yandex_iam_service_account_api_key (Resource)

Allows management of a Yandex Cloud IAM service account API key. The API key is a private key used for simplified authorization in the Yandex Cloud API. API keys are only used for service accounts.

API keys do not expire. This means that this authentication method is simpler, but less secure. Use it if you can't automatically request an IAM token.

Example usageExample usage

//
// Create a new IAM Service Account API Key.
//
resource "yandex_iam_service_account_api_key" "sa-api-key" {
  service_account_id = "aje5a**********qspd3"
  description        = "api key for authorization"
  scopes             = ["yc.ydb.topics.manage", "yc.ydb.tables.manage"]
  expires_at         = "2024-11-11T00:00:00Z"
  pgp_key            = "keybase:keybaseusername"
}

SchemaSchema

RequiredRequired

• service_account_id (String) ID of the service account to an API key for.

OptionalOptional

• description (String) The resource description.
• expires_at (String) The key will be no longer valid after expiration timestamp.
• output_to_lockbox (Block List, Max: 1) option to create a Lockbox secret version from sensitive outputs (see below for nested schema)
• pgp_key (String) An optional PGP key to encrypt the resulting secret key material. May either be a base64-encoded public key or a keybase username in the form keybase:keybaseusername.
• scope (String, Deprecated) The scope of the key.
• scopes (List of String) The list of scopes of the key.

Read-OnlyRead-Only

• created_at (String) The creation timestamp of the resource.
• encrypted_secret_key (String) The encrypted secret key, base64 encoded. This is only populated when pgp_key is supplied.
• id (String) The ID of this resource.
• key_fingerprint (String) The fingerprint of the PGP key used to encrypt the secret key. This is only populated when pgp_key is supplied.
• output_to_lockbox_version_id (String) ID of the Lockbox secret version that contains the value of secret_key. This is only populated when output_to_lockbox is supplied. This version will be destroyed when the IAM key is destroyed, or when output_to_lockbox is removed.
• secret_key (String, Sensitive) The secret key. This is only populated when neither pgp_key nor output_to_lockbox are provided.

Nested Schema for Nested Schema for output_to_lockbox

Required:

• entry_for_secret_key (String) entry that will store the value of secret_key
• secret_id (String) ID of the Lockbox secret where to store the sensible values.

ImportImport