Google Cloud Platform Key

This page shows how to write Terraform for Cloud Platform Key and write them securely.

google_service_account_key (Terraform)

The Key in Cloud Platform can be configured in Terraform with the resource name google_service_account_key. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub
resource "google_service_account_key" "airbyte_sa_key" {
  service_account_id =
  public_key_type    = "TYPE_X509_PEM_FILE"
  depends_on = [
resource "google_service_account_key" "traefik" {
  service_account_id =
  public_key_type    = "TYPE_X509_PEM_FILE"

resource "google_service_account" "grafana" {

Review your Terraform file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).


  • id optional computed - string
  • keepers optional - map from string to string

Arbitrary map of values that, when changed, will trigger recreation of resource.

The algorithm used to generate the key, used only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".

  • name optional computed - string

The name used for this key pair

The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.

The public key, base64 encoded

A field that allows clients to upload their own public key. If set, use this public key data to create a service account key for given service account. Please note, the expected format for this field is a base64 encoded X509_PEM.

The ID of the parent service account of the key. This can be a string in the format [ACCOUNT] or projects/[PROJECT_ID]/serviceAccounts/[ACCOUNT], where [ACCOUNT] is the email address or unique id of the service account. If the [ACCOUNT] syntax is used, the project will be inferred from the account.

The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

Explanation in Terraform Registry

Creates and manages service account keys, which allow the use of a service account outside of Google Cloud.

  • API documentation
  • How-to Guides
    • Official Documentation resource "time_rotating" "mykey_rotation" { rotation_days = 30 } resource "google_service_account_key" "mykey" { service_account_id = keepers = { rotation_time = time_rotating.mykey_rotation.rotation_rfc3339 } }
resource "google_service_account" "myaccount" {
  account_id   = "myaccount"
  display_name = "My Service Account"
resource "google_service_account_key" "mykey" {
  service_account_id =
resource "kubernetes_secret" "google-application-credentials" {
  metadata {
    name = "google-application-credentials"
  data = {
    "credentials.json" = base64decode(google_service_account_key.mykey.private_key)

Tips: Best Practices for The Other Google Cloud Platform Resources

In addition to the google_project, Google Cloud Platform has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.



Ensure project-level default network creation is disabled

It is better to disable the auto-creation of default networks. The default network for a GCP project is usually configured coarsely, leaving the risk of unwanted access to resources in the network.

Review your Google Cloud Platform settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Frequently asked questions

What is Google Cloud Platform Key?

Google Cloud Platform Key is a resource for Cloud Platform of Google Cloud Platform. Settings can be wrote in Terraform.

Where can I find the example code for the Google Cloud Platform Key?

For Terraform, the tuanchris/modern-data-stack and ajotaops/terraform source code examples are useful. See the Terraform Example section for further details.


Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.