Set up ADC for on-premises or another cloud provider
If you are running your application outside of Cloud de Confiance, you need to
provide credentials that are recognized by Cloud de Confiance to
use Cloud de Confiance services.
Workload Identity Federation
The preferred way to authenticate with Cloud de Confiance using credentials from
an external IdP is to use Workload Identity Federation;
you create a credential configuration file and set the
GOOGLE_APPLICATION_CREDENTIALS environment variable to point to it. This
approach is more secure than creating a service account key.
If you are not able to configure Workload Identity Federation, then you must
create a service account, grant it the IAM roles that
your application requires, and create a key for the service account.
To create a service account key and make it available to ADC:
Create a service account with the roles your application needs, and a key
for that service account, by following the instructions in
Creating a service account key.
Set the environment variable GOOGLE_APPLICATION_CREDENTIALS
to the path of the JSON file that contains your credentials.
This variable applies only to your current shell session, so if you open
a new session, set the variable again.
Example: Linux or macOS
exportGOOGLE_APPLICATION_CREDENTIALS="KEY_PATH"
Replace KEY_PATH with the path of the JSON file that contains your credentials.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2026-04-20 UTC."],[],[]]
