Authorized keys
Authorized keys are keys with the RSA-2048 or RSA-4096 encryption algorithm and unlimited validity. These keys are used when requesting an IAM token for a service account. Some Yandex Cloud services, such as Yandex Managed Service for YDB, use authorized keys for authentication.
After you request an authorized key, you will get a JSON file with public and private key parts. Save this file. You only get it once and cannot download it later.
You can request the public part of the key using the get REST API method for the Key resource or the KeyService/Get gRPC API call. You cannot request the private part of the key, as it is stored on the user side. If you need the private part of the key but cannot access the previously saved file, create a new authorized key.
To ensure security and control over access to resources, monitor cases of unauthorized use of keys, and delete unused keys without the risk of disrupting Yandex Cloud services, you can track the dates of last use of service account access keys. You can find this info on the service account page in the management console or in the last_used_at field when using the API to invoke access key management methods.
Warning
The private part of the key is confidential information that allows you to perform operations in Yandex Cloud. It is important to store it securely.
The private part of an authorized Yandex Cloud key starts with PLEASE DO NOT REMOVE THIS LINE! Yandex.Cloud SA Key ID… according to the RFC 7468 standard. This string makes it easy to locate secrets in case of a leak.
Services that support this authentication method
The following services support authentication based on authorized keys: