Some organizations disable creating keys from service accounts.

This makes it impossible to run fuzzbench in its default configuration, as it fails to create the service account secret keys while running inside the VM.

Would it be possible to create those keys beforehand (from host machine), so that the service account only needs to access them?

It looks like the problem is not related to creating the keys from the service account, but creating the keys for the service account.

It is listed as a recommendation in the service accounts keys best practices doc, and some organizations have a policy that disables that.