Where should private service account key for Google be stored on Mac

Question

I've created a public/private key pair as described here for the Google Cloud Platform (see graphic below)

The problem: I can't find a shred of documentation describing where to put it. This thing is not the typical SSH key pair, but rather a JSON file.

Where should it be stored on a mac to allow the gcloud command to authenticate and push to the GCP?

Answer 1

The CaioT answer is the right one if you want to use a service account key file locally.

However, the question shouldn't be asked because it's a bad practice to have service account key files. They have to be used in only few cases. Else, they are security weakness in your projects.

Have a higher look on this key file. At the end, it's only a file, stored on your mac (or elsewhere) without special security dispositions. You can copy it without any problem, edit it, copy the content. You can send it by email, push it in Git repository (might be public!)...

If you are several developers to work on the same project, it because quickly a mess to know who manage the keys. When you have a leak, it's hard to know which key has been used and need to be removed,...

So, have a closer look to this part of the documentation. I also wrote some articles to propose alternative to use them. Let me know if you are interested.

Answer 2

If you are authenticating locally with a service account to build/push with gcloud, you should set the environment variable on your mac terminal to point to the JSON key file.

export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/service-account-file.json"

Once this environment variable is defined, all the requests will be authenticated against that Service Account using the key info from the json file.

Please consider looking at the doc below for reference: https://cloud.google.com/docs/authentication/production