Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

yandex_iam_service_account_key (Resource)

Written by
Updated at September 11, 2025

Allows management of Yandex Cloud IAM service account authorized keys. Generated pair of keys is used to create a JSON Web Token which is necessary for requesting an IAM Token for a service account.

Example usage

//
// Create a new IAM Service Account Key.
//
resource "yandex_iam_service_account_key" "sa-auth-key" {
  service_account_id = "aje5a**********qspd3"
  description        = "key for service account"
  key_algorithm      = "RSA_4096"
  pgp_key            = "keybase:keybaseusername"
}

Schema

Required

  • service_account_id (String) ID of the service account to create a pair for.

Optional

  • description (String) The resource description.
  • format (String) The output format of the keys. PEM_FILE is the default format.
  • key_algorithm (String) The algorithm used to generate the key. RSA_2048 is the default algorithm. Valid values are listed in the API reference.
  • output_to_lockbox (Block List, Max: 1) option to create a Lockbox secret version from sensitive outputs (see below for nested schema)
  • pgp_key (String) An optional PGP key to encrypt the resulting private key material. May either be a base64-encoded public key or a keybase username in the form keybase:keybaseusername.

Read-Only

  • created_at (String) The creation timestamp of the resource.
  • encrypted_private_key (String) The encrypted private key, base64 encoded. This is only populated when pgp_key is supplied.
  • id (String) The ID of this resource.
  • key_fingerprint (String) The fingerprint of the PGP key used to encrypt the private key. This is only populated when pgp_key is supplied.
  • output_to_lockbox_version_id (String) ID of the Lockbox secret version that contains the value of secret_key. This is only populated when output_to_lockbox is supplied. This version will be destroyed when the IAM key is destroyed, or when output_to_lockbox is removed.
  • private_key (String, Sensitive) The private key. This is only populated when neither pgp_key nor output_to_lockbox are provided.
  • public_key (String) The public key.

Nested Schema for output_to_lockbox

Required:

  • entry_for_private_key (String) entry that will store the value of private_key
  • secret_id (String) ID of the Lockbox secret where to store the sensible values.

Import

Warning

Import for this resource is not implemented yet.

Previous
iam_service_account_iam_policy
Next
iam_service_account_static_access_key