> + > +## <a id="auth"></a>Authentification > +Google Cloud Platform uses OAuth which gives a variety of choices how to > authentificate: > + * One can ask a user for consent to perform operations in his/her name. > + * One can create a service account and use its private key to > authentificate. > + * Unless configured otherwise, programs running on a GCE instance can > perform operations as the project's default service account > ([documentation](https://developers.google.com/compute/docs/authentication)). > + > +You can find all the details in [the > documentation](https://developers.google.com/accounts/docs/OAuth2), while in > these examples we will focus only on service accounts (bullet 2). > + > +To create a new service account: > + * Go to the [Developer Console](https://console.developers.google.com/). > + * Choose API & auth > Credentials. > + * Click "Create new Client ID". > + * Select "Service account" and click "Create service ID". > + * Data about the new service account will be visilble in the console and a > private key will be downloaded. Notice that the data includes service account > email address - you will need it to use the account. > + * To keep the examples simple, we use private keys without passwords. It > might be something you will not do in a production environment, but for the > examples run: `openssl pkcs12 -in {downloaded_file}.p12 -nodes -out > gcp-example.pem -passin pass:notasecret`.
I don't feel comfortable giving official advices. I could look for someone who does, but it seems orthogonal to main topic of this guide. On Tue, May 13, 2014 at 12:31 AM, Andrew Phillips <[email protected]>wrote: > In guides/google.md: > > > + > > +## <a id="auth"></a>Authentification > > +Google Cloud Platform uses OAuth which gives a variety of choices how to > > authentificate: > > + * One can ask a user for consent to perform operations in his/her name. > > + * One can create a service account and use its private key to > > authentificate. > > + * Unless configured otherwise, programs running on a GCE instance can > > perform operations as the project's default service account > > ([documentation](https://developers.google.com/compute/docs/authentication)). > > + > > +You can find all the details in [the > > documentation](https://developers.google.com/accounts/docs/OAuth2), while > > in these examples we will focus only on service accounts (bullet 2). > > + > > +To create a new service account: > > + * Go to the [Developer Console](https://console.developers.google.com/ > ). > > + * Choose API & auth > Credentials. > > + * Click "Create new Client ID". > > + * Select "Service account" and click "Create service ID". > > + * Data about the new service account will be visilble in the console and > > a private key will be downloaded. Notice that the data includes service > > account email address - you will need it to use the account. > > + * To keep the examples simple, we use private keys without passwords. It > > might be something you will not do in a production environment, but for the > > examples run: `openssl pkcs12 -in {downloaded_file}.p12 -nodes -out > > gcp-example.pem -passin pass:notasecret`. > > Is there anything we can advise people to do if they *do* want to run in > a production environment? > > — > Reply to this email directly or view it on > GitHub<https://github.com/jclouds/jclouds-site/pull/98/files#r12557638> > . > --- Reply to this email directly or view it on GitHub: https://github.com/jclouds/jclouds-site/pull/98/files#r12690129
