From e7dd5f4233f07da4a9fc3636485ae756b49082a6 Mon Sep 17 00:00:00 2001
From: Amanda Tarafa Mas <atarafamas@google.com>
Date: Thu, 16 Jan 2025 16:05:15 -0800
Subject: [PATCH] docs: Add warning note about user provided credential
 configurations.

Towards b/389125232
---
 docs/devsite-help/client-configuration.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/devsite-help/client-configuration.md b/docs/devsite-help/client-configuration.md
index 93b162ce0c7e..e22bcc68b506 100644
--- a/docs/devsite-help/client-configuration.md
+++ b/docs/devsite-help/client-configuration.md
@@ -23,6 +23,12 @@ and `Google.Cloud.Translation.V2` libraries support builders as well, but with f
 
 ## Specifying credentials
 
+**Important**: If you accept a credential configuration (credential JSON/File/Stream) from an external source
+for authentication to Google Cloud, you must validate it before providing it to any Google API or library.
+Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data.
+For more information, refer to
+[Validate credential configurations from external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials).
+
 The following properties are used for specifying and configuring which credentials a client
 uses to authenticate and authorize requests. When no properties are set,
 [application default credentials](https://cloud.google.com/docs/authentication/production#automatically) are used.