You need authentication while using octue
to:
- Access data from Google Cloud Storage
- Use, run, or deploy Octue services
Authentication can be provided by using one of:
- A service account
- Application Default Credentials
- Create a service account (see Google's getting started guide)
- Make sure your service account has access to any buckets you need, Google Pub/Sub, and Google Cloud Run if your service is deployed on it (see here)
- Create and download a key for your service account - it will be called
your-project-XXXXX.json
.
Danger
It's best not to store this in your project to prevent accidentally committing it or building it into a docker image layer. Instead, bind mount it into your docker image from somewhere else on your local system.
If you must keep within your project, it's good practice to name the file gha-greds-<whatever>.json
and make sure that gha-creds-*
is in your .gitignore
and .dockerignore
files.
- If you're developing in a container (like a VSCode
.devcontainer
), mount the file into the container. You can make gcloud available too - check out this tutorial. - Set the
GOOGLE_APPLICATION_CREDENTIALS
environment variable to the path of the key file.
- Credentials are provided when running code on GCP infrastructure (e.g. Google Cloud Run)
octue
uses these when when running on these platforms- You should ensure the correct service account is being used by the deployed instance