Node.js google cloud storage authentication using credentials token

4
votes

I'm trying to authenticate with google cloud storage using a credentials token. Can't find an example anywhere in the node.js GCS api docs on how to do so. They instruct to generate and download a json file that contains your private key and then link to its path on your file system like so:

const storage = new Storage({keyFilename: "key.json"});

And this works just fine.

However I don't want to save my key as a JSON file, but create the credentials and save them as environment variables something like so:

const gc = new Storage({
    credentials: {
      client_email: process.env.CLIENT_EMAIL,
      private_key: process.env.SECRET_KEY
    }
});

I tried getting this token from the settings of the bucket, from the interoperability menu, using service account HMAC access keys.

I tried getting this token from the settings of the bucket, from the interoperability menu, using service account HMAC access keys

When I try to upload/delete files from the bucket with the authentication method above I get the following error:

Error: error:0909006C:PEM routines:get_name:no start line

Appreciate any help on the matter

1
node.jsgoogle-cloud-platformgoogle-cloud-storage

1 Answers

1
votes

  1. The error

    Error: error:0909006C:PEM routines:get_name:no start line

was actually caused because of a dotenv ohmyzsh plugin I downloaded a while back and just forgot about. Was very hard to debug. Turns out the google secret key has \n in it and the ohmyzsh dotenv plugin failed to parse them correctly. So deleting it worked for me.

If you use the JSON api (you most likely are) These are the credentials you need to authenticate, so you can just take the relevant info and put it in a .env file in your project, if you don't like putting the path to the json file:

const gc = new Storage({
      projectId: process.env.GOOGLE_STORAGE_PROJECT_ID,
      scopes: 'https://www.googleapis.com/auth/cloud-platform',
      credentials: {
        client_email: process.env.GOOGLE_STORAGE_EMAIL,
        private_key: process.env.GOOGLE_STORAGE_PRIVATE_KEY
      }
})

Still am not 100% sure on how to authenticate using a token + secret. I am getting close to the answer and will update this post in the future if I find it. Posting a helpful link: google-auth-library-nodejs hoping someone beats me to it :)