Does this tool connect to my GCP account?

No. This tool runs entirely in your browser and generates configuration JSON that you can copy and paste into your infrastructure-as-code templates, CLI commands, or cloud console. It never connects to any cloud account or sends data externally.

Are the generated configurations production-ready?

The tool produces syntactically valid configurations based on current GCP service specifications. Always review generated configs against your organization security policies and test in a non-production environment before deploying.

GCP OS Login Config Builder

IAM & SecurityGCP

Build OS Login profile configurations with POSIX accounts, SSH public keys, and two-factor authentication.

Last verified: May 2026

OS Login Configuration

Build OS Login profile configurations with POSIX accounts, SSH public keys, and two-factor authentication settings.

Required Fields

nameposixAccountssshPublicKeys

Generated Output

Output will appear here...

About This Tool

Build OS Login profile configurations with POSIX accounts, SSH public keys, and two-factor authentication. This tool helps GCP engineers generate valid configurations quickly without consulting documentation, reducing errors and accelerating infrastructure deployment. All processing runs in your browser with no data sent to external servers.

Real-World Scenario

Your team has 100 VMs with manually-distributed SSH keys for developer access. When a developer leaves, removing their access from all 100 VMs is error-prone — you almost always miss one. The builder generates an OS Login config: project-level enablement, IAM bindings granting compute.osLogin to the engineering Google group, 2FA required for production. When a developer leaves, removing them from the Google group instantly revokes access on all 100 VMs. Onboarding is equally easy — adding to the group grants access fleet-wide.

When to Use This Tool

•Generating gcp os login configurations for new infrastructure deployments.
•Validating existing configurations against best practices before applying changes.
•Learning GCP service configuration patterns through interactive examples.
•Accelerating infrastructure-as-code development by producing correct JSON/YAML starting points.

Pro Tips

TIP

OS Login replaces traditional SSH key management with IAM-based access — no per-VM SSH key distribution, automatic deprovisioning when users leave. Always default to OS Login for new VMs; it's dramatically more manageable at scale than per-VM ssh-keys metadata.

TIP

Two-factor for OS Login adds MFA via Google Authenticator or hardware security keys. For production VM access, this should be mandatory. Combined with IAM-based access control, it's substantially more secure than the traditional 'shared SSH key in a vault' pattern.

TIP

Set the `enable-oslogin=TRUE` metadata at the project level, not per-VM. Project-level inheritance means all new VMs auto-enable OS Login without per-instance configuration. Existing VMs can be opted in by adding the metadata key.

How It Works Under the Hood

The builder constructs OS Login configuration: project metadata for enable-oslogin (TRUE) and enable-oslogin-2fa (TRUE), required IAM roles for users (roles/compute.osLogin for non-root access, roles/compute.osAdminLogin for sudo access), POSIX accounts (auto-generated from Google identities), and SSH key registration (per-user, managed via gcloud compute os-login). Output is generated as gcloud compute project-info and gcloud compute os-login commands plus Terraform google_compute_project_metadata resources.

Frequently Asked Questions

Does this tool connect to my GCP account?: No. This tool runs entirely in your browser and generates configuration JSON that you can copy and paste into your infrastructure-as-code templates, CLI commands, or cloud console. It never connects to any cloud account or sends data externally.
Are the generated configurations production-ready?: The tool produces syntactically valid configurations based on current GCP service specifications. Always review generated configs against your organization security policies and test in a non-production environment before deploying.

Related Learning Guides

GCP Org Policy Reference8 min read
GCP IAM Role Finder5 min read

Was this tool helpful?

Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.