Связаться с намиПодключиться

yandex_iam_service_account_static_access_key (Resource)

Статья создана
Обновлена 11 сентября 2025 г.

Allows management of Yandex Cloud IAM service account static access keys. Generated pair of keys is used to access Yandex Object Storage on behalf of service account.

Before using keys do not forget to assign a proper role to the service account.

Example usage

//
// Create a new IAM Service Account Static Access SKey.
//
resource "yandex_iam_service_account_static_access_key" "sa-static-key" {
  service_account_id = "aje5a**********qspd3"
  description        = "static access key for object storage"
  pgp_key            = "keybase:keybaseusername"
}

Schema

Required

  • service_account_id (String) ID of the service account which is used to get a static key.

Optional

  • description (String) The resource description.
  • output_to_lockbox (Block List, Max: 1) option to create a Lockbox secret version from sensitive outputs (see below for nested schema)
  • pgp_key (String) An optional PGP key to encrypt the resulting secret key material. May either be a base64-encoded public key or a keybase username in the form keybase:keybaseusername.

Read-Only

  • access_key (String) ID of the static access key. This is only populated when output_to_lockbox is not provided.
  • created_at (String) The creation timestamp of the resource.
  • encrypted_secret_key (String) The encrypted secret, base64 encoded. This is only populated when pgp_key is supplied.
  • id (String) The ID of this resource.
  • key_fingerprint (String) The fingerprint of the PGP key used to encrypt the secret key. This is only populated when pgp_key is supplied.
  • output_to_lockbox_version_id (String) ID of the Lockbox secret version that contains the value of secret_key. This is only populated when output_to_lockbox is supplied. This version will be destroyed when the IAM key is destroyed, or when output_to_lockbox is removed.
  • secret_key (String, Sensitive) Private part of generated static access key. This is only populated when neither pgp_key nor output_to_lockbox are provided.

Nested Schema for output_to_lockbox

Required:

  • entry_for_access_key (String) entry that will store the value of access_key
  • entry_for_secret_key (String) entry that will store the value of secret_key
  • secret_id (String) ID of the Lockbox secret where to store the sensible values.

Import

Важно

Import for this resource is not implemented yet.

Предыдущая
iam_service_account_key
Следующая
iam_workload_identity_federated_credential