Authenticate Vertex AI with a service account key
authentication
// what it does
For unattended CI or servers, download a service-account JSON key and point GOOGLE_APPLICATION_CREDENTIALS at it, along with your project and region. No browser or gcloud login is needed, so this works in headless pipelines. The account needs the Vertex AI User role.
// shell
$ unset GOOGLE_API_KEY GEMINI_API_KEY$ export GOOGLE_APPLICATION_CREDENTIALS=/etc/secrets/vertex-sa.json$ export GOOGLE_CLOUD_PROJECT=my-gcp-project$ export GOOGLE_CLOUD_LOCATION=us-central1// gotcha
The path must be absolute and readable by the process running gemini — a relative path breaks when the working directory changes. Never commit the JSON key; mount it as a secret in CI instead.