I am trying to to use the @google-cloud/secret-manager package to read secrets from inside an application, and I want it to authenticate with a specific service account, not the default credentials. I can't find any documentation anywhere on how to do this.
import { SecretManagerServiceClient } from '@google-cloud/secret-manager';
const smClient = new SecretManagerServiceClient();
There are no options anywhere in the docs to provide authentication parameters. I'm trying to even use the google-auth-library to authenticate with my service account, but I'm not sure how to even pass that to the secret-manager request.
import { JWT } from 'google-auth-library';
const keyFile = JSON.parse(
fs.readFileSync(path.resolve(__dirname, '../service-account.json'))
)
const authClient = new JWT({
email: keyFile.client_email,
key: keyFile.private_key,
scopes: ['https://www.googleapis.com/auth/cloud-platform'],
});
Google Cloud Client Libraries use a library called Application Default Credentials (ADC) to automatically find your service account credentials. ADC looks for service account credentials in the following order:
If the environment variable GOOGLE_APPLICATION_CREDENTIALS is set, ADC uses the service account key or configuration file that the variable points to.
If it isn't set, ADC uses the service account that is attached to the resource that is running your code.
If ADC can't use any of the above credentials, an error occurs.
The recommended steps would be to create a service account and set an environment variable accordingly. Also ,there are few examples for common use cases and a brief information in the same document about how to access a secret.
Hope the above information is useful to you.