Create an HMAC key

To create a new HMAC key for the specified service account, make a POST request that is scoped to a project. The authenticated user must have storage.hmacKeys.create permission for the project in which the key will be created.

For general information about HMAC keys in Cloud Storage, see HMAC Keys.

HTTP Request

POST https://storage.googleapis.com/?Action=CreateAccessKey&UserName=ServiceAccountEmail

Query string parameters

Parameter Description Required
Action The HMAC key operation to be performed. Yes
UserName The email address of the service account. Yes

Request headers

Use the common request headers.

Response

If successful, this method returns a response body with the following structure:

<CreateAccessKeyResponse>
  <CreateAccessKeyResult>
    <AccessKey>
      <UserName>serviceAccount@proj.iam.gserviceaccount.com</UserName>
      <AccessKeyId>GOOG1EXAMPLEAEU</AccessKeyId>
      <Status>Active</Status>
      <SecretAccessKey>EXAMPLE/KEY/aserafd</SecretAccessKey>
    </AccessKey>
  </CreateAccessKeyResult>
</CreateAccessKeyResponse>
Parameter name Value Description
UserName string The email address of the service account.
AccessKeyId string The access key ID for this HMAC key.
Status string The status of this HMAC key. Valid values are:
  • Active: This key can be used to sign requests.
  • Inactive: Requests signed with this key will be denied.
SecretAccessKey string A 40 character Base-64 encoded string that is used to sign requests as part of the authentication process. This secret is only ever returned in the create request.