68

I try to use the Google Translate API in my development, but i can´t find a way to obtain the "service_account.json" file.

The step on "Console Google Cloud Platform":

steps on Console :

enter image description here

Please, I need the steps in detail, since what I get from Google do not serve me

Machavity
  • 30,841
  • 27
  • 92
  • 100
Alan Nexus
  • 793
  • 1
  • 6
  • 8

7 Answers7

58
  1. Go to https://console.cloud.google.com/apis/credentials
  2. On the top left there is a blue "create credentials" button click it and select "service account key." (see below if its not there)
  3. Choose the service account you want, and select "JSON" as the key type.
  4. It should allow give you a json to download

If the blue button is not there:

You need to fill in all the required fields on the "OAuth Consent screen" tab on the page linked above, or create one if one doesn't exist.

You may also need to create a client-id if that still doesn't work (I can't remember sorry).

If "service account key" isn't an option

You need to create a service account.

Go to https://console.cloud.google.com/iam-admin/serviceaccounts/project and click "Create Service Account"

HJED
  • 957
  • 1
  • 8
  • 16
  • 14
    What if I already have created service account key, but I now I want to download it again and don't want to create another one? – izogfif Dec 05 '19 at 06:27
  • 39
    For security reasons Google won't let you redownload it (they don't store the private key part) – HJED Dec 06 '19 at 07:21
  • 3
    so google downloaded the key somewhere in my computer without asking me where? I don't understand. – Giacomo May 04 '21 at 16:35
  • 1
    I couldn't get it to work with Firefox. Had to use Chrome to download the file. – spassvogel May 10 '21 at 21:25
54

Took me a while to find how to download the json key.

  1. Create a service account
  2. Open the service account in your cloud console and add a key enter image description here
  3. In the dropdown menu choose create key 4.Then choose key type json enter image description here
d1spstack
  • 930
  • 1
  • 5
  • 16
17

the newest way to get credential.js is click to 'your_email_servicer'-> chose tab key then click [add Key]

enter image description here

StupidWolf
  • 45,075
  • 17
  • 40
  • 72
Thế Thái
  • 179
  • 1
  • 3
6

The service account key can only be retrieved the first time the sa is created especially in case you did it via GCP console, it's a security mechanism. But it's not a big deal you can delete the old one and create a new one and that's it, the SA still remains the same, it's good to rotate keys.

In case you use IaC like GDM (Google Deployment Manager) or Terraform you can retrieve it as many times as you need.

For Terraform just configure the necessary output like this...

### Resources

resource "google_service_account" "my_service_account_name" {
  account_id    = "my-sa"
  display_name  = "my-sa"
  description   = "This is for descriptions"
}

resource "google_service_account_key" "my_service_account_key" {
  service_account_id = google_service_account.my_service_account_name.name
}

### Outputs

output "my_service_account_key" {
  description = "This is for descriptions (for single use)."
  # sensitive   = true # you can add sensitive to avoid showing it in plain text each time you run the code in case you don't need to retrieve it each time
  value = base64decode(google_service_account_key.my_service_account_key.private_key)
}

For GDM, remember it's not anymore recommended from GCP to be used for IaC management, you can still retrieve it with the CLI describing the resource and adding a basic jq query for the sa key resource...

gcloud deployment-manager deployments describe my-gdm-deployment-name \
    --project project-name \
    --format json | jq -r '.outputs[] | select(.name==my-sa-key-resource-name") | .finalValue'| base64 --decode
Kit Reitz
  • 61
  • 1
  • 1
  • Good info. But this does not explain how to upload output file (private key) to secret manager via "secret_data" argument using terraform. Can you please suggest and add in above answer? – Kaku Dec 24 '21 at 08:51
0

A note from me - the key downloads automatically when you create it. I spent a hour looking for a way to download it becacause I missed the fact that it downloaded automatically.

Mic95
  • 3
  • 2
0

The UI is a little confusing, here is the step on how you can download the serviceAccount.json file:

  1. log in to your GCP account
  2. Go to the "IAM & Admin" -> Service Accounts section
  3. Create a new service account or Click on the existing service account
  4. Click on the "Keys" tab
  5. Click on "Add Key" -> Click on "Create new Key".
  6. Select "JSON" from the radio button
  7. Click on the "Create" button
  8. It will create and download the service-account.json file in your system
Shubham Verma
  • 8,783
  • 6
  • 58
  • 79
0

terraform code:

resource "google_service_account" "service_account" {
  account_id   = "test
  display_name = "Test"
}
resource "google_service_account_key" "service_account" {
  service_account_id = google_service_account.service_account.name
  public_key_type    = "TYPE_X509_PEM_FILE"
}
resource "local_file" "service_account" {
    content  = base64decode(google_service_account_key.service_account.private_key)
    filename = "serviceaccount.json"
}
Jason
  • 47
  • 4