Resource: WorkloadIdentityPoolProviderKey
Represents a public key configuration for your workload identity pool provider. The key can be configured in your identity provider to encrypt the SAML assertions. Google holds the corresponding private key which it uses to decrypt encrypted tokens.
| JSON representation |
|---|
{ "name": string, "keyData": { object ( |
| Fields | |
|---|---|
name |
Output only. The resource name of the key. |
keyData |
Immutable. Public half of the asymmetric key. |
state |
Output only. The state of the key. |
use |
Required. The purpose of the key. |
expireTime |
Output only. Time after which the key will be permanently purged and cannot be recovered. Note that the key may get purged before this timestamp if the total limit of keys per provider is crossed. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
State
The current state of the key.
| Enums | |
|---|---|
STATE_UNSPECIFIED |
State unspecified. |
ACTIVE |
The key is active. |
DELETED |
The key is soft-deleted. Soft-deleted keys are permanently deleted after approximately 30 days. You can restore a soft-deleted key using keys.undelete. While a key is deleted, you cannot use it during the federation. |
KeyUse
The uses for which a workload identity pool provider key might be generated. A key has exactly one use.
| Enums | |
|---|---|
KEY_USE_UNSPECIFIED |
The key use is not known. |
ENCRYPTION |
The public key is used for encryption purposes. |
Methods |
|
|---|---|
|
Create a new WorkloadIdentityPoolProviderKey in a WorkloadIdentityPoolProvider. |
|
Deletes an WorkloadIdentityPoolProviderKey. |
|
Gets an individual WorkloadIdentityPoolProviderKey. |
|
Lists all non-deleted WorkloadIdentityPoolProviderKeys in a project. |
|
Undeletes an WorkloadIdentityPoolProviderKey, as long as it was deleted fewer than 30 days ago. |