Struct googapis::google::iam::admin::v1::ServiceAccountKey [−][src]
pub struct ServiceAccountKey {
pub name: String,
pub private_key_type: i32,
pub key_algorithm: i32,
pub private_key_data: Vec<u8>,
pub public_key_data: Vec<u8>,
pub valid_after_time: Option<Timestamp>,
pub valid_before_time: Option<Timestamp>,
pub key_origin: i32,
pub key_type: i32,
}
Expand description
Represents a service account key.
A service account has two sets of key-pairs: user-managed, and system-managed.
User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key.
System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key’s lifetime.
If you cache the public key set for a service account, we recommend that you update the cache every 15 minutes. User-managed keys can be added and removed at any time, so it is important to update the cache frequently. For Google-managed keys, Google will publish a key at least 6 hours before it is first used for signing and will keep publishing it for at least 6 hours after it was last used for signing.
Public keys for all service accounts are also published at the OAuth2 Service Account API.
Fields
name: String
The resource name of the service account key in the following format
projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}
.
private_key_type: i32
The output format for the private key.
Only provided in CreateServiceAccountKey
responses, not
in GetServiceAccountKey
or ListServiceAccountKey
responses.
Google never exposes system-managed private keys, and never retains user-managed private keys.
key_algorithm: i32
Specifies the algorithm (and possibly key size) for the key.
private_key_data: Vec<u8>
The private key data. Only provided in CreateServiceAccountKey
responses. Make sure to keep the private key data secure because it
allows for the assertion of the service account identity.
When base64 decoded, the private key data can be used to authenticate with
Google API client libraries and with
gcloud
auth activate-service-account.
public_key_data: Vec<u8>
The public key data. Only provided in GetServiceAccountKey
responses.
valid_after_time: Option<Timestamp>
The key can be used after this timestamp.
valid_before_time: Option<Timestamp>
The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time.
key_origin: i32
The key origin.
key_type: i32
The key type.
Implementations
Returns the enum value of private_key_type
, or the default if the field is set to an invalid enum value.
Sets private_key_type
to the provided enum value.
Returns the enum value of key_algorithm
, or the default if the field is set to an invalid enum value.
Sets key_algorithm
to the provided enum value.
Returns the enum value of key_origin
, or the default if the field is set to an invalid enum value.
Sets key_origin
to the provided enum value.
Returns the enum value of key_type
, or the default if the field is set to an invalid enum value.
Sets key_type
to the provided enum value.
Trait Implementations
fn merge_field<B>(
&mut self,
tag: u32,
wire_type: WireType,
buf: &mut B,
ctx: DecodeContext
) -> Result<(), DecodeError> where
B: Buf,
Returns the encoded length of the message without a length delimiter.
Encodes the message to a buffer. Read more
Encodes the message to a newly allocated buffer.
Encodes the message with a length-delimiter to a buffer. Read more
Encodes the message with a length-delimiter to a newly allocated buffer.
Decodes an instance of the message from a buffer. Read more
fn decode_length_delimited<B>(buf: B) -> Result<Self, DecodeError> where
Self: Default,
B: Buf,
fn decode_length_delimited<B>(buf: B) -> Result<Self, DecodeError> where
Self: Default,
B: Buf,
Decodes a length-delimited instance of the message from the buffer.
Decodes an instance of the message from a buffer, and merges it into self
. Read more
Decodes a length-delimited instance of the message from buffer, and
merges it into self
. Read more
This method tests for self
and other
values to be equal, and is used
by ==
. Read more
This method tests for !=
.
Auto Trait Implementations
impl RefUnwindSafe for ServiceAccountKey
impl Send for ServiceAccountKey
impl Sync for ServiceAccountKey
impl Unpin for ServiceAccountKey
impl UnwindSafe for ServiceAccountKey
Blanket Implementations
Mutably borrows from an owned value. Read more
Wrap the input message T
in a tonic::Request
pub fn vzip(self) -> V
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more