Why This Happens
If you’re getting this error when creating a service account key, it’s likely because your organization has a policy that blocks key creation. In the past, an admin had to enforce this for it to take effect, but Google Cloud has now made it the default behavior.
What You Need to Do
To re-enable service account key creation:
Go to IAM & Admin in your GCP console →
Select Organization Policies →
Click View Constraints →
Find the policy “Disable service account key creation” →
Open the Actions menu (three dots) →
Click Edit Policy →
Change the policy status to Not Enforced
⚠️Important: The policy needs to be disabled on the Organization Level, not the Project Level
Once updated, you’ll be able to create service account keys again.