Create the generated signed url without expiration time for Google cloud storage object

Question

I am trying to generate the signed url for the Google cloud storage object without expiration time. But when I am creating the signed url with V4 signing process, it is getting expired after seven days.

Is there any alternative to achieve this?

Also, what was the expiration time of V2 signing process?

Answer 1

In addition to @DazWilkin's answer, it's not possible to create a Signed URL without expiration. The V2 signing process must accept a valid Unix Timestamp in seconds. You can enter up 64-bit Integer values but make sure that the timestamp is valid. There are tools out there that can convert timestamps to Datetime format.

If you try to set an invalid Unix timestamp, you'll get a MalformedSecurityHeader response.

However, if you insist on a Signed URL with expiration longer than a week, you can use the V2 signing process. As I mentioned in the comment, V2 signed urls can last for years.

If using the Client Library, first make sure to setup authentication first:

export GOOGLE_APPLICATION_CREDENTIALS="/path/to/keyfile.json"

Quick sample code (modified version of V4 signing process):

storage_client = storage.Client()
bucket = storage_client.bucket(bucket_name)
blob = bucket.blob(blob_name)

url = blob.generate_signed_url(
  version="v2",
  # This URL is valid for 365 days
  expiration=datetime.timedelta(days=365),
  # Allow GET requests using this URL.
  method="GET",
)

Refer to V2 Signing process for more information.