Get started
Yandex Identity and Access Management

Creating static access keys

Instructions for how to create static access keys for service accounts.

If you don't have a service account yet, create one and assign it roles.

To create a static access key:

  1. Go to the folder that the service account belongs to.

  2. Go to the Service accounts tab.

  3. Choose a service account and click the line with its name.

  4. Click Create new key in the top panel.

  5. Click Create access key.

  6. Enter a description of the key so that you can easily find it in the management console.

  7. Save the ID and private key.

    Alert

    After the dialog is closed, the private key value will be unavailable.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. See the description of the create static access key command:

    $ yc iam access-key create --help

  2. Select a service account (for example, my-robot):

    $ yc iam service-account list
+----------------------+------------------+-------------------------------+
|          ID          |       NAME       |          DESCRIPTION          |
+----------------------+------------------+-------------------------------+
| aje6o61dvog2h6g9a33s | my-robot         |                               |
| aje9sda1ufvqcmfksd3f | blabla           | bla bla bla is my description |
+----------------------+------------------+-------------------------------+

  3. Create an access key for the my-robot service account:

    $ yc iam access-key create --service-account-name my-robot

access_key:
  id: aje6t3vsbj8lp9r4vk2u
  service_account_id: ajepg0mjt06siuj65usm
  created_at: "2018-11-22T14:37:51Z"
  key_id: 0n8X6WY6S24N7OjXQ0YQ
secret: JyTRFdqw8t1kh2-OJNz4JX5ZTz9Dj1rI9hxtzMP1

  4. Save the ID key_id and private key secret. You will not be able to get the key value again.

To create an access key, use the create method for the AccessKey resource.

Examples

Add a description when creating

Add a description when creating an access key.

$ yc iam access-key create --service-account-name my-robot \
    --description "this key is for my bucket"

$ curl -X POST \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer <IAM-TOKEN>" \
    -d '{
        "serviceAccountId": "aje6o61dvog2h6g9a33s",
        "description": "this key is for my bucket"
    }' \
    https://iam.api.cloud.yandex.net/iam/aws-compatibility/v1/accessKeys

What's next