This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Access GCP services from on-prem python app keyless

Posted on 08-10-2023 09:14 PM
FalconSid
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi All,

good morning.

i am working on some solution based on best security approach. The use case is my application is copy the data to gcs using gsutil in current scenario I have kept service account key locally, but due to security reasons i have to removed that key.

any way we can connect gcp services like copy data to gcs bucket from on prem without storing services account json key  similar to application default login .?

any help much appropriated.

 

0 1 650
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
hectorjacales
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

I would recommend to take a look at service account impersonation[1]. In summary you use the service account on behalf of your user account, specific for gsutil you can follow this scheme when running commands:

gsutil -i [SERVICE-ACCOUNT]@[PROJECT] [GSUTIL-COMMAND]
gsutil -i myserviceaccount@iam.gserviceaccount.com cp file1 gs://sample/

Before running the command please make sure you hace the right permits mentioned in the documentation, this is a straight foward solution but  if for some reason this approach is not feasible you can dive more into Auth Tokens or explore gcsfuse as an option[2].

1- Use service account impersonation  |  Authentication  |  Google Cloud

2- Mount Cloud Storage buckets by using Cloud Storage FUSE  |  Google Cloud

0 Likes
Top Solution Authors
View all