This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Using Secret Manager for Auth Tokens???

Posted on 02-16-2022 05:12 AM
emile_swain
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi, 

We're using Secret manager to store clientId and clientSecret which are used to generate an auth token from a 3rd party service. 

Currently this token is regenerated before every call to the 3rdparty service. Which seems excessive, especially given it expires every 24hrs. 

Given we had secret manager already implemented, it sort of made sense to store the Auth token in there, and schedule it to update with a scheduled cloud function.

All the other service end points could then use that auth token from secret manager. 

 

The alternative approach was to store the token locally in memory, but its not clear what a secure and easy way to do that is? 

Originally I thought to add a cache to the axios call i make to generate the auth token. However that seemingly requires implementing some sort of CDN (redis is mentioned in some posts) To enable axios-caching on our cloud function express configuration. 

So question is. 
Is using Secret manager in this way incorrect in someway? Or say not cost efficient? 

Or is there an easy way to store/cache the auth token securely within our serverless (express) cloud function setup?

Same question posted here https://stackoverflow.com/questions/71116550/how-to-store-token-for-firebase-cloud-functions-efficie...

 

 

0 2 1,728
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
Mohamad
Staff
Reply posted on --/--/---- --:-- AM

Hello,

You are right concerning the CDN approach. This appears to be recommended from different answers posted on stackoverflow. Depending on your design their are multiple approaches discussed in the thread such as :


1)FRONT END MODEL / COOKIELESS

2)BACK END MODEL / AUTH COOKIES

3)BEST OF BOTH WORLDS

Another approach that you may want to consider is a Realtime database, since Cloud Functions are intended to be stateless, and there is no persistent storage it provides

 



0 Likes

Posted on --/--/---- --:-- AM
emile_swain
Bronze 1
Bronze 1
In response to Mohamad
Reply posted on --/--/---- --:-- AM

Indeed, however the overhead of adding in a CDN and the maintenance and management of that, when the Secret manager appears to do the job just fine is where my quandry lies. 

I guess a different question to ask is

What is an acceptable frequency for updating Secret manager versions? 
When is it too much?

 

0 Likes