Get the Cloud Storage service agent

This page describes how to find the email address of a project's Cloud Storage service agent, which is a specialized service account created and managed by Cloud Storage. For an overview of Cloud Storage service agents, including when they're created and how they're used, see Service Accounts for Cloud Storage. For a general overview of service accounts in Google Cloud, see Service Accounts.

Before you begin

In order to get the required permissions for finding the email address of a project's service agent, ask your administrator to grant you the View Service Accounts (roles/iam.serviceAccountViewer) role on the project.

This predefined role contains the resourcemanager.projects.get permission, which is required to access the service agent of a project. You can also get this permission with other predefined roles. To see which roles are associated with which permissions, refer to IAM roles for Cloud Storage.

For instructions on using roles to control access to projects, see Manage access.

Get the email address of a project's Cloud Storage service agent

Console

  1. In the Google Cloud console, go to the Cloud Storage Settings page.

    Go to Settings

  2. In the Project Access tab, the email address appears in the Cloud Storage Service Account section.

Command line

Use the gcloud storage service-agent command:

gcloud storage service-agent --project=PROJECT_IDENTIFIER

where PROJECT_IDENTIFIER is the ID or number of the relevant project. For example, my-project.

Client libraries

C++

For more information, see the Cloud Storage C++ API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries. 

namespacegcs=::google::cloud::storage;
using::google::cloud::StatusOr;
[](gcs::Clientclient){
StatusOr<gcs::ServiceAccount>account=client.GetServiceAccount();
if(!account)throwstd::move(account).status();
std::cout << "The service account details are " << *account << "\n";
}

C#

For more information, see the Cloud Storage C# API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries. 


usingGoogle.Cloud.Storage.V1 ;
usingSystem;
publicclassGetStorageServiceAccountSample
{
publicstringGetStorageServiceAccount(stringprojectId="your-project-id")
{
varstorage=StorageClient .Create ();
varserviceAccountEmail=storage.GetStorageServiceAccountEmail(projectId);
Console.WriteLine($"The GCS service account for project {projectId} is: {serviceAccountEmail}.");
returnserviceAccountEmail;
}
}

Go

For more information, see the Cloud Storage Go API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries. 

import(
"context"
"fmt"
"io"
"time"
"cloud.google.com/go/storage"
)
// getServiceAccount gets the default Cloud Storage service account email address.
funcgetServiceAccount(wio.Writer ,projectIDstring)error{
// projectID := "my-project-id"
ctx:=context.Background()
client,err:=storage.NewClient(ctx)
iferr!=nil{
returnfmt.Errorf("storage.NewClient: %w",err)
}
deferclient.Close()
ctx,cancel:=context.WithTimeout(ctx,time.Second*10)
defercancel()
serviceAccount,err:=client.ServiceAccount (ctx,projectID)
iferr!=nil{
returnfmt.Errorf("ServiceAccount: %w",err)
}
fmt.Fprintf(w,"The GCS service account for project %v is: %v\n",projectID,serviceAccount)
returnnil
}

Java

For more information, see the Cloud Storage Java API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries. 

importcom.google.cloud.storage.ServiceAccount ;
importcom.google.cloud.storage.Storage ;
importcom.google.cloud.storage.StorageOptions ;
publicclass GetServiceAccount{
publicstaticvoidgetServiceAccount(StringprojectId){
// The ID of your GCP project
// String projectId = "your-project-id";
Storage storage=StorageOptions .newBuilder().setProjectId(projectId).build().getService ();
ServiceAccount serviceAccount=storage.getServiceAccount (projectId);
System.out.println(
"The GCS service account for project "+projectId+" is: "+serviceAccount .getEmail ());
}
}

Node.js

For more information, see the Cloud Storage Node.js API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries. 

/**
 * TODO(developer): Uncomment the following lines before running the sample.
 */
// The ID of your GCP project
// const projectId = 'your-project-id';
// Imports the Google Cloud client library
const{Storage}=require('@google-cloud/storage');
// Creates a client
conststorage=newStorage({
projectId,
});
asyncfunctiongetServiceAccount(){
const[serviceAccount]=awaitstorage.getServiceAccount ();
console.log(
`The GCS service account for project ${projectId} is: ${serviceAccount.emailAddress }`
);
}
getServiceAccount().catch(console.error);

PHP

For more information, see the Cloud Storage PHP API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries. 

use Google\Cloud\Storage\StorageClient;
/**
 * Get the current service account email.
 *
 * @param string $projectId The ID of your Google Cloud Platform project.
 * (e.g. 'my-project-id')
 */
function get_service_account(string $projectId): void
{
 $storage = new StorageClient([
 'projectId' => $projectId,
 ]);
 $serviceAccountEmail = $storage->getServiceAccount();
 printf('The GCS service account email for project %s is %s', $projectId, $serviceAccountEmail);
}

Python

For more information, see the Cloud Storage Python API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries. 

fromgoogle.cloudimport storage
defget_service_account():
"""Get the service account email"""
 storage_client = storage .Client ()
 email = storage_client.get_service_account_email ()
 print(
 f"The GCS service account for project {storage_client.project } is: {email} "
 )

Ruby

For more information, see the Cloud Storage Ruby API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries. 

defget_service_account
require"google/cloud/storage"
storage=Google::Cloud::Storage .new
email=storage.service_account_email
puts"The GCS service account for project #{storage.project_id} is: #{email}"
end

JSON API

  1. Have gcloud CLI installed and initialized, which lets you generate an access token for the Authorization header.

  2. Use cURL to call the JSON API with a GET serviceAccount request:

    curl -X GET -H "Authorization: Bearer $(gcloud auth print-access-token)" \
"https://storage.googleapis.com/storage/v1/projects/PROJECT_ID/serviceAccount"

    Where PROJECT_ID is the ID or number of the relevant project. For example, my-project.

What's next

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年11月24日 UTC.