Set up ADC for on-premises or another cloud provider
Stay organized with collections
Save and categorize content based on your preferences.
If you are running your application outside of Google Cloud, you need to
provide credentials that are recognized by Google Cloud to
use Google Cloud services.
Workload Identity Federation
The preferred way to authenticate with Google Cloud using credentials from
an external IdP is to use Workload Identity Federation;
you create a credential configuration file and set the
GOOGLE_APPLICATION_CREDENTIALS environment variable to point to it. This
approach is more secure than creating a service account key.
If you are not able to configure Workload Identity Federation, then you must
create a service account, grant it the IAM roles that
your application requires, and create a key for the service account.
To create a service account key and make it available to ADC:
Create a service account with the roles your application needs, and a key
for that service account, by following the instructions in
Creating a service account key.
Set the environment variable GOOGLE_APPLICATION_CREDENTIALS
to the path of the JSON file that contains your credentials.
This variable applies only to your current shell session, so if you open
a new session, set the variable again.
Example: Linux or macOS
exportGOOGLE_APPLICATION_CREDENTIALS="KEY_PATH"
Replace KEY_PATH with the path of the JSON file that contains your credentials.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-22 UTC."],[[["If running applications outside of Google Cloud, you need to provide credentials recognized by Google Cloud to access its services."],["Workload Identity Federation is the recommended method for authenticating with Google Cloud using external credentials, as it is more secure than service account keys."],["If Workload Identity Federation is not feasible, service account keys can be used, but they pose a security risk and should be avoided if possible."],["To use service account keys, create a service account with the necessary roles, generate a key, and set the `GOOGLE_APPLICATION_CREDENTIALS` environment variable to the key file's path."],["The `GOOGLE_APPLICATION_CREDENTIALS` environment variable directs Application Default Credentials (ADC) to the specified credential location, and it takes precedence over other credential locations."]]],[]]
