Where are Google Application Default Credentials stored?

I found them. They are in ~/.config/gcloud/credentials. I was able to pass the default credentials to the docker image I'm working on by mounting them docker run --rm -it -v ~/.config/gcloud:/root/.config/gcloud alpine:3.4 sh.

Windows:

C:\Users\%username%\AppData\Roaming\gcloud\credentials

C:\Users\%username%\AppData\Roaming\gcloud\legacy_credentials

The currently accepted answer is no longer correct.

Now, as John Hanley describes in https://superuser.com/a/1508016/111814:

Your credentials are stored at ~/.config/gcloud.

Credentials are stored in two files: access_tokens.db and credentials.db in that directory. Both files are an SQLite database.

To see the contents, e.g.: sqlite3 ~/.config/gcloud/credentials.db .dump

I'll one-up the response by Peter V. Mørch and say that none of the answers here are correct, and maybe even ever were!

As mentioned in the other answers, the credentials used by gcloud and other Google Cloud SDK tools like bq and gsutil are stored in a database at ~/.config/gcloud/credentials.db. However, the question was on application default credentials (ADC), and the credentials in credentials.db are not used as part of ADC.

• To create credentials for use by ADC you run gcloud auth application-default login, which creates a credential file at ~/.config/gcloud/application_default_credentials.json.
• To create credentials for use by the Cloud SDK you run gcloud auth login (or gcloud auth activate-service-account), which appends an entry in the credentials.db database.

These different credentials do not have to authenticate the same user; logging in using gcloud auth login does not enable the ADC.

I've written a blog post on this that goes into some more detail: Authentication on GCP: Application Default Credentials.