yandex_iam_service_account_static_access_key (Resource)
Written by
Updated at February 9, 2026
Allows management of Yandex Cloud IAM service account static access keys. Generated pair of keys is used to access Yandex Object Storage on behalf of service account.
Before using keys do not forget to assign a proper role to the service account.
Example usage
//
// Create a new IAM Service Account Static Access SKey.
//
resource "yandex_iam_service_account_static_access_key" "sa-static-key" {
service_account_id = "aje5a**********qspd3"
description = "static access key for object storage"
pgp_key = "keybase:keybaseusername"
}
Arguments & Attributes Reference
access_key(Read-Only) (String). ID of the static access key. This is only populated whenoutput_to_lockboxis not provided.created_at(Read-Only) (String). The creation timestamp of the resource.description(String). The resource description.encrypted_secret_key(Read-Only) (String). The encrypted secret, base64 encoded. This is only populated whenpgp_keyis supplied.id(String).key_fingerprint(Read-Only) (String). The fingerprint of the PGP key used to encrypt the secret key. This is only populated whenpgp_keyis supplied.output_to_lockbox_version_id(Read-Only) (String). ID of the Lockbox secret version that contains the value ofsecret_key. This is only populated whenoutput_to_lockboxis supplied. This version will be destroyed when the IAM key is destroyed, or whenoutput_to_lockboxis removed.pgp_key(String). An optional PGP key to encrypt the resulting secret key material. May either be a base64-encoded public key or a keybase username in the formkeybase:keybaseusername.secret_key(Read-Only) (String). Private part of generated static access key. This is only populated when neitherpgp_keynoroutput_to_lockboxare provided.service_account_id(Required)(String). ID of the service account which is used to get a static key.output_to_lockbox[Block]. option to create a Lockbox secret version from sensitive outputsentry_for_access_key(Required)(String). entry that will store the value of access_keyentry_for_secret_key(Required)(String). entry that will store the value of secret_keysecret_id(Required)(String). ID of the Lockbox secret where to store the sensible values.