fix: read gcreds from env var

fforbeck · fforbeck · commit 7fcc05d79e4d · 2022-11-15T08:28:13.000-03:00
diff --git a/src/util/gcp-kms-utils.ts b/src/util/gcp-kms-utils.ts
@@ -21,8 +21,19 @@ const EcdsaPubKey = asn1.define("EcdsaPubKey", function (this: any) {
 });
 /* eslint-enable func-names */
 
+function getClientCredentials() {
+  return process.env.GOOGLE_APPLICATION_CREDENTIAL_EMAIL && process.env.GOOGLE_APPLICATION_CREDENTIAL_PRIVATE_KEY
+    ? {
+        credentials: {
+          client_email: process.env.GOOGLE_APPLICATION_CREDENTIAL_EMAIL,
+          private_key: process.env.GOOGLE_APPLICATION_CREDENTIAL_PRIVATE_KEY,
+        },
+      }
+    : {};
+}
+
 export async function sign(digest: Buffer, kmsCredentials: GcpKmsSignerCredentials) {
-  const kms = new KeyManagementServiceClient();
+  const kms = new KeyManagementServiceClient(getClientCredentials());
   const versionName = kms.cryptoKeyVersionPath(
     kmsCredentials.projectId,
     kmsCredentials.locationId,
@@ -40,7 +51,7 @@ export async function sign(digest: Buffer, kmsCredentials: GcpKmsSignerCredentia
 }
 
 export const getPublicKey = async (kmsCredentials: GcpKmsSignerCredentials) => {
-  const kms = new KeyManagementServiceClient();
+  const kms = new KeyManagementServiceClient(getClientCredentials());
   const versionName = kms.cryptoKeyVersionPath(
     kmsCredentials.projectId,
     kmsCredentials.locationId,
