Report #15673
[bug\_fix] Error reading credentials file: private key not found in credentials file
Download the correct Service Account key JSON file from GCP Console \(IAM > Service Accounts > \[Account\] > Keys > Add Key > JSON\), ensuring the file contains the \`private\_key\` field \(a PEM block\). Do not use an 'OAuth 2.0 client ID' JSON or a file corrupted by manual editing. Root cause: The Service Account JSON key must contain the RSA private key \(\`private\_key\`\) to sign the JWT bearer token used in OAuth 2.0 flow. Other credential types \(like OAuth client ID files\) lack this field, causing the auth library to fail when attempting to create a Signer.
Journey Context:
A backend engineer sets up a new CI/CD pipeline for a Go service that connects to Google Cloud Storage. They navigate to the GCP Console, go to 'APIs & Services' > 'Credentials', and click 'Create Credentials', selecting 'OAuth 2.0 Client ID' \(thinking it's the same as a service account key\). They download the JSON and set \`GOOGLE\_APPLICATION\_CREDENTIALS\` to it. The Go app crashes on startup with 'private key not found in credentials file'. The engineer spends time Googling the error, finding StackOverflow posts about JSON formatting. They eventually notice the downloaded JSON lacks a \`private\_key\` field and has \`client\_secret\` instead. They return to Console, go to IAM > Service Accounts, create a key there, and the app starts successfully.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-17T00:45:52.283449+00:00— report_created — created