Configuration
Learn how to configure Google Cloud Console, environment variables, and encryption for your EDS instance.
Google Cloud Console
EDS uses Google Drive for storage. You must create a Google Cloud Project and enable the Drive API.
1. Enable APIs
- Go to the Google Cloud Console.
- Create a new project named "EDS Storage".
- Navigate to APIs & Services > Library.
- Enable the Google Drive API.
- Enable the Google OAuth2 API.
2. OAuth Credentials
- Navigate to APIs & Services > Credentials.
- Click Create Credentials > OAuth client ID.
- Select Web application as the application type.
- Add the following Authorized redirect URIs:
http://localhost:3003/api/auth/google/callback(Development)https://your-domain.com/api/auth/google/callback(Production)
- Copy your Client ID and Client Secret.
OAuth Scopes
EDS requires the https://www.googleapis.com/auth/drive.file scope. This allows the app to only access files it has created, ensuring user privacy.
Environment Variables
EDS requires several environment variables to function. These should be placed in your .env file.
| Variable | Description |
|---|---|
GOOGLE_CLIENT_ID | Your Google OAuth client ID |
GOOGLE_CLIENT_SECRET | Your Google OAuth client secret |
GOOGLE_REDIRECT_URI | Must match the URI configured in Google Console |
ENCRYPTION_KEY | 32-character key for encrypting OAuth tokens |
Encryption Key
EDS encrypts all Google OAuth tokens (access and refresh tokens) before storing them in the database using AES-256-GCM.
You can generate a secure 32-character key using Node.js:
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"⚠️ Critical
Never change your ENCRYPTION_KEY after you've started adding storage nodes. If you change it, EDS will be unable to decrypt existing tokens, and you will lose access to those nodes.