On June 25, 2025, Google announced that the Google Gen AI SDK is now the preferred method for accessing generative models on Vertex AI, accompanied by a migration guide. However, the guide inadequately addresses authentication via service accounts, a common requirement for production applications. This article highlights this gap, emphasizing the migration process for Python and Go developers.
For Python, migrating involves creating a Credentials object using the google.oauth2.service_account package, ensuring to specify necessary OAuth2 scopes. In Go, developers must manually parse the service account JSON to construct an OAuth2 token provider, as there is no direct equivalent to Python’s simpler method.
Both implementations require using the https://www.googleapis.com/auth/cloud-platform scope, which grants full access to Vertex AI. A significant limitation is the binary choice between broad and read-only permissions, making fine-grained access difficult to implement in production environments. This migration necessitates attention to OAuth2 configuration for effective credential management.
