Stay organized with collections
Save and categorize content based on your preferences.
NAME
gdcloud iam service-accounts keys create - Create an application default credentials JSON file which contains a private key for a service account.
SYNOPSIS
gdcloud iam service-accounts keys create FILE_NAME [flags]
DESCRIPTION
Create a pair of public/private keys for a project's service account and put the private key into a JSON file. The file can be used to exchange for an STS token from AIS.
EXAMPLES
To create an application default credentials JSON file "/tmp/my-key.json" for service account "psa-test" in project "iam-test" using cacert file "/tmp/ca.crt", run:
gdcloud iam service-accounts keys create /tmp/my-key.json --iam-account=psa-test --project=iam-test --ca-cert-path=/tmp/ca.crt
REQUIRED FLAGS
--iam-account string Project's service account to create the key for. The flag is required to run the command.
OPTIONAL FLAGS
--ca-cert-path string CA cert path to verify the authentication endpoint. If omitted, then the system cert chain will be used.
GDCLOUD WIDE FLAGS
These flags are available to all commands: --configuration, --format, --help, --project, --quiet.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThe \u003ccode\u003egdcloud iam service-accounts keys create\u003c/code\u003e command generates a private key for a service account and saves it in a JSON file.\u003c/p\u003e\n"],["\u003cp\u003eThis JSON file can be used to obtain an STS token from AIS.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003e--iam-account\u003c/code\u003e flag is required and specifies the service account for which to create the key.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003e--ca-cert-path\u003c/code\u003e flag is optional and allows you to specify a custom CA certificate for authentication.\u003c/p\u003e\n"],["\u003cp\u003eThe command requires a file path where the key will be stored as the first argument after \u003ccode\u003ecreate\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# gdcloud iam service-accounts keys create\n\nNAME\n----\n\ngdcloud iam service-accounts keys create - Create an application default credentials JSON file which contains a private key for a service account.\n\nSYNOPSIS\n--------\n\n gdcloud iam service-accounts keys create FILE_NAME [flags]\n\nDESCRIPTION\n-----------\n\nCreate a pair of public/private keys for a project's service account and put the private key into a JSON file. The file can be used to exchange for an STS token from AIS.\n\n### EXAMPLES\n\n\n To create an application default credentials JSON file \"/tmp/my-key.json\" for service account \"psa-test\" in project \"iam-test\" using cacert file \"/tmp/ca.crt\", run:\n\n gdcloud iam service-accounts keys create /tmp/my-key.json --iam-account=psa-test --project=iam-test --ca-cert-path=/tmp/ca.crt\n\n### REQUIRED FLAGS\n\n --iam-account string Project's service account to create the key for. The flag is required to run the command.\n\n### OPTIONAL FLAGS\n\n --ca-cert-path string CA cert path to verify the authentication endpoint. If omitted, then the system cert chain will be used.\n\n### GDCLOUD WIDE FLAGS\n\nThese flags are available to all commands: `--configuration`, `--format`, `--help`, `--project`, `--quiet`.\n\nFor more information, see the [gdcloud CLI reference overview](/distributed-cloud/hosted/docs/latest/gdch/resources/gdcloud-reference/gdcloud) page."]]