Hello guys, how are you?
Do you know if it 's possible to use GCS (Google Cloud Storage) with an Service Account and if yes, what 's the necessary permissions for that?
Welcome to the forum @Orlando_Tereza
Support for IAM Service Accounts on Google Cloud Storage #3835 seems to say the built in GCS backend doesn’t support it but that the rclone storage type is a workaround. There’s a bit more from same author at Restore with read-only database, however that seems a specialized need that may or may not care about.
I’m not familiar with GCS permissions, but Duplicati needs to be able to upload files, download files, list the uploaded files, and (usually) delete files. If you want Duplicati to create a folder for its files, allow it to do so.
There are special needs where people want to never delete (for example for security, or regulatory needs), but that means wasted space is not recycled when source files are deleted, and things just accumulate…
Google Cloud Storage is the rclone documentation, and it specifically talks about Service Account support.
I have not used Google Cloud Storage or service accounts, so comments from other people are welcome.
1 Like
Service Account Keys are the more “natural” way to talk to GCS. Service Accounts have permissions associated to access just one or a few buckets.
The current implementation requires access to “manage all your files in Google Cloud Storage”, which means that if that credential is lost all your cloud data is compromised, both duplicati data and other.
Chances are that if Duplicati is using google provided libraries, Service Account key support is already there. SA Keys are usually “autodetected” by Google libraries when keys are present in a specific folder or environment variables.
What would it take to add support for GCS + Service Accounts? Any pointers on where in the source code to look at for a pull request?
1 Like
Welcome to the forum @EBB
I don’t think it does, but you can look.
https://github.com/duplicati/duplicati/blob/master/Duplicati/Library/Backend/GoogleServices/GoogleCloudStorage.cs and nearby might be good places to start that look, and thank you!
1 Like