Module service_account

google_cloud_auth::credentials

Module service_account 

Source
Expand description

Service Account Credentials type.

A service account is an account for an application or compute workload instead of an individual end user. The default credentials used by the client libraries may be, and often are, associated with a service account. Therefore, you can use service accounts by configuring your environment, without any code changes.

Sometimes the application needs to use a service account key directly. The types in this module will help you in this case. For more information on when service account keys are appropriate, consult the relevant section in the Best practices for using service accounts guide.

You can create multiple service account keys for a single service account. When you create a service account key, the key is returned as a string. This string contains an ID for the service account, as well as the cryptographic materials (an RSA private key) required to authenticate the caller.

Therefore, service account keys should be treated as any other secret with security implications. Think of them as unencrypted passwords. Do not store them where unauthorized persons or programs may read them.

The types in this module allow you to create access tokens, based on service account keys and can be used with the Google Cloud client libraries for Rust.

While the Google Cloud client libraries for Rust automatically use the types in this module when ADC finds a service account key file, you may want to use these types directly when the service account key is obtained from Cloud Secret Manager or a similar service.

§Example

let service_account_key = serde_json::json!({
    "client_email": "test-client-email",
    "private_key_id": "test-private-key-id",
    "private_key": "<YOUR_PKCS8_PEM_KEY_HERE>",
    "project_id": "test-project-id",
    "universe_domain": "test-universe-domain",
});
let credentials: Credentials = Builder::new(service_account_key)
    .with_quota_project_id("my-quota-project")
    .build()?;
let headers = credentials.headers(Extensions::new()).await?;
println!("Headers: {headers:?}");

Structs§

Builder
A builder for constructing service account Credentials instances.

Enums§

AccessSpecifier
Represents the access specifier for a service account based token, specifying either OAuth 2.0 scopes or a JWT audience.