| <html><body> |
| <style> |
| |
| body, h1, h2, h3, div, span, p, pre, a { |
| margin: 0; |
| padding: 0; |
| border: 0; |
| font-weight: inherit; |
| font-style: inherit; |
| font-size: 100%; |
| font-family: inherit; |
| vertical-align: baseline; |
| } |
| |
| body { |
| font-size: 13px; |
| padding: 1em; |
| } |
| |
| h1 { |
| font-size: 26px; |
| margin-bottom: 1em; |
| } |
| |
| h2 { |
| font-size: 24px; |
| margin-bottom: 1em; |
| } |
| |
| h3 { |
| font-size: 20px; |
| margin-bottom: 1em; |
| margin-top: 1em; |
| } |
| |
| pre, code { |
| line-height: 1.5; |
| font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; |
| } |
| |
| pre { |
| margin-top: 0.5em; |
| } |
| |
| h1, h2, h3, p { |
| font-family: Arial, sans serif; |
| } |
| |
| h1, h2, h3 { |
| border-bottom: solid #CCC 1px; |
| } |
| |
| .toc_element { |
| margin-top: 0.5em; |
| } |
| |
| .firstline { |
| margin-left: 2 em; |
| } |
| |
| .method { |
| margin-top: 1em; |
| border: solid 1px #CCC; |
| padding: 1em; |
| background: #EEE; |
| } |
| |
| .details { |
| font-weight: bold; |
| font-size: 14px; |
| } |
| |
| </style> |
| |
| <h1><a href="iam_v1.html">Identity and Access Management (IAM) API</a> . <a href="iam_v1.projects.html">projects</a> . <a href="iam_v1.projects.serviceAccounts.html">serviceAccounts</a> . <a href="iam_v1.projects.serviceAccounts.keys.html">keys</a></h1> |
| <h2>Instance Methods</h2> |
| <p class="toc_element"> |
| <code><a href="#create">create(name, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Creates a ServiceAccountKey.</p> |
| <p class="toc_element"> |
| <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> |
| <p class="firstline">Deletes a ServiceAccountKey.</p> |
| <p class="toc_element"> |
| <code><a href="#get">get(name, publicKeyType=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Gets a ServiceAccountKey.</p> |
| <p class="toc_element"> |
| <code><a href="#list">list(name, keyTypes=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Lists every ServiceAccountKey for a service account.</p> |
| <p class="toc_element"> |
| <code><a href="#upload">upload(name, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Creates a ServiceAccountKey, using a public key that you provide.</p> |
| <h3>Method Details</h3> |
| <div class="method"> |
| <code class="details" id="create">create(name, body=None, x__xgafv=None)</code> |
| <pre>Creates a ServiceAccountKey. |
| |
| Args: |
| name: string, Required. The resource name of the service account in the following format: |
| `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. |
| Using `-` as a wildcard for the `PROJECT_ID` will infer the project from |
| the account. The `ACCOUNT` value can be the `email` address or the |
| `unique_id` of the service account. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # The service account key create request. |
| "keyAlgorithm": "A String", # Which type of key and algorithm to use for the key. |
| # The default is currently a 2K RSA key. However this may change in the |
| # future. |
| "privateKeyType": "A String", # The output format of the private key. The default value is |
| # `TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google Credentials File |
| # format. |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Represents a service account key. |
| # |
| # A service account has two sets of key-pairs: user-managed, and |
| # system-managed. |
| # |
| # User-managed key-pairs can be created and deleted by users. Users are |
| # responsible for rotating these keys periodically to ensure security of |
| # their service accounts. Users retain the private key of these key-pairs, |
| # and Google retains ONLY the public key. |
| # |
| # System-managed keys are automatically rotated by Google, and are used for |
| # signing for a maximum of two weeks. The rotation process is probabilistic, |
| # and usage of the new key will gradually ramp up and down over the key's |
| # lifetime. We recommend caching the public key set for a service account for |
| # no more than 24 hours to ensure you have access to the latest keys. |
| # |
| # Public keys for all service accounts are also published at the OAuth2 |
| # Service Account API. |
| "privateKeyType": "A String", # The output format for the private key. |
| # Only provided in `CreateServiceAccountKey` responses, not |
| # in `GetServiceAccountKey` or `ListServiceAccountKey` responses. |
| # |
| # Google never exposes system-managed private keys, and never retains |
| # user-managed private keys. |
| "validAfterTime": "A String", # The key can be used after this timestamp. |
| "publicKeyData": "A String", # The public key data. Only provided in `GetServiceAccountKey` responses. |
| "name": "A String", # The resource name of the service account key in the following format |
| # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. |
| "keyOrigin": "A String", # The key origin. |
| "validBeforeTime": "A String", # The key can be used before this timestamp. |
| # For system-managed key pairs, this timestamp is the end time for the |
| # private key signing operation. The public key could still be used |
| # for verification for a few hours after this time. |
| "keyAlgorithm": "A String", # Specifies the algorithm (and possibly key size) for the key. |
| "keyType": "A String", # The key type. |
| "privateKeyData": "A String", # The private key data. Only provided in `CreateServiceAccountKey` |
| # responses. Make sure to keep the private key data secure because it |
| # allows for the assertion of the service account identity. |
| # When base64 decoded, the private key data can be used to authenticate with |
| # Google API client libraries and with |
| # <a href="/sdk/gcloud/reference/auth/activate-service-account">gcloud |
| # auth activate-service-account</a>. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="delete">delete(name, x__xgafv=None)</code> |
| <pre>Deletes a ServiceAccountKey. |
| |
| Args: |
| name: string, Required. The resource name of the service account key in the following format: |
| `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. |
| Using `-` as a wildcard for the `PROJECT_ID` will infer the project from |
| the account. The `ACCOUNT` value can be the `email` address or the |
| `unique_id` of the service account. (required) |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A generic empty message that you can re-use to avoid defining duplicated |
| # empty messages in your APIs. A typical example is to use it as the request |
| # or the response type of an API method. For instance: |
| # |
| # service Foo { |
| # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); |
| # } |
| # |
| # The JSON representation for `Empty` is empty JSON object `{}`. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="get">get(name, publicKeyType=None, x__xgafv=None)</code> |
| <pre>Gets a ServiceAccountKey. |
| |
| Args: |
| name: string, Required. The resource name of the service account key in the following format: |
| `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. |
| |
| Using `-` as a wildcard for the `PROJECT_ID` will infer the project from |
| the account. The `ACCOUNT` value can be the `email` address or the |
| `unique_id` of the service account. (required) |
| publicKeyType: string, The output format of the public key requested. |
| X509_PEM is the default output format. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Represents a service account key. |
| # |
| # A service account has two sets of key-pairs: user-managed, and |
| # system-managed. |
| # |
| # User-managed key-pairs can be created and deleted by users. Users are |
| # responsible for rotating these keys periodically to ensure security of |
| # their service accounts. Users retain the private key of these key-pairs, |
| # and Google retains ONLY the public key. |
| # |
| # System-managed keys are automatically rotated by Google, and are used for |
| # signing for a maximum of two weeks. The rotation process is probabilistic, |
| # and usage of the new key will gradually ramp up and down over the key's |
| # lifetime. We recommend caching the public key set for a service account for |
| # no more than 24 hours to ensure you have access to the latest keys. |
| # |
| # Public keys for all service accounts are also published at the OAuth2 |
| # Service Account API. |
| "privateKeyType": "A String", # The output format for the private key. |
| # Only provided in `CreateServiceAccountKey` responses, not |
| # in `GetServiceAccountKey` or `ListServiceAccountKey` responses. |
| # |
| # Google never exposes system-managed private keys, and never retains |
| # user-managed private keys. |
| "validAfterTime": "A String", # The key can be used after this timestamp. |
| "publicKeyData": "A String", # The public key data. Only provided in `GetServiceAccountKey` responses. |
| "name": "A String", # The resource name of the service account key in the following format |
| # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. |
| "keyOrigin": "A String", # The key origin. |
| "validBeforeTime": "A String", # The key can be used before this timestamp. |
| # For system-managed key pairs, this timestamp is the end time for the |
| # private key signing operation. The public key could still be used |
| # for verification for a few hours after this time. |
| "keyAlgorithm": "A String", # Specifies the algorithm (and possibly key size) for the key. |
| "keyType": "A String", # The key type. |
| "privateKeyData": "A String", # The private key data. Only provided in `CreateServiceAccountKey` |
| # responses. Make sure to keep the private key data secure because it |
| # allows for the assertion of the service account identity. |
| # When base64 decoded, the private key data can be used to authenticate with |
| # Google API client libraries and with |
| # <a href="/sdk/gcloud/reference/auth/activate-service-account">gcloud |
| # auth activate-service-account</a>. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list">list(name, keyTypes=None, x__xgafv=None)</code> |
| <pre>Lists every ServiceAccountKey for a service account. |
| |
| Args: |
| name: string, Required. The resource name of the service account in the following format: |
| `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. |
| |
| Using `-` as a wildcard for the `PROJECT_ID`, will infer the project from |
| the account. The `ACCOUNT` value can be the `email` address or the |
| `unique_id` of the service account. (required) |
| keyTypes: string, Filters the types of keys the user wants to include in the list |
| response. Duplicate key types are not allowed. If no key type |
| is provided, all keys are returned. (repeated) |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # The service account keys list response. |
| "keys": [ # The public keys for the service account. |
| { # Represents a service account key. |
| # |
| # A service account has two sets of key-pairs: user-managed, and |
| # system-managed. |
| # |
| # User-managed key-pairs can be created and deleted by users. Users are |
| # responsible for rotating these keys periodically to ensure security of |
| # their service accounts. Users retain the private key of these key-pairs, |
| # and Google retains ONLY the public key. |
| # |
| # System-managed keys are automatically rotated by Google, and are used for |
| # signing for a maximum of two weeks. The rotation process is probabilistic, |
| # and usage of the new key will gradually ramp up and down over the key's |
| # lifetime. We recommend caching the public key set for a service account for |
| # no more than 24 hours to ensure you have access to the latest keys. |
| # |
| # Public keys for all service accounts are also published at the OAuth2 |
| # Service Account API. |
| "privateKeyType": "A String", # The output format for the private key. |
| # Only provided in `CreateServiceAccountKey` responses, not |
| # in `GetServiceAccountKey` or `ListServiceAccountKey` responses. |
| # |
| # Google never exposes system-managed private keys, and never retains |
| # user-managed private keys. |
| "validAfterTime": "A String", # The key can be used after this timestamp. |
| "publicKeyData": "A String", # The public key data. Only provided in `GetServiceAccountKey` responses. |
| "name": "A String", # The resource name of the service account key in the following format |
| # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. |
| "keyOrigin": "A String", # The key origin. |
| "validBeforeTime": "A String", # The key can be used before this timestamp. |
| # For system-managed key pairs, this timestamp is the end time for the |
| # private key signing operation. The public key could still be used |
| # for verification for a few hours after this time. |
| "keyAlgorithm": "A String", # Specifies the algorithm (and possibly key size) for the key. |
| "keyType": "A String", # The key type. |
| "privateKeyData": "A String", # The private key data. Only provided in `CreateServiceAccountKey` |
| # responses. Make sure to keep the private key data secure because it |
| # allows for the assertion of the service account identity. |
| # When base64 decoded, the private key data can be used to authenticate with |
| # Google API client libraries and with |
| # <a href="/sdk/gcloud/reference/auth/activate-service-account">gcloud |
| # auth activate-service-account</a>. |
| }, |
| ], |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="upload">upload(name, body=None, x__xgafv=None)</code> |
| <pre>Creates a ServiceAccountKey, using a public key that you provide. |
| |
| Args: |
| name: string, The resource name of the service account in the following format: |
| `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. |
| Using `-` as a wildcard for the `PROJECT_ID` will infer the project from |
| the account. The `ACCOUNT` value can be the `email` address or the |
| `unique_id` of the service account. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # The service account key upload request. |
| "publicKeyData": "A String", # A field that allows clients to upload their own public key. If set, |
| # use this public key data to create a service account key for given |
| # service account. |
| # Please note, the expected format for this field is X509_PEM. |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Represents a service account key. |
| # |
| # A service account has two sets of key-pairs: user-managed, and |
| # system-managed. |
| # |
| # User-managed key-pairs can be created and deleted by users. Users are |
| # responsible for rotating these keys periodically to ensure security of |
| # their service accounts. Users retain the private key of these key-pairs, |
| # and Google retains ONLY the public key. |
| # |
| # System-managed keys are automatically rotated by Google, and are used for |
| # signing for a maximum of two weeks. The rotation process is probabilistic, |
| # and usage of the new key will gradually ramp up and down over the key's |
| # lifetime. We recommend caching the public key set for a service account for |
| # no more than 24 hours to ensure you have access to the latest keys. |
| # |
| # Public keys for all service accounts are also published at the OAuth2 |
| # Service Account API. |
| "privateKeyType": "A String", # The output format for the private key. |
| # Only provided in `CreateServiceAccountKey` responses, not |
| # in `GetServiceAccountKey` or `ListServiceAccountKey` responses. |
| # |
| # Google never exposes system-managed private keys, and never retains |
| # user-managed private keys. |
| "validAfterTime": "A String", # The key can be used after this timestamp. |
| "publicKeyData": "A String", # The public key data. Only provided in `GetServiceAccountKey` responses. |
| "name": "A String", # The resource name of the service account key in the following format |
| # `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. |
| "keyOrigin": "A String", # The key origin. |
| "validBeforeTime": "A String", # The key can be used before this timestamp. |
| # For system-managed key pairs, this timestamp is the end time for the |
| # private key signing operation. The public key could still be used |
| # for verification for a few hours after this time. |
| "keyAlgorithm": "A String", # Specifies the algorithm (and possibly key size) for the key. |
| "keyType": "A String", # The key type. |
| "privateKeyData": "A String", # The private key data. Only provided in `CreateServiceAccountKey` |
| # responses. Make sure to keep the private key data secure because it |
| # allows for the assertion of the service account identity. |
| # When base64 decoded, the private key data can be used to authenticate with |
| # Google API client libraries and with |
| # <a href="/sdk/gcloud/reference/auth/activate-service-account">gcloud |
| # auth activate-service-account</a>. |
| }</pre> |
| </div> |
| |
| </body></html> |
