search

matrix-org / sygnal

Sygnal: reference Push Gateway for Matrix
Apache License 2.0
167 stars 148 forks source link

Use google `default` for auth when no `service_account_json` file specified #383

Closed devonh closed 5 months ago

devonh commented 5 months ago

This allows the use of various other mechanisms to acquire google application credentials. See here for more info: https://cloud.google.com/docs/authentication#auth-decision-tree https://cloud.google.com/docs/authentication/application-default-credentials

To achieve the same behaviour as specifying service_account_json in the config, set the env var GOOGLE_APPLICATION_CREDENTIALS="/path/to/service_account.json"

Note: This has the downside of applying the same google credentials for all GCM pushers. If you desire different google credentials for different pushkins running on the same Sygnal instance, setting the service_account_json is the only way to achieve that.

devonh commented 5 months ago

After thinking about this more, we need to be able to specify the service account file per pusher. Which means a global environment variable does not fit the bill. Closing this PR.