Stay organized with collectionsSave and categorize content based on your preferences.
You can useGoogle service accountsto give your
Knative serving services the necessary permissions to access Google Cloud
services, for exampleCloud Monitoring. Each service account
let you define a specific set ofIdentity and Access Management (IAM)permissions that you can associate with each
of your services through Kubernetes Secrets.
To create a service account, you can use the following steps that are provided
here for convenience. For complete details about creating and managing service
accounts, see theIdentity and Access Management documentation.
Console
To create a service account and then download the JSON key file using the
Google Cloud console:
Go to theService Accountspage in Google Cloud console.
UnderService account details, specify a name of your choice inService account name.
Optionally, modify theService account IDand add a description.
ClickCreate and continue.
UnderGrant this service account access to a project, from theSelect a roledrop-down list, select one or more roles for which you
the permissions granted to the service account. For example,Monitoring Metric Writer role.
ClickContinue, to
Optionally, you can specify users or groups who you want to associate
with the service account.
ClickDoneto create the service account.
In the list of service accounts, next to the service account you created,
clickmore_vertActions>Manage keys.
ClickAdd Key>Create a new key.
UnderKey type, selectJSON.
ClickCreate.
gcloud
See the following pages to learn how to use the gcloud CLI to:
After you create a key and download the JSON file which contains the credentials
of your service account, you use that key to create a
secret that you can then associate with your Knative serving services.
SeeUsing secretsto learn how to
create and then associate secrets with your services.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Using service account credentials\n\nYou can use [Google service accounts](/iam/docs/service-accounts) to give your\nKnative serving services the necessary permissions to access Google Cloud\nservices, for example [Cloud Monitoring](/monitoring). Each service account\nlet you define a specific set of\n[Identity and Access Management (IAM)](/iam) permissions that you can associate with each\nof your services through Kubernetes Secrets.\n\nTo create a service account, you can use the following steps that are provided\nhere for convenience. For complete details about creating and managing service\naccounts, see the\n[Identity and Access Management documentation](/iam/docs/creating-managing-service-accounts). \n\n### Console\n\nTo create a service account and then download the JSON key file using the\nGoogle Cloud console:\n\n1. Go to the **Service Accounts** page in Google Cloud console.\n\n [Go to Service Accounts](https://console.cloud.google.com/iam-admin/serviceaccounts)\n2. Click *add*\n **Create Service Account**.\n\n3. Under **Service account details** , specify a name of your choice in\n **Service account name**.\n\n4. Optionally, modify the **Service account ID** and add a description.\n\n5. Click **Create and continue**.\n\n6. Under **Grant this service account access to a project** , from the\n **Select a role** drop-down list, select one or more roles for which you\n the permissions granted to the service account. For example,\n [Monitoring Metric Writer role](/monitoring/access-control#mon_roles_desc).\n\n7. Click **Continue**, to\n\n8. Optionally, you can specify users or groups who you want to associate\n with the service account.\n\n9. Click **Done** to create the service account.\n\n10. In the list of service accounts, next to the service account you created,\n click *more_vert* **Actions\n \\\u003e Manage keys**.\n\n11. Click **Add Key \\\u003e Create a new key**.\n\n12. Under **Key type** , select **JSON**.\n\n13. Click **Create**.\n\n### gcloud\n\nSee the following pages to learn how to use the gcloud CLI to:\n\n1. [Create service accounts](/iam/docs/creating-managing-service-accounts).\n2. [Assign roles and permissions](/iam/docs/granting-roles-to-service-accounts).\n3. [Create account keys](/iam/docs/creating-managing-service-account-keys).\n\nAfter you create a key and download the JSON file which contains the credentials\nof your service account, you use that key to create a\nsecret that you can then associate with your Knative serving services.\n\nSee [Using secrets](/kubernetes-engine/enterprise/knative-serving/docs/configuring/using-secrets) to learn how to\ncreate and then associate secrets with your services.\n\nNext steps\n----------\n\nLearn how to [manage access](/kubernetes-engine/enterprise/knative-serving/docs/securing/managing-access) to your\nservices."]]
