Skip to content


By following these instructions, you’ll retrieve the service account JSON credentials. These credentials are required by CAST AI for creating a cluster with GCP resources.

Method 1: Create using gcloud utility


  • (recommended) Visit the Google Cloud Platform and make sure you have selected the right project. Project needs to be precreated with billing account linked (can be free $300 trial). Open Cloud Shell at the top right side of menu bar.
  • (alternative) You can also use your local gcloud installation. Make sure that you have activated the right project (gcloud projects list and gcloud config set project {{desired-project-id-here}})

Generate service account

Run the script displayed below. It will create a new service account with the required permissions, enable the required APIs, and print your service account key JSON.

/bin/bash -c "$(curl -fsSL"

You'll see the following output:

[email protected]:~ (project)$ /bin/bash -c "$(curl -fsSL"

Your active configuration is: [cloudshell-21130]
Setting up GCP cloud credentials
SERVICE_ACCOUNT_EMAIL=[email protected]
Enabling required google cloud apis
Creating service account
Generating service account key
Assigning required roles to [email protected] service account
- Assigning roles/compute.admin
- Assigning roles/iam.serviceAccountUser
- Assigning roles/iam.serviceAccountAdmin
- Assigning roles/iam.roleAdmin
- Assigning roles/iam.serviceAccountKeyAdmin
- Assigning roles/resourcemanager.projectIamAdmin
Activating [email protected] service account
Service account key json:
  "type": "service_account",
  "project_id": "project",
  "private_key_id": "xxxxxxxxxxxxxxxxxxxxxx",
  "private_key": "-----BEGIN PRIVATE KEY-----\nxxxxxxxxxxxxxxxxxxxxxx\n-----END PRIVATE KEY-----\n",
  "client_email": "[email protected]",
  "client_id": "xxxxxxxxxxxxxxxxxxxxxx",
  "auth_uri": "",
  "token_uri": "",
  "auth_provider_x509_cert_url": "",
  "client_x509_cert_url": ""
  1. Copy the displayed JSON
  2. Open cloud credentials in CAST AI console
  3. Select Google Cloud Platform
  4. Paste it in the Service Account JSON field.

Cloud Shell will copy a selected text automatically. Don't use ctrl+c as "private_key" part of the JSON might get corrupted due to word wrapping.

Next step: create cluster

Method 2: Create it manually using the Google Cloud Console

Project prerequisites

Note that the project where you created your service account needs to have the following APIs enabled:

Compute API
Resource Manager API

Please follow the GCP guide to learn more about how to enable APIs.

Create service account

  1. Open

  2. Select your project (or create a new one) in the top bar.

  3. Go to the Navigation bar, select IAM & Admin, and then Service accounts:

  4. Click Create service account:

    • Enter the preferred Service account name and description. Click Create

    • Add the following roles to the created account:

    • Click Save.

    • In the last step of the service account creation, click Done without entering any data.

Create key

The created account will appear in the service accounts list. Click on it to access additional options.

  • In the Keys section, click on Add Key → Create new key.
  • Select the JSON option and click Create.
  • You will get a file download prompt. After the JSON file is downloaded open cloud credentials in CAST AI console and select Google Cloud platform
  • Copy file contents to the input field or click on the Read from file button to import the file.

Next step: create cluster