中 app.yaml 所在的文件夹），并且存在<$在$ 键文件夹内的c $ c> my_key.txt 文件中，可以使用以下路径引用它： key / my_key.txt 。
 
 
 
实际上，将静态文件发布到应用程序的代码是相当普遍的：只需考虑读取的HTML模板并通过Go代码进行处理（例如，包  html / template  ）来产生HTML结果; HTML模板文件的内容不会直接提供给客户端。
 
 
 
如果您需要不时重新部署应用程序而对其进行更改，请将其存储在您的应用可以读取和修改的数据存储。 
 
 
 注意：  
 
 
一重要提示：并非每个文件都可以被代码读取，这取决于应用程序的配置。从使用app.yaml / Static文件处理程序进行配置进行引用：
 
 
静态文件是直接向用户提供给定URL的文件，例如图像，CSS样式表或JavaScript源文件。静态文件处理程序描述应用程序目录中的哪些文件是静态文件，以及哪些URL用于服务它们。
 
 
 
为了提高效率，App Engine将应用程序文件与应用程序文件分开存储和提供静态文件。静态文件在应用程序的文件系统中不可用。 如果您的数据文件需要由应用程序代码读取，则数据文件必须是应用程序文件，并且不得与静态文件模式匹配。 
 
 
 
静态文件处理程序可以通过两种方式定义：作为映射到URL路径的静态文件的目录结构，或作为将URL映射到特定文件的模式。
 
 
阅读链接如何正确配置应用程序和静态文件/目录。
 
I'm using "github.com/dgrijalva/jwt-go" to create JSON web tokens.

When I hosted my server locally, I could use my private key as usual. But in GAE it won't work because I don't have access to the file system.

How would you guys do it? Store the key in datastore or any other ideas?

Thanks

Edit: 

My app.yaml looks like this (below api_version and stuff):
handlers:
- url: /.*
  script: _go_app

解决方案
On AppEngine you don't have access to the file system of the host operating system, but you can access files of your web application (you have read-only permission, you can't change them and you can't create new files in the app's folder).

So the question is: do you want to change this private key from your application without redeploying your app? Or it is perfectly fine if it is deployed "statically" with your app's code?

If you don't need to change it (or only when you redeploy your app), easiest is to store it as a "static" file as part of your webapp. You may refer to files of your app using relative paths, where the current or working directory is your app's root. E.g. if your app contains a key folder in its root (where app.yaml resides), and there is a my_key.txt file inside the key folder, you can refer to it with the path: key/my_key.txt.

Actually it is quite common to "ship" static files with your app's code: just think of HTML templates which are read and processed by the Go code (e.g. package html/template) to produce HTML result; the content of the HTML template files are not served directly to clients.

If you need to change it from time to time without having to redeploy your app, then store it in the Datastore which your app can read and modify.

Note:

One important note: not every file is readable by code, this depends on the app configuration. Quoting from Configuring with app.yaml / Static file handlers:

  
Static files are files to be served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. Static file handlers describe which files in the application directory are static files, and which URLs serve them.
  
  
For efficiency, App Engine stores and serves static files separately from application files. Static files are not available in the application's file system. If you have data files that need to be read by the application code, the data files must be application files, and must not be matched by a static file pattern.
  
  
Static file handlers can be defined in two ways: as a directory structure of static files that maps to a URL path, or as a pattern that maps URLs to specific files.
Read the link how to properly configure application and static files / directories.

                        
这篇关于如何将我的服务器的私钥存储在谷歌应用引擎中？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！