Create a service account HMAC key

  namespace 
  
 gcs 
  
 = 
  
 :: 
 google 
 :: 
 cloud 
 :: 
 storage 
 ; 
 using 
  
 :: 
 google 
 :: 
 cloud 
 :: 
 StatusOr 
 ; 
 return 
  
 []( 
 gcs 
 :: 
 Client 
  
 client 
 , 
  
 std 
 :: 
 string 
  
 const 
&  
 service_account_email 
 ) 
  
 { 
  
 StatusOr<std 
 :: 
 pair<gcs 
 :: 
 HmacKeyMetadata 
 , 
  
 std 
 :: 
 string 
>>  
 key_info 
  
 = 
  
 client 
 . 
 CreateHmacKey 
 ( 
 service_account_email 
 ); 
  
 if 
  
 ( 
 ! 
 key_info 
 ) 
  
 throw 
  
 std 
 :: 
 move 
 ( 
 key_info 
 ). 
 status 
 (); 
  
 std 
 :: 
 cout 
 << 
 "The base64 encoded secret is: " 
 << 
 key_info 
 - 
> second 
 << 
 " 
 \n 
 Do not miss that secret, there is no API to recover it." 
 << 
 " 
 \n 
 The HMAC key metadata is: " 
 << 
 key_info 
 - 
> first 
 << 
 " 
 \n 
 " 
 ; 
  
 return 
  
 key_info 
 - 
> first 
 . 
 access_id 
 (); 
 } 
 

  using 
  
 Google.Apis.Storage.v1.Data 
 ; 
 using 
  
  Google.Cloud.Storage.V1 
 
 ; 
 using 
  
 System 
 ; 
 public 
  
 class 
  
 CreateHmacKeySample 
 { 
  
 public 
  
 HmacKey 
  
 CreateHmacKey 
 ( 
  
 string 
  
 projectId 
  
 = 
  
 "your-project-id" 
 , 
  
 string 
  
 serviceAccountEmail 
  
 = 
  
 "dev@iam.gserviceaccount.com" 
 ) 
  
 { 
  
 var 
  
 storage 
  
 = 
  
  StorageClient 
 
 . 
  Create 
 
 (); 
  
 var 
  
 key 
  
 = 
  
 storage 
 . 
 CreateHmacKey 
 ( 
 projectId 
 , 
  
 serviceAccountEmail 
 ); 
  
 var 
  
 secret 
  
 = 
  
 key 
 . 
 Secret 
 ; 
  
 var 
  
 metadata 
  
 = 
  
 key 
 . 
 Metadata 
 ; 
  
 Console 
 . 
 WriteLine 
 ( 
 $"The Base64 encoded secret is: {secret}" 
 ); 
  
 Console 
 . 
 WriteLine 
 ( 
 "Make sure to save that secret, there's no API to recover it." 
 ); 
  
 Console 
 . 
 WriteLine 
 ( 
 "The HMAC key metadata is:" 
 ); 
  
 Console 
 . 
 WriteLine 
 ( 
 $"ID: {metadata.Id}" 
 ); 
  
 Console 
 . 
 WriteLine 
 ( 
 $"Access ID: {metadata.AccessId}" 
 ); 
  
 Console 
 . 
 WriteLine 
 ( 
 $"Project ID: {metadata.ProjectId}" 
 ); 
  
 Console 
 . 
 WriteLine 
 ( 
 $"Service Account Email: {metadata.ServiceAccountEmail}" 
 ); 
  
 Console 
 . 
 WriteLine 
 ( 
 $"State: {metadata.State}" 
 ); 
  
 Console 
 . 
 WriteLine 
 ( 
 $"Time Created: {metadata.TimeCreated}" 
 ); 
  
 Console 
 . 
 WriteLine 
 ( 
 $"Time Updated: {metadata.Updated}" 
 ); 
  
 Console 
 . 
 WriteLine 
 ( 
 $"ETag: {metadata.ETag}" 
 ); 
  
 return 
  
 key 
 ; 
  
 } 
 } 
 

  import 
  
 ( 
  
 "context" 
  
 "fmt" 
  
 "io" 
  
 "time" 
  
 "cloud.google.com/go/storage" 
 ) 
 // createHMACKey creates a new HMAC key using the given project and service account. 
 func 
  
 createHMACKey 
 ( 
 w 
  
 io 
 . 
  Writer 
 
 , 
  
 projectID 
  
 string 
 , 
  
 serviceAccountEmail 
  
 string 
 ) 
  
 ( 
 * 
 storage 
 . 
  HMACKey 
 
 , 
  
 error 
 ) 
  
 { 
  
 ctx 
  
 := 
  
 context 
 . 
 Background 
 () 
  
 // Initialize client. 
  
 client 
 , 
  
 err 
  
 := 
  
 storage 
 . 
 NewClient 
 ( 
 ctx 
 ) 
  
 if 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 nil 
 , 
  
 fmt 
 . 
 Errorf 
 ( 
 "storage.NewClient: %w" 
 , 
  
 err 
 ) 
  
 } 
  
 defer 
  
 client 
 . 
 Close 
 () 
  
 // Closing the client safely cleans up background resources. 
  
 ctx 
 , 
  
 cancel 
  
 := 
  
 context 
 . 
 WithTimeout 
 ( 
 ctx 
 , 
  
 time 
 . 
 Minute 
 ) 
  
 defer 
  
 cancel 
 () 
  
 key 
 , 
  
 err 
  
 := 
  
 client 
 . 
  CreateHMACKey 
 
 ( 
 ctx 
 , 
  
 projectID 
 , 
  
 serviceAccountEmail 
 ) 
  
 if 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 nil 
 , 
  
 fmt 
 . 
 Errorf 
 ( 
 "CreateHMACKey: %w" 
 , 
  
 err 
 ) 
  
 } 
  
 fmt 
 . 
 Fprintf 
 ( 
 w 
 , 
  
 "%s\n" 
 , 
  
 key 
 ) 
  
 fmt 
 . 
 Fprintf 
 ( 
 w 
 , 
  
 "The base64 encoded secret is %s\n" 
 , 
  
 key 
 . 
 Secret 
 ) 
  
 fmt 
 . 
 Fprintln 
 ( 
 w 
 , 
  
 "Do not miss that secret, there is no API to recover it." 
 ) 
  
 fmt 
 . 
 Fprintln 
 ( 
 w 
 , 
  
 "The HMAC key metadata is" 
 ) 
  
 fmt 
 . 
 Fprintf 
 ( 
 w 
 , 
  
 "%+v" 
 , 
  
 key 
 ) 
  
 return 
  
 key 
 , 
  
 nil 
 } 
 

  import 
  
 com.google.cloud.storage. HmacKey 
 
 ; 
 import 
  
 com.google.cloud.storage. ServiceAccount 
 
 ; 
 import 
  
 com.google.cloud.storage. Storage 
 
 ; 
 import 
  
 com.google.cloud.storage. StorageException 
 
 ; 
 import 
  
 com.google.cloud.storage. StorageOptions 
 
 ; 
 import 
  
 java.util.Date 
 ; 
 public 
  
 class 
 CreateHmacKey 
  
 { 
  
 public 
  
 static 
  
 void 
  
 createHmacKey 
 ( 
 String 
  
 serviceAccountEmail 
 , 
  
 String 
  
 projectId 
 ) 
  
 throws 
  
  StorageException 
 
  
 { 
  
 // The service account email for which the new HMAC key will be created. 
  
 // String serviceAccountEmail = "service-account@iam.gserviceaccount.com"; 
  
 // The ID of the project to which the service account belongs. 
  
 // String projectId = "project-id"; 
  
  Storage 
 
  
 storage 
  
 = 
  
  StorageOptions 
 
 . 
 newBuilder 
 (). 
 setProjectId 
 ( 
 projectId 
 ). 
 build 
 (). 
  getService 
 
 (); 
  
  ServiceAccount 
 
  
 account 
  
 = 
  
  ServiceAccount 
 
 . 
 of 
 ( 
 serviceAccountEmail 
 ); 
  
  HmacKey 
 
  
 hmacKey 
  
 = 
  
 storage 
 . 
  createHmacKey 
 
 ( 
 account 
 , 
  
 Storage 
 . 
 CreateHmacKeyOption 
 . 
 projectId 
 ( 
 projectId 
 )); 
  
 String 
  
 secret 
  
 = 
  
 hmacKey 
 . 
  getSecretKey 
 
 (); 
  
  HmacKey 
 
 . 
  HmacKeyMetadata 
 
  
 metadata 
  
 = 
  
 hmacKey 
 . 
  getMetadata 
 
 (); 
  
 System 
 . 
 out 
 . 
 println 
 ( 
 "The Base64 encoded secret is: " 
  
 + 
  
 secret 
 ); 
  
 System 
 . 
 out 
 . 
 println 
 ( 
 "Do not lose that secret, there is no API to recover it." 
 ); 
  
 System 
 . 
 out 
 . 
 println 
 ( 
 "The HMAC key metadata is:" 
 ); 
  
 System 
 . 
 out 
 . 
 println 
 ( 
 "ID: " 
  
 + 
  
 metadata 
 . 
 getId 
 ()); 
  
 System 
 . 
 out 
 . 
 println 
 ( 
 "Access ID: " 
  
 + 
  
 metadata 
 . 
  getAccessId 
 
 ()); 
  
 System 
 . 
 out 
 . 
 println 
 ( 
 "Project ID: " 
  
 + 
  
 metadata 
 . 
 getProjectId 
 ()); 
  
 System 
 . 
 out 
 . 
 println 
 ( 
 "Service Account Email: " 
  
 + 
  
 metadata 
 . 
 getServiceAccount 
 (). 
 getEmail 
 ()); 
  
 System 
 . 
 out 
 . 
 println 
 ( 
 "State: " 
  
 + 
  
 metadata 
 . 
 getState 
 (). 
 toString 
 ()); 
  
 System 
 . 
 out 
 . 
 println 
 ( 
 "Time Created: " 
  
 + 
  
 new 
  
 Date 
 ( 
 metadata 
 . 
 getCreateTime 
 ()). 
 toString 
 ()); 
  
 System 
 . 
 out 
 . 
 println 
 ( 
 "Time Updated: " 
  
 + 
  
 new 
  
 Date 
 ( 
 metadata 
 . 
 getUpdateTime 
 ()). 
 toString 
 ()); 
  
 System 
 . 
 out 
 . 
 println 
 ( 
 "ETag: " 
  
 + 
  
 metadata 
 . 
 getEtag 
 ()); 
  
 } 
 } 
 

  /** 
 * TODO(developer): Uncomment the following lines before running the sample. 
 */ 
 // The service account email for which the new HMAC key will be created 
 // const serviceAccountEmail = 'service-account@iam.gserviceaccount.com'; 
 // The ID of the project to which the service account belongs 
 // const projectId = 'project-id'; 
 // Imports the Google Cloud client library 
 const 
  
 { 
 Storage 
 } 
  
 = 
  
 require 
 ( 
 ' @google-cloud/storage 
' 
 ); 
 // Creates a client 
 const 
  
 storage 
  
 = 
  
 new 
  
 Storage 
 (); 
 // Create HMAC SA Key 
 async 
  
 function 
  
 createHmacKey 
 () 
  
 { 
  
 const 
  
 [ 
 hmacKey 
 , 
  
 secret 
 ] 
  
 = 
  
 await 
  
 storage 
 . 
  createHmacKey 
 
 ( 
 serviceAccountEmail 
 , 
  
 { 
  
 projectId 
 , 
  
 }); 
  
 console 
 . 
 log 
 ( 
 `The base64 encoded secret is: 
 ${ 
 secret 
 } 
 ` 
 ); 
  
 console 
 . 
 log 
 ( 
 'Do not miss that secret, there is no API to recover it.' 
 ); 
  
 console 
 . 
 log 
 ( 
 'The HMAC key metadata is:' 
 ); 
  
 for 
  
 ( 
 const 
  
 [ 
 key 
 , 
  
 value 
 ] 
  
 of 
  
 Object 
 . 
 entries 
 ( 
  hmacKey 
 
 . 
 metadata 
 )) 
  
 { 
  
 console 
 . 
 log 
 ( 
 ` 
 ${ 
 key 
 } 
 : 
 ${ 
 value 
 } 
 ` 
 ); 
  
 } 
 } 
 

  use Google\Cloud\Storage\StorageClient; 
 /** 
 * Create a new HMAC key. 
 * 
 * @param string $projectId The ID of your Google Cloud Platform project. 
 *        (e.g. 'my-project-id') 
 * @param string $serviceAccountEmail Service account email to associate with the new HMAC key. 
 *        (e.g. 'service-account@iam.gserviceaccount.com') 
 */ 
 function create_hmac_key(string $projectId, string $serviceAccountEmail): void 
 { 
 $storage = new StorageClient(); 
 // By default createHmacKey will use the projectId used by StorageClient(). 
 $hmacKeyCreated = $storage->createHmacKey($serviceAccountEmail, ['projectId' => $projectId]); 
 printf('The base64 encoded secret is: %s' . PHP_EOL, $hmacKeyCreated->secret()); 
 print('Do not miss that secret, there is no API to recover it.' . PHP_EOL); 
 printf('HMAC key Metadata: %s' . PHP_EOL, print_r($hmacKeyCreated->hmacKey()->info(), true)); 
 } 
 

  from 
  
 google.cloud 
  
 import 
  storage 
 
 def 
  
 create_key 
 ( 
 project_id 
 , 
 service_account_email 
 ): 
  
 """ 
 Create a new HMAC key using the given project and service account. 
 """ 
 # project_id = 'Your Google Cloud project ID' 
 # service_account_email = 'Service account used to generate the HMAC key' 
 storage_client 
 = 
  storage 
 
 . 
  Client 
 
 ( 
 project 
 = 
 project_id 
 ) 
 hmac_key 
 , 
 secret 
 = 
 storage_client 
 . 
  create_hmac_key 
 
 ( 
 service_account_email 
 = 
 service_account_email 
 , 
 project_id 
 = 
 project_id 
 ) 
 print 
 ( 
 f 
 "The base64 encoded secret is 
 { 
 secret 
 } 
 " 
 ) 
 print 
 ( 
 "Do not miss that secret, there is no API to recover it." 
 ) 
 print 
 ( 
 "The HMAC key metadata is:" 
 ) 
 print 
 ( 
 f 
 "Service Account Email: 
 { 
  hmac_key 
 
 . 
  service_account_email 
 
 } 
 " 
 ) 
 print 
 ( 
 f 
 "Key ID: 
 { 
  hmac_key 
 
 . 
 id 
 } 
 " 
 ) 
 print 
 ( 
 f 
 "Access ID: 
 { 
  hmac_key 
 
 . 
  access_id 
 
 } 
 " 
 ) 
 print 
 ( 
 f 
 "Project ID: 
 { 
  hmac_key 
 
 . 
  project 
 
 } 
 " 
 ) 
 print 
 ( 
 f 
 "State: 
 { 
  hmac_key 
 
 . 
  state 
 
 } 
 " 
 ) 
 print 
 ( 
 f 
 "Created At: 
 { 
  hmac_key 
 
 . 
 time_created 
 } 
 " 
 ) 
 print 
 ( 
 f 
 "Updated At: 
 { 
  hmac_key 
 
 . 
 updated 
 } 
 " 
 ) 
 print 
 ( 
 f 
 "Etag: 
 { 
  hmac_key 
 
 . 
 etag 
 } 
 " 
 ) 
 return 
 hmac_key 
 

  def 
  
 create_hmac_key 
  
 service_account_email 
 : 
  
 # The service account email used to generate an HMAC key 
  
 # service_account_email = "service-my-project-number@gs-project-accounts.iam.gserviceaccount.com" 
  
 require 
  
 "google/cloud/storage" 
  
 storage 
  
 = 
  
 Google 
 :: 
 Cloud 
 :: 
  Storage 
 
 . 
  new 
 
  
 # By default Storage#create_hmac_key uses the Storage client project_id 
  
 hmac_key 
  
 = 
  
 storage 
 . 
  create_hmac_key 
 
  
 service_account_email 
  
 puts 
  
 "The base64 encoded secret is: 
 #{ 
 hmac_key 
 . 
  secret 
 
 } 
 " 
  
 puts 
  
 "Do not miss that secret, there is no API to recover it." 
  
 puts 
  
 " 
 \n 
 The HMAC key metadata is:" 
  
 puts 
  
 "Key ID: 
 #{ 
 hmac_key 
 . 
 id 
 } 
 " 
  
 puts 
  
 "Service Account Email: 
 #{ 
 hmac_key 
 . 
 service_account_email 
 } 
 " 
  
 puts 
  
 "Access ID: 
 #{ 
 hmac_key 
 . 
  access_id 
 
 } 
 " 
  
 puts 
  
 "Project ID: 
 #{ 
 hmac_key 
 . 
 project_id 
 } 
 " 
  
 puts 
  
 "Active: 
 #{ 
 hmac_key 
 . 
  active? 
 
 } 
 " 
  
 puts 
  
 "Created At: 
 #{ 
 hmac_key 
 . 
 created_at 
 } 
 " 
  
 puts 
  
 "Updated At: 
 #{ 
 hmac_key 
 . 
 updated_at 
 } 
 " 
  
 puts 
  
 "Etag: 
 #{ 
 hmac_key 
 . 
 etag 
 } 
 " 
 end