Skip to content

prefect_gcp.credentials

Module handling GCP credentials.

Classes

GcpCredentials

Bases: CredentialsBlock

Block used to manage authentication with GCP. Google authentication is handled via the google.oauth2 module or through the CLI. Specify either one of service account_file or service_account_info; if both are not specified, the client will try to detect the credentials following Google's Application Default Credentials. See Google's Authentication documentation for details on inference and recommended authentication patterns.

Attributes:

Name Type Description
service_account_file Optional[Path]

Path to the service account JSON keyfile.
service_account_info Optional[SecretDict]

The contents of the keyfile as a dict.
Example

Load GCP credentials stored in a GCP Credentials Block: 

from prefect_gcp import GcpCredentials
gcp_credentials_block = GcpCredentials.load("BLOCK_NAME")

Source code in prefect_gcp/credentials.py 
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
class GcpCredentials(CredentialsBlock):
    """
    Block used to manage authentication with GCP. Google authentication is
    handled via the `google.oauth2` module or through the CLI.
    Specify either one of service `account_file` or `service_account_info`; if both
    are not specified, the client will try to detect the credentials following Google's
    [Application Default Credentials](https://cloud.google.com/docs/authentication/application-default-credentials).
    See Google's [Authentication documentation](https://cloud.google.com/docs/authentication#service-accounts)
    for details on inference and recommended authentication patterns.

    Attributes:
        service_account_file: Path to the service account JSON keyfile.
        service_account_info: The contents of the keyfile as a dict.

    Example:
        Load GCP credentials stored in a `GCP Credentials` Block:
        ```python
        from prefect_gcp import GcpCredentials
        gcp_credentials_block = GcpCredentials.load("BLOCK_NAME")
        ```
    """  # noqa

    _logo_url = "https://cdn.sanity.io/images/3ugk85nk/production/10424e311932e31c477ac2b9ef3d53cefbaad708-250x250.png"  # noqa
    _block_type_name = "GCP Credentials"
    _documentation_url = "https://prefecthq.github.io/prefect-gcp/credentials/#prefect_gcp.credentials.GcpCredentials"  # noqa: E501

    service_account_file: Optional[Path] = Field(
        default=None, description="Path to the service account JSON keyfile."
    )
    service_account_info: Optional[SecretDict] = Field(
        default=None, description="The contents of the keyfile as a dict."
    )
    project: Optional[str] = Field(
        default=None, description="The GCP project to use for the client."
    )

    _service_account_email: Optional[str] = None

    @root_validator
    def _provide_one_service_account_source(cls, values):
        """
        Ensure that only a service account file or service account info ias provided.
        """
        both_service_account = (
            values.get("service_account_info") is not None
            and values.get("service_account_file") is not None
        )
        if both_service_account:
            raise ValueError(
                "Only one of service_account_info or service_account_file "
                "can be specified at once"
            )
        return values

    @validator("service_account_file")
    def _check_service_account_file(cls, file):
        """Get full path of provided file and make sure that it exists."""
        if not file:
            return file

        service_account_file = Path(file).expanduser()
        if not service_account_file.exists():
            raise ValueError("The provided path to the service account is invalid")
        return service_account_file

    @validator("service_account_info", pre=True)
    def _convert_json_string_json_service_account_info(cls, value):
        """
        Converts service account info provided as a json formatted string
        to a dictionary
        """
        if isinstance(value, str):
            try:
                service_account_info = json.loads(value)
                return service_account_info
            except Exception:
                raise ValueError("Unable to decode service_account_info")
        else:
            return value

    def block_initialization(self):
        credentials = self.get_credentials_from_service_account()
        if self.project is None:
            if self.service_account_info or self.service_account_file:
                credentials_project = credentials.project_id
            # google.auth.default using gcloud auth application-default login
            elif credentials.quota_project_id:
                credentials_project = credentials.quota_project_id
            # compute-assigned service account via GCP metadata server
            else:
                _, credentials_project = google.auth.default()
            self.project = credentials_project

        if hasattr(credentials, "service_account_email"):
            self._service_account_email = credentials.service_account_email

    def get_credentials_from_service_account(self) -> Credentials:
        """
        Helper method to serialize credentials by using either
        service_account_file or service_account_info.
        """
        if self.service_account_info:
            credentials = Credentials.from_service_account_info(
                self.service_account_info.get_secret_value(),
                scopes=["https://www.googleapis.com/auth/cloud-platform"],
            )
        elif self.service_account_file:
            credentials = Credentials.from_service_account_file(
                self.service_account_file,
                scopes=["https://www.googleapis.com/auth/cloud-platform"],
            )
        else:
            credentials, _ = google.auth.default()
        return credentials

    @sync_compatible
    async def get_access_token(self):
        """
        See: https://stackoverflow.com/a/69107745
        Also: https://www.jhanley.com/google-cloud-creating-oauth-access-tokens-for-rest-api-calls/
        """  # noqa
        request = google.auth.transport.requests.Request()
        credentials = self.get_credentials_from_service_account()
        await run_sync_in_worker_thread(credentials.refresh, request)
        return credentials.token

    def get_client(
        self,
        client_type: Union[str, ClientType],
        **get_client_kwargs: Dict[str, Any],
    ) -> Any:
        """
        Helper method to dynamically get a client type.

        Args:
            client_type: The name of the client to get.
            **get_client_kwargs: Additional keyword arguments to pass to the
                `get_*_client` method.

        Returns:
            An authenticated client.

        Raises:
            ValueError: if the client is not supported.
        """
        if isinstance(client_type, str):
            client_type = ClientType(client_type)
        client_type = client_type.value
        get_client_method = getattr(self, f"get_{client_type}_client")
        return get_client_method(**get_client_kwargs)

    @_raise_help_msg("cloud_storage")
    def get_cloud_storage_client(
        self, project: Optional[str] = None
    ) -> "StorageClient":
        """
        Gets an authenticated Cloud Storage client.

        Args:
            project: Name of the project to use; overrides the base
                class's project if provided.

        Returns:
            An authenticated Cloud Storage client.

        Examples:
            Gets a GCP Cloud Storage client from a path.
            ```python
            from prefect import flow
            from prefect_gcp.credentials import GcpCredentials

            @flow()
            def example_get_client_flow():
                service_account_file = "~/.secrets/prefect-service-account.json"
                client = GcpCredentials(
                    service_account_file=service_account_file
                ).get_cloud_storage_client()
            example_get_client_flow()
            ```

            Gets a GCP Cloud Storage client from a dictionary.
            ```python
            from prefect import flow
            from prefect_gcp.credentials import GcpCredentials

            @flow()
            def example_get_client_flow():
                service_account_info = {
                    "type": "service_account",
                    "project_id": "project_id",
                    "private_key_id": "private_key_id",
                    "private_key": "private_key",
                    "client_email": "client_email",
                    "client_id": "client_id",
                    "auth_uri": "auth_uri",
                    "token_uri": "token_uri",
                    "auth_provider_x509_cert_url": "auth_provider_x509_cert_url",
                    "client_x509_cert_url": "client_x509_cert_url"
                }
                client = GcpCredentials(
                    service_account_info=service_account_info
                ).get_cloud_storage_client()
            example_get_client_flow()
            ```
        """
        credentials = self.get_credentials_from_service_account()

        # override class project if method project is provided
        project = project or self.project
        storage_client = StorageClient(credentials=credentials, project=project)
        return storage_client

    @_raise_help_msg("bigquery")
    def get_bigquery_client(
        self, project: str = None, location: str = None
    ) -> "BigQueryClient":
        """
        Gets an authenticated BigQuery client.

        Args:
            project: Name of the project to use; overrides the base
                class's project if provided.
            location: Location to use.

        Returns:
            An authenticated BigQuery client.

        Examples:
            Gets a GCP BigQuery client from a path.
            ```python
            from prefect import flow
            from prefect_gcp.credentials import GcpCredentials

            @flow()
            def example_get_client_flow():
                service_account_file = "~/.secrets/prefect-service-account.json"
                client = GcpCredentials(
                    service_account_file=service_account_file
                ).get_bigquery_client()
            example_get_client_flow()
            ```

            Gets a GCP BigQuery client from a dictionary.
            ```python
            from prefect import flow
            from prefect_gcp.credentials import GcpCredentials

            @flow()
            def example_get_client_flow():
                service_account_info = {
                    "type": "service_account",
                    "project_id": "project_id",
                    "private_key_id": "private_key_id",
                    "private_key": "private_key",
                    "client_email": "client_email",
                    "client_id": "client_id",
                    "auth_uri": "auth_uri",
                    "token_uri": "token_uri",
                    "auth_provider_x509_cert_url": "auth_provider_x509_cert_url",
                    "client_x509_cert_url": "client_x509_cert_url"
                }
                client = GcpCredentials(
                    service_account_info=service_account_info
                ).get_bigquery_client()

            example_get_client_flow()
            ```
        """
        credentials = self.get_credentials_from_service_account()

        # override class project if method project is provided
        project = project or self.project
        big_query_client = BigQueryClient(
            credentials=credentials, project=project, location=location
        )
        return big_query_client

    @_raise_help_msg("secret_manager")
    def get_secret_manager_client(self) -> "SecretManagerServiceClient":
        """
        Gets an authenticated Secret Manager Service client.

        Returns:
            An authenticated Secret Manager Service client.

        Examples:
            Gets a GCP Secret Manager client from a path.
            ```python
            from prefect import flow
            from prefect_gcp.credentials import GcpCredentials

            @flow()
            def example_get_client_flow():
                service_account_file = "~/.secrets/prefect-service-account.json"
                client = GcpCredentials(
                    service_account_file=service_account_file
                ).get_secret_manager_client()
            example_get_client_flow()
            ```

            Gets a GCP Cloud Storage client from a dictionary.
            ```python
            from prefect import flow
            from prefect_gcp.credentials import GcpCredentials

            @flow()
            def example_get_client_flow():
                service_account_info = {
                    "type": "service_account",
                    "project_id": "project_id",
                    "private_key_id": "private_key_id",
                    "private_key": "private_key",
                    "client_email": "client_email",
                    "client_id": "client_id",
                    "auth_uri": "auth_uri",
                    "token_uri": "token_uri",
                    "auth_provider_x509_cert_url": "auth_provider_x509_cert_url",
                    "client_x509_cert_url": "client_x509_cert_url"
                }
                client = GcpCredentials(
                    service_account_info=service_account_info
                ).get_secret_manager_client()
            example_get_client_flow()
            ```
        """
        credentials = self.get_credentials_from_service_account()

        # doesn't accept project; must pass in project in tasks
        secret_manager_client = SecretManagerServiceClient(credentials=credentials)
        return secret_manager_client

    @_raise_help_msg("aiplatform")
    def get_job_service_client(
        self, client_options: Dict[str, Any] = None
    ) -> "JobServiceClient":
        """
        Gets an authenticated Job Service client for Vertex AI.

        Returns:
            An authenticated Job Service client.

        Examples:
            Gets a GCP Job Service client from a path.
            ```python
            from prefect import flow
            from prefect_gcp.credentials import GcpCredentials

            @flow()
            def example_get_client_flow():
                service_account_file = "~/.secrets/prefect-service-account.json"
                client = GcpCredentials(
                    service_account_file=service_account_file
                ).get_job_service_client()

            example_get_client_flow()
            ```

            Gets a GCP Cloud Storage client from a dictionary.
            ```python
            from prefect import flow
            from prefect_gcp.credentials import GcpCredentials

            @flow()
            def example_get_client_flow():
                service_account_info = {
                    "type": "service_account",
                    "project_id": "project_id",
                    "private_key_id": "private_key_id",
                    "private_key": "private_key",
                    "client_email": "client_email",
                    "client_id": "client_id",
                    "auth_uri": "auth_uri",
                    "token_uri": "token_uri",
                    "auth_provider_x509_cert_url": "auth_provider_x509_cert_url",
                    "client_x509_cert_url": "client_x509_cert_url"
                }
                client = GcpCredentials(
                    service_account_info=service_account_info
                ).get_job_service_client()

            example_get_client_flow()
            ```
        """
        credentials = self.get_credentials_from_service_account()
        job_service_client = JobServiceClient(
            credentials=credentials, client_options=client_options
        )
        return job_service_client

Functions

get_access_token async
Source code in prefect_gcp/credentials.py 
197
198
199
200
201
202
203
204
205
206
@sync_compatible
async def get_access_token(self):
    """
    See: https://stackoverflow.com/a/69107745
    Also: https://www.jhanley.com/google-cloud-creating-oauth-access-tokens-for-rest-api-calls/
    """  # noqa
    request = google.auth.transport.requests.Request()
    credentials = self.get_credentials_from_service_account()
    await run_sync_in_worker_thread(credentials.refresh, request)
    return credentials.token
get_bigquery_client

Gets an authenticated BigQuery client.

Parameters:

Name Type Description Default
project str

Name of the project to use; overrides the base class's project if provided.

 None
location str

Location to use.

 None

Returns:

Type Description
Client

An authenticated BigQuery client.

Examples:

Gets a GCP BigQuery client from a path. 

from prefect import flow
from prefect_gcp.credentials import GcpCredentials

@flow()
def example_get_client_flow():
    service_account_file = "~/.secrets/prefect-service-account.json"
    client = GcpCredentials(
        service_account_file=service_account_file
    ).get_bigquery_client()
example_get_client_flow()

Gets a GCP BigQuery client from a dictionary. 

from prefect import flow
from prefect_gcp.credentials import GcpCredentials

@flow()
def example_get_client_flow():
    service_account_info = {
        "type": "service_account",
        "project_id": "project_id",
        "private_key_id": "private_key_id",
        "private_key": "private_key",
        "client_email": "client_email",
        "client_id": "client_id",
        "auth_uri": "auth_uri",
        "token_uri": "token_uri",
        "auth_provider_x509_cert_url": "auth_provider_x509_cert_url",
        "client_x509_cert_url": "client_x509_cert_url"
    }
    client = GcpCredentials(
        service_account_info=service_account_info
    ).get_bigquery_client()

example_get_client_flow()

Source code in prefect_gcp/credentials.py 
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
@_raise_help_msg("bigquery")
def get_bigquery_client(
    self, project: str = None, location: str = None
) -> "BigQueryClient":
    """
    Gets an authenticated BigQuery client.

    Args:
        project: Name of the project to use; overrides the base
            class's project if provided.
        location: Location to use.

    Returns:
        An authenticated BigQuery client.

    Examples:
        Gets a GCP BigQuery client from a path.
        ```python
        from prefect import flow
        from prefect_gcp.credentials import GcpCredentials

        @flow()
        def example_get_client_flow():
            service_account_file = "~/.secrets/prefect-service-account.json"
            client = GcpCredentials(
                service_account_file=service_account_file
            ).get_bigquery_client()
        example_get_client_flow()
        ```

        Gets a GCP BigQuery client from a dictionary.
        ```python
        from prefect import flow
        from prefect_gcp.credentials import GcpCredentials

        @flow()
        def example_get_client_flow():
            service_account_info = {
                "type": "service_account",
                "project_id": "project_id",
                "private_key_id": "private_key_id",
                "private_key": "private_key",
                "client_email": "client_email",
                "client_id": "client_id",
                "auth_uri": "auth_uri",
                "token_uri": "token_uri",
                "auth_provider_x509_cert_url": "auth_provider_x509_cert_url",
                "client_x509_cert_url": "client_x509_cert_url"
            }
            client = GcpCredentials(
                service_account_info=service_account_info
            ).get_bigquery_client()

        example_get_client_flow()
        ```
    """
    credentials = self.get_credentials_from_service_account()

    # override class project if method project is provided
    project = project or self.project
    big_query_client = BigQueryClient(
        credentials=credentials, project=project, location=location
    )
    return big_query_client
get_client

Helper method to dynamically get a client type.

Parameters:

Name Type Description Default
client_type Union[str, ClientType]

The name of the client to get.

 required
**get_client_kwargs Dict[str, Any]

Additional keyword arguments to pass to the get_*_client method.

 {}

Returns:

Type Description
Any

An authenticated client.

Raises:

Type Description
ValueError

if the client is not supported.
Source code in prefect_gcp/credentials.py 
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
def get_client(
    self,
    client_type: Union[str, ClientType],
    **get_client_kwargs: Dict[str, Any],
) -> Any:
    """
    Helper method to dynamically get a client type.

    Args:
        client_type: The name of the client to get.
        **get_client_kwargs: Additional keyword arguments to pass to the
            `get_*_client` method.

    Returns:
        An authenticated client.

    Raises:
        ValueError: if the client is not supported.
    """
    if isinstance(client_type, str):
        client_type = ClientType(client_type)
    client_type = client_type.value
    get_client_method = getattr(self, f"get_{client_type}_client")
    return get_client_method(**get_client_kwargs)
get_cloud_storage_client

Gets an authenticated Cloud Storage client.

Parameters:

Name Type Description Default
project Optional[str]

Name of the project to use; overrides the base class's project if provided.

 None

Returns:

Type Description
Client

An authenticated Cloud Storage client.

Examples:

Gets a GCP Cloud Storage client from a path. 

from prefect import flow
from prefect_gcp.credentials import GcpCredentials

@flow()
def example_get_client_flow():
    service_account_file = "~/.secrets/prefect-service-account.json"
    client = GcpCredentials(
        service_account_file=service_account_file
    ).get_cloud_storage_client()
example_get_client_flow()

Gets a GCP Cloud Storage client from a dictionary. 

from prefect import flow
from prefect_gcp.credentials import GcpCredentials

@flow()
def example_get_client_flow():
    service_account_info = {
        "type": "service_account",
        "project_id": "project_id",
        "private_key_id": "private_key_id",
        "private_key": "private_key",
        "client_email": "client_email",
        "client_id": "client_id",
        "auth_uri": "auth_uri",
        "token_uri": "token_uri",
        "auth_provider_x509_cert_url": "auth_provider_x509_cert_url",
        "client_x509_cert_url": "client_x509_cert_url"
    }
    client = GcpCredentials(
        service_account_info=service_account_info
    ).get_cloud_storage_client()
example_get_client_flow()

Source code in prefect_gcp/credentials.py 
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
@_raise_help_msg("cloud_storage")
def get_cloud_storage_client(
    self, project: Optional[str] = None
) -> "StorageClient":
    """
    Gets an authenticated Cloud Storage client.

    Args:
        project: Name of the project to use; overrides the base
            class's project if provided.

    Returns:
        An authenticated Cloud Storage client.

    Examples:
        Gets a GCP Cloud Storage client from a path.
        ```python
        from prefect import flow
        from prefect_gcp.credentials import GcpCredentials

        @flow()
        def example_get_client_flow():
            service_account_file = "~/.secrets/prefect-service-account.json"
            client = GcpCredentials(
                service_account_file=service_account_file
            ).get_cloud_storage_client()
        example_get_client_flow()
        ```

        Gets a GCP Cloud Storage client from a dictionary.
        ```python
        from prefect import flow
        from prefect_gcp.credentials import GcpCredentials

        @flow()
        def example_get_client_flow():
            service_account_info = {
                "type": "service_account",
                "project_id": "project_id",
                "private_key_id": "private_key_id",
                "private_key": "private_key",
                "client_email": "client_email",
                "client_id": "client_id",
                "auth_uri": "auth_uri",
                "token_uri": "token_uri",
                "auth_provider_x509_cert_url": "auth_provider_x509_cert_url",
                "client_x509_cert_url": "client_x509_cert_url"
            }
            client = GcpCredentials(
                service_account_info=service_account_info
            ).get_cloud_storage_client()
        example_get_client_flow()
        ```
    """
    credentials = self.get_credentials_from_service_account()

    # override class project if method project is provided
    project = project or self.project
    storage_client = StorageClient(credentials=credentials, project=project)
    return storage_client
get_credentials_from_service_account

Helper method to serialize credentials by using either service_account_file or service_account_info.

Source code in prefect_gcp/credentials.py 
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
def get_credentials_from_service_account(self) -> Credentials:
    """
    Helper method to serialize credentials by using either
    service_account_file or service_account_info.
    """
    if self.service_account_info:
        credentials = Credentials.from_service_account_info(
            self.service_account_info.get_secret_value(),
            scopes=["https://www.googleapis.com/auth/cloud-platform"],
        )
    elif self.service_account_file:
        credentials = Credentials.from_service_account_file(
            self.service_account_file,
            scopes=["https://www.googleapis.com/auth/cloud-platform"],
        )
    else:
        credentials, _ = google.auth.default()
    return credentials
get_job_service_client

Gets an authenticated Job Service client for Vertex AI.

Returns:

Type Description
JobServiceClient

An authenticated Job Service client.

Examples:

Gets a GCP Job Service client from a path. 

from prefect import flow
from prefect_gcp.credentials import GcpCredentials

@flow()
def example_get_client_flow():
    service_account_file = "~/.secrets/prefect-service-account.json"
    client = GcpCredentials(
        service_account_file=service_account_file
    ).get_job_service_client()

example_get_client_flow()

Gets a GCP Cloud Storage client from a dictionary. 

from prefect import flow
from prefect_gcp.credentials import GcpCredentials

@flow()
def example_get_client_flow():
    service_account_info = {
        "type": "service_account",
        "project_id": "project_id",
        "private_key_id": "private_key_id",
        "private_key": "private_key",
        "client_email": "client_email",
        "client_id": "client_id",
        "auth_uri": "auth_uri",
        "token_uri": "token_uri",
        "auth_provider_x509_cert_url": "auth_provider_x509_cert_url",
        "client_x509_cert_url": "client_x509_cert_url"
    }
    client = GcpCredentials(
        service_account_info=service_account_info
    ).get_job_service_client()

example_get_client_flow()

Source code in prefect_gcp/credentials.py 
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
@_raise_help_msg("aiplatform")
def get_job_service_client(
    self, client_options: Dict[str, Any] = None
) -> "JobServiceClient":
    """
    Gets an authenticated Job Service client for Vertex AI.

    Returns:
        An authenticated Job Service client.

    Examples:
        Gets a GCP Job Service client from a path.
        ```python
        from prefect import flow
        from prefect_gcp.credentials import GcpCredentials

        @flow()
        def example_get_client_flow():
            service_account_file = "~/.secrets/prefect-service-account.json"
            client = GcpCredentials(
                service_account_file=service_account_file
            ).get_job_service_client()

        example_get_client_flow()
        ```

        Gets a GCP Cloud Storage client from a dictionary.
        ```python
        from prefect import flow
        from prefect_gcp.credentials import GcpCredentials

        @flow()
        def example_get_client_flow():
            service_account_info = {
                "type": "service_account",
                "project_id": "project_id",
                "private_key_id": "private_key_id",
                "private_key": "private_key",
                "client_email": "client_email",
                "client_id": "client_id",
                "auth_uri": "auth_uri",
                "token_uri": "token_uri",
                "auth_provider_x509_cert_url": "auth_provider_x509_cert_url",
                "client_x509_cert_url": "client_x509_cert_url"
            }
            client = GcpCredentials(
                service_account_info=service_account_info
            ).get_job_service_client()

        example_get_client_flow()
        ```
    """
    credentials = self.get_credentials_from_service_account()
    job_service_client = JobServiceClient(
        credentials=credentials, client_options=client_options
    )
    return job_service_client
get_secret_manager_client

Gets an authenticated Secret Manager Service client.

Returns:

Type Description
SecretManagerServiceClient

An authenticated Secret Manager Service client.

Examples:

Gets a GCP Secret Manager client from a path. 

from prefect import flow
from prefect_gcp.credentials import GcpCredentials

@flow()
def example_get_client_flow():
    service_account_file = "~/.secrets/prefect-service-account.json"
    client = GcpCredentials(
        service_account_file=service_account_file
    ).get_secret_manager_client()
example_get_client_flow()

Gets a GCP Cloud Storage client from a dictionary. 

from prefect import flow
from prefect_gcp.credentials import GcpCredentials

@flow()
def example_get_client_flow():
    service_account_info = {
        "type": "service_account",
        "project_id": "project_id",
        "private_key_id": "private_key_id",
        "private_key": "private_key",
        "client_email": "client_email",
        "client_id": "client_id",
        "auth_uri": "auth_uri",
        "token_uri": "token_uri",
        "auth_provider_x509_cert_url": "auth_provider_x509_cert_url",
        "client_x509_cert_url": "client_x509_cert_url"
    }
    client = GcpCredentials(
        service_account_info=service_account_info
    ).get_secret_manager_client()
example_get_client_flow()

Source code in prefect_gcp/credentials.py 
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
@_raise_help_msg("secret_manager")
def get_secret_manager_client(self) -> "SecretManagerServiceClient":
    """
    Gets an authenticated Secret Manager Service client.

    Returns:
        An authenticated Secret Manager Service client.

    Examples:
        Gets a GCP Secret Manager client from a path.
        ```python
        from prefect import flow
        from prefect_gcp.credentials import GcpCredentials

        @flow()
        def example_get_client_flow():
            service_account_file = "~/.secrets/prefect-service-account.json"
            client = GcpCredentials(
                service_account_file=service_account_file
            ).get_secret_manager_client()
        example_get_client_flow()
        ```

        Gets a GCP Cloud Storage client from a dictionary.
        ```python
        from prefect import flow
        from prefect_gcp.credentials import GcpCredentials

        @flow()
        def example_get_client_flow():
            service_account_info = {
                "type": "service_account",
                "project_id": "project_id",
                "private_key_id": "private_key_id",
                "private_key": "private_key",
                "client_email": "client_email",
                "client_id": "client_id",
                "auth_uri": "auth_uri",
                "token_uri": "token_uri",
                "auth_provider_x509_cert_url": "auth_provider_x509_cert_url",
                "client_x509_cert_url": "client_x509_cert_url"
            }
            client = GcpCredentials(
                service_account_info=service_account_info
            ).get_secret_manager_client()
        example_get_client_flow()
        ```
    """
    credentials = self.get_credentials_from_service_account()

    # doesn't accept project; must pass in project in tasks
    secret_manager_client = SecretManagerServiceClient(credentials=credentials)
    return secret_manager_client