0

How can I generate a signed URL for objects in my bucket on google cloud storage?

I have a google domain and using google cloud storage to host my objects in buckets. I do not need the use of an app engine (to reduce cost). The site will be static. Is there a way to generate a signed url if I am not using an app engine?

Joan Grau Noël
  • 3,084
  • 12
  • 21

1 Answers1

2

Yes, although signed URLs expire fairly quickly, and you'll need to periodically generate new ones.

Most of the client libraries support signing URLs programatically, but if you have gsutil, the easiest way to generate one is to create a service account and download its keyfile (let's say my-account.json), then run:

gsutil signurl -d 1d my-account.json gs://mybucket/myobject

The "1d" means 'valid for one day.' More docs here: https://cloud.google.com/storage/docs/gsutil/commands/signurl

Brandon Yarbrough
  • 37,021
  • 23
  • 116
  • 145
  • Hey Brandon so I am confused. Would the generation of the json file simply allow me to retrieve a signed URL to my google cloud storage objects within the buckets? Should this json file remain local and I just manually run the gstuil commands manually whenever I need a signed URL? Is this what you are implying? –  Jan 05 '19 at 03:17
  • I noticed with your method, my objects MUST BE PUBLIC when generating the signed url. Is it possible to always keep my objects private while generating the url? As of now, I must 1)set my object to public 2) generate signed url 3)set my object back to private to use the url –  Jan 05 '19 at 04:00
  • This is not the case. The object needs to be readable by whichever service account signs the request, but that's the only restriction. Also, the JSON file represents complete credentials for a service account and should be kept secret. – Brandon Yarbrough Jan 07 '19 at 22:23