yandex_iam_service_account_key (Resource)

Allows management of Yandex Cloud IAM service account authorized keys. Generated pair of keys is used to create a JSON Web Token which is necessary for requesting an IAM Token for a service account.

Example usageExample usage

//
// Create a new IAM Service Account Key.
//
resource "yandex_iam_service_account_key" "sa-auth-key" {
  service_account_id = "aje5a**********qspd3"
  description        = "key for service account"
  key_algorithm      = "RSA_4096"
  pgp_key            = "keybase:keybaseusername"
}

SchemaSchema

RequiredRequired

• service_account_id (String) ID of the service account to create a pair for.

OptionalOptional

• description (String) The resource description.
• format (String) The output format of the keys. PEM_FILE is the default format.
• key_algorithm (String) The algorithm used to generate the key. RSA_2048 is the default algorithm. Valid values are listed in the API reference.
• output_to_lockbox (Block List, Max: 1) option to create a Lockbox secret version from sensitive outputs (see below for nested schema)
• pgp_key (String) An optional PGP key to encrypt the resulting private key material. May either be a base64-encoded public key or a keybase username in the form keybase:keybaseusername.

Read-OnlyRead-Only

• created_at (String) The creation timestamp of the resource.
• encrypted_private_key (String) The encrypted private key, base64 encoded. This is only populated when pgp_key is supplied.
• id (String) The ID of this resource.
• key_fingerprint (String) The fingerprint of the PGP key used to encrypt the private key. This is only populated when pgp_key is supplied.
• output_to_lockbox_version_id (String) ID of the Lockbox secret version that contains the value of secret_key. This is only populated when output_to_lockbox is supplied. This version will be destroyed when the IAM key is destroyed, or when output_to_lockbox is removed.
• private_key (String, Sensitive) The private key. This is only populated when neither pgp_key nor output_to_lockbox are provided.
• public_key (String) The public key.

Nested Schema for Nested Schema for output_to_lockbox

Required:

• entry_for_private_key (String) entry that will store the value of private_key
• secret_id (String) ID of the Lockbox secret where to store the sensible values.

ImportImport