Reputation: 182
How should I store the Google Drive API credentials.json on my system?
I am looking at Google Drive API tutorials and they tell you to store credentials.json in my working directory (eg https://developers.google.com/drive/api/v3/quickstart/python).
My goal is to make a script which regularly runs on my system and downloads files from Google Drive. My concern is: does storing the credentials.json file leave me open to security risks? If anyone gets access to this file, can they not use it to gain access to all my Google Drive data?
If so, then how should I store the credentials file in a secure manner?
Upvotes: 2
Views: 1693
Answers (1)
Reputation: 117146
The credentials.json file is used to create user credentials for your application. If someone got a hold of that they could pretend to be your application and request access of users and then do what they wanted with user data. It is very important that you keep this file secure.
Note: If you are only accessing your google drive account and not one owned by other users then you should consider looking into service accounts.
Upvotes: 2
Related Questions
- Creating Google Credentials object for Google Drive API without loading from file
- How to let my users save their configuration on Google Drive without sahring my developer credentials.json?
- Google Drive API for Python: how to create credential?
- what client_secret.json file is it required for google drive files access
- Where to put Google Cloud client/service account secret json file?
- Where is ~/.credentials/drive-python-quickstart.json saved for Google Drive API Python Implementation?
- Best practice to share google drive API credentials for being used by a script?
- Google Drive API - using Google.Apis.Authentication
- Store access token from Google OAuth 2.0 to access drive data from application account
- What are the options for storing login credentials for Google Drive? Locally as well as serverside