NAME
    gcloud iam service-accounts sign-jwt - sign a JWT with a managed service
        account key

SYNOPSIS
    gcloud iam service-accounts sign-jwt INPUT-FILE OUTPUT-FILE
        --iam-account=IAM_ACCOUNT [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    This command signs a JWT using a system-managed service account key.

    If the service account does not exist, this command returns a
    PERMISSION_DENIED error.

EXAMPLES
    To create a sign JWT with a system-managed service account key, run:

        $ gcloud iam service-accounts sign-jwt \
            --iam-account=my-iam-account@my-project.iam.gserviceaccount.com \
        input.json output.jwt

POSITIONAL ARGUMENTS
     INPUT-FILE
        A path to the file containing the JSON JWT Claim set to be signed.

     OUTPUT-FILE
        A path the resulting signed JWT will be written to.

REQUIRED FLAGS
     --iam-account=IAM_ACCOUNT
        The service account to sign as.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

SEE ALSO
    For more information on how this command ties into the wider cloud
    infrastructure, please see
    https://cloud.google.com/appengine/docs/java/appidentity/.

NOTES
    These variants are also available:

        $ gcloud alpha iam service-accounts sign-jwt

        $ gcloud beta iam service-accounts sign-jwt

