Unless otherwise configured, the client libraries useApplication Default Credentialsto authenticate with Google Cloud Services. While this works for most applications, in some cases you may need to override this default. You can do so by providing theUnifiedCredentialsOptionThe following example shows how to explicitly load a service account key file:
[](std::string const& keyfile) {
auto is = std::ifstream(keyfile);
is.exceptions(std::ios::badbit); // Minimal error handling in examples
auto contents = std::string(std::istreambuf_iterator<char>(is.rdbuf()), {});
auto options =
google::cloud::Options{}.set<google::cloud::UnifiedCredentialsOption>(
google::cloud::MakeServiceAccountCredentials(contents));
return google::cloud::privateca_v1::CertificateAuthorityServiceClient(
google::cloud::privateca_v1::MakeCertificateAuthorityServiceConnection(
options));
}
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThe documentation covers versions of the C++ client library for Private CA, ranging from version 2.11.0 up to the release candidate 2.37.0-rc.\u003c/p\u003e\n"],["\u003cp\u003eThe default authentication method for the client libraries is Application Default Credentials, which can be overridden for specific use cases.\u003c/p\u003e\n"],["\u003cp\u003eAuthentication credentials can be overridden by utilizing the \u003ccode\u003eUnifiedCredentialsOption\u003c/code\u003e, such as loading a service account key file.\u003c/p\u003e\n"],["\u003cp\u003eThe example shows how to load a service account key file, with a note that it's a simple example for clarity, and the user should consult the documentation on best practices for service account key management.\u003c/p\u003e\n"],["\u003cp\u003eAdditional details on factory functions for \u003ccode\u003egoogle::cloud::Credentials\u003c/code\u003e objects are available in the Authentication Components section of the documentation.\u003c/p\u003e\n"]]],[],null,["Version 2.32.0keyboard_arrow_down\n\n- [2.42.0-rc (latest)](/cpp/docs/reference/privateca/latest/privateca-override-authentication)\n- [2.41.0](/cpp/docs/reference/privateca/2.41.0/privateca-override-authentication)\n- [2.40.0](/cpp/docs/reference/privateca/2.40.0/privateca-override-authentication)\n- [2.39.0](/cpp/docs/reference/privateca/2.39.0/privateca-override-authentication)\n- [2.38.0](/cpp/docs/reference/privateca/2.38.0/privateca-override-authentication)\n- [2.37.0](/cpp/docs/reference/privateca/2.37.0/privateca-override-authentication)\n- [2.36.0](/cpp/docs/reference/privateca/2.36.0/privateca-override-authentication)\n- [2.35.0](/cpp/docs/reference/privateca/2.35.0/privateca-override-authentication)\n- [2.34.0](/cpp/docs/reference/privateca/2.34.0/privateca-override-authentication)\n- [2.33.0](/cpp/docs/reference/privateca/2.33.0/privateca-override-authentication)\n- [2.32.0](/cpp/docs/reference/privateca/2.32.0/privateca-override-authentication)\n- [2.31.0](/cpp/docs/reference/privateca/2.31.0/privateca-override-authentication)\n- [2.30.0](/cpp/docs/reference/privateca/2.30.0/privateca-override-authentication)\n- [2.29.0](/cpp/docs/reference/privateca/2.29.0/privateca-override-authentication)\n- [2.28.0](/cpp/docs/reference/privateca/2.28.0/privateca-override-authentication)\n- [2.27.0](/cpp/docs/reference/privateca/2.27.0/privateca-override-authentication)\n- [2.26.0](/cpp/docs/reference/privateca/2.26.0/privateca-override-authentication)\n- [2.25.1](/cpp/docs/reference/privateca/2.25.1/privateca-override-authentication)\n- [2.24.0](/cpp/docs/reference/privateca/2.24.0/privateca-override-authentication)\n- [2.23.0](/cpp/docs/reference/privateca/2.23.0/privateca-override-authentication)\n- [2.22.1](/cpp/docs/reference/privateca/2.22.1/privateca-override-authentication)\n- [2.21.0](/cpp/docs/reference/privateca/2.21.0/privateca-override-authentication)\n- [2.20.0](/cpp/docs/reference/privateca/2.20.0/privateca-override-authentication)\n- [2.19.0](/cpp/docs/reference/privateca/2.19.0/privateca-override-authentication)\n- [2.18.0](/cpp/docs/reference/privateca/2.18.0/privateca-override-authentication)\n- [2.17.0](/cpp/docs/reference/privateca/2.17.0/privateca-override-authentication)\n- [2.16.0](/cpp/docs/reference/privateca/2.16.0/privateca-override-authentication)\n- [2.15.1](/cpp/docs/reference/privateca/2.15.1/privateca-override-authentication)\n- [2.14.0](/cpp/docs/reference/privateca/2.14.0/privateca-override-authentication)\n- [2.13.0](/cpp/docs/reference/privateca/2.13.0/privateca-override-authentication)\n- [2.12.0](/cpp/docs/reference/privateca/2.12.0/privateca-override-authentication)\n- [2.11.0](/cpp/docs/reference/privateca/2.11.0/privateca-override-authentication) \n\nHow to Override the Authentication Credentials\n==============================================\n\nUnless otherwise configured, the client libraries use [Application Default Credentials](https://cloud.google.com/docs/authentication#adc) to authenticate with Google Cloud Services. While this works for most applications, in some cases you may need to override this default. You can do so by providing the [UnifiedCredentialsOption](https://cloud.google.com/cpp/docs/reference/common/latest/structgoogle_1_1cloud_1_1UnifiedCredentialsOption.html) The following example shows how to explicitly load a service account key file: \n\n [](std::string const& keyfile) {\n auto is = std::ifstream(keyfile);\n is.exceptions(std::ios::badbit); // Minimal error handling in examples\n auto contents = std::string(std::istreambuf_iterator\u003cchar\u003e(is.rdbuf()), {});\n auto options =\n google::cloud::Options{}.set\u003cgoogle::cloud::UnifiedCredentialsOption\u003e(\n google::cloud::MakeServiceAccountCredentials(contents));\n return google::cloud::privateca_v1::CertificateAuthorityServiceClient(\n google::cloud::privateca_v1::MakeCertificateAuthorityServiceConnection(\n options));\n }\n\nKeep in mind that we chose this as an example because it is relatively easy to understand. Consult the [Best practices for managing service account keys](https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys) guide for more details.\n\n###### See Also\n\n[Authentication Components](https://cloud.google.com/cpp/docs/reference/common/latest/group__guac.html) - for more information on the factory functions to create [`google::cloud::Credentials`](https://cloud.google.com/cpp/docs/reference/common/latest/classgoogle_1_1cloud_1_1Credentials.html) objects."]]
