A Better way to authenticate Google Cloud Services on Heroku for Node.js App
I’m developing a node.js application which is hosted on heroku. With bleak experience of committing the project with credentials to github then contributing to some malfunctional cryptomining activities with my api keys, now i’m very much careful about way of exposing my credentials publicly.
Most of online platforms including allow us to manage our own environmental variables and use their values in our application to prevent exposing our credentials to unnecessary parties. In heroku we can save our env variables as key value pair.
But when we need to use Google Cloud Platform (GCP) services things get tricky because GCP’s credentials are saved in json file. We can’t directly use this json file in heroku but some smart people come up with few different ways to overcome this obstacle in front of them.
When i’m doing this for my project, i found different ways which others used to do this, but only one solution seems to be more secure and easy to understand. It was from @nwkeely’s response for an article. Here i’ll explain it more thoroughly.
Before start this you should have gcp’s key files with you ( json file). If you didn’t have them yet, you can read more details from here. Your key.json file should look like below.
{
“type”: “service_account”,“project_id”: “your project id”,“private_key_id”: “your private key id”,“private_key”: “your private key”,.............}
In this solution we are following the ordinary pattern but in bit tricky way. We save our json object as an environmental variable and we create a json file on server programmatically.
Step 1
First, create an environment variable called “GCP_CRED” and copy paste your key.json files content (json object) to it. This will store our json object as a string. ( You can create/view/edit your environmental variables in settings section. )
Then we have to save our desired name also for the key json file, which going to be generated in the server as an environmental variable. Here i name it as “GCP_KEY_FILE” and define it’s value as “./gcpconfig.json”.
Step 2
Now we have to write a script to generate our json file on server. For that first create a file called “gcpSetup.js” file and copy paste this code.
var fs=require(‘fs’);fs.writeFile(process.env.GCP_KEY_FILE, process.env.GCP_CRED, (err) => {});
Here we give instruction to create a file named as “./gcpconfig.json” and write the value of which stored on GCP_CRED variable on it.
Step 3
Finally we have to give instruction to run the “gcpSetup.js” file on project setup. So, if you need to install a custom module or run anything before NPM does its install you can configure it on “preinstall” attribute on package.json file. Just modify script property as follows.
“scripts” : {
“preinstall” : “node gcpSetup.js”
}Now you are ready to go… deploy your app..
