Cloud Data Fusion: Adding a Service Account to the Secure Store

Adding a Service Account

Adding a service account key can be a little bit tricky compared to a simple username or password. The key itself is a large JSON record and care needs to be taken in order to format it properly to the Secure Store. Here is a dummy key for this example.

{
"type": "service_account",
"project_id": "my-project",
"private_key_id": "my private key 123456",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvAIDFDFDFBADANBgkqhkiG9wQUITLOOKINGATMYKEYAoIBAQDYKWZDFDFDFDFDFDzPOkGcF\n7HuVC7WYDFDze3rBmAA4A6thinkagainthisisafakekey2sQz0/JnIZrdOd/\nEgpeFlDFEirQADFDvlzG__https://www.youtube.com/watch?v=dQw4w9WgXcQ__r3lLA\nEvf1p6tcn0qoareyoustillreadingthisVuPNy9X2sA3MYSpY\nBaGsFhrLDFDFEFL70o3Ri8kNseriouslyyoushouldstops37sWR1ouWUjfZinhnijxdmv\nQDup0PCUz2q3NsRNRJEYyjifstillherehuhRal8VAi88Fbs1psXcqR4iK\nIU1Lpzwa+deA3PEKh0GNZhellowworlduyYqG3WkH5WFo\n193VkUgS+l9UfbzcC/Dks4IliketurtlesF8atqHIWAp5IiXi\nvV/4II9jLkbDp1yiUaEbga0=DXg6j\n/MDLsrOji9BRVdGbdaUimBr22GGJktQI71IJb++cAPwBY/Ak2\norY47u008XhYBecVO+ixy4RYfvzBd/oAQxwvSaLlWQKBgQDuM5sCLBVMpWfd5rju\nm0Zd0w2GhyQ6gxoAI326JnKPPFjCbe+m3HWvUzN3jwAZFdPXT\n/ZQqSSV/qAq6lbzZzVxsAJ4MjJpcIslGPMIXYoyWIe1j3Bli5uv778EJCDxLcADA\nsr5YaMdoumL7lRMyNWtKvj1rBQKBgQDoUDWX3oM4HKM6rWZGlnn0FKlgqVKrTtKz\nkXQ/+f/sXlwbDpxhW1vuLUwRt3rLNEPwmJGimBvrSZRrzYV8PIohVq9WeE\ne6zPOIN5E6maAPduU3Q02t/Tj6d0LTGWnY9ZIQptrdFEAj6TcZ+fIf\ni7c9sigBB6tYCi+B5DWzo4hmH44vtvcYqh9d/h2mMEhOLEaSnl5W\neHWLEYdfYPDKWszYvbhUbSVrZ7K9OMDqKUPbVCNlV72JFWYc3Bj/txkK\n3wqAUZoL3fSmWLklBNwV+TfiOzrAgMzQhGuftBQtj67FjZAoGAQ3po\n1sAPJVFMKFMNjhtPx3uf8z4vLcdj\nJfNAyMsKj4EFASDFvR/8WOQjSOXruw\n+d3v9NMGyHorASDFSFAGFADSFAcDV+xd2rhmBk\nQqYflEiit9Pc6vO5ASDFADF3333l7dV7GBWN30S7+MaFE2SI/V\ncLsuOT+452bXl/51+W2X1ascpLV9\nsQRfWwlogctcg8C2QWK/rg==\n-----END PRIVATE KEY-----\n",
"client_email": "admin@allenparsensproject.iam.gserviceaccount.com",
"client_id": "my-client-id",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/notmyproject.iam.gserviceaccount.com"
}
{
"description": "my service account key description",
"data": "where your service account json key goes",
"properties": {
"property-key": "service account demo key property"}
}
{
"description": "my fake key",
"data": ""{\"type\": \"service_account\",\"project_id\": \"my-project\",\"private_key_id\": \"my private key 123456\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvAIDFDFDFBADANBgkqhkiG9wQUITLOOKINGATMYKEYAoIBAQDYKWZDFDFDFDFDFDzPOkGcF\\n7HuVC7WYDFDze3rBmAA4A6thinkagainthisisafakekey2sQz0/JnIZrdOd/\\nEgpeFlDFEirQADFDvlzG__https://www.youtube.com/watch?v=dQw4w9WgXcQ__r3lLA\\nEvf1p6tcn0qoareyoustillreadingthisVuPNy9X2sA3MYSpY\\nBaGsFhrLDFDFEFL70o3Ri8kNseriouslyyoushouldstops37sWR1ouWUjfZinhnijxdmv\\nQDup0PCUz2q3NsRNRJEYyjifstillherehuhRal8VA1psXcqR4iK\\nIU1Lpzwa+deA3PEKh0GNZhellowworlduyYqG3WkH5WFo\\n193VkUgS+l9UfbzcC/Dks4IliketurtlesF8atqHIWAp5IiXi\\nvV/4II9jLkbDp1yiUaEbga0=DXg6j\\n/MDLsrOji9BR2GGJktQI71IJb++cAPwBY/Ak2\\norY47u008XhYBecVO+ixy4RYfvzBd/oAQxwvQDuM5sCLBVMpWfd5rju\\nm0Zd0w2ubWBB7VLGhyQ6gxoAI326JnKPPFjCzN3jwAZFdPXT\\n/ZQqSSV/qAq6lbzZzVxsAJ4MjJpcIslGPMIXYoyWIe1j3Bli5uv778EJCDxLcADA\\nsr5YaMdoumL7lRMyNWtKvj1rBQKBgQDoUDWX3oM4HKM6rWZGlnn0FKlgqVKrTtKz\\nkXQ/+f/sXlwbDpxhW1vuLUwRt3rLNEPwmJGimBvrSZRrzYVswF8N78PIohVq9WeE\\ne6zPOINAPduU3Q02t/Tj6d0LTGWYO5E8qFO2LnY9ZIQptrdFEAj6TcZ+fIf\\ni7c9siiijwKBgBB6tvcYqh9d/h2mMEhOLEaSnl5W\\neHWLEYdfYPDKWszYVjt0qO02vbV72JFWYc3Bj/txkK\\n3wqrILrKQSmWLklBNwV+TfiOzrAgMzQhGuftBQtj67FjZAoGAQ3po\\n1sAPJVFMKFMNjhtPORJ3UFheZtvyXFltnz5x3uf8z4vLcdj\\nJfNAyMsKj4EFASDFvR/8WOQjSOXruw\\n+d3v9NMGyHorASDFASDFADSFADSFAGFADSFAcDV+xd2rhmBk\\nQqYflEiit9Pc6vO5ASDFADF3333l7dV7GBWN30S7+MaFE2SI/V\\ncLsuOT+452bXl/51+W2X1ascpLV9\\nsQRfWwlogctcg8C2QWK/rg==\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"admin@allenparsensproject.iam.gserviceaccount.com\",\"client_id\": \"my-client-id\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://oauth2.googleapis.com/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/notmyproject.iam.gserviceaccount.com\"}",
"properties": {
"property-key": "demo sa key"}
}
Successful 200 code for submitting the key: PUT
Successful 200 code for reading the key

Next Steps

With the key successfully uploaded, it can now be referenced in pipelines as well as compute profiles without having to explicitly list the key. In the example image below, the Shield Icon on some of the parameter fields allow you to select the key you wish to use. In other scenarios, just reference the key with in the secure macro format ${secure(my key name)}.

secure key selection

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Justin Taras

Justin Taras

I’m a Google Customer Engineer interested in all things data. I love helping customers leverage their data to build new and powerful data driven applications!