I’m wondering if there’s a way to use a service account to access Google Cloud Storage without rclone needing to read the service account credentials from a file. Can I set environment variables containing the names and contents of the fields in the JSON file instead?
Actually, would you accept a PR to take the contents of the service account file as an environment variable? I’m trying to keep my deployment as lean as possible, and not having extra files laying around would be real nice. This way, I could load my credentials from a database without having to touch the local disk.
At the moment rclone uses the config key
service_account_file to work out where the service account file is.
Probably the easiest thing would be to introduce a new config key
sevice_account_credentials (say). This could then be put in the config file, or set with an environment variable.
I don’t know whether this needs to go in the Config Options configurator - is that likely something people will want to put in their config files do you think?
Sounds good to me. I just hope an env variable can handle the whole contents of the account credentials file.
I don’t know, if they’re already using a config file, they probably don’t mind having files laying around. In my particular use (which is probably niche, I admit), I just don’t want to make files, I am strictly configuring rclone with environment variables and flags.
I’ll try to submit a PR soon. Any tips about where to look to implement this?
Take a look in drive.go and look for the mentions of
service_account_file - that is what you’ll need to change. Ignore the one in the config section.
createOAuthClient() is where the contents of the file are loaded - that should be easy to read it from the config there.
To read the env var, just use
config.FileGet(name, "service_account_credentials") which will read it from the config file or from the environment variable RCLONE_CONFIG_remotename_SERVICE_ACCOUNT_CREDENTIALS.
It should be reasonably straight forward. A bit of docs and you are good to go!
Awesome, thanks! That made it super easy. Pull request incoming.