Stay organized with collections Save and categorize content based on your preferences.
This document describes how you authenticate applications or workloads that are either running in a production environment on Compute Engine, or being tested locally for future deployment to the production environment. You can do the following:
Use the following table to determine which authentication method to use for your workloads.
Task Method Authenticate apps or workloads that are in productionUse the service account that is attached to the VM.
This is the most common method for authenticating apps and workloads that are running on virtual machine (VM) instances on Google Cloud. For detailed instructions, see Authenticate workloads to Google Cloud APIs using service accounts.
Authenticate apps or workloads that are in development Use Google Cloud SDK and Application Default Credentials. For more information, see Set up ADC for a local development environment. Authorizing apps and workloads that need access to end-user resourcesIf you are building development or administration tools where users grant you access to their Google Cloud resources, get your application access to user resources by using OAuth 2.0. For detailed instructions, see Using OAuth 2.0 for Web Server Applications.
In your request, specify an access scope that limits your access to only the methods and user information that your application requires. For a full list of services and required scopes across Google Cloud, see OAuth 2.0 Scopes for Google APIs.
Authenticate your workloads to other workloads over mTLSPreview
This feature is subject to the "Pre-GA Offerings Terms" in the General Service Terms section of the Service Specific Terms. Pre-GA features are available "as is" and might have limited support. For more information, see the launch stage descriptions.
For information about access to this release, see the access request page.
You can authenticate applications or workloads using managed workload identities. This authentication method uses a service account, certificate authority (CA) pools, and managed workload identities.
Managed workload identities let you bind strongly attested identities to your Compute Engine workloads. Google Cloud provisions X.509 credentials issued from the Certificate Authority Service that can be used to reliably authenticate your workload with other workloads over mutual TLS (mTLS) authentication.
Your workload uses the managed workload identity as its identity when it authenticates to other workloads using mutual TLS (mTLS), and uses the service account as its identity when it accesses other Google Cloud services and resources.
For more information, see Authenticate workloads to other workloads over mTLS.
What's nextExcept as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-07 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["This document outlines how to authenticate applications or workloads in production on Compute Engine or during local testing for future deployment."],["Workloads running on Google Cloud VMs in production should use the attached service account for authentication to access Google APIs."],["Workloads in development can utilize the Google Cloud SDK and Application Default Credentials for authentication, and for access to end-user resources, they can leverage OAuth 2.0."],["Managed workload identities are available for strongly attesting identities to Compute Engine workloads, using X.509 credentials for mutual TLS (mTLS) authentication between workloads."],["Managed workload identities can authenticate to other workloads using mTLS, while the service account provides authentication to other Google Cloud services."]]],[]]
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4