To retrieve a list of HMAC keys for the specified service account, make a GET request that is scoped to a project. The authenticated user must have storage.hmacKeys.list permission for the project in which the key exists.
For general information about HMAC keys in Cloud Storage, see HMAC Keys.
HTTP Request
GET https://storage.googleapis.com/?Action=ListAccessKeys&UserName=ServiceAccountEmail
Query string parameters
| Parameter | Description | Required |
|---|---|---|
Action | The HMAC key operation to be performed. | Yes |
MaxItems | Maximum number of keys to return in a single response. The service may return fewer results than MaxItems. Check for a Marker in the result and paginate if necessary. | No |
Marker | A previously-returned page token representing part of the larger set of results to view. This is meant to be an opaque token and the format may change at any time. Attempting to build your own instead of using one returned by a previous list request is not supported.If you start a listing and then create a new HMAC key before using a Marker to continue listing, you will not see the new HMAC key in subsequent listing results if it is in part of the HMAC key namespace already listed. | No |
UserName | The email address of a service account in the project. Specifying this parameter will filter the list results to only return keys for this service account. | No |
Request headers
The following are request headers for GET HMAC Key.
| Header | Description | Required |
|---|---|---|
Authorization | The authentication string for the request. | Yes |
Date | The date and time of the request. | Yes |
Host | The URI for Cloud Storage. For more information, see Request Endpoints. | Yes |
x-goog-user-project | The project to be billed for charges associated with the request. | No |
Response
If successful, this method returns a response body with the following structure:
<ListAccessKeysResponse> <ListAccessKeysResult> <UserName>serviceAccount@proj.iam.gserviceaccount.com</UserName> <AccessKeyMetadata> <member> <UserName>serviceAccount@proj.iam.gserviceaccount.com</UserName> <AccessKeyId>GOOG1EXAMPLE12345</AccessKeyId> <Status>Active</Status> <CreateDate>2019-09-03T18:53:41Z</CreateDate> </member> <member> <UserName>serviceAccount@proj.iam.gserviceaccount.com</UserName> <AccessKeyId>GOOG1EXAMPLE54321</AccessKeyId> <Status>Inactive</Status> <CreateDate>2019-03-25T20:38:14Z</CreateDate> </member> </AccessKeyMetadata> <IsTruncated>true</IsTruncated> <Marker>AERPALERN/NEXT/TOKEN</Marker> </ListAccessKeysResult> </ListAccessKeysResponse>
| Parameter name | Value | Description |
|---|---|---|
UserName | string | The email address of the service account. |
AccessKeyId | string | The access key ID for this HMAC key. |
Status | string | The status of this HMAC key. Valid values are:
|
CreateDate | datetime | The creation time of the HMAC key in RFC 3339 format. |
IsTruncated | boolean | true if there are additional pages of keys. false otherwise. The presence of this parameter in the response should always be checked to ensure a complete listing of all the results. |
Marker | string | The continuation token, used to page through large result sets. Only included in the response if IsTruncated is true. Provide this value in subsequent list requests until IsTruncated is false. Note that the next page may be empty. |