3

What is a best, simple way to authenticate Vision API on heroku?

In development I just use:

@vision = Google::Cloud::Vision.new( project:  "instacult",
                                     keyfile:  "path/to/keyfile.json" )

Where keyfile is a json produced by google after creating service account (https://cloud.google.com/vision/docs/common/auth).

But obviously I can't just upload the keyfile to github.

I tried saving whole json to Heroku's config vars and running:

Rails.env.production? ? ENV["GOOGLE_CREDENTIALS"] : path

But I got "is not a valid file" in heroku's logs. Seems logical since I'm not passing a file but an object. But how to get over it?

Cheers, Kai

k4ju
  • 81
  • 5

1 Answers1

5

SOLVED:

Turns out you can provide a json object in environment variable, but there is a naming convention.

Here are the environment variables (in the order they are checked) for credentials:

  1. VISION_KEYFILE - Path to JSON file
  2. GOOGLE_CLOUD_KEYFILE - Path to JSON file
  3. VISION_KEYFILE_JSON - JSON contents
  4. GOOGLE_CLOUD_KEYFILE_JSON - JSON contents

source: https://googlecloudplatform.github.io/google-cloud-ruby/#/docs/google-cloud-vision/v0.23.0/guides/authentication

So I ended up with calling:

@vision = Google::Cloud::Vision.new( project:  "instacult")

Having set VISION_KEYFILE_JSON in my ~/.bashrc:

export VISION_KEYFILE_JSON='the_json_content'

and on heroku (https://devcenter.heroku.com/articles/config-vars#limits).

k4ju
  • 81
  • 5
  • I tried this method, I set up the VISION_KEYFILE_JSON in env and when I tried in my local it says ``` Unhandled promise rejection (rejection id: 1): Error: Could not load the default credentials. Browse to https://developers.google.com/accounts/docs/application-default-credentials for more information.``` But when I echo it shows the env – Mariya James Jan 30 '18 at 10:02