mask X-Goog-Credential in singed url for end users

Question

Can we mask the X-Goog-Credential in signed url that we create for a end user , so that they dont get to see the projectid and gcp account details.

curl --location --request GET 'https://host/images/f2b0ce52-a485-43bf-b1e9-413e04cf7ef5.jpeg?X-Goog-Algorithm=GOOG4-RSA-SHA256&[email protected]%2F20221019%2Fauto%2Fstorage%2Fgoog4_request&X-Goog-Date=20221019T114634Z&X-Goog-Expires=600&X-Goog-SignedHeaders=host&X-Goog-Signature=2f263e1db1eb48f00c554ef577a89ee1069a8e306c23b5ffdaa6dd31194d210338cc65794aa23602b34b6e5df27c3fb2fee001be0f8c0516d119d2777023c26e77e77f89baf738c0627a4611863bf032694bfca366a958ee458939cfc836e98e9ce9b1bca7f0e02405bd7dc51536adf63654f410a5a651e2e35c578aa95e906f7b139eeb5f5df6b0ac70d4b670832964ef9e27a34cbb5fc8a41e3d766c5431233076eccb79ee099c74f83997dc334d8e90cf813f74b54657ce264dc4553c675c9c9d0a67b3b5774fcb86283ce1b19230a1c4e4f8dfd8e6e11f1244056e90ffc3d64eb8bb3c97f8e55252ad7a90c326b473d0910f2bf9cc487430ab69465e8aff'

Answer 1

As mentioned in the Answer :

It's not possible, if you want the client to directly access that data. You could obfuscate it by using a URL shortener, but all that would do is hide it from view temporarily.

Once you choose to allow clients to access your project directly, your project id is no longer private information. That ID is absolutely required in order to identify resources within your project (and not just Cloud Storage).

If you don't want anyone to see the name of your project, you will either: Disallow all direct client access Route all requests through some middleware service identified by another DNS name that hides all the implementation details of the interaction with Google Cloud products.

For more information related to revoking and routing requests you can refer to the doc_revoking and doc_routing.