This guide provides instructions for setting up the Google Cloud CLI ( gcloud CLI) for use with Trusted Cloud. The gcloud CLI helps you create and work with Trusted Cloud resources from the command line.
For more general information about configuring and using the gcloud CLI, see the Google Cloud CLI documentation.
Differences from setup in Google Cloud
If you're already familiar with setting up and using the CLI with Google Cloud, note the following:
- There is some additional initial setup required to use the gcloud CLI with Trusted Cloud, as described in this guide.
- Cloud Shell is not available in Trusted Cloud. The gcloud CLI must be installed on your local machine.
- If a feature or product is unavailable in Trusted Cloud, the corresponding gcloud CLI commands and parameters are also unavailable.
Before you begin
In addition to your own sign in details for Trusted Cloud, you need the following to set up the gcloud CLI for the first time. If you are not an administrator for your organization, your administrator should provide you with this information.
- Your organization's workload identity pool name.
- Your organization's identity provider (IdP).
Install the gcloud CLI
Install the gcloud CLI, following the instructions for your OS in Install the gcloud CLI. Don't continue to the follow-up instructions for initializing the gcloud CLI, as you won't be able to sign in from the command line until you have followed the setup steps in this guide.
Create your login configuration file
To set up access to your universe, you need to create a JSON configuration file for the gcloud CLI, including domains used by Trusted Cloud and the IdP set up for your organization.
To create your login configuration file:
Run the following commands:
gcloud config set universe_domain s3nsapis.fr AUDIENCE=locations/global/workforcePools/POOL_ID/providers/PROVIDER_ID UNIVERSE_WEB_DOMAIN="cloud.s3nscloud.fr" UNIVERSE_API_DOMAIN="s3nsapis.fr" gcloud iam workforce-pools create-login-config \ $AUDIENCE \ --universe-cloud-web-domain="$UNIVERSE_WEB_DOMAIN" \ --universe-domain="$UNIVERSE_API_DOMAIN" \ --output-file="wif-login-config.json"Replace the following:
POOL_ID: the unique identifier for your organization's workload identity pool.PROVIDER_ID: your organization's identity provider (IdP).
The output is similar to the following:
Created login configuration file [wif-login-config.json].
After you have created your configuration file, you don't need to repeat this step as long as you are signing in from the same machine.
Sign in to Trusted Cloud with the gcloud CLI
Now you can use the configuration file every time you need to sign in to Trusted Cloud:
To sign in from the command line, run the following command:
gcloud auth login -–login-config=wif-login-config.jsonIf you need to use Application Default Credentials (ADC) (required for running Terraform modules), run the following command:
gcloud auth application-default login --login-config=wif-login-config.json
A web page opens where you can sign in with your login details. You can then go on to configure and use the gcloud CLI as described in the rest of its documentation.
What's next
- If you're an administrator setting up a Trusted Cloud organization for the first time, find out how to configure your organization in Set up your organization.
- To find out more about what you can do with the Google Cloud CLI, see the Google Cloud CLI documentation
- For more information about getting started with Trusted Cloud, see Get started with Trusted Cloud.