Reputation: 4169
GCP service account naming
I'm setting up GCP, and one of the things I'd like to utilize is the Secrets Manager. In order to rotate keys, you need to set up pub/sub, and that needs a service account with the proper roles. I'm being asked to create a service account ending with @gcp-sa-secretmanager.iam.gserviceaccount.com. I can only seem to add SAs that end with @my-project-id.iam.gserviceaccount.com.
I can't find anything in the docs... anyone know?
Upvotes: 0
Views: 1693
Answers (1)
Reputation: 40336
Generally these accounts are Google-managed Service Accounts.
You do not create them yourself but you can reference them including binding them to IAM policies. See Service Agents
You didn't include a reference (!) but I assume you're using this Event Notifications for Secret Manager
When you create a service agent identity a Service Account of the form you describe (service-PROJECT_NUMBER@gcp-sa-secretmanager.iam.gserviceaccount.com) is returned (a reference to a Google-managed Service Account) by the command for you to use.
Upvotes: 2
Related Questions
- Service Account does not exists on GCP
- Google Function service account
- GCP service account issue
- GCP - switching to service account method
- GCP service Account Authentication
- Scope of Service Account in GCP
- Error while creating service account in GCP via SDK
- GCP service accounts use case
- Documentation GCP Service Account Delegation
- Service accounts inconsistencies