A third-party application needs to have a service account key to work properly. When you try to export the key from your cloud project, you receive an error: “The organization policy constraint iam.disableServiceAccounKeyCreation is enforced.” You need to make the third-party application work while following Google-recommended security practices.
What should you do?

A. Enable the default service account key, and download the key. B. Remove the iam.disableServiceAccountKeyCreation policy at the organization level, and create a key. C. Disable the service account key creation policy at the project's folder, and download the default key. D. Add a rule to set the iam.disableServiceAccountKeyCreation policy to off in your project, and create a key.