gcloud iam service-accounts keys create - create a private key for a service account
gcloud iam service-accounts keys create OUTPUT-FILE --iam-account=IAM_ACCOUNT [--key-file-type=KEY_FILE_TYPE; default="json"] [GCLOUD_WIDE_FLAG ...]
If the service account does not exist, this command returns a PERMISSION_DENIED error.
To create a new private key for a service account, and save a copy of it locally, run:
$ gcloud iam service-accounts keys create key.json \ --iam-account=my-iam-account@my-project.iam.gserviceaccount.com
- OUTPUT-FILE
The path where the resulting private key should be written. File system write permission will be checked on the specified path prior to the key creation.
- --iam-account=IAM_ACCOUNT
The service account for which to create a key.
To list all service accounts in the project, run:
$ gcloud iam service-accounts list
- --key-file-type=KEY_FILE_TYPE; default="json"
The type of key to create. KEY_FILE_TYPE must be one of: json, p12.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
The option --key-file-type=p12 is available here only for legacy reasons; all new use cases are encouraged to use the default 'json' format.
These variants are also available:
$ gcloud alpha iam service-accounts keys create
$ gcloud beta iam service-accounts keys create