Allows management of a Google Cloud Platform service account Key Pair
---
# google\_service\_account\_key
Creates and manages service account key-pairs, which allow the user to establish identity of a service account outside of GCP. For more information, see [the official documentation](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) and [API](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys).
~> **NOTE:** a PGP key is not required, however it is strongly encouraged.
Without a PGP key, the private key material will be stored in state unencrypted.
## Attributes Reference
The following attributes are exported in addition to the arguments listed above:
*`name` - The name used for this key pair
*`fingerprint` - The MD5 public key fingerprint as specified in section 4 of RFC 4716.
*`public_key` - The public key, base64 encoded
*`private_key` - The private key, base64 encoded. This is only populated
when creating a new key, and when no `pgp_key` is provided
*`private_key_encrypted`– The private key material, base 64 encoded and
encrypted with the given `pgp_key`. This is only populated when creating a new
key and `pgp_key` is supplied
*`private_key_fingerprint` - The MD5 public key fingerprint for the encrypted
private key
*`valid_after` - The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
*`valid_before` - The key can be used before this timestamp.
A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".