Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

gcp_iam_service_account_key

ancestors

Type: UNORDERED_LIST_STRING

disable_reason

Type: STRING
Provider name: disableReason
Description: Output only. optional. If the key is disabled, it may have a DisableReason describing why it was disabled.
Possible values:

  • SERVICE_ACCOUNT_KEY_DISABLE_REASON_UNSPECIFIED - Unspecified disable reason
  • SERVICE_ACCOUNT_KEY_DISABLE_REASON_USER_INITIATED - Disabled by the user
  • SERVICE_ACCOUNT_KEY_DISABLE_REASON_EXPOSED - Google detected this Service Account external key’s private key data as exposed, typically in a public repository on GitHub or similar.
  • SERVICE_ACCOUNT_KEY_DISABLE_REASON_COMPROMISE_DETECTED - This service account external key was detected as compromised and used by an attacker.

disabled

Type: BOOLEAN
Provider name: disabled
Description: The key status.

extended_status

Type: UNORDERED_LIST_STRUCT
Provider name: extendedStatus
Description: Output only. Extended Status provides permanent information about a service account key. For example, if this key was detected as exposed or compromised, that information will remain for the lifetime of the key in the extended_status.

  • key
    Type: STRING
    Provider name: key
    Description: The key for this extended status.
    Possible values:
    • SERVICE_ACCOUNT_KEY_EXTENDED_STATUS_KEY_UNSPECIFIED - Unspecified extended status, should not be used.
    • SERVICE_ACCOUNT_KEY_EXTENDED_STATUS_KEY_EXPOSED - This key has been detected as exposed. extended_status_value may contain information about the exposure (public GitHub repo, open internet, etc.)
    • SERVICE_ACCOUNT_KEY_EXTENDED_STATUS_KEY_COMPROMISE_DETECTED - This key was implicated in a compromise or other attack. extended_status_value may contain information about the abuse perpetrated.
  • value
    Type: STRING
    Provider name: value
    Description: The value for the extended status.

key_algorithm

Type: STRING
Provider name: keyAlgorithm
Description: Specifies the algorithm (and possibly key size) for the key.
Possible values:

  • KEY_ALG_UNSPECIFIED - An unspecified key algorithm.
  • KEY_ALG_RSA_1024 - 1k RSA Key.
  • KEY_ALG_RSA_2048 - 2k RSA Key.

key_origin

Type: STRING
Provider name: keyOrigin
Description: The key origin.
Possible values:

  • ORIGIN_UNSPECIFIED - Unspecified key origin.
  • USER_PROVIDED - Key is provided by user.
  • GOOGLE_PROVIDED - Key is provided by Google.

key_type

Type: STRING
Provider name: keyType
Description: The key type.
Possible values:

  • KEY_TYPE_UNSPECIFIED - Unspecified key type. The presence of this in the message will immediately result in an error.
  • USER_MANAGED - User-managed keys (managed and rotated by the user).
  • SYSTEM_MANAGED - System-managed keys (managed and rotated by Google).

labels

Type: UNORDERED_LIST_STRING

name

Type: STRING
Provider name: name
Description: The resource name of the service account key in the following format projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}.

organization_id

Type: STRING

parent

Type: STRING

private_key_type

Type: STRING
Provider name: privateKeyType
Description: The output format for the private key. Only provided in CreateServiceAccountKey responses, not in GetServiceAccountKey or ListServiceAccountKey responses. Google never exposes system-managed private keys, and never retains user-managed private keys.
Possible values:

  • TYPE_UNSPECIFIED - Unspecified. Equivalent to TYPE_GOOGLE_CREDENTIALS_FILE.
  • TYPE_PKCS12_FILE - PKCS12 format. The password for the PKCS12 file is notasecret. For more information, see https://tools.ietf.org/html/rfc7292.
  • TYPE_GOOGLE_CREDENTIALS_FILE - Google Credentials File format.

project_id

Type: STRING

project_number

Type: STRING

region_id

Type: STRING

resource_name

Type: STRING

tags

Type: UNORDERED_LIST_STRING

valid_after_time

Type: TIMESTAMP
Provider name: validAfterTime
Description: The key can be used after this timestamp.

valid_before_time

Type: TIMESTAMP
Provider name: validBeforeTime
Description: The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time.

zone_id

Type: STRING