List

2 variables

9 variables

Lists ServiceAccountKeys

Authorization

To use this building block you will have to grant access to at least one of the following scopes:

View and manage your data across Google Cloud Platform services

Input

This building block consumes 2 input parameters

Name Format Description

Name	Format	Description
`name` Required	`STRING`	The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID`, will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account
`keyTypes`	`ENUMERATION`	Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned

name Required

STRING

The resource name of the service account in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}.

Using - as a wildcard for the PROJECT_ID, will infer the project from the account. The ACCOUNT value can be the email address or the unique_id of the service account

keyTypes

ENUMERATION

Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned

= Parameter name
= Format

name STRING Required

The resource name of the service account in the following format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}.

Using - as a wildcard for the PROJECT_ID, will infer the project from the account. The ACCOUNT value can be the email address or the unique_id of the service account

keyTypes ENUMERATION

Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned

Output

This building block provides 9 output parameters

Name	Format	Description
`keys[]`	`OBJECT`	Represents a service account key. A service account has two sets of key-pairs: user-managed, and system-managed. User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key. System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key's lifetime. We recommend caching the public key set for a service account for no more than 24 hours to ensure you have access to the latest keys. Public keys for all service accounts are also published at the OAuth2 Service Account API
`keys[].keyAlgorithm`	`ENUMERATION`	Specifies the algorithm (and possibly key size) for the key
`keys[].keyOrigin`	`ENUMERATION`	The key origin
`keys[].validAfterTime`	`ANY`	The key can be used after this timestamp
`keys[].privateKeyType`	`ENUMERATION`	The output format for the private key. Only provided in `CreateServiceAccountKey` responses, not in `GetServiceAccountKey` or `ListServiceAccountKey` responses. Google never exposes system-managed private keys, and never retains user-managed private keys
`keys[].privateKeyData`	`BINARY`	The private key data. Only provided in `CreateServiceAccountKey` responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account
`keys[].publicKeyData`	`BINARY`	The public key data. Only provided in `GetServiceAccountKey` responses
`keys[].name`	`STRING`	The resource name of the service account key in the following format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`
`keys[].validBeforeTime`	`ANY`	The key can be used before this timestamp

= Parameter name
= Format

keys[] OBJECT

Represents a service account key.

A service account has two sets of key-pairs: user-managed, and system-managed.

User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key.

System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key's lifetime. We recommend caching the public key set for a service account for no more than 24 hours to ensure you have access to the latest keys.

Public keys for all service accounts are also published at the OAuth2 Service Account API

keys[].keyAlgorithm ENUMERATION

Specifies the algorithm (and possibly key size) for the key

keys[].keyOrigin ENUMERATION

The key origin

keys[].validAfterTime ANY

The key can be used after this timestamp

keys[].privateKeyType ENUMERATION

The output format for the private key. Only provided in CreateServiceAccountKey responses, not in GetServiceAccountKey or ListServiceAccountKey responses.

Google never exposes system-managed private keys, and never retains user-managed private keys

keys[].privateKeyData BINARY

The private key data. Only provided in CreateServiceAccountKey responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account

keys[].publicKeyData BINARY

The public key data. Only provided in GetServiceAccountKey responses

keys[].name STRING

The resource name of the service account key in the following format projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}

keys[].validBeforeTime ANY

The key can be used before this timestamp

Projects / Service Accounts / Keys

List

Authorization

Input

Output