use Google Application Default Credentials without json file

Asked 22/2, 2017 at 11:1 Answered 14/8, 2019 at 17:15

I have created a console app using c#. I used google cloud speech api. I followed this sample application to create the app. To authenticate speech api, I wrote the following code in main method

Environment.SetEnvironmentVariable("GOOGLE_APPLICATION_CREDENTIALS", "path-to-json-file", EnvironmentVariableTarget.Process);

Everything works fine. My problem, I have to ship the exe along with the json file. I do not want to expose the json file. How can I embed the json file content in code or authenticate without json file ? so that I can only ship the exe to the user.

Any help on this will be appreciated.

Thanks.

Sombrero answered 22/2, 2017 at 11:1 Comment(0)

For the storage api I found this solution:

 Google.Apis.Auth.OAuth2.GoogleCredential cred = Google.Apis.Auth.OAuth2.GoogleCredential.FromJson(JSONString);
 var storage = Google.Cloud.Storage.V1.StorageClient.Create(cred);

I could easily imagine the same can be done with the other api's

Farreaching answered 14/8, 2019 at 17:15 Comment(1)

too bad Google DLP service Create method does not have a similar overload – Console 30/6, 2021 at 15:18

-1

You may store the keyfile encrypted, then on application startup decrypt that file and in a matter of miliseconds (after reading the contents and initializing), rewrite the decrypted content back.

another solution could be grabbing from server (encrypted) and storing in application variable (decrypted) and initialize with that, and then delete the file after initilization.

Potto answered 26/2, 2018 at 9:8 Comment(5)

But how do you authenticate with the credentials stored in application variables? I don't want to write it to a json file, have the API read it, and then remove the JSON-file again, that's really ugly. – Farreaching 14/8, 2019 at 6:8

@Farreaching if you know better solution, let me know, i was searching too. – Potto 14/8, 2019 at 10:50

I might end up serialize the json into the code, encrypt the private_key, serialize it back to the file. But let's see if anyone have a better solution ;-) Before I found this thread I asked a similar questions here (sorry for the duplicate) – Farreaching 14/8, 2019 at 13:57

The answer has nothing to do with the question. It does not answer how to provide credentials without json file that has to be already decrypted. – Kisangani 12/2, 2021 at 6:42

@Kisangani amusing ;) gl – Potto 12/2, 2021 at 22:25

Recommended topics

Hot tags