diff --git a/sysdig/common.go b/sysdig/common.go
index ddb0b8b85..f4d2b4c04 100644
--- a/sysdig/common.go
+++ b/sysdig/common.go
@@ -54,8 +54,9 @@ const (
 	SchemaCloudLogsMetadata         = "cloud_logs_metadata"
 	SchemaEnabled                   = "enabled"
 	SchemaComponents                = "components"
+	SchemaComponent                 = "component"
 	SchemaId                        = "id"
-	SchemaCloudProviderId           = "cloud_provider_id"
-	SchemaCloudProviderType         = "cloud_provider_type"
+	SchemaCloudProviderId           = "provider_id"
+	SchemaCloudProviderType         = "provider_type"
 	SchemaFeature                   = "feature"
 )
diff --git a/sysdig/resource_sysdig_secure_cloud_auth_account.go b/sysdig/resource_sysdig_secure_cloud_auth_account.go
index 4b527e7b8..ececd63bd 100644
--- a/sysdig/resource_sysdig_secure_cloud_auth_account.go
+++ b/sysdig/resource_sysdig_secure_cloud_auth_account.go
@@ -148,7 +148,7 @@ func resourceSysdigSecureCloudauthAccount() *schema.Resource {
 				Optional: true,
 				Elem:     accountFeatures,
 			},
-			SchemaComponents: {
+			SchemaComponent: {
 				Type:     schema.TypeList,
 				Optional: true,
 				Elem:     accountComponents,
@@ -309,7 +309,7 @@ cloudauthAccountFromResourceData() function
 func constructAccountComponents(accountComponents []*cloudauth.AccountComponent, data *schema.ResourceData) []*cloudauth.AccountComponent {
 	provider := data.Get(SchemaCloudProviderType).(string)
 
-	for _, rc := range data.Get(SchemaComponents).([]interface{}) {
+	for _, rc := range data.Get(SchemaComponent).([]interface{}) {
 		resourceComponent := rc.(map[string]interface{})
 		component := &cloudauth.AccountComponent{}
 
@@ -343,19 +343,26 @@ func constructAccountComponents(accountComponents []*cloudauth.AccountComponent,
 					}
 				case SchemaServicePrincipalMetadata:
 					// TODO: Make it more generic than just for GCP
-					service_principal_private_key := getServicePrincipalKeyObject(value.(string))
-					component.Metadata = &cloudauth.AccountComponent_ServicePrincipalMetadata{
-						ServicePrincipalMetadata: &cloudauth.ServicePrincipalMetadata{
-							Provider: &cloudauth.ServicePrincipalMetadata_Gcp{
-								Gcp: &cloudauth.ServicePrincipalMetadata_GCP{
-									Key: &cloudauth.ServicePrincipalMetadata_GCP_Key{
-										ProjectId:    data.Get(SchemaCloudProviderId).(string),
-										PrivateKeyId: service_principal_private_key["private_key_id"],
-										PrivateKey:   service_principal_private_key["private_key"],
+					servicePrincipalMetadata := parseMetadataJson(value.(string))
+					if provider == cloudauth.Provider_PROVIDER_GCP.String() {
+						encodedServicePrincipalKey, ok := servicePrincipalMetadata["gcp"].(map[string]interface{})["key"].(string)
+						if !ok {
+							fmt.Printf("Component metadata for provider %s is invalid and not as expected", provider)
+						}
+						servicePrincipalKey := getGcpServicePrincipalKey(encodedServicePrincipalKey)
+						component.Metadata = &cloudauth.AccountComponent_ServicePrincipalMetadata{
+							ServicePrincipalMetadata: &cloudauth.ServicePrincipalMetadata{
+								Provider: &cloudauth.ServicePrincipalMetadata_Gcp{
+									Gcp: &cloudauth.ServicePrincipalMetadata_GCP{
+										Key: &cloudauth.ServicePrincipalMetadata_GCP_Key{
+											ProjectId:    data.Get(SchemaCloudProviderId).(string),
+											PrivateKeyId: servicePrincipalKey["private_key_id"],
+											PrivateKey:   servicePrincipalKey["private_key"],
+										},
 									},
 								},
 							},
-						},
+						}
 					}
 				case SchemaWebhookDatasourceMetadata:
 					component.Metadata = &cloudauth.AccountComponent_WebhookDatasourceMetadata{
@@ -379,6 +386,40 @@ func constructAccountComponents(accountComponents []*cloudauth.AccountComponent,
 	return accountComponents
 }
 
+/*
+This helper function parses the provided component metadata in opaque Json string format into a map
+*/
+func parseMetadataJson(value string) map[string]interface{} {
+	var metadataJSON map[string]interface{}
+	err := json.Unmarshal([]byte(value), &metadataJSON)
+	if err != nil {
+		fmt.Printf("Failed to parse component metadata: %v", err)
+		return nil
+	}
+
+	return metadataJSON
+}
+
+/*
+This helper function decodes the base64 encoded Service Principal Key returned by GCP
+and parses it from Json format into a map
+*/
+func getGcpServicePrincipalKey(key string) map[string]string {
+	bytes, err := b64.StdEncoding.DecodeString(key)
+	if err != nil {
+		fmt.Printf("Failed to decode service principal key: %v", err)
+		return nil
+	}
+	var privateKeyJSON map[string]string
+	err = json.Unmarshal(bytes, &privateKeyJSON)
+	if err != nil {
+		fmt.Printf("Failed to parse service principal key: %v", err)
+		return nil
+	}
+
+	return privateKeyJSON
+}
+
 func cloudauthAccountFromResourceData(data *schema.ResourceData) *v2.CloudauthAccountSecure {
 	accountComponents := constructAccountComponents([]*cloudauth.AccountComponent{}, data)
 
@@ -477,26 +518,10 @@ func cloudauthAccountToResourceData(data *schema.ResourceData, cloudAccount *v2.
 		})
 	}
 
-	err = data.Set(SchemaComponents, components)
+	err = data.Set(SchemaComponent, components)
 	if err != nil {
 		return err
 	}
 
 	return nil
 }
-
-func getServicePrincipalKeyObject(value string) map[string]string {
-	bytes, err := b64.StdEncoding.DecodeString(value)
-	if err != nil {
-		fmt.Printf("Failed to decode service principal key: %v", err)
-		return nil
-	}
-	var privateKeyJSON map[string]string
-	err = json.Unmarshal(bytes, &privateKeyJSON)
-	if err != nil {
-		fmt.Printf("Failed to parse service principal key: %v", err)
-		return nil
-	}
-
-	return privateKeyJSON
-}