1

I would like to have my nodeJS application authenticate itself locally with my IAM credentials, however when I run the basic secrets manager function below:

// config/secret_manager.js
const { SecretManagerServiceClient } = require('@google-cloud/secret-manager')

const client = new SecretManagerServiceClient()

async function getSecret(name) {
  const [version] = await client.accessSecretVersion({ name })
  const secretValue = JSON.parse(version.payload.data.toString())

  return secretValue
}

module.exports = getSecret

I receive the error:

Could not load the default credentials. Browse to https://cloud.google.com/docs/authentication/getting-started for more information. at GoogleAuth.getApplicationDefaultAsync

I can't seem to find any documentation on how to use my CLI login credentials locally, any ideas?

(I don't want to use a JSON service account config)

Kevin Danikowski
  • 4,620
  • 6
  • 41
  • 75
  • Since you tagged `Node.js`, you probably should use a service account and not user credentials. For debugging, user credentials can be used, but are not recommended for production scenarios. When running code on a Google compute service, the credentials from metadata should be used. Update your question with more details on the environment. – John Hanley May 16 '21 at 19:12
  • @JohnHanley in CloudRun would this same function not grab what ever service account is available? – Kevin Danikowski May 16 '21 at 19:15
  • The code in your question will fetch the credentials from metadata. Your answer would not work in Cloud Run. A key point is to not use user credentials where a service account should be used which is almost always the case for one of the compute services. The SDKs will print a warning, you will be quota limited, etc. – John Hanley May 16 '21 at 19:47

1 Answers1

2

Even if you're authenticated with the gcloud CLI you need to set the default application login. This is solved by running gcloud auth application-default login

Source: Could not load the default credentials? (Node.js Google Compute Engine tutorial)

Kevin Danikowski
  • 4,620
  • 6
  • 41
  • 75