A Service Account in GCP is a special type of account used by applications, virtual machines, or services to interact with Google Cloud resources securely. Instead of a human identity, it represents a non-human identity with its own set of permissions defined by IAM roles. Service Accounts enable secure authentication and authorization for workloads, allowing them to call APIs, access data, or perform operations without embedding user credentials. They are essential for automating tasks, managing least-privilege access, and ensuring secure communication between services within Google Cloud environments.
Fields
| Title | ID | Type | Data Type | Description |
|---|
| _key | core | string | |
| ancestors | core | array<string> | |
| datadog_display_name | core | string | |
| description | core | string | Optional. A user-specified, human-readable description of the service account. The maximum length is 256 UTF-8 bytes. |
| disabled | core | bool | Output only. Whether the service account is disabled. |
| email | core | string | Output only. The email address of the service account. |
| gcp_display_name | core | string | Optional. A user-specified, human-readable name for the service account. The maximum length is 100 UTF-8 bytes. |
| labels | core | array<string> | |
| name | core | string | The resource name of the service account. Use one of the following formats: * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an alternative, you can use the `-` wildcard character instead of the project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error. |
| oauth2_client_id | core | string | Output only. The OAuth 2.0 client ID for the service account. |
| organization_id | core | string | |
| parent | core | string | |
| project_id | core | string | Output only. The ID of the project that owns the service account. |
| project_number | core | string | |
| resource_name | core | string | |
| tags | core | hstore | |
| unique_id | core | string | Output only. The unique, stable numeric ID for the service account. Each service account retains its unique ID even if you delete the service account. For example, if you delete a service account, then create a new service account with the same name, the new service account has a different unique ID than the deleted service account. |
