How to Authenticate Your Google Cloud Project Without a Migraine
Cristina Rodriguez
Posted on November 25, 2024
Imagine you're deep into a project, navigating the exciting world of machine learning, perhaps fine-tuning a model on Hugging Face and trying to deploy it with Google Cloud's Vertex AI. The next thing you know, you're facing a maze of documentation—twenty different links, each explaining credentials, authentication, IAM, and the CLI in minute detail. It's overwhelming, right? I've been there. Let me simplify it for you.
Last week, I spent two hours trying to authenticate my local environment with Google Cloud to test my model. It shouldn't be that hard. Like the Python word told us, there should be a simpler way.
Here's a clear, four-step guide to setting up your Google Cloud credentials without wading through endless documentation.
Step 1: Create a Service Account Key
- Navigate to IAM & Admin > Service Accounts.
- Click the email that the service account assigned to you (it's a private compute engine default service account)
- In the menu, find the Keys tab.
Click Add Key> Create New Key.
Select JSON as the key type and download the file.
This JSON file is the Key to your project, and it contains private credentials. Be sure to store it securely, as it can't be recovered if lost.
Step 2: Secure and Configure the JSON Key
Secure the Key: Place the downloaded JSON file in the root of your project alongside your .env files. Importantly, add the filename to your .gitignore file. You do not want this Key ending up on GitHub!
Environment Variable Setup: In your .env file, create a variable called GOOGLE_APPLICATION_CREDENTIALS that points to the path of your JSON file:
You should have something like GOOGLE_APPLICATION_CREDENTIALS='/Users/your_username/your_project/your_key_file.json'
Step 3: Review your JSON file
Please note that you should have a file with a JSON with the following variables.
{
"type": "service_account",
"project_id":,
"private_key_id": ,
"private_key": ,
"client_email": ,
"client_id": ,
"auth_uri": ,
"token_uri": ,
"auth_provider_x509_cert_url": ,
"client_x509_cert_url": ,
"universe_domain":
}
And you don’t need to change anything from this file.
Step 4: You're Ready to Authenticate
With the environment variable set, your local environment is now authenticated to interact with Google Cloud services. This configuration also works for deployments using services like Render—just make sure to add the JSON key file as a private environment variable.
And how do you do that? In a non-integrated service like Render, you can copy-paste your JSON file into a space called Secret Files. It’s a container for storing plaintext files containing secret data. Each service will have instructions on how to connect that file with the environment variables. In the Render case, you just create the variable and connect the path with the instruction “/etc/secrets/.”
And there you have it. No marathon sessions deciphering documentation, no confusion—just a simple path to getting your Google Cloud credentials up and running. Now, focus on what matters: bringing your models to life.
Note on Security
This method is not the safest option if you're working on a group project or need to use distributed systems, as sharing sensitive credentials can lead to security vulnerabilities. However, if you're working on a demo, a personal project, or using a non-integrated service like Render, this approach is a simple and effective way to get started.
If you want to understand more about what authentication method works for your project, here is the official documentation: Authentication methods at Google
If you’re interested in reading the official documentation that allowed me to understand this flow, here are the official links
Note about me:
This article will be part of a series of articles I have created to showcase everything I learned preparing my workshop about AI and Model Garden for the Google DevFest 2024 in Seattle.
Posted on November 25, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.