Google Cloud (GCP) Classic

v6.39.0 published on Wednesday, Sep 28, 2022 by Pulumi

Key

Import

This resource does not support import.

Example Usage

Creating A New Key

using System.Collections.Generic;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var myaccount = new Gcp.ServiceAccount.Account("myaccount", new()
    {
        AccountId = "myaccount",
        DisplayName = "My Service Account",
    });

    var mykey = new Gcp.ServiceAccount.Key("mykey", new()
    {
        ServiceAccountId = myaccount.Name,
        PublicKeyType = "TYPE_X509_PEM_FILE",
    });

});
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myaccount, err := serviceAccount.NewAccount(ctx, "myaccount", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("myaccount"),
			DisplayName: pulumi.String("My Service Account"),
		})
		if err != nil {
			return err
		}
		_, err = serviceAccount.NewKey(ctx, "mykey", &serviceAccount.KeyArgs{
			ServiceAccountId: myaccount.Name,
			PublicKeyType:    pulumi.String("TYPE_X509_PEM_FILE"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceAccount.Account;
import com.pulumi.gcp.serviceAccount.AccountArgs;
import com.pulumi.gcp.serviceAccount.Key;
import com.pulumi.gcp.serviceAccount.KeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var myaccount = new Account("myaccount", AccountArgs.builder()        
            .accountId("myaccount")
            .displayName("My Service Account")
            .build());

        var mykey = new Key("mykey", KeyArgs.builder()        
            .serviceAccountId(myaccount.name())
            .publicKeyType("TYPE_X509_PEM_FILE")
            .build());

    }
}
import pulumi
import pulumi_gcp as gcp

myaccount = gcp.service_account.Account("myaccount",
    account_id="myaccount",
    display_name="My Service Account")
mykey = gcp.service_account.Key("mykey",
    service_account_id=myaccount.name,
    public_key_type="TYPE_X509_PEM_FILE")
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const myaccount = new gcp.serviceaccount.Account("myaccount", {
    accountId: "myaccount",
    displayName: "My Service Account",
});
const mykey = new gcp.serviceaccount.Key("mykey", {
    serviceAccountId: myaccount.name,
    publicKeyType: "TYPE_X509_PEM_FILE",
});
resources:
  myaccount:
    type: gcp:serviceAccount:Account
    properties:
      accountId: myaccount
      displayName: My Service Account
  mykey:
    type: gcp:serviceAccount:Key
    properties:
      serviceAccountId: ${myaccount.name}
      publicKeyType: TYPE_X509_PEM_FILE

Create a Key Resource

new Key(name: string, args: KeyArgs, opts?: CustomResourceOptions);
@overload
def Key(resource_name: str,
        opts: Optional[ResourceOptions] = None,
        keepers: Optional[Mapping[str, Any]] = None,
        key_algorithm: Optional[str] = None,
        private_key_type: Optional[str] = None,
        public_key_data: Optional[str] = None,
        public_key_type: Optional[str] = None,
        service_account_id: Optional[str] = None)
@overload
def Key(resource_name: str,
        args: KeyArgs,
        opts: Optional[ResourceOptions] = None)
func NewKey(ctx *Context, name string, args KeyArgs, opts ...ResourceOption) (*Key, error)
public Key(string name, KeyArgs args, CustomResourceOptions? opts = null)
public Key(String name, KeyArgs args)
public Key(String name, KeyArgs args, CustomResourceOptions options)
type: gcp:serviceAccount:Key
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args KeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args KeyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args KeyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args KeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args KeyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Key Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Key resource accepts the following input properties:

ServiceAccountId string

The Service account id of the Key. This can be a string in the format {ACCOUNT} or projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the {ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if the projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT} syntax is used, the {ACCOUNT} specified can be the full email address of the service account or the service account's unique id. Substituting - as a wildcard for the {PROJECT_ID} will infer the project from the account.

Keepers Dictionary<string, object>

Arbitrary map of values that, when changed, will trigger a new key to be generated.

KeyAlgorithm string

The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)

PrivateKeyType string

The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.

PublicKeyData string

Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with public_key_type and private_key_type.

PublicKeyType string

The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.

ServiceAccountId string

The Service account id of the Key. This can be a string in the format {ACCOUNT} or projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the {ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if the projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT} syntax is used, the {ACCOUNT} specified can be the full email address of the service account or the service account's unique id. Substituting - as a wildcard for the {PROJECT_ID} will infer the project from the account.

Keepers map[string]interface{}

Arbitrary map of values that, when changed, will trigger a new key to be generated.

KeyAlgorithm string

The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)

PrivateKeyType string

The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.

PublicKeyData string

Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with public_key_type and private_key_type.

PublicKeyType string

The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.

serviceAccountId String

The Service account id of the Key. This can be a string in the format {ACCOUNT} or projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the {ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if the projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT} syntax is used, the {ACCOUNT} specified can be the full email address of the service account or the service account's unique id. Substituting - as a wildcard for the {PROJECT_ID} will infer the project from the account.

keepers Map<String,Object>

Arbitrary map of values that, when changed, will trigger a new key to be generated.

keyAlgorithm String

The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)

privateKeyType String

The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.

publicKeyData String

Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with public_key_type and private_key_type.

publicKeyType String

The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.

serviceAccountId string

The Service account id of the Key. This can be a string in the format {ACCOUNT} or projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the {ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if the projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT} syntax is used, the {ACCOUNT} specified can be the full email address of the service account or the service account's unique id. Substituting - as a wildcard for the {PROJECT_ID} will infer the project from the account.

keepers {[key: string]: any}

Arbitrary map of values that, when changed, will trigger a new key to be generated.

keyAlgorithm string

The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)

privateKeyType string

The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.

publicKeyData string

Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with public_key_type and private_key_type.

publicKeyType string

The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.

service_account_id str

The Service account id of the Key. This can be a string in the format {ACCOUNT} or projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the {ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if the projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT} syntax is used, the {ACCOUNT} specified can be the full email address of the service account or the service account's unique id. Substituting - as a wildcard for the {PROJECT_ID} will infer the project from the account.

keepers Mapping[str, Any]

Arbitrary map of values that, when changed, will trigger a new key to be generated.

key_algorithm str

The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)

private_key_type str

The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.

public_key_data str

Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with public_key_type and private_key_type.

public_key_type str

The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.

serviceAccountId String

The Service account id of the Key. This can be a string in the format {ACCOUNT} or projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the {ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if the projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT} syntax is used, the {ACCOUNT} specified can be the full email address of the service account or the service account's unique id. Substituting - as a wildcard for the {PROJECT_ID} will infer the project from the account.

keepers Map<Any>

Arbitrary map of values that, when changed, will trigger a new key to be generated.

keyAlgorithm String

The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)

privateKeyType String

The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.

publicKeyData String

Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with public_key_type and private_key_type.

publicKeyType String

The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.

Outputs

All input properties are implicitly available as output properties. Additionally, the Key resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Name string

The name used for this key pair

PrivateKey string

The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.

PublicKey string

The public key, base64 encoded

ValidAfter string

The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

ValidBefore string

The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

Id string

The provider-assigned unique ID for this managed resource.

Name string

The name used for this key pair

PrivateKey string

The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.

PublicKey string

The public key, base64 encoded

ValidAfter string

The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

ValidBefore string

The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

id String

The provider-assigned unique ID for this managed resource.

name String

The name used for this key pair

privateKey String

The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.

publicKey String

The public key, base64 encoded

validAfter String

The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

validBefore String

The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

id string

The provider-assigned unique ID for this managed resource.

name string

The name used for this key pair

privateKey string

The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.

publicKey string

The public key, base64 encoded

validAfter string

The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

validBefore string

The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

id str

The provider-assigned unique ID for this managed resource.

name str

The name used for this key pair

private_key str

The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.

public_key str

The public key, base64 encoded

valid_after str

The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

valid_before str

The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

id String

The provider-assigned unique ID for this managed resource.

name String

The name used for this key pair

privateKey String

The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.

publicKey String

The public key, base64 encoded

validAfter String

The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

validBefore String

The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

Look up an Existing Key Resource

Get an existing Key resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: KeyState, opts?: CustomResourceOptions): Key
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        keepers: Optional[Mapping[str, Any]] = None,
        key_algorithm: Optional[str] = None,
        name: Optional[str] = None,
        private_key: Optional[str] = None,
        private_key_type: Optional[str] = None,
        public_key: Optional[str] = None,
        public_key_data: Optional[str] = None,
        public_key_type: Optional[str] = None,
        service_account_id: Optional[str] = None,
        valid_after: Optional[str] = None,
        valid_before: Optional[str] = None) -> Key
func GetKey(ctx *Context, name string, id IDInput, state *KeyState, opts ...ResourceOption) (*Key, error)
public static Key Get(string name, Input<string> id, KeyState? state, CustomResourceOptions? opts = null)
public static Key get(String name, Output<String> id, KeyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Keepers Dictionary<string, object>

Arbitrary map of values that, when changed, will trigger a new key to be generated.

KeyAlgorithm string

The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)

Name string

The name used for this key pair

PrivateKey string

The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.

PrivateKeyType string

The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.

PublicKey string

The public key, base64 encoded

PublicKeyData string

Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with public_key_type and private_key_type.

PublicKeyType string

The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.

ServiceAccountId string

The Service account id of the Key. This can be a string in the format {ACCOUNT} or projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the {ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if the projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT} syntax is used, the {ACCOUNT} specified can be the full email address of the service account or the service account's unique id. Substituting - as a wildcard for the {PROJECT_ID} will infer the project from the account.

ValidAfter string

The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

ValidBefore string

The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

Keepers map[string]interface{}

Arbitrary map of values that, when changed, will trigger a new key to be generated.

KeyAlgorithm string

The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)

Name string

The name used for this key pair

PrivateKey string

The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.

PrivateKeyType string

The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.

PublicKey string

The public key, base64 encoded

PublicKeyData string

Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with public_key_type and private_key_type.

PublicKeyType string

The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.

ServiceAccountId string

The Service account id of the Key. This can be a string in the format {ACCOUNT} or projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the {ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if the projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT} syntax is used, the {ACCOUNT} specified can be the full email address of the service account or the service account's unique id. Substituting - as a wildcard for the {PROJECT_ID} will infer the project from the account.

ValidAfter string

The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

ValidBefore string

The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

keepers Map<String,Object>

Arbitrary map of values that, when changed, will trigger a new key to be generated.

keyAlgorithm String

The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)

name String

The name used for this key pair

privateKey String

The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.

privateKeyType String

The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.

publicKey String

The public key, base64 encoded

publicKeyData String

Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with public_key_type and private_key_type.

publicKeyType String

The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.

serviceAccountId String

The Service account id of the Key. This can be a string in the format {ACCOUNT} or projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the {ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if the projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT} syntax is used, the {ACCOUNT} specified can be the full email address of the service account or the service account's unique id. Substituting - as a wildcard for the {PROJECT_ID} will infer the project from the account.

validAfter String

The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

validBefore String

The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

keepers {[key: string]: any}

Arbitrary map of values that, when changed, will trigger a new key to be generated.

keyAlgorithm string

The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)

name string

The name used for this key pair

privateKey string

The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.

privateKeyType string

The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.

publicKey string

The public key, base64 encoded

publicKeyData string

Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with public_key_type and private_key_type.

publicKeyType string

The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.

serviceAccountId string

The Service account id of the Key. This can be a string in the format {ACCOUNT} or projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the {ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if the projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT} syntax is used, the {ACCOUNT} specified can be the full email address of the service account or the service account's unique id. Substituting - as a wildcard for the {PROJECT_ID} will infer the project from the account.

validAfter string

The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

validBefore string

The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

keepers Mapping[str, Any]

Arbitrary map of values that, when changed, will trigger a new key to be generated.

key_algorithm str

The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)

name str

The name used for this key pair

private_key str

The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.

private_key_type str

The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.

public_key str

The public key, base64 encoded

public_key_data str

Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with public_key_type and private_key_type.

public_key_type str

The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.

service_account_id str

The Service account id of the Key. This can be a string in the format {ACCOUNT} or projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the {ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if the projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT} syntax is used, the {ACCOUNT} specified can be the full email address of the service account or the service account's unique id. Substituting - as a wildcard for the {PROJECT_ID} will infer the project from the account.

valid_after str

The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

valid_before str

The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

keepers Map<Any>

Arbitrary map of values that, when changed, will trigger a new key to be generated.

keyAlgorithm String

The algorithm used to generate the key. KEY_ALG_RSA_2048 is the default algorithm. Valid values are listed at ServiceAccountPrivateKeyType (only used on create)

name String

The name used for this key pair

privateKey String

The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.

privateKeyType String

The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.

publicKey String

The public key, base64 encoded

publicKeyData String

Public key data to create a service account key for given service account. The expected format for this field is a base64 encoded X509_PEM and it conflicts with public_key_type and private_key_type.

publicKeyType String

The output format of the public key requested. TYPE_X509_PEM_FILE is the default output format.

serviceAccountId String

The Service account id of the Key. This can be a string in the format {ACCOUNT} or projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. If the {ACCOUNT}-only syntax is used, either the full email address of the service account or its name can be specified as a value, in which case the project will automatically be inferred from the account. Otherwise, if the projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT} syntax is used, the {ACCOUNT} specified can be the full email address of the service account or the service account's unique id. Substituting - as a wildcard for the {PROJECT_ID} will infer the project from the account.

validAfter String

The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

validBefore String

The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

Package Details

Repository
https://github.com/pulumi/pulumi-gcp
License
Apache-2.0
Notes

This Pulumi package is based on the google-beta Terraform Provider.