This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

The Application Default Credentials are not available

Posted on 11-04-2023 03:25 PM
Bianca12334
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

I have a project in spring boot and I need to connect to firestore and I tried to do this by making a config file in which I also set the path to the key file through the FileInputStream class, but it keeps giving me the error: The Application Default Credentials is not available.They are available if running in Google Compute Engine. Otherwise, the environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined pointing to a file defining the credentials.

Solved Solved
0 3 6,215
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ms4446
Staff
Reply posted on --/--/---- --:-- AM

 

The error "Application Default Credentials is not available" indicates that your application cannot find the credentials necessary to connect to Cloud Firestore. This error typically occurs when the application is running outside of Google Compute Engine (GCE) or when the default credentials are not properly configured.

GCE Environment: If your application is running in GCE or other Google Cloud environments like App Engine or Kubernetes Engine, the application should have default credentials automatically provided. Ensure that the service account associated with the environment or the Compute Engine instance has the necessary Firestore roles assigned, such as "Cloud Datastore User" or "Cloud Datastore Editor."

Environment Variable: When running outside of GCE, you need to set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to the file containing your service account credentials. This file can be downloaded from the Google Cloud Console. The method for setting the environment variable varies depending on the operating system and shell.

Setting Environment Variable on Windows:

For Command Prompt:

set GOOGLE_APPLICATION_CREDENTIALS=C:\path\to\key.json
 

For PowerShell:

$env:GOOGLE_APPLICATION_CREDENTIALS="C:\path\to\key.json"

Path to the Key File: Ensure that the path provided to the GOOGLE_APPLICATION_CREDENTIALS environment variable is an absolute path and points to the correct location of the key file. Relative paths can sometimes cause issues depending on how the application is started.

Restart the Application: After setting the environment variable, restart your development environment or the application itself for the changes to take effect.

Permissions: Verify that the service account associated with the key file has the appropriate permissions to access Firestore. Grant only the necessary IAM roles to the service account in the Google Cloud Console. Follow the principle of least privilege to minimize the access granted.

Security: Handle the service account key file with utmost care, as it grants access to your GCP resources. Avoid embedding the key file directly in your application's source code, especially if the code is stored in a public repository. Consider using environment variables or secure storage mechanisms to protect the key file. Never commit the key file to version control.

Spring Boot Configuration Code Example:

In a Spring Boot application, you can set the credentials programmatically using the following code snippet:

GoogleCredentials credentials = GoogleCredentials.fromStream(new FileInputStream("/path/to/key.json"));
FirestoreOptions firestoreOptions = FirestoreOptions.getDefaultInstance().toBuilder()
    .setCredentials(credentials)
    .build();
Firestore db = firestoreOptions.getService();
 

Ensure that the path to the key file in the code matches the path specified in the environment variable. Adjust the path according to the operating system if necessary.

By following these steps and ensuring the service account has the required permissions, you can effectively resolve the "Application Default Credentials is not available" error and successfully connect to Cloud Firestore. Remember to practice good security hygiene by protecting your service account key file and following the principle of least privilege when assigning roles.

View solution in original post

Jump to Solution
3 REPLIES 3

Posted on --/--/---- --:-- AM
ms4446
Staff
Reply posted on --/--/---- --:-- AM

 

The error "Application Default Credentials is not available" indicates that your application cannot find the credentials necessary to connect to Cloud Firestore. This error typically occurs when the application is running outside of Google Compute Engine (GCE) or when the default credentials are not properly configured.

GCE Environment: If your application is running in GCE or other Google Cloud environments like App Engine or Kubernetes Engine, the application should have default credentials automatically provided. Ensure that the service account associated with the environment or the Compute Engine instance has the necessary Firestore roles assigned, such as "Cloud Datastore User" or "Cloud Datastore Editor."

Environment Variable: When running outside of GCE, you need to set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to the file containing your service account credentials. This file can be downloaded from the Google Cloud Console. The method for setting the environment variable varies depending on the operating system and shell.

Setting Environment Variable on Windows:

For Command Prompt:

set GOOGLE_APPLICATION_CREDENTIALS=C:\path\to\key.json
 

For PowerShell:

$env:GOOGLE_APPLICATION_CREDENTIALS="C:\path\to\key.json"

Path to the Key File: Ensure that the path provided to the GOOGLE_APPLICATION_CREDENTIALS environment variable is an absolute path and points to the correct location of the key file. Relative paths can sometimes cause issues depending on how the application is started.

Restart the Application: After setting the environment variable, restart your development environment or the application itself for the changes to take effect.

Permissions: Verify that the service account associated with the key file has the appropriate permissions to access Firestore. Grant only the necessary IAM roles to the service account in the Google Cloud Console. Follow the principle of least privilege to minimize the access granted.

Security: Handle the service account key file with utmost care, as it grants access to your GCP resources. Avoid embedding the key file directly in your application's source code, especially if the code is stored in a public repository. Consider using environment variables or secure storage mechanisms to protect the key file. Never commit the key file to version control.

Spring Boot Configuration Code Example:

In a Spring Boot application, you can set the credentials programmatically using the following code snippet:

GoogleCredentials credentials = GoogleCredentials.fromStream(new FileInputStream("/path/to/key.json"));
FirestoreOptions firestoreOptions = FirestoreOptions.getDefaultInstance().toBuilder()
    .setCredentials(credentials)
    .build();
Firestore db = firestoreOptions.getService();
 

Ensure that the path to the key file in the code matches the path specified in the environment variable. Adjust the path according to the operating system if necessary.

By following these steps and ensuring the service account has the required permissions, you can effectively resolve the "Application Default Credentials is not available" error and successfully connect to Cloud Firestore. Remember to practice good security hygiene by protecting your service account key file and following the principle of least privilege when assigning roles.

Jump to Solution

Posted on --/--/---- --:-- AM
Kavin_01
Bronze 2
Bronze 2
In response to ms4446
Reply posted on --/--/---- --:-- AM

I am working on two projects with different JSON files. How can I set environment variables in Windows? In Windows, only one variable can be set with the name 'GOOGLE_APPLICATION_CREDENTIALS.' How can this be done?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Bianca12334
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Thank you!

Jump to Solution
0 Likes