gcloud iam service-accounts keys create

NAME
gcloud iam service-accounts keys create - create a service account key
SYNOPSIS
gcloud iam service-accounts keys create OUTPUT-FILE --iam-account=IAM_ACCOUNT [--key-file-type=KEY_FILE_TYPE; default="json"] [GCLOUD_WIDE_FLAG]
DESCRIPTION
If the service account does not exist, this command returns a PERMISSION_DENIED error.
EXAMPLES
To create a new service account key and save the private portion of the key locally, run:
gcloud iam service-accounts keys create key.json --iam-account=my-iam-account@my-project.iam.gserviceaccount.com
POSITIONAL ARGUMENTS
OUTPUT-FILE
The path where the resulting private key should be written. File system write permission will be checked on the specified path prior to the key creation.
REQUIRED FLAGS
--iam-account=IAM_ACCOUNT
The service account for which to create a key.

To list all service accounts in the project, run:

gcloud iam service-accounts list
OPTIONAL FLAGS
--key-file-type=KEY_FILE_TYPE; default="json"
The type of key to create. KEY_FILE_TYPE must be one of: json, p12.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
The option --key-file-type=p12 is available here only for legacy reasons; all new use cases are encouraged to use the default 'json' format.

These variants are also available:

gcloud alpha iam service-accounts keys create
gcloud beta iam service-accounts keys create