I am using Google Speech API in my Django web-app. I have set up a service account for it and am able to make API calls locally. I have pointed the local GOOGLE_APPLICATION_CREDENTIALS environment variable to the service account's json file which contains all the credentials.
我正在我的Django web应用程序中使用谷歌语言API。我已经为它建立了一个服务帐户,并且能够在本地进行API调用。我已经将本地GOOGLE_APPLICATION_CREDENTIALS环境变量指向服务帐户的json文件,该文件包含所有凭证。
This is the snapshot of my Service Account's json file: 
这是我的服务帐户json文件的快照:
I have tried setting heroku's GOOGLE_APPLICATION_CREDENTIALS environment variable by running
我尝试通过运行设置heroku的GOOGLE_APPLICATION_CREDENTIALS环境变量
$ heroku config:set GOOGLE_APPLICATION_CREDENTIALS="$(< myProjCreds.json)"
$ heroku config
GOOGLE_APPLICATION_CREDENTIALS: {
^^ It gets terminated at the first occurrence of " in the json file which is immediately after { and
^ ^就终止在第一次出现“{和后立即的json文件
$ heroku config:set GOOGLE_APPLICATION_CREDENTIALS='$(< myProjCreds.json)'
$ heroku config
GOOGLE_APPLICATION_CREDENTIALS: $(< myProjCreds.json)
^^ The command gets saved into the environment variable
^ ^命令保存到环境变量
I tried setting heroku's GOOGLE_APPLICATION_CREDENTIALS env variable to the content of service account's json file but it didn't work (because apparently the this variable's value needs to be an absolute path to the json file) . I found a method which authorizes a developer account without loading json accout rather using GOOGLE_ACCOUNT_TYPE, GOOGLE_CLIENT_EMAIL and GOOGLE_PRIVATE_KEY. Here is the GitHub discussion page for it.
我尝试将heroku的GOOGLE_APPLICATION_CREDENTIALS env变量设置为服务帐户的json文件的内容,但它不起作用(因为显然,这个变量的值必须是json文件的绝对路径)。我找到了一种方法,它不需要加载json accout,而是使用GOOGLE_ACCOUNT_TYPE、GOOGLE_CLIENT_EMAIL和GOOGLE_PRIVATE_KEY来授权开发帐户。这里是GitHub的讨论页面。
I want something similar (or something different) for my Django web-app and I want to avoid uploading the json file to my Django web-app's directory (if possible) for security reasons.
我想为我的Django web应用程序提供一些类似(或不同)的东西,并且出于安全原因,我想避免将json文件上传到我的Django web应用程序的目录(如果可能的话)。
1 个解决方案
#1
1
Depending on which library you are using for communicating with Speach API you may use several approaches:
根据您正在使用哪个库与Speach API通信,您可以使用几种方法:
-
You may serialize your JSON data using base64 or something similar and set resulting string as one environment variable. Than during you app boot you may decode this data and configure your client library appropriately.
您可以使用base64或类似的方法序列化JSON数据,并将结果字符串设置为一个环境变量。在应用程序引导期间,您可以解码这些数据并适当地配置您的客户端库。
-
You may set each pair from credentials file as separate env variables and use them accordingly. Maybe library that you're using support authentication using
GOOGLE_ACCOUNT_TYPE,GOOGLE_CLIENT_EMAILandGOOGLE_PRIVATE_KEYsimilar to the ruby client that you're linking to.您可以将每一对从凭证文件中设置为单独的env变量,并相应地使用它们。也许您正在使用的库支持使用GOOGLE_ACCOUNT_TYPE、GOOGLE_CLIENT_EMAIL和GOOGLE_PRIVATE_KEY进行身份验证,类似于您要链接的ruby客户机。
EDIT: Assuming that you are using google official client library, you have several options for authenticating your requests, including that you are using (service account): https://googlecloudplatform.github.io/google-cloud-python/latest/core/auth.html You may save your credentials to the temp file and pass it's path to the Client object https://google-auth.readthedocs.io/en/latest/user-guide.html#service-account-private-key-files (but it seems to me that this is very hacky workaround). There is a couple of other auth options that you may use.
编辑:假设您正在使用谷歌官方客户端库,那么您有几个验证请求的选项,包括您正在使用的(服务帐户):https://googlecloudplatform.github.io/google-cloud-python/latest/core/auth。您可以将您的凭证保存到temp文件中,并将其路径传递给客户机对象https://goog-auth.readthedocs.io/en/latest/user -guide。html#service-account-private-key-files(但在我看来,这是一个非常简单的解决方案)。您还可以使用其他几个auth选项。
EDIT2: I've found one more link with the more robust approach http://codrspace.com/gargath/using-google-auth-apis-on-heroku/. There is ruby code, but you may do something similar in Python for sure.
EDIT2:我已经找到了一个与更健壮的方法相关联的链接:http://codrspace.com/gargath/using-google- auth-_heroku/。有ruby代码,但是您可以在Python中做一些类似的事情。
#1
1
Depending on which library you are using for communicating with Speach API you may use several approaches:
根据您正在使用哪个库与Speach API通信,您可以使用几种方法:
-
You may serialize your JSON data using base64 or something similar and set resulting string as one environment variable. Than during you app boot you may decode this data and configure your client library appropriately.
您可以使用base64或类似的方法序列化JSON数据,并将结果字符串设置为一个环境变量。在应用程序引导期间,您可以解码这些数据并适当地配置您的客户端库。
-
You may set each pair from credentials file as separate env variables and use them accordingly. Maybe library that you're using support authentication using
GOOGLE_ACCOUNT_TYPE,GOOGLE_CLIENT_EMAILandGOOGLE_PRIVATE_KEYsimilar to the ruby client that you're linking to.您可以将每一对从凭证文件中设置为单独的env变量,并相应地使用它们。也许您正在使用的库支持使用GOOGLE_ACCOUNT_TYPE、GOOGLE_CLIENT_EMAIL和GOOGLE_PRIVATE_KEY进行身份验证,类似于您要链接的ruby客户机。
EDIT: Assuming that you are using google official client library, you have several options for authenticating your requests, including that you are using (service account): https://googlecloudplatform.github.io/google-cloud-python/latest/core/auth.html You may save your credentials to the temp file and pass it's path to the Client object https://google-auth.readthedocs.io/en/latest/user-guide.html#service-account-private-key-files (but it seems to me that this is very hacky workaround). There is a couple of other auth options that you may use.
编辑:假设您正在使用谷歌官方客户端库,那么您有几个验证请求的选项,包括您正在使用的(服务帐户):https://googlecloudplatform.github.io/google-cloud-python/latest/core/auth。您可以将您的凭证保存到temp文件中,并将其路径传递给客户机对象https://goog-auth.readthedocs.io/en/latest/user -guide。html#service-account-private-key-files(但在我看来,这是一个非常简单的解决方案)。您还可以使用其他几个auth选项。
EDIT2: I've found one more link with the more robust approach http://codrspace.com/gargath/using-google-auth-apis-on-heroku/. There is ruby code, but you may do something similar in Python for sure.
EDIT2:我已经找到了一个与更健壮的方法相关联的链接:http://codrspace.com/gargath/using-google- auth-_heroku/。有ruby代码,但是您可以在Python中做一些类似的事情。