Yandex Cloud
  • Services
  • Solutions
  • Why Yandex Cloud
  • Blog
  • Pricing
  • Documentation
  • Contact us
Get started
Language / Region
Yandex project
© 2023 Yandex.Cloud LLC
Yandex Identity and Access Management
  • Getting started
    • How to manage access to resources
    • How to work with service accounts
  • Step-by-step instructions
    • All instructions
    • Handling secrets that are available in the public domain
    • Users
      • Adding users
      • Getting user ID or email
      • Deleting a user
    • Groups of users
      • Creating a group
      • Setting up group access bindings
      • Granting group permissions
    • Service accounts
      • Creating a service account
      • Updating a service account
      • Assigning roles to a service account
      • Setting up access rights for service accounts
      • Creating static access keys
      • Deleting static access keys
      • Getting the service account ID
      • Deleting a service account
    • Roles
      • Assigning roles
      • Viewing assigned roles
      • Revoking roles
    • IAM tokens
      • Getting an IAM token for a Yandex account
      • Getting an IAM token for a service account
      • Getting an IAM token for a federated account
    • Keys
      • Creating API keys
      • Deleting API keys
      • Creating authorized keys
      • Deleting authorized keys
  • Concepts
    • Overview
    • How access management works
      • Overview
      • Roles
      • System groups
      • Resources that roles can be assigned for
    • Authorization
      • Overview
      • IAM token
      • OAuth token
      • API key
      • Authorized keys
      • AWS-compatible access keys
    • Service accounts
    • Identity federations
    • Quotas and limits
  • How to use Yandex Cloud securely
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • ApiKeyService
      • IamTokenService
      • KeyService
      • RoleService
      • ServiceAccountService
      • UserAccountService
      • YandexPassportUserAccountService
      • AccessKeyService
      • CertificateService
      • FederationService
      • OperationService
    • REST
      • Overview
      • ApiKey
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • update
      • IamToken
        • Overview
        • create
        • createForServiceAccount
      • Key
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • update
      • Role
        • Overview
        • get
        • list
      • ServiceAccount
        • Overview
        • create
        • delete
        • get
        • list
        • listAccessBindings
        • listOperations
        • setAccessBindings
        • update
        • updateAccessBindings
      • UserAccount
        • Overview
        • get
      • YandexPassportUserAccount
        • Overview
        • getByLogin
      • Operation
        • Overview
        • get
      • AccessKey
        • Overview
        • list
        • get
        • delete
        • update
        • listOperations
        • create
      • Federation
        • Overview
        • list
        • get
        • listUserAccounts
        • delete
        • addUserAccounts
        • update
        • listOperations
        • create
      • Certificate
        • Overview
        • list
        • get
        • delete
        • update
        • listOperations
        • create
  • Questions and answers
    • General questions
    • Logging in and accessing resources
    • All questions on one page
  1. API reference
  2. gRPC
  3. AccessKeyService

Identity and Access Management API, gRPC: AccessKeyService

Written by
Yandex Cloud
  • Calls AccessKeyService
  • List
    • ListAccessKeysRequest
    • ListAccessKeysResponse
    • AccessKey
  • Get
    • GetAccessKeyRequest
    • AccessKey
  • Create
    • CreateAccessKeyRequest
    • CreateAccessKeyResponse
    • AccessKey
  • Update
    • UpdateAccessKeyRequest
    • Operation
    • UpdateAccessKeyMetadata
    • AccessKey
  • Delete
    • DeleteAccessKeyRequest
    • Operation
    • DeleteAccessKeyMetadata
  • ListOperations
    • ListAccessKeyOperationsRequest
    • ListAccessKeyOperationsResponse
    • Operation

A set of methods for managing access keys.

Call Description
List Retrieves the list of access keys for the specified service account.
Get Returns the specified access key.
Create Creates an access key for the specified service account.
Update Updates the specified access key.
Delete Deletes the specified access key.
ListOperations Retrieves the list of operations for the specified access key.

Calls AccessKeyService

List

Retrieves the list of access keys for the specified service account.

rpc List (ListAccessKeysRequest) returns (ListAccessKeysResponse)

ListAccessKeysRequest

Field Description
service_account_id string
ID of the service account to list access keys for. To get the service account ID, use a yandex.cloud.iam.v1.ServiceAccountService.List request. If not specified, it defaults to the subject that made the request. The maximum string length in characters is 50.
page_size int64
The maximum number of results per page to return. If the number of available results is larger than page_size, the service returns a ListAccessKeysResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000.
page_token string
Page token. To get the next page of results, set page_token to the ListAccessKeysResponse.next_page_token returned by a previous list request. The maximum string length in characters is 2000.

ListAccessKeysResponse

Field Description
access_keys[] AccessKey
List of access keys.
next_page_token string
This token allows you to get the next page of results for list requests. If the number of results is larger than ListAccessKeysRequest.page_size, use the next_page_token as the value for the ListAccessKeysRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results.

AccessKey

Field Description
id string
ID of the AccessKey resource. It is used to manage secret credentials: an access key ID and a secret access key.
service_account_id string
ID of the service account that the access key belongs to.
created_at google.protobuf.Timestamp
Creation timestamp.
description string
Description of the access key. 0-256 characters long.
key_id string
ID of the access key. The key is AWS compatible.

Get

Returns the specified access key.
To get the list of available access keys, make a List request.

rpc Get (GetAccessKeyRequest) returns (AccessKey)

GetAccessKeyRequest

Field Description
access_key_id string
Required. ID of the AccessKey resource to return. To get the access key ID, use a AccessKeyService.List request. The maximum string length in characters is 50.

AccessKey

Field Description
id string
ID of the AccessKey resource. It is used to manage secret credentials: an access key ID and a secret access key.
service_account_id string
ID of the service account that the access key belongs to.
created_at google.protobuf.Timestamp
Creation timestamp.
description string
Description of the access key. 0-256 characters long.
key_id string
ID of the access key. The key is AWS compatible.

Create

Creates an access key for the specified service account.

rpc Create (CreateAccessKeyRequest) returns (CreateAccessKeyResponse)

CreateAccessKeyRequest

Field Description
service_account_id string
ID of the service account to create an access key for. To get the service account ID, use a yandex.cloud.iam.v1.ServiceAccountService.List request. If not specified, it defaults to the subject that made the request. The maximum string length in characters is 50.
description string
Description of the access key. The maximum string length in characters is 256.

CreateAccessKeyResponse

Field Description
access_key AccessKey
AccessKey resource.
secret string
Secret access key. The key is AWS compatible.

AccessKey

Field Description
id string
ID of the AccessKey resource. It is used to manage secret credentials: an access key ID and a secret access key.
service_account_id string
ID of the service account that the access key belongs to.
created_at google.protobuf.Timestamp
Creation timestamp.
description string
Description of the access key. 0-256 characters long.
key_id string
ID of the access key. The key is AWS compatible.

Update

Updates the specified access key.

rpc Update (UpdateAccessKeyRequest) returns (operation.Operation)

Metadata and response of Operation:

    Operation.metadata:UpdateAccessKeyMetadata

    Operation.response:AccessKey

UpdateAccessKeyRequest

Field Description
access_key_id string
Required. ID of the AccessKey resource to update. To get the access key ID, use a AccessKeyService.List request. The maximum string length in characters is 50.
update_mask google.protobuf.FieldMask
Field mask that specifies which fields of the Accesskey resource are going to be updated.
description string
Description of the access key. The maximum string length in characters is 256.

Operation

Field Description
id string
ID of the operation.
description string
Description of the operation. 0-256 characters long.
created_at google.protobuf.Timestamp
Creation timestamp.
created_by string
ID of the user or service account who initiated the operation.
modified_at google.protobuf.Timestamp
The time when the Operation resource was last modified.
done bool
If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata google.protobuf.Any<UpdateAccessKeyMetadata>
Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result oneof: error or response
The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
  error google.rpc.Status
The error result of the operation in case of failure or cancellation.
  response google.protobuf.Any<AccessKey>
if operation finished successfully.

UpdateAccessKeyMetadata

Field Description
access_key_id string
ID of the AccessKey resource that is being updated.

AccessKey

Field Description
id string
ID of the AccessKey resource. It is used to manage secret credentials: an access key ID and a secret access key.
service_account_id string
ID of the service account that the access key belongs to.
created_at google.protobuf.Timestamp
Creation timestamp.
description string
Description of the access key. 0-256 characters long.
key_id string
ID of the access key. The key is AWS compatible.

Delete

Deletes the specified access key.

rpc Delete (DeleteAccessKeyRequest) returns (operation.Operation)

Metadata and response of Operation:

    Operation.metadata:DeleteAccessKeyMetadata

    Operation.response:google.protobuf.Empty

DeleteAccessKeyRequest

Field Description
access_key_id string
Required. ID of the access key to delete. To get the access key ID, use a AccessKeyService.List request. The maximum string length in characters is 50.

Operation

Field Description
id string
ID of the operation.
description string
Description of the operation. 0-256 characters long.
created_at google.protobuf.Timestamp
Creation timestamp.
created_by string
ID of the user or service account who initiated the operation.
modified_at google.protobuf.Timestamp
The time when the Operation resource was last modified.
done bool
If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata google.protobuf.Any<DeleteAccessKeyMetadata>
Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result oneof: error or response
The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
  error google.rpc.Status
The error result of the operation in case of failure or cancellation.
  response google.protobuf.Any<google.protobuf.Empty>
if operation finished successfully.

DeleteAccessKeyMetadata

Field Description
access_key_id string
ID of the access key that is being deleted.

ListOperations

Retrieves the list of operations for the specified access key.

rpc ListOperations (ListAccessKeyOperationsRequest) returns (ListAccessKeyOperationsResponse)

ListAccessKeyOperationsRequest

Field Description
access_key_id string
Required. ID of the key to list operations for. The maximum string length in characters is 50.
page_size int64
The maximum number of results per page to return. If the number of available results is larger than page_size, the service returns a ListAccessKeyOperationsResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. Acceptable values are 0 to 1000, inclusive.
page_token string
Page token. To get the next page of results, set page_token to the ListAccessKeyOperationsResponse.next_page_token returned by a previous list request. The maximum string length in characters is 2000.

ListAccessKeyOperationsResponse

Field Description
operations[] operation.Operation
List of operations for the specified access key.
next_page_token string
This token allows you to get the next page of results for list requests. If the number of results is larger than ListAccessKeyOperationsRequest.page_size, use the next_page_token as the value for the ListAccessKeyOperationsRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results.

Operation

Field Description
id string
ID of the operation.
description string
Description of the operation. 0-256 characters long.
created_at google.protobuf.Timestamp
Creation timestamp.
created_by string
ID of the user or service account who initiated the operation.
modified_at google.protobuf.Timestamp
The time when the Operation resource was last modified.
done bool
If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata google.protobuf.Any
Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
result oneof: error or response
The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
  error google.rpc.Status
The error result of the operation in case of failure or cancellation.
  response google.protobuf.Any
The normal response of the operation in case of success. If the original method returns no data on success, such as Delete, the response is google.protobuf.Empty. If the original method is the standard Create/Update, the response should be the target resource of the operation. Any method that returns a long-running operation should document the response type, if any.

Was the article helpful?

Language / Region
Yandex project
© 2023 Yandex.Cloud LLC
In this article:
  • Calls AccessKeyService
  • List
  • ListAccessKeysRequest
  • ListAccessKeysResponse
  • AccessKey
  • Get
  • GetAccessKeyRequest
  • AccessKey
  • Create
  • CreateAccessKeyRequest
  • CreateAccessKeyResponse
  • AccessKey
  • Update
  • UpdateAccessKeyRequest
  • Operation
  • UpdateAccessKeyMetadata
  • AccessKey
  • Delete
  • DeleteAccessKeyRequest
  • Operation
  • DeleteAccessKeyMetadata
  • ListOperations
  • ListAccessKeyOperationsRequest
  • ListAccessKeyOperationsResponse
  • Operation