Yandex Cloud
  • Services
  • Solutions
  • Why Yandex Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Language / Region
© 2022 Yandex.Cloud LLC
Yandex Identity and Access Management
  • Getting started
    • How to manage access to resources
    • How to work with service accounts
  • Step-by-step instructions
    • All instructions
    • Users
      • Adding users
      • Getting user ID or email
      • Deleting a user
    • Service accounts
      • Creating a service account
      • Updating a service account
      • Assigning roles to a service account
      • Setting up access rights for a service account
      • Creating static access keys
      • Getting the service account ID
      • Deleting service accounts
    • Roles
      • Assigning roles
      • Viewing assigned roles
      • Revoking roles
    • IAM tokens
      • Getting an IAM token for a Yandex account
      • Getting an IAM token for a service account
      • Getting an IAM token for a federated account
    • Keys
      • Creating API keys
      • Deleting API keys
      • Creating authorized keys
  • Concepts
    • Overview
    • How access management works
      • Overview
      • Roles
      • System groups
      • Resources that roles can be assigned for
    • Authorization
      • Overview
      • IAM token
      • OAuth token
      • API key
      • Authorized keys
      • AWS-compatible access keys
    • Service accounts
    • Identity federations
    • Quotas and limits
  • How to use Yandex Cloud securely
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • ApiKeyService
      • IamTokenService
      • KeyService
      • RoleService
      • ServiceAccountService
      • UserAccountService
      • YandexPassportUserAccountService
      • AccessKeyService
      • CertificateService
      • FederationService
      • OperationService
    • REST
      • Overview
      • ApiKey
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • update
      • IamToken
        • Overview
        • create
        • createForServiceAccount
      • Key
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • update
      • Role
        • Overview
        • get
        • list
      • ServiceAccount
        • Overview
        • create
        • delete
        • get
        • list
        • listAccessBindings
        • listOperations
        • setAccessBindings
        • update
        • updateAccessBindings
      • UserAccount
        • Overview
        • get
      • YandexPassportUserAccount
        • Overview
        • getByLogin
      • Operation
        • Overview
        • get
      • AccessKey
        • Overview
        • list
        • get
        • delete
        • update
        • listOperations
        • create
      • Federation
        • Overview
        • list
        • get
        • listUserAccounts
        • delete
        • addUserAccounts
        • update
        • listOperations
        • create
      • Certificate
        • Overview
        • list
        • get
        • delete
        • update
        • listOperations
        • create
  • Questions and answers
    • General questions
    • Logging in and accessing resources
    • All questions on the same page
  1. API reference
  2. REST
  3. Key
  4. create

Method create

Written by
Yandex.Cloud
  • HTTP request
  • Body parameters
  • Response

Creates a key pair for the specified service account.

HTTP request

POST https://iam.api.cloud.yandex.net/iam/v1/keys

Body parameters

{
  "serviceAccountId": "string",
  "description": "string",
  "format": "string",
  "keyAlgorithm": "string"
}
Field Description
serviceAccountId string

ID of the service account to create a key pair for. To get the service account ID, use a list request. If not specified, it defaults to the subject that made the request.

The maximum string length in characters is 50.

description string

Description of the key pair.

The maximum string length in characters is 256.

format string

Output format of the key.

  • PEM_FILE: Privacy-Enhanced Mail (PEM) format. Default value.
keyAlgorithm string

An algorithm used to generate a key pair of the Key resource.

  • RSA_2048: RSA with a 2048-bit key size. Default value.
  • RSA_4096: RSA with a 4096-bit key size.

Response

HTTP Code: 200 - OK

{
  "key": {
    "id": "string",
    "createdAt": "string",
    "description": "string",
    "keyAlgorithm": "string",
    "publicKey": "string",

    // `key` includes only one of the fields `userAccountId`, `serviceAccountId`
    "userAccountId": "string",
    "serviceAccountId": "string",
    // end of the list of possible fields`key`

  },
  "privateKey": "string"
}
Field Description
key object

Key resource.

A Key resource. For more information, see Authorized keys.

key.
id
string

ID of the Key resource.

key.
createdAt
string (date-time)

Creation timestamp.

String in RFC3339 text format.

key.
description
string

Description of the Key resource. 0-256 characters long.

key.
keyAlgorithm
string
An algorithm used to generate a key pair of the Key resource.
  • RSA_2048: RSA with a 2048-bit key size. Default value.
  • RSA_4096: RSA with a 4096-bit key size.
key.
publicKey
string

A public key of the Key resource.

key.
userAccountId
string
key includes only one of the fields userAccountId, serviceAccountId

ID of the user account that the Key resource belongs to.

key.
serviceAccountId
string
key includes only one of the fields userAccountId, serviceAccountId

ID of the service account that the Key resource belongs to.

privateKey string

A private key of the Key resource. This key must be stored securely.

Was the article helpful?

Language / Region
© 2022 Yandex.Cloud LLC
In this article:
  • HTTP request
  • Body parameters
  • Response