Try to use Application Default Credentials when GCS is enabled but GCS key is not provided

config.go

@@ -176,6 +176,7 @@ type config struct {
 	S3Enabled           bool
 	S3Region            string
 	S3Endpoint          string
+	GCSEnabled          bool
 	GCSKey              string
 
 	ETagEnabled bool
@@ -307,6 +308,7 @@ func configure() {
 	strEnvConfig(&conf.S3Region, "IMGPROXY_S3_REGION")
 	strEnvConfig(&conf.S3Endpoint, "IMGPROXY_S3_ENDPOINT")
 
+	boolEnvConfig(&conf.GCSEnabled, "IMGPROXY_USE_GCS")
 	strEnvConfig(&conf.GCSKey, "IMGPROXY_GCS_KEY")
 
 	boolEnvConfig(&conf.ETagEnabled, "IMGPROXY_USE_ETAG")
@@ -447,6 +449,11 @@ func configure() {
 		}
 	}
 
+	if _, ok := os.LookupEnv("IMGPROXY_USE_GCS"); !ok && len(conf.GCSKey) > 0 {
+		logWarning("Set IMGPROXY_USE_GCS to true since it may be required by future versions to enable GCS support")
+		conf.GCSEnabled = true
+	}
+
 	if err := checkPresets(conf.Presets); err != nil {
 		logFatal(err.Error())
 	}

docs/serving_files_from_google_cloud_storage.md

@@ -2,11 +2,18 @@
 
 imgproxy can process images from Google Cloud Storage buckets. To use this feature, do the following:
 
-1. Set `IMGPROXY_GCS_KEY` environment variable to the content of Google Cloud JSON key. Get more info about JSON keys: [https://cloud.google.com/iam/docs/creating-managing-service-account-keys](https://cloud.google.com/iam/docs/creating-managing-service-account-keys);
+1. Set `IMGPROXY_USE_GCS` environment variable as `true`;
-2. Use `gs://%bucket_name/%file_key` as the source image URL.
+2. [Setup credentials](#setup-credentials) to grant access to your bucket;
+3. Use `gs://%bucket_name/%file_key` as the source image URL.
 
 If you need to specify generation of the source object, you can use query string of the source URL:
 
 ```
 gs://%bucket_name/%file_key?%generation
 ```
+
+### Setup credentials
+
+If you run imgproxy inside Google Cloud infrastructure (Compute Engine, Kubernetes Engine, App Engine, and Cloud Functions, etc), and you have granted access to your bucket to the service account, you probably don't need doing anything here. imgproxy will try to use the credentials provided by Google.
+
+Otherwise, set `IMGPROXY_GCS_KEY` environment variable to the content of Google Cloud JSON key. Get more info about JSON keys: [https://cloud.google.com/iam/docs/creating-managing-service-account-keys](https://cloud.google.com/iam/docs/creating-managing-service-account-keys).

download.go

@@ -77,7 +77,7 @@ func initDownloading() {
 		transport.RegisterProtocol("s3", newS3Transport())
 	}
 
-	if len(conf.GCSKey) > 0 {
+	if conf.GCSEnabled {
 		transport.RegisterProtocol("gs", newGCSTransport())
 	}
 

gcs_transport.go

@@ -15,7 +15,16 @@ type gcsTransport struct {
 }
 
 func newGCSTransport() http.RoundTripper {
-	client, err := storage.NewClient(context.Background(), option.WithCredentialsJSON([]byte(conf.GCSKey)))
+	var (
+		client *storage.Client
+		err    error
+	)
+
+	if len(conf.GCSKey) > 0 {
+		client, err = storage.NewClient(context.Background(), option.WithCredentialsJSON([]byte(conf.GCSKey)))
+	} else {
+		client, err = storage.NewClient(context.Background())
+	}
 
 	if err != nil {
 		logFatal("Can't create GCS client: %s", err)