Creating API keys
Instructions for how to create API keys for service accounts. The API key is a private key used for simplified authorization in the Yandex.Cloud API.
If you don't have a service account yet, create one and assign it roles.
To create an API key:
-
Go to the folder that the service account belongs to.
-
Go to the Service accounts tab.
-
Choose a service account and click the line with its name.
-
Click Create new key in the top panel.
-
Click Create API key.
-
Enter a description of the key so that you can easily find it in the management console.
-
Save the ID and private key.
After the dialog is closed, the private key value will be unavailable.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
See the description of the create API key command:
$ yc iam api-key create --help
-
Select a service account (for example,
my-robot
):$ yc iam service-account list +----------------------+------------------+-------------------------------+ | ID | NAME | DESCRIPTION | +----------------------+------------------+-------------------------------+ | aje6o61dvog2h6g9a33s | my-robot | | | aje9sda1ufvqcmfksd3f | blabla | bla bla bla is my description | +----------------------+------------------+-------------------------------+
-
Create an API key for the
my-robot
service account and write the response to a file:$ yc iam api-key create --service-account-name my-robot > api-key.yaml
The response's
secret
property will contain the API key:api_key: id: ajeke74kbp5bfq7m6ka2 service_account_id: ajepg0mjt06siuj65usm created_at: "2019-04-09T08:41:27Z" secret: AQVN1HHJReSrfo9jU3aopsXrJyfq_UHsssT5ICtm
For information about how to pass the key in a request, read the documentation on the services that support this authorization method.
-
Create an API key using the create method for the ApiKey resource:
$ export SERVICEACCOUNT_ID=aje6o61dvog2h6g9a33s $ export IAM_TOKEN=CggaATEVAgA... $ curl -X POST \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $IAM_TOKEN" \ -d "{ \"serviceAccountId\": \"$SERVICEACCOUNT_ID\" }" \ https://iam.api.cloud.yandex.net/iam/v1/apiKeys
Examples
Add a description when creating
To make it easier to find an API key without knowing its ID, add a description when creating it:
$ yc iam api-key create --service-account-name my-robot \
--description "this API-key is for my-robot"
$ export SERVICEACCOUNT_ID=aje6o61dvog2h6g9a33s
$ export IAM_TOKEN=CggaATEVAgA...
$ curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $IAM_TOKEN" \
-d "{
\"serviceAccountId\": \"$SERVICEACCOUNT_ID\",
\"description\": \"this API-key is for my-robot\"
}" \
https://iam.api.cloud.yandex.net/iam/v1/apiKeys