In this article we will download and install the Google gcloud CLI. Then we will setup gcloud with Google Service Account credentials. This article is for Windows based system but the same principles apply to Linux and Mac systems.
Step 1 – Download gcloud
Step 2 – Launch the installer
Completing the Google Cloud SDK Setup Wizard, deselect
Run gcloud init to configure the Cloud SDK. The reason is that we only want to use Service Account credentials.
Step 3 – Access a Google public bucket
gsutil ls gs://gcp-public-data-landsat
This command should succeed and provide a listing of the files in this bucket. This command verifies that the CLI is installed. We have not setup credentials yet.
Step 4 – Access one of your own private buckets
This step will verify that you have no credentials. Change the bucket name to a private bucket that you own.
gsutil ls gs://mybucket
This command should fail. If it succeeds you have a public bucket that anyone can access.
Step 5 – Create Google Service Account credentials.
You can skip this step if you already have credentials to use.
In this example we will only grant
Storage Admin to these credentials.
- Go to
IAM & admin->
CREATE SERVICE ACCOUNT
- Enter a
Service account nameand
Service account description
- In the next screen
Service account permissions, select a role.
- Check the
JSONradio button for the
- Save the json file to your local computer.
Make note of the email address that Google Cloud created for these credentials.
Step 6- Configure gcloud with the Google Service Account credentials
In this example, the email address is:
The credentials file is:
Modify these items to what you created in step 5.
gcloud auth activate-service-account firstname.lastname@example.org --key-file=test_google_account.json
Step 7 – Verify that the credentials work
Change the bucket name to a private bucket that you own.
gsutil ls gs://mybucket
This command should now succeed.
You have now successfully configured gcloud to work with Google Service Account credentials.
In a follow-on article I will show you how to use these same credentials when programming, for example, in Python, C#, etc. Then we will cover in detail what Google Service Account credentials are and how to programmatically generate Access Tokens from these credentials.
I design software for enterprise-class systems and data centers. My background is 30+ years in storage (SCSI, FC, iSCSI, disk arrays, imaging) virtualization. 20+ years in identity, security, and forensics.
For the past 14+ years, I have been working in the cloud (AWS, Azure, Google, Alibaba, IBM, Oracle) designing hybrid and multi-cloud software solutions. I am an MVP/GDE with several.