diff --git a/src/gcloud/buckets.yaml b/src/gcloud/buckets.yaml
index c69fa540..ce4c3186 100644
--- a/src/gcloud/buckets.yaml
+++ b/src/gcloud/buckets.yaml
@@ -1,5 +1,24 @@
 ---
 resources:
+  #- name: dynamicbible.com
+  #  type: storage.v1.bucket
+  #  properties:
+  #    bucket: dynamicbible.com
+  #    project: "dynamicbible-7c6cf"
+  #    location: "us-east1"
+  #    website:
+  #      notFoundPage: 404.html
+  #      mainPageSuffix: index.html
+  #    acl:
+  #      - entity: "project-owners-dynamicbible-7c6cf"
+  #        role: OWNER
+  #      - entity: "project-editors-dynamicbible-7c6cf"
+  #        role: WRITER
+  #      - entity: "project-viewers-dynamicbible-7c6cf"
+  #        role: READER
+  #    defaultObjectAcl:
+  #      - entity: allUsers
+  #        role: READER
   - name: staging.dynamicbible.com
     type: storage.v1.bucket
     properties:
@@ -19,30 +38,27 @@ resources:
       defaultObjectAcl:
         - entity: allUsers
           role: READER
-  # - name: dynamicbible.com
-  #   type: storage.v1.bucket
-  #   properties:
-  #     bucket: dynamicbible.com
-  #     project: "dynamicbible-7c6cf"
-  #     location: "us-east1"
-  #     website:
-  #       notFoundPage: 404.html
-  #       mainPageSuffix: index.html
-  #     acl:
-  #       - entity: "project-owners-dynamicbible-7c6cf"
-  #         role: OWNER
-  #       - entity: "project-editors-dynamicbible-7c6cf"
-  #         role: WRITER
-  #       - entity: "project-viewers-dynamicbible-7c6cf"
-  #         role: READER
-  #     defaultObjectAcl:
-  #       - entity: allUsers
-  #         role: READER
+  - name: gitlab-service-account
+    type: iam.v1.serviceAccount
+    properties:
+      displayName: gitlab-service-account
+      accountId: gitlab-service-account
+  - name: gitlab-service-account-key
+    type: iam.v1.serviceAccounts.key
+    properties:
+      parent: $(ref.gitlab-service-account.name)
+      name: gitlab-service-account-key
 outputs:
   #- name: dynamicbible.comselfLink
   #  value: "https://console.cloud.google.com/storage/browser/dynamicbible.com"
   #- name: dynamicbible.comgsLink
   #  value: "gs://dynamicbible.com"
+  - name: gitlab-service-account-id
+    value: $(ref.gitlab-service-account.uniqueId)
+  - name: gitlab-service-account-email
+    value: $(ref.gitlab-service-account.email)
+  - name: gitlab-service-account-privateKey
+    value: $(ref.gitlab-service-account-key.privateKeyData)
   - name: staging.dynamicbible.comselfLink
     value: "https://console.cloud.google.com/storage/browser/staging.dynamicbible.com"
   - name: staging.dynamicbible.comgsLink