Introduction I recently had a conversation with the Principle Security Architect for a large company concerned with security, identity, and access management. He asked me, “What language do you write your code in and why?”. I answered his question with… Continue Reading →
Socratica Python Kickstarter Campaign Introduction from Socratica’s Kickstarter Campaign Socratica – a small educational film studio with big dreams. You know us for our high-quality video lessons about math, science, and programming, especially PYTHON. Over the course of five… Continue Reading →
Introduction I watch a lot of training material from all the major education vendors (Pluralsight, Linux Academy, Cloud Academy, A Cloud Guru, and many others). For a long time, I have been wanting to add professional scriptwriting, professional graphics and… Continue Reading →
Table of Contents Introduction Definitions Example Private & Public Keys OpenSSH Public Keys SSH-2 Public Keys Examining OpenSSH Public Keys Introduction There is a lot of confusion and inaccurate information on the Internet about Key Pairs and Private/Public keys. This… Continue Reading →
Introduction On August 15, 2018, Google released the Alpha release of Google Cloud Run. Many of us saw the potential and went to work learning this new platform. Everything serverless gets our attention. Cloud Run is Google’s entry into serverless… Continue Reading →
This article shows how to display a list of Google Cloud Projects that you have access to list. This article includes two examples in Python that use two different Google Cloud Python libraries. These examples produce the same output as the… Continue Reading →
The following example shows several important steps to call Google Cloud APIs without using an SDK in Python. Similar code works in just about any language (c#, java, php, nodejs). Change the source code with the filename of your service… Continue Reading →
I have written a number of articles about Google Cloud Credentials. For Service Account credentials, there are two on-disk formats: P12 and Json. This article shows how to convert these credentials from P12 to Json.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 |
############################################################ # Version 1.00 # Date Created: 2018-12-22 # Last Update: 2018-12-22 # https://www.jhanley.com # Copyright (c) 2018, John J. Hanley # Author: John Hanley ############################################################ ''' This program converts Google Service Account credentials from P12 format into Json format. The critical items to know: Service Account Email address that matches the service account credentials. If this is wrong, the credentials won't work (P12 or Json). Project ID. P12 Password. ''' import json import OpenSSL.crypto # This is the output file with the generated service account credentials from P12 credentials json_filename = 'service-account.json' # Details on the Google Service Account. The email must match the Google Console. project_id = 'development-123456' sa_filename = 'compute-engine.p12' sa_password = 'notasecret' sa_email = 'development-123456@developer.gserviceaccount.com' # client_id is the 'Unique ID' in the Google Console under 'Service account details' # This value is unique per service account email # Optional client_id = '123456789064738430393' # pkey_id is the 'Key ID' in the Google Console under 'Service account details' # This value is unique per key. One serice account can have more than one key issued # Optional pkey_id = 'e13865c612a34567abcdef1a8753d1c6789abcdb' def load_private_key(p12_path, p12_password): ''' Read the private key and return as base64 encoded ''' # print('Opening:', p12_path) with open(p12_path, 'rb') as f: data = f.read() # print('Loading P12 (PFX) contents:') p12 = OpenSSL.crypto.load_pkcs12(data, p12_password) # Dump the Private Key in PKCS#1 PEM format key = OpenSSL.crypto.dump_privatekey( OpenSSL.crypto.FILETYPE_PEM, p12.get_privatekey()) # return the private key return key def my_encode(s): ''' This routine encodes the Json 'client_x509_cert_url' ''' # Replace @ with %40 return s.replace('@', '%40') # Generate the cert_url cert_url = 'https://www.googleapis.com/robot/v1/metadata/x509/' + sa_email # Load the private key from P12 pkey = load_private_key(sa_filename, sa_password) # Json that will be writting to json_filename sa = { "type": "service_account", "project_id": project_id, "private_key_id": pkey_id, "private_key": pkey.decode('utf-8'), "client_email": sa_email, "client_id": client_id, "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": my_encode(cert_url) } with open(json_filename, 'w') as outfile: json.dump(sa, outfile, indent=2) |
Google Service Account Credentials are available in two file formats: Json and P12. P12 is also known as PFX. The following code shows how to process a P12 file and split into Private Key and Certificate. This code also works… Continue Reading →
Google Service Account Credentials are available in two file formats: Json and P12. P12 is also known as PFX. The following code shows how to use P12 credentials to list the buckets in Google Cloud Storage without using an SDK…. Continue Reading →
I have worked with Google Cloud Stackdriver for about three months. The more I learn about Stackdriver the more I like it. Great product for logging, monitoring, error reporting, application tracing and application debugging and more. One of the items… Continue Reading →
Google Cloud Application Default Credentials (ADC) are not credentials. ADC is a strategy to locate Google Cloud Service Account credentials. If the environment variable GOOGLE_APPLICATION_CREDENTIALS is set, ADC will use the filename that the variable points to for service account credentials. This… Continue Reading →
Introduction If you have ever wanted to test Google OAuth 2.0 flows from the command-line, you will like this short article. [Update: I thought about the problem below with the copy and paste requirement. I created a simple python web… Continue Reading →
Google Cloud stores your credentials in a database on your system. These credentials can then be used over and over. Google’s choice of a database means that the CLI and SDK tools can manage a huge number of credentials efficiently…. Continue Reading →
© 2020 John Hanley — Powered by WordPress
Theme by Anders Noren — Up ↑