如何在Google App Engine中存储服务器的私钥?

huangapple go评论81阅读模式
英文:

How do I store the private key of my server in google app engine?

问题

我正在使用"github.com/dgrijalva/jwt-go"来创建JSON Web令牌。
当我在本地托管服务器时,我可以像往常一样使用我的私钥。但是在GAE中,它不起作用,因为我无法访问文件系统。

你们会如何处理这个问题?将密钥存储在数据存储中还是有其他的想法?

谢谢

编辑:

我的app.yaml看起来像这样(在api_version和其他内容之后):

handlers:
- url: /.*
  script: _go_app
英文:

I'm using "github.com/dgrijalva/jwt-go" to create JSON web tokens.
When I hosted my server locally, I could use my private key as usual. But in GAE it won't work because I don't have access to the file system.

How would you guys do it? Store the key in datastore or any other ideas?

Thanks

Edit:

My app.yaml looks like this (below api_version and stuff):

handlers:
- url: /.*
  script: _go_app

答案1

得分: 4

在AppEngine上,您无法访问主机操作系统的文件系统,但可以访问您的Web应用程序的文件(只有只读权限,无法更改它们,并且无法在应用程序文件夹中创建新文件)。

所以问题是:您是否想在不重新部署应用程序的情况下更改此私钥?或者如果它与您的应用程序代码一起“静态”部署,那么这样做是否完全可以接受?

如果您不需要更改它(或者只有在重新部署应用程序时才需要更改),最简单的方法是将其存储为Web应用程序的“静态”文件的一部分。您可以使用相对路径引用应用程序的文件,其中当前目录或工作目录是应用程序的根目录。例如,如果您的应用程序在其根目录(app.yaml所在的位置)中包含一个key文件夹,并且key文件夹中有一个my_key.txt文件,则可以使用路径key/my_key.txt引用它。

实际上,将静态文件与应用程序代码一起“发布”是非常常见的:只需考虑由Go代码(例如html/template包)读取和处理的HTML模板,以生成HTML结果;HTML模板文件的内容不会直接提供给客户端。

如果您需要定期更改它而无需重新部署应用程序,则将其存储在应用程序可以读取和修改的Datastore中。

注意:

一个重要的注意事项:并非所有文件都可以被代码读取,这取决于应用程序的配置。引用自使用app.yaml配置/静态文件处理程序

> 静态文件是直接提供给用户的文件,例如图像、CSS样式表或JavaScript源文件。静态文件处理程序描述了应用程序目录中的哪些文件是静态文件,以及哪些URL用于提供它们。
>
> 为了提高效率,App Engine将静态文件与应用程序文件分开存储和提供。静态文件在应用程序的文件系统中不可用。如果您有需要应用程序代码读取的数据文件,则数据文件必须是应用程序文件,并且不能与静态文件模式匹配。
>
> 静态文件处理程序可以通过两种方式定义:作为映射到URL路径的静态文件的目录结构,或者作为将URL映射到特定文件的模式。

阅读链接以了解如何正确配置应用程序和静态文件/目录。

英文:

On AppEngine you don't have access to the file system of the host operating system, but you can access files of your web application (you have read-only permission, you can't change them and you can't create new files in the app's folder).

So the question is: do you want to change this private key from your application without redeploying your app? Or it is perfectly fine if it is deployed "statically" with your app's code?

If you don't need to change it (or only when you redeploy your app), easiest is to store it as a "static" file as part of your webapp. You may refer to files of your app using relative paths, where the current or working directory is your app's root. E.g. if your app contains a key folder in its root (where app.yaml resides), and there is a my_key.txt file inside the key folder, you can refer to it with the path: key/my_key.txt.

Actually it is quite common to "ship" static files with your app's code: just think of HTML templates which are read and processed by the Go code (e.g. package html/template) to produce HTML result; the content of the HTML template files are not served directly to clients.

If you need to change it from time to time without having to redeploy your app, then store it in the Datastore which your app can read and modify.

Note:

One important note: not every file is readable by code, this depends on the app configuration. Quoting from Configuring with app.yaml / Static file handlers:

> Static files are files to be served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. Static file handlers describe which files in the application directory are static files, and which URLs serve them.
>
> For efficiency, App Engine stores and serves static files separately from application files. Static files are not available in the application's file system. If you have data files that need to be read by the application code, the data files must be application files, and must not be matched by a static file pattern.
>
> Static file handlers can be defined in two ways: as a directory structure of static files that maps to a URL path, or as a pattern that maps URLs to specific files.

Read the link how to properly configure application and static files / directories.

答案2

得分: 0

解决方案是保持app.yaml不变。将app.yaml放在项目的根目录下。然后将所有的导入语句从GOPATH开始改为从项目根目录开始。我选择将app.yaml和主要的go文件放在项目根目录下的不同文件夹中的原因是因为存在重复导入的问题。阅读这篇文章可以更好地理解:https://stackoverflow.com/questions/26794225/google-go-appengine-imports-and-conflicts-when-serving-testing

这个解决方案使得我的项目能够找到我想要的文件。

英文:

The solution was to leave app.yaml as it were. Put app.yaml at root lvl in project. Then change all imports from starting at GOPATH to start at project root instead. The problem that made me choose to put app.yaml and main go file in a different folder under project root was because of double imports. Read this for a better understanding: https://stackoverflow.com/questions/26794225/google-go-appengine-imports-and-conflicts-when-serving-testing

The solution made my project find the files I wanted.

huangapple
  • 本文由 发表于 2016年1月6日 16:57:03
  • 转载请务必保留本文链接:https://go.coder-hub.com/34629056.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定