playbooks

home / skills / adaptationio / skrillz / gemini-auth

gemini-auth skill

/skills/gemini-auth

npx playbooks add skill adaptationio/skrillz --skill gemini-auth

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
9.4 KB
---
name: gemini-auth
description: Setup and manage Gemini CLI authentication methods including OAuth, API keys, and Vertex AI. Use when configuring Gemini access, switching auth methods, or troubleshooting authentication issues.
---

# Gemini Authentication Management

Comprehensive authentication setup and management for Gemini CLI, supporting OAuth, API keys, and Vertex AI.

## Authentication Methods

### 1. Google OAuth (Free Tier)

**Benefits:**
- No API key management
- 60 requests/minute
- 1,000 requests/day
- Access to Gemini 2.5 Pro
- 1M token context window

```bash
# Initial setup
gemini
# Opens browser for Google account login

# Check auth status
gemini auth status

# Refresh token
gemini auth refresh

# Logout
gemini auth logout
```

### 2. API Key Setup

**Benefits:**
- Programmatic access
- No browser required
- Scriptable workflows

```bash
# Get API key from https://aistudio.google.com/

# Method 1: Environment variable
export GEMINI_API_KEY="your-api-key-here"

# Method 2: User config file
mkdir -p ~/.gemini
echo 'GEMINI_API_KEY="your-api-key-here"' > ~/.gemini/.env
chmod 600 ~/.gemini/.env

# Method 3: Project config
mkdir -p ./.gemini
echo 'GEMINI_API_KEY="your-api-key-here"' > ./.gemini/.env
echo '.gemini/' >> .gitignore

# Verify (auto-execute test)
gemini --yolo -p "Test authentication and report status"
```

### 3. Vertex AI (Enterprise)

**Benefits:**
- Enterprise security
- Higher rate limits
- Advanced features
- Service account support

```bash
# Setup Google Cloud CLI
curl https://sdk.cloud.google.com | bash
exec -l $SHELL
gcloud init

# Configure project
export GOOGLE_CLOUD_PROJECT="your-project-id"
export GOOGLE_CLOUD_LOCATION="us-central1"

# Service account setup
gcloud iam service-accounts create gemini-cli \
  --display-name="Gemini CLI Service Account"

gcloud projects add-iam-policy-binding ${GOOGLE_CLOUD_PROJECT} \
  --member="serviceAccount:gemini-cli@${GOOGLE_CLOUD_PROJECT}.iam.gserviceaccount.com" \
  --role="roles/aiplatform.user"

gcloud iam service-accounts keys create ~/gemini-sa-key.json \
  --iam-account=gemini-cli@${GOOGLE_CLOUD_PROJECT}.iam.gserviceaccount.com

export GOOGLE_APPLICATION_CREDENTIALS="~/gemini-sa-key.json"

# Test connection (auto-execute)
gemini --yolo -p "Test Vertex AI authentication and report project details"
```

## Authentication Configuration

### Priority Order

Gemini CLI checks authentication in this order:
1. Command-line flags
2. Environment variables
3. Project .gemini/.env
4. User ~/.gemini/.env
5. OAuth tokens
6. Interactive prompt

### Configuration File

```json
// ~/.gemini/config.json
{
  "auth": {
    "method": "oauth",  // oauth, apikey, vertex
    "autoRefresh": true,
    "timeout": 30000
  },
  "apiKey": {
    "source": "env",  // env, file, prompt
    "envVar": "GEMINI_API_KEY",
    "filePath": "~/.gemini/.env"
  },
  "vertex": {
    "project": "auto",  // auto, specific-project-id
    "location": "us-central1",
    "credentials": "auto"  // auto, path/to/key.json
  }
}
```

## Workflow Scripts

### Multi-Account Management

```bash
#!/bin/bash
# Switch between multiple accounts

switch_gemini_account() {
  local account=$1
  
  case $account in
    personal)
      unset GEMINI_API_KEY
      unset GOOGLE_APPLICATION_CREDENTIALS
      gemini auth logout
      gemini  # Trigger OAuth
      ;;
    
    work)
      export GEMINI_API_KEY="$(pass show gemini/work-api-key)"
      unset GOOGLE_APPLICATION_CREDENTIALS
      ;;
    
    enterprise)
      unset GEMINI_API_KEY
      export GOOGLE_CLOUD_PROJECT="company-project"
      export GOOGLE_APPLICATION_CREDENTIALS="~/keys/company-sa.json"
      ;;
    
    *)
      echo "Unknown account: $account"
      echo "Available: personal, work, enterprise"
      return 1
      ;;
  esac
  
  echo "Switched to $account account"
  # Auto-validate authentication with YOLO mode
  gemini --yolo -p "Test authentication and report current auth method and quota status"
}

# Automated account testing
test_all_accounts() {
  for account in personal work enterprise; do
    echo "Testing $account account..."
    switch_gemini_account "$account"
    gemini --yolo -p "Quick test: what is 2+2? Also report account type and remaining quota."
  done
}

# Usage
switch_gemini_account personal
```

### Secure API Key Storage

```bash
#!/bin/bash
# Secure API key management with pass

# Install pass (password store)
sudo apt-get install pass  # Debian/Ubuntu
brew install pass          # macOS

# Initialize pass
gpg --gen-key
pass init [email protected]

# Store API key securely
pass insert gemini/api-key

# Use in scripts
export GEMINI_API_KEY="$(pass show gemini/api-key)"

# Or with keychain (macOS)
security add-generic-password \
  -a "$USER" \
  -s "gemini-api-key" \
  -w "your-api-key-here"

# Retrieve from keychain
export GEMINI_API_KEY="$(security find-generic-password -s 'gemini-api-key' -w)"
```

### Rate Limit Management

```bash
#!/bin/bash
# Handle rate limits gracefully

gemini_with_retry() {
  local prompt="$1"
  local use_yolo="${2:-false}"
  local max_retries=3
  local retry_delay=60
  
  local yolo_flag=""
  if [ "$use_yolo" = "true" ]; then
    yolo_flag="--yolo"
  fi
  
  for i in $(seq 1 $max_retries); do
    if gemini $yolo_flag -p "$prompt"; then
      return 0
    else
      if [ $i -lt $max_retries ]; then
        echo "Rate limited. Waiting ${retry_delay}s before retry $((i+1))/${max_retries}..."
        sleep $retry_delay
        retry_delay=$((retry_delay * 2))  # Exponential backoff
      fi
    fi
  done
  
  echo "Failed after $max_retries retries"
  return 1
}

# YOLO-enabled retry for automated workflows
gemini_yolo_retry() {
  local prompt="$1"
  gemini_with_retry "$prompt" true
}

# Track usage
track_gemini_usage() {
  local log_file="~/.gemini/usage.log"
  local timestamp=$(date '+%Y-%m-%d %H:%M:%S')
  echo "$timestamp - Request made" >> "$log_file"
  
  # Count today's requests
  local today=$(date '+%Y-%m-%d')
  local count=$(grep "$today" "$log_file" | wc -l)
  
  echo "Requests today: $count/1000"
  
  if [ $count -ge 950 ]; then
    echo "WARNING: Approaching daily limit!"
  fi
}
```

## Troubleshooting

### Debug Authentication

```bash
# Enable debug mode
export GEMINI_DEBUG=true

# Check all auth sources
gemini auth debug

# Test each method
gemini auth test oauth
gemini auth test apikey
gemini auth test vertex
```

### Common Issues

1. **OAuth Token Expired**
```bash
rm -rf ~/.gemini/auth/tokens
gemini auth refresh
```

2. **API Key Not Found**
```bash
# Check environment
echo $GEMINI_API_KEY

# Check files
cat ~/.gemini/.env
cat ./.gemini/.env

# Validate key
curl -H "x-api-key: $GEMINI_API_KEY" \
  https://generativelanguage.googleapis.com/v1/models
```

3. **Vertex AI Permissions**
```bash
# Check service account
gcloud auth list

# Verify roles
gcloud projects get-iam-policy $GOOGLE_CLOUD_PROJECT \
  --flatten="bindings[].members" \
  --filter="bindings.members:gemini-cli@"

# Test API access
gcloud ai models list --region=$GOOGLE_CLOUD_LOCATION
```

## Security Best Practices

### API Key Security

```bash
# Never commit keys
echo '.env' >> .gitignore
echo '.gemini/' >> .gitignore
echo '*.key' >> .gitignore
echo '*.json' >> .gitignore  # For service account keys

# Use environment-specific keys
if [ "$ENV" = "production" ]; then
  export GEMINI_API_KEY="$PROD_GEMINI_KEY"
else
  export GEMINI_API_KEY="$DEV_GEMINI_KEY"
fi

# Rotate keys regularly
rotate_api_key() {
  local old_key=$GEMINI_API_KEY
  local new_key=$(generate_new_key)  # Your key generation
  
  export GEMINI_API_KEY=$new_key
  
  if gemini -p "Test new key"; then
    revoke_old_key $old_key
    echo "Key rotated successfully"
  else
    export GEMINI_API_KEY=$old_key
    echo "Rotation failed, reverting"
  fi
}
```

### Audit Logging

```bash
#!/bin/bash
# Log all Gemini CLI usage

audit_gemini() {
  local log_dir="~/.gemini/audit"
  mkdir -p "$log_dir"
  
  local log_file="${log_dir}/$(date '+%Y-%m-%d').log"
  local timestamp=$(date '+%Y-%m-%d %H:%M:%S')
  local user=$(whoami)
  local auth_method="unknown"
  
  if [ -n "$GEMINI_API_KEY" ]; then
    auth_method="apikey"
  elif [ -n "$GOOGLE_APPLICATION_CREDENTIALS" ]; then
    auth_method="vertex"
  elif [ -f "~/.gemini/auth/tokens" ]; then
    auth_method="oauth"
  fi
  
  echo "$timestamp | $user | $auth_method | $*" >> "$log_file"
  
  # Execute original command
  gemini "$@"
}

alias gemini='audit_gemini'
```

## Integration Examples

### CI/CD Pipeline

```yaml
# GitHub Actions
name: Gemini Analysis
on: [push, pull_request]

jobs:
  analyze:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      
      - name: Setup Node.js
        uses: actions/setup-node@v2
        with:
          node-version: '20'
      
      - name: Install Gemini CLI
        run: npm install -g @google/gemini-cli
      
      - name: Analyze Code
        env:
          GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
        run: |
          gemini --yolo -p "Analyze code quality, generate test reports, and create improvement suggestions"
```

### Docker Integration

```dockerfile
# Dockerfile
FROM node:20-alpine

# Install Gemini CLI
RUN npm install -g @google/gemini-cli

# Copy credentials (build-time)
ARG GEMINI_API_KEY
ENV GEMINI_API_KEY=$GEMINI_API_KEY

# Or mount at runtime
# docker run -v ~/.gemini:/root/.gemini ...

WORKDIR /app
COPY . .

CMD ["gemini", "--yolo", "-p", "Analyze application and generate comprehensive report"]
```

## Related Skills

- `gemini-cli`: Main Gemini CLI integration
- `gemini-chat`: Interactive chat sessions
- `gemini-tools`: Tool execution workflows
- `gemini-mcp`: MCP server management