Getting the Cloud Storage service agent

This page describes how to find the email address of a project's Cloud Storage service agent, which is a specialized service account created and managed by Cloud Storage. For an overview of Cloud Storage service agents, including when they're created and how they're used, see Service Accounts for Cloud Storage. For a general overview of service accounts in Google Cloud, see Service Accounts.

To get the email address of a project's Cloud Storage service agent:

Console

  1. In the Google Cloud Console, go to the Cloud Storage Browser page.

    Go to Browser

  2. Click Settings.

  3. In the Project Access tab, the email address appears in the Cloud Storage Service Account section.

gsutil

Use the kms serviceaccount command:

gsutil kms serviceaccount -p PROJECT_IDENTIFIER

where PROJECT_IDENTIFIER is the ID or number of the relevant project. For example, my-project.

Code samples

C++

For more information, see the Cloud Storage C++ API reference documentation.

namespace gcs = ::google::cloud::storage;
using ::google::cloud::StatusOr;
[](gcs::Client client) {
  StatusOr<gcs::ServiceAccount> account = client.GetServiceAccount();
  if (!account) throw std::runtime_error(account.status().message());

  std::cout << "The service account details are " << *account << "\n";
}

C#

For more information, see the Cloud Storage C# API reference documentation.


using Google.Cloud.Storage.V1;
using System;

public class GetStorageServiceAccountSample
{
	public string GetStorageServiceAccount(string projectId = "your-project-id")
	{
		var storage = StorageClient.Create();

		var serviceAccountEmail = storage.GetStorageServiceAccountEmail(projectId);

		Console.WriteLine($"The GCS service account for project {projectId} is: {serviceAccountEmail}.");
		return serviceAccountEmail;
	}
}

Go

For more information, see the Cloud Storage Go API reference documentation.

import (
	"context"
	"fmt"
	"io"
	"time"

	"cloud.google.com/go/storage"
)

// getServiceAccount gets the default Cloud Storage service account email address.
func getServiceAccount(w io.Writer, projectID string) error {
	ctx := context.Background()
	client, err := storage.NewClient(ctx)
	if err != nil {
		return fmt.Errorf("storage.NewClient: %v", err)
	}
	defer client.Close()

	ctx, cancel := context.WithTimeout(ctx, time.Second*10)
	defer cancel()

	serviceAccount, err := client.ServiceAccount(ctx, projectID)
	if err != nil {
		return fmt.Errorf("ServiceAccount: %v", err)
	}

	fmt.Fprintf(w, "The GCS service account for project %v is: %v\n", projectID, serviceAccount)
	return nil
}

Java

For more information, see the Cloud Storage Java API reference documentation.

import com.google.cloud.storage.ServiceAccount;
import com.google.cloud.storage.Storage;
import com.google.cloud.storage.StorageOptions;

public class GetServiceAccount {
  public static void getServiceAccount(String projectId) {
    // The ID of your GCP project
    // String projectId = "your-project-id";

    Storage storage = StorageOptions.newBuilder().setProjectId(projectId).build().getService();
    ServiceAccount serviceAccount = storage.getServiceAccount(projectId);
    System.out.println(
        "The GCS service account for project " + projectId + " is: " + serviceAccount.getEmail());
  }
}

Node.js

For more information, see the Cloud Storage Node.js API reference documentation.

/**
 * TODO(developer): Uncomment the following lines before running the sample.
 */
// The ID of your GCP project
// const projectId = 'your-project-id';

// Imports the Google Cloud client library
const {Storage} = require('@google-cloud/storage');

// Creates a client
const storage = new Storage({
  projectId,
});

async function getServiceAccount() {
  const [serviceAccount] = await storage.getServiceAccount();
  console.log(
    `The GCS service account for project ${projectId} is: ${serviceAccount.emailAddress}`
  );
}

getServiceAccount().catch(console.error);

PHP

For more information, see the Cloud Storage PHP API reference documentation.

use Google\Cloud\Storage\StorageClient;

/**
 * Get the current service account email.
 *
 * @param string $projectId The ID of your Google Cloud Platform project.
 */
function get_service_account($projectId)
{
    // $projectId = 'my-project-id';

    $storage = new StorageClient([
        'projectId' => $projectId,
    ]);

    $serviceAccountEmail = $storage->getServiceAccount();

    printf('The GCS service account email for project %s is %s', $projectId, $serviceAccountEmail);
}

Python

For more information, see the Cloud Storage Python API reference documentation.

from google.cloud import storage


def get_service_account():
    """Get the service account email"""
    storage_client = storage.Client()

    email = storage_client.get_service_account_email()
    print(
        "The GCS service account for project {} is: {} ".format(
            storage_client.project, email
        )
    )

Ruby

For more information, see the Cloud Storage Ruby API reference documentation.

def get_service_account
  require "google/cloud/storage"

  storage = Google::Cloud::Storage.new
  email = storage.service_account_email

  puts "The GCS service account for project #{storage.project_id} is: #{email}"
end

JSON API

  1. Get an authorization access token from the OAuth 2.0 Playground. Configure the playground to use your own OAuth credentials.
  2. Use cURL to call the JSON API with a GET serviceAccount request:

    curl -X GET -H "Authorization: Bearer OAUTH2_TOKEN" \
    "https://storage.googleapis.com/storage/v1/projects/PROJECT_ID/serviceAccount"

    Where:

    • OAUTH2_TOKEN is the name of the access token you generated in Step 1.
    • PROJECT_ID is the ID or number of the relevant project. For example, my-project.