问题
I'm using .Net API and authenticate be setting the path to the service account JSON file in the environment variable GOOGLE_APPLICATION_CREDENTIALS.
But what I would like to do is to authenticate by specific specifying the credential-properties in the code (just like I do with AWS and their ID and KEY).
Why? In my use case I don't want to have the json file "exposed" laying around, but want the credential-properties specified in a custom XML config-file encrypted.
My application will read the config-file and decrypt the content (the GCS credentials).
Don't care if it's a service-account or user-account, whatever works best for the about setup, if possible?
And ugly solution would be to dynamically create the JSON file, let the API read it and then delete the file.
If so I would like to limit the amount of properties as much as possible, I have the following properties in a downloaded JSON file. Which are mandatory/needed and which are bloat:
{
"type": "xxx",
"project_id": "xxx",
"private_key_id": "xxx",
"private_key": "xxx",
"client_email": "xxx",
"client_id": "xxx",
"auth_uri": "xxx",
"token_uri": "xxx",
"auth_provider_x509_cert_url": "xxx",
"client_x509_cert_url": "xxx"
}
回答1:
To specify the credentials as a variable (JSON string) instead of a file-path:
Google.Apis.Auth.OAuth2.GoogleCredential cred = Google.Apis.Auth.OAuth2.GoogleCredential.FromJson(JSONString);
var storage = Google.Cloud.Storage.V1.StorageClient.Create(cred);
来源:https://stackoverflow.com/questions/57488905/authenticate-google-cloud-storage-not-using-json-file