Google Firestore客户端没有JSON凭据文件

发布于 2025-02-10 07:44:49 字数 526 浏览 1 评论 0原文

我需要将代码在Docker映像中运送到无服务器平台，在该平台中我无法放置CREDS文件。

通常，我只会将firestore_creds.json复制到构建时间并在本地运行的图像，但这在运输代码时并不正确，并且非常不安全。

环境变量

export GOOGLE_APPLICATION_CREDENTIALS="firestore_creds.json"

python就是这样，client（）仅从init上的set env var读取。

from google.cloud import firestore
client = firestore.Client()

我该如何创建此client而没有出现的JSON CREDS文件？

注：我真的很想避免将信用授予作为JSON字符串环境VAR，然后阅读，写入文件，然后继续。这似乎很混乱，真的很丑陋。

原文

I need to ship my code in a Docker image to a serverless platform in which I cannot place a creds file.

Typically, I would just copy the firestore_creds.json into to the image at build time and run locally, but this isn't the right thing to do when shipping code and is horribly insecure.

Environment variable

export GOOGLE_APPLICATION_CREDENTIALS="firestore_creds.json"

Python is as such, and the Client() just reads from the set env vars on init.

from google.cloud import firestore
client = firestore.Client()

How do I go about creating this Client without a json creds file present?

Note: I'd really like to avoid having to place the creds as a json string environment var, then read it, write to a file, and continue. That seems messy and really ugly.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

冷默言语 2025-02-17 07:44:49

如线程

如果您在内存中具有凭据（环境变量
示例），您不想为其创建一个文件：

 来自Google.cloud导入存储
来自google.oauth2 import service_account

gcp_json_credentials_dict = json.loads（gcp_credentials_string）
凭据= service_account.credentials.from_service_account_info（gcp_json_credentials_dict）
client = storage.client（project = gcp_json_credentials_dict ['project_id']，recertentials =凭据）

使用python3.7和google-cloud-storage == 1.35.0

您也可以检查此答案

有1种更简单的方法可以明确地使其正常工作
提及凭据并将其传递给客户，如下所示。
 导入OS
来自google.oauth2 import service_account

凭据= service_account.credentials.from_service_account_file（“ your-json-path-with-filename.json”）
client = language.languageserviceclient（凭据=凭据）
 

为了通过客户端应用程序获得与安全访问Firestore有关的更多信息，您可以检查安全规则 and cloud firstore firstore firstore firstore rest res reast api

提供了一个很好的答案在这里与安全访问有关

firebase-admin不适用于网络和移动客户端。它是
对于在您完全控制的环境中运行的后端代码。你的
用户将无法访问此问题，这意味着它将是安全的
您使用私钥。

您绝对不想发货
服务帐户凭证使用您的应用程序。你应该使用
提供的客户SDK可从应用程序访问Firestore，并使用
安全规则
读并写下哪些文档。

As mentioned in the thread

In case you have the credentials in memory (environment variable for
example), and you don't want to create a file especially for it:
from google.cloud import storage
from google.oauth2 import service_account

gcp_json_credentials_dict = json.loads(gcp_credentials_string)
credentials = service_account.Credentials.from_service_account_info(gcp_json_credentials_dict)
client = storage.Client(project=gcp_json_credentials_dict['project_id'], credentials=credentials)
Using python3.7 and google-cloud-storage==1.35.0

You can also check this Answer

There is 1 more simpler way of making it working by explicitly
mentioning Credentials and passing them to the client as shown below.
import os
from google.oauth2 import service_account

credentials = service_account.Credentials.from_service_account_file("your-json-path-with-filename.json")
client = language.LanguageServiceClient(credentials=credentials)

In order to get more information related to the safe access to Firestore through client App, you can check the security rules and Cloud Firstore Rest API

A Good answer Provided here related to the safe access as :

Firebase-admin is not meant for use in web and mobile clients. It's
for backend code running in an environment you fully control. Your
users would not have access to this, which means it would be safe for
you to use private keys.

You definitely do not want to ship any
service account credentials with your app. You're supposed to use
the provided client SDKs to access Firestore from apps, and use
security rules to declare which authenticated users are able to
read and write which documents.

回复收藏 0 原文

~没有更多了~