When creating Google Cloud accounts, do you need to authorize a key after creating it?
When you create a Google Cloud service account using the gcloud CLI, create a key gcloud iam service-accounts keys create
. Looking at the web console it appears that the command is creating and registering a key with an account.
Is it enough to use its generated JSON key file to activate a service account? Or you also need to call:
gcloud auth activate-service-account <IAM> --key-file=<JSON file from the keys create command>
Google Docs is a little unclear if this last step is needed or not. The console does not display changes to the service account, but the command succeeds if you make a call.
source to share
Creating a key with gcloud iam service-accounts keys create
does NOT make it available for use with gcloud commands. You really need to activate via gcloud auth activate-service-account
.
Using
gcloud auth list
to view your set of credentials. In addition, gcloud is using the currently active credentials. You can view your current settings by running
gcloud config list
You can also use different credentials by simply adding an extra flag --account
to any command gcloud
. For example:
gcloud compute zones list --account my_account@gmail.com
where the account was previously obtained through gcloud auth login
or gcloud auth activate-service-account
and is displayed in gcloud auth list
.
source to share