Question posted in 
When trying to generate and download a new service account key I get a message that I have reached my limit. I don’t have any keys created so it seems the limit is 0.
I am using a Google Workspace account. I believe that this setting is being limited by the organization that the gmail account is associated with. There is only one email for the organization which I am using and it is the adminstrator. I have the ability to change any Google Cloud setting but I have no idea where to go and do this.
The main reason why I mention Workspace is that it’s only happening on this new account with a new Workspace domain and a fresh Firebase install. I spun up a quick Firebase project with a gmail account and did not have an issue with keys at all.
I need a key so that I can create a node.js program that sets custom claims on authenticated users.
Doug Stevenson: Even though the message says you have reached the limit it doesn’t make sense because I don’t have any keys created.
Also, here is what happens when the steps you provided are followed.
Click the Add key drop-down menu, then select Create new key.
Select JSON as the Key type and click Create.
I found a place to edit organizational constraints however it appears here that the disableServiceAccountCreation is not enforced.
https://console.cloud.google.com/iam-admin/orgpolicies
2
Answers
You should review the documentation. The instructions for doing this in the google cloud console are are spelled out clearly:
It will be entirely up to you to figure out which key to delete, as this might have effects on the way you might already be using this service account.
You are not looking at the correct org policy
You were looking at SA creation not key creation