Generating a JSON key for GOOGLE_APPLICATION_CREDENTIALS is a straightforward process, but it requires navigating the Google Cloud Console. This key acts as a "passport" for your local environment or server to talk to Google APIs securely.
Here is the step-by-step guide to getting it done.
1. Navigate to the IAM & Admin Console
First, you need to head to the Google Cloud Console.
Go to the Service Accounts page.
Select your Project from the top dropdown menu if it isn't already selected.
2. Create a Service Account (If you don't have one)
If you already have a service account you want to use, skip to step 3. Otherwise:
Click + CREATE SERVICE ACCOUNT at the top.
Give it a name (e.g., my-app-service-account).
Click Create and Continue.
Grant access: Assign a "Role" that has the permissions your app needs (e.g., Storage Object Viewer or Pub/Sub Publisher).
Click Done.
3. Generate the JSON Key
Now, you’ll extract the actual credential file:
In the list of service accounts, click on the Email address of the account you just created (or an existing one).
Click on the Keys tab at the top.
Click the ADD KEY dropdown and select Create new key.
Choose JSON as the key type and click Create.
Your browser will automatically download a .json file. Keep this file safe! It contains private keys that grant access to your cloud resources; never commit it to public GitHub repositories.
4. Set the Environment Variable
Once you have the file (let's say it's named service-account-file.json), you need to point your system to it so your code can find it.
On macOS / Linux (Terminal)
Add this to your .bashrc, .zshrc, or run it in your current session:
Bash
export GOOGLE_APPLICATION_CREDENTIALS="/path/to/your/service-account-file.json"
Upload key
No comments:
Post a Comment