5

I have created a console app using c#. I used google cloud speech api. I followed this sample application to create the app. To authenticate speech api, I wrote the following code in main method

Environment.SetEnvironmentVariable("GOOGLE_APPLICATION_CREDENTIALS", "path-to-json-file", EnvironmentVariableTarget.Process);

Everything works fine. My problem, I have to ship the exe along with the json file. I do not want to expose the json file. How can I embed the json file content in code or authenticate without json file ? so that I can only ship the exe to the user.

Any help on this will be appreciated.

Thanks.

Amitava Karan
  • 522
  • 1
  • 4
  • 16

2 Answers2

1

For the storage api I found this solution:

 Google.Apis.Auth.OAuth2.GoogleCredential cred = Google.Apis.Auth.OAuth2.GoogleCredential.FromJson(JSONString);
 var storage = Google.Cloud.Storage.V1.StorageClient.Create(cred);

I could easily imagine the same can be done with the other api's

MrCalvin
  • 1,093
  • 13
  • 19
0

You may store the keyfile encrypted, then on application startup decrypt that file and in a matter of miliseconds (after reading the contents and initializing), rewrite the decrypted content back.

another solution could be grabbing from server (encrypted) and storing in application variable (decrypted) and initialize with that, and then delete the file after initilization.

T.Todua
  • 44,747
  • 17
  • 195
  • 185
  • But how do you authenticate with the credentials stored in application variables? I don't want to write it to a json file, have the API read it, and then remove the JSON-file again, that's really ugly. – MrCalvin Aug 14 '19 at 06:08
  • @MrCalvin if you know better solution, let me know, i was searching too. – T.Todua Aug 14 '19 at 10:50
  • I might end up serialize the json into the code, encrypt the `private_key`, serialize it back to the file. But let's see if anyone have a better solution ;-) Before I found this thread I asked a similar questions [here](https://stackoverflow.com/questions/57488905/authenticate-google-cloud-storage-not-using-json-file) (sorry for the duplicate) – MrCalvin Aug 14 '19 at 13:57
  • The answer has nothing to do with the question. It does not answer how to provide credentials without json file that has to be already decrypted. – Rambalac Feb 12 '21 at 06:42
  • @Rambalac amusing ;) gl – T.Todua Feb 12 '21 at 22:25