Google Cloud Storage Authentication Mechanism

JFrog Installation & Setup Documentation

Content Type
Installation & Setup
ft:sourceType
Paligo

Authentication is established using a credentials file generated automatically by Google.

Authentication Resolution Order

  1. ‘useInstanceCredentials’ == true && set the "GOOGLE_APPLICATION_CREDENTIALS" env var

  2. ‘useInstanceCredentials’ == true && use Kubernetes (or other) service account creds (no creds file)

  3. ‘useInstanceCredentials’ == false && save creds file under the default path $JFROG_HOME/artifactory/var/etc/artifactory/gcp.credentials.json.

    Note

    Grant the "Cloud Functions Service Agent" role to the utilized service account in order to use the instance's credentials.

    Artifactory searches for an environment variable named GOOGLE_APPLICATION_CREDENTIALS containing the path to the credentials file. If the environment variable does not exist, the default service account provided by the Compute Engine, Kubernetes Engine, App Engine, and Cloud Functions will be applied to applications running on those services.