- NAME
-
- gcloud alpha auth activate-service-account - authorize access to Google Cloud with a service account
- SYNOPSIS
-
-
gcloud alpha auth activate-service-account
[ACCOUNT
]--key-file
=KEY_FILE
[--password-file
=PASSWORD_FILE
|--prompt-for-password
] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
(ALPHA)
To allowgcloud
(and other tools in Google Cloud CLI) to use service account credentials to make requests, use this command to import these credentials from a file that contains a private authorization key, and activate them for use ingcloud
. gcloud alpha auth activate-service-account serves the same function asgcloud auth login
but uses a service account rather than Google user credentials.For more information on authorization and credential types, see: https://cloud.google.com/sdk/docs/authorizing.
Key File
To obtain the key file for this command, use either the Google Cloud Console or
gcloud iam service-accounts keys create
. The key file can be .json (preferred) or .p12 (legacy) format. In the case of legacy .p12 files, a separate password might be required and is displayed in the Console when you create the key.Credentials
Credentials will also be activated (similar to running
gcloud config set account [ACCOUNT_NAME]
).If a project is specified using the
--project
flag, the project is set in active configuration, which is the same as runninggcloud config set project [PROJECT_NAME]
. Any previously active credentials, will be retained (though no longer default) and can be displayed by runninggcloud auth list
.If you want to delete previous credentials, see
gcloud auth revoke
.Note:
Service accounts use client quotas for tracking usage. - EXAMPLES
-
To authorize
gcloud
to access Google Cloud using an existing service account while also specifying a project, run:gcloud alpha auth activate-service-account SERVICE_ACCOUNT@DOMAIN.COM --key-file=/path/key.json --project=PROJECT_ID
- POSITIONAL ARGUMENTS
-
- [
ACCOUNT
] - E-mail address of the service account.
- [
- REQUIRED FLAGS
-
--key-file
=KEY_FILE
- Path to the private key file.
- OPTIONAL FLAGS
-
-
At most one of these can be specified:
--password-file
=PASSWORD_FILE
- Path to a file containing the password for the service account private key (only for a .p12 file).
--prompt-for-password
- Prompt for the password for the service account private key (only for a .p12 file).
-
At most one of these can be specified:
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation-only early access
allowlist. These variants are also available:
gcloud auth activate-service-account
gcloud beta auth activate-service-account
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-02-06 UTC.