Topic 9 Question 44
Which of these is not a recommended method of authenticating an application with a Google Cloud service?
Use the gcloud and/or gsutil commands.
Request an OAuth2 access token and use it directly.
Embed the service account's credentials in the application's source code.
Use one of the Google Cloud Client Libraries.
解説
Do not embed secrets related to authentication in source code, such as API keys, OAuth tokens, and service account credentials. Authenticating applications using service account credentials Client libraries can use Application Default Credentials to authenticate with Google APIs and send requests to those APIs. For some applications, you might need to request an OAuth2 access token and use it directly without going through a client library or using the gcloud or gsutil tools. Some applications might use commands from the gcloud and gsutil tools, which are included by default in most Compute Engine images. These tools automatically recognize an instance's service account and relevant permissions granted to the service account. Reference: https://cloud.google.com/docs/authentication#token_lifecycle_management
コメント(8)
C is right
👍 14Ziegler2020/06/06Always C. Credentials in the source code? Never.
👍 4ohcan2020/07/21C - right A - wrong https://cloud.google.com/docs/authentication/production
Do not embed secrets related to authentication in source code, such as API keys, OAuth tokens, and service account keys.
👍 3AshokC2020/09/23
シャッフルモード