In this article, we will download and install the Google gcloud CLI. Then we will set up gcloud with Google Service Account credentials. This article is for Windows-based systems but the same principles apply to Linux and Mac systems.

Step 1 – Download gcloud

Google Cloud SDK Installer

Step 2 – Launch the installer

At the Completing the Google Cloud SDK Setup Wizard, deselect Run gcloud init to configure the Cloud SDK. The reason is that we only want to use Service Account credentials.

Step 3 – Access a Google public bucket

This command should succeed and provide a listing of the files in this bucket. This command verifies that the CLI is installed. We have not set up credentials yet.

Step 4 – Access one of your own private buckets

This step will verify that you have no credentials. Change the bucket name to a private bucket that you own.

This command should fail. If it succeeds you have a public bucket that anyone can access.

Step 5 – Create Google Service Account credentials.

You can skip this step if you already have credentials to use.

In this example, we will only grant Storage Admin to these credentials.

  1. Go to IAM & admin -> Service accounts
  2. Click CREATE SERVICE ACCOUNT
  3. Enter a Service account name and Service account description
  4. Click CREATE
  5. In the next screen Service account permissions, select a role.
  6. Select Storage -> Storage Admin
  7. Click CONTINUE
  8. Click Create key
  9. Check the JSON radio button for the Key type
  10. Save the json file to your local computer.

Make note of the email address that Google Cloud created for these credentials.

Step 6- Configure gcloud with the Google Service Account credentials

In this example, the email address is: test@development-123456.iam.gserviceaccount.com

The credentials file is: test_google_account.json

Modify these items to what you created in step 5.

Step 7 – Verify that the credentials work

Change the bucket name to a private bucket that you own.

This command should now succeed.

You have now successfully configured gcloud to work with Google Service Account credentials.

There are two commands that generate access tokens:

  • gcloud auth print-access-token
  • gcloud auth application-default print-access-token
Important Detail

Configuring gcloud with a service account sets up the tool’s credentials and does not create credentials for Application Default Credentials (ADC).

More information

In future articles, I will show you how to use these same credentials when programming, for example, in C++, Python, etc. Then we will cover in detail what Google Service Account credentials are and how to programmatically generate Access Tokens from these credentials.