Feature Request: Support explicit service account credential path

[lupuletic]

Problem Statement

When running the Java profiler agent on-premises or in environments where the application already uses GOOGLE_APPLICATION_CREDENTIALS for a different Google Cloud service,
there is no way to provide separate credentials for the profiler.

Current Behavior

The profiler agent currently only supports authentication via:

1. GOOGLE_APPLICATION_CREDENTIALS environment variable (calls grpc::GoogleDefaultCredentials())
2. Application Default Credentials from GCP metadata service (not available on-premises)

Use Case

We have a Java application running on-premises (self-managed Kubernetes cluster) that:

• Uses Google Retail API with credentials at /config/secrets/google-retail-service-account.json
• Sets GOOGLE_APPLICATION_CREDENTIALS=/config/secrets/google-retail-service-account.json
• Needs to send profiling data to Cloud Profiler using different credentials

Currently, we cannot use both services simultaneously because they conflict over the GOOGLE_APPLICATION_CREDENTIALS environment variable.

Proposed Solution

Add a new command-line flag: -cprof_service_account_json_file that allows specifying an explicit path to a service account JSON file for profiler authentication.

Example Usage

-agentpath:/opt/cprof/profiler_java_agent.so=-cprof_service=myapp,-cprof_service_account_json_file=/etc/gcp/profiler-credentials.json

Related Issues

This affects anyone running the profiler:

• On-premises or in non-GCP environments
• Alongside other Google Cloud services (Retail API, Vertex AI, etc.)
• With security requirements for separate service accounts per service

Additional Context

We're willing to contribute the implementation if this approach is acceptable to the maintainers.