How to access GCP Secret Manager from Angular 9 web app service

0
votes

I am having Angular service (Cloud Run fully managed) from which I would like to access 'googleapis' Secret Manager API with HTTP client call.

The problem is I do not find a way to get the current service account's auth token that I can further use into the Authorization header field. This is an approach to use Secret Manager API, but I can change this with possible other solutions too unless it is working from the Agular app.

Thanks a lot in advance.

1
angularhttpauthorizationgoogle-cloud-rungoogle-secret-manager
Is the app making the call or is the user accessing the app making the call? levelup.gitconnected.com/…sethvargo
it is the app. There is no user involvement.dasiyes
If you're running outside of GCP, you would need to download and use a service account (cloud.google.com/docs/authentication). On GCP, you can use default application credentials attached to the device (i.e. VM) to authenticate.sethvargo
@sethvargo: I have updated the question - the app is running on Cloud Run with the default service account. The default application credentials do not help in this case - I need to authorize API calls with Bearer token. The default application credentials would help if I would use a library within Angular, but I am not sure if such exists for client-side (front end) for Angular. I have a solution for the making those API calls from the back-end. However, I am trying to find one for the front-end.dasiyes
Ah okay, you'll need to get a token from the metadata server then:sethvargo

1 Answers

2
votes

I found a conceptual solution to the problem. It is described in the Cloud Run documentation. In general, it makes an API call to metadata server to receive an access token for the service account (default or another particular one) which can be later used in the header field Authorization for any other google APIs calls. The described solution works only from inside GCP (I have tested it from Cloud shell with curl and it works fine). From my application using httpClient though I run into Gateway timeout Error, I will open another question for it.