yandex.IamServiceAccountKey
Explore with Pulumi AI
Allows management of Yandex.Cloud IAM service account authorized keys. Generated pair of keys is used to create a JSON Web Token which is necessary for requesting an IAM Token for a service account.
Example Usage
This snippet creates an authorized keys pair.
using Pulumi;
using Yandex = Pulumi.Yandex;
class MyStack : Stack
{
public MyStack()
{
var sa_auth_key = new Yandex.IamServiceAccountKey("sa-auth-key", new Yandex.IamServiceAccountKeyArgs
{
Description = "key for service account",
KeyAlgorithm = "RSA_4096",
PgpKey = "keybase:keybaseusername",
ServiceAccountId = "some_sa_id",
});
}
}
package main
import (
"github.com/pulumi/pulumi-yandex/sdk/go/yandex"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := yandex.NewIamServiceAccountKey(ctx, "sa-auth-key", &yandex.IamServiceAccountKeyArgs{
Description: pulumi.String("key for service account"),
KeyAlgorithm: pulumi.String("RSA_4096"),
PgpKey: pulumi.String("keybase:keybaseusername"),
ServiceAccountId: pulumi.String("some_sa_id"),
})
if err != nil {
return err
}
return nil
})
}
Coming soon!
import pulumi
import pulumi_yandex as yandex
sa_auth_key = yandex.IamServiceAccountKey("sa-auth-key",
description="key for service account",
key_algorithm="RSA_4096",
pgp_key="keybase:keybaseusername",
service_account_id="some_sa_id")
import * as pulumi from "@pulumi/pulumi";
import * as yandex from "@pulumi/yandex";
const sa_auth_key = new yandex.IamServiceAccountKey("sa-auth-key", {
description: "key for service account",
keyAlgorithm: "RSA_4096",
pgpKey: "keybase:keybaseusername",
serviceAccountId: "some_sa_id",
});
Coming soon!
Create IamServiceAccountKey Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new IamServiceAccountKey(name: string, args: IamServiceAccountKeyArgs, opts?: CustomResourceOptions);
@overload
def IamServiceAccountKey(resource_name: str,
args: IamServiceAccountKeyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def IamServiceAccountKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
service_account_id: Optional[str] = None,
description: Optional[str] = None,
format: Optional[str] = None,
key_algorithm: Optional[str] = None,
pgp_key: Optional[str] = None)
func NewIamServiceAccountKey(ctx *Context, name string, args IamServiceAccountKeyArgs, opts ...ResourceOption) (*IamServiceAccountKey, error)
public IamServiceAccountKey(string name, IamServiceAccountKeyArgs args, CustomResourceOptions? opts = null)
public IamServiceAccountKey(String name, IamServiceAccountKeyArgs args)
public IamServiceAccountKey(String name, IamServiceAccountKeyArgs args, CustomResourceOptions options)
type: yandex:IamServiceAccountKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args IamServiceAccountKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args IamServiceAccountKeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args IamServiceAccountKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IamServiceAccountKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args IamServiceAccountKeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var iamServiceAccountKeyResource = new Yandex.IamServiceAccountKey("iamServiceAccountKeyResource", new()
{
ServiceAccountId = "string",
Description = "string",
Format = "string",
KeyAlgorithm = "string",
PgpKey = "string",
});
example, err := yandex.NewIamServiceAccountKey(ctx, "iamServiceAccountKeyResource", &yandex.IamServiceAccountKeyArgs{
ServiceAccountId: pulumi.String("string"),
Description: pulumi.String("string"),
Format: pulumi.String("string"),
KeyAlgorithm: pulumi.String("string"),
PgpKey: pulumi.String("string"),
})
var iamServiceAccountKeyResource = new IamServiceAccountKey("iamServiceAccountKeyResource", IamServiceAccountKeyArgs.builder()
.serviceAccountId("string")
.description("string")
.format("string")
.keyAlgorithm("string")
.pgpKey("string")
.build());
iam_service_account_key_resource = yandex.IamServiceAccountKey("iamServiceAccountKeyResource",
service_account_id="string",
description="string",
format="string",
key_algorithm="string",
pgp_key="string")
const iamServiceAccountKeyResource = new yandex.IamServiceAccountKey("iamServiceAccountKeyResource", {
serviceAccountId: "string",
description: "string",
format: "string",
keyAlgorithm: "string",
pgpKey: "string",
});
type: yandex:IamServiceAccountKey
properties:
description: string
format: string
keyAlgorithm: string
pgpKey: string
serviceAccountId: string
IamServiceAccountKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The IamServiceAccountKey resource accepts the following input properties:
- Service
Account stringId - ID of the service account to create a pair for.
- Description string
- The description of the key pair.
- Format string
- The output format of the keys.
PEM_FILE
is the default format. - Key
Algorithm string - The algorithm used to generate the key.
RSA_2048
is the default algorithm. Valid values are listed in the API reference. - Pgp
Key string - An optional PGP key to encrypt the resulting private key material. May either be a base64-encoded public key or a keybase username in the form
keybase:keybaseusername
.
- Service
Account stringId - ID of the service account to create a pair for.
- Description string
- The description of the key pair.
- Format string
- The output format of the keys.
PEM_FILE
is the default format. - Key
Algorithm string - The algorithm used to generate the key.
RSA_2048
is the default algorithm. Valid values are listed in the API reference. - Pgp
Key string - An optional PGP key to encrypt the resulting private key material. May either be a base64-encoded public key or a keybase username in the form
keybase:keybaseusername
.
- service
Account StringId - ID of the service account to create a pair for.
- description String
- The description of the key pair.
- format String
- The output format of the keys.
PEM_FILE
is the default format. - key
Algorithm String - The algorithm used to generate the key.
RSA_2048
is the default algorithm. Valid values are listed in the API reference. - pgp
Key String - An optional PGP key to encrypt the resulting private key material. May either be a base64-encoded public key or a keybase username in the form
keybase:keybaseusername
.
- service
Account stringId - ID of the service account to create a pair for.
- description string
- The description of the key pair.
- format string
- The output format of the keys.
PEM_FILE
is the default format. - key
Algorithm string - The algorithm used to generate the key.
RSA_2048
is the default algorithm. Valid values are listed in the API reference. - pgp
Key string - An optional PGP key to encrypt the resulting private key material. May either be a base64-encoded public key or a keybase username in the form
keybase:keybaseusername
.
- service_
account_ strid - ID of the service account to create a pair for.
- description str
- The description of the key pair.
- format str
- The output format of the keys.
PEM_FILE
is the default format. - key_
algorithm str - The algorithm used to generate the key.
RSA_2048
is the default algorithm. Valid values are listed in the API reference. - pgp_
key str - An optional PGP key to encrypt the resulting private key material. May either be a base64-encoded public key or a keybase username in the form
keybase:keybaseusername
.
- service
Account StringId - ID of the service account to create a pair for.
- description String
- The description of the key pair.
- format String
- The output format of the keys.
PEM_FILE
is the default format. - key
Algorithm String - The algorithm used to generate the key.
RSA_2048
is the default algorithm. Valid values are listed in the API reference. - pgp
Key String - An optional PGP key to encrypt the resulting private key material. May either be a base64-encoded public key or a keybase username in the form
keybase:keybaseusername
.
Outputs
All input properties are implicitly available as output properties. Additionally, the IamServiceAccountKey resource produces the following output properties:
- Created
At string - Creation timestamp of the static access key.
- Encrypted
Private stringKey - The encrypted private key, base64 encoded. This is only populated when
pgp_key
is supplied. - Id string
- The provider-assigned unique ID for this managed resource.
- Key
Fingerprint string - The fingerprint of the PGP key used to encrypt the private key. This is only populated when
pgp_key
is supplied. - Private
Key string - The private key. This is only populated when no
pgp_key
is provided. - Public
Key string - The public key.
- Created
At string - Creation timestamp of the static access key.
- Encrypted
Private stringKey - The encrypted private key, base64 encoded. This is only populated when
pgp_key
is supplied. - Id string
- The provider-assigned unique ID for this managed resource.
- Key
Fingerprint string - The fingerprint of the PGP key used to encrypt the private key. This is only populated when
pgp_key
is supplied. - Private
Key string - The private key. This is only populated when no
pgp_key
is provided. - Public
Key string - The public key.
- created
At String - Creation timestamp of the static access key.
- encrypted
Private StringKey - The encrypted private key, base64 encoded. This is only populated when
pgp_key
is supplied. - id String
- The provider-assigned unique ID for this managed resource.
- key
Fingerprint String - The fingerprint of the PGP key used to encrypt the private key. This is only populated when
pgp_key
is supplied. - private
Key String - The private key. This is only populated when no
pgp_key
is provided. - public
Key String - The public key.
- created
At string - Creation timestamp of the static access key.
- encrypted
Private stringKey - The encrypted private key, base64 encoded. This is only populated when
pgp_key
is supplied. - id string
- The provider-assigned unique ID for this managed resource.
- key
Fingerprint string - The fingerprint of the PGP key used to encrypt the private key. This is only populated when
pgp_key
is supplied. - private
Key string - The private key. This is only populated when no
pgp_key
is provided. - public
Key string - The public key.
- created_
at str - Creation timestamp of the static access key.
- encrypted_
private_ strkey - The encrypted private key, base64 encoded. This is only populated when
pgp_key
is supplied. - id str
- The provider-assigned unique ID for this managed resource.
- key_
fingerprint str - The fingerprint of the PGP key used to encrypt the private key. This is only populated when
pgp_key
is supplied. - private_
key str - The private key. This is only populated when no
pgp_key
is provided. - public_
key str - The public key.
- created
At String - Creation timestamp of the static access key.
- encrypted
Private StringKey - The encrypted private key, base64 encoded. This is only populated when
pgp_key
is supplied. - id String
- The provider-assigned unique ID for this managed resource.
- key
Fingerprint String - The fingerprint of the PGP key used to encrypt the private key. This is only populated when
pgp_key
is supplied. - private
Key String - The private key. This is only populated when no
pgp_key
is provided. - public
Key String - The public key.
Look up Existing IamServiceAccountKey Resource
Get an existing IamServiceAccountKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: IamServiceAccountKeyState, opts?: CustomResourceOptions): IamServiceAccountKey
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
created_at: Optional[str] = None,
description: Optional[str] = None,
encrypted_private_key: Optional[str] = None,
format: Optional[str] = None,
key_algorithm: Optional[str] = None,
key_fingerprint: Optional[str] = None,
pgp_key: Optional[str] = None,
private_key: Optional[str] = None,
public_key: Optional[str] = None,
service_account_id: Optional[str] = None) -> IamServiceAccountKey
func GetIamServiceAccountKey(ctx *Context, name string, id IDInput, state *IamServiceAccountKeyState, opts ...ResourceOption) (*IamServiceAccountKey, error)
public static IamServiceAccountKey Get(string name, Input<string> id, IamServiceAccountKeyState? state, CustomResourceOptions? opts = null)
public static IamServiceAccountKey get(String name, Output<String> id, IamServiceAccountKeyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Created
At string - Creation timestamp of the static access key.
- Description string
- The description of the key pair.
- Encrypted
Private stringKey - The encrypted private key, base64 encoded. This is only populated when
pgp_key
is supplied. - Format string
- The output format of the keys.
PEM_FILE
is the default format. - Key
Algorithm string - The algorithm used to generate the key.
RSA_2048
is the default algorithm. Valid values are listed in the API reference. - Key
Fingerprint string - The fingerprint of the PGP key used to encrypt the private key. This is only populated when
pgp_key
is supplied. - Pgp
Key string - An optional PGP key to encrypt the resulting private key material. May either be a base64-encoded public key or a keybase username in the form
keybase:keybaseusername
. - Private
Key string - The private key. This is only populated when no
pgp_key
is provided. - Public
Key string - The public key.
- Service
Account stringId - ID of the service account to create a pair for.
- Created
At string - Creation timestamp of the static access key.
- Description string
- The description of the key pair.
- Encrypted
Private stringKey - The encrypted private key, base64 encoded. This is only populated when
pgp_key
is supplied. - Format string
- The output format of the keys.
PEM_FILE
is the default format. - Key
Algorithm string - The algorithm used to generate the key.
RSA_2048
is the default algorithm. Valid values are listed in the API reference. - Key
Fingerprint string - The fingerprint of the PGP key used to encrypt the private key. This is only populated when
pgp_key
is supplied. - Pgp
Key string - An optional PGP key to encrypt the resulting private key material. May either be a base64-encoded public key or a keybase username in the form
keybase:keybaseusername
. - Private
Key string - The private key. This is only populated when no
pgp_key
is provided. - Public
Key string - The public key.
- Service
Account stringId - ID of the service account to create a pair for.
- created
At String - Creation timestamp of the static access key.
- description String
- The description of the key pair.
- encrypted
Private StringKey - The encrypted private key, base64 encoded. This is only populated when
pgp_key
is supplied. - format String
- The output format of the keys.
PEM_FILE
is the default format. - key
Algorithm String - The algorithm used to generate the key.
RSA_2048
is the default algorithm. Valid values are listed in the API reference. - key
Fingerprint String - The fingerprint of the PGP key used to encrypt the private key. This is only populated when
pgp_key
is supplied. - pgp
Key String - An optional PGP key to encrypt the resulting private key material. May either be a base64-encoded public key or a keybase username in the form
keybase:keybaseusername
. - private
Key String - The private key. This is only populated when no
pgp_key
is provided. - public
Key String - The public key.
- service
Account StringId - ID of the service account to create a pair for.
- created
At string - Creation timestamp of the static access key.
- description string
- The description of the key pair.
- encrypted
Private stringKey - The encrypted private key, base64 encoded. This is only populated when
pgp_key
is supplied. - format string
- The output format of the keys.
PEM_FILE
is the default format. - key
Algorithm string - The algorithm used to generate the key.
RSA_2048
is the default algorithm. Valid values are listed in the API reference. - key
Fingerprint string - The fingerprint of the PGP key used to encrypt the private key. This is only populated when
pgp_key
is supplied. - pgp
Key string - An optional PGP key to encrypt the resulting private key material. May either be a base64-encoded public key or a keybase username in the form
keybase:keybaseusername
. - private
Key string - The private key. This is only populated when no
pgp_key
is provided. - public
Key string - The public key.
- service
Account stringId - ID of the service account to create a pair for.
- created_
at str - Creation timestamp of the static access key.
- description str
- The description of the key pair.
- encrypted_
private_ strkey - The encrypted private key, base64 encoded. This is only populated when
pgp_key
is supplied. - format str
- The output format of the keys.
PEM_FILE
is the default format. - key_
algorithm str - The algorithm used to generate the key.
RSA_2048
is the default algorithm. Valid values are listed in the API reference. - key_
fingerprint str - The fingerprint of the PGP key used to encrypt the private key. This is only populated when
pgp_key
is supplied. - pgp_
key str - An optional PGP key to encrypt the resulting private key material. May either be a base64-encoded public key or a keybase username in the form
keybase:keybaseusername
. - private_
key str - The private key. This is only populated when no
pgp_key
is provided. - public_
key str - The public key.
- service_
account_ strid - ID of the service account to create a pair for.
- created
At String - Creation timestamp of the static access key.
- description String
- The description of the key pair.
- encrypted
Private StringKey - The encrypted private key, base64 encoded. This is only populated when
pgp_key
is supplied. - format String
- The output format of the keys.
PEM_FILE
is the default format. - key
Algorithm String - The algorithm used to generate the key.
RSA_2048
is the default algorithm. Valid values are listed in the API reference. - key
Fingerprint String - The fingerprint of the PGP key used to encrypt the private key. This is only populated when
pgp_key
is supplied. - pgp
Key String - An optional PGP key to encrypt the resulting private key material. May either be a base64-encoded public key or a keybase username in the form
keybase:keybaseusername
. - private
Key String - The private key. This is only populated when no
pgp_key
is provided. - public
Key String - The public key.
- service
Account StringId - ID of the service account to create a pair for.
Package Details
- Repository
- Yandex pulumi/pulumi-yandex
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
yandex
Terraform Provider.