Docs
PackagesGoogle Cloud Classic v7.29.0 published on Wednesday, Jun 26, 2024 by Pulumi
gcp.serviceaccount.Key
Explore with Pulumi AI
Example Usage
Creating A New Key
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const myaccount = new gcp.serviceaccount.Account("myaccount", {
accountId: "myaccount",
displayName: "My Service Account",
});
const mykey = new gcp.serviceaccount.Key("mykey", {
serviceAccountId: myaccount.name,
publicKeyType: "TYPE_X509_PEM_FILE",
});
import pulumi
import pulumi_gcp as gcp
myaccount = gcp.serviceaccount.Account("myaccount",
account_id="myaccount",
display_name="My Service Account")
mykey = gcp.serviceaccount.Key("mykey",
service_account_id=myaccount.name,
public_key_type="TYPE_X509_PEM_FILE")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
myaccount, err := serviceaccount.NewAccount(ctx, "myaccount", &serviceaccount.AccountArgs{
AccountId: pulumi.String("myaccount"),
DisplayName: pulumi.String("My Service Account"),
})
if err != nil {
return err
}
_, err = serviceaccount.NewKey(ctx, "mykey", &serviceaccount.KeyArgs{
ServiceAccountId: myaccount.Name,
PublicKeyType: pulumi.String("TYPE_X509_PEM_FILE"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var myaccount = new Gcp.ServiceAccount.Account("myaccount", new()
{
AccountId = "myaccount",
DisplayName = "My Service Account",
});
var mykey = new Gcp.ServiceAccount.Key("mykey", new()
{
ServiceAccountId = myaccount.Name,
PublicKeyType = "TYPE_X509_PEM_FILE",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceaccount.Account;
import com.pulumi.gcp.serviceaccount.AccountArgs;
import com.pulumi.gcp.serviceaccount.Key;
import com.pulumi.gcp.serviceaccount.KeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myaccount = new Account("myaccount", AccountArgs.builder()
.accountId("myaccount")
.displayName("My Service Account")
.build());
var mykey = new Key("mykey", KeyArgs.builder()
.serviceAccountId(myaccount.name())
.publicKeyType("TYPE_X509_PEM_FILE")
.build());
}
}
resources:
myaccount:
type: gcp:serviceaccount:Account
properties:
accountId: myaccount
displayName: My Service Account
mykey:
type: gcp:serviceaccount:Key
properties:
serviceAccountId: ${myaccount.name}
publicKeyType: TYPE_X509_PEM_FILE
Creating And Regularly Rotating A Key
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as time from "@pulumiverse/time";
const myaccount = new gcp.serviceaccount.Account("myaccount", {
accountId: "myaccount",
displayName: "My Service Account",
});
// note this requires the terraform to be run regularly
const mykeyRotation = new time.Rotating("mykey_rotation", {rotationDays: 30});
const mykey = new gcp.serviceaccount.Key("mykey", {
serviceAccountId: myaccount.name,
keepers: {
rotation_time: mykeyRotation.rotationRfc3339,
},
});
import pulumi
import pulumi_gcp as gcp
import pulumiverse_time as time
myaccount = gcp.serviceaccount.Account("myaccount",
account_id="myaccount",
display_name="My Service Account")
# note this requires the terraform to be run regularly
mykey_rotation = time.Rotating("mykey_rotation", rotation_days=30)
mykey = gcp.serviceaccount.Key("mykey",
service_account_id=myaccount.name,
keepers={
"rotation_time": mykey_rotation.rotation_rfc3339,
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
"github.com/pulumi/pulumi-time/sdk/go/time"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
myaccount, err := serviceaccount.NewAccount(ctx, "myaccount", &serviceaccount.AccountArgs{
AccountId: pulumi.String("myaccount"),
DisplayName: pulumi.String("My Service Account"),
})
if err != nil {
return err
}
// note this requires the terraform to be run regularly
mykeyRotation, err := time.NewRotating(ctx, "mykey_rotation", &time.RotatingArgs{
RotationDays: pulumi.Int(30),
})
if err != nil {
return err
}
_, err = serviceaccount.NewKey(ctx, "mykey", &serviceaccount.KeyArgs{
ServiceAccountId: myaccount.Name,
Keepers: pulumi.Map{
"rotation_time": mykeyRotation.RotationRfc3339,
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Time = Pulumiverse.Time;
return await Deployment.RunAsync(() =>
{
var myaccount = new Gcp.ServiceAccount.Account("myaccount", new()
{
AccountId = "myaccount",
DisplayName = "My Service Account",
});
// note this requires the terraform to be run regularly
var mykeyRotation = new Time.Rotating("mykey_rotation", new()
{
RotationDays = 30,
});
var mykey = new Gcp.ServiceAccount.Key("mykey", new()
{
ServiceAccountId = myaccount.Name,
Keepers =
{
{ "rotation_time", mykeyRotation.RotationRfc3339 },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceaccount.Account;
import com.pulumi.gcp.serviceaccount.AccountArgs;
import com.pulumi.time.Rotating;
import com.pulumi.time.RotatingArgs;
import com.pulumi.gcp.serviceaccount.Key;
import com.pulumi.gcp.serviceaccount.KeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myaccount = new Account("myaccount", AccountArgs.builder()
.accountId("myaccount")
.displayName("My Service Account")
.build());
// note this requires the terraform to be run regularly
var mykeyRotation = new Rotating("mykeyRotation", RotatingArgs.builder()
.rotationDays(30)
.build());
var mykey = new Key("mykey", KeyArgs.builder()
.serviceAccountId(myaccount.name())
.keepers(Map.of("rotation_time", mykeyRotation.rotationRfc3339()))
.build());
}
}
resources:
myaccount:
type: gcp:serviceaccount:Account
properties:
accountId: myaccount
displayName: My Service Account
# note this requires the terraform to be run regularly
mykeyRotation:
type: time:Rotating
name: mykey_rotation
properties:
rotationDays: 30
mykey:
type: gcp:serviceaccount:Key
properties:
serviceAccountId: ${myaccount.name}
keepers:
rotation_time: ${mykeyRotation.rotationRfc3339}
Save Key In Kubernetes Secret - DEPRECATED
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as kubernetes from "@pulumi/kubernetes";
import * as std from "@pulumi/std";
// Workload Identity is the recommended way of accessing Google Cloud APIs from pods.
// https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
const myaccount = new gcp.serviceaccount.Account("myaccount", {
accountId: "myaccount",
displayName: "My Service Account",
});
const mykey = new gcp.serviceaccount.Key("mykey", {serviceAccountId: myaccount.name});
const google_application_credentials = new kubernetes.core.v1.Secret("google-application-credentials", {
metadata: {
name: "google-application-credentials",
},
data: {
"credentials.json": std.base64decodeOutput({
input: mykey.privateKey,
}).apply(invoke => invoke.result),
},
});
import pulumi
import pulumi_gcp as gcp
import pulumi_kubernetes as kubernetes
import pulumi_std as std
# Workload Identity is the recommended way of accessing Google Cloud APIs from pods.
# https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
myaccount = gcp.serviceaccount.Account("myaccount",
account_id="myaccount",
display_name="My Service Account")
mykey = gcp.serviceaccount.Key("mykey", service_account_id=myaccount.name)
google_application_credentials = kubernetes.core.v1.Secret("google-application-credentials",
metadata=kubernetes.meta.v1.ObjectMetaArgs(
name="google-application-credentials",
),
data={
"credentials.json": std.base64decode_output(input=mykey.private_key).apply(lambda invoke: invoke.result),
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount"
corev1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/core/v1"
metav1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Workload Identity is the recommended way of accessing Google Cloud APIs from pods.
// https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
myaccount, err := serviceaccount.NewAccount(ctx, "myaccount", &serviceaccount.AccountArgs{
AccountId: pulumi.String("myaccount"),
DisplayName: pulumi.String("My Service Account"),
})
if err != nil {
return err
}
mykey, err := serviceaccount.NewKey(ctx, "mykey", &serviceaccount.KeyArgs{
ServiceAccountId: myaccount.Name,
})
if err != nil {
return err
}
_, err = corev1.NewSecret(ctx, "google-application-credentials", &corev1.SecretArgs{
Metadata: &metav1.ObjectMetaArgs{
Name: pulumi.String("google-application-credentials"),
},
Data: pulumi.StringMap{
"credentials.json": std.Base64decodeOutput(ctx, std.Base64decodeOutputArgs{
Input: mykey.PrivateKey,
}, nil).ApplyT(func(invoke std.Base64decodeResult) (*string, error) {
return invoke.Result, nil
}).(pulumi.StringPtrOutput),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Kubernetes = Pulumi.Kubernetes;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
// Workload Identity is the recommended way of accessing Google Cloud APIs from pods.
// https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
var myaccount = new Gcp.ServiceAccount.Account("myaccount", new()
{
AccountId = "myaccount",
DisplayName = "My Service Account",
});
var mykey = new Gcp.ServiceAccount.Key("mykey", new()
{
ServiceAccountId = myaccount.Name,
});
var google_application_credentials = new Kubernetes.Core.V1.Secret("google-application-credentials", new()
{
Metadata = new Kubernetes.Types.Inputs.Meta.V1.ObjectMetaArgs
{
Name = "google-application-credentials",
},
Data =
{
{ "credentials.json", Std.Base64decode.Invoke(new()
{
Input = mykey.PrivateKey,
}).Apply(invoke => invoke.Result) },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceaccount.Account;
import com.pulumi.gcp.serviceaccount.AccountArgs;
import com.pulumi.gcp.serviceaccount.Key;
import com.pulumi.gcp.serviceaccount.KeyArgs;
import com.pulumi.kubernetes.core_v1.Secret;
import com.pulumi.kubernetes.core_v1.SecretArgs;
import com.pulumi.kubernetes.meta_v1.inputs.ObjectMetaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Workload Identity is the recommended way of accessing Google Cloud APIs from pods.
// https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
var myaccount = new Account("myaccount", AccountArgs.builder()
.accountId("myaccount")
.displayName("My Service Account")
.build());
var mykey = new Key("mykey", KeyArgs.builder()
.serviceAccountId(myaccount.name())
.build());
var google_application_credentials = new Secret("google-application-credentials", SecretArgs.builder()
.metadata(ObjectMetaArgs.builder()
.name("google-application-credentials")
.build())
.data(Map.of("credentials.json", StdFunctions.base64decode().applyValue(invoke -> invoke.result())))
.build());
}
}
resources:
# Workload Identity is the recommended way of accessing Google Cloud APIs from pods.
# https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
myaccount:
type: gcp:serviceaccount:Account
properties:
accountId: myaccount
displayName: My Service Account
mykey:
type: gcp:serviceaccount:Key
properties:
serviceAccountId: ${myaccount.name}
google-application-credentials:
type: kubernetes:core/v1:Secret
properties:
metadata:
name: google-application-credentials
data:
credentials.json:
fn::invoke:
Function: std:base64decode
Arguments:
input: ${mykey.privateKey}
Return: result
Create Key Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Key(name: string, args: KeyArgs, opts?: CustomResourceOptions);@overload
def Key(resource_name: str,
args: KeyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Key(resource_name: str,
opts: Optional[ResourceOptions] = None,
service_account_id: Optional[str] = None,
keepers: Optional[Mapping[str, Any]] = None,
key_algorithm: Optional[str] = None,
private_key_type: Optional[str] = None,
public_key_data: Optional[str] = None,
public_key_type: Optional[str] = None)func NewKey(ctx *Context, name string, args KeyArgs, opts ...ResourceOption) (*Key, error)public Key(string name, KeyArgs args, CustomResourceOptions? opts = null)type: gcp:serviceaccount:Key
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var keyResource = new Gcp.ServiceAccount.Key("keyResource", new()
{
ServiceAccountId = "string",
Keepers =
{
{ "string", "any" },
},
KeyAlgorithm = "string",
PrivateKeyType = "string",
PublicKeyData = "string",
PublicKeyType = "string",
});
example, err := serviceaccount.NewKey(ctx, "keyResource", &serviceaccount.KeyArgs{
ServiceAccountId: pulumi.String("string"),
Keepers: pulumi.Map{
"string": pulumi.Any("any"),
},
KeyAlgorithm: pulumi.String("string"),
PrivateKeyType: pulumi.String("string"),
PublicKeyData: pulumi.String("string"),
PublicKeyType: pulumi.String("string"),
})
var keyResource = new Key("keyResource", KeyArgs.builder()
.serviceAccountId("string")
.keepers(Map.of("string", "any"))
.keyAlgorithm("string")
.privateKeyType("string")
.publicKeyData("string")
.publicKeyType("string")
.build());
key_resource = gcp.serviceaccount.Key("keyResource",
service_account_id="string",
keepers={
"string": "any",
},
key_algorithm="string",
private_key_type="string",
public_key_data="string",
public_key_type="string")
const keyResource = new gcp.serviceaccount.Key("keyResource", {
serviceAccountId: "string",
keepers: {
string: "any",
},
keyAlgorithm: "string",
privateKeyType: "string",
publicKeyData: "string",
publicKeyType: "string",
});
type: gcp:serviceaccount:Key
properties:
keepers:
string: any
keyAlgorithm: string
privateKeyType: string
publicKeyData: string
publicKeyType: string
serviceAccountId: string
Key Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Key resource accepts the following input properties:
- Service
Account stringId - The Service account id of the Key. This can be a string in the format
{ACCOUNT}orprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the{ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if theprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}syntax is used, the{ACCOUNT}specified can be the full email address of the service account or the service account's unique id. Substituting-as a wildcard for the{PROJECT_ID}will infer the project from the account. - Keepers Dictionary<string, object>
- Arbitrary map of values that, when changed, will trigger a new key to be generated.
- Key
Algorithm string - The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)
- Private
Key stringType - The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
- Public
Key stringData - Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with
public_key_typeandprivate_key_type. - Public
Key stringType - The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
- Service
Account stringId - The Service account id of the Key. This can be a string in the format
{ACCOUNT}orprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the{ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if theprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}syntax is used, the{ACCOUNT}specified can be the full email address of the service account or the service account's unique id. Substituting-as a wildcard for the{PROJECT_ID}will infer the project from the account. - Keepers map[string]interface{}
- Arbitrary map of values that, when changed, will trigger a new key to be generated.
- Key
Algorithm string - The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)
- Private
Key stringType - The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
- Public
Key stringData - Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with
public_key_typeandprivate_key_type. - Public
Key stringType - The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
- service
Account StringId - The Service account id of the Key. This can be a string in the format
{ACCOUNT}orprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the{ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if theprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}syntax is used, the{ACCOUNT}specified can be the full email address of the service account or the service account's unique id. Substituting-as a wildcard for the{PROJECT_ID}will infer the project from the account. - keepers Map<String,Object>
- Arbitrary map of values that, when changed, will trigger a new key to be generated.
- key
Algorithm String - The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)
- private
Key StringType - The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
- public
Key StringData - Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with
public_key_typeandprivate_key_type. - public
Key StringType - The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
- service
Account stringId - The Service account id of the Key. This can be a string in the format
{ACCOUNT}orprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the{ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if theprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}syntax is used, the{ACCOUNT}specified can be the full email address of the service account or the service account's unique id. Substituting-as a wildcard for the{PROJECT_ID}will infer the project from the account. - keepers {[key: string]: any}
- Arbitrary map of values that, when changed, will trigger a new key to be generated.
- key
Algorithm string - The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)
- private
Key stringType - The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
- public
Key stringData - Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with
public_key_typeandprivate_key_type. - public
Key stringType - The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
- service_
account_ strid - The Service account id of the Key. This can be a string in the format
{ACCOUNT}orprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the{ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if theprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}syntax is used, the{ACCOUNT}specified can be the full email address of the service account or the service account's unique id. Substituting-as a wildcard for the{PROJECT_ID}will infer the project from the account. - keepers Mapping[str, Any]
- Arbitrary map of values that, when changed, will trigger a new key to be generated.
- key_
algorithm str - The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)
- private_
key_ strtype - The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
- public_
key_ strdata - Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with
public_key_typeandprivate_key_type. - public_
key_ strtype - The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
- service
Account StringId - The Service account id of the Key. This can be a string in the format
{ACCOUNT}orprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the{ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if theprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}syntax is used, the{ACCOUNT}specified can be the full email address of the service account or the service account's unique id. Substituting-as a wildcard for the{PROJECT_ID}will infer the project from the account. - keepers Map<Any>
- Arbitrary map of values that, when changed, will trigger a new key to be generated.
- key
Algorithm String - The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)
- private
Key StringType - The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
- public
Key StringData - Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with
public_key_typeandprivate_key_type. - public
Key StringType - The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
Outputs
All input properties are implicitly available as output properties. Additionally, the Key resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The name used for this key pair
- Private
Key string - The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.
- Public
Key string - The public key, base64 encoded
- Valid
After string - The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- Valid
Before string - The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The name used for this key pair
- Private
Key string - The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.
- Public
Key string - The public key, base64 encoded
- Valid
After string - The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- Valid
Before string - The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The name used for this key pair
- private
Key String - The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.
- public
Key String - The public key, base64 encoded
- valid
After String - The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- valid
Before String - The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- The name used for this key pair
- private
Key string - The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.
- public
Key string - The public key, base64 encoded
- valid
After string - The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- valid
Before string - The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- The name used for this key pair
- private_
key str - The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.
- public_
key str - The public key, base64 encoded
- valid_
after str - The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- valid_
before str - The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The name used for this key pair
- private
Key String - The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.
- public
Key String - The public key, base64 encoded
- valid
After String - The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- valid
Before String - The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
Look up Existing Key Resource
Get an existing Key resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KeyState, opts?: CustomResourceOptions): Key@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
keepers: Optional[Mapping[str, Any]] = None,
key_algorithm: Optional[str] = None,
name: Optional[str] = None,
private_key: Optional[str] = None,
private_key_type: Optional[str] = None,
public_key: Optional[str] = None,
public_key_data: Optional[str] = None,
public_key_type: Optional[str] = None,
service_account_id: Optional[str] = None,
valid_after: Optional[str] = None,
valid_before: Optional[str] = None) -> Keyfunc GetKey(ctx *Context, name string, id IDInput, state *KeyState, opts ...ResourceOption) (*Key, error)public static Key Get(string name, Input<string> id, KeyState? state, CustomResourceOptions? opts = null)public static Key get(String name, Output<String> id, KeyState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Keepers Dictionary<string, object>
- Arbitrary map of values that, when changed, will trigger a new key to be generated.
- Key
Algorithm string - The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)
- Name string
- The name used for this key pair
- Private
Key string - The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.
- Private
Key stringType - The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
- Public
Key string - The public key, base64 encoded
- Public
Key stringData - Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with
public_key_typeandprivate_key_type. - Public
Key stringType - The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
- Service
Account stringId - The Service account id of the Key. This can be a string in the format
{ACCOUNT}orprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the{ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if theprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}syntax is used, the{ACCOUNT}specified can be the full email address of the service account or the service account's unique id. Substituting-as a wildcard for the{PROJECT_ID}will infer the project from the account. - Valid
After string - The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- Valid
Before string - The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- Keepers map[string]interface{}
- Arbitrary map of values that, when changed, will trigger a new key to be generated.
- Key
Algorithm string - The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)
- Name string
- The name used for this key pair
- Private
Key string - The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.
- Private
Key stringType - The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
- Public
Key string - The public key, base64 encoded
- Public
Key stringData - Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with
public_key_typeandprivate_key_type. - Public
Key stringType - The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
- Service
Account stringId - The Service account id of the Key. This can be a string in the format
{ACCOUNT}orprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the{ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if theprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}syntax is used, the{ACCOUNT}specified can be the full email address of the service account or the service account's unique id. Substituting-as a wildcard for the{PROJECT_ID}will infer the project from the account. - Valid
After string - The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- Valid
Before string - The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- keepers Map<String,Object>
- Arbitrary map of values that, when changed, will trigger a new key to be generated.
- key
Algorithm String - The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)
- name String
- The name used for this key pair
- private
Key String - The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.
- private
Key StringType - The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
- public
Key String - The public key, base64 encoded
- public
Key StringData - Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with
public_key_typeandprivate_key_type. - public
Key StringType - The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
- service
Account StringId - The Service account id of the Key. This can be a string in the format
{ACCOUNT}orprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the{ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if theprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}syntax is used, the{ACCOUNT}specified can be the full email address of the service account or the service account's unique id. Substituting-as a wildcard for the{PROJECT_ID}will infer the project from the account. - valid
After String - The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- valid
Before String - The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- keepers {[key: string]: any}
- Arbitrary map of values that, when changed, will trigger a new key to be generated.
- key
Algorithm string - The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)
- name string
- The name used for this key pair
- private
Key string - The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.
- private
Key stringType - The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
- public
Key string - The public key, base64 encoded
- public
Key stringData - Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with
public_key_typeandprivate_key_type. - public
Key stringType - The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
- service
Account stringId - The Service account id of the Key. This can be a string in the format
{ACCOUNT}orprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the{ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if theprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}syntax is used, the{ACCOUNT}specified can be the full email address of the service account or the service account's unique id. Substituting-as a wildcard for the{PROJECT_ID}will infer the project from the account. - valid
After string - The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- valid
Before string - The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- keepers Mapping[str, Any]
- Arbitrary map of values that, when changed, will trigger a new key to be generated.
- key_
algorithm str - The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)
- name str
- The name used for this key pair
- private_
key str - The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.
- private_
key_ strtype - The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
- public_
key str - The public key, base64 encoded
- public_
key_ strdata - Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with
public_key_typeandprivate_key_type. - public_
key_ strtype - The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
- service_
account_ strid - The Service account id of the Key. This can be a string in the format
{ACCOUNT}orprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the{ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if theprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}syntax is used, the{ACCOUNT}specified can be the full email address of the service account or the service account's unique id. Substituting-as a wildcard for the{PROJECT_ID}will infer the project from the account. - valid_
after str - The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- valid_
before str - The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- keepers Map<Any>
- Arbitrary map of values that, when changed, will trigger a new key to be generated.
- key
Algorithm String - The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)
- name String
- The name used for this key pair
- private
Key String - The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.
- private
Key StringType - The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.
- public
Key String - The public key, base64 encoded
- public
Key StringData - Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with
public_key_typeandprivate_key_type. - public
Key StringType - The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.
- service
Account StringId - The Service account id of the Key. This can be a string in the format
{ACCOUNT}orprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the{ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if theprojects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}syntax is used, the{ACCOUNT}specified can be the full email address of the service account or the service account's unique id. Substituting-as a wildcard for the{PROJECT_ID}will infer the project from the account. - valid
After String - The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
- valid
Before String - The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
Import
This resource does not support import.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.