[英]Secure Service Account Credentials json key kotlin
So, I'm trying to get the Service Application Credentials on my localhost and I'm encountering some problems.因此,我试图在本地主机上获取服务应用程序凭据,但遇到了一些问题。 I created and downloaded the json key and I want to secure them instead of letting them in plain text.
我创建并下载了 json 密钥,我想保护它们而不是让它们以纯文本形式出现。
I want to know the best way to do this.我想知道最好的方法。 I have this code:
我有这段代码:
fun getServiceAccountCredentials(
pathToFallBackCredentialsFile: String
): ServiceAccountCredentials {
return try {
getApplicationDefault() as ServiceAccountCredentials
} catch (e: IOException) {
return ServiceAccountCredentials.fromStream(FileInputStream(pathToFallBackCredentialsFile))
} catch (e: ClassCastException) {
return ServiceAccountCredentials.fromStream(this::class.java.classLoader.getResourceAsStream(pathToFallBackCredentialsFile))
}
}
The problem here is that my JSON file is exposed in plain text in my repository.这里的问题是我的 JSON 文件在我的存储库中以纯文本形式公开。
Options选项
I found a solution.我找到了解决办法。
I activated the Secret Manager from GCP and I've added the JSON file there.我从 GCP 激活了 Secret Manager,并在那里添加了 JSON 文件。
To take the secret in a java/kotlin application(without spring, if you have spring you can use "spring-cloud-gcp-starter-secretmanager"), I used the following piece of code.为了在 java/kotlin 应用程序中获取秘密(没有 spring,如果你有 spring,你可以使用“spring-cloud-gcp-starter-secretmanager”),我使用了以下代码。
fun accessSecretVersion(secretId: String?, versionId: String?): String {
val googleCredentials = GoogleCredentials.getApplicationDefault() as UserCredentials
val projectId = googleCredentials.quotaProjectId
return getSecret(projectId, secretId, versionId)
}
fun getSecret(projectId: String?, secretId: String?, versionId: String?): String {
SecretManagerServiceClient.create().use { client ->
val secretVersionName = SecretVersionName.of(projectId, secretId, versionId)
val response = client.accessSecretVersion(secretVersionName)
return response.payload.data.toStringUtf8()
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.