Google Cloud – Setting up Gcloud with Service Account Credentials

In this article, we will download and install the Google gcloud CLI. Then we will set up gcloud with Google Service Account credentials. This article is for Windows-based systems but the same principles apply to Linux and Mac systems.

Step 1 – Download gcloud

Google Cloud SDK Installer

Step 2 – Launch the installer

At the

, deselect

to configure the Cloud SDK. The reason is that we only want to use Service Account credentials.

Step 3 – Access a Google public bucket

gsutil ls gs://gcp-public-data-landsat

This command should succeed and provide a listing of the files in this bucket. This command verifies that the CLI is installed. We have not set up credentials yet.

Step 4 – Access one of your own private buckets

This step will verify that you have no credentials. Change the bucket name to a private bucket that you own.

gsutil ls gs://mybucket

This command should fail. If it succeeds you have a public bucket that anyone can access.

Step 5 – Create Google Service Account credentials.

You can skip this step if you already have credentials to use.

In this example, we will only grant

to these credentials.

1. Go to 
   IAM & admin

    -> 

   Service accounts
2. Click 
   CREATE SERVICE ACCOUNT
3. Enter a 
   Service account name

    and 

   Service account description
4. Click 
   CREATE
5. In the next screen 
   Service account permissions

   , select a role.

6. Select 
   Storage

    -> 

   Storage Admin
7. Click 
   CONTINUE
8. Click 
   Create key
9. Check the 
   JSON

    radio button for the 

   Key type
10. Save the json file to your local computer.

Make note of the email address that Google Cloud created for these credentials.

Step 6- Configure gcloud with the Google Service Account credentials

In this example, the email address is: 

The credentials file is: 

Modify these items to what you created in step 5.

gcloud auth activate-service-account test@development-123456.iam.gserviceaccount.com --key-file=test_google_account.json

Step 7 – Verify that the credentials work

Change the bucket name to a private bucket that you own.

gsutil ls gs://mybucket

This command should now succeed.

You have now successfully configured gcloud to work with Google Service Account credentials.

There are two commands that generate access tokens:

• gcloud auth print-access-token
• gcloud auth application-default print-access-token

Important Detail

Configuring

with a service account sets up the tool’s credentials and does not create credentials for Application Default Credentials (ADC).

More information

• gcloud auth print-access-token
• gcloud auth application-default print-access-token
• gcloud auth activate-service-account

In future articles, I will show you how to use these same credentials when programming, for example, in C++, Python, etc. Then we will cover in detail what Google Service Account credentials are and how to programmatically generate Access Tokens from these credentials.