gcloud auth application-default login
Acquire new user credentials to use for Application Default Credentials
Options
| Name | Description |
|---|---|
--account <ACCOUNT> | Google Cloud Platform user account to use for invocation. Overrides the default *core/account* property value for this command invocation |
--add-quota-project | (DEPRECATED) Read the project from the context of the gcloud command-line tool and write it to application default credentials as the quota project. It is the default behavior. + The --add-quota-project flag is deprecated. Enabled by default, use *--no-add-quota-project* to disable |
--billing-project <BILLING_PROJECT> | The Google Cloud Platform project that will be charged quota for operations performed in gcloud. If you need to operate on one project, but need quota against a different project, you can use this flag to specify the billing project. If both `billing/quota_project` and `--billing-project` are specified, `--billing-project` takes precedence. Run `$ gcloud config set --help` to see more information about `billing/quota_project` |
--client-id-file <CLIENT_ID_FILE> | A file containing your own client id to use to login. If --client-id-file is specified, the quota project will not be written to ADC |
--configuration <CONFIGURATION> | The configuration to use for this command invocation. For more information on how to use configurations, run: `gcloud topic configurations`. You can also use the CLOUDSDK_ACTIVE_CONFIG_NAME environment variable to set the equivalent of this flag for a terminal session |
--disable-quota-project | By default, the project in billing/quota_project or core/project will be written to application default credentials (ADC) as the quota project. When both are set, billing/quota_project takes precedence. You can use --billing-project to overwrite the value in billing/quota_project. Similarly, you can use --project to overwrite the value in core/project. Client libraries will send it to services and use it for quota and billing. To be able to use a project as the quota project, the account in ADC must have the serviceusage.services.use permission on the project. This permission is granted to the project editor and project owner. You can create custom roles to include this permission. + Note that some cloud services may ignore this quota project and still bill the project owning the resources. + In the following situations, you may use this flag to skip setting the quota project: + * The account in ADC cannot be granted the project editor or owner role or any role with the serviceusage.services.use permission. * You always want to bill the project owning the resources |
--flags-file <YAML_FILE> | A YAML or JSON file that specifies a *--flag*:*value* dictionary. Useful for specifying complex flag values with special characters that work with any command interpreter. Additionally, each *--flags-file* arg is replaced by its constituent flags. See $ gcloud topic flags-file for more information |
--flatten <KEY> | Flatten _name_[] output resource slices in _KEY_ into separate records for each item in each slice. Multiple keys and slices may be specified. This also flattens keys for *--format* and *--filter*. For example, *--flatten=abc.def* flattens *abc.def[].ghi* references to *abc.def.ghi*. A resource record containing *abc.def[]* with N elements will expand to N records in the flattened output. This flag interacts with other flags that are applied in this order: *--flatten*, *--sort-by*, *--filter*, *--limit* |
--format <FORMAT> | Set the format for printing command output resources. The default is a command-specific human-friendly output format. The supported formats are: `config`, `csv`, `default`, `diff`, `disable`, `flattened`, `get`, `json`, `list`, `multi`, `none`, `object`, `table`, `text`, `value`, `yaml`. For more details run $ gcloud topic formats |
--help | Display detailed help |
--impersonate-service-account <SERVICE_ACCOUNT_EMAIL> | For this gcloud invocation, all API requests will be made as the given service account instead of the currently selected account. This is done without needing to create, download, and activate a key for the account. In order to perform operations as the service account, your currently selected account must have an IAM role that includes the iam.serviceAccounts.getAccessToken permission for the service account. The roles/iam.serviceAccountTokenCreator role has this permission or you may create a custom role. Overrides the default *auth/impersonate_service_account* property value for this command invocation |
--launch-browser | Launch a browser for authorization. If not enabled or DISPLAY variable is not set, prints a URL to standard output to be copied. Enabled by default, use *--no-launch-browser* to disable |
--log-http | Log all HTTP server requests and responses to stderr. Overrides the default *core/log_http* property value for this command invocation |
--project <PROJECT_ID> | The Google Cloud Platform project ID to use for this invocation. If omitted, then the current project is assumed; the current project can be listed using `gcloud config list --format='text(core.project)'` and can be set using `gcloud config set project PROJECTID`. + `--project` and its fallback `core/project` property play two roles in the invocation. It specifies the project of the resource to operate on. It also specifies the project for API enablement check, quota, and billing. To specify a different project for quota and billing, use `--billing-project` or `billing/quota_project` property |
--quiet | Disable all interactive prompts when running gcloud commands. If input is required, defaults will be used, or an error will be raised. Overrides the default core/disable_prompts property value for this command invocation. This is equivalent to setting the environment variable `CLOUDSDK_CORE_DISABLE_PROMPTS` to 1 |
--scopes <SCOPES> | The names of the scopes to authorize for. By default openid, https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/cloud-platform scopes are used. The list of possible scopes can be found at: [](https://developers.google.com/identity/protocols/googlescopes) |
--trace-token <TRACE_TOKEN> | Token used to route traces of service requests for investigation of issues. Overrides the default *core/trace_token* property value for this command invocation |
--user-output-enabled | Print user intended output to the console. Overrides the default *core/user_output_enabled* property value for this command invocation. Use *--no-user-output-enabled* to disable |
--verbosity <VERBOSITY> | Override the default verbosity for this command. Overrides the default *core/verbosity* property value for this command invocation. _VERBOSITY_ must be one of: *debug*, *info*, *warning*, *error*, *critical*, *none* |