Authentication using environment variables


    The article is being updated.

    When using this method, the authentication mode and its parameters are defined by the environment that an application is run in, as described here.

    By setting one of the following environment variables, you can control the authentication method:

    • YDB_SERVICE_ACCOUNT_KEY_FILE_CREDENTIALS=<path/to/sa_key_file>: Use a service account file in Yandex Cloud.
    • YDB_ANONYMOUS_CREDENTIALS="1": Use anonymous authentication. Relevant for testing against a Docker container with YDB.
    • YDB_METADATA_CREDENTIALS="1": Use the metadata service inside Yandex Cloud (a Yandex function or a VM).
    • YDB_ACCESS_TOKEN_CREDENTIALS=<access_token>: Use token-based authentication.

    Below are examples of the code for authentication using environment variables in different YDB SDKs.

    package main
    import (
    	environ ""
    func main() {
    	ctx, cancel := context.WithCancel(context.Background())
    	defer cancel()
    	db, err := ydb.Open(ctx,
    	if err != nil {
    	defer func() { 
    		_ = db.Close(ctx) 
    public void work(String connectionString) {
        AuthProvider authProvider = CloudAuthHelper.getAuthProviderFromEnviron();
        GrpcTransport transport = GrpcTransport.forConnectionString(connectionString)
        TableClient tableClient = TableClient