To create a new HMAC key for the specified service account, make a POST
request
that is scoped to a project. The authenticated user must have storage.hmacKeys.create
permission for the project in which the key will be created.
For general information about HMAC keys in Cloud Storage, see HMAC Keys .
HTTP Request
POST https://storage.googleapis.com/?Action=CreateAccessKey&UserName= ServiceAccountEmail
Query string parameters
| Parameter | Description | Required |
|---|---|---|
Action
|
The HMAC key operation to be performed. | Yes |
UserName
|
The email address of the service account. | Yes |
Request headers
Use the common request headers .
Response
If successful, this method returns a response body with the following structure:
<CreateAccessKeyResponse>
<CreateAccessKeyResult>
<AccessKey>
<UserName>serviceAccount@proj.iam.gserviceaccount.com</UserName>
<AccessKeyId>GOOG1EXAMPLEAEU</AccessKeyId>
<Status>Active</Status>
<SecretAccessKey>EXAMPLE/KEY/aserafd</SecretAccessKey>
</AccessKey>
</CreateAccessKeyResult>
</CreateAccessKeyResponse>
Parameter name
Value
Description
UserName
string
The email address of the service account.
AccessKeyId
string
The access key ID for this HMAC key.
Status
string
The status of this HMAC key. Valid values are:
-
Active: This key can be used to sign requests. -
Inactive: Requests signed with this key will be denied.
SecretAccessKey
string
A 40 character Base-64 encoded string that is used to sign requests
as part of the authentication process. This secret is only ever returned
in the
create
request.