gcloud beta auth activate-service-account - authorize access to Google Cloud with a service account
gcloud beta auth activate-service-account [ACCOUNT] --key-file=KEY_FILE [--password-file=PASSWORD_FILE | --prompt-for-password] [GCLOUD_WIDE_FLAG ...]
(BETA) To allow gcloud (and other tools in Google Cloud CLI) to use service account credentials to make requests, use this command to import these credentials from a file that contains a private authorization key, and activate them for use in gcloud. gcloud beta auth activate-service-account serves the same function as gcloud auth login but uses a service account rather than Google user credentials.
For more information on authorization and credential types, see: https://cloud.google.com/sdk/docs/authorizing.
Key File
To obtain the key file for this command, use either the Google Cloud Console https://console.cloud.google.com or gcloud iam service-accounts keys create. The key file can be .json (preferred) or .p12 (legacy) format. In the case of legacy .p12 files, a separate password might be required and is displayed in the Console when you create the key.
Credentials
Credentials will also be activated (similar to running gcloud config set account [ACCOUNT_NAME]).
If a project is specified using the --project flag, the project is set in active configuration, which is the same as running gcloud config set project [PROJECT_NAME]. Any previously active credentials, will be retained (though no longer default) and can be displayed by running gcloud auth list.
If you want to delete previous credentials, see gcloud auth revoke.
Note: Service accounts use client quotas for tracking usage.
To authorize gcloud to access Google Cloud using an existing service account while also specifying a project, run:
$ gcloud beta auth activate-service-account \ SERVICE_ACCOUNT@DOMAIN.COM --key-file=/path/key.json \ --project=PROJECT_ID
- [ACCOUNT]
E-mail address of the service account.
- --key-file=KEY_FILE
Path to the private key file.
- At most one of these can be specified:
- --password-file=PASSWORD_FILE
Path to a file containing the password for the service account private key (only for a .p12 file).
- --prompt-for-password
Prompt for the password for the service account private key (only for a .p12 file).
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in beta and might change without notice. These variants are also available:
$ gcloud auth activate-service-account
$ gcloud alpha auth activate-service-account