Stay organized with collections
Save and categorize content based on your preferences.
NAME
gdcloud iam service-accounts keys create - Create an application default credentials JSON file which contains a private key for a service account.
SYNOPSIS
gdcloud iam service-accounts keys create FILE_NAME [flags]
DESCRIPTION
Create a pair of public/private keys for a project's service account and put the private key into a JSON file. The file can be used to exchange for an STS token from AIS.
EXAMPLES
To create an application default credentials JSON file "/tmp/my-key.json" for service account "psa-test" in project "iam-test" using cacert file "/tmp/ca.crt", run:
gdcloud iam service-accounts keys create /tmp/my-key.json --iam-account=psa-test --project=iam-test --ca-cert-path=/tmp/ca.crt
REQUIRED FLAGS
--iam-account string Project's service account to create the key for. The flag is required to run the command.
OPTIONAL FLAGS
--ca-cert-path string CA cert path to verify the authentication endpoint. If omitted, then the system cert chain will be used.
GDCLOUD WIDE FLAGS
These flags are available to all commands: --configuration, --format, --help, --project, --quiet.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-04 UTC."],[[["The `gdcloud iam service-accounts keys create` command generates a private key for a service account and saves it in a JSON file."],["This JSON file can be used to obtain an STS token from AIS."],["The `--iam-account` flag is required and specifies the service account for which to create the key."],["The `--ca-cert-path` flag is optional and allows you to specify a custom CA certificate for authentication."],["The command requires a file path where the key will be stored as the first argument after `create`."]]],[]]
