ALTS modified GRPC helloworld example (grpc-go/examples/helloworld from https://grpc.io/docs/languages/go/quickstart/)

greeter_client_main.go

// Package main implements a client for Greeter service.
package main

import (
	"context"
	"flag"
	"log"
	"time"

	"google.golang.org/grpc"
	"google.golang.org/grpc/credentials/alts"
	pb "google.golang.org/grpc/examples/helloworld/helloworld"
	"google.golang.org/grpc/metadata"
)

const (
	defaultName         = "world"
	hardCodedCredential = "myHardCodedCredential"
)

var (
	addr = flag.String("addr", "localhost:50051", "the address to connect to")
	name = flag.String("name", defaultName, "Name to greet")
)

func main() {
	flag.Parse()
	// Set up a connection to the server.
	altsTC := alts.NewClientCreds(alts.DefaultClientOptions())
	conn, err := grpc.Dial(*addr, grpc.WithTransportCredentials(altsTC))
	if err != nil {
		log.Fatalf("did not connect: %v", err)
	}
	defer conn.Close()
	c := pb.NewGreeterClient(conn)

	// Add metadata with the credential to the context
	ctx := metadata.AppendToOutgoingContext(context.Background(), "credential", hardCodedCredential)

	// Contact the server and print out its response.
	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
	defer cancel()
	r, err := c.SayHello(ctx, &pb.HelloRequest{Name: *name})
	if err != nil {
		log.Fatalf("could not greet: %v", err)
	}
	log.Printf("Greeting: %s", r.GetMessage())
}

greeter_server_main.go

// Package main implements a server for Greeter service.
package main

import (
	"context"
	"flag"
	"fmt"
	"log"
	"net"
	"strings"

	"google.golang.org/grpc"
	"google.golang.org/grpc/credentials/alts"
	pb "google.golang.org/grpc/examples/helloworld/helloworld"
	"google.golang.org/grpc/metadata"
)

var (
	port = flag.Int("port", 50051, "The server port")
)

const (
	// Replace with your hardcoded credential string
	hardCodedCredential = "myHardCodedCredential"
)

// server is used to implement helloworld.GreeterServer.
type server struct {
	pb.UnimplementedGreeterServer
}

// SayHello implements helloworld.GreeterServer
func (s *server) SayHello(ctx context.Context, in *pb.HelloRequest) (*pb.HelloReply, error) {
	md, _ := metadata.FromIncomingContext(ctx)
	if !checkCredential(md) {
		return nil, fmt.Errorf("unauthorized")
	}

	log.Printf("Received: %v", in.GetName())
	return &pb.HelloReply{Message: "Hello " + in.GetName()}, nil
}

// checkCredential checks if the incoming request has the correct credential.
func checkCredential(md metadata.MD) bool {
	values := md.Get("credential")
	for _, v := range values {
		if strings.EqualFold(v, hardCodedCredential) {
			return true
		}
	}
	return false
}

func main() {
	flag.Parse()
	lis, err := net.Listen("tcp", fmt.Sprintf(":%d", *port))
	if err != nil {
		log.Fatalf("failed to listen: %v", err)
	}

	// Set up the server with ALTS credentials
	altsTC := alts.NewServerCreds(alts.DefaultServerOptions())
	s := grpc.NewServer(grpc.Creds(altsTC))
	pb.RegisterGreeterServer(s, &server{})
	log.Printf("server listening at %v", lis.Addr())
	if err := s.Serve(lis); err != nil {
		log.Fatalf("failed to serve: %v", err)
	}
}

I was curious about how the lib determines that it's in GCP. As it turns out, it uses manufacturer info to do it without any network calls needed: https://www.reddit.com/r/grpc/comments/14luc6q/alts_is_only_supported_on_gcp/