diff --git a/dwh/driver.go b/dwh/driver.go
index c6cf095..5b4253a 100644
--- a/dwh/driver.go
+++ b/dwh/driver.go
@@ -6,6 +6,7 @@ import (
 
 	"cloud.google.com/go/bigquery"
 	"google.golang.org/api/iterator"
+	"google.golang.org/api/option"
 )
 
 // Driver handles BigQuery operations for data warehouse queries
@@ -24,9 +25,12 @@ type monthlyUsageRow struct {
 // Constructor and Cleanup
 // ===========================================================================================
 
-// NewDriver creates a new BigQuery Driver instance
-func NewDriver(ctx context.Context, projectID string) (*Driver, error) {
-	clientBQ, err := bigquery.NewClient(ctx, projectID)
+// NewDriver creates a new BigQuery Driver instance.
+// If GOOGLE_APPLICATION_CREDENTIALS_FILE environment variable is set,
+// it will use that JSON credentials file for authentication.
+// Otherwise, it falls back to default credentials (ADC).
+func NewDriver(ctx context.Context, projectID string, credsFile string) (*Driver, error) {
+	clientBQ, err := bigquery.NewClient(ctx, projectID, option.WithCredentialsFile(credsFile))
 	if err != nil {
 		return nil, fmt.Errorf("failed to connect to bigQuery: %w", err)
 	}
diff --git a/env.go b/env.go
index c59ccee..4a77145 100644
--- a/env.go
+++ b/env.go
@@ -21,6 +21,10 @@ const (
 	//   - Example: "your-project-id"
 	gcpProjectIDEnv = "GCP_PROJECT_ID"
 
+	// [REQUIRED]: Path to the JSON credentials file for the data warehouse used by the rate limit store.
+	//   - Example: "/path/to/credentials.json"
+	gcpCredentialsFileEnv = "GOOGLE_APPLICATION_CREDENTIALS_FILE"
+
 	// [OPTIONAL]: Port to run the external auth server on.
 	//   - Default: 10001 if not set
 	portEnv     = "PORT"
@@ -52,6 +56,7 @@ var postgresConnectionStringRegex = regexp.MustCompile(`^postgres(?:ql)?:\/\/[^:
 type envVars struct {
 	postgresConnectionString      string
 	gcpProjectID                  string
+	gcpCredentialsFile            string
 	port                          int
 	loggerLevel                   string
 	portalAppStoreRefreshInterval time.Duration
@@ -66,6 +71,7 @@ func gatherEnvVars() (envVars, error) {
 	e := envVars{
 		postgresConnectionString: os.Getenv(postgresConnectionStringEnv),
 		gcpProjectID:             os.Getenv(gcpProjectIDEnv),
+		gcpCredentialsFile:       os.Getenv(gcpCredentialsFileEnv),
 	}
 
 	// Parse port environment variable (if provided)
@@ -126,6 +132,11 @@ func (e *envVars) validate() error {
 		return fmt.Errorf("%s is not set", gcpProjectIDEnv)
 	}
 
+	// GCP credentials file must be set
+	if e.gcpCredentialsFile == "" {
+		return fmt.Errorf("%s is not set", gcpCredentialsFileEnv)
+	}
+
 	// Connection string must match expected format
 	matched, err := regexp.MatchString(postgresConnectionStringRegex.String(), e.postgresConnectionString)
 	if err != nil {
diff --git a/main.go b/main.go
index fce6265..2af1391 100644
--- a/main.go
+++ b/main.go
@@ -45,7 +45,11 @@ func main() {
 	logger.Info().Msg("🐘 Successfully connected to postgres as a data source")
 
 	// Create a new data warehouse driver
-	dataWarehouseDriver, err := dwh.NewDriver(context.Background(), env.gcpProjectID)
+	dataWarehouseDriver, err := dwh.NewDriver(
+		context.Background(),
+		env.gcpProjectID,
+		env.gcpCredentialsFile,
+	)
 	if err != nil {
 		panic(err)
 	}