Google Cloud
Credential
Section titled “Credential”| Field | Description |
|---|---|
service_account_json | Contents of a Google service account JSON key file |
Paste the full JSON content of the service account key into the TUI credential field. Alternatively set GOOGLE_APPLICATION_CREDENTIALS to the file path or GCP_SERVICE_ACCOUNT_JSON to the raw JSON content.
What is listed
Section titled “What is listed”API keys — listed via the API Keys API (apikeys.googleapis.com) for each discovered project. Includes display name, created_at, and status (enabled/disabled).
Service account keys — listed via the IAM API for each service account in each project. Includes key algorithm, key origin, and disabled status.
Last-used date is not available from either API.
Configuration fields
Section titled “Configuration fields”| Field | Default | Description |
|---|---|---|
enumerate_all_projects | true | Auto-discover all projects accessible to the service account |
projects | (empty) | Override auto-discovery with a specific list of project IDs |
exclude_projects | (empty) | Comma-separated project IDs to skip |
include_gcp_managed_keys | false | Include system-managed service account keys |
Required service account roles
Section titled “Required service account roles”| Role | Purpose |
|---|---|
roles/resourcemanager.projectViewer | List projects |
roles/apikeys.viewer | List API keys |
roles/iam.serviceAccountViewer | List service accounts and their keys |
Key patterns
Section titled “Key patterns”| Pattern ID | Regex | Description |
|---|---|---|
google-api-key | AIza[0-9A-Za-z_\-]{35} | Google API key |