CODEWITHSUNDEEP
authenticationgcloud
Cameron Taggart
Cameron Taggart

Reputation: 6091

Where are Google Application Default Credentials stored?

When you run gcloud auth login or gcloud auth list, where is it storing the credentials?

https://developers.google.com/identity/protocols/application-default-credentials

Upvotes: 26

Views: 37879

Answers (5)

Dagang Wei
Dagang Wei

Reputation: 26528

The official doc says:

Linux, macOS: $HOME/.config/gcloud/application_default_credentials.json

Windows: %APPDATA%\gcloud\application_default_credentials.json

Upvotes: 2

Semafoor
Semafoor

Reputation: 2032

I'll one-up the response by Peter V. Mørch and say that none of the answers here are correct, and maybe even ever were!

As mentioned in the other answers, the credentials used by gcloud and other Google Cloud SDK tools like bq and gsutil are stored in a database at ~/.config/gcloud/credentials.db. However, the question was on application default credentials (ADC), and the credentials in credentials.db are not used as part of ADC.

  • To create credentials for use by ADC you run gcloud auth application-default login, which creates a credential file at ~/.config/gcloud/application_default_credentials.json.
  • To create credentials for use by the Cloud SDK you run gcloud auth login (or gcloud auth activate-service-account), which appends an entry in the credentials.db database.

These different credentials do not have to authenticate the same user; logging in using gcloud auth login does not enable the ADC.

I've written a blog post on this that goes into some more detail: Authentication on GCP: Application Default Credentials.

Upvotes: 11

Peter V. Mørch
Peter V. Mørch

Reputation: 15947

The currently accepted answer is no longer correct.

Now, as John Hanley describes in https://superuser.com/a/1508016/111814:

Your credentials are stored at ~/.config/gcloud.

Credentials are stored in two files: access_tokens.db and credentials.db in that directory. Both files are an SQLite database.

To see the contents, e.g.: sqlite3 ~/.config/gcloud/credentials.db .dump

Upvotes: 7

RJFalconer
RJFalconer

Reputation: 11701

Windows:

C:\Users\%username%\AppData\Roaming\gcloud\credentials

C:\Users\%username%\AppData\Roaming\gcloud\legacy_credentials

Upvotes: 17

Cameron Taggart
Cameron Taggart

Reputation: 6091

I found them. They are in ~/.config/gcloud/credentials. I was able to pass the default credentials to the docker image I'm working on by mounting them docker run --rm -it -v ~/.config/gcloud:/root/.config/gcloud alpine:3.4 sh.

Upvotes: 32

Related Questions