When executing the command to list keys for a specific SA it indicates there was a key created:
gcloud iam service-accounts keys list --iam-account=service-account@project-name.iam.gserviceaccount.com --project project-name
output example
KEY_ID CREATED_AT EXPIRES_AT
abc123abc123xyz123xyz123 2023-04-26T08:00:19Z 2023-05-13T08:00:19Z
However when looking at the keys for this service account in the Console there are no keys. How can I validate and confirm what this key is and whether it actually exists or not?
Realised this is a system managed key (owned by Google). I validated this first by adding --mananged-by user and the key didn't show up. Then I ran the command with --managed-by system and it showed up. I then ran the command with --format json to output more verbose data:
$ gcloud iam service-accounts keys list --iam-account=service-account@project-name.iam.gserviceaccount.com --project project-name --format json
[
{
"keyAlgorithm": "KEY_ALG_RSA_2048",
"keyOrigin": "GOOGLE_PROVIDED",
"keyType": "SYSTEM_MANAGED",
"name": "projects/project-name/serviceAccounts/service-account@mgcp-1068761-eagleeye-project-name.iam.gserviceaccount.com/keys/abc123abc123xyz123xyz123",
"validAfterTime": "2023-04-26T08:00:19Z",
"validBeforeTime": "2023-05-13T08:00:19Z"
}
]