I want files to uploaded automatically from cloud VM to cloud storage. Is there any way to do this without putting google access key ID to instances?

There's a neat way to handle authenticating from within GCE. GCE instances can have an associated service account that represents the programs running on that GCE instance. That service account can be granted permission to write to your GCS buckets like any other account.

Credentials to act as this service account are easily available on the deployed GCE instances. The easiest way is to use a Google tool or library that supports Application Default Credentials. If your auth code is entirely custom, you can retrieve an access token for that service account directly from the URL "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token" (if you do this, you must also include the header "Metadata-Flavor: Google").

The GCS command-line utility, gsutil, is pre-installed on GCE instances, and it can use application default credentials. If you invoke it from a script or from a shell, it will upload files to cloud storage with no further configuration.

There's one important trick to making service accounts to work with GCS. GCE requires you to specify which scopes the service accounts have, and by default GCS is not included in those scopes, which means that the service account will not initially work with GCS. You'll need to add GCS to the allowed scopes and the restart the instance.

The documentation on configuring service accounts for GCE instances is here: https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances

The documentation for how to use application default credentials is here: https://developers.google.com/identity/protocols/application-default-credentials