To create an application default credentials JSON file "/tmp/my-key.json" for service account "psa-test" in project "iam-test" using cacert file "/tmp/ca.crt", run:
gdcloud iam service-accounts keys create /tmp/my-key.json --iam-account=psa-test --project=iam-test --ca-cert-path=/tmp/ca.crt
必需标志
--iam-account string Project's service account to create the key for. The flag is required to run the command.
可选标志
--ca-cert-path string CA cert path to verify the authentication endpoint. If omitted, then the system cert chain will be used.
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-04。"],[[["\u003cp\u003eThe \u003ccode\u003egdcloud iam service-accounts keys create\u003c/code\u003e command generates a private key for a service account and saves it in a JSON file.\u003c/p\u003e\n"],["\u003cp\u003eThis JSON file can be used to obtain an STS token from AIS.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003e--iam-account\u003c/code\u003e flag is required and specifies the service account for which to create the key.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003e--ca-cert-path\u003c/code\u003e flag is optional and allows you to specify a custom CA certificate for authentication.\u003c/p\u003e\n"],["\u003cp\u003eThe command requires a file path where the key will be stored as the first argument after \u003ccode\u003ecreate\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# gdcloud iam service-accounts keys create\n\nNAME\n----\n\ngdcloud iam service-accounts keys create - Create an application default credentials JSON file which contains a private key for a service account.\n\nSYNOPSIS\n--------\n\n gdcloud iam service-accounts keys create FILE_NAME [flags]\n\nDESCRIPTION\n-----------\n\nCreate a pair of public/private keys for a project's service account and put the private key into a JSON file. The file can be used to exchange for an STS token from AIS.\n\n### EXAMPLES\n\n\n To create an application default credentials JSON file \"/tmp/my-key.json\" for service account \"psa-test\" in project \"iam-test\" using cacert file \"/tmp/ca.crt\", run:\n\n gdcloud iam service-accounts keys create /tmp/my-key.json --iam-account=psa-test --project=iam-test --ca-cert-path=/tmp/ca.crt\n\n### REQUIRED FLAGS\n\n --iam-account string Project's service account to create the key for. The flag is required to run the command.\n\n### OPTIONAL FLAGS\n\n --ca-cert-path string CA cert path to verify the authentication endpoint. If omitted, then the system cert chain will be used.\n\n### GDCLOUD WIDE FLAGS\n\nThese flags are available to all commands: `--configuration`, `--format`, `--help`, `--project`, `--quiet`.\n\nFor more information, see the [gdcloud CLI reference overview](/distributed-cloud/hosted/docs/latest/gdch/resources/gdcloud-reference/gdcloud) page."]]
