Gemini CLI
Documentation/Authentication
Authentication Guide

Authentication & API Keys

Set up secure authentication for Gemini CLI to access Google's AI services. Learn about API keys, OAuth, and security best practices.

Authentication Methods

API Key
Simple and direct authentication
  • β€’ Quick setup
  • β€’ Best for personal use
  • β€’ Environment variables
  • β€’ No browser required
OAuth 2.0
Secure delegated access
  • β€’ More secure
  • β€’ Team collaboration
  • β€’ Granular permissions
  • β€’ Token refresh
Service Account
Server-to-server authentication
  • β€’ Production ready
  • β€’ CI/CD integration
  • β€’ No user interaction
  • β€’ JSON key files

API Key Setup (Recommended)

1

Get Your API Key

First, you'll need to create an API key from Google AI Studio:

  1. 1.

    Visit Google AI Studio

    Sign in with your Google account

  2. 2.

    Click the "Create API Key" button

    Choose an existing project or create a new one

  3. 3.

    Copy your API key and store it securely

    This key will only be shown once

2

Configure Gemini CLI

Interactive Authentication

The easiest way to set up authentication. Gemini CLI will prompt you for your API key.

# Start interactive authentication
gemini auth login

# Follow the prompts to enter your API key
# The key will be securely stored for future use

OAuth 2.0 Setup (Advanced)

1. Create OAuth Credentials

  1. Go to Google Cloud Console
  2. Create or select a project
  3. Click "Create Credentials" β†’ "OAuth 2.0 Client ID"
  4. Configure OAuth consent screen if prompted
  5. Select "Desktop application" as application type
  6. Download the JSON credentials file

2. Configure OAuth

# Set credentials file path
export GOOGLE_APPLICATION_CREDENTIALS="path/to/credentials.json"

# Start OAuth flow
gemini auth login --oauth

# This will open a browser for authentication
# Follow the prompts to authorize access

Service Account (Production)

1. Create Service Account

  1. Go to Service Accounts page
  2. Click "Create Service Account"
  3. Enter name and description
  4. Grant necessary roles (AI Platform User)
  5. Create and download JSON key file

2. Configure Service Account

# Set service account key file
export GOOGLE_APPLICATION_CREDENTIALS="path/to/service-account-key.json"

# Verify authentication
gemini auth status

# Alternative: Use gcloud to activate service account
gcloud auth activate-service-account --key-file="path/to/service-account-key.json"

Verify Authentication

Check Authentication Status

# Check current authentication status
gemini auth status

# Test with a simple query
gemini ask "Hello, can you hear me?"

# Check available models
gemini models list

Expected Output

βœ“ Authentication: Success
βœ“ API Key: β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’abc123
βœ“ Project: my-ai-project
βœ“ Quota: 1000 requests/day remaining
βœ“ Models: gemini-pro, gemini-pro-vision available

Security Best Practices

Do's
  • Use environment variables for API keys
  • Rotate API keys regularly
  • Use least privilege principle
  • Monitor API usage and quotas
  • Use service accounts in production
  • Enable API restrictions when possible
Don'ts
  • Don't commit API keys to version control
  • Don't share API keys in chat/email
  • Don't use API keys in client-side code
  • Don't use overly broad permissions
  • Don't ignore quota warnings
  • Don't use the same key everywhere

Troubleshooting

Authentication Complete!
Perfect! You've successfully set up authentication. Now you're ready to use all Gemini CLI features.
Explore Commands
Learn about all available commands
Getting Started Tutorial
Follow step-by-step examples
InstallationCommands