Skip to content

DevToolHub

Where Innovation Meets Automation

  • Home
  • About
  • Privacy Policy
  • Terms and Conditions

Creating a GCP Service Account and Key: Step-by-Step Guide

January 30, 2024July 5, 2025 Amaresh Pelleti

Before starting to create Service Account:

Required roles:

Permissions that you need to create and delete service account keys, you the Service Account Key Admin (roles/iam.serviceAccountKeyAdmin) IAM role on the project.

Using GCP Console:

Navigate to the GCP Console:

  • Go to Google Cloud Console.

Select your Project:

  • Make sure you have selected the correct project in the top bar.

Navigate to IAM & Admin:

  • In the left-hand navigation pane, go to “IAM & Admin” > “Service accounts” (image01).
image01

Create a Service Account:

  • Click on the “Create Service Account” button.
image02

Fill in Service Account Details:

  • Provide a name for the service account, service account id, Optionally you can add a description as.
  • Optionally Assign a role (e.g., “Project” > “Editor” for full access).
  • Optionally Grant users access to this service account, it will grant user or a group or service account to perform actions as this service account (image05).
  • Click on Done.

Create and Download Key:

  • In the left-hand navigation pane, go to “IAM & Admin” > “Service accounts” (image01).
  • Click the email address of the service account that you want to create a key for.
  • On the Service account details page, navigate to the “Keys” tab.
  • Click on “Add Key” > “Create New Key.”
  • Choose the key type (JSON is recommended).
  • Click “Create” and download the JSON key file.

Creating a Service Account and Key using GCP CLI:

Install and Configure gcloud CLI:

  • Install the Google Cloud SDK.
  • Run gcloud init to configure your settings.

Create a Service Account:

  • Use the following command to create a service account:
    gcloud iam service-accounts create [SA-NAME] \
    --description="[DESCRIPTION]"

Assign Roles:

  • Use the following command to grant roles to the service account:
    gcloud projects add-iam-policy-binding [PROJECT-ID] \
    --member="serviceAccount:[SA-EMAIL]" --role="[ROLE]"

Generate Key:

  • Use the following command to generate a key and save it as a JSON file:
    gcloud iam service-accounts keys create KEY_FILE \
    --iam-account=SA_NAME@PROJECT_ID.iam.gserviceaccount.com

Important Notes:

  • Replace placeholders like [SA-NAME], [DESCRIPTION], [PROJECT-ID], [SA-EMAIL], [ROLE], and [KEY-FILE] with your actual values.
  • Keep the generated key file secure. It contains sensitive information and should not be shared publicly.
  • If using the CLI, ensure that you have the necessary permissions to perform these actions.

Share this:

  • Click to share on Facebook (Opens in new window) Facebook
  • Click to share on X (Opens in new window) X
  • Click to print (Opens in new window) Print
  • Click to share on LinkedIn (Opens in new window) LinkedIn

Like this:

Like Loading...

Related

GCP GCP, GCP Service Account, GCP Service Account CLI

Post navigation

Understanding DevOps: Definitions from Various Sources
Step-by-Step Guide for Creating AWS IAM User, Access Key, and Secret Key:

Quote of the Day

more Quotes
  • AI Tools
  • Ansible
  • ArgoCD
  • AWS
  • Azure
  • Azure ARM Templates
  • Azure Bicep
  • Azure DevOps
  • Books
  • CircleCI
  • Cloud
  • Container Technologies
  • Containerd
  • Courses
  • Database
  • DevOps
  • Docker
  • GCP
  • Git
  • GIthub actions
  • GitLab CI
  • Helm
  • Infrastructure as code (IaC)
  • jenkins
  • Kubernetes
  • Linux
  • Logging and Monitoring
  • Management Tools
  • Network
  • OCI
  • PowerShell
  • Programming
  • Pulumi
  • Python
  • Shell Scripting
  • Terraform
  • Uncategorized
  • Vault

© 2025 All rights reserved
Go to top

Discover more from DevToolHub

Subscribe now to keep reading and get access to the full archive.

Continue reading

 

Loading Comments...
 

    %d