i'm trying to access a gcp bucket on cloud storage using spring cloud... The thing is when i run my app with the env GOOGLE_APPLICATION_CREDENTIALS=/User/Downloads/key.json the storage object loads the credential correctly
But if i copy the json key file to the resource folder and i want pass the credential by application.yml as i've seen on documentation, the property "credentials" for the storage object is null even do the application seems to load it on startup
aplication.yml:
spring:
cloud:
gcp:
credentials:
location: classpath:key.json
enter image description here enter image description here
am i missing somthing?, do i have to specify credentials some other way? Thanks in advance for the help!
Im trying to add credential key json file to resource folder and autenticate on gcp.
That's my point. Both locally and on GCP you never need a service account key file. In addition to being a bad practice and that creates security breaches, I strongly fight against their usage and advocacy (even up to Google Cloud dev advocates, and different videos and tutorials)
That being said, you should use ADC. On your local environment, use gcloud to be authenticated, either with your own user account (and therefore with your own permissions/roles) or with service account impersonation (on behalf a service account, with its roles/permissions)
# With your own account
gcloud auth application-default login
# With your own account that impersonate a service account
gcloud auth application-default login --impersonate-service-account=<service account email>
#Note that your user account must have the 'service account token creator' role on your service account (or on the project containing it)
If you are on GCP, the metadata server (or workload identity) can provide the same credentials automatically without gcloud configuration.
Then, in your code, remove all references to a specific files, environment variable or whatever. Let the Google Cloud client libraries leverage ADC to detect automatically the credentials loaded on the current runtime environment.
Thus, with that method, you can write the exact same code on your computer and on the cloud, you don't have a hook if you are local or not. It's safer and cleaner in your code, more portable.