Uploads the public key portion of a key pair that you manage, and associates the public key with a ServiceAccount
.
After you upload the public key, you can use the private key from the key pair as a service account key.
HTTP request
POST https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*}/keys:upload
The URL uses gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
name |
The resource name of the service account key. Use one of the following formats:
As an alternative, you can use the
When possible, avoid using the Authorization requires the following IAM permission on the specified resource
|
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "publicKeyData": string } |
Fields | |
---|---|
public |
The public key to associate with the service account. Must be an RSA public key that is wrapped in an X.509 v3 certificate. Include the first line, A base64-encoded string. |
Response body
If successful, the response body contains an instance of ServiceAccountKey
.
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/iam
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
Uses the Node.js client library.Examples
// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
// and check the quota for your project at
// https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
// If not already done, install the gcloud CLI from
// https://cloud.google.com/sdk and run
// `gcloud beta auth application-default login`.
// For more information, see
// https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install the Node.js client library by running
// `npm install googleapis --save`
const {google} = require('googleapis');
const iam = google.iam('v1');
async function main () {
const authClient = await authorize();
const request = {
// The resource name of the service account in the following format:
// `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
// Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
// the account. The `ACCOUNT` value can be the `email` address or the
// `unique_id` of the service account.
name: 'projects/my-project/serviceAccounts/my-service-account', // TODO: Update placeholder value.
resource: {
// TODO: Add desired properties to the request body.
},
auth: authClient,
};
try {
const response = (await iam.projects.serviceAccounts.keys.upload(request)).data;
// TODO: Change code below to process the `response` object:
console.log(JSON.stringify(response, null, 2));
} catch (err) {
console.error(err);
}
}
main();
async function authorize() {
const auth = new google.auth.GoogleAuth({
scopes: ['https://www.googleapis.com/auth/cloud-platform']
});
return await auth.getClient();
}