gemini-auth

1. Google OAuth (Free Tier)

Benefits:

• No API key management
• 60 requests/minute
• 1,000 requests/day
• Access to Gemini 2.5 Pro
• 1M token context window

```bash

# Initial setup

gemini

# Opens browser for Google account login

# Check auth status

gemini auth status

# Refresh token

gemini auth refresh

# Logout

gemini auth logout

```

2. API Key Setup

Benefits:

• Programmatic access
• No browser required
• Scriptable workflows

```bash

# Get API key from https://aistudio.google.com/

# Method 1: Environment variable

export GEMINI_API_KEY="your-api-key-here"

# Method 2: User config file

mkdir -p ~/.gemini

echo 'GEMINI_API_KEY="your-api-key-here"' > ~/.gemini/.env

chmod 600 ~/.gemini/.env

# Method 3: Project config

mkdir -p ./.gemini

echo 'GEMINI_API_KEY="your-api-key-here"' > ./.gemini/.env

echo '.gemini/' >> .gitignore

# Verify (auto-execute test)

gemini --yolo -p "Test authentication and report status"

```

3. Vertex AI (Enterprise)

Benefits:

• Enterprise security
• Higher rate limits
• Advanced features
• Service account support

```bash

# Setup Google Cloud CLI

curl https://sdk.cloud.google.com | bash

exec -l $SHELL

gcloud init

# Configure project

export GOOGLE_CLOUD_PROJECT="your-project-id"

export GOOGLE_CLOUD_LOCATION="us-central1"

# Service account setup

gcloud iam service-accounts create gemini-cli \

--display-name="Gemini CLI Service Account"

gcloud projects add-iam-policy-binding ${GOOGLE_CLOUD_PROJECT} \

--member="serviceAccount:gemini-cli@${GOOGLE_CLOUD_PROJECT}.iam.gserviceaccount.com" \

--role="roles/aiplatform.user"

gcloud iam service-accounts keys create ~/gemini-sa-key.json \

--iam-account=gemini-cli@${GOOGLE_CLOUD_PROJECT}.iam.gserviceaccount.com

export GOOGLE_APPLICATION_CREDENTIALS="~/gemini-sa-key.json"

# Test connection (auto-execute)

gemini --yolo -p "Test Vertex AI authentication and report project details"

```

Priority Order

Gemini CLI checks authentication in this order:

1. Command-line flags
2. Environment variables
3. Project .gemini/.env
4. User ~/.gemini/.env
5. OAuth tokens
6. Interactive prompt

Configuration File

```json

// ~/.gemini/config.json

{

"auth": {

"method": "oauth", // oauth, apikey, vertex

"autoRefresh": true,

"timeout": 30000

},

"apiKey": {

"source": "env", // env, file, prompt

"envVar": "GEMINI_API_KEY",

"filePath": "~/.gemini/.env"

},

"vertex": {

"project": "auto", // auto, specific-project-id

"location": "us-central1",

"credentials": "auto" // auto, path/to/key.json

}

}

```

Multi-Account Management

```bash

#!/bin/bash

# Switch between multiple accounts

switch_gemini_account() {

local account=$1

case $account in

personal)

unset GEMINI_API_KEY

unset GOOGLE_APPLICATION_CREDENTIALS

gemini auth logout

gemini # Trigger OAuth

;;

work)

export GEMINI_API_KEY="$(pass show gemini/work-api-key)"

unset GOOGLE_APPLICATION_CREDENTIALS

;;

enterprise)

unset GEMINI_API_KEY

export GOOGLE_CLOUD_PROJECT="company-project"

export GOOGLE_APPLICATION_CREDENTIALS="~/keys/company-sa.json"

;;

*)

echo "Unknown account: $account"

echo "Available: personal, work, enterprise"

return 1

;;

esac

echo "Switched to $account account"

# Auto-validate authentication with YOLO mode

gemini --yolo -p "Test authentication and report current auth method and quota status"

}

# Automated account testing

test_all_accounts() {

for account in personal work enterprise; do

echo "Testing $account account..."

switch_gemini_account "$account"

gemini --yolo -p "Quick test: what is 2+2? Also report account type and remaining quota."

done

}

# Usage

switch_gemini_account personal

```

Secure API Key Storage

```bash

#!/bin/bash

# Secure API key management with pass

# Install pass (password store)

sudo apt-get install pass # Debian/Ubuntu

brew install pass # macOS

# Initialize pass

gpg --gen-key

pass init your-email@example.com

# Store API key securely

pass insert gemini/api-key

# Use in scripts

export GEMINI_API_KEY="$(pass show gemini/api-key)"

# Or with keychain (macOS)

security add-generic-password \

-a "$USER" \

-s "gemini-api-key" \

-w "your-api-key-here"

# Retrieve from keychain

export GEMINI_API_KEY="$(security find-generic-password -s 'gemini-api-key' -w)"

```

Rate Limit Management

```bash

#!/bin/bash

# Handle rate limits gracefully

gemini_with_retry() {

local prompt="$1"

local use_yolo="${2:-false}"

local max_retries=3

local retry_delay=60

local yolo_flag=""

if [ "$use_yolo" = "true" ]; then

yolo_flag="--yolo"

fi

for i in $(seq 1 $max_retries); do

if gemini $yolo_flag -p "$prompt"; then

return 0

else

if [ $i -lt $max_retries ]; then

echo "Rate limited. Waiting ${retry_delay}s before retry $((i+1))/${max_retries}..."

sleep $retry_delay

retry_delay=$((retry_delay * 2)) # Exponential backoff

fi

fi

done

echo "Failed after $max_retries retries"

return 1

}

# YOLO-enabled retry for automated workflows

gemini_yolo_retry() {

local prompt="$1"

gemini_with_retry "$prompt" true

}

# Track usage

track_gemini_usage() {

local log_file="~/.gemini/usage.log"

local timestamp=$(date '+%Y-%m-%d %H:%M:%S')

echo "$timestamp - Request made" >> "$log_file"

# Count today's requests

local today=$(date '+%Y-%m-%d')

local count=$(grep "$today" "$log_file" | wc -l)

echo "Requests today: $count/1000"

if [ $count -ge 950 ]; then

echo "WARNING: Approaching daily limit!"

fi

}

```

Debug Authentication

```bash

# Enable debug mode

export GEMINI_DEBUG=true

# Check all auth sources

gemini auth debug

# Test each method

gemini auth test oauth

gemini auth test apikey

gemini auth test vertex

```

Common Issues

1. OAuth Token Expired

```bash

rm -rf ~/.gemini/auth/tokens

gemini auth refresh

```

1. API Key Not Found

```bash

# Check environment

echo $GEMINI_API_KEY

# Check files

cat ~/.gemini/.env

cat ./.gemini/.env

# Validate key

curl -H "x-api-key: $GEMINI_API_KEY" \

https://generativelanguage.googleapis.com/v1/models

```

1. Vertex AI Permissions

```bash

# Check service account

gcloud auth list

# Verify roles

gcloud projects get-iam-policy $GOOGLE_CLOUD_PROJECT \

--flatten="bindings[].members" \

--filter="bindings.members:gemini-cli@"

# Test API access

gcloud ai models list --region=$GOOGLE_CLOUD_LOCATION

```

API Key Security

```bash

# Never commit keys

echo '.env' >> .gitignore

echo '.gemini/' >> .gitignore

echo '*.key' >> .gitignore

echo '*.json' >> .gitignore # For service account keys

# Use environment-specific keys

if [ "$ENV" = "production" ]; then

export GEMINI_API_KEY="$PROD_GEMINI_KEY"

else

export GEMINI_API_KEY="$DEV_GEMINI_KEY"

fi

# Rotate keys regularly

rotate_api_key() {

local old_key=$GEMINI_API_KEY

local new_key=$(generate_new_key) # Your key generation

export GEMINI_API_KEY=$new_key

if gemini -p "Test new key"; then

revoke_old_key $old_key

echo "Key rotated successfully"

else

export GEMINI_API_KEY=$old_key

echo "Rotation failed, reverting"

fi

}

```

Audit Logging

```bash

#!/bin/bash

# Log all Gemini CLI usage

audit_gemini() {

local log_dir="~/.gemini/audit"

mkdir -p "$log_dir"

local log_file="${log_dir}/$(date '+%Y-%m-%d').log"

local timestamp=$(date '+%Y-%m-%d %H:%M:%S')

local user=$(whoami)

local auth_method="unknown"

if [ -n "$GEMINI_API_KEY" ]; then

auth_method="apikey"

elif [ -n "$GOOGLE_APPLICATION_CREDENTIALS" ]; then

auth_method="vertex"

elif [ -f "~/.gemini/auth/tokens" ]; then

auth_method="oauth"

fi

echo "$timestamp | $user | $auth_method | $*" >> "$log_file"

# Execute original command

gemini "$@"

}

alias gemini='audit_gemini'

```

CI/CD Pipeline

```yaml

# GitHub Actions

name: Gemini Analysis

on: [push, pull_request]

jobs:

analyze:

runs-on: ubuntu-latest

steps:

- uses: actions/checkout@v2

- name: Setup Node.js

uses: actions/setup-node@v2

with:

node-version: '20'

- name: Install Gemini CLI

run: npm install -g @google/gemini-cli

- name: Analyze Code

env:

GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}

run: |

gemini --yolo -p "Analyze code quality, generate test reports, and create improvement suggestions"

```

Docker Integration

```dockerfile

# Dockerfile

FROM node:20-alpine

# Install Gemini CLI

RUN npm install -g @google/gemini-cli

# Copy credentials (build-time)

ARG GEMINI_API_KEY

ENV GEMINI_API_KEY=$GEMINI_API_KEY

# Or mount at runtime

# docker run -v ~/.gemini:/root/.gemini ...

WORKDIR /app

COPY . .

CMD ["gemini", "--yolo", "-p", "Analyze application and generate comprehensive report"]

```

• gemini-cli: Main Gemini CLI integration
• gemini-chat: Interactive chat sessions
• gemini-tools: Tool execution workflows
• gemini-mcp: MCP server management