- Define a service account in terraform that has the necessary permissions to perform the ansible playbook - Define a known local path where that service account JSON credential file should live, relative to `gcp.yml`, and reference it in `gcp.yml` - Give that service account a known name, which should also be the SSH user name, and use that as the `ansible_user` in the playbook