From 7f14a9e4246458fe232d9e89e97aa6b84b73c6a1 Mon Sep 17 00:00:00 2001 From: Robert <17119716+robmonte@users.noreply.github.com> Date: Fri, 10 Mar 2023 09:13:37 -0600 Subject: [PATCH] Add info about gcp service account key encoding (#19496) --- website/content/docs/secrets/gcp.mdx | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/website/content/docs/secrets/gcp.mdx b/website/content/docs/secrets/gcp.mdx index 9d9940c0d590..eef36380d71b 100644 --- a/website/content/docs/secrets/gcp.mdx +++ b/website/content/docs/secrets/gcp.mdx @@ -294,8 +294,10 @@ $ curl -H "Authorization: Bearer ya29.c.ElodBmNPwHUNY5gcBpnXcE4ywG4w1k..." ### Service Account Keys -To generate service account keys, read from `gcp/.../key`. The roleset or static -account must have been created as type `service_account_key`: +To generate service account keys, read from `gcp/.../key`. Vault returns the service +account key data as a base64-encoded string in the `private_key_data` field. This can +be read by decoding it using `base64 --decode "ewogICJ0e..."` or another base64 tool of +your choice. The roleset or static account must have been created as type `service_account_key`: ```shell-session $ vault read gcp/roleset/my-key-roleset/key