diff --git a/Cargo.toml b/Cargo.toml
index df1bacc10..bbcf8777d 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -14,16 +14,21 @@ edition = "2018"
 name = "custom_flow"
 required-features = ["hyper-rustls"]
 
+[[example]]
+name = "custom_client"
+required-features = ["hyper-rustls", "service_account"]
+
 [[example]]
 name = "custom_storage"
 required-features = ["hyper-rustls"]
 
 [[test]]
 name = "tests"
-required-features = ["hyper-rustls"]
+required-features = ["hyper-rustls", "service_account"]
 
 [features]
-default = ["hyper-rustls"]
+default = ["hyper-rustls", "service_account"]
+service_account = ["rustls"]
 
 [dependencies]
 base64 = "0.13.0"
@@ -33,7 +38,7 @@ hyper = { version = "0.14", features = ["client", "server", "tcp", "http2"] }
 hyper-rustls = { version = "0.22.1", optional = true }
 hyper-tls = { version = "0.5.0", optional = true }
 log = "0.4"
-rustls = "0.19"
+rustls = { version = "0.19", optional = true }
 seahash = "4"
 serde = {version = "1.0", features = ["derive"]}
 serde_json = "1.0"
diff --git a/src/authenticator.rs b/src/authenticator.rs
index ddd7faef1..a47834d8a 100644
--- a/src/authenticator.rs
+++ b/src/authenticator.rs
@@ -7,6 +7,8 @@ use crate::device::DeviceFlow;
 use crate::error::Error;
 use crate::installed::{InstalledFlow, InstalledFlowReturnMethod};
 use crate::refresh::RefreshFlow;
+
+#[cfg(feature = "service_account")]
 use crate::service_account::{ServiceAccountFlow, ServiceAccountFlowOpts, ServiceAccountKey};
 use crate::storage::{self, Storage, TokenStorage};
 use crate::types::{AccessToken, ApplicationSecret, TokenInfo};
@@ -242,7 +244,10 @@ impl DeviceFlowAuthenticator {
 ///         .expect("failed to create authenticator");
 /// # }
 /// ```
+#[cfg(feature = "service_account")]
 pub struct ServiceAccountAuthenticator;
+
+#[cfg(feature = "service_account")]
 impl ServiceAccountAuthenticator {
     /// Use the builder pattern to create an Authenticator that uses a service account.
     #[cfg(any(feature = "hyper-rustls", feature = "hyper-tls"))]
@@ -549,6 +554,7 @@ impl<C> AuthenticatorBuilder<C, InstalledFlow> {
 ///     .expect("failed to create authenticator");
 /// # }
 /// ```
+#[cfg(feature = "service_account")]
 impl<C> AuthenticatorBuilder<C, ServiceAccountFlowOpts> {
     /// Use the provided subject.
     pub fn subject(self, subject: impl Into<String>) -> Self {
@@ -598,12 +604,14 @@ mod private {
     use crate::device::DeviceFlow;
     use crate::error::Error;
     use crate::installed::InstalledFlow;
+    #[cfg(feature = "service_account")]
     use crate::service_account::ServiceAccountFlow;
     use crate::types::{ApplicationSecret, TokenInfo};
 
     pub enum AuthFlow {
         DeviceFlow(DeviceFlow),
         InstalledFlow(InstalledFlow),
+        #[cfg(feature = "service_account")]
         ServiceAccountFlow(ServiceAccountFlow),
         ApplicationDefaultCredentialsFlow(ApplicationDefaultCredentialsFlow),
     }
@@ -613,6 +621,7 @@ mod private {
             match self {
                 AuthFlow::DeviceFlow(device_flow) => Some(&device_flow.app_secret),
                 AuthFlow::InstalledFlow(installed_flow) => Some(&installed_flow.app_secret),
+                #[cfg(feature = "service_account")]
                 AuthFlow::ServiceAccountFlow(_) => None,
                 AuthFlow::ApplicationDefaultCredentialsFlow(_) => None,
             }
@@ -632,6 +641,7 @@ mod private {
                 AuthFlow::InstalledFlow(installed_flow) => {
                     installed_flow.token(hyper_client, scopes).await
                 }
+                #[cfg(feature = "service_account")]
                 AuthFlow::ServiceAccountFlow(service_account_flow) => {
                     service_account_flow.token(hyper_client, scopes).await
                 }
diff --git a/src/helper.rs b/src/helper.rs
index f8d31806f..a5254fe22 100644
--- a/src/helper.rs
+++ b/src/helper.rs
@@ -4,6 +4,7 @@
 // Copyright (c) 2016 Google Inc (lewinb@google.com).
 //
 // Refer to the project root for licensing information.
+#[cfg(feature = "service_account")]
 use crate::service_account::ServiceAccountKey;
 use crate::types::{ApplicationSecret, ConsoleApplicationSecret};
 
@@ -39,6 +40,7 @@ pub fn parse_application_secret<S: AsRef<[u8]>>(secret: S) -> io::Result<Applica
 
 /// Read a service account key from a JSON file. You can download the JSON keys from the Google
 /// Cloud Console or the respective console of your service provider.
+#[cfg(feature = "service_account")]
 pub async fn read_service_account_key<P: AsRef<Path>>(path: P) -> io::Result<ServiceAccountKey> {
     let key = tokio::fs::read(path).await?;
     parse_service_account_key(key)
diff --git a/src/lib.rs b/src/lib.rs
index f4c298a4c..722f17aa7 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -80,6 +80,8 @@ pub mod error;
 mod helper;
 mod installed;
 mod refresh;
+
+#[cfg(feature = "service_account")]
 mod service_account;
 
 /// Interface for storing tokens so that they can be re-used. There are built-in memory and
@@ -91,13 +93,16 @@ mod types;
 #[doc(inline)]
 pub use crate::authenticator::{
     ApplicationDefaultCredentialsAuthenticator, DeviceFlowAuthenticator,
-    InstalledFlowAuthenticator, ServiceAccountAuthenticator,
+    InstalledFlowAuthenticator
 };
+#[cfg(feature = "service_account")]
+pub use crate::authenticator::ServiceAccountAuthenticator;
 
 pub use crate::helper::*;
 pub use crate::installed::InstalledFlowReturnMethod;
 
 pub use crate::application_default_credentials::ApplicationDefaultCredentialsFlowOpts;
+#[cfg(feature = "service_account")]
 pub use crate::service_account::ServiceAccountKey;
 
 #[doc(inline)]
diff --git a/src/service_account.rs b/src/service_account.rs
index 1c118637b..3d78e763d 100644
--- a/src/service_account.rs
+++ b/src/service_account.rs
@@ -1,3 +1,5 @@
+#![cfg(feature = "service_account")]
+
 //! This module provides a flow that obtains tokens for service accounts.
 //!
 //! Service accounts are usually used by software (i.e., non-human actors) to get access to