我在key.json文件中有一个ssh私钥,我想用这个凭证来使用gsutil访问存储桶。
我似乎无法find任何有关如何将json密钥作为身份validation方法,只有“私人”和“秘密”字段。
文件结构是:
{ "private_key_id": "private_key": "-----BEGIN PRIVATE KEY-- ... "client_email": "client_id": "type": "service_account" }
我如何使用该文件?
谢谢
简短版本是运行以下命令并按照说明进行操作:
gsutil config -e
gsutil工具有内置的帮助,可以查询各种选项和操作模式。 运行gsutil help creds时,我们可以阅读“ OAuth2 Service Account ”一节中的部分,以查看使用服务帐户的json密钥文件的说明:
OAuth2 Service Account: This is the preferred type of credential to use when authenticating on behalf of a service or application (as opposed to a user). For example, if you will run gsutil out of a nightly cron job to upload/download data, using a service account allows the cron job not to depend on credentials of an individual employee at your company. This is the type of credential that will be configured when you run "gsutil config -e". It is important to note that a service account is considered an Editor by default for the purposes of API access, rather than an Owner. In particular, the fact that Editors have OWNER access in the default object and bucket ACLs, but the canned ACL options remove OWNER access from Editors, can lead to unexpected results. The solution to this problem is to ensure the service account is an Owner in the Permissions tab for your project. To find the email address of your service account, visit the `Google Developers Console <https://cloud.google.com/console#/project>`_, click on the project you're using, click "APIs & auth", and click "Credentials". To create a service account, visit the Google Developers Console and then: - Click "APIs & auth" in the left sidebar. - Click "Credentials". - Click "Create New Client ID". - Select "Service Account" as your application type. - Save the JSON private key or the .p12 private key and password provided. For further information about account roles, see: https://developers.google.com/console/help/#DifferentRoles For more details about OAuth2 service accounts, see: https://developers.google.com/accounts/docs/OAuth2ServiceAccount