• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5  margin: 0;
6  padding: 0;
7  border: 0;
8  font-weight: inherit;
9  font-style: inherit;
10  font-size: 100%;
11  font-family: inherit;
12  vertical-align: baseline;
13}
14
15body {
16  font-size: 13px;
17  padding: 1em;
18}
19
20h1 {
21  font-size: 26px;
22  margin-bottom: 1em;
23}
24
25h2 {
26  font-size: 24px;
27  margin-bottom: 1em;
28}
29
30h3 {
31  font-size: 20px;
32  margin-bottom: 1em;
33  margin-top: 1em;
34}
35
36pre, code {
37  line-height: 1.5;
38  font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42  margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46  font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50  border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54  margin-top: 0.5em;
55}
56
57.firstline {
58  margin-left: 2 em;
59}
60
61.method  {
62  margin-top: 1em;
63  border: solid 1px #CCC;
64  padding: 1em;
65  background: #EEE;
66}
67
68.details {
69  font-weight: bold;
70  font-size: 14px;
71}
72
73</style>
74
75<h1><a href="iam_v1.html">Identity and Access Management (IAM) API</a> . <a href="iam_v1.projects.html">projects</a> . <a href="iam_v1.projects.serviceAccounts.html">serviceAccounts</a> . <a href="iam_v1.projects.serviceAccounts.keys.html">keys</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
78  <code><a href="#create">create(name, body, x__xgafv=None)</a></code></p>
79<p class="firstline">Creates a ServiceAccountKey</p>
80<p class="toc_element">
81  <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
82<p class="firstline">Deletes a ServiceAccountKey.</p>
83<p class="toc_element">
84  <code><a href="#get">get(name, publicKeyType=None, x__xgafv=None)</a></code></p>
85<p class="firstline">Gets the ServiceAccountKey</p>
86<p class="toc_element">
87  <code><a href="#list">list(name, keyTypes=None, x__xgafv=None)</a></code></p>
88<p class="firstline">Lists ServiceAccountKeys.</p>
89<h3>Method Details</h3>
90<div class="method">
91    <code class="details" id="create">create(name, body, x__xgafv=None)</code>
92  <pre>Creates a ServiceAccountKey
93and returns it.
94
95Args:
96  name: string, The resource name of the service account in the following format:
97`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
98Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
99the account. The `ACCOUNT` value can be the `email` address or the
100`unique_id` of the service account. (required)
101  body: object, The request body. (required)
102    The object takes the form of:
103
104{ # The service account key create request.
105    "keyAlgorithm": "A String", # Which type of key and algorithm to use for the key.
106        # The default is currently a 2K RSA key.  However this may change in the
107        # future.
108    "privateKeyType": "A String", # The output format of the private key. The default value is
109        # `TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google Credentials File
110        # format.
111  }
112
113  x__xgafv: string, V1 error format.
114    Allowed values
115      1 - v1 error format
116      2 - v2 error format
117
118Returns:
119  An object of the form:
120
121    { # Represents a service account key.
122      #
123      # A service account has two sets of key-pairs: user-managed, and
124      # system-managed.
125      #
126      # User-managed key-pairs can be created and deleted by users.  Users are
127      # responsible for rotating these keys periodically to ensure security of
128      # their service accounts.  Users retain the private key of these key-pairs,
129      # and Google retains ONLY the public key.
130      #
131      # System-managed keys are automatically rotated by Google, and are used for
132      # signing for a maximum of two weeks. The rotation process is probabilistic,
133      # and usage of the new key will gradually ramp up and down over the key's
134      # lifetime. We recommend caching the public key set for a service account for
135      # no more than 24 hours to ensure you have access to the latest keys.
136      #
137      # Public keys for all service accounts are also published at the OAuth2
138      # Service Account API.
139    "keyOrigin": "A String", # The key origin.
140    "validAfterTime": "A String", # The key can be used after this timestamp.
141    "validBeforeTime": "A String", # The key can be used before this timestamp.
142    "privateKeyData": "A String", # The private key data. Only provided in `CreateServiceAccountKey`
143        # responses. Make sure to keep the private key data secure because it
144        # allows for the assertion of the service account identity.
145        # When base64 decoded, the private key data can be used to authenticate with
146        # Google API client libraries and with
147        # <a href="/sdk/gcloud/reference/auth/activate-service-account">gcloud
148        # auth activate-service-account</a>.
149    "privateKeyType": "A String", # The output format for the private key.
150        # Only provided in `CreateServiceAccountKey` responses, not
151        # in `GetServiceAccountKey` or `ListServiceAccountKey` responses.
152        #
153        # Google never exposes system-managed private keys, and never retains
154        # user-managed private keys.
155    "keyAlgorithm": "A String", # Specifies the algorithm (and possibly key size) for the key.
156    "publicKeyData": "A String", # The public key data. Only provided in `GetServiceAccountKey` responses.
157    "name": "A String", # The resource name of the service account key in the following format
158        # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
159  }</pre>
160</div>
161
162<div class="method">
163    <code class="details" id="delete">delete(name, x__xgafv=None)</code>
164  <pre>Deletes a ServiceAccountKey.
165
166Args:
167  name: string, The resource name of the service account key in the following format:
168`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
169Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
170the account. The `ACCOUNT` value can be the `email` address or the
171`unique_id` of the service account. (required)
172  x__xgafv: string, V1 error format.
173    Allowed values
174      1 - v1 error format
175      2 - v2 error format
176
177Returns:
178  An object of the form:
179
180    { # A generic empty message that you can re-use to avoid defining duplicated
181      # empty messages in your APIs. A typical example is to use it as the request
182      # or the response type of an API method. For instance:
183      #
184      #     service Foo {
185      #       rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
186      #     }
187      #
188      # The JSON representation for `Empty` is empty JSON object `{}`.
189  }</pre>
190</div>
191
192<div class="method">
193    <code class="details" id="get">get(name, publicKeyType=None, x__xgafv=None)</code>
194  <pre>Gets the ServiceAccountKey
195by key id.
196
197Args:
198  name: string, The resource name of the service account key in the following format:
199`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
200
201Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
202the account. The `ACCOUNT` value can be the `email` address or the
203`unique_id` of the service account. (required)
204  publicKeyType: string, The output format of the public key requested.
205X509_PEM is the default output format.
206  x__xgafv: string, V1 error format.
207    Allowed values
208      1 - v1 error format
209      2 - v2 error format
210
211Returns:
212  An object of the form:
213
214    { # Represents a service account key.
215      #
216      # A service account has two sets of key-pairs: user-managed, and
217      # system-managed.
218      #
219      # User-managed key-pairs can be created and deleted by users.  Users are
220      # responsible for rotating these keys periodically to ensure security of
221      # their service accounts.  Users retain the private key of these key-pairs,
222      # and Google retains ONLY the public key.
223      #
224      # System-managed keys are automatically rotated by Google, and are used for
225      # signing for a maximum of two weeks. The rotation process is probabilistic,
226      # and usage of the new key will gradually ramp up and down over the key's
227      # lifetime. We recommend caching the public key set for a service account for
228      # no more than 24 hours to ensure you have access to the latest keys.
229      #
230      # Public keys for all service accounts are also published at the OAuth2
231      # Service Account API.
232    "keyOrigin": "A String", # The key origin.
233    "validAfterTime": "A String", # The key can be used after this timestamp.
234    "validBeforeTime": "A String", # The key can be used before this timestamp.
235    "privateKeyData": "A String", # The private key data. Only provided in `CreateServiceAccountKey`
236        # responses. Make sure to keep the private key data secure because it
237        # allows for the assertion of the service account identity.
238        # When base64 decoded, the private key data can be used to authenticate with
239        # Google API client libraries and with
240        # <a href="/sdk/gcloud/reference/auth/activate-service-account">gcloud
241        # auth activate-service-account</a>.
242    "privateKeyType": "A String", # The output format for the private key.
243        # Only provided in `CreateServiceAccountKey` responses, not
244        # in `GetServiceAccountKey` or `ListServiceAccountKey` responses.
245        #
246        # Google never exposes system-managed private keys, and never retains
247        # user-managed private keys.
248    "keyAlgorithm": "A String", # Specifies the algorithm (and possibly key size) for the key.
249    "publicKeyData": "A String", # The public key data. Only provided in `GetServiceAccountKey` responses.
250    "name": "A String", # The resource name of the service account key in the following format
251        # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
252  }</pre>
253</div>
254
255<div class="method">
256    <code class="details" id="list">list(name, keyTypes=None, x__xgafv=None)</code>
257  <pre>Lists ServiceAccountKeys.
258
259Args:
260  name: string, The resource name of the service account in the following format:
261`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.
262
263Using `-` as a wildcard for the `PROJECT_ID`, will infer the project from
264the account. The `ACCOUNT` value can be the `email` address or the
265`unique_id` of the service account. (required)
266  keyTypes: string, Filters the types of keys the user wants to include in the list
267response. Duplicate key types are not allowed. If no key type
268is provided, all keys are returned. (repeated)
269  x__xgafv: string, V1 error format.
270    Allowed values
271      1 - v1 error format
272      2 - v2 error format
273
274Returns:
275  An object of the form:
276
277    { # The service account keys list response.
278    "keys": [ # The public keys for the service account.
279      { # Represents a service account key.
280          #
281          # A service account has two sets of key-pairs: user-managed, and
282          # system-managed.
283          #
284          # User-managed key-pairs can be created and deleted by users.  Users are
285          # responsible for rotating these keys periodically to ensure security of
286          # their service accounts.  Users retain the private key of these key-pairs,
287          # and Google retains ONLY the public key.
288          #
289          # System-managed keys are automatically rotated by Google, and are used for
290          # signing for a maximum of two weeks. The rotation process is probabilistic,
291          # and usage of the new key will gradually ramp up and down over the key's
292          # lifetime. We recommend caching the public key set for a service account for
293          # no more than 24 hours to ensure you have access to the latest keys.
294          #
295          # Public keys for all service accounts are also published at the OAuth2
296          # Service Account API.
297        "keyOrigin": "A String", # The key origin.
298        "validAfterTime": "A String", # The key can be used after this timestamp.
299        "validBeforeTime": "A String", # The key can be used before this timestamp.
300        "privateKeyData": "A String", # The private key data. Only provided in `CreateServiceAccountKey`
301            # responses. Make sure to keep the private key data secure because it
302            # allows for the assertion of the service account identity.
303            # When base64 decoded, the private key data can be used to authenticate with
304            # Google API client libraries and with
305            # <a href="/sdk/gcloud/reference/auth/activate-service-account">gcloud
306            # auth activate-service-account</a>.
307        "privateKeyType": "A String", # The output format for the private key.
308            # Only provided in `CreateServiceAccountKey` responses, not
309            # in `GetServiceAccountKey` or `ListServiceAccountKey` responses.
310            #
311            # Google never exposes system-managed private keys, and never retains
312            # user-managed private keys.
313        "keyAlgorithm": "A String", # Specifies the algorithm (and possibly key size) for the key.
314        "publicKeyData": "A String", # The public key data. Only provided in `GetServiceAccountKey` responses.
315        "name": "A String", # The resource name of the service account key in the following format
316            # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
317      },
318    ],
319  }</pre>
320</div>
321
322</body></html>