This article is a journal of my path to take the Google Professional Cloud Security Engineer Recertification. I plan to track my progress, resources and post exam tips. Date created: March 2, 2021 Last updated: March 7, 2021 Exam Completed:… Continue Reading →
Introduction This is part 2 of my series on IBM Cloud – Provisioning a Cloud Server. In this part, we will perform several tasks to improve the virtual server’s security and access. Review hardware firewall options. Lockdown external access by… Continue Reading →
Introduction I was answering a question on StackOverflow. The questioner has implemented Proxy TLS Interception which is very dangerous. I am reposting this thread on my website to share the details of my answer. The Question: how to configure Google… Continue Reading →
Introduction I use SSL certificates for everything. I am constantly creating them for internal systems and cloud services. This includes services such as web servers, SQL servers, anything where you might use a paid SSL certificate, or a self-signed certificate… Continue Reading →
Introduction Designing an application that incorporates Google Cloud SQL requires some thought. There are several factors to consider regarding security, performance, fault tolerance and availability. Incorrectly implementing one of these areas can affect the other areas, usually negatively. In this… Continue Reading →
Introduction Google Cloud SQL Proxy provides secure access to Cloud SQL Second Generation instances without having to whitelist IP addresses or configure SSL. Cloud SQL Proxy provides several important benefits: Secure connections: The proxy automatically encrypts traffic to and from the database using TLS… Continue Reading →
Introduction This article will discuss several key features if you are programming for Google Cloud Platform. Key features of this article: Using a service account that has no permissions to read a non-public Cloud Storage object. How to use the… Continue Reading →
The following example shows several important steps to call Google Cloud APIs without using an SDK in Python. Similar code works in just about any language (c#, java, php, nodejs). Change the source code with the filename of your service… Continue Reading →
I have written a number of articles about Google Cloud Credentials. For Service Account credentials, there are two on-disk formats: P12 and Json. This article shows how to convert these credentials from P12 to Json.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 |
############################################################ # Version 1.00 # Date Created: 2018-12-22 # Last Update: 2018-12-22 # https://www2.jhanley.com # Copyright (c) 2018, John J. Hanley # Author: John Hanley ############################################################ ''' This program converts Google Service Account credentials from P12 format into Json format. The critical items to know: Service Account Email address that matches the service account credentials. If this is wrong, the credentials won't work (P12 or Json). Project ID. P12 Password. ''' import json import OpenSSL.crypto # This is the output file with the generated service account credentials from P12 credentials json_filename = 'service-account.json' # Details on the Google Service Account. The email must match the Google Console. project_id = 'development-123456' sa_filename = 'compute-engine.p12' sa_password = 'notasecret' sa_email = 'development-123456@developer.gserviceaccount.com' # client_id is the 'Unique ID' in the Google Console under 'Service account details' # This value is unique per service account email # Optional client_id = '123456789064738430393' # pkey_id is the 'Key ID' in the Google Console under 'Service account details' # This value is unique per key. One serice account can have more than one key issued # Optional pkey_id = 'e13865c612a34567abcdef1a8753d1c6789abcdb' def load_private_key(p12_path, p12_password): ''' Read the private key and return as base64 encoded ''' # print('Opening:', p12_path) with open(p12_path, 'rb') as f: data = f.read() # print('Loading P12 (PFX) contents:') p12 = OpenSSL.crypto.load_pkcs12(data, p12_password) # Dump the Private Key in PKCS#1 PEM format key = OpenSSL.crypto.dump_privatekey( OpenSSL.crypto.FILETYPE_PEM, p12.get_privatekey()) # return the private key return key def my_encode(s): ''' This routine encodes the Json 'client_x509_cert_url' ''' # Replace @ with %40 return s.replace('@', '%40') # Generate the cert_url cert_url = 'https://www.googleapis.com/robot/v1/metadata/x509/' + sa_email # Load the private key from P12 pkey = load_private_key(sa_filename, sa_password) # Json that will be writting to json_filename sa = { "type": "service_account", "project_id": project_id, "private_key_id": pkey_id, "private_key": pkey.decode('utf-8'), "client_email": sa_email, "client_id": client_id, "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": my_encode(cert_url) } with open(json_filename, 'w') as outfile: json.dump(sa, outfile, indent=2) |
John HanleyI design… Continue Reading →
Google Service Account Credentials are available in two file formats: Json and P12. P12 is also known as PFX. The following code shows how to process a P12 file and split into Private Key and Certificate. This code also works… Continue Reading →
Google Service Account Credentials are available in two file formats: Json and P12. P12 is also known as PFX. The following code shows how to use P12 credentials to list the buckets in Google Cloud Storage without using an SDK…. Continue Reading →
This article is written for Windows, but the same principles apply to Linux and Mac. A service account is a special Google account that is used with applications or services, such as Google Compute Engine. Service account credentials are stored… Continue Reading →
Part 1 – The CURL command-line program If curl is not set up correctly for SSL (HTTPS) data transfers an error is displayed. The error message starts like this: curl: (60) SSL certificate problem: unable to get local issuer certificate… Continue Reading →
© 2024 John Hanley — Powered by WordPress
Theme by Anders Noren — Up ↑