Authorized keys
Authorized keys are keys with the RSA-2048 or RSA-4096 encryption algorithm and unlimited validity. These keys are used when requesting an IAM token for a service account. At the same time, you cannot use authorized keys directly for authentication in the Yandex Cloud API.
The request for an authorized key will provide you with a JSON file containing the public and private parts of the key. Save this file, as you will not be able to get it again.
Warning
The private part of the key is confidential information that allows you to perform operations in Yandex Cloud. It is important to store it securely.
You can get the public part of the key again using the get REST API method for the Key resource or the KeyService/Get gRPC API call. The private part of the authorized key is stored on the user end only, so you cannot request it again. In case the private part of the key is lost, create a new authorized key.
To ensure security and control over access to resources, monitor cases of unauthorized use of keys, and delete unused keys without the risk of disrupting Yandex Cloud services, you can track the dates of last use of service account access keys. You can find this info on the service account page in the management console or in the last_used_at field when using the API to invoke access key management methods.
The private part of an authorized Yandex Cloud key starts with PLEASE DO NOT REMOVE THIS LINE! Yandex.Cloud SA Key ID… according to the RFC 7468 standard. This string makes it easy to locate secrets in case of a leak.