Article by Moses Frost (@mosesrenegade).
Default Account Information
Service Accounts
Service accounts are similar to Azure Service Principals. They can allow for programmatic access but also abuse.
Information on Service Accounts
User-Created Service Account: service-account-name@project-id.iam.gserviceaccount.com
Using the format above, you can denote the following items:
service-account-name
: This will tell you potentially what services this is for:Bigtable-sa
orcompute-sa
project-id
: This will be the project identifier that the service account is for. You can set yourgcloud
configuration to thisproject-id
. It will be numerical typically.
Default Service Account filename permutations:
serviceaccount.json
service_account.json
sa-private-key.json
service-account-file.json
Application-Based Service Account:
project-id@appspot.gserviceaccount.com
: Ths would beproject-id
value for App Engine or anything leveraging App Engine.project-number-compute@developer.gserviceaccount.com
: This service account is for Compute Engine where theproject-number-compute
will be:project-id
-compute
. I.E.1234567-compute
.
How to use Service Accounts
In a BASH (or equivalent) shell: export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/service-account-file.json"