Node.js - Google Cloud application for production

Question

I made a simple Node.js application that is using Google Cloud's Speech to Text API .
I could successfully authenticate locally, but how do I authenticate in production while keeping the credentials privates?
PS My application is not using any other server than Google's servers.

Answer 1

You need to be more specific to get more accurate answers

====================

OK, it's all about how you control the permission of your service account and there is a note in that page: "If you are developing a production app, specify more granular permissions than Project > Owner. For more information, see granting roles to service accounts."

You should use a specific service account needed to use this service. I don't have the particular role name(something like AutoML Viewer or Editor), and you need to test a minimum workable role in your Dev ENV. After which, you can deploy your service into PROD and make sure the key with a 0400 file. So more or less the account can use limited service as expected

Answer 2

The credentials necessary for making client calls are based on a strategy called Application Default Credentials. These can be found through an environment variable called GOOGLE_APPLICATION_CREDENTIALS if the variable is present. If the the variable is not set, then the default credentials can be used. The following article provides detailed guidance on this topic:

Setting Up Authentication for Server to Server Production Applications

If your client is running outside of Google on your own premises (and hence not in a Compute Engine or GKE cluster) then the thinking will likely be that the credentials are contained in a file that is itself content protected by local OS access permissions. For example, contained in a file which has read permission restricted to either the user that runs your application or group that the user is a member of.