Create a Service Account and Private Key

This section provides information about how to create a service account and generate a JSON key file. Service account keys are crucial for authenticating applications and services to access Google Cloud resources.

Follow these steps:

1. Log into Google Cloud Console as an admin.
2. On the Welcome screen, click Create or select a project.
3. On the Select a resource screen, do one of the following:
• From the list of existing projects, click the project you want to use.
• If you do not have an existing project or want to create a new one, do the following:
1. Click the New project button located in the upper-right corner.
2. 
2. Type the following details, and then click Create:
• Project name: Type a name for your project. Project names must start with a letter and may contain letters, numbers, and hyphens.
• Organization: If your Google Cloud account is associated with an organization, select the appropriate organization from the drop-down list.
• Location: The location specifies the Google Cloud resource hierarchy node under which the new project will be created.
3. The project gets created and listed in the table.



4. Open the required project, and from the dashboard, go to IAM & Admin > Service Accounts.
5. 
5. On the Service accounts page, click Create service account.
6. 
7. The Create service account screen opens.
6. Do the following and then click Done:
1. Under Create service account, specify the following details:
• Service account name: Type a display name for your service account.
• Service account ID: When you enter the Service account name, the corresponding Service account ID is auto populated in the Service account ID text box.
• Keep it as is or modify it as per your requirement. You cannot change the ID later.
• (Optional) Service account description: Enter a description of the service account.
2. 
2. Do one of the following:
• If you do not want to set permissions now, click Done to finish creating the service account.
• To set permissions now, click Create and continue.
3. If you have clicked Create and continue, under Permissions, do the following:
1. From the Role drop-down list, select Custom.
2. Select one or more IAM roles to grant access to the project.
3. Click Continue.
4. Note: For VSB to Google Cloud and Google Cloud data store operations, see the following links and assign roles accordingly:
• Configure IAM Granular Permissions for Service Accounts with VSB to Google Cloud
• Configure IAM Granular Permissions for Service Accounts with Google Cloud Data Store
5. 
4. To finish the creation of service account, click Done.
7. The service account page appears and displays the service account that you have added.
7. Click the email address of the service account for which you want to create a key.
8. The Service account details tab appears.
8. Select the Keys tab. From the Add key drop-down list, select Create new key.
9. 
10. The Create private key for <service account> dialog appears.
9. For Key Type, select JSON, and then click Create.



A JSON key file gets downloaded to your downloads folder.

Important! The downloaded key file is the only copy of the private key. Store it securely, as you won't able to download it again. If you lose the key file, you must create a new key and revoke the old one.

Use this JSON file in the UDP Console when adding a cloud account for Google Cloud Platform or when creating a Google Cloud Data Store.