Method: projects.serviceAccounts.keys.patch

{
  "serviceAccountKey": {
    "name": string,
    "privateKeyType": enum (ServiceAccountPrivateKeyType),
    "keyAlgorithm": enum (ServiceAccountKeyAlgorithm),
    "privateKeyData": string,
    "publicKeyData": string,
    "validAfterTime": string,
    "validBeforeTime": string,
    "keyOrigin": enum (ServiceAccountKeyOrigin),
    "keyType": enum (KeyType),
    "disabled": boolean,
    "disableReason": enum (ServiceAccountKeyDisableReason),
    "extendedStatus": [
      {
        "key": enum (ServiceAccountKeyExtendedStatusKey),
        "value": string
      }
    ],
    "contact": string,
    "description": string,
    "creator": string
  },
  "updateMask": string
}

enum (ServiceAccountPrivateKeyType)

The output format for the private key. Only provided in keys.create responses, not in keys.get or ListServiceAccountKey responses.

Google never exposes system-managed private keys, and never retains user-managed private keys.

enum (ServiceAccountKeyAlgorithm)

Specifies the algorithm (and possibly key size) for the key.

string (bytes format)

The private key data. Only provided in keys.create responses. Make sure to keep the private key data secure because it allows for the assertion of the service account identity. When base64 decoded, the private key data can be used to authenticate with Google API client libraries and with gcloud auth activate-service-account.

A base64-encoded string.

string (bytes format)

The public key data. Only provided in keys.get responses.

A base64-encoded string.

string (Timestamp format)

The key can be used after this timestamp.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

string (Timestamp format)

The key can be used before this timestamp. For system-managed key pairs, this timestamp is the end time for the private key signing operation. The public key could still be used for verification for a few hours after this time.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

enum (ServiceAccountKeyOrigin)

The key origin.

enum (KeyType)

The key type.

boolean

The key status.

enum (ServiceAccountKeyDisableReason)

Output only. optional. If the key is disabled, it may have a DisableReason describing why it was disabled.

object (ExtendedStatus)

Output only. Extended Status provides permanent information about a service account key. For example, if this key was detected as exposed or compromised, that information will remain for the lifetime of the key in the extendedStatus.

string

Optional. A user provided email address as the point of contact for this service account key. Must be an email address. Limit 64 characters.

string

Optional. A user provided description of this service account key.

string

Output only. The cloud identity that created this service account key. Populated automatically when the key is created and not editable by the user.

string (FieldMask format)

Required. The update mask to apply to the service account key. Only the following fields are eligible for patching: - contact - description

This is a comma-separated list of fully qualified names of fields. Example: "user.displayName,photo".