I was trying to do gcloud compute scp ... and gcloud auth login there is this message
You are running on a Google Compute Engine virtual machine. It is recommended that you use service accounts for authentication. You can run: $ gcloud config set account
ACCOUNTto switch accounts if necessary.Your credentials may be visible to others with access to this virtual machine. Are you sure you want to authenticate with your personal account?
What are the credentials they refer to? (email address, IP, instance name, service accounts, IAM roles...etc?)
The Google Cloud CLI stores credentials relative to your home directory. These credentials are OAuth tokens. Those tokens must be protected as they represent an identity and authorization.
Are the credentials being logged and retrievable somewhere?
No, the credentials are not logged by Google. However, they will be stored in backups and snapshots.
While it says is visible to others with access to this VM, what kind of access levels will be able to see the credentials?
Anyone with sudo privileges. Anyone with IAM privileges to create snapshots and images of the system.
Are the credentials encrypted or in plain text format?
Plain text.
If we do a machine image and create an instance from the image, will the credentials be copied too?
I have not verified this personally, but I believe this to be true.