open-vault/website/content/docs/agent/autoauth/methods/gcp.mdx

---
layout: docs
page_title: Vault Agent Auto-Auth GCP Method
description: GCP Method for Vault Agent Auto-Auth
---

# Vault Agent Auto-Auth GCP Method

The `gcp` method performs authentication against the [GCP Auth
method](/docs/auth/gcp). Both `gce` and `iam`
authentication types are supported.

## Credentials

Vault will use the GCP SDK's normal credential chain behavior. You can set a
static `credentials` value, but it is usually not needed. If running on GCE
using Application Default Credentials, you may need to specify the service
account and project since ADC does not provide metadata used to automatically
determine these.

## Configuration

- `type` `(string: required)` - The type of authentication; must be `gce` or `iam`

- `role` `(string: required)` - The role to authenticate against on Vault

- `credentials` `(string: optional)` - When using static credentials, the
  contents of the JSON credentials file

- `service_account` `(string: optional)` - The service account to use, if it
  cannot be automatically determined

- `jwt_exp` `(string or int: optional)` - The number of minutes a generated JWT
  should be valid for when using the `iam` method; defaults to 15 minutes
VSI (#4985) 2018-07-25 02:02:27 +00:00			`---`
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`layout: docs`
			`page_title: Vault Agent Auto-Auth GCP Method`
			`description: GCP Method for Vault Agent Auto-Auth`
VSI (#4985) 2018-07-25 02:02:27 +00:00			`---`

New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes 2020-01-18 00:18:09 +00:00			`# Vault Agent Auto-Auth GCP Method`
VSI (#4985) 2018-07-25 02:02:27 +00:00
			The `gcp` method performs authentication against the [GCP Auth
[website] Link Cleaning (#8205) * update dependencies * remove hard-coded vaultproject.io on local links * remove 'index.html' from internal links * remove '.html' at end of internal links * manual review cleanup Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com> 2020-01-22 20:05:41 +00:00			method](/docs/auth/gcp). Both `gce` and `iam`
VSI (#4985) 2018-07-25 02:02:27 +00:00			`authentication types are supported.`

			`## Credentials`

			`Vault will use the GCP SDK's normal credential chain behavior. You can set a`
Update GCP auth docs for signJwt transition to Service Account Credentials API (#11568) 2021-05-11 23:57:12 +00:00			static `credentials` value, but it is usually not needed. If running on GCE
VSI (#4985) 2018-07-25 02:02:27 +00:00			`using Application Default Credentials, you may need to specify the service`
			`account and project since ADC does not provide metadata used to automatically`
			`determine these.`

			`## Configuration`

			- `type` `(string: required)` - The type of authentication; must be `gce` or `iam`

			- `role` `(string: required)` - The role to authenticate against on Vault

			- `credentials` `(string: optional)` - When using static credentials, the
			`contents of the JSON credentials file`

			- `service_account` `(string: optional)` - The service account to use, if it
			`cannot be automatically determined`

			- `jwt_exp` `(string or int: optional)` - The number of minutes a generated JWT
			should be valid for when using the `iam` method; defaults to 15 minutes