|
|
|
|
@ -63,11 +63,13 @@ grpc::Status s = stub->sayHello(&context, *request, response); |
|
|
|
|
|
|
|
|
|
This credential works for applications using Service Accounts as well as for |
|
|
|
|
applications running in Google Compute Engine (GCE). In the former case, the |
|
|
|
|
service account’s private keys are expected in file located at [TODO: well |
|
|
|
|
known file fath for service account keys] or in the file named in the environment |
|
|
|
|
variable [TODO: add the env var name here]. The keys are used at run-time to |
|
|
|
|
generate bearer tokens that are attached to each outgoing RPC on the |
|
|
|
|
corresponding channel. |
|
|
|
|
service account’s private keys are loaded from the file named in the environment |
|
|
|
|
variable `GOOGLE_APPLICATION_CREDENTIALS`. If that environment variable is not |
|
|
|
|
set, the library attempts to load the keys from the file located at |
|
|
|
|
`<home>/.config/gcloud/application_default_credentials.json` where `<home>` is |
|
|
|
|
the relative path specified in the environment variable `HOME`. Once loaded, the |
|
|
|
|
keys are used to generate bearer tokens that are attached to each outgoing RPC |
|
|
|
|
on the corresponding channel. |
|
|
|
|
|
|
|
|
|
For applications running in GCE, a default service account and corresponding |
|
|
|
|
OAuth scopes can be configured during VM setup. At run-time, this credential |
|
|
|
|
|
Abhishek Kumar
10 years ago