I want to determine which service accounts in the console are being used and those that aren't.
Using gcloud iam service-accounts list, I'm able to get the list of accounts.
Using gcloud iam service-accounts keys list --iam-account=<IAM_ACCOUNT> shows me when the keys were created and when they expire.
However i'm not able to determine if they accounts were ever used.
What can i do to find this out?
What you want is not directly possible, as in a method like gcloud iam service-accounts describe will not give this information, and neither the IAM API or Cloud Console will give you this information.
Your best shot at this would be reading the activity logs of your project with gcloud logging read and filter those logs, looking for the service account that you want to use.
If you see that it could be useful to have such a feature in a better way, as in having this information in the describe command, feel free to open a request in the Public Issue Tracker