4

So I have the following code in my project

flow = flow_from_clientsecrets(client_secrets_file, scope=flow_scope, redirect_uri='urn:ietf:wg:oauth:2.0:oob')

Which reads from a client_secret.json file in order for me to use Google Cloud API. Here's another piece of code that sets an environment variable for Google Cloud Storage.

os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = os.path.join(dir, '../config/service_account.json')

Normally, I would put these info in environment variables, but I don't know how to do that with json files. Where should I put these files or how should I alter them so that I can safely push my code online without revealing my credentials?

Any help is appreciated.

DUNG NGUYEN TIEN
  • 41
  • 1
  • 2
  • Follow this [doc](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application) on how to set up authentication. If you push your code, push it without the credentials file. [This post](https://stackoverflow.com/questions/35159967/setting-google-application-credentials-for-bigquery-python-cli) might also help – Tudormi Jan 18 '18 at 17:54
  • 1
    *Your environment* variables (including credentials) will not be uploaded. When someone else will download your script and run it in *his environment*, the script will look for *his environment's* variables, so he will have to provide a file containing his credentials, in a similar manner. – Tudormi Jan 18 '18 at 17:58

1 Answers1

2

You can store the file in a secret and access that secret through the Google Cloud Secret Manager. This is also recommended over storing your sensitive data in an environment variable. You can find more information on how to set this up here: https://cloud.google.com/secret-manager/docs/

JMS
  • 21
  • 2