yandex_iam_service_account_key (Resource)
Статья создана
Обновлена 9 февраля 2026 г.
Allows management of Yandex Cloud IAM service account authorized keys. Generated pair of keys is used to create a JSON Web Token which is necessary for requesting an IAM Token for a service account.
Example usage
//
// Create a new IAM Service Account Key.
//
resource "yandex_iam_service_account_key" "sa-auth-key" {
service_account_id = "aje5a**********qspd3"
description = "key for service account"
key_algorithm = "RSA_4096"
pgp_key = "keybase:keybaseusername"
}
Arguments & Attributes Reference
created_at(Read-Only) (String). The creation timestamp of the resource.description(String). The resource description.encrypted_private_key(Read-Only) (String). The encrypted private key, base64 encoded. This is only populated whenpgp_keyis supplied.format(String). The output format of the keys.PEM_FILEis the default format.id(String).key_algorithm(String). The algorithm used to generate the key.RSA_2048is the default algorithm. Valid values are listed in the API reference.key_fingerprint(Read-Only) (String). The fingerprint of the PGP key used to encrypt the private key. This is only populated whenpgp_keyis supplied.output_to_lockbox_version_id(Read-Only) (String). ID of the Lockbox secret version that contains the value ofsecret_key. This is only populated whenoutput_to_lockboxis supplied. This version will be destroyed when the IAM key is destroyed, or whenoutput_to_lockboxis removed.pgp_key(String). An optional PGP key to encrypt the resulting private key material. May either be a base64-encoded public key or a keybase username in the formkeybase:keybaseusername.private_key(Read-Only) (String). The private key. This is only populated when neitherpgp_keynoroutput_to_lockboxare provided.public_key(Read-Only) (String). The public key.service_account_id(Required)(String). ID of the service account to create a pair for.output_to_lockbox[Block]. option to create a Lockbox secret version from sensitive outputsentry_for_private_key(Required)(String). entry that will store the value of private_keysecret_id(Required)(String). ID of the Lockbox secret where to store the sensible values.