google_service_account_jwt

This data source provides a self-signed JWT. Tokens issued from this data source are typically used to call external services that accept JWTs for authentication.

Example Usage

Note: in order to use the following, the caller must have _at least_ roles/iam.serviceAccountTokenCreator on the target_service_account.

data "google_service_account_jwt" "foo" {
  target_service_account = "impersonated-account@project.iam.gserviceaccount.com"

  payload = jsonencode({
    foo: "bar",
    sub: "subject",
  })

  expires_in = 60
}

output "jwt" {
  value = data.google_service_account_jwt.foo.jwt
}

Argument Reference

The following arguments are supported:

Attributes Reference

The following attribute is exported: