NAME

gcloud iam service-accounts keys create - create a private key for a service account

SYNOPSIS

gcloud iam service-accounts keys create OUTPUT-FILE --iam-account=IAM_ACCOUNT [--key-file-type=KEY_FILE_TYPE; default="json"] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

If the service account does not exist, this command returns a PERMISSION_DENIED error.

EXAMPLES

To create a new private key for a service account, and save a copy of it locally, run:

$ gcloud iam service-accounts keys create key.json \ --iam-account=my-iam-account@my-project.iam.gserviceaccount.com

POSITIONAL ARGUMENTS

OUTPUT-FILE

The path where the resulting private key should be written. File system write permission will be checked on the specified path prior to the key creation.

REQUIRED FLAGS

--iam-account=IAM_ACCOUNT

The service account for which to create a key.

To list all service accounts in the project, run:

$ gcloud iam service-accounts list

OPTIONAL FLAGS

--key-file-type=KEY_FILE_TYPE; default="json"

The type of key to create. KEY_FILE_TYPE must be one of: json, p12.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES

The option --key-file-type=p12 is available here only for legacy reasons; all new use cases are encouraged to use the default 'json' format.

These variants are also available:

$ gcloud alpha iam service-accounts keys create

$ gcloud beta iam service-accounts keys create