Back to Guides
Beginner

Google Cloud Service Account Setup

Create and configure a GCP service account for deploying to Google Cloud

⏱️ 10 minutes📅 Last updated: January 2025

What you'll learn

  • How to create a GCP service account
  • Required roles for deployment automation
  • How to generate and download JSON keys
  • How to connect GCP to Focal Deploy

Prerequisites

  • A Google Cloud Platform account (free tier available)
  • A GCP project with billing enabled
  • Owner or Editor permissions on the project
1

Open GCP Console

Navigate to the Google Cloud Console and select your project.

Open Service Accounts
2

Create Service Account

  1. Click "+ CREATE SERVICE ACCOUNT" at the top
  2. Enter service account name: focal-deploy
  3. Add description: Service account for Focal Deploy automation
  4. Click "CREATE AND CONTINUE"
3

Grant Roles

Add the following roles to the service account:

Compute Admin

Manage Compute Engine instances and resources

roles/compute.admin
Storage Admin

Manage Cloud Storage buckets and objects

roles/storage.admin
DNS Administrator

Manage Cloud DNS zones and records

roles/dns.admin
Service Account User

Allows acting as service accounts

roles/iam.serviceAccountUser

Click "+ ADD ANOTHER ROLE" for each role above

After adding all roles, click "CONTINUE"

4

Create JSON Key

  1. Skip "Grant users access" (optional) and click "DONE"
  2. Find your new service account in the list
  3. Click the three dots menu (⋮) on the right
  4. Select "Manage keys"
  5. Click "ADD KEY""Create new key"
  6. Select "JSON" as the key type
  7. Click "CREATE"

CRITICAL: Secure Your JSON Key!

The JSON file downloads automatically. This key grants full access to your GCP resources.

  • Never commit to Git
  • Never share publicly
  • Store securely (password manager recommended)
5

Enable Required APIs

Enable these APIs in your GCP project:

  1. Compute Engine APIEnable →
  2. Cloud Storage APIEnable →
  3. Cloud DNS APIEnable →
6

Add to Focal Deploy

  1. Log in to your Focal Deploy dashboard
  2. Navigate to Credentials page
  3. Click "Add GCP Credentials"
  4. Enter credential name: Production GCP
  5. Upload the JSON key file you downloaded in Step 4
  6. Click "Test Connection" to verify
  7. Click "Save"

Success! Your GCP credentials are securely stored and encrypted. Ready to deploy to Google Cloud!

Security Best Practices

✓ DO

  • ✓ Use separate service accounts per environment
  • ✓ Rotate keys every 90 days
  • ✓ Use principle of least privilege
  • ✓ Enable audit logging
  • ✓ Monitor service account activity

✗ DON'T

  • ✗ Use your personal GCP credentials
  • ✗ Share service account keys
  • ✗ Commit JSON keys to Git repositories
  • ✗ Give more permissions than needed
  • ✗ Use the same key across multiple apps

Next Steps

Deploy Your First App →

Now that your GCP credentials are set up, deploy your first application to Google Cloud.

Add AWS Too →

Deploy to both AWS and GCP? Set up your AWS IAM credentials as well.

Need help? Contact support or join our Discord

© 2025 Focal Deploy. All rights reserved. Licensed under the Focal Deploy Proprietary License.