Static keys provide a method of authentication in Nebius AI Cloud services from third-party tools and systems.
Before you start
Install and configure the Nebius AI Cloud CLI.
Create a static key
Run the following command:
nebius iam static-key issue \
--account-service-account-id=<service_account_ID> \
--service=<CONTAINER_REGISTRY|OBSERVABILITY> \
--expires-at=<date_in_ISO_8601_format>
-
--account-service-account-id: The ID of the service account for which the static key is created.
-
--service: The service for which you create the static key. The following values are possible:
-
--expires-at (optional): The date of expiration in ISO 8601 format. The default lifetime of a static key is 6 months.
Output example:
...
metadata:
parent_id: project-***
spec:
account:
service_account:
id: serviceaccount-***
service: CONTAINER_REGISTRY
resource_id: statickey-***
token: ********
Save the token from the token parameter of the output. You will not be able to access it later.
resource_id parameter. The ID can be helpful later if you need to get the information about the static key or revoke it.
List static keys
To get all static keys in your tenant, run the following command:
nebius iam static-key list
nebius iam static-key get --id=<static_key_ID>
Revoke a static key
You can revoke a static key by using the following command:
nebius iam static-key delete --id=<static_key_ID>
nebius iam static-key revoke --token=<static_key_token>
