--- title: Getting Started with Datadog description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > Infrastructure > Datadog Resource Catalog --- # gcp_iam_service_account_key{% #gcp_iam_service_account_key %} ## `ancestors`{% #ancestors %} **Type**: `UNORDERED_LIST_STRING` ## `disable_reason`{% #disable_reason %} **Type**: `STRING`**Provider name**: `disableReason`**Description**: Output only. optional. If the key is disabled, it may have a DisableReason describing why it was disabled.**Possible values**: - `SERVICE_ACCOUNT_KEY_DISABLE_REASON_UNSPECIFIED` - Unspecified disable reason - `SERVICE_ACCOUNT_KEY_DISABLE_REASON_USER_INITIATED` - Disabled by the user - `SERVICE_ACCOUNT_KEY_DISABLE_REASON_EXPOSED` - Google detected this Service Account external key's private key data as exposed, typically in a public repository on GitHub or similar. - `SERVICE_ACCOUNT_KEY_DISABLE_REASON_COMPROMISE_DETECTED` - This service account external key was detected as compromised and used by an attacker. ## `disabled`{% #disabled %} **Type**: `BOOLEAN`**Provider name**: `disabled`**Description**: The key status. ## `extended_status`{% #extended_status %} **Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `extendedStatus`**Description**: Output only. Extended Status provides permanent information about a service account key. For example, if this key was detected as exposed or compromised, that information will remain for the lifetime of the key in the extended_status. - `key`**Type**: `STRING`**Provider name**: `key`**Description**: The key for this extended status.**Possible values**: - `SERVICE_ACCOUNT_KEY_EXTENDED_STATUS_KEY_UNSPECIFIED` - Unspecified extended status, should not be used. - `SERVICE_ACCOUNT_KEY_EXTENDED_STATUS_KEY_EXPOSED` - This key has been detected as exposed. extended_status_value may contain information about the exposure (public GitHub repo, open internet, etc.) - `SERVICE_ACCOUNT_KEY_EXTENDED_STATUS_KEY_COMPROMISE_DETECTED` - This key was implicated in a compromise or other attack. extended_status_value may contain information about the abuse perpetrated. - `value`**Type**: `STRING`**Provider name**: `value`**Description**: The value for the extended status. ## `key_algorithm`{% #key_algorithm %} **Type**: `STRING`**Provider name**: `keyAlgorithm`**Description**: Specifies the algorithm (and possibly key size) for the key.**Possible values**: - `KEY_ALG_UNSPECIFIED` - An unspecified key algorithm. - `KEY_ALG_RSA_1024` - 1k RSA Key. - `KEY_ALG_RSA_2048` - 2k RSA Key. ## `key_origin`{% #key_origin %} **Type**: `STRING`**Provider name**: `keyOrigin`**Description**: The key origin.**Possible values**: - `ORIGIN_UNSPECIFIED` - Unspecified key origin. - `USER_PROVIDED` - Key is provided by user. - `GOOGLE_PROVIDED` - Key is provided by Google. ## `key_type`{% #key_type %} **Type**: `STRING`**Provider name**: `keyType`**Description**: The key type.**Possible values**: - `KEY_TYPE_UNSPECIFIED` - Unspecified key type. The presence of this in the message will immediately result in an error. - `USER_MANAGED` - User-managed keys (managed and rotated by the user). - `SYSTEM_MANAGED` - System-managed keys (managed and rotated by Google). ## `labels`{% #labels %} **Type**: `UNORDERED_LIST_STRING` ## `name`{% #name %} **Type**: `STRING`**Provider name**: `name`**Description**: The resource name of the service account key in the following format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. ## `organization_id`{% #organization_id %} **Type**: `STRING` ## `parent`{% #parent %} **Type**: `STRING` ## `private_key_type`{% #private_key_type %} **Type**: `STRING`**Provider name**: `privateKeyType`**Description**: The output format for the private key. Only provided in `CreateServiceAccountKey` responses, not in `GetServiceAccountKey` or `ListServiceAccountKey` responses. Google never exposes system-managed private keys, and never retains user-managed private keys.**Possible values**: - `TYPE_UNSPECIFIED` - Unspecified. Equivalent to `TYPE_GOOGLE_CREDENTIALS_FILE`. - `TYPE_PKCS12_FILE` - PKCS12 format. The password for the PKCS12 file is `notasecret`. For more information, see [https://tools.ietf.org/html/rfc7292](https://tools.ietf.org/html/rfc7292). - `TYPE_GOOGLE_CREDENTIALS_FILE` - Google Credentials File format. ## `project_id`{% #project_id %} **Type**: `STRING` ## `project_number`{% #project_number %} **Type**: `STRING` ## `region_id`{% #region_id %} **Type**: `STRING` ## `resource_name`{% #resource_name %} **Type**: `STRING` ## `tags`{% #tags %} **Type**: `UNORDERED_LIST_STRING` ## `valid_after_time`{% #valid_after_time %} **Type**: `TIMESTAMP`**Provider name**: `validAfterTime`**Description**: The key can be used after this timestamp. ## `valid_before_time`{% #valid_before_time %} **Type**: `TIMESTAMP`**Provider name**: `validBeforeTime`**Description**: The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time. ## `zone_id`{% #zone_id %} **Type**: `STRING`