Update the Private Key for GCP Service Accounts

When you add a GCP cloud account, you use a private key for a GCP service account. If you need to delete this private key in GCP for security reasons, you can download a new key and update the GCP cloud account with the new key.

Access:

Views > Inventory > Infrastructure or Applications

Available to:

Commander Roles of Superuser and Enterprise Admin

  1. In the GCP console, download a new private key for the service account used to add the cloud account to Commander. To do so:
    1. Use the navigation menu to navigate to IAM & admin.
    2. In the header, select the project where the service account was created.
    3. In the left menu, select Service accounts.
    4. On the Service accounts page, select the service account whose private key you need to update.
    5. Click Edit.
    6. Click Create Key.
    7. In the dialog that appears, keep the default key type, JSON, and click Create.
    8. If your browser prompts you to save the file, save it to a known location.

      A JSON file that contains your key will download to your computer. This is the only time when you can download this private key.

    9. Click Cancel to exit Edit mode.
  2. In Commander, from the Inventory tree, select the GCP cloud account, then select Actions > Edit Cloud Account.
  3. In the Edit Cloud Account dialog, for Private Key (JSON) File, browse to the location of the new private key.

    Commander validates the file to ensure that it's a private key file in JSON format. If the file is valid, Commander displays the Client ID and the Client Email for this service account.

  4. Click OK.

    Commander now uses the new private key for authentication.

  5. In the GCP Console, it's now safe to delete the private key that was originally used for the GCP cloud account.