On Thu, Mar 13, 2014 at 1:57 AM, Alex Heneveld < alex.henev...@cloudsoftcorp.com> wrote:
> 1) For the folks from Google (Rick looking at you) -- is there a shorter > secret which could be used? (GCE is just about the only cloud that needs > an entire key here so just about everything else passes the value.) > Short answer: Not really Longer Answer: There are basically two ways to authenticate to the GCE API (Oauth2) with a standalone application (Three if you add web apps). The first way is the one that jclouds currently supports. That's the "Service Account" authentication. With this, you use the service account "email address" and the private key to authenticate. Most users tend to store the key in a .pem file and then just pass in the path to the key instead of using the key directly. This is generally the best authentication method for an app that someone will run themselves with their own credentials. The second way to authenticate is with the Installed Application authentication. AFAIK, this is not currently supported by jclouds. With this method, you are given a "Client ID" and a "Client Secret" (not really a secret), that you use to identify your application. Then, at runtime, the user is directed to a web page to sign in to their account and give permission for the app to access their account. This is probably a better method for an application that will be distributed and run by many people using their own accounts (imagine a third-party dashboard application that you can use to monitor your instances). Either way, there really isn't any "simple" authentication method for GCE. More information: https://developers.google.com/console/help/new/#serviceaccounts Basic instructions that I wrote for libcloud: https://libcloud.readthedocs.org/en/latest/compute/drivers/gce.html#service-account -Rick
