diff --git a/gcloud/credentials.py b/gcloud/credentials.py
index 16b5b159b4e98..582537f324cc4 100644
--- a/gcloud/credentials.py
+++ b/gcloud/credentials.py
@@ -17,8 +17,8 @@
 import base64
 import calendar
 import datetime
-import urllib
 import six
+from six.moves.urllib.parse import urlencode  # pylint: disable=F0401
 
 from Crypto.Hash import SHA256
 from Crypto.PublicKey import RSA
@@ -260,4 +260,4 @@ def generate_signed_url(credentials, resource, expiration,
     # Return the built URL.
     return '{endpoint}{resource}?{querystring}'.format(
         endpoint=api_access_endpoint, resource=resource,
-        querystring=urllib.urlencode(query_params))
+        querystring=urlencode(query_params))
diff --git a/gcloud/test_credentials.py b/gcloud/test_credentials.py
index f81f5226295aa..7f352a70fac1a 100644
--- a/gcloud/test_credentials.py
+++ b/gcloud/test_credentials.py
@@ -76,7 +76,7 @@ def test_w_expiration_int(self):
 
         ENDPOINT = 'http://api.example.com'
         RESOURCE = '/name/path'
-        SIGNED = base64.b64encode('DEADBEEF')
+        SIGNED = base64.b64encode(b'DEADBEEF')
         CREDENTIALS = _Credentials()
 
         def _get_signed_query_params(*args):
@@ -142,17 +142,17 @@ def _run_test_with_credentials(self, credentials, account_name):
         sha256 = _SHA256()
 
         EXPIRATION = '100'
-        SIGNATURE_STRING = 'dummy_signature'
+        SIGNATURE_STRING = b'dummy_signature'
         with _Monkey(MUT, crypt=crypt, RSA=rsa, PKCS1_v1_5=pkcs_v1_5,
                      SHA256=sha256):
             result = self._callFUT(credentials, EXPIRATION, SIGNATURE_STRING)
 
         if crypt._pkcs12_key_as_pem_called:
             self.assertEqual(crypt._private_key_text,
-                             base64.b64encode('dummy_private_key_text'))
+                             base64.b64encode(b'dummy_private_key_text'))
             self.assertEqual(crypt._private_key_password, 'notasecret')
         self.assertEqual(sha256._signature_string, SIGNATURE_STRING)
-        SIGNED = base64.b64encode('DEADBEEF')
+        SIGNED = base64.b64encode(b'DEADBEEF')
         expected_query = {
             'Expires': EXPIRATION,
             'GoogleAccessId': account_name,
@@ -166,7 +166,7 @@ def test_signed_jwt_for_p12(self):
         scopes = []
         ACCOUNT_NAME = 'dummy_service_account_name'
         credentials = client.SignedJwtAssertionCredentials(
-            ACCOUNT_NAME, 'dummy_private_key_text', scopes)
+            ACCOUNT_NAME, b'dummy_private_key_text', scopes)
         self._run_test_with_credentials(credentials, ACCOUNT_NAME)
 
     def test_service_account_via_json_key(self):
@@ -205,7 +205,7 @@ def test_signed_jwt_for_p12(self):
         from gcloud import credentials as MUT
 
         scopes = []
-        PRIVATE_KEY = 'dummy_private_key_text'
+        PRIVATE_KEY = b'dummy_private_key_text'
         credentials = client.SignedJwtAssertionCredentials(
             'dummy_service_account_name', PRIVATE_KEY, scopes)
         crypt = _Crypt()
@@ -378,7 +378,7 @@ def new(self, pem_key):
 
     def sign(self, signature_hash):
         self._signature_hash = signature_hash
-        return 'DEADBEEF'
+        return b'DEADBEEF'
 
 
 class _SHA256(object):