This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Alternative way to authenticate with Google Cloud functions instead of Json keys

Posted on 10-08-2023 02:36 PM
Sheldon_Sab
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi there,

I'm looking for the code snippet or some guidance for an alternative way to not use JSON keys with my service account to authenticate for my Google Cloud functions

I am using a service account already for my compute engine but for security reasons, I rather not use JSON key to authenticate 

 
You will see that in my Python code it reads the key.json file as the credentials:
credentials = service_account.Credentials.from_service_account_file('key.json', scopes = scopes)
 
I'm just looking for an alternative way to authenticate than using a JSON key in my service account 

Thanks 

0 1 1,263
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
Marramirez
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

Hello @Sheldon_Sab,

Take a look at this documentation: Authenticate for invocation.

With the appropriate permissions, you can generate tokens programmatically or manually. Try using the metadata server to fetch ID Tokens with the specific audience as follows:

curl "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/identity?audience= AUDIENCE" \
     -H "Metadata-Flavor: Google"

Replace AUDIENCE with the URL of the function you are invoking. You can retrieve this URL as described in the Authenticating developer testing section above.

Let me know if it helped, thanks!

0 Likes