Access Google Secret Manager secrets from Angular app

Question

Is it possible to access Google Secret Manager API via simple API call using API key?

https://secretmanager.googleapis.com/v1/projects/*/secrets/*?key=mykey

throws 401 unauthenticated. On the Node.js server powering the Angular app, I utilize client library, but there's no such thing for Typescript.

score 1 · Answer 1 · answered May 28 '21 at 10:27

It's possible, but it's strongly discouraged. This flow would require exposing an API key to all users of your website, and you have to implement some of the oauth dance yourself. It's strongly preferred that you delegate this to some server-severside app that can both:

Use supported client libraries
Maybe perform the action that the requires the secret and respond with the result. (This doesn't apply if you're looking to expose metadata about the secret instead of the payload.)

So if you're still totally convicted that this is the way to go then: You can't use an API key but you can use a service account and do the oauth flow with the google.com/

https://developers.google.com/identity/protocols/oauth2/service-account#httprest documents the steps required. The scope you're looking for is probably https://www.googleapis.com/auth/cloud-platform

https://developers.google.com/identity/protocols/oauth2/scopes#secretmanager

score 0 · Accepted Answer · answered May 27 '21 at 11:24

0

No. Secret Manager does not support API keys for authentication.

answered May 27 '21 at 11:24

sethvargo

26,739
10
86
156

Access Google Secret Manager secrets from Angular app

2 Answers2