Creating a Google Cloud Platform Service Account

To backup and restore Google Cloud Platform (GCP) instances, you must create a GCP service account and copy the private key file to each VSA proxy (access node).


To backup and restore Google Cloud Platform (GCP) instances, your GCP service account must have one of the following roles assigned:

  • Owner

  • Compute Instance Admin (v1) and Service Account User

  • A custom role

    For more information about the permissions you might want to assign to a custom role, see Service Account Permissions for Google Cloud Platform

  • To back up instances from multiple projects, your GCP service account must have access rights to all of the projects (including the projects where VSA access nodes exist).

  • You must enable the Cloud Resource Manager API. If you do not enable the API, all backup jobs will fail (including backup jobs for clients that were created in a previous release).


  1. Create a GCP service account through the GCP Console.

  2. Assign the roles through the GCP Console.

  3. (Optional) If you plan to edit the configuration to use a P12 private key file for service account authentication, complete the following:

    1. Record the P12 private key file name and the P12 key password.

    2. Copy the P12 private key file to the <Commvault base folder>/certificates/external directory on each access node. If the <Commvault base folder>/certificates/external directory does not already exist, create the directory.

What To Do Next

Create a virtualization client to manage backup and restore operations for a Google Cloud Platform (GCP) project.