Reputation: 167
Firestore authorization for Google Compute engine for app on a docker container
I have deployed a Node.js app on a Google compute instance via a Docker container. Is there a recommended way to pass the GOOGLE_APPLICATION_CREDENTIALS to the docker container?
I see the documentation states that GCE has Application Default Credentials (ADC), but these are not available in the docker container. (https://cloud.google.com/docs/authentication/production)
I am a bit new to docker & GCP, so any help would be appreciated.
Thank you!
Upvotes: 1
Views: 966
Answers (1)
Reputation: 312
So, I could find this documentation on where you can inject your GOOGLE_APPLICATION_CREDENTIALS into a docker in order to test cloud run locally, I know that this is not cloud run, but I believe that the same command could be used in order to inject your credentials to the container.
As I know that a lot of the times the community needs the steps and commands as the links could change and information also could change I will copy the steps needed in order to inject the credentials.
Refer to Getting Started with Authentication for instructions on generating, retrieving, and configuring your Service Account credentials.
The following Docker run flags inject the credentials and configuration from your local system into the local container:
- Use the --volume (-v) flag to inject the credential file into the container (assumes you have already set your GOOGLE_APPLICATION_CREDENTIALS environment variable on your machine):
-v $GOOGLE_APPLICATION_CREDENTIALS:/tmp/keys/FILE_NAME.json:ro
- Use the --environment (-e) flag to set the GOOGLE_APPLICATION_CREDENTIALS variable inside the container:
-e GOOGLE_APPLICATION_CREDENTIALS=/tmp/keys/FILE_NAME.jsonOptionally, use this fully configured Docker run command:
PORT=8080 && docker run \ -p 9090:${PORT} \ -e PORT=${PORT} \ -e K_SERVICE=dev \ -e K_CONFIGURATION=dev \ -e K_REVISION=dev-00001 \ -e GOOGLE_APPLICATION_CREDENTIALS=/tmp/keys/FILE_NAME.json \ -v $GOOGLE_APPLICATION_CREDENTIALS:/tmp/keys/FILE_NAME.json:ro \ gcr.io/PROJECT_ID/IMAGENote that the path
/tmp/keys/FILE_NAME.jsonshown in the example above is a reasonable location to place your credentials inside the container. However, other directory locations will also work. The crucial requirement is that the GOOGLE_APPLICATION_CREDENTIALS environment variable must match the bind mount location inside the container.
Hope this works for you.
Upvotes: 1
Related Questions
- Can't access to Google Firestore Emulator docker image from my api container
- Allow google cloud compute to access firestore
- How do I provide auth data for Firebase Firestore rest api call
- Run Google Firestore Emulator with Docker-Compose
- Firebase authorization on Google Kubernetes Engine
- Firestore Emulator REST API authentication
- Using Firebase Cloud Firestore with custom Authentication Security (without Firebase Authentication)
- Firestore PERMISSION_DENIED on Google Cloud Compute
- Cloud Firestore: Missing or insufficient permissions
- UNAUTHENTICATED exception when using Firestore from GAE development server