https://pulumi.com logo
#python
Title
# python
w

worried-helmet-23171

10/27/2021, 3:08 AM
question - is there a programmatic way to provide pulumi GCP credentials as opposed to setting the env. export GOOGLE_CREDENTIALS ect ? Additionally is it possible to use a service account token with pulumi ?
f

freezing-van-87649

10/27/2021, 3:10 AM
Aside from
gcloud auth application-default login
?
did you check out the config docs?
Contents of a file that contains your service account private key in JSON format. You can download your existing Google Cloud service account file from the Google Cloud Console, or you can create a new one from the same page. Credentials can also be specified using any of the following environment variables (listed in order of precedence): 
GOOGLE_CREDENTIALS
GOOGLE_CLOUD_KEYFILE_JSON
GCLOUD_KEYFILE_JSON
. The 
GOOGLE_APPLICATION_CREDENTIALS
 environment variable can also contain the path of a file to obtain credentials from. If no credentials are specified, the provider will fall back to using the Google Application Default Credentials. If you are running Pulumi from a GCE instance, see Creating and Enabling Service Accounts for Instances for details.
w

worried-helmet-23171

10/27/2021, 3:43 AM
hey! thanks for the response. I did use this and it works but what I am trying to do is have pulumi create a list of service accounts (via cloudbuild) and then utilize those service accounts to build infrastructure per SA. I am wondering if there is a way to give pulumi a short lived token or credential to build per SA.
👍 1