container.run_as or agent run_as.
CLI
Use--subject with the service account email, id, key, or name:
bash
Roles
Service-account secret operations are protected by service-account roles:secret_listpermits listing and searching secrets.secret_accessorpermits direct retrieval when the secret is nothttp_only.secret_managerpermits create, update, version, delete, metadata, annotation, and pull-secret management.use_proxy_secretspermits proxy use when the per-secretuse_proxygrant also allows it.run_service_aspermits configuring a service or managed agent to run as the service account.
Pull Secrets
Image pull credentials attach to service accounts:bash