Google Drive remote "client_id" and "client_secret" security

Marcus1 · July 12, 2021, 2:12pm

Hi there rclone community

In Google Cloud Platform, I have created a custom "client_id" and "client_secret" keys. This makes sure we don't hit the quota limit for the generic rclone ones.

Since we want to use the same keys for different users, I am wondering how secure is this.

I guess this doesn't pose a security risk since each user has to individually authenticate with his own account. So the only problem is that if many users share the same keys, we can hit the quota limit sooner.

Are my assumptions correct? Or can sharing the keys between different users affect security?

Many thanks in advance!

M

Animosity022 · July 12, 2021, 2:21pm

The client ID/secret only ties back to the API usage so you have to authenticate to use the actual drive so depending on how much you want to segregate and see what folks are doing with their quota, you can share if you like.

There is a query per 100 seconds which seems to be around 10k per user:

So depending on how many users, you may want to have them use their own depending on the usage.

Marcus1 · July 12, 2021, 2:31pm

Thanks a lot Animosity. I am not very much concerned by the API quota atm. More like if sharing the same keys would be a security risk.

Animosity022 · July 12, 2021, 2:43pm

IMO, I don't think so as it's just giving you access to use the API and you still have to authenticate with the drive in question.

system · September 11, 2021, 10:43am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.