Google Cloud Platform Service Account Key retention and client connections
Question
Description of Issue
I am trying to figure out if an active connection to BigQuery from a service account key will be terminated if that key is revoked from the Service Account.
Example
Say I have this running, which clearly the source code shows that it only creates one connection using that service account, and that is on start up. If the GCP service account key that is being used in a case like this is revoked, will this application connection also be terminated? Since the application authenticated when the service account key was valid will it keep its connection alive?
1 answers
solution1
1 2022-02-08 17:53:33
I am trying to figure out if an active connection to BigQuery from a service account key will be terminated if that key is revoked from the Service Account.
Not immediately.
The service account key is used to authorize access to BigQuery. Once the connection is created, encryption is via SSL certificates (HTTPS), and the service account key is no longer required until token refresh.
The public certificates used to verify private key signatures are cached. I do not know how often the keys and certificates are refreshed internally. Google recommends caching certificates for up to 24 hours. Access tokens are typically valid for 3600 seconds. Once a service account key is deleted, it takes a few minutes for this to be known globally (5 - 10 minutes). BigQuery will not know about this event until it needs to validate an access token.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.