Disable a ServiceAccountKey
. A disabled service account key can be re-enabled with keys.enable
.
HTTP request
POST https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*/keys/*}:disable
The URL uses gRPC Transcoding syntax.
Path parameters
name
string
Required. The resource name of the service account key.
Use one of the following formats:
-
projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}/keys/{KEY_ID}
-
projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}/keys/{KEY_ID}
As an alternative, you can use the -
wildcard character instead of the project ID:
-
projects/-/serviceAccounts/{EMAIL_ADDRESS}/keys/{KEY_ID}
-
projects/-/serviceAccounts/{UNIQUE_ID}/keys/{KEY_ID}
When possible, avoid using the -
wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account key projects/-/serviceAccounts/fake@example.com/keys/fake-key
, which does not exist, the response contains an HTTP 403 Forbidden
error instead of a 404 Not Found
error.
Authorization requires the following IAM
permission on the specified resource name
:
-
iam.serviceAccountKeys.disable
Request body
The request body contains data with the following structure:
JSON representation |
---|
{
"serviceAccountKeyDisableReason"
:
enum (
|
Fields | |
---|---|
serviceAccountKeyDisableReason
|
Optional. Describes the reason this key is being disabled. If unspecified, the default value of SERVICE_ACCOUNT_KEY_DISABLE_REASON_USER_INITIATED will be used. |
Response body
If successful, the response body is empty.
Authorization scopes
Requires one of the following OAuth scopes:
-
https://www.googleapis.com/auth/iam
-
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview .