docs(onboarding): document ADC for Vertex AI, warn against placeholder creds#1705
Open
niti-go wants to merge 1 commit into
Open
docs(onboarding): document ADC for Vertex AI, warn against placeholder creds#1705niti-go wants to merge 1 commit into
niti-go wants to merge 1 commit into
Conversation
…r creds The Vertex AI section only described the service-account key-file path and used a placeholder VERTEX_CREDENTIALS=/path/to/service-account.json. A non-empty placeholder is treated as a real credential and disables PDD's ADC fallback, breaking Vertex auth. Add ADC as the simplest path, keep the key-file method as a fallback, and warn against placeholder values. Co-Authored-By: Claude Opus 4.8 <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The Vertex AI section of the onboarding guide only documented the service-account key-file path and showed a placeholder
VERTEX_CREDENTIALS=/path/to/service-account.json. Two problems:VERTEX_CREDENTIALS/GOOGLE_APPLICATION_CREDENTIALSis unset and a project is configured (pdd/llm_invoke.py). Anyone withgcloudcan use Vertex without creating a key file — the guide never said so.VERTEX_CREDENTIALS(even the example placeholder) is treated as a real credential byresolve_api_key_from_envand disables the ADC fallback, so Vertex auth fails on a missing file. Following the doc literally could break Vertex.Changes (docs-only)
gcloud auth application-default login, give the account the Vertex AI User role, set project/location, and leaveVERTEX_CREDENTIALSunset.VERTEX_CREDENTIALSto a placeholder path.Why it matters
New users can set up Vertex with a login they likely already have, instead of being told to create and download a service-account key — and they avoid the placeholder trap that silently breaks auth.
Verification
Confirmed PDD reaches Vertex AI via ADC alone (no key file) at both
globalandus-central1usingvertex_ai/gemini-2.5-flash.Opened as a draft for review.