Google Cloud Best practices for using, managing, and securing service accounts on Google Cloud

Service accounts play a key role in Google Cloud IAM, but they are easy to get wrong. If you’re not careful, you quickly end up with over-permissioned service accounts, accounts that are used across multiple applications, and service account keys being spread all across your environment.

Last week, I published two new best practices guides on the Google Cloud website which hopefully help customers avoid common mistakes related to service accounts.

The first guide, Best practices for using and managing service accounts, discusses:

  • When to use service accounts (and when not to)
  • How to authenticate service accounts
  • How to manage service accounts

The second guide, Best practices for securing service accounts, shows how you can protect against common service account-related threats, including:

  • Privilege escalation
  • Spoofing
  • Non-repudiation
  • Information disclosure

If you have feedback or comments about these guides, don’t hesitate to click the Send feedback button at the top of the page to let us know (or drop me a message directly).

For a full list of articles I’ve published on the Google Cloud website, see Articles on

Any opinions expressed on this blog are Johannes' own. Refer to the respective vendor’s product documentation for authoritative information.
« Back to home