Yandex

v0.10.0 published on Thursday, Nov 18, 2021 by Pulumi

IamServiceAccountApiKey

Allows management of a Yandex.Cloud IAM service account API key. The API key is a private key used for simplified authorization in the Yandex.Cloud API. API keys are only used for service accounts.

API keys do not expire. This means that this authentication method is simpler, but less secure. Use it if you can’t automatically request an IAM token.

Example Usage

using Pulumi;
using Yandex = Pulumi.Yandex;

class MyStack : Stack
{
    public MyStack()
    {
        var sa_api_key = new Yandex.IamServiceAccountApiKey("sa-api-key", new Yandex.IamServiceAccountApiKeyArgs
        {
            Description = "api key for authorization",
            PgpKey = "keybase:keybaseusername",
            ServiceAccountId = "some_sa_id",
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-yandex/sdk/go/yandex"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := yandex.NewIamServiceAccountApiKey(ctx, "sa_api_key", &yandex.IamServiceAccountApiKeyArgs{
			Description:      pulumi.String("api key for authorization"),
			PgpKey:           pulumi.String("keybase:keybaseusername"),
			ServiceAccountId: pulumi.String("some_sa_id"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_yandex as yandex

sa_api_key = yandex.IamServiceAccountApiKey("sa-api-key",
    description="api key for authorization",
    pgp_key="keybase:keybaseusername",
    service_account_id="some_sa_id")
import * as pulumi from "@pulumi/pulumi";
import * as yandex from "@pulumi/yandex";

const sa_api_key = new yandex.IamServiceAccountApiKey("sa-api-key", {
    description: "api key for authorization",
    pgpKey: "keybase:keybaseusername",
    serviceAccountId: "some_sa_id",
});

Create a IamServiceAccountApiKey Resource

new IamServiceAccountApiKey(name: string, args: IamServiceAccountApiKeyArgs, opts?: CustomResourceOptions);
@overload
def IamServiceAccountApiKey(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            description: Optional[str] = None,
                            pgp_key: Optional[str] = None,
                            service_account_id: Optional[str] = None)
@overload
def IamServiceAccountApiKey(resource_name: str,
                            args: IamServiceAccountApiKeyArgs,
                            opts: Optional[ResourceOptions] = None)
func NewIamServiceAccountApiKey(ctx *Context, name string, args IamServiceAccountApiKeyArgs, opts ...ResourceOption) (*IamServiceAccountApiKey, error)
public IamServiceAccountApiKey(string name, IamServiceAccountApiKeyArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args IamServiceAccountApiKeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args IamServiceAccountApiKeyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args IamServiceAccountApiKeyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args IamServiceAccountApiKeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

IamServiceAccountApiKey Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The IamServiceAccountApiKey resource accepts the following input properties:

ServiceAccountId string
ID of the service account to an API key for.
Description string
The description of the key.
PgpKey string
An optional PGP key to encrypt the resulting secret key material. May either be a base64-encoded public key or a keybase username in the form keybase:keybaseusername.
ServiceAccountId string
ID of the service account to an API key for.
Description string
The description of the key.
PgpKey string
An optional PGP key to encrypt the resulting secret key material. May either be a base64-encoded public key or a keybase username in the form keybase:keybaseusername.
serviceAccountId string
ID of the service account to an API key for.
description string
The description of the key.
pgpKey string
An optional PGP key to encrypt the resulting secret key material. May either be a base64-encoded public key or a keybase username in the form keybase:keybaseusername.
service_account_id str
ID of the service account to an API key for.
description str
The description of the key.
pgp_key str
An optional PGP key to encrypt the resulting secret key material. May either be a base64-encoded public key or a keybase username in the form keybase:keybaseusername.

Outputs

All input properties are implicitly available as output properties. Additionally, the IamServiceAccountApiKey resource produces the following output properties:

CreatedAt string
Creation timestamp of the static access key.
EncryptedSecretKey string
The encrypted secret key, base64 encoded. This is only populated when pgp_key is supplied.
Id string
The provider-assigned unique ID for this managed resource.
KeyFingerprint string
The fingerprint of the PGP key used to encrypt the secret key. This is only populated when pgp_key is supplied.
SecretKey string
The secret key. This is only populated when no pgp_key is provided.
CreatedAt string
Creation timestamp of the static access key.
EncryptedSecretKey string
The encrypted secret key, base64 encoded. This is only populated when pgp_key is supplied.
Id string
The provider-assigned unique ID for this managed resource.
KeyFingerprint string
The fingerprint of the PGP key used to encrypt the secret key. This is only populated when pgp_key is supplied.
SecretKey string
The secret key. This is only populated when no pgp_key is provided.
createdAt string
Creation timestamp of the static access key.
encryptedSecretKey string
The encrypted secret key, base64 encoded. This is only populated when pgp_key is supplied.
id string
The provider-assigned unique ID for this managed resource.
keyFingerprint string
The fingerprint of the PGP key used to encrypt the secret key. This is only populated when pgp_key is supplied.
secretKey string
The secret key. This is only populated when no pgp_key is provided.
created_at str
Creation timestamp of the static access key.
encrypted_secret_key str
The encrypted secret key, base64 encoded. This is only populated when pgp_key is supplied.
id str
The provider-assigned unique ID for this managed resource.
key_fingerprint str
The fingerprint of the PGP key used to encrypt the secret key. This is only populated when pgp_key is supplied.
secret_key str
The secret key. This is only populated when no pgp_key is provided.

Look up an Existing IamServiceAccountApiKey Resource

Get an existing IamServiceAccountApiKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IamServiceAccountApiKeyState, opts?: CustomResourceOptions): IamServiceAccountApiKey
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        created_at: Optional[str] = None,
        description: Optional[str] = None,
        encrypted_secret_key: Optional[str] = None,
        key_fingerprint: Optional[str] = None,
        pgp_key: Optional[str] = None,
        secret_key: Optional[str] = None,
        service_account_id: Optional[str] = None) -> IamServiceAccountApiKey
func GetIamServiceAccountApiKey(ctx *Context, name string, id IDInput, state *IamServiceAccountApiKeyState, opts ...ResourceOption) (*IamServiceAccountApiKey, error)
public static IamServiceAccountApiKey Get(string name, Input<string> id, IamServiceAccountApiKeyState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

CreatedAt string
Creation timestamp of the static access key.
Description string
The description of the key.
EncryptedSecretKey string
The encrypted secret key, base64 encoded. This is only populated when pgp_key is supplied.
KeyFingerprint string
The fingerprint of the PGP key used to encrypt the secret key. This is only populated when pgp_key is supplied.
PgpKey string
An optional PGP key to encrypt the resulting secret key material. May either be a base64-encoded public key or a keybase username in the form keybase:keybaseusername.
SecretKey string
The secret key. This is only populated when no pgp_key is provided.
ServiceAccountId string
ID of the service account to an API key for.
CreatedAt string
Creation timestamp of the static access key.
Description string
The description of the key.
EncryptedSecretKey string
The encrypted secret key, base64 encoded. This is only populated when pgp_key is supplied.
KeyFingerprint string
The fingerprint of the PGP key used to encrypt the secret key. This is only populated when pgp_key is supplied.
PgpKey string
An optional PGP key to encrypt the resulting secret key material. May either be a base64-encoded public key or a keybase username in the form keybase:keybaseusername.
SecretKey string
The secret key. This is only populated when no pgp_key is provided.
ServiceAccountId string
ID of the service account to an API key for.
createdAt string
Creation timestamp of the static access key.
description string
The description of the key.
encryptedSecretKey string
The encrypted secret key, base64 encoded. This is only populated when pgp_key is supplied.
keyFingerprint string
The fingerprint of the PGP key used to encrypt the secret key. This is only populated when pgp_key is supplied.
pgpKey string
An optional PGP key to encrypt the resulting secret key material. May either be a base64-encoded public key or a keybase username in the form keybase:keybaseusername.
secretKey string
The secret key. This is only populated when no pgp_key is provided.
serviceAccountId string
ID of the service account to an API key for.
created_at str
Creation timestamp of the static access key.
description str
The description of the key.
encrypted_secret_key str
The encrypted secret key, base64 encoded. This is only populated when pgp_key is supplied.
key_fingerprint str
The fingerprint of the PGP key used to encrypt the secret key. This is only populated when pgp_key is supplied.
pgp_key str
An optional PGP key to encrypt the resulting secret key material. May either be a base64-encoded public key or a keybase username in the form keybase:keybaseusername.
secret_key str
The secret key. This is only populated when no pgp_key is provided.
service_account_id str
ID of the service account to an API key for.

Package Details

Repository
https://github.com/pulumi/pulumi-yandex
License
Apache-2.0
Notes
This Pulumi package is based on the yandex Terraform Provider.