Disable a ServiceAccountKey. A disabled service account key can be re-enabled with keys.enable.
HTTP request
POST https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*/keys/*}:disable
The URL uses gRPC Transcoding syntax.
Path parameters
| Parameters | |
|---|---|
| name | 
 Required. The resource name of the service account key. Use one of the following formats: 
 As an alternative, you can use the  
 When possible, avoid using the  Authorization requires the following IAM permission on the specified resource  
 | 
Request body
The request body contains data with the following structure:
| JSON representation | 
|---|
| {
  "serviceAccountKeyDisableReason": enum ( | 
| Fields | |
|---|---|
| serviceAccountKeyDisableReason | 
 Optional. Describes the reason this key is being disabled. If unspecified, the default value of SERVICE_ACCOUNT_KEY_DISABLE_REASON_USER_INITIATED will be used. | 
| extendedStatusMessage | 
 Optional. Usable by internal google services only. An extendedStatusMessage can be used to include additional information about the key, such as its private key data being exposed on a public repository like GitHub. | 
Response body
If successful, the response body is an empty JSON object.
Authorization scopes
Requires one of the following OAuth scopes:
- https://www.googleapis.com/auth/iam
- https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.