Authentication for PuppyGraph to access Google Cloud resources

Authentication using Application Default Credentials

When connecting to Google Cloud resources such as BigQuery, Google Storage, etc., PuppyGraph recommends using Application Default Credentials (ADC) for authentication. ADC is a Google Cloud feature that allows you to authenticate your application. This is the recommended way to authenticate your application when running on Google Cloud.

Using an attached service account

If you are running PuppyGraph on Google Cloud, you can use the attached service account to authenticate it. PuppyGraph will automatically use the attached service account when accessing Google Cloud resources.

For VM instance, to using ADC, user should: 1. set VM instance with the proper service account. 2. Enable access to related clould APIs. For bigquery, set BigQuery to enable. For GCS, set Storage to Read Only or Full as needed.

VM instance settings

After setting up those configurations, you can use ADC in PuppyGraph without setting any environment variables.

Setting the GOOGLE_APPLICATION_CREDENTIALS environment variable

You can also set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path of your service account key file. The path needs to be accessible by PuppyGraph from inside the container.

A typical way to set the GOOGLE_APPLICATION_CREDENTIALS environment variable is to set it in your Dockerfile or Kubernetes deployment configuration. Also note that the service account key file should be mounted into the container. Here is a docker run example assuming the key has been downloaded to service-account-key.json:

docker run -p 8081:8081 -p 8182:8182 -p 7687:7687 -d --name puppy --rm --pull=always \
    -e GOOGLE_APPLICATION_CREDENTIALS=/puppygraph/service-account-key.json \
    -v ./service-account-key.json:/puppygraph/service-account-key.json \
    puppygraph/puppygraph:stable