What is the difference between gcloud auth application-default login
vs gcloud auth login
?
Despite the definitions below, it is still hard to differentiate them.
gcloud auth application-default login :
acquire new user credentials to use for Application Default Credentials
gcloud auth login :
authorize gcloud to access the Cloud Platform with Google user credentials
When should I use one over the other?
Your credentials are stored at ~/. config/gcloud . Credentials are stored in two files: access_tokens. db and credentials.
gcloud-auth-list - List the accounts for known credentials. SYNOPSIS gcloud auth list [--account ACCOUNT] [--format FORMAT] [--help] [--project PROJECT] [--quiet, -q] [-h] FLAGS --account ACCOUNT. List only credentials for one account. Specify a format for printed output.
Sign in now (requires an admin account)In any web browser, go to admin.google.com. Starting from the sign-in page, enter the email address and password for your admin account (it does not end in @gmail.com). If you forgot your password, see Reset your administrator password.
The difference is the use cases:
As a developer, I want to interact with GCP via gcloud.gcloud auth login
This obtains your credentials and stores them in ~/.config/gcloud/
. Now you can run gcloud
commands from your terminal and it will find your credentials automatically. Any code/SDK will not automatically pick up your creds in this case.
Reference: https://cloud.google.com/sdk/gcloud/reference/auth/login
As a developer, I want my code to interact with GCP via SDK.gcloud auth application-default login
This obtains your credentials via a web flow and stores them in 'the well-known location for Application Default Credentials'. Now any code/SDK you run will be able to find the credentials automatically. This is a good stand-in when you want to locally test code which would normally run on a server and use a server-side credentials file.
Reference: https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login
Edit (09/19/2019):
As Kent contributed in his comment below, 'the well-known location for Application Default Credentials' is a file named application_default_credentials.json
located in your local ~/.config/gcloud/
directory. I've added an additional link below to an article by Theodore Sui and Daniel De Leo which goes into greater detail about the different authentication methods.
Article: https://medium.com/google-cloud/local-remote-authentication-with-google-cloud-platform-afe3aa017b95
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With