Identity and Access Management API, REST: Key.Create

Written by

Updated at November 26, 2024

HTTP request
Body parameters
Response
Key

Creates a key pair for the specified service account.

HTTP request

POST https://iam.api.cloud.yandex.net/iam/v1/keys

Body parameters

{
  "serviceAccountId": "string",
  "description": "string",
  "format": "string",
  "keyAlgorithm": "string"
}

Field	Description
serviceAccountId	string ID of the service account to create a key pair for. To get the service account ID, use a yandex.cloud.iam.v1.ServiceAccountService.List request. If not specified, it defaults to the subject that made the request.
description	string Description of the key pair.
format	enum (KeyFormat) Output format of the key. `PEM_FILE`: Privacy-Enhanced Mail (PEM) format. Default value.
keyAlgorithm	enum (Algorithm) An algorithm used to generate a key pair of the Key resource. `ALGORITHM_UNSPECIFIED` `RSA_2048`: RSA with a 2048-bit key size. Default value. `RSA_4096`: RSA with a 4096-bit key size.

Response

HTTP Code: 200 - OK

{
  "key": {
    "id": "string",
    // Includes only one of the fields `userAccountId`, `serviceAccountId`
    "userAccountId": "string",
    "serviceAccountId": "string",
    // end of the list of possible fields
    "createdAt": "string",
    "description": "string",
    "keyAlgorithm": "string",
    "publicKey": "string",
    "lastUsedAt": "string"
  },
  "privateKey": "string"
}

Field

Description

key

Key

Key resource.

privateKey

string

A private key of the Key resource.
This key must be stored securely.

Key

A Key resource. For more information, see Authorized keys.

Field	Description
id	string ID of the Key resource.
userAccountId	string ID of the user account that the Key resource belongs to. Includes only one of the fields `userAccountId`, `serviceAccountId`.
serviceAccountId	string ID of the service account that the Key resource belongs to. Includes only one of the fields `userAccountId`, `serviceAccountId`.
createdAt	string (date-time) Creation timestamp. String in RFC3339 text format. The range of possible values is from `0001-01-01T00:00:00Z` to `9999-12-31T23:59:59.999999999Z`, i.e. from 0 to 9 digits for fractions of a second. To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).
description	string Description of the Key resource. 0-256 characters long.
keyAlgorithm	enum (Algorithm) An algorithm used to generate a key pair of the Key resource. `ALGORITHM_UNSPECIFIED` `RSA_2048`: RSA with a 2048-bit key size. Default value. `RSA_4096`: RSA with a 4096-bit key size.
publicKey	string A public key of the Key resource.
lastUsedAt	string (date-time) Timestamp for the last use of this key. String in RFC3339 text format. The range of possible values is from `0001-01-01T00:00:00Z` to `9999-12-31T23:59:59.999999999Z`, i.e. from 0 to 9 digits for fractions of a second. To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

Identity and Access Management API, REST: Key.Create

HTTP request

Body parameters

Response

Key

Was the article helpful?