Auth Activate-service-account [updated] | Gcloud

Think of it as a robot employee: It has an email address ( my-robot@project-123.iam.gserviceaccount.com ), specific IAM permissions (e.g., "Storage Admin"), but no login screen or CAPTCHA. The core syntax is deceptively simple:

In the world of Google Cloud, identity is everything. While developers often rely on their personal user credentials (protected by multi-factor authentication), this model breaks down in headless environments—CI/CD pipelines, servers, or automated scripts. How do you tell Google Cloud, "Trust this machine as much as you trust me"? gcloud auth activate-service-account

Enter , the command that bridges the gap between human-driven development and machine-driven automation. What is a Service Account? Before diving into the command, let’s define the actor. A service account is not a person; it is a Google Cloud identity belonging to your application or virtual machine. It uses JSON keys (or OIDC tokens) instead of passwords. Think of it as a robot employee: It

# Example: GitHub Action step - name: Authenticate to GCP run: | echo '$ secrets.GCP_SA_KEY ' > /tmp/key.json gcloud auth activate-service-account my-ci@project.iam.gserviceaccount.com \ --key-file=/tmp/key.json gcloud config set project my-project Terraform needs credentials to provision infrastructure. Instead of using application default credentials (which may be stale), you explicitly activate a service account before running terraform plan : How do you tell Google Cloud, "Trust this