Deleting API keys

Written by

Yandex Cloud

Updated at October 17, 2024

Management console

CLI

Terraform

API

In the management console, navigate to the folder the service account belongs to.
At the top of the screen, go to the Service accounts tab.
Choose a service account and click the row with its name.
In the Authorized keys list, find an API key to be deleted.
Click in the row of the key.
Select Delete.
In the window that opens, click Delete.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

Get a list of API IDs for a specific service account. Specify the service account name in the --service-account-name parameter:

yc iam api-key list --service-account-name <service_account_name>

Result:

+----------------------+---------------------+
|          ID          |     CREATED AT      |
+----------------------+---------------------+
| ajenhvftf77r******** | 2022-03-13 21:15:40 |
| ajeq610sgh05******** | 2022-03-13 21:14:43 |
+----------------------+---------------------+

The folder specified in the CLI profile is used by default to search for the service account. You can specify a different folder using the --folder-name or --folder-id flag.

Delete the old API key. Instead of <ID> specify the API key ID:
```
yc iam api-key delete <ID>
```

If you don't have Terraform, install it and configure the Yandex Cloud provider.

Open the Terraform configuration file and delete the fragment with the API key description.

Example API key description in the Terraform configuration:

resource "yandex_iam_service_account_api_key" "sa-api-key" {
    service_account_id = "<service_account_ID>"
    description        = "<key_description>"
    pgp_key            = "<PGP_key>"
}

Delete the record with information about the resource.

For more information about the resources you can create with Terraform, see the provider documentation.
Make sure the configuration files are correct.
1. In the command line, go to the folder where you created the configuration file.
2. Run a check using this command:
```
terraform plan
```
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
Deploy cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm creating the resources: type yes in the terminal and press Enter.
All the resources you need will then be created in the specified folder. You can check the new resources and their configuration using the management console and this CLI command:
```
yc iam key list --service-account-id <service_account_ID>
```

Delete the API key using the delete REST API method for the ApiKey resource:

export APIKEY_ID=ajeke74kbp5b********
export IAM_TOKEN=CggaATEVAgA...
curl -X DELETE -H "Authorization: Bearer $IAM_TOKEN" \
    https://iam.api.cloud.yandex.net/iam/v1/apiKeys/$APIKEY_ID

You can also delete the API key using the ApiKeyService/Delete gRPC API call.

Deleting API keys

Was the article helpful?