Are blob_key's for GCS entities safe to use later?

Question

Here is the reference: https://developers.google.com/appengine/docs/python/blobstore/functions#create_gs_key

When you upload a file to a BlobstoreUploadHandler, there is a blob_key stored in the blob_info, I've tested using the blob_key with images.Image(blob_key=blob_key) after 180 minutes, it still functioned.

However the documentation states that, a blob_key from create_gs_key has a 60 minute access_token.

I'm not sure what this means and what that access_token is used for, the documentation also states the blob_key is safe for storing, I'm also not sure what "safe for storing" is.

So can blob_key's for GCS entities be used indefinitely?

Answer 1

Looking at the source code:

def create_gs_key(filename, rpc=None):
  """Create an encoded key for a Google Storage file.

  The created blob key will include short lived access token using the
  application's service account for authorization.

  This blob key should not be stored permanently as the access token will
  expire.

  Args:
    filename: The filename of the google storage object to create the key for.
    rpc: Optional UserRPC object.

  Returns:
    An encrypted blob key object that also contains a short term access token
      that represents the application's service account.
  """
  rpc = create_gs_key_async(filename, rpc)
  return rpc.get_result()

This contradicts what the documentation says:

You can safely persist the blob key generated by this function just as you can persist ordinary blob keys in the Blobstore API.

What I would suggest is since you are using the create_gs_key function, you already know the filename you want. As such, store this value to generate a BlobKey to use with the BlobStore API everytime you want to interact with the file in question (e..g get or delete)

Update: There is a bug report submitted to fix the documentation.