Create

3 variables

8 variables

Creates a ServiceAccountKey and returns it

Authorization

To use this building block you will have to grant access to at least one of the following scopes:

View and manage your data across Google Cloud Platform services

Input

This building block consumes 3 input parameters

Name	Format	Description
`name` Required	`STRING`	The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account
`keyAlgorithm`	`ENUMERATION`	Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future
`privateKeyType`	`ENUMERATION`	The output format of the private key. The default value is `TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google Credentials File format

= Parameter name
= Format

name STRING Required

The resource name of the service account in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. Using - as a wildcard for the PROJECT_ID will infer the project from the account. The ACCOUNT value can be the email address or the unique_id of the service account

keyAlgorithm ENUMERATION

Which type of key and algorithm to use for the key. The default is currently a 2K RSA key. However this may change in the future

privateKeyType ENUMERATION

The output format of the private key. The default value is TYPE_GOOGLE_CREDENTIALS_FILE, which is the Google Credentials File format

Output

This building block provides 8 output parameters

Name	Format	Description
`keyAlgorithm`	`ENUMERATION`	Specifies the algorithm (and possibly key size) for the key
`keyOrigin`	`ENUMERATION`	The key origin
`validAfterTime`	`ANY`	The key can be used after this timestamp
`privateKeyType`	`ENUMERATION`	The output format for the private key. Only provided in `CreateServiceAccountKey` responses, not in `GetServiceAccountKey` or `ListServiceAccountKey` responses. Google never exposes system-managed private keys, and never retains user-managed private keys
`privateKeyData`	`BINARY`	The private key data. Only provided in `CreateServiceAccountKey` responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account
`publicKeyData`	`BINARY`	The public key data. Only provided in `GetServiceAccountKey` responses
`name`	`STRING`	The resource name of the service account key in the following format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`
`validBeforeTime`	`ANY`	The key can be used before this timestamp

= Parameter name
= Format

keyAlgorithm ENUMERATION

Specifies the algorithm (and possibly key size) for the key

keyOrigin ENUMERATION

The key origin

validAfterTime ANY

The key can be used after this timestamp

privateKeyType ENUMERATION

The output format for the private key. Only provided in CreateServiceAccountKey responses, not in GetServiceAccountKey or ListServiceAccountKey responses.

Google never exposes system-managed private keys, and never retains user-managed private keys

privateKeyData BINARY

The private key data. Only provided in CreateServiceAccountKey responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account

publicKeyData BINARY

The public key data. Only provided in GetServiceAccountKey responses

name STRING

The resource name of the service account key in the following format projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}

validBeforeTime ANY

The key can be used before this timestamp

Projects / Service Accounts / Keys

Create

Authorization

Input

Output