Authenticate Google-Cloud-Storage not using JSON file

Question

I'm using .Net API and authenticate be setting the path to the service account JSON file in the environment variable GOOGLE_APPLICATION_CREDENTIALS.
But what I would like to do is to authenticate by specific specifying the credential-properties in the code (just like I do with AWS and their ID and KEY).

Why? In my use case I don't want to have the json file "exposed" laying around, but want the credential-properties specified in a custom XML config-file encrypted.

My application will read the config-file and decrypt the content (the GCS credentials).

Don't care if it's a service-account or user-account, whatever works best for the about setup, if possible?

And ugly solution would be to dynamically create the JSON file, let the API read it and then delete the file.

If so I would like to limit the amount of properties as much as possible, I have the following properties in a downloaded JSON file. Which are mandatory/needed and which are bloat:

{
 "type": "xxx",
 "project_id": "xxx",
 "private_key_id": "xxx",
 "private_key": "xxx",
 "client_email": "xxx",
 "client_id": "xxx",
 "auth_uri": "xxx",
 "token_uri": "xxx",
 "auth_provider_x509_cert_url": "xxx",
 "client_x509_cert_url": "xxx"
}

Answer 1

This is very weird. I seem to not need to use my GC json file to translate text. Idk why I don't need it but that saves me time from encrypting it. It just feels weird that this is all working even though I don't have the translate.py file connected to any sort of json file.

Answer 2

To specify the credentials as a variable (JSON string) instead of a file-path:

 Google.Apis.Auth.OAuth2.GoogleCredential cred = Google.Apis.Auth.OAuth2.GoogleCredential.FromJson(JSONString);
 var storage = Google.Cloud.Storage.V1.StorageClient.Create(cred);