CODEWITHSUNDEEP
pythongoogle-cloud-platformgoogle-apigoogle-oauth
pythonhmmm
pythonhmmm

Reputation: 923

Generate google service account credentials without key in Cloud function

How can I create credential without the service account key file?

My current setup.

I am calling cloud function from application using 

curl -X POST CF_URL -H "Authorization:  Bearer $TOKEN" [email protected]

In Cloud Functions

credentials = service_account.Credentials.from_service_account_info(request_json),
                                          scopes=['https://www.googleapis.com/auth/cloud-platform'])

service = googleapiclient.discovery.build(
            'cloudresourcemanager', 'v1', credentials=credentials,cache_discovery=False)

policy = (
        service.projects()
        .getIamPolicy(
            resource=credentials.project_id,
            body={},
        )
        .execute()
    )

I am passing service account key as payload which has security issue. How can I avoid passing key file as payload.

Upvotes: 1

Views: 1193

Answers (1)

guillaume blaquiere
guillaume blaquiere

Reputation: 75800

In Cloud Functions (and in all GCP product), you have a feature name function identity. That means that you can choose the service account that you want to attach to the Cloud Function when you it run. If no one is defined, this one by default is used.

Thereby, a default identity automatically exists in your cloud function. You can perform simply this, as described in this library

import google.auth

credentials, project_id = google.auth.default(scopes='https://www.googleapis.com/auth/cloud-platform']))

Upvotes: 3

Related Questions