In this article we will download and install the Google gcloud CLI. Then we will setup gcloud with Google Service Account credentials. This article is for Windows based system but the same principles apply to Linux and Mac systems.

Step 1 – Download gcloud

Google Cloud SDK Installer

Step 2 – Launch the installer

At the Completing the Google Cloud SDK Setup Wizard, deselect Run gcloud init to configure the Cloud SDK. The reason is that we only want to use Service Account credentials.

Step 3 – Access a Google public bucket
gsutil ls gs://gcp-public-data-landsat

This command should succeed and provide a listing of the files in this bucket. This command verifies that the CLI is installed. We have not setup credentials yet.

Step 4 – Access one of your own private buckets

This step will verify that you have no credentials. Change the bucket name to a private bucket that you own.

gsutil ls gs://mybucket

This command should fail. If it succeeds you have a public bucket that anyone can access.

Step 5 – Create Google Service Account credentials.

You can skip this step if you already have credentials to use.

In this example we will only grant Storage Admin to these credentials.

  1. Go to IAM & admin -> Service accounts
  3. Enter a Service account name and Service account description
  4. Click CREATE
  5. In the next screen Service account permissions, select a role.
  6. Select Storage -> Storage Admin
  7. Click CONTINUE
  8. Click Create key
  9. Check the JSON radio button for the Key type
  10. Save the json file to your local computer.

Make note of the email address that Google Cloud created for these credentials.

Step 6- Configure gcloud with the Google Service Account credentials

In this example, the email address is:

The credentials file is: test_google_account.json

Modify these items to what you created in step 5.

gcloud auth activate-service-account --key-file=test_google_account.json
Step 7 – Verify that the credentials work

Change the bucket name to a private bucket that you own.

gsutil ls gs://mybucket

This command should now succeed.

You have now successfully configured gcloud to work with Google Service Account credentials.

In a follow-on article I will show you how to use these same credentials when programming, for example, in Python, C#, etc. Then we will cover in detail what Google Service Account credentials are and how to programmatically generate Access Tokens from these credentials.