I am trying to write a Java program to download Vault export data to a Google Cloud storage bucket since the export data gets deleted after 2 weeks. The Vault data is associated with the typical GCS bucket and object identities so it is presumably stored in GCS. It appears there are two Java client libraries, com.google.cloud.storage and com.google.api.services.storage which seem to do what I need but work in different ways and work with different authentication sources(credential(s) objects) . If I use com.google.api.services.storage I can get everything to work but only with an end user authentication flow. However, if I use com.google.cloud.storage I get a 403 unaurthorized on the vault bucket even when accessing with the same Id that worked with com.google.api.services.storage. I am using my the Google Workspace Id since it has access to the Vault bucket and to the GCS bucket. One last point, com.google.api.services.storage Storage object is instantiated with a com.google.api.client.auth.oauth2.Credential object and com.google.cloud.storage works with com.google.auth.oauth2.GoogleCredentials object.
To summarize, can I use either of the client libraries to access Vault export data and if so, how do I grant access to the vault data so that it can be accessed by com.google.cloud.storage libraries.
I was able to use
com.google.cloud.storageto read the Vault storage object by using service account credentials and delegating to my Gsuite ID.