Resource: ServiceAccountKey
Represents a service account key.
A service account has two sets of key-pairs: user-managed, and system-managed.
User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key.
System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key's lifetime. We recommend caching the public key set for a service account for no more than 24 hours to ensure you have access to the latest keys.
Public keys for all service accounts are also published at the OAuth2 Service Account API.
JSON representation | |
---|---|
{ "name": string, "privateKeyType": enum( |
Fields | |
---|---|
name |
The resource name of the service account key in the following format |
privateKeyType |
The output format for the private key. Only provided in Google never exposes system-managed private keys, and never retains user-managed private keys. |
keyAlgorithm |
Specifies the algorithm (and possibly key size) for the key. |
privateKeyData |
The private key data. Only provided in A base64-encoded string. |
publicKeyData |
The public key data. Only provided in A base64-encoded string. |
validAfterTime |
The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: |
validBeforeTime |
The key can be used before this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: |
ServiceAccountPrivateKeyType
Supported private key output formats.
Enums | |
---|---|
TYPE_UNSPECIFIED |
Unspecified. Equivalent to TYPE_GOOGLE_CREDENTIALS_FILE . |
TYPE_PKCS12_FILE |
PKCS12 format. The password for the PKCS12 file is notasecret . For more information, see https://tools.ietf.org/html/rfc7292. |
TYPE_GOOGLE_CREDENTIALS_FILE |
Google Credentials File format. |
ServiceAccountKeyAlgorithm
Supported key algorithms.
Enums | |
---|---|
KEY_ALG_UNSPECIFIED |
An unspecified key algorithm. |
KEY_ALG_RSA_1024 |
1k RSA Key. |
KEY_ALG_RSA_2048 |
2k RSA Key. |
Methods |
|
---|---|
|
Creates a ServiceAccountKey and returns it. |
|
Deletes a ServiceAccountKey . |
|
Gets the ServiceAccountKey by key id. |
|
Lists ServiceAccountKeys . |