When you run gcloud auth login or gcloud auth list, where is it storing the credentials?
https://developers.google.com/identity/protocols/application-default-credentials
When you run gcloud auth login or gcloud auth list, where is it storing the credentials?
https://developers.google.com/identity/protocols/application-default-credentials
The currently accepted answer is no longer correct.
Now, as John Hanley describes in https://superuser.com/a/1508016/111814:
Your credentials are stored at
~/.config/gcloud
.Credentials are stored in two files: access_tokens.db and credentials.db in that directory. Both files are an SQLite database.
To see the contents, e.g.: sqlite3 ~/.config/gcloud/credentials.db .dump
I'll one-up the response by Peter V. Mørch and say that none of the answers here are correct, and maybe even ever were!
As mentioned in the other answers, the credentials used by gcloud
and other Google Cloud SDK tools like bq
and gsutil
are stored in a database at ~/.config/gcloud/credentials.db
. However, the question was on application default credentials (ADC), and the credentials in credentials.db
are not used as part of ADC.
gcloud auth application-default login
, which creates a credential file at ~/.config/gcloud/application_default_credentials.json
.gcloud auth login
(or gcloud auth activate-service-account
), which appends an entry in the credentials.db
database.These different credentials do not have to authenticate the same user; logging in using gcloud auth login
does not enable the ADC.
I've written a blog post on this that goes into some more detail: Authentication on GCP: Application Default Credentials.