Starting April 29, 2025, Gemini 1.5 Pro and Gemini 1.5 Flash models are not available in projects that have no prior usage of these models, including new projects. For details, see Model versions and lifecycle.

Get a Google Cloud API key

This guide shows how to get a Google Cloud API key to use Gemini on Vertex AI, covering the following topics:

Authentication Options: A comparison of using an API key versus Application Default Credentials.
Get an API Key (New Users): How to get an API key quickly if you don't have a Google Cloud account.
Get an API Key (Existing Users): How to generate a standard API key if you already have a Google Cloud account.

Authentication Options

To use Gemini on Vertex AI, you need to authenticate. The following table compares the two primary authentication methods.

Method	Description	Pros	Cons	Best for
Google Cloud API Key	A simple encrypted string that grants access to Google Cloud APIs.	Easy and fast to set up.	Less secure; requires careful management to prevent exposure.	Quickstarts, prototyping, and initial development.
Application Default Credentials (ADC)	A strategy that finds credentials automatically based on the application environment.	More secure; credentials are not hardcoded. Manages credential rotation automatically.	Requires more initial setup and understanding of IAM.	Production and security-sensitive environments.

We recommend using an API key for initial testing and using Application Default Credentials for production. This page shows you how to get a Google Cloud API key based on whether you already have a Google Cloud account.

Select whether you have a Google Cloud account:

Create a Google Cloud API key

If you already have a Google Cloud account, use the following instructions to get a standard Google Cloud API key.

Before you begin

Concepts

Service Account: A special type of Google account intended to represent a non-human user that needs to authenticate and be authorized to access data in Google APIs.
API Key: A simple encrypted string that identifies a Google project for purposes of quota, billing, and monitoring.
IAM (Identity and Access Management): Defines who (identity) has what access (role) for which resource.

Prerequisites

Select a project, enable billing, and enable the Vertex AI API

If you don't already have one, sign up for a new account.

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Verify that billing is enabled for your Google Cloud project.

Enable the Vertex AI API.

Enable the API

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Verify that billing is enabled for your Google Cloud project.

Enable the Vertex AI API.

Enable the API

Step 1: Enable service account API key creation

Important: To perform this step, your user account must have the Organization Policy Administrator role enabled for your organization. If you don't have this role or can't make this configuration, use application default credentials instead.

Open IAM & Admin > Organization policies.
In the list of policies, filter for policies called iam.managed.disableServiceAccountApiKeyCreation.
Click Actions > Edit policy.
Under Policy source, select Override parent's policy, then click Add a rule.
Under Enforcement, select Off.
Click Done.
Click Set policy. In the dialog that pops up, click Set policy again.

Step 2: Create a new service account

Open IAM & Admin > Service Accounts.
Click Create service account.
Configure the service account as follows:
- Service account name: vertex-ai-runner
- Service account ID: vertexairunner
Click Create and continue.
Under Permissions, click Select a role and select Vertex AI Platform Express User from the menu.
Click Continue.
Click Done.

Step 3: Create an API key

Open APIs & Services > Credentials.
Click Create credentials > API key.
Configure the API key as follows:
- Name: vertexaiapikey
- Authenticate API calls through a service account: Selected.
Click Select service account.
Select the service account you created in the previous step and click Select.
Click Create.

Make your first API request

After getting an API key, learn how to use your API key to make your first request in the API quickstart.

Optional: Set up your API key locally

For initial testing, you can hard code an API key, but this is not secure and should only be temporary. The following instructions show how to set up your API key locally as an environment variable.

Set the API key as an environment variable

Linux/macOS

Run the following command to see which command-line shell you are using:
```
echo $SHELL
```
The output is similar to the following:
```
/bin/bash
```
Add a shell export variable for your API key, based on your shell:
- If your shell is /bin/bash:
  1. Open .bashrc:
```
touch ~/.bashrc
open ~/.bashrc
```
  2. Add the following line to .bashrc, replacing <var>YOUR_API_KEY</var> with your key:
```
export GEMINI_API_KEY=<var>YOUR_API_KEY</var>
```
  3. Save the file, then run the following to apply the changes:
```
source ~/.bashrc
```
- If your shell is /bin/zsh:
  1. Open .zshrc:
```
touch ~/.zshrc
open ~/.zshrc
```
  2. Add the following line to .zshrc, replacing <var>YOUR_API_KEY</var> with your key:
```
export GEMINI_API_KEY=<var>YOUR_API_KEY</var>
```
  3. Save the file, then run the following to apply the changes:
```
source ~/.zshrc
```

Windows

Open the Start menu and search for "Environment Variables".
Click "Edit the system environment variables".
In the System Properties window, click the "Environment Variables" button.
In the "User variables" section, click "New...".
For "Variable name", enter GEMINI_API_KEY.
For "Variable value", paste your API key.
Click "OK" on all open windows to apply the changes.
Restart any open terminal or command prompt windows for the changes to take effect.

WARNING: It's important to keep your API key secure. Keep the following in mind when using your API key:

For production applications, Google Cloud recommends using application default credentials as a more secure way to authenticate.
Vertex AI uses API keys for authorization. If others get access to your API key, they can make calls using your project's quota, which could result in lost quota or additional charges, in addition to accessing your tuned models and files.
Adding API key restrictions can help limit the surface area usable through each API key.
You are responsible for keeping your API key secure.
- Do not check API keys into source control.
- Client-side applications (Android, Swift, web, and Dart/Flutter) risk exposing API keys. We don't recommend using the Google AI client SDKs to call the API directly from your mobile and web apps.

For general best practices, see this support article on API key security.

Get a Google Cloud API key Stay organized with collections Save and categorize content based on your preferences.

Authentication Options

Create a Google Cloud API key

Before you begin

Concepts

Prerequisites

Select a project, enable billing, and enable the Vertex AI API

Step 1: Enable service account API key creation

Step 2: Create a new service account

Step 3: Create an API key

Make your first API request

Optional: Set up your API key locally

Set the API key as an environment variable

Linux/macOS

Windows

Get a Google Cloud API key