I'd like to authenticate to gcloud CLI took from GitHub Codespaces devcontainer. I can setup GitHub Codespaces secrets to expose GOOGLE_APPLICATION_CREDENTIALS, and I can assign it the actual service account value (JSON content).
But, the gcloud CLI expects it to be a path to a file. What is considered a best-practice to deal with that?
Thanks,
I’m not sure if there are best practices for these patterns yet, but I’ve found success with creating a Codespace secret that contains the text of a file and writing it to a file in the Codespace using a lifecycle script such as postCreateCommand.
{
“postCreateCommand”: “echo -e \"$SERVICE_ACCOUNT_CREDENTIALS\" > /path/to/your/file.json”
}
Note: I usually don’t call this command from directly within devcontainer.json, I create a separate bash script and execute that instead.
From there you should be able to interact with the file normally. I’ve successfully used this pattern for SSH keys, kubeconfigs, and AWS credentials.