问题描述

我正在开发一个CMS模块，该模块需要使用Google OAUTH 2来实现服务器到服务器的应用程序.根据官方手册，需要设置一个具有.json键路径的环境变量，如下所示:

I'm developing a CMS module that needs to use Google OAUTH 2 for server to server applications. According to the official manual one needs to set an environment variable with the path to .json key like so:

putenv('GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account.json');

这是棘手的部分.如果我要在独立的Web应用程序中使用它，那不会有任何问题，但是由于我正在使用CMS模块，因此将该文件存储在驱动器上或创建与使用相关的任何挂钩该文件的文件将构成潜在的安全威胁，因为我已经知道如何通过使用另一个模块来偷偷窃取密钥的内容.

And here is the tricky part. If I'd use it in a stand-alone web application, then there wouldn't be any problem, but since I'm working on a CMS module, storing that file on a drive or creating any kind of hooks associated with the use of this file would pose a potential security threat since I already see how one could sneakily steal the content of the key through the use of another module.

我想将此文件的内容存储在数据库中，并提出一个问题:是否可以通过某种方式在不使用路径的情况下设置GOOGLE_APPLICATION_CREDENTIALS的环境值?

I want to store the content of this file in the DB and the question: is there a way I could somehow set the environment value of GOOGLE_APPLICATION_CREDENTIALS without using a path?

推荐答案

在初始化客户端时，可以使用接受为配置选项的keyFile密钥.

One can use keyFile key accepted as a config option while initializing clients.

取自官方api文档的示例代码- https://github.com/googleapis/google-cloud-php

Sample code taken from the offical api doc - https://github.com/googleapis/google-cloud-php

require 'vendor/autoload.php';

use Google\Cloud\Core\ServiceBuilder;

// Authenticate using a keyfile path
$cloud = new ServiceBuilder([
    'keyFilePath' => 'path/to/keyfile.json'
]);

// Authenticate using keyfile data
$cloud = new ServiceBuilder([
    'keyFile' => json_decode(file_get_contents('/path/to/keyfile.json'), true)
]);

可以使用任何Google客户端代替ServiceBuilder.

In place of ServiceBuilder one can use any google client.

这篇关于如何在不使用路径的情况下设置GOOGLE_APPLICATION_CREDENTIALS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！