Method: projects.serviceAccounts.keys.list

Lists ServiceAccountKeys.

HTTP request

GET https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*}/keys

The URL uses Google API HTTP annotation syntax.

Path parameters

Parameters
name

string

The resource name of the service account in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}.

Using - as a wildcard for the PROJECT_ID, will infer the project from the account. The ACCOUNT value can be the email address or the uniqueId of the service account.

Authorization requires the following Google IAM permission on the specified resource name:

  • iam.serviceAccountKeys.list

Query parameters

Parameters
keyTypes

enum(KeyType)

Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned.

Request body

The request body must be empty.

Response body

If successful, the response body contains data with the following structure:

The service account keys list response.

JSON representation
{
  "keys": [
    {
      object(ServiceAccountKey)
    }
  ],
}
Fields
keys[]

object(ServiceAccountKey)

The public keys for the service account.

Authorization

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/iam
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Auth Guide.

KeyType

KeyType filters to selectively retrieve certain varieties of keys.

Enums
KEY_TYPE_UNSPECIFIED Unspecified key type. The presence of this in the message will immediately result in an error.
USER_MANAGED User-managed keys (managed and rotated by the user).
SYSTEM_MANAGED System-managed keys (managed and rotated by Google).

Monitor your resources on the go

Get the Google Cloud Console app to help you manage your projects.

Send feedback about...

Cloud Identity and Access Management