1. CubeBackup Documents
  2. Tutorials
  3. How to allow service account key creation in Google Cloud Platform.

How to allow service account key creation in Google Cloud Platform.

Error: Key creation is not allowed on this service account

You may encounter the error Key creation is not allowed on this service account when running CubeBackup Service Account Generator or manually creating a service account key in Google Cloud Platform. This error is related to an organization policy constraint iam.disableServiceAccountKeyCreation enforced in your organization.

Error message: Key creation is not allowed on this service account Error message: Key creation is not allowed on this service account

To resolve this, you can choose to create the CubeBackup service account using a personal Gmail account, or follow the instructions below to get an exception and disable this constraint for your CubeBackup project.

Allow service account key creation for the CubeBackup project

Assign Organization Policy Administrator role

To set an organization policy, you must have the Organization Policy Administrator role.

  1. Sign in to the Google Cloud Console .
  2. From the project picker, select the main organization. select the main organization
  3. Navigate to the IAM & Admin > IAM page from the left panel.
  4. Click the + GRANT ACCESS button. A Grant access to yourdomain.com dialog will slide out from the right.
  5. Enter your email address in the Add principles > New principles textbox.
  6. In the Assigned roles > Select a role field, search for the Organization Policy Administrator and select it as the assigned role. assign organization policy administrator in GCP
  7. Click SAVE.

Manage organization policy for the CubeBackup project

  1. From the project picker, select the "CubeBackup project". select the CubeBackup project
  2. Navigate to the IAM & Admin > Organization policies page from the left panel.
  3. Enter Disable service account key creation in the Filter field to search for the organization policy, select the corresponding constraint from the result list. Search organization policy
  4. On the Policy details page, click MANAGE POLICY.
  5. On the Edit policy page, select Override parent's policy.
  6. Select ADD A RULE and set Enforcement to off.
  7. Click SET POLICY. Edit organization policy

Now, return to the CubeBackup Service Account Generator and retry downloading a service account key. The change may need some time to propagate. If it continues to fail, please reach out to us at [email protected].