Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I manage multiple Application Default Credentials (ADC)? [closed]

Tags:

credentials

google-cloud-platform

gcloud

Suppose I have 5 Google accounts (gmail accounts). Is there a way to create multiple Application Default Dredentials (ADC), one for each Google account, and specify which one to use when running the GCP SDK?

I've read the docs for gcloud auth application-default login, which state:

Obtains user access credentials via a web flow and puts them in the well-known location for Application Default Credentials (ADC).

The well-known location is ~/.config/gcloud/application_default_credentials.json.

AWS has the concept of profiles, allowing me to use --profile to specify which AWS credentials to use. Is there a similar mechanism in GCP?

like image 865
mon Avatar asked Mar 17 '26 13:03

mon

2 Answers

You can let the relevant tools know where to look for this ADC file by setting the GOOGLE_APPLICATION_CREDENTIALS environment variable.

like image 177
jlucktay Avatar answered Mar 20 '26 02:03

jlucktay

Are you sure this is the right approach? (addressing the XY Problem)

Needing to have multiple Application Default Credentials (ADC) configurations is not an everyday use case. Here are some alternatives that you should consider:

  1. If you're using the gcloud CLI and want to execute different commands with different credentials, you should use gcloud CLI configurations. This allows you to switch contexts quickly as you execute each command.

  2. If you need to run different portions of your codebase using different credentials, you should either...

    1. ...create multiple service accounts for each unique set of permissions...

    2. ...or use Workload Identity Federation to provide direct resource access to the specific Google Cloud resources you need to use.

Lack of First-Party Solution (and a Workaround)

Unfortunately, Google does not provide a built-in way to create multiple ADC configurations.

The closest workaround I've found is to use a third-party tool that can automatically load and unload environment variables. One of the best solutions for this is direnv, but many options exist. Using such a tool, change the value of the GOOGLE_APPLICATION_CREDENTIALS environment variable based on your current working directory to point to a .json file with appropriate credentials.

Alternatives to direnv include zsh-autoenv, ondir, or the ever-reliable Environment Modules.

like image 35
Talia Smiley Avatar answered Mar 20 '26 02:03

Talia Smiley

Sign in to Comment

Related questions

ERROR: build step 0 "gcr.io/cloud-builders/docker" failed: exit status 1
How can one keep the data on a local SSD between stopping and restarting an instance
Re-authenticate a user. with FirebaseUI auth for Android
How do GCP load balancers route traffic to GKE services?
How to import requests_toolbelt correctly in google app engine?
Real-time transcription Google Cloud Speech API with gRPC from Electron

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!