Deleting API keys

Written by

Yandex Cloud

Updated at November 14, 2024

Management console

CLI

Terraform

API

In the management console, navigate to the folder the service account belongs to.
In the list of services, select Identity and Access Management.
In the left-hand panel, select Service accounts and select the required service account.
Under API keys, click in the line with the API key to delete, and select Delete.
In the window that opens, confirm the deletion.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

Get a list of API key IDs for a specific service account. Specify the service account name in the --service-account-name parameter:

yc iam api-key list --service-account-name <service_account_name>

Result:

+----------------------+---------------------+
|          ID          |     CREATED AT      |
+----------------------+---------------------+
| ajenhvftf77r******** | 2022-03-13 21:15:40 |
| ajeq610sgh05******** | 2022-03-13 21:14:43 |
+----------------------+---------------------+

The folder specified in the CLI profile is used by default to search for the service account. You can specify a different folder using the --folder-name or --folder-id flag.

Delete the old API key. Replace <ID> with your API key ID:
```
yc iam api-key delete <ID>
```

If you don't have Terraform, install it and configure the Yandex Cloud provider.

Open the Terraform configuration file and delete the fragment with the API key description.

Example API key description in the Terraform configuration:

resource "yandex_iam_service_account_api_key" "sa-api-key" {
    service_account_id = "<service_account_ID>"
    description        = "<key_description>"
    pgp_key            = "<PGP_key>"
}

Delete the record with information about the resource.

For more information about the resources you can create with Terraform, see the provider documentation.
Make sure the configuration files are correct.
1. In the command line, go to the folder where you created the configuration file.
2. Run a check using this command:
```
terraform plan
```
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
Deploy cloud resources.
1. If the configuration does not contain any errors, run this command:
```
terraform apply
```
2. Confirm creating the resources: type yes in the terminal and press Enter.
All the resources you need will then be created in the specified folder. You can check the new resources and their settings using the management console and this CLI command:
```
yc iam key list --service-account-id <service_account_ID>
```

Delete the API key using the delete REST API method for the ApiKey resource:

export APIKEY_ID=ajeke74kbp5b********
export IAM_TOKEN=CggaATEVAgA...
curl \
    --request DELETE \
    --header "Authorization: Bearer $IAM_TOKEN" \
    https://iam.api.cloud.yandex.net/iam/v1/apiKeys/$APIKEY_ID

You can also delete the API key using the ApiKeyService/Delete gRPC API call.

Deleting API keys

Was the article helpful?