Package com.google.iam.admin.v1

Class ServiceAccountKey

  • All Implemented Interfaces:
    ServiceAccountKeyOrBuilder, com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, Serializable
    public final class ServiceAccountKey
extends com.google.protobuf.GeneratedMessageV3
implements ServiceAccountKeyOrBuilder
     Represents a service account key.

 A service account has two sets of key-pairs: user-managed, and
 system-managed.

 User-managed key-pairs can be created and deleted by users.  Users are
 responsible for rotating these keys periodically to ensure security of
 their service accounts.  Users retain the private key of these key-pairs,
 and Google retains ONLY the public key.

 System-managed keys are automatically rotated by Google, and are used for
 signing for a maximum of two weeks. The rotation process is probabilistic,
 and usage of the new key will gradually ramp up and down over the key's
 lifetime.

 If you cache the public key set for a service account, we recommend that you
 update the cache every 15 minutes. User-managed keys can be added and removed
 at any time, so it is important to update the cache frequently. For
 Google-managed keys, Google will publish a key at least 6 hours before it is
 first used for signing and will keep publishing it for at least 6 hours after
 it was last used for signing.

 Public keys for all service accounts are also published at the OAuth2
 Service Account API.
    Protobuf type google.iam.admin.v1.ServiceAccountKey
    See Also:
    Serialized Form

    • Field Detail

      • PRIVATE_KEY_TYPE_FIELD_NUMBER

        public static final int PRIVATE_KEY_TYPE_FIELD_NUMBER
        See Also:
        Constant Field Values

      • KEY_ALGORITHM_FIELD_NUMBER

        public static final int KEY_ALGORITHM_FIELD_NUMBER
        See Also:
        Constant Field Values

      • PRIVATE_KEY_DATA_FIELD_NUMBER

        public static final int PRIVATE_KEY_DATA_FIELD_NUMBER
        See Also:
        Constant Field Values

      • PUBLIC_KEY_DATA_FIELD_NUMBER

        public static final int PUBLIC_KEY_DATA_FIELD_NUMBER
        See Also:
        Constant Field Values

      • VALID_AFTER_TIME_FIELD_NUMBER

        public static final int VALID_AFTER_TIME_FIELD_NUMBER
        See Also:
        Constant Field Values

      • VALID_BEFORE_TIME_FIELD_NUMBER

        public static final int VALID_BEFORE_TIME_FIELD_NUMBER
        See Also:
        Constant Field Values

      • KEY_ORIGIN_FIELD_NUMBER

        public static final int KEY_ORIGIN_FIELD_NUMBER
        See Also:
        Constant Field Values

    • Method Detail

      • newInstance

        protected Object newInstance​(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
        Overrides:
        newInstance in class com.google.protobuf.GeneratedMessageV3

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

      • getName

        public String getName()
         The resource name of the service account key in the following format
 `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
        string name = 1;
        Specified by:
        getName in interface ServiceAccountKeyOrBuilder
        Returns:
        The name.

      • getNameBytes

        public com.google.protobuf.ByteString getNameBytes()
         The resource name of the service account key in the following format
 `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
        string name = 1;
        Specified by:
        getNameBytes in interface ServiceAccountKeyOrBuilder
        Returns:
        The bytes for name.

      • getPrivateKeyTypeValue

        public int getPrivateKeyTypeValue()
         The output format for the private key.
 Only provided in `CreateServiceAccountKey` responses, not
 in `GetServiceAccountKey` or `ListServiceAccountKey` responses.

 Google never exposes system-managed private keys, and never retains
 user-managed private keys.
        .google.iam.admin.v1.ServiceAccountPrivateKeyType private_key_type = 2;
        Specified by:
        getPrivateKeyTypeValue in interface ServiceAccountKeyOrBuilder
        Returns:
        The enum numeric value on the wire for privateKeyType.

      • getPrivateKeyType

        public ServiceAccountPrivateKeyType getPrivateKeyType()
         The output format for the private key.
 Only provided in `CreateServiceAccountKey` responses, not
 in `GetServiceAccountKey` or `ListServiceAccountKey` responses.

 Google never exposes system-managed private keys, and never retains
 user-managed private keys.
        .google.iam.admin.v1.ServiceAccountPrivateKeyType private_key_type = 2;
        Specified by:
        getPrivateKeyType in interface ServiceAccountKeyOrBuilder
        Returns:
        The privateKeyType.

      • getKeyAlgorithmValue

        public int getKeyAlgorithmValue()
         Specifies the algorithm (and possibly key size) for the key.
        .google.iam.admin.v1.ServiceAccountKeyAlgorithm key_algorithm = 8;
        Specified by:
        getKeyAlgorithmValue in interface ServiceAccountKeyOrBuilder
        Returns:
        The enum numeric value on the wire for keyAlgorithm.

      • getPrivateKeyData

        public com.google.protobuf.ByteString getPrivateKeyData()
         The private key data. Only provided in `CreateServiceAccountKey`
 responses. Make sure to keep the private key data secure because it
 allows for the assertion of the service account identity.
 When base64 decoded, the private key data can be used to authenticate with
 Google API client libraries and with
 <a href="/sdk/gcloud/reference/auth/activate-service-account">gcloud
 auth activate-service-account</a>.
        bytes private_key_data = 3;
        Specified by:
        getPrivateKeyData in interface ServiceAccountKeyOrBuilder
        Returns:
        The privateKeyData.

      • getPublicKeyData

        public com.google.protobuf.ByteString getPublicKeyData()
         The public key data. Only provided in `GetServiceAccountKey` responses.
        bytes public_key_data = 7;
        Specified by:
        getPublicKeyData in interface ServiceAccountKeyOrBuilder
        Returns:
        The publicKeyData.

      • hasValidAfterTime

        public boolean hasValidAfterTime()
         The key can be used after this timestamp.
        .google.protobuf.Timestamp valid_after_time = 4;
        Specified by:
        hasValidAfterTime in interface ServiceAccountKeyOrBuilder
        Returns:
        Whether the validAfterTime field is set.

      • getValidAfterTime

        public com.google.protobuf.Timestamp getValidAfterTime()
         The key can be used after this timestamp.
        .google.protobuf.Timestamp valid_after_time = 4;
        Specified by:
        getValidAfterTime in interface ServiceAccountKeyOrBuilder
        Returns:
        The validAfterTime.

      • getValidAfterTimeOrBuilder

        public com.google.protobuf.TimestampOrBuilder getValidAfterTimeOrBuilder()
         The key can be used after this timestamp.
        .google.protobuf.Timestamp valid_after_time = 4;
        Specified by:
        getValidAfterTimeOrBuilder in interface ServiceAccountKeyOrBuilder

      • hasValidBeforeTime

        public boolean hasValidBeforeTime()
         The key can be used before this timestamp.
 For system-managed key pairs, this timestamp is the end time for the
 private key signing operation. The public key could still be used
 for verification for a few hours after this time.
        .google.protobuf.Timestamp valid_before_time = 5;
        Specified by:
        hasValidBeforeTime in interface ServiceAccountKeyOrBuilder
        Returns:
        Whether the validBeforeTime field is set.

      • getValidBeforeTime

        public com.google.protobuf.Timestamp getValidBeforeTime()
         The key can be used before this timestamp.
 For system-managed key pairs, this timestamp is the end time for the
 private key signing operation. The public key could still be used
 for verification for a few hours after this time.
        .google.protobuf.Timestamp valid_before_time = 5;
        Specified by:
        getValidBeforeTime in interface ServiceAccountKeyOrBuilder
        Returns:
        The validBeforeTime.

      • getValidBeforeTimeOrBuilder

        public com.google.protobuf.TimestampOrBuilder getValidBeforeTimeOrBuilder()
         The key can be used before this timestamp.
 For system-managed key pairs, this timestamp is the end time for the
 private key signing operation. The public key could still be used
 for verification for a few hours after this time.
        .google.protobuf.Timestamp valid_before_time = 5;
        Specified by:
        getValidBeforeTimeOrBuilder in interface ServiceAccountKeyOrBuilder

      • getKeyOriginValue

        public int getKeyOriginValue()
         The key origin.
        .google.iam.admin.v1.ServiceAccountKeyOrigin key_origin = 9;
        Specified by:
        getKeyOriginValue in interface ServiceAccountKeyOrBuilder
        Returns:
        The enum numeric value on the wire for keyOrigin.

      • getKeyTypeValue

        public int getKeyTypeValue()
         The key type.
        .google.iam.admin.v1.ListServiceAccountKeysRequest.KeyType key_type = 10;
        Specified by:
        getKeyTypeValue in interface ServiceAccountKeyOrBuilder
        Returns:
        The enum numeric value on the wire for keyType.

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3

      • writeTo

        public void writeTo​(com.google.protobuf.CodedOutputStream output)
             throws IOException
        Specified by:
        writeTo in interface com.google.protobuf.MessageLite
        Overrides:
        writeTo in class com.google.protobuf.GeneratedMessageV3
        Throws:
        IOException

      • getSerializedSize

        public int getSerializedSize()
        Specified by:
        getSerializedSize in interface com.google.protobuf.MessageLite
        Overrides:
        getSerializedSize in class com.google.protobuf.GeneratedMessageV3

      • equals

        public boolean equals​(Object obj)
        Specified by:
        equals in interface com.google.protobuf.Message
        Overrides:
        equals in class com.google.protobuf.AbstractMessage

      • hashCode

        public int hashCode()
        Specified by:
        hashCode in interface com.google.protobuf.Message
        Overrides:
        hashCode in class com.google.protobuf.AbstractMessage

      • parseFrom

        public static ServiceAccountKey parseFrom​(ByteBuffer data)
                                   throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static ServiceAccountKey parseFrom​(ByteBuffer data,
                                          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                   throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static ServiceAccountKey parseFrom​(com.google.protobuf.ByteString data)
                                   throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static ServiceAccountKey parseFrom​(com.google.protobuf.ByteString data,
                                          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                   throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static ServiceAccountKey parseFrom​(byte[] data)
                                   throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static ServiceAccountKey parseFrom​(byte[] data,
                                          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                   throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static ServiceAccountKey parseFrom​(com.google.protobuf.CodedInputStream input,
                                          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                   throws IOException
        Throws:
        IOException

      • newBuilderForType

        public ServiceAccountKey.Builder newBuilderForType()
        Specified by:
        newBuilderForType in interface com.google.protobuf.Message
        Specified by:
        newBuilderForType in interface com.google.protobuf.MessageLite

      • toBuilder

        public ServiceAccountKey.Builder toBuilder()
        Specified by:
        toBuilder in interface com.google.protobuf.Message
        Specified by:
        toBuilder in interface com.google.protobuf.MessageLite

      • newBuilderForType

        protected ServiceAccountKey.Builder newBuilderForType​(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
        Specified by:
        newBuilderForType in class com.google.protobuf.GeneratedMessageV3

      • getParserForType

        public com.google.protobuf.Parser<ServiceAccountKey> getParserForType()
        Specified by:
        getParserForType in interface com.google.protobuf.Message
        Specified by:
        getParserForType in interface com.google.protobuf.MessageLite
        Overrides:
        getParserForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstanceForType

        public ServiceAccountKey getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder