1. Packages
  2. Twingate
  3. API Docs
  4. TwingateServiceAccountKey
Twingate v3.0.17 published on Wednesday, Apr 9, 2025 by Twingate

twingate.TwingateServiceAccountKey

Explore with Pulumi AI

A Service Key authorizes access to all Resources assigned to a Service Account.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as time from "@pulumiverse/time";
import * as twingate from "@twingate/pulumi-twingate";

const githubActionsProd = new twingate.TwingateServiceAccount("githubActionsProd", {});
const githubKey = new twingate.TwingateServiceAccountKey("githubKey", {serviceAccountId: githubActionsProd.id});
// Key rotation using the time provider (see https://registry.terraform.io/providers/hashicorp/time/latest)
const keyRotationRotating = new time.Rotating("keyRotationRotating", {rotationDays: 30});
const keyRotationStatic = new time.Static("keyRotationStatic", {rfc3339: keyRotationRotating.rfc3339});
const githubKeyWithRotation = new twingate.TwingateServiceAccountKey("githubKeyWithRotation", {serviceAccountId: githubActionsProd.id});
Copy
import pulumi
import pulumi_twingate as twingate
import pulumiverse_time as time

github_actions_prod = twingate.TwingateServiceAccount("githubActionsProd")
github_key = twingate.TwingateServiceAccountKey("githubKey", service_account_id=github_actions_prod.id)
# Key rotation using the time provider (see https://registry.terraform.io/providers/hashicorp/time/latest)
key_rotation_rotating = time.Rotating("keyRotationRotating", rotation_days=30)
key_rotation_static = time.Static("keyRotationStatic", rfc3339=key_rotation_rotating.rfc3339)
github_key_with_rotation = twingate.TwingateServiceAccountKey("githubKeyWithRotation", service_account_id=github_actions_prod.id)
Copy
package main

import (
	"github.com/Twingate/pulumi-twingate/sdk/v3/go/twingate"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumiverse/pulumi-time/sdk/go/time"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		githubActionsProd, err := twingate.NewTwingateServiceAccount(ctx, "githubActionsProd", nil)
		if err != nil {
			return err
		}
		_, err = twingate.NewTwingateServiceAccountKey(ctx, "githubKey", &twingate.TwingateServiceAccountKeyArgs{
			ServiceAccountId: githubActionsProd.ID(),
		})
		if err != nil {
			return err
		}
		keyRotationRotating, err := time.NewRotating(ctx, "keyRotationRotating", &time.RotatingArgs{
			RotationDays: pulumi.Int(30),
		})
		if err != nil {
			return err
		}
		_, err = time.NewStatic(ctx, "keyRotationStatic", &time.StaticArgs{
			Rfc3339: keyRotationRotating.Rfc3339,
		})
		if err != nil {
			return err
		}
		_, err = twingate.NewTwingateServiceAccountKey(ctx, "githubKeyWithRotation", &twingate.TwingateServiceAccountKeyArgs{
			ServiceAccountId: githubActionsProd.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Time = Pulumiverse.Time;
using Twingate = Twingate.Twingate;

return await Deployment.RunAsync(() => 
{
    var githubActionsProd = new Twingate.TwingateServiceAccount("githubActionsProd");

    var githubKey = new Twingate.TwingateServiceAccountKey("githubKey", new()
    {
        ServiceAccountId = githubActionsProd.Id,
    });

    // Key rotation using the time provider (see https://registry.terraform.io/providers/hashicorp/time/latest)
    var keyRotationRotating = new Time.Rotating("keyRotationRotating", new()
    {
        RotationDays = 30,
    });

    var keyRotationStatic = new Time.Static("keyRotationStatic", new()
    {
        Rfc3339 = keyRotationRotating.Rfc3339,
    });

    var githubKeyWithRotation = new Twingate.TwingateServiceAccountKey("githubKeyWithRotation", new()
    {
        ServiceAccountId = githubActionsProd.Id,
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.twingate.TwingateServiceAccount;
import com.pulumi.twingate.TwingateServiceAccountKey;
import com.pulumi.twingate.TwingateServiceAccountKeyArgs;
import com.pulumiverse.time.Rotating;
import com.pulumiverse.time.RotatingArgs;
import com.pulumiverse.time.Static;
import com.pulumiverse.time.StaticArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var githubActionsProd = new TwingateServiceAccount("githubActionsProd");

        var githubKey = new TwingateServiceAccountKey("githubKey", TwingateServiceAccountKeyArgs.builder()
            .serviceAccountId(githubActionsProd.id())
            .build());

        // Key rotation using the time provider (see https://registry.terraform.io/providers/hashicorp/time/latest)
        var keyRotationRotating = new Rotating("keyRotationRotating", RotatingArgs.builder()
            .rotationDays(30)
            .build());

        var keyRotationStatic = new Static("keyRotationStatic", StaticArgs.builder()
            .rfc3339(keyRotationRotating.rfc3339())
            .build());

        var githubKeyWithRotation = new TwingateServiceAccountKey("githubKeyWithRotation", TwingateServiceAccountKeyArgs.builder()
            .serviceAccountId(githubActionsProd.id())
            .build());

    }
}
Copy
resources:
  githubActionsProd:
    type: twingate:TwingateServiceAccount
  githubKey: # Key rotation using the time provider (see https://registry.terraform.io/providers/hashicorp/time/latest)
    type: twingate:TwingateServiceAccountKey
    properties:
      serviceAccountId: ${githubActionsProd.id}
  keyRotationRotating:
    type: time:Rotating
    properties:
      rotationDays: 30
  keyRotationStatic:
    type: time:Static
    properties:
      rfc3339: ${keyRotationRotating.rfc3339}
  githubKeyWithRotation:
    type: twingate:TwingateServiceAccountKey
    properties:
      serviceAccountId: ${githubActionsProd.id}
Copy

Create TwingateServiceAccountKey Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new TwingateServiceAccountKey(name: string, args: TwingateServiceAccountKeyArgs, opts?: CustomResourceOptions);
@overload
def TwingateServiceAccountKey(resource_name: str,
                              args: TwingateServiceAccountKeyArgs,
                              opts: Optional[ResourceOptions] = None)

@overload
def TwingateServiceAccountKey(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              service_account_id: Optional[str] = None,
                              expiration_time: Optional[int] = None,
                              name: Optional[str] = None)
func NewTwingateServiceAccountKey(ctx *Context, name string, args TwingateServiceAccountKeyArgs, opts ...ResourceOption) (*TwingateServiceAccountKey, error)
public TwingateServiceAccountKey(string name, TwingateServiceAccountKeyArgs args, CustomResourceOptions? opts = null)
public TwingateServiceAccountKey(String name, TwingateServiceAccountKeyArgs args)
public TwingateServiceAccountKey(String name, TwingateServiceAccountKeyArgs args, CustomResourceOptions options)
type: twingate:TwingateServiceAccountKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. TwingateServiceAccountKeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. TwingateServiceAccountKeyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. TwingateServiceAccountKeyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. TwingateServiceAccountKeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. TwingateServiceAccountKeyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var twingateServiceAccountKeyResource = new Twingate.TwingateServiceAccountKey("twingateServiceAccountKeyResource", new()
{
    ServiceAccountId = "string",
    ExpirationTime = 0,
    Name = "string",
});
Copy
example, err := twingate.NewTwingateServiceAccountKey(ctx, "twingateServiceAccountKeyResource", &twingate.TwingateServiceAccountKeyArgs{
	ServiceAccountId: pulumi.String("string"),
	ExpirationTime:   pulumi.Int(0),
	Name:             pulumi.String("string"),
})
Copy
var twingateServiceAccountKeyResource = new TwingateServiceAccountKey("twingateServiceAccountKeyResource", TwingateServiceAccountKeyArgs.builder()
    .serviceAccountId("string")
    .expirationTime(0)
    .name("string")
    .build());
Copy
twingate_service_account_key_resource = twingate.TwingateServiceAccountKey("twingateServiceAccountKeyResource",
    service_account_id="string",
    expiration_time=0,
    name="string")
Copy
const twingateServiceAccountKeyResource = new twingate.TwingateServiceAccountKey("twingateServiceAccountKeyResource", {
    serviceAccountId: "string",
    expirationTime: 0,
    name: "string",
});
Copy
type: twingate:TwingateServiceAccountKey
properties:
    expirationTime: 0
    name: string
    serviceAccountId: string
Copy

TwingateServiceAccountKey Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The TwingateServiceAccountKey resource accepts the following input properties:

ServiceAccountId This property is required. string
The id of the Service Account
ExpirationTime int
Specifies how many days until a Service Account Key expires. This should be an integer between 0 and 365 representing the number of days until the Service Account Key will expire. Defaults to 0, meaning the key will never expire.
Name string
The name of the Service Key
ServiceAccountId This property is required. string
The id of the Service Account
ExpirationTime int
Specifies how many days until a Service Account Key expires. This should be an integer between 0 and 365 representing the number of days until the Service Account Key will expire. Defaults to 0, meaning the key will never expire.
Name string
The name of the Service Key
serviceAccountId This property is required. String
The id of the Service Account
expirationTime Integer
Specifies how many days until a Service Account Key expires. This should be an integer between 0 and 365 representing the number of days until the Service Account Key will expire. Defaults to 0, meaning the key will never expire.
name String
The name of the Service Key
serviceAccountId This property is required. string
The id of the Service Account
expirationTime number
Specifies how many days until a Service Account Key expires. This should be an integer between 0 and 365 representing the number of days until the Service Account Key will expire. Defaults to 0, meaning the key will never expire.
name string
The name of the Service Key
service_account_id This property is required. str
The id of the Service Account
expiration_time int
Specifies how many days until a Service Account Key expires. This should be an integer between 0 and 365 representing the number of days until the Service Account Key will expire. Defaults to 0, meaning the key will never expire.
name str
The name of the Service Key
serviceAccountId This property is required. String
The id of the Service Account
expirationTime Number
Specifies how many days until a Service Account Key expires. This should be an integer between 0 and 365 representing the number of days until the Service Account Key will expire. Defaults to 0, meaning the key will never expire.
name String
The name of the Service Key

Outputs

All input properties are implicitly available as output properties. Additionally, the TwingateServiceAccountKey resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
IsActive bool
Token string
Autogenerated Service Key token. Used to configure a Twingate Client running in headless mode.
Id string
The provider-assigned unique ID for this managed resource.
IsActive bool
Token string
Autogenerated Service Key token. Used to configure a Twingate Client running in headless mode.
id String
The provider-assigned unique ID for this managed resource.
isActive Boolean
token String
Autogenerated Service Key token. Used to configure a Twingate Client running in headless mode.
id string
The provider-assigned unique ID for this managed resource.
isActive boolean
token string
Autogenerated Service Key token. Used to configure a Twingate Client running in headless mode.
id str
The provider-assigned unique ID for this managed resource.
is_active bool
token str
Autogenerated Service Key token. Used to configure a Twingate Client running in headless mode.
id String
The provider-assigned unique ID for this managed resource.
isActive Boolean
token String
Autogenerated Service Key token. Used to configure a Twingate Client running in headless mode.

Look up Existing TwingateServiceAccountKey Resource

Get an existing TwingateServiceAccountKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: TwingateServiceAccountKeyState, opts?: CustomResourceOptions): TwingateServiceAccountKey
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        expiration_time: Optional[int] = None,
        is_active: Optional[bool] = None,
        name: Optional[str] = None,
        service_account_id: Optional[str] = None,
        token: Optional[str] = None) -> TwingateServiceAccountKey
func GetTwingateServiceAccountKey(ctx *Context, name string, id IDInput, state *TwingateServiceAccountKeyState, opts ...ResourceOption) (*TwingateServiceAccountKey, error)
public static TwingateServiceAccountKey Get(string name, Input<string> id, TwingateServiceAccountKeyState? state, CustomResourceOptions? opts = null)
public static TwingateServiceAccountKey get(String name, Output<String> id, TwingateServiceAccountKeyState state, CustomResourceOptions options)
resources:  _:    type: twingate:TwingateServiceAccountKey    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
ExpirationTime int
Specifies how many days until a Service Account Key expires. This should be an integer between 0 and 365 representing the number of days until the Service Account Key will expire. Defaults to 0, meaning the key will never expire.
IsActive bool
Name string
The name of the Service Key
ServiceAccountId string
The id of the Service Account
Token string
Autogenerated Service Key token. Used to configure a Twingate Client running in headless mode.
ExpirationTime int
Specifies how many days until a Service Account Key expires. This should be an integer between 0 and 365 representing the number of days until the Service Account Key will expire. Defaults to 0, meaning the key will never expire.
IsActive bool
Name string
The name of the Service Key
ServiceAccountId string
The id of the Service Account
Token string
Autogenerated Service Key token. Used to configure a Twingate Client running in headless mode.
expirationTime Integer
Specifies how many days until a Service Account Key expires. This should be an integer between 0 and 365 representing the number of days until the Service Account Key will expire. Defaults to 0, meaning the key will never expire.
isActive Boolean
name String
The name of the Service Key
serviceAccountId String
The id of the Service Account
token String
Autogenerated Service Key token. Used to configure a Twingate Client running in headless mode.
expirationTime number
Specifies how many days until a Service Account Key expires. This should be an integer between 0 and 365 representing the number of days until the Service Account Key will expire. Defaults to 0, meaning the key will never expire.
isActive boolean
name string
The name of the Service Key
serviceAccountId string
The id of the Service Account
token string
Autogenerated Service Key token. Used to configure a Twingate Client running in headless mode.
expiration_time int
Specifies how many days until a Service Account Key expires. This should be an integer between 0 and 365 representing the number of days until the Service Account Key will expire. Defaults to 0, meaning the key will never expire.
is_active bool
name str
The name of the Service Key
service_account_id str
The id of the Service Account
token str
Autogenerated Service Key token. Used to configure a Twingate Client running in headless mode.
expirationTime Number
Specifies how many days until a Service Account Key expires. This should be an integer between 0 and 365 representing the number of days until the Service Account Key will expire. Defaults to 0, meaning the key will never expire.
isActive Boolean
name String
The name of the Service Key
serviceAccountId String
The id of the Service Account
token String
Autogenerated Service Key token. Used to configure a Twingate Client running in headless mode.

Package Details

Repository
twingate Twingate/pulumi-twingate
License
Apache-2.0
Notes
This Pulumi package is based on the twingate Terraform Provider.