Menu
gcloud has a --impersonate-service-account flaggsutil has a -i flag
But I want to configure impersonation once in my current session and then know that all future commands are using that service account. So what I want is to gcloud activate-service-account some-service-account-to-impersonate WITHOUT a static key. Is this possible? Can gcloud setup impersonation for my current session like this without me having to specify --impersonate-service-account for every command?
Additionally I want to develop locally and run my app locally as a service account using impersonation. If I have the app configured to use implicit creds (google SDK should look for GOOGLE_APPLICATION_CREDENTIALS or use the user's oath creds by default) I'm thinking it would be possible to run gcloud activate-service-account with impersonation then run my app in that same session and it will run with the impersonated account.
EDIT: per comments looks like this is what I want: gcloud config set auth/impersonate_service_account [SA_FULL_EMAIL]
534
I wrote an article that goes into detail on how to setup and use service account impersonation.
Google Cloud – Improving Security with Impersonation
To configure the CLI to use impersonation by default:
gcloud config set auth/impersonate_service_account [SA_FULL_EMAIL]
To clear this setting
gcloud config unset auth/impersonate_service_account
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
