Google Cloud Environment Variables

This article is my attempt to keep track of the various environment variables that affect tools, SDKs, and applications written for Google Cloud.

GOOGLE_CLOUD_PROJECT

Environment variable defining default project.

If not set and the environment variable GOOGLE_APPLICATION_CREDENTIALS is set to the path of a valid service account JSON private key file the project ID is the project ID defined in the service account file if available (some older files do not contain project ID information).

When using external identities with Application Default Credentials, the roles/browser IAM role needs to be granted to the service account. The Cloud Resource Manager API should also be enabled on the project. This is needed since application default credentials will try to auto-discover the project ID from the current environment using the impersonated credential. Otherwise, the project ID will resolve to None. You can override the project detection by setting the GOOGLE_CLOUD_PROJECT environment variable.

GCLOUD_PROJECT

Previously used environment variable defining the default project.

This environment variable is used instead of the current one in some
situations (such as Google App Engine).

GOOGLE_CLOUD_QUOTA_PROJECT

The quota project id to be set on the credential. The value from the environment variable will override any quota project that is present in the credential detected by the ADC mechanism.

A quota project is a Google Cloud Project that will be used for billing and quota limits.

More information:

- gcloud auth application-default set-quota-project
- Work with quotas

GOOGLE_CLOUD_CPP_USER_PROJECT

Same as GOOGLE_CLOUD_QUOTA_PROJECT, but used for C++.

GOOGLE_APPLICATION_CREDENTIALS

Environment variable defining the location of Google application default credentials.

CLOUDSDK_CONFIG

Environment variable defining the location of Google Cloud SDK’s config files.

Configurations are stored in your user config directory (typically ~/.config/gcloud on MacOS and Linux, or %APPDATA%\gcloud on Windows); you can find the location of your config directory by running:

gcloud info --format='value(config.paths.global_config_dir)'

The config directory can be changed by setting the environment variable CLOUDSDK_CONFIG. Also, note that the config directory must be write-enabled. However, if you’re using Cloud Shell, your gcloud CLI preferences are stored in a temporary tmp folder, set for your current Cloud Shell tab only, and do not persist across sessions.

GCE_METADATA_HOST

GCE_METADATA_ROOT

Environment variable providing an alternate hostname or host:port to be used for GCE metadata requests.

This environment variable was originally named GCE_METADATA_ROOT. System will
check the new variable first; should there be no value present, the system falls back to the old variable.

GCE_METADATA_IP

Environment variable providing an alternate ip:port to be used for IP-only GCE metadata requests.

The default value is 169.254.169.254. Normally the hostname metadata.google.internal is 169.254.169.254.

This environment variable is useful for environments where 169.254.169.254 is already used by other metadata servers, eg AWS, Azure, etc.

The default endpoint for the metadata server is http://metadata.google.internal/computeMetadata/v1.

GOOGLE_API_USE_CLIENT_CERTIFICATE

Environment variable controlling whether to use client certificate or not. The default value is false. Users have to explicitly set this value to true in order to use client certificate to establish a mutual TLS channel.