diff --color -uNr a/agents/gce/fence_gce.py b/agents/gce/fence_gce.py
--- a/agents/gce/fence_gce.py	2021-06-11 14:28:37.751959830 +0200
+++ b/agents/gce/fence_gce.py	2021-06-11 14:54:03.638926494 +0200
@@ -15,9 +15,15 @@
   import urllib2 as urlrequest
 sys.path.append("@FENCEAGENTSLIBDIR@")
 
-import googleapiclient.discovery
 from fencing import fail_usage, run_delay, all_opt, atexit_handler, check_input, process_input, show_docs, fence_action
-
+try:
+  import googleapiclient.discovery
+  try:
+    from google.oauth2.credentials import Credentials as GoogleCredentials
+  except:
+    from oauth2client.client import GoogleCredentials
+except:
+  pass
 
 METADATA_SERVER = 'http://metadata.google.internal/computeMetadata/v1/'
 METADATA_HEADERS = {'Metadata-Flavor': 'Google'}
@@ -175,12 +181,21 @@
 		"required" : "0",
 		"order" : 4
 	}
+	all_opt["serviceaccount"] = {
+		"getopt" : ":",
+		"longopt" : "serviceaccount",
+		"help" : "--serviceaccount=[filename]    Service account json file location e.g. serviceaccount=/somedir/service_account.json",
+		"shortdesc" : "Service Account to use for authentication to the google cloud APIs.",
+		"required" : "0",
+		"order" : 9
+	}
 
 
 def main():
 	conn = None
 
-	device_opt = ["port", "no_password", "zone", "project", "stackdriver-logging", "method"]
+	device_opt = ["port", "no_password", "zone", "project", "stackdriver-logging",
+		"method", "serviceaccount"]
 
 	atexit.register(atexit_handler)
 
@@ -226,10 +241,24 @@
 
 	# Prepare cli
 	try:
-		credentials = None
-		if tuple(googleapiclient.__version__) < tuple("1.6.0"):
-			import oauth2client.client
-			credentials = oauth2client.client.GoogleCredentials.get_application_default()
+		serviceaccount = options.get("--serviceaccount")
+		if serviceaccount:
+			scope = ['https://www.googleapis.com/auth/cloud-platform']
+			logging.debug("using credentials from service account")
+			try:
+				from google.oauth2.service_account import Credentials as ServiceAccountCredentials
+				credentials = ServiceAccountCredentials.from_service_account_file(filename=serviceaccount, scopes=scope)
+			except ImportError:
+				from oauth2client.service_account import ServiceAccountCredentials
+				credentials = ServiceAccountCredentials.from_json_keyfile_name(serviceaccount, scope)
+		else:
+			try:
+				from googleapiclient import _auth
+				credentials = _auth.default_credentials();
+			except:
+				credentials = GoogleCredentials.get_application_default()
+			logging.debug("using application default credentials")
+
 		conn = googleapiclient.discovery.build('compute', 'v1', credentials=credentials)
 	except Exception as err:
 		fail_usage("Failed: Create GCE compute v1 connection: {}".format(str(err)))