2

I'm building a C# .net application for STT and I'm creating credentials manually. I find the documentation hugely confusing for me and I dont know how to add the credentials properly.

I added a project, created a json credential and downloaded and kept on a folder and pointing to it for manually with GoogleCredential for authorization and everythings working good. But this cant be a solution for a shipped app. Current approach:

GoogleCredential credentials =
GoogleCredential.FromFile(Path.Combine("*PATH"), "myProject-123XXXx32.json"));

        TextToSpeechClient client = TextToSpeechClient.Create(credentials);

If I use a default credential json by environment variable then how my production app that is running on users machine will have credential?

So I have to put the json directly to my app? Isn't it less secure than using a key?

What should I use to authenticate my application with GoogleCredential?

Rifat
  • 1,700
  • 3
  • 20
  • 51
  • 1
    Nice problem, I bet your credential will still be decrypted and you'll pay for extra usage. You need to connect credential to user auth somehow. – Nikolay Shmyrev May 31 '19 at 15:12

1 Answers1

1

You can set credentials using Google KMS and consume it in your application https://cloud.google.com/kms/.

1a. Save the JSON in a KMS as a JSON for the VALUE of the KEY.

2a. Decrypt JSON in your code and consume it.

1b. Alternatively, you can make it consume credentials using Environment variables

2b. And just setup Environments in your environment where you app is being shipped.

3b. You can automate 2b step using some tool like serverless framework( https://serverless.com/framework/docs/providers/google/)

Gurpreet Singh Drish
  • 159
  • 2
  • 14
  • I dont know much about KMS, If I don't want my user to login then will KMS work? Also this requires a cost. The alternative is not ideal for commercial usage, as endUser is not trusted enough to give out a credential json on their machine. – Rifat May 31 '19 at 10:13