List HMAC keys

To retrieve a list of HMAC keys for the specified service account, make a GET request that is scoped to a project. The authenticated user must have storage.hmacKeys.list permission for the project in which the key exists.

For general information about HMAC keys in Cloud Storage, see HMAC Keys.

HTTP Request

GET https://storage.googleapis.com/?Action=ListAccessKeys&UserName=ServiceAccountEmail

Query string parameters

Parameter Description Required
Action The HMAC key operation to be performed. Yes
MaxItems Maximum number of keys to return in a single response. The service may return fewer results than MaxItems. Check for a Marker in the result and paginate if necessary. No
Marker A previously-returned page token representing part of the larger set of results to view. This is meant to be an opaque token and the format may change at any time. Attempting to build your own instead of using one returned by a previous list request is not supported.

If you start a listing and then create a new HMAC key before using a Marker to continue listing, you will not see the new HMAC key in subsequent listing results if it is in part of the HMAC key namespace already listed.
No
UserName The email address of a service account in the project. Specifying this parameter will filter the list results to only return keys for this service account. No

Request headers

The following are request headers for GET HMAC Key.

Header Description Required
Authorization The authentication string for the request. Yes
Date The date and time of the request. Yes
Host The URI for Cloud Storage. For more information, see Request Endpoints. Yes
x-goog-user-project The project to be billed for charges associated with the request. No

Response

If successful, this method returns a response body with the following structure:

<ListAccessKeysResponse>
  <ListAccessKeysResult>
    <UserName>serviceAcc@proj.iam.gserviceaccount.com</UserName>
    <AccessKeyMetadata>
       <member>
          <UserName>serviceAccount@proj.gserviceaccount.com</UserName>
          <AccessKeyId>GOOG1EXAMPLE12345</AccessKeyId>
          <Status>Active</Status>
        <CreateDate>2019-09-03T18:53:41Z</CreateDate>
       </member>
       <member>
          <UserName>serviceAccount@proj.gserviceaccount.com</UserName>
          <AccessKeyId>GOOG1EXAMPLE54321</AccessKeyId>
          <Status>Inactive</Status>
        <CreateDate>2019-03-25T20:38:14Z</CreateDate>
       </member>
    </AccessKeyMetadata>
    <IsTruncated>true</IsTruncated>
    <Marker>AERPALERN/NEXT/TOKEN</Marker>
  </ListAccessKeysResult>
</ListAccessKeysResponse>
Parameter name Value Description
UserName string The email address of the service account.
AccessKeyId string The access key ID for this HMAC key.
Status string The status of this HMAC key. Valid values are:
  • Active: This key can be used to sign requests.
  • Inactive: Requests signed with this key will be denied.
  • Deleted: Requests signed with this key will be denied.
CreateDate datetime The creation time of the HMAC key in RFC 3339 format.
IsTruncated boolean true if there are additional pages of keys. false otherwise. The presence of this parameter in the response should always be checked to ensure a complete listing of all the results.
Marker string The continuation token, used to page through large result sets. Only included in the response if IsTruncated is true. Provide this value in subsequent list requests until IsTruncated is false. Note that the next page may be empty.