Creating a GCP Service Account and Key: Step-by-Step Guide

Before starting to create Service Account:

Required roles:

Permissions that you need to create and delete service account keys, you the Service Account Key Admin (roles/iam.serviceAccountKeyAdmin) IAM role on the project.

Using GCP Console:

Navigate to the GCP Console:

Go to Google Cloud Console.

Select your Project:

Make sure you have selected the correct project in the top bar.

Navigate to IAM & Admin:

In the left-hand navigation pane, go to “IAM & Admin” > “Service accounts” (image01).

Create a Service Account:

Click on the “Create Service Account” button.

Fill in Service Account Details:

Provide a name for the service account, service account id, Optionally you can add a description as.

Optionally Assign a role (e.g., “Project” > “Editor” for full access).

Optionally Grant users access to this service account, it will grant user or a group or service account to perform actions as this service account (image05).

Click on Done.

Create and Download Key:

In the left-hand navigation pane, go to “IAM & Admin” > “Service accounts” (image01).
Click the email address of the service account that you want to create a key for.
On the Service account details page, navigate to the “Keys” tab.

Click on “Add Key” > “Create New Key.”

Choose the key type (JSON is recommended).

Click “Create” and download the JSON key file.

Creating a Service Account and Key using GCP CLI:

Install and Configure gcloud CLI:

Install the Google Cloud SDK.
Run gcloud init to configure your settings.

Create a Service Account:

Use the following command to create a service account:
gcloud iam service-accounts create [SA-NAME] \
--description="[DESCRIPTION]"

Assign Roles:

Use the following command to grant roles to the service account:
gcloud projects add-iam-policy-binding [PROJECT-ID] \
--member="serviceAccount:[SA-EMAIL]" --role="[ROLE]"

Generate Key:

Use the following command to generate a key and save it as a JSON file:
gcloud iam service-accounts keys create KEY_FILE \
--iam-account=SA_NAME@PROJECT_ID.iam.gserviceaccount.com

Important Notes:

Replace placeholders like [SA-NAME], [DESCRIPTION], [PROJECT-ID], [SA-EMAIL], [ROLE], and [KEY-FILE] with your actual values.
Keep the generated key file secure. It contains sensitive information and should not be shared publicly.
If using the CLI, ensure that you have the necessary permissions to perform these actions.

DevToolHub