Service Account Keys

:::caution For developers and system integrations This guide is for developers integrating with Eigenoid APIs using a service account credential. If you're a regular user looking to set up your own login, see Getting started instead. :::

What is a Service Account Key?

The downloaded JSON file is a GCP service account credential. It authenticates your application to Google Cloud services — think of it as a password for your app. Keep it secure: never share it or commit it to source control.

warning

Never share your service account key or commit it to source control. Treat it like a password.

Quick Setup

export GOOGLE_APPLICATION_CREDENTIALS="/path/to/your-key.json"

Authenticate with gcloud

gcloud auth activate-service-account --key-file=/path/to/your-key.json

Usage Scenarios

Local Development

# Set the environment variable in your shell profile
export GOOGLE_APPLICATION_CREDENTIALS="/path/to/your-key.json"

# Verify authentication
gcloud auth list

Docker / Containers

# Mount the key file as a volume
docker run -v /path/to/your-key.json:/secrets/key.json \
  -e GOOGLE_APPLICATION_CREDENTIALS=/secrets/key.json \
  your-image

CI/CD Pipelines

# GitHub Actions example
- name: Authenticate to Google Cloud
  uses: google-github-actions/auth@v2
  with:
    credentials_json: ${{ secrets.GCP_SA_KEY }}

Security Best Practices

tip

Follow these best practices to keep your credentials secure.

Never commit keys to source control — add *.json to .gitignore.
Rotate keys periodically and revoke unused ones in the GCP Console.
Use Workload Identity Federation (WIF) when possible to avoid long-lived keys.

What is a Service Account Key?​

Quick Setup​

Authenticate with gcloud​

Usage Scenarios​

Local Development​

Docker / Containers​

CI/CD Pipelines​

Security Best Practices​