[英]How can I securely access json file containing service account credentials?
I am trying to create Django project that uses Google Cloud Storage bucket, and deploy it on Heroku or other cloud services.我正在尝试创建使用 Google Cloud Storage 存储桶的 Django 项目,并将其部署在 Heroku 或其他云服务上。
In order to use Cloud Storage, I need to authenticate myself using the service account.为了使用 Cloud Storage,我需要使用服务帐户对自己进行身份验证。 So I got json file containing service account credentials.
所以我得到了包含服务帐户凭据的 json 文件。
In the application, I need to provide a path to that json file, which means that I must save json file within the application.在应用程序中,我需要提供 json 文件的路径,这意味着我必须在应用程序中保存 json 文件。
I can use environment variable to hide the path itself, but I still need the json file saved somewhere in the Django project and when deployed in the remote server.我可以使用环境变量来隐藏路径本身,但我仍然需要将 json 文件保存在 Django 项目中的某处以及部署在远程服务器中时。 I was not sure if this is safe...
我不确定这是否安全...
How can I access Google Cloud Storage safely during production?如何在生产期间安全访问 Google Cloud Storage?
The reason why one uses environment variables is to make sure sensitive credentials are not shared by an accident via for example GitHub.使用环境变量的原因是为了确保敏感凭据不会被意外共享,例如 GitHub。 If someone has access to your server then everything is compromised no matter what.
如果有人可以访问您的服务器,那么无论如何都会受到损害。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.