2.1. Service Account Credentials
Prev 2. Query Execution Next

2.1. Service Account Credentials

Google provides some information about using a service account key file at https://cloud.google.com/bigquery/docs/authentication/service-account-file. The instructions below describe how to use a service account key file from the bq command.

Prerequisites:

Instructions:

  1. Start a shell with access to required commands.

    If you are expert, then you can attempt to do this on a local machine. Alternatively, to use Google Cloud Shell, see https://cloud.google.com/shell/docs/launching-cloud-shell and following sections of the Google Cloud Shell documentation. Cloud Shell is available at https://console.cloud.google.com/home/dashboard?cloudshell=true.

  2. Create $HOME/.bigqueryrc.

    If $HOME/.bigqueryrc does not already exist, create it by executing the command below. 

    touch "$HOME/.bigqueryrc"

  3. List pre-existing gcloud configurations.

    Execute the command below. 

    gcloud \
    config \
    configurations \
    list

  4. Activate a pre-existing gcloud configuration.

    If a satisfactory pre-existing configuration exists, execute the command below, replacing SERVICE_ACCOUNT_CONFIGURATION with the necessary configuration, and proceed to Step 9. Otherwise, proceed with the next step. 

    gcloud \
    config \
    configurations \
    activate \
    SERVICE_ACCOUNT_CONFIGURATION

  5. Create a gcloud configuration.

    If a new configuration is needed, execute the command below, replacing SERVICE_ACCOUNT_CONFIGURATION with a suitable name for the configuration as needed. 

    gcloud \
    config \
    configurations \
    create \
    SERVICE_ACCOUNT_CONFIGURATION

  6. List pre-existing credentialed accounts.

    Execute the command below. 

    gcloud \
    auth \
    list

  7. Set the gcloud configuration account.

    If the service account is not already registered, execute the command below, replacing KEY_FILE_PATH with the path to the necessary service account key file. 

    gcloud \
    auth \
    activate-service-account \
    --key-file KEY_FILE_PATH

    Otherwise, if the service account has already been registered, execute the command below, replacing SERVICE_ACCOUNT with the service account (e.g., some-service-account@some-project-id.iam.gserviceaccount.com). 

    gcloud \
    config \
    set \
    account \
    'SERVICE_ACCOUNT'

  8. Set the gcloud configuration default project.

    Execute the command below, replacing PROJECT_ID as needed. 

    gcloud \
    config \
    set \
    project \
    PROJECT_ID

  9. Submit a query using the service account credentials.

    Execute a command like the one below, modifying arguments as needed. 

    bq \
    query \
    --nouse_legacy_sql \
    'select count(*) from `PROJECT.DATASET.TABLE`;'

  10. Activate another gcloud configuration.

    When finished using the service account credentials, execute the command below, replacing ACCOUNT as needed. 

    gcloud \
    config \
    configurations \
    activate \
    ACCOUNT

  11. Delete the service account configuration.

    If you wish to delete the service account configuration, execute the command below, replacing SERVICE_ACCOUNT_CONFIGURATION as needed. 

    gcloud \
    config \
    configurations \
    delete \
    SERVICE_ACCOUNT_CONFIGURATION

  12. Remove service account from accounts list.

    If you wish to remove the service account from your gcloud accounts list, execute the command below, replacing SERVICE_ACCOUNT as needed (e.g., some-service-account@some-project-id.iam.gserviceaccount.com). 

    gcloud \
    auth \
    revoke \
    'SERVICE_ACCOUNT'
Prev Up Next
2. Query Execution Home | ToC 3. Query Syntax