From 242b218a4d7b493a48234a90c87e26a818d8f157 Mon Sep 17 00:00:00 2001
From: Christoffer Eide <christoffer.eide@tv2.no>
Date: Mon, 19 Aug 2024 10:50:43 +0200
Subject: [PATCH] Updated readme with GOOGLE_CREDENTIALS env var

Signed-off-by: Christoffer Eide <christoffer.eide@tv2.no>
---
 README.rst | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/README.rst b/README.rst
index e8406032b..22e413fb0 100644
--- a/README.rst
+++ b/README.rst
@@ -235,6 +235,44 @@ you can enable application default credentials using the sdk:
 
     $ gcloud auth application-default login
 
+It's also possible to configure the credentials using the env var ``GOOGLE_CREDENTIALS``.
+This can either point to a file or JSON content.
+
+.. code:: sh
+
+    export GOOGLE_CREDENTIALS=$(cat credentials.json)
+    export GOOGLE_CREDENTIALS=credentials.json
+
+Supported formats are:
+
+Credentials file:
+
+.. code:: json
+
+    {
+        "type": "service_account",
+        "project_id": "my-project",
+        "private_key_id": "66a4119f8aefbe8687ef0e14c6e7e0e1844b7950",
+        "private_key": "***",
+        "client_email": "my-service-account@my-project.iam.gserviceaccount.com",
+        "client_id": "1234567890",
+        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+        "token_uri": "https://oauth2.googleapis.com/token",
+        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+        "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/my-service-account%40my-project.iam.gserviceaccount.com",
+        "universe_domain": "googleapis.com"
+    }
+
+Access token:
+
+.. code:: json
+
+    {
+      "access_token": "***",
+      "expires_in": 3599,
+      "token_type": "Bearer"
+    }
+
 Encrypting/decrypting with GCP KMS requires a KMS ResourceID. You can use the
 cloud console the get the ResourceID or you can create one using the gcloud
 sdk: