Creating static access keys

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

1. See the description of the create static access key command:

   yc iam access-key create --help
   

2. Select a service account, e.g., my-robot:

   yc iam service-account list
   

   Result:

   +----------------------+------------------+-------------------------------+
   |          ID          |       NAME       |          DESCRIPTION          |
   +----------------------+------------------+-------------------------------+
   | aje6o61dvog2******** | my-robot         |                               |
   | aje9sda1ufvq******** | account_name     | account_description           |
   +----------------------+------------------+-------------------------------+
   

3. Create an access key for the my-robot service account:

   yc iam access-key create --service-account-name my-robot
   

   Result:

   access_key:
     id: aje6t3vsbj8l********
     service_account_id: ajepg0mjt06s********
     created_at: "2018-11-22T14:37:51Z"
     key_id: 0n8X6WY6S24N********
   secret: JyTRFdqw8t1kh2-OJNz4JX5ZTz9Dj1rI********
   

4. Save the ID (key_id) and secret key (secret). You will not be able to get the key value again.

If you don't have Terraform, install it and configure the Yandex Cloud provider.

1. In the configuration file, describe the parameters of the resources you want to create:

   resource "yandex_iam_service_account_static_access_key" "sa-static-key" {
    service_account_id = "<service_account_ID>"
    description        = "<key_description>"
    pgp_key            = "keybase:keybaseusername"
    }
   

   Where:

   • service_account_id: Service account ID. This is a required parameter.
   • description: Key description. This is an optional parameter.
   • pgp_key: Additional PGP key for encrypting a private key. This is an optional parameter. Specify the public part of the key in Base64 encoding or in keybase:keybaseusername format.

   For more information about the yandex_iam_service_account_static_access_key resource parameters in Terraform, see the relevant provider documentation.

2. Make sure the configuration files are correct.

   1. In the command line, go to the folder where you created the configuration file.

   2. Run a check using this command:

      terraform plan
      

   If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.

3. Deploy cloud resources.

   1. If the configuration does not contain any errors, run this command:

      terraform apply
      

   2. Confirm the static access key creation by typing yes in the terminal and pressing Enter.

      If any errors occur when creating the key, Terraform will indicate them.
      If the key is successfully created, Terraform will write it into its configuration, but will not show it to the user. The terminal will display only the ID of the created key.

      You can check the new service account key in the management console or using the CLI command:

      yc iam access-key list --service-account-name=<service_account_name>
      

To create an access key, use the create REST API method for the AccessKey resource or the AccessKeyService/Create gRPC API call.