8

I'm trying to authenticate with google cloud storage using a credentials token. Can't find an example anywhere in the node.js GCS api docs on how to do so. They instruct to generate and download a json file that contains your private key and then link to its path on your file system like so:

const storage = new Storage({keyFilename: "key.json"});

And this works just fine.

However I don't want to save my key as a JSON file, but create the credentials and save them as environment variables something like so:

const gc = new Storage({
    credentials: {
      client_email: process.env.CLIENT_EMAIL,
      private_key: process.env.SECRET_KEY
    }
});

I tried getting this token from the settings of the bucket, from the interoperability menu, using service account HMAC access keys.

I tried getting this token from the settings of the bucket, from the interoperability menu, using service account HMAC access keys

When I try to upload/delete files from the bucket with the authentication method above I get the following error:

Error: error:0909006C:PEM routines:get_name:no start line

Appreciate any help on the matter

Improve this question

3 Answers 3

Reset to default
5

  1. The error

    Error: error:0909006C:PEM routines:get_name:no start line

was actually caused because of a dotenv ohmyzsh plugin I downloaded a while back and just forgot about. Was very hard to debug. Turns out the google secret key has \n in it and the ohmyzsh dotenv plugin failed to parse them correctly. So deleting it worked for me.

If you use the JSON api (you most likely are) These are the credentials you need to authenticate, so you can just take the relevant info and put it in a .env file in your project, if you don't like putting the path to the json file:

const gc = new Storage({
      projectId: process.env.GOOGLE_STORAGE_PROJECT_ID,
      scopes: 'https://www.googleapis.com/auth/cloud-platform',
      credentials: {
        client_email: process.env.GOOGLE_STORAGE_EMAIL,
        private_key: process.env.GOOGLE_STORAGE_PRIVATE_KEY
      }
})

Still am not 100% sure on how to authenticate using a token + secret. I am getting close to the answer and will update this post in the future if I find it. Posting a helpful link: google-auth-library-nodejs hoping someone beats me to it :)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Error: error:0909006C:PEM routines:get_name:no start line can be solved by converting '\n' to the actual char \n using something like:

process.env.ATHENA_PRIVATE_KEY.replace(/\\n/g, '\n')
Improve this answer

Comments

-1

When integrating Vertex AI with Node.js, TypeScript, it’s common to hit authentication issues like:

Object literal may only specify known properties, and 'auth' does not exist in type 'VertexInit'.ts(2353)

or

PermissionDenied: 403 - IAM permission 'aiplatform.endpoints.predict' denied

In some Google libraries like @google-cloud/storage, you can pass an auth or keyFilename directly to the constructor. However: • The @google-cloud/vertexai library’s VertexAI class does not accept auth, authClient, or keyFilename in its constructor (at least as of current versions). • If you try to pass them anyway, TypeScript will throw: auth does not exist in type 'VertexInit'

Instead of passing auth or authClient directly, just set the credentials ( Service Account Key) via an environment variable:

import { VertexAI, HarmCategory, HarmBlockThreshold } from "@google-cloud/vertexai";
import path from "path";

process.env.GOOGLE_APPLICATION_CREDENTIALS = path.resolve(
  __dirname, 
  "../path-to/my-service-account.json"
);

const vertex_ai = new VertexAI({
  project: "your-gcp-project-id",
  location: "your-gcp-region" // e.g., "us-central1" or "asia-south1"
});
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.