./gcloud-sa-login.sh -k ./my-key.json -p my-project -v
The pipeline ran perfectly the next night. There were no human credentials to expire, and no JSON keys to hide. The service simply identified itself, proved it was allowed to do the work, and did it. gcloud login with service account
Now, the moment of truth. I ran the command that had failed an hour ago—a simple listing of the source data bucket. and did it. Now
Instead of a 403 Forbidden , the terminal scrolled through a list of file names. It worked. The Service Account had the permissions it needed, and because it was a Service Account, it didn't need a browser window to pop up for MFA (Multi-Factor Authentication). It didn't have a session timeout. It just was . gcloud login with service account