1

What is the best way to proxy requests with GCP, e.g. to hide secrets. Is it by making use of GCP API-Gateway which spawns a Load Balancer or by using a Load Balancer directly. Or are there any other ways?

A sample request to "transform" might be:

Client -> XXX (API-Gateway / Load Balancer)  -> External Service

       -> https://api.xxx.com/xxx            -> https://api.xxx.com/xxx?secret=secret

Or is the most simple and most cost efficient way to spawn a GCP function to proxy requests?

R.Schaefer
  • 123
  • 1
  • 9
  • Why do you want to inject secret on the fly? Where is running your API? Is it not simpler to load the secret in the API itself? – guillaume blaquiere Oct 03 '22 at 11:59
  • Issue is, that an app calls tomtom map api and a secret needs to be appended to the requested URI and for security reasons I can't add it to the app (android + ios) itself. That's why I need to proxy it. – R.Schaefer Oct 03 '22 at 12:17
  • 1
    Hmm, that's the purpose of an API Gateway, not a load balancer. – guillaume blaquiere Oct 03 '22 at 19:06
  • Do you have any experience of setting up a GCP Gateway like this? Because unfortunatelly I wasn't able to rewrite urls accordingly... especially tomtom delivers pngs... – R.Schaefer Oct 05 '22 at 20:41

1 Answers1

1

The way that I can recommend is the Signed URL. Wherein you can use the URL prefixes for signed URL. If you used load balancer, signedkey is the one we can use to append URL.

However, on this feature we should consider the limitation of this service where there is a time limit using this feature. To know more about this feature you can check this link. If there are other recommendations please feel free to edit this post.

Yvan G.
  • 753
  • 1
  • 8