Google-Cloud-Platform
將 JSON 密鑰與穀歌云 gsutil 一起使用
我在一個文件中有一個 ssh 私鑰
key.json
,我想使用這個憑證來使用 gsutil 訪問儲存桶。我似乎找不到任何關於如何將 json 密鑰作為身份驗證方法的資訊,只有“私有”和“秘密”欄位。
文件結構為:
{ "private_key_id": "private_key": "-----BEGIN PRIVATE KEY-- ... "client_email": "client_id": "type": "service_account" }
我如何使用
gsutil
該文件?
簡短版本是執行以下命令並按照說明進行操作:
gsutil config -e
gsutil 工具具有內置幫助,可以查閱各種選項和操作模式。執行
gsutil help creds
時,單獨執行時推薦的幫助選項之一gsutil
,我們可以閱讀“OAuth2 Service Account
”部分以查看使用服務帳戶的 json 密鑰文件的說明:OAuth2 Service Account: This is the preferred type of credential to use when authenticating on behalf of a service or application (as opposed to a user). For example, if you will run gsutil out of a nightly cron job to upload/download data, using a service account allows the cron job not to depend on credentials of an individual employee at your company. This is the type of credential that will be configured when you run "gsutil config -e". It is important to note that a service account is considered an Editor by default for the purposes of API access, rather than an Owner. In particular, the fact that Editors have OWNER access in the default object and bucket ACLs, but the canned ACL options remove OWNER access from Editors, can lead to unexpected results. The solution to this problem is to ensure the service account is an Owner in the Permissions tab for your project. To find the email address of your service account, visit the `Google Developers Console <https://cloud.google.com/console#/project>`_, click on the project you're using, click "APIs & auth", and click "Credentials". To create a service account, visit the Google Developers Console and then: - Click "APIs & auth" in the left sidebar. - Click "Credentials". - Click "Create New Client ID". - Select "Service Account" as your application type. - Save the JSON private key or the .p12 private key and password provided. For further information about account roles, see: https://developers.google.com/console/help/#DifferentRoles For more details about OAuth2 service accounts, see: https://developers.google.com/accounts/docs/OAuth2ServiceAccount