public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-09-06 09:06:44 +00:00
Code Issues Projects Releases Wiki Activity
94e0b746df
terraform-provider-google/website/docs/r/google_service_account_key.html.markdown
Sébastien GLON 94e0b746df Add support for google_service_account_key (#472) 
* Initial support for google service account keys

* Add vendor for vault and encryption

* Add change for PR comment

* Add doc and improvement fo public key management

* adding waiter for compatibility with issue google/google-api-go-client#234

* improvement

* Add test with pgp_key

* Perform doc anf format

* remove test if public_key exists

* Add link on doc

* correct pr
2017-10-25 12:43:20 -07:00

86 lines
3.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: "google"
page_title: "Google: google_service_account_key"
sidebar_current: "docs-google-service-account-key"
description: |-
Allows management of a Google Cloud Platform service account Key Pair
---
# google\_service\_account\_key
Creates and manages service account key-pairs, which allow the user to establish identity of a service account outside of GCP. For more information, see [the official documentation](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) and [API](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys).
## Example Usage, creating a new Key Pair
```hcl
resource "google_service_account" "acceptance" {
account_id = "%v"
display_name = "%v"
}
resource "google_service_account_key" "acceptance" {
service_account_id = "${google_service_account.acceptance.id}"
public_key_type = "TYPE_X509_PEM_FILE"
}
```
## Create new Key Pair, encrypting the private key with a PGP Key
```hcl
resource "google_service_account" "acceptance" {
account_id = "%v"
display_name = "%v"
}
resource "google_service_account_key" "acceptance" {
service_account_id = "${google_service_account.acceptance.id}"
pgp_key = "keybase:keybaseusername"
public_key_type = "TYPE_X509_PEM_FILE"
}
```
## Argument Reference
The following arguments are supported:
* `service_account_id` - (Required) The Service account id of the Key Pair.
* `key_algorithm` - (Optional) The output format of the private key. GOOGLE_CREDENTIALS_FILE is the default output format. Valid values are listed at [ServiceAccountPrivateKeyType](https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys#ServiceAccountPrivateKeyType) (only used on create)
* `public_key_type` (Optional) The output format of the public key requested. X509_PEM is the default output format.
* `private_key_type` (Optional) The output format of the private key. GOOGLE_CREDENTIALS_FILE is the default output format.
* `pgp_key` (Optional) An optional PGP key to encrypt the resulting private
key material. Only used when creating or importing a new key pair
~> **NOTE:** a PGP key is not required, however it is strongly encouraged.
Without a PGP key, the private key material will be stored in state unencrypted.
## Attributes Reference
The following attributes are exported in addition to the arguments listed above:
* `name` - The name used for this key pair
* `fingerprint` - The MD5 public key fingerprint as specified in section 4 of RFC 4716.
* `public_key` - The public key, base64 encoded
* `private_key` - The private key, base64 encoded. This is only populated
when creating a new key, and when no `pgp_key` is provided
* `private_key_encrypted` The private key material, base 64 encoded and
encrypted with the given `pgp_key`. This is only populated when creating a new
key and `pgp_key` is supplied
* `private_key_fingerprint` - The MD5 public key fingerprint for the encrypted
private key
* `valid_after` - The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
* `valid_before` - The key can be used before this timestamp.
A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
Reference in New Issue View Git Blame Copy Permalink