Where are Google Application Default Credentials stored?
I'll one-up the response by Peter V. Mørch and say that none of the answers here are correct, and maybe even ever were!
As mentioned in the other answers, the credentials used by gcloud and other Google Cloud SDK tools like bq and gsutil are stored in a database at ~/.config/gcloud/credentials.db. However, the question was on application default credentials (ADC), and the credentials in credentials.db are not used as part of ADC.
- To create credentials for use by ADC you run
gcloud auth application-default login, which creates a credential file at~/.config/gcloud/application_default_credentials.json. - To create credentials for use by the Cloud SDK you run
gcloud auth login(orgcloud auth activate-service-account), which appends an entry in thecredentials.dbdatabase.
These different credentials do not have to authenticate the same user; logging in using gcloud auth login does not enable the ADC.
I've written a blog post on this that goes into some more detail: Authentication on GCP: Application Default Credentials.
Windows:
C:\Users\%username%\AppData\Roaming\gcloud\credentials
C:\Users\%username%\AppData\Roaming\gcloud\legacy_credentials
I found them. They are in ~/.config/gcloud/credentials. I was able to pass the default credentials to the docker image I'm working on by mounting them docker run --rm -it -v ~/.config/gcloud:/root/.config/gcloud alpine:3.4 sh.