3

I have created a custom container model on the Google Vertex Ai platform to deploy a model, I have also deployed it to an endpoint,I can access it using bearer token and OAuth 2.0 set up but i was wondering if there is a way to make this prediction endpoint public for testing with a simple auth key or something?

Chris
  • 1,335
  • 10
  • 19
kunwarvikrant
  • 53
  • 9
  • Grant a special user named "allUsers" the role to invoque your endpoint. – guillaume blaquiere Oct 03 '22 at 07:21
  • so i should create a separate service account and create a key for the same?? – kunwarvikrant Oct 03 '22 at 14:06
  • ??? No!!! Never (or exceptionally) use the service account key file. It's a bad practice and a security mistake to do that. SA won't save your issue. I don't catch your logic here. – guillaume blaquiere Oct 03 '22 at 19:08
  • So what are you suggesting ?......i feel a little lost here..:P.....they mention that the api key is not compatible with the vertex ai endpoint and i tried setting up oauth but it seems that oauth2.0 seem to work only with the users with the permissions of the project where this endpoint is created ..... – kunwarvikrant Oct 04 '22 at 05:47
  • @kunwarvikrant You can follow this [article](https://cloud.google.com/blog/products/ai-machine-learning/extending-network-reachability-of-vertex-pipelines) regarding the same. Let me know whether this is helpful or not. – kiran mathew Oct 05 '22 at 06:21

1 Answers1

0

I was wondering if there is a way to make this prediction endpoint public for testing with a simple auth key?

Yes, you can use a customer managed encryption key (CMEK) with no rotation policy as a simple symmetric authentication key. This guide tells you how.

Once the key is imported, choose the CMEK option and select your key under the Encryption section when creating the Vertex AI endpoint.

In addition, choosing "Standard Access" when creating the endpoint creates a publicly reachable endpoint.

(Initially I got an error that quota metrics exceed quota limits for in_use_customer_managed_encryption_keys. However, I successfully applied for a quota increase and was subsequently able to create the endpoint with the CMEK key).

Chris
  • 1,335
  • 10
  • 19
  • I created my endpoint with CMEK but how the heck do I call it? I suppose via a service account with some public key? Or ideally can I convert it to a bearer token for url post requests? Hmm. – jonincanada Dec 28 '22 at 20:03