Deploy serverless with Google Cloud Build

I’m trying to deploy the serverless framework using Google Cloud Build (and Python Cloud Functions).

The serverless.yml file requires an absolute path a credentials file. This works fine for local development and deployment.

However, for Cloud Build deployment I believe the preferred method of authentication is to use a service account which is automatically authenticated without the use of a PK. The only way around this, assuming you don’t want to store your PK within source code, appears to be to download a PK within Cloud Build and place it in the desired directory.

Could anyone confirm if they have found another way around this or if they know if it possible to authenticate using services accounts and serverless?


@davidjb99 Did you implement a Cloud Build solution for serverless that addresses the credentials issue? I am looking to do the same thing and I am curious if you were able to work around the issue.

@davidjb99 My solution for this was to use GCP’s Key Management Service to encrypt the keyfile. I include the encrypted key in my source code. The Cloud Build process can the use the gcloud kms decrypt command to provide the decrypted keyfile for the serverless process. I’ll work on contributing this to the documentation.

I made a PR to change the authentication used with uses the correct credentials on cloudbuild. See here.