Set up ADC for on-premises or another cloud providerStay organized with collectionsSave and categorize content based on your preferences.
If you are running your application outside of Google Cloud, you need to
provide credentials that are recognized by Google Cloud to
use Google Cloud services.
Workload Identity Federation
The preferred way to authenticate with Google Cloud using credentials from
an external IdP is to useWorkload Identity Federation;
you create a credential configuration file and set theGOOGLE_APPLICATION_CREDENTIALSenvironment variable to point to it. This
approach is more secure than creating a service account key.
If you are not able to configure Workload Identity Federation, then you must
create a service account, grant it the IAM roles that
your application requires, and create a key for the service account.
To create a service account key and make it available to ADC:
Create a service account with the roles your application needs, and a key
for that service account, by following the instructions inCreating a service account key.
Set the environment variableGOOGLE_APPLICATION_CREDENTIALSto the path of the JSON file that contains your credentials.
This variable applies only to your current shell session, so if you open
a new session, set the variable again.
Example:Linux or macOS
exportGOOGLE_APPLICATION_CREDENTIALS="KEY_PATH"
ReplaceKEY_PATHwith the path of the JSON file that contains your credentials.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2026-04-20 UTC."],[],[]]
