---
title: GCPServiceAccount
description: Resource path:
component: pingam
version: 8.1
page_id: pingam:entity-reference:sec-amster-entity-gcpserviceaccount
canonical_url: https://docs.pingidentity.com/pingam/8.1/entity-reference/sec-amster-entity-gcpserviceaccount.html
section_ids:
sec-amster-entity-gcpserviceaccount-global-ops: Global Operations
sec-amster-entity-gcpserviceaccount-global-ops-create: create
sec-amster-entity-gcpserviceaccount-global-ops-delete: delete
sec-amster-entity-gcpserviceaccount-global-ops-getalltypes: getAllTypes
sec-amster-entity-gcpserviceaccount-global-ops-getcreatabletypes: getCreatableTypes
sec-amster-entity-gcpserviceaccount-global-ops-nextdescendents: nextdescendents
sec-amster-entity-gcpserviceaccount-global-ops-query: query
sec-amster-entity-gcpserviceaccount-global-ops-read: read
sec-amster-entity-gcpserviceaccount-global-ops-update: update
---
# GCPServiceAccount
## Global Operations
Resource path:
```
/global-config/services/GoogleCloudServiceAccountService/serviceAccounts
```
Resource version: `1.0`
### create
**Usage**
```
am> create GCPServiceAccount --global --id id --body body
```
**Parameters**
* *\--id*
The unique identifier for the resource.
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"allowedSecretNamePatterns" : {
"title" : "Allowed Secret Names",
"description" : "A list of patterns of Google Secret Manager secret names that are allowed to be usedwith this service account. Patterns can include the wildcard \"*\".",
"propertyOrder" : 300,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
},
"credentialsSecretId" : {
"title" : "Credentials Secret Label",
"description" : "The label of the secret that contains the GCP service account credentials. Leave blank to use the default credentials from the environment. Credentials can be loaded from disk using a FileSystem Secret Store.",
"propertyOrder" : 100,
"required" : false,
"type" : "string",
"exampleValue" : ""
},
"allowedRealms" : {
"title" : "Allowed Realms",
"description" : "A list of realms that are allowed to use this service account. Realms should be specified in path form, such as /subrealm/subsubrealm.",
"propertyOrder" : 200,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
},
"disallowedSecretNamePatterns" : {
"title" : "Disallowed Secret Names",
"description" : "A list of patterns of Google Secret Manager secret names that are not allowed to be used with this service account. Patterns can include the wildcard \"*\".",
"propertyOrder" : 400,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
}
}
}
```
### delete
**Usage**
```
am> delete GCPServiceAccount --global --id id
```
**Parameters**
* *\--id*
The unique identifier for the resource.
### getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
**Usage**
```
am> action GCPServiceAccount --global --actionName getAllTypes
```
### getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
**Usage**
```
am> action GCPServiceAccount --global --actionName getCreatableTypes
```
### nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
**Usage**
```
am> action GCPServiceAccount --global --actionName nextdescendents
```
### query
Get the full list of instances of this collection. This query only supports `_queryFilter=true` filter.
**Usage**
```
am> query GCPServiceAccount --global --filter filter
```
**Parameters**
* *\--filter*
A CREST formatted query filter, where "true" will query all.
### read
**Usage**
```
am> read GCPServiceAccount --global --id id
```
**Parameters**
* *\--id*
The unique identifier for the resource.
### update
**Usage**
```
am> update GCPServiceAccount --global --id id --body body
```
**Parameters**
* *\--id*
The unique identifier for the resource.
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"allowedSecretNamePatterns" : {
"title" : "Allowed Secret Names",
"description" : "A list of patterns of Google Secret Manager secret names that are allowed to be usedwith this service account. Patterns can include the wildcard \"*\".",
"propertyOrder" : 300,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
},
"credentialsSecretId" : {
"title" : "Credentials Secret Label",
"description" : "The label of the secret that contains the GCP service account credentials. Leave blank to use the default credentials from the environment. Credentials can be loaded from disk using a FileSystem Secret Store.",
"propertyOrder" : 100,
"required" : false,
"type" : "string",
"exampleValue" : ""
},
"allowedRealms" : {
"title" : "Allowed Realms",
"description" : "A list of realms that are allowed to use this service account. Realms should be specified in path form, such as /subrealm/subsubrealm.",
"propertyOrder" : 200,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
},
"disallowedSecretNamePatterns" : {
"title" : "Disallowed Secret Names",
"description" : "A list of patterns of Google Secret Manager secret names that are not allowed to be used with this service account. Patterns can include the wildcard \"*\".",
"propertyOrder" : 400,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
}
}
}
```