hcp iam service-principals keys create

Command: hcp iam service-principals keys create

The hcp iam service-principals keys create command creates a new service principal key.

To output the generated keys to a credential file, pass the --output-cred-file flag. The credential file can be used to authenticate as the service principal. The benefit of using the credential file is that it avoids printing the Client ID and Client Secret to the terminal, and allows the credentials to be stored in a way that is less likely to leak into shell history. The HCP CLI allows authenticating via credential files using hcp auth login --cred-file=PATH. Prefer using credential files if your workflow allows it.

To create a key for an organization service principal, pass the service principal's resource name or set the --project flag to - and pass its resource name suffix.

Usage

$ hcp iam service-principals keys create SP_NAME [Optional Flags]

Examples

Create a new service principal key:

$ hcp iam service-principals keys create my-service-principal

Create a new service principal key specifying the resource name of the service principal:

$ hcp iam service-principals keys create \
  iam/project/123/service-principal/my-service-principal

Output the new service principal key to a credential file:

$ hcp iam service-principals keys create my-service-principal \
  --output-cred-file=my-service-principal-creds.json

Positional arguments

SP_NAME - The name of the service principal to create a key for. The name may be specified as either:
- The service principal's resource name. Formatted as one of the following:
  - iam/project/PROJECT_ID/service-principal/SP_NAME
  - iam/organization/ORG_ID/service-principal/SP_NAME
- The resource name suffix, SP_NAME.

Flags

--output-cred-file=PATH - Output the created service principal key to a credential file. The file type must be json.