Creating authorized keys
To create authorized keys:
Management console
CLI
API
- Go to the folder that the service account belongs to.
- Go to the Service accounts tab.
- Choose a service account and click the line with its name.
- Click Create new key in the top panel.
- Click Create authorized key.
- Enter a description of the key so that you can easily find it in the management console.
- Save both the public and private keys. The private key is not saved in Yandex.Cloud, and you won't be able to view the public key in the management console.
Create authorized keys for the my-robot
service account:
$ yc iam key create --service-account-name my-robot -o my-robot-key.json
If successful, a private key (privateKey
) and public key ID (id
) are written to the my-robot-key.json
file.
Key file example:
{
"id": "lfkoe35hsk58aks301nl",
"service_account_id": "ajepg0mjt06siua65usm",
"created_at": "2019-03-20T10:04:56Z",
"key_algorithm": "RSA_2048",
"public_key": "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----\n",
"private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
}
To create an access key, use the create method for the Key resource.
Sample request using cURL:
curl -X POST \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer <IAM-TOKEN>" \
-d '{"serviceAccountId": "<SERVICE-ACCOUNT-ID>"}' \
https://iam.api.cloud.yandex.net/iam/v1/keys
where:
<IAM-TOKEN>
is the IAM token of the user who has rights to view service accounts in the folder.<SERVICE-ACCOUNT-ID>
is theID
of the service account that the keys are created for.
If successful, the server response will contain the private key (privateKey
) and public key ID (id
). Save this data. You will not be able to get the key value again.
Sample server response:
{
"key": {
"createdAt": "2018-10-30T15:55:00+00:00",
"description": "",
"id": "lfkoe35hsk58aks301nl",
"keyAlgorithm": "RSA_2048",
"publicKey": "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----\n",
"serviceAccountId": "ajepg0mjt06siua65usm"
},
"privateKey": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
}