0

GCP gcloud command has its access credential for each user account.

gcloud auth login

Obtains access credentials for your user account via a web-based authorization flow. When this command completes successfully, it sets the active account in the current configuration to the account specified.

GCP SDK has Application Default Credentials (ADC)

gcloud auth application-default login

Obtains user access credentials via a web flow and puts them in the well-known location for Application Default Credentials (ADC).

This command has no effect on the user account(s) set up by the gcloud auth login command.

Any credentials previously generated by gcloud auth application-default login will be overwritten.

Both gcloud auth login and gcloud auth application-default login open up a web page to select a google account.

Question is why do we need two different ways to get credential for google account? What are the reasons?

Notes

mon
  • 18,789
  • 22
  • 112
  • 205

1 Answers1

2

The key is in this sentence:

well-known location for Application Default Credentials (ADC)

ADC is a flow used by Google Cloud client libraries, the library expect a file to located in a specific location (depending on the OS) to perform Authentication to GCP API's

You can think about it this way:

  • gcloud auth login is to grab credentials for a user to be able to perform gcloud commands
  • gcloud auth application-default is to grab credentials for a user to be used by applications developers using client libraries.
boredabdel
  • 1,732
  • 3
  • 7