This topic describes how to create a GCP service account and an API key pair, and provides guidelines on how to edit the private key for use in FortiOS. If you enabled metadata Identity and Access Management (IAM) in Configuring GCP SDN Connector using service account, you do not need to create a service account.
- Log into the GCP Compute Portal.
- Go to IAM & admin > Service accounts.
- Create a service account:
- Select Create a service account.
- Name the account.
- Click CREATE and CONTINUE.
- From the Role dropdown list, select the desired role, then click CONTINUE or DONE.
This example selects a custom role for high availability (HA). You can select the viewer role or another role if the FortiGate is on-premise or you do not need to configure HA.
- If you are configuring the service account for use in an SDN connector for HA or for running the VM, select the correct IAM role with the needed permissions.
For guidelines on the IAM role permissions for HA, see Configuring GCP SDN Connector using service account.
For information about configuring a GCP IAM service account, see Creating and managing service accounts.
- (Optional) Configure user access.
- Edit the service account by selecting its email address.
- On the Keys tab, click ADD KEY.
- Select to import your existing key or generate another. If you create a new key, you can select a JSON formatted key or a P12, which includes the private and public keys. Once created, the key automatically downloads to your PC.
For information about creating service account keys, see Create and manage service account keys.
- Use a text editor to open the downloaded key.
- Find the line
“"private_key": "-----BEGIN PRIVATE KEY-----\n……”
- Edit the key between
“-----BEGIN PRIVATE KEY-----“and
”-----END PRIVATE KEY-----”.
"\n"using a tool or command of your choice, for example by using the Find and Replace function in Notepad++.
"\n"with the actual return line, rendering a correctly formatted private key.
- Copy and paste the key content into the FortiOS GUI or CLI.