You are extending an existing automation that uses a service account for authentication. The automation needs to retrieve files from a Cloud Storage bucket while adhering to the principle of least privilege. What should you do?