search

GoogleCloudPlatform / samples-style-guide

Guidelines on writing effective Google Cloud samples.
https://googlecloudplatform.github.io/samples-style-guide/
Apache License 2.0
11 stars 19 forks source link

Don't show using service account keys to authenticate as example code #85

Closed piaxc closed 1 year ago

piaxc commented 2 years ago

Thank you for taking the time to advocate for samples practice improvements!

Description

The Authentication section of the Samples Style Guide includes samples that show the use of a service account key to generate credentials, which are then passed to the client.

Using a service account key is a risky practice, because it involves loading persistent, powerful credentials to your local machine (and possibly into GitHub, etc.).

The presence of the use of a service account key in sample code guides users towards doing that, which is a Bad Thing.

Please remove samples that use service account keys.

We always show some example where you explicitly provide the credentials to the client, but the use case for this is unclear. Perhaps remove it altogether.

Impact

Challenge

kurtisvg commented 2 years ago

One usecase where you might want to provide credentials if they are scoped to a specific scope - e.i. ReadOnly for BIgQuery. Maybe that's a usecase we could show instead?