2 years ago I had a dream ! Back then my company was asking me for detailed information about Google Cloud service account key usage and I was having …nothing to work with at that time.

While this has now changed, remember most importantly that you should :

“Only use service accounts key files where appropriate”

Ok, you know service accounts have to be used only where appropriate, and this is more true for service account keys, check the official Google Blog :

https://cloud.google.com/blog/products/identity-security/how-to-authenticate-service-accounts-to-help-keep-applications-secure

The problem with a key is its lifecycle — we know that it’s recommended to rotate them, to use them only when mandatory, and…


When you work for the first cosmetics group in the world, you work with the data, you work for the data, you work because of the data and you almost live for the data! The Company now wants to leverage Cloud technology for their data, for their business, for their customers

But does that mean cost a lot of money?

Consuming a lot of resources?

Need a lot of people for that?

Let’s do some tests to answer that!

The right tool for the right use case.

This is where Google Cloud Platform is coming. Because Google is the biggest…


One of the things that we like the most with Cloud Providers is when you just give some lines of code and the rest of the story is not made by you.

Cloud Build, the serverless CI/CD product of Google Cloud is amazing, because it’s simple, smart and efficient.

Today I’m going to tell you :

  • How to use CloudBuild
  • How to secure your CloudBuild
  • Deploy a Cloud Function with CloudBuild
  • Call cURL from CloudBuild
  • Use Terraform in CloudBuild
  • Trigger a CloudBuild from everywhere
  • Trigger a CloudBuild from another CloudBuild
  • GCP IAM “Add Permissions” operation from CloudBuild

The trigger functionality of Cloud Build is easy to configure.

Here I have a Cloud Repository where my code is…


When your organization is growing quickly their use of public cloud, security should not be left as an afterthought.

One of the most important aspect is the ServiceAccount (we call it SA) and the keys that are attached to it.

The SA is not the problem here, as Google recommends replacing default SA’s with specific ones and separate them for each services used in GCP.

The biggest problem is the external KEY, we can call it exfiltration of data, we can have multiple people sharing the same key, let’s face it : it’s out of control !!!

Most of the…

Antoine Castex

GCP Patriot, 4x Certified ! https://twitter.com/_antoine_cas

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store