Struct googapis::google::iam::admin::v1::ServiceAccountKey[][src]

pub struct ServiceAccountKey {
    pub name: String,
    pub private_key_type: i32,
    pub key_algorithm: i32,
    pub private_key_data: Vec<u8>,
    pub public_key_data: Vec<u8>,
    pub valid_after_time: Option<Timestamp>,
    pub valid_before_time: Option<Timestamp>,
    pub key_origin: i32,
    pub key_type: i32,
}
Expand description

Represents a service account key.

A service account has two sets of key-pairs: user-managed, and system-managed.

User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key.

System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key’s lifetime.

If you cache the public key set for a service account, we recommend that you update the cache every 15 minutes. User-managed keys can be added and removed at any time, so it is important to update the cache frequently. For Google-managed keys, Google will publish a key at least 6 hours before it is first used for signing and will keep publishing it for at least 6 hours after it was last used for signing.

Public keys for all service accounts are also published at the OAuth2 Service Account API.

Fields

name: String

The resource name of the service account key in the following format projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}.

private_key_type: i32

The output format for the private key. Only provided in CreateServiceAccountKey responses, not in GetServiceAccountKey or ListServiceAccountKey responses.

Google never exposes system-managed private keys, and never retains user-managed private keys.

key_algorithm: i32

Specifies the algorithm (and possibly key size) for the key.

private_key_data: Vec<u8>

The private key data. Only provided in CreateServiceAccountKey responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account.

public_key_data: Vec<u8>

The public key data. Only provided in GetServiceAccountKey responses.

valid_after_time: Option<Timestamp>

The key can be used after this timestamp.

valid_before_time: Option<Timestamp>

The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time.

key_origin: i32

The key origin.

key_type: i32

The key type.

Implementations

Returns the enum value of private_key_type, or the default if the field is set to an invalid enum value.

Sets private_key_type to the provided enum value.

Returns the enum value of key_algorithm, or the default if the field is set to an invalid enum value.

Sets key_algorithm to the provided enum value.

Returns the enum value of key_origin, or the default if the field is set to an invalid enum value.

Sets key_origin to the provided enum value.

Returns the enum value of key_type, or the default if the field is set to an invalid enum value.

Sets key_type to the provided enum value.

Trait Implementations

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Formats the value using the given formatter. Read more

Returns the “default value” for a type. Read more

Returns the encoded length of the message without a length delimiter.

Clears the message, resetting all fields to their default.

Encodes the message to a buffer. Read more

Encodes the message to a newly allocated buffer.

Encodes the message with a length-delimiter to a buffer. Read more

Encodes the message with a length-delimiter to a newly allocated buffer.

Decodes an instance of the message from a buffer. Read more

Decodes a length-delimited instance of the message from the buffer.

Decodes an instance of the message from a buffer, and merges it into self. Read more

Decodes a length-delimited instance of the message from buffer, and merges it into self. Read more

This method tests for self and other values to be equal, and is used by ==. Read more

This method tests for !=.

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Performs the conversion.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Performs the conversion.

Wrap the input message T in a tonic::Request

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

🔬 This is a nightly-only experimental API. (toowned_clone_into)

recently added

Uses borrowed data to replace owned data, usually by cloning. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more