Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creating Service Account auth with fromJSON() #2419

Closed
calculuschild opened this issue Nov 3, 2020 · 1 comment
Closed

Creating Service Account auth with fromJSON() #2419

calculuschild opened this issue Nov 3, 2020 · 1 comment
Assignees
@JustinBeckwith
Labels
type: question Request for information or clarification. Not an issue.

Comments

@calculuschild
Copy link

Describe the solution you'd like
If possible, I would like to create a Service Account auth from an environment variable instead of requiring reading from an external JSON file. However, it appears this functionality is not present in this current library, where oAuth2 clients can be created from environment variables, the Service Account can only be created via an external .json file.
Describe alternatives you've considered
In the other library (https://github.com/googleapis/google-auth-library-nodejs) this is possible via the fromJSON() function. It is not clear if this library is is a newer version of that one, or the vice-versa, but it's not clear why it is available there but not here.
Additional context
The other library states:

Instead of loading credentials from a key file, you can also provide them using an environment variable and the GoogleAuth.fromJSON() method. This is particularly convenient for systems that deploy directly from source control (Heroku, App Engine, etc)

Specifically pointing out the convenience for systems like Heroku, which I use.

If this is already possible, how exactly do I go about that here?
@JustinBeckwith JustinBeckwith added the type: question Request for information or clarification. Not an issue. label Nov 3, 2020
@JustinBeckwith
Copy link
Contributor

JustinBeckwith commented Nov 4, 2020
edited

Greetings! This npm module, googleapis takes a direct dependency on google-auth-library, and really just exposes it. If you stringify the JSON that makes up your key, and stuff it in an env var, something like this ought to work out:

const {google} = require('googleapis');
const keys = JSON.parse(process.env['keys']);
const auth = google.auth.fromJSON(keys);
google.options({auth});

Now onto why this isn't the default :) Generally - storing secrets in env vars is considered less secure than alternatives like using a secret manager, or an encrypted file. This is a good read on the subject:
https://diogomonica.com/2017/03/27/why-you-shouldnt-use-env-variables-for-secret-data/

That having been said, you should be able to JSON.stringify the key, and slug it in a heroku env var :) Let me know if you run into any problems!

Oh I almost forgot - last time I had to do this, I also base 64 encoded the stringified JSON to avoid weirdness with quotes and env vars. May be worth considering the same!

@JustinBeckwith JustinBeckwith self-assigned this Nov 4, 2020
This was referenced Dec 24, 2020
Open
Open
This was referenced Jan 12, 2022
Open
Open
This was referenced Feb 10, 2022
Open
Open
@takeratta takeratta mentioned this issue Mar 15, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JustinBeckwith JustinBeckwith

Labels
type: question Request for information or clarification. Not an issue.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JustinBeckwith @calculuschild