I'm developing a CMS module that needs to use Google OAUTH 2 for server to server applications. According to the official manual one needs to set an environment variable with the path to .json key like so:
putenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account.json');
And here is the tricky part. If I'd use it in a stand-alone web application, then there wouldn't be any problem, but since I'm working on a CMS module, storing that file on a drive or creating any kind of hooks associated with the use of this file would pose a potential security threat since I already see how one could sneakily steal the content of the key through the use of another module.
I want to store the content of this file in the DB and the question: is there a way I could somehow set the environment value of GOOGLE_APPLICATION_CREDENTIALS without using a path?
One can use keyFile key accepted as a config option while initializing clients.
Sample code taken from the offical api doc - https://github.com/googleapis/google-cloud-php
require 'vendor/autoload.php';
use Google\Cloud\Core\ServiceBuilder;
// Authenticate using a keyfile path
$cloud = new ServiceBuilder([
'keyFilePath' => 'path/to/keyfile.json'
]);
// Authenticate using keyfile data
$cloud = new ServiceBuilder([
'keyFile' => json_decode(file_get_contents('/path/to/keyfile.json'), true)
]);
In place of ServiceBuilder one can use any google client.
来源:https://stackoverflow.com/questions/48366036/how-to-set-google-application-credentials-without-using-a-path