Spring Cloud GCP Starter Authentication Issues

Question

I am using spring-cloud-gcp-starter,spring-cloud-gcp-starter-pubsub,spring-cloud-gcp-starter-data-datastore for the autoconfiguration of my gcp dependencies. It fetches the key from system variable:: spring.cloud.gcp.credentials.encoded-key which I am setting in my configuration class as System.setProperty("spring.cloud.gcp.credentials.encoded-key","privatevalue");

There is a case where my key will be rotated every x days and I want to ensure that my application gives me authorization when the key rotates. One way I have thought is to overwrite the system variable when my key rotates but how do we make sure gcp uses the latest key for authentication or will this approach work?.

I looked at the CredentialsProvider class and it seems they only have getter method and setter is handled via autoconfiguration.

Answer 1

You are right that CredentialsProvider bean in spring-cloud-gcp is created in autoconfiguration.

In Spring Cloud ecosystem, you can refresh configuration by using @RefreshScope. So then all configurations in this scope will get refreshed when the /refresh endpoint is hit. Read more in spring documentation here.

For rotating the keys, you can override the CredentialsProvider bean in your configuration with @RefreshScope, so that you can refresh your keys without restarting the application.

You can refer to how it is done in this sample application.