Find Access/Secret key in GCP

Question

I think the Access/Secret key in "Cloud Storage" (in INTEROPERABILITY) cannot be found in the GCP metadata. Is there any way to find it from the command line, just like in AWS? In AWS you can find the Access/Secret key with http://169.254.169.254/latest/metadata/iam/security-credentials/test-iam-policy.

Answer 1

In GCP, there is no option to view the service account keys(access/secret keys) directly from metadata or directly in the console. You can only view the respective SA(Service Account) that is attached to that particular bucket and using this SA, you can find the SA keys by following the process or steps mentioned below:

• If you are using the GCP console, you first need to navigate to the cloud storage tab and then click on the bucket for which you want to get the access/secret key details.

• In the permission tab you can find the service account associated with the bucket.

• Now navigate to IAM and click on the respective SA, here you can find the names of access/secret keys associated with that particular SA.

• If you want to use gcloud cli, type the below command

  gcloud storage service-agent --project=PROJECT_IDENTIFIER
  

• Now for finding the SA key details, you can use the below command

  gcloud iam service-accounts keys list --iam-account=SA_NAME@PROJECT_ID.iam.gserviceaccount.com
  

References:

1. https://cloud.google.com/storage/docs/getting-service-agent#command-line

2. https://cloud.google.com/iam/docs/keys-list-get#iam-service-account-keys-list-gcloud

Note: The commands are taken from the reference documents provided.