Get a Google Cloud API key

To use Gemini on Vertex AI, authenticate by using a Google Cloud API key or application default credentials. We recommend using an API key for testing and using application default credentials for production.

This page shows you how to get a Google Cloud API key based on whether you're a new or existing Google Cloud user.

Select your user type:

Create a Google Cloud API key

If you already are a standard Google Cloud user with billing enabled, use the following instructions to get a standard Google Cloud API key. Alternatively, you can use application default credentials instead of using an API key.

Before you begin

Select a project, enable billing, enable the Vertex AI API

  1. Sign in to your Google Account.

    If you don't already have one, sign up for a new account.

  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    Go to project selector

  3. Verify that billing is enabled for your Google Cloud project.

  4. Enable the Vertex AI API.

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles.

    Enable the API

  5. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    Go to project selector

  6. Verify that billing is enabled for your Google Cloud project.

  7. Enable the Vertex AI API.

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles.

    Enable the API

    8.

Enable service account API key creation

  1. Open IAM & Admin > Organization policies.
  2. In the list of policies, filter for policies called iam.managed.disableServiceAccountApiKeyCreation.
  3. Click Actions > Edit policy.
  4. Under Policy source, select Override parent's policy, then click Add a rule.
  5. Under Enforcement, select Off.
  6. Click Done.
  7. Click Set policy. In the dialog that pops up, click Set policy again.

Create a new service account

  1. Open IAM & Admin > Service Accounts.
  2. Click Create service account.
  3. Configure the service account as follows:
    • Service account name: vertex-ai-runner
    • Service account ID: vertexairunner
  4. Click Create and continue.
  5. Under Permissions, click Select a role and select Vertex AI Platform Express User from the menu.
  6. Click Continue.
  7. Click Done.

Create an API key

  1. Open APIs & Services > Credentials.
  2. Click Create credentials > API key.
  3. Configure the API key as follows:
    • Name: vertexaiapikey
    • Authenticate API calls through a service account: Selected.
  4. Click Select service account.
  5. Select the service account you created in the previous step and click Select.
  6. Click Create.

Make your first API request

After getting an API key, learn how to use your API key to make your first request in the API quickstart.

Optional: Set up your API key locally

For initial testing, you can hard code an API key, but this should only be temporary since it is not secure. The rest of this section goes through how to set up your API key locally as an environment variable with different operating systems.

Click to expand instructions

Linux/macOS

  1. Run the following command to see which command-line shell you are using:

    echo $SHELL

    The output is similar to the following:

    /bin/bash

  2. Add a shell export variable for your API key, by doing one of the following:

    • If the output of the previous step is /bin/bash:

      1. Open .bashrc:

        touch ~/.bashrc
        open ~/.bashrc

      2. Add the following line to .bashrc:

        export API_KEY=YOUR_API_KEY

      3. Save the file, then run the following to apply the changes:

        source ~/.bashrc

    • If the output of the previous step is /bin/zsh:

      1. Open .zshrc:

        touch ~/.zshrc
        open ~/.zshrc

      2. Add the following line to .zshrc:

        export API_KEY= YOUR_API_KEY

      3. Save the file, then run the following to apply the changes:

        source ~/.zshrc

Windows

  1. Search for "Environment Variables" in the system settings
  2. Edit either "User variables" (for current user) or "System variables" (for all users - use with caution).
  3. Create the variable and add export API_KEY=YOUR_API_KEY
  4. Apply the changes