Google Cloud Native v0.32.0, Nov 29 23

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

google-native.iam/v1.Key

Explore with Pulumi AI

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

Create Key Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new Key(name: string, args: KeyArgs, opts?: CustomResourceOptions);

@overload
def Key(resource_name: str,
        args: KeyArgs,
        opts: Optional[ResourceOptions] = None)

@overload
def Key(resource_name: str,
        opts: Optional[ResourceOptions] = None,
        service_account_id: Optional[str] = None,
        key_algorithm: Optional[KeyKeyAlgorithm] = None,
        private_key_type: Optional[KeyPrivateKeyType] = None,
        project: Optional[str] = None)

func NewKey(ctx *Context, name string, args KeyArgs, opts ...ResourceOption) (*Key, error)

public Key(string name, KeyArgs args, CustomResourceOptions? opts = null)

public Key(String name, KeyArgs args)
public Key(String name, KeyArgs args, CustomResourceOptions options)

type: google-native:iam/v1:Key
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var google_nativeKeyResource = new GoogleNative.IAM.V1.Key("google-nativeKeyResource", new()
{
    ServiceAccountId = "string",
    KeyAlgorithm = GoogleNative.IAM.V1.KeyKeyAlgorithm.KeyAlgUnspecified,
    PrivateKeyType = GoogleNative.IAM.V1.KeyPrivateKeyType.TypeUnspecified,
    Project = "string",
});

example, err := iam.NewKey(ctx, "google-nativeKeyResource", &iam.KeyArgs{
	ServiceAccountId: pulumi.String("string"),
	KeyAlgorithm:     iam.KeyKeyAlgorithmKeyAlgUnspecified,
	PrivateKeyType:   iam.KeyPrivateKeyTypeTypeUnspecified,
	Project:          pulumi.String("string"),
})

var google_nativeKeyResource = new Key("google-nativeKeyResource", KeyArgs.builder()
    .serviceAccountId("string")
    .keyAlgorithm("KEY_ALG_UNSPECIFIED")
    .privateKeyType("TYPE_UNSPECIFIED")
    .project("string")
    .build());

google_native_key_resource = google_native.iam.v1.Key("google-nativeKeyResource",
    service_account_id="string",
    key_algorithm=google_native.iam.v1.KeyKeyAlgorithm.KEY_ALG_UNSPECIFIED,
    private_key_type=google_native.iam.v1.KeyPrivateKeyType.TYPE_UNSPECIFIED,
    project="string")

const google_nativeKeyResource = new google_native.iam.v1.Key("google-nativeKeyResource", {
    serviceAccountId: "string",
    keyAlgorithm: google_native.iam.v1.KeyKeyAlgorithm.KeyAlgUnspecified,
    privateKeyType: google_native.iam.v1.KeyPrivateKeyType.TypeUnspecified,
    project: "string",
});

type: google-native:iam/v1:Key
properties:
    keyAlgorithm: KEY_ALG_UNSPECIFIED
    privateKeyType: TYPE_UNSPECIFIED
    project: string
    serviceAccountId: string

Key Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Key resource accepts the following input properties:

ServiceAccountId string
KeyAlgorithm Pulumi.GoogleNative.IAM.V1.KeyKeyAlgorithm: Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future.
PrivateKeyType Pulumi.GoogleNative.IAM.V1.KeyPrivateKeyType: The output format of the private key. The default value is TYPE_GOOGLE_CREDENTIALS_FILE, which is the Google Credentials File format.
Project string

ServiceAccountId string
KeyAlgorithm KeyKeyAlgorithm: Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future.
PrivateKeyType KeyPrivateKeyType: The output format of the private key. The default value is TYPE_GOOGLE_CREDENTIALS_FILE, which is the Google Credentials File format.
Project string

serviceAccountId String
keyAlgorithm KeyKeyAlgorithm: Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future.
privateKeyType KeyPrivateKeyType: The output format of the private key. The default value is TYPE_GOOGLE_CREDENTIALS_FILE, which is the Google Credentials File format.
project String

serviceAccountId string
keyAlgorithm KeyKeyAlgorithm: Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future.
privateKeyType KeyPrivateKeyType: The output format of the private key. The default value is TYPE_GOOGLE_CREDENTIALS_FILE, which is the Google Credentials File format.
project string

service_account_id str
key_algorithm KeyKeyAlgorithm: Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future.
private_key_type KeyPrivateKeyType: The output format of the private key. The default value is TYPE_GOOGLE_CREDENTIALS_FILE, which is the Google Credentials File format.
project str

serviceAccountId String
keyAlgorithm "KEY_ALG_UNSPECIFIED" | "KEY_ALG_RSA_1024" | "KEY_ALG_RSA_2048": Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future.
privateKeyType "TYPE_UNSPECIFIED" | "TYPE_PKCS12_FILE" | "TYPE_GOOGLE_CREDENTIALS_FILE": The output format of the private key. The default value is TYPE_GOOGLE_CREDENTIALS_FILE, which is the Google Credentials File format.
project String

Outputs

All input properties are implicitly available as output properties. Additionally, the Key resource produces the following output properties:

Disabled bool: The key status.
Id string: The provider-assigned unique ID for this managed resource.
KeyOrigin string: The key origin.
KeyType string: The key type.
Name string: The resource name of the service account key in the following format projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}.
PrivateKeyData string: The private key data. Only provided in CreateServiceAccountKey responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account.
PublicKeyData string: The public key data. Only provided in GetServiceAccountKey responses.
ValidAfterTime string: The key can be used after this timestamp.
ValidBeforeTime string: The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time.

Disabled bool: The key status.
Id string: The provider-assigned unique ID for this managed resource.
KeyOrigin string: The key origin.
KeyType string: The key type.
Name string: The resource name of the service account key in the following format projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}.
PrivateKeyData string: The private key data. Only provided in CreateServiceAccountKey responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account.
PublicKeyData string: The public key data. Only provided in GetServiceAccountKey responses.
ValidAfterTime string: The key can be used after this timestamp.
ValidBeforeTime string: The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time.

disabled Boolean: The key status.
id String: The provider-assigned unique ID for this managed resource.
keyOrigin String: The key origin.
keyType String: The key type.
name String: The resource name of the service account key in the following format projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}.
privateKeyData String: The private key data. Only provided in CreateServiceAccountKey responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account.
publicKeyData String: The public key data. Only provided in GetServiceAccountKey responses.
validAfterTime String: The key can be used after this timestamp.
validBeforeTime String: The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time.

disabled boolean: The key status.
id string: The provider-assigned unique ID for this managed resource.
keyOrigin string: The key origin.
keyType string: The key type.
name string: The resource name of the service account key in the following format projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}.
privateKeyData string: The private key data. Only provided in CreateServiceAccountKey responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account.
publicKeyData string: The public key data. Only provided in GetServiceAccountKey responses.
validAfterTime string: The key can be used after this timestamp.
validBeforeTime string: The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time.

disabled bool: The key status.
id str: The provider-assigned unique ID for this managed resource.
key_origin str: The key origin.
key_type str: The key type.
name str: The resource name of the service account key in the following format projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}.
private_key_data str: The private key data. Only provided in CreateServiceAccountKey responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account.
public_key_data str: The public key data. Only provided in GetServiceAccountKey responses.
valid_after_time str: The key can be used after this timestamp.
valid_before_time str: The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time.

disabled Boolean: The key status.
id String: The provider-assigned unique ID for this managed resource.
keyOrigin String: The key origin.
keyType String: The key type.
name String: The resource name of the service account key in the following format projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}.
privateKeyData String: The private key data. Only provided in CreateServiceAccountKey responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account.
publicKeyData String: The public key data. Only provided in GetServiceAccountKey responses.
validAfterTime String: The key can be used after this timestamp.
validBeforeTime String: The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time.

Supporting Types

KeyKeyAlgorithm
, KeyKeyAlgorithmArgs

KeyAlgUnspecified: KEY_ALG_UNSPECIFIEDAn unspecified key algorithm.
KeyAlgRsa1024: KEY_ALG_RSA_10241k RSA Key.
KeyAlgRsa2048: KEY_ALG_RSA_20482k RSA Key.

KeyKeyAlgorithmKeyAlgUnspecified: KEY_ALG_UNSPECIFIEDAn unspecified key algorithm.
KeyKeyAlgorithmKeyAlgRsa1024: KEY_ALG_RSA_10241k RSA Key.
KeyKeyAlgorithmKeyAlgRsa2048: KEY_ALG_RSA_20482k RSA Key.

KeyAlgUnspecified: KEY_ALG_UNSPECIFIEDAn unspecified key algorithm.
KeyAlgRsa1024: KEY_ALG_RSA_10241k RSA Key.
KeyAlgRsa2048: KEY_ALG_RSA_20482k RSA Key.

KeyAlgUnspecified: KEY_ALG_UNSPECIFIEDAn unspecified key algorithm.
KeyAlgRsa1024: KEY_ALG_RSA_10241k RSA Key.
KeyAlgRsa2048: KEY_ALG_RSA_20482k RSA Key.

KEY_ALG_UNSPECIFIED: KEY_ALG_UNSPECIFIEDAn unspecified key algorithm.
KEY_ALG_RSA1024: KEY_ALG_RSA_10241k RSA Key.
KEY_ALG_RSA2048: KEY_ALG_RSA_20482k RSA Key.

"KEY_ALG_UNSPECIFIED": KEY_ALG_UNSPECIFIEDAn unspecified key algorithm.
"KEY_ALG_RSA_1024": KEY_ALG_RSA_10241k RSA Key.
"KEY_ALG_RSA_2048": KEY_ALG_RSA_20482k RSA Key.

KeyPrivateKeyType
, KeyPrivateKeyTypeArgs

TypeUnspecified: TYPE_UNSPECIFIEDUnspecified. Equivalent to TYPE_GOOGLE_CREDENTIALS_FILE.
TypePkcs12File: TYPE_PKCS12_FILEPKCS12 format. The password for the PKCS12 file is notasecret. For more information, see https://tools.ietf.org/html/rfc7292.
TypeGoogleCredentialsFile: TYPE_GOOGLE_CREDENTIALS_FILEGoogle Credentials File format.

KeyPrivateKeyTypeTypeUnspecified: TYPE_UNSPECIFIEDUnspecified. Equivalent to TYPE_GOOGLE_CREDENTIALS_FILE.
KeyPrivateKeyTypeTypePkcs12File: TYPE_PKCS12_FILEPKCS12 format. The password for the PKCS12 file is notasecret. For more information, see https://tools.ietf.org/html/rfc7292.
KeyPrivateKeyTypeTypeGoogleCredentialsFile: TYPE_GOOGLE_CREDENTIALS_FILEGoogle Credentials File format.

TypeUnspecified: TYPE_UNSPECIFIEDUnspecified. Equivalent to TYPE_GOOGLE_CREDENTIALS_FILE.
TypePkcs12File: TYPE_PKCS12_FILEPKCS12 format. The password for the PKCS12 file is notasecret. For more information, see https://tools.ietf.org/html/rfc7292.
TypeGoogleCredentialsFile: TYPE_GOOGLE_CREDENTIALS_FILEGoogle Credentials File format.

TypeUnspecified: TYPE_UNSPECIFIEDUnspecified. Equivalent to TYPE_GOOGLE_CREDENTIALS_FILE.
TypePkcs12File: TYPE_PKCS12_FILEPKCS12 format. The password for the PKCS12 file is notasecret. For more information, see https://tools.ietf.org/html/rfc7292.
TypeGoogleCredentialsFile: TYPE_GOOGLE_CREDENTIALS_FILEGoogle Credentials File format.

TYPE_UNSPECIFIED: TYPE_UNSPECIFIEDUnspecified. Equivalent to TYPE_GOOGLE_CREDENTIALS_FILE.
TYPE_PKCS12_FILE: TYPE_PKCS12_FILEPKCS12 format. The password for the PKCS12 file is notasecret. For more information, see https://tools.ietf.org/html/rfc7292.
TYPE_GOOGLE_CREDENTIALS_FILE: TYPE_GOOGLE_CREDENTIALS_FILEGoogle Credentials File format.

"TYPE_UNSPECIFIED": TYPE_UNSPECIFIEDUnspecified. Equivalent to TYPE_GOOGLE_CREDENTIALS_FILE.
"TYPE_PKCS12_FILE": TYPE_PKCS12_FILEPKCS12 format. The password for the PKCS12 file is notasecret. For more information, see https://tools.ietf.org/html/rfc7292.
"TYPE_GOOGLE_CREDENTIALS_FILE": TYPE_GOOGLE_CREDENTIALS_FILEGoogle Credentials File format.

Package Details

Repository: Google Cloud Native pulumi/pulumi-google-native
License: Apache-2.0

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.iam/v1.Key

On this page

On this page

Create Key Resource

Constructor syntax

Parameters

Constructor example

Key Resource Properties

Inputs

Outputs

Supporting Types

KeyKeyAlgorithm
, KeyKeyAlgorithmArgs

KeyPrivateKeyType
, KeyPrivateKeyTypeArgs

Package Details

On this page

On this page

google-native.iam/v1.Key

On this page

On this page

Create Key Resource

Constructor syntax

Parameters

Constructor example

Key Resource Properties

Inputs

Outputs

Supporting Types

KeyKeyAlgorithm, KeyKeyAlgorithmArgs

KeyPrivateKeyType, KeyPrivateKeyTypeArgs

Package Details

On this page

On this page

KeyKeyAlgorithm
, KeyKeyAlgorithmArgs

KeyPrivateKeyType
, KeyPrivateKeyTypeArgs