stackitcloud
diff --git a/‎docs/resources/service_account_key.md‎
Lines changed: 74 additions & 0 deletions b/‎docs/resources/service_account_key.md‎
Lines changed: 74 additions & 0 deletions
diff --git a/‎go.mod‎
Lines changed: 7 additions & 2 deletions b/‎go.mod‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎go.sum‎
Lines changed: 0 additions & 2 deletions b/‎go.sum‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎stackit/internal/conversion/conversion.go‎
Lines changed: 3 additions & 3 deletions b/‎stackit/internal/conversion/conversion.go‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎stackit/internal/services/serviceaccount/key/const.go‎
Lines changed: 24 additions & 0 deletions b/‎stackit/internal/services/serviceaccount/key/const.go‎
Lines changed: 24 additions & 0 deletions
@@ -0,0 +1,74 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_service_account_key Resource - stackit"
+subcategory: ""
+description: |-
+  Schema for a STACKIT service account access key resource.
+  ~> This resource is in beta and may be subject to breaking changes in the future. Use with caution. See our guide https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources for how to opt-in to use beta resources.
+  Example Usage
+  Automatically rotate access tokens
+  
+  resource "stackit_service_account" "sa" {
+    project_id = var.stackit_project_id
+    name 		 = "sa01"
+  }
+  
+  resource "time_rotating" "rotate" {
+    rotation_days = 80
+  }
+  
+  resource "stackit_service_account_key" "sakey" {
+    project_id            = var.stackit_project_id
+    service_account_email = stackit_service_account.sa.email
+    ttl_days              = 90
+  }
+---
+
+# stackit_service_account_key (Resource)
+
+Schema for a STACKIT service account access key resource.
+
+~> This resource is in beta and may be subject to breaking changes in the future. Use with caution. See our [guide](https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources) for how to opt-in to use beta resources.
+## Example Usage
+
+
+### Automatically rotate access tokens
+```terraform
+resource "stackit_service_account" "sa" {
+  project_id = var.stackit_project_id
+  name 		 = "sa01"
+}
+
+resource "time_rotating" "rotate" {
+  rotation_days = 80
+}
+
+resource "stackit_service_account_key" "sakey" {
+  project_id            = var.stackit_project_id
+  service_account_email = stackit_service_account.sa.email
+  ttl_days              = 90
+}
+
+```
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `project_id` (String) The STACKIT project ID associated with the service account key.
+- `service_account_email` (String) The email address associated with the service account, used for account identification and communication.
+
+### Optional
+
+- `public_key` (String) Specifies the certificate file (certificate.pem) required for generating the public and private keys. If not provided, a default certificate from STACKIT will be used.
+- `rotate_when_changed` (Map of String) A map of arbitrary key/value pairs designed to force key recreation when they change, facilitating key rotation based on external factors such as a changing timestamp. Modifying this map triggers the creation of a new resource.
+- `ttl_days` (Number) Specifies the key's validity duration in days. If left unspecified, the key is considered valid until it is deleted
+
+### Read-Only
+
+- `id` (String) The unique internal identifier for the Terraform resource, formatted as a combination of 'project_id,key_id'.
+- `json` (String, Sensitive) The raw JSON representation of the API response, available for direct use.
+- `key_id` (String) The unique identifier for the key associated with the service account.
@@ -37,7 +37,12 @@ require (
 	golang.org/x/mod v0.23.0
 )
 
-require github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
 
 require (
 	github.com/ProtonMail/go-crypto v1.1.0-alpha.2 // indirect
@@ -76,7 +81,7 @@ require (
 	github.com/oklog/run v1.1.0 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
 	github.com/stackitcloud/stackit-sdk-go/services/authorization v0.6.0
-	github.com/stretchr/testify v1.8.4 // indirect
+	github.com/stretchr/testify v1.8.4
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
 	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 
@@ -195,8 +195,6 @@ github.com/stackitcloud/stackit-sdk-go/services/serviceenablement v0.5.0 h1:QG+r
 github.com/stackitcloud/stackit-sdk-go/services/serviceenablement v0.5.0/go.mod h1:16dOVT052cMuHhUJ3NIcPuY7TrpCr9QlxmvvfjLZubA=
 github.com/stackitcloud/stackit-sdk-go/services/ske v0.22.0 h1:3KUVls8zXsbT2tOYRSHyp3/l0Kpjl4f3INmQKYTe65Y=
 github.com/stackitcloud/stackit-sdk-go/services/ske v0.22.0/go.mod h1:63IvXpBJTIVONAnGPSDo0sRJ+6n6tzO918OLqfYBxto=
-github.com/stackitcloud/stackit-sdk-go/services/sqlserverflex v0.10.0 h1:STq6VaVUeHLeXzl1r5E4+MK5lcNVtdKjjP7N0XOowY4=
-github.com/stackitcloud/stackit-sdk-go/services/sqlserverflex v0.10.0/go.mod h1:hdeLDwSCOmGIYtY4DGN15kjL44DQvo/txHXtTEvZidA=
 github.com/stackitcloud/stackit-sdk-go/services/sqlserverflex v1.0.0 h1:RYJO0rZea9+sxVfaJDWRo2zgfKNgiUcA5c0nbvZURiU=
 github.com/stackitcloud/stackit-sdk-go/services/sqlserverflex v1.0.0/go.mod h1:d2ICXCS2h3IMsZW0OanWkEH2XdLiY/XRKx2TcR940nw=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 
@@ -136,7 +136,7 @@ func StringListToPointer(list basetypes.ListValue) (*[]string, error) {
 
 // ToJSONMApPartialUpdatePayload returns a map[string]interface{} to be used in a PATCH request payload.
 // It takes a current map as it is in the terraform state and a desired map as it is in the user configuratiom
-// and builds a map which sets to null keys that should be removed, updates the values of existing keys and adds new keys
+// and builds a map which sets to null key that should be removed, updates the values of existing key and adds new key
 // This method is needed because in partial updates, e.g. if the key is not provided it is ignored and not removed
 func ToJSONMapPartialUpdatePayload(ctx context.Context, current, desired types.Map) (map[string]interface{}, error) {
 	currentMap, err := ToStringInterfaceMap(ctx, current)
@@ -150,7 +150,7 @@ func ToJSONMapPartialUpdatePayload(ctx context.Context, current, desired types.M
 	}
 
 	mapPayload := map[string]interface{}{}
-	// Update and remove existing keys
+	// Update and remove existing key
 	for k := range currentMap {
 		if desiredValue, ok := desiredMap[k]; ok {
 			mapPayload[k] = desiredValue
@@ -159,7 +159,7 @@ func ToJSONMapPartialUpdatePayload(ctx context.Context, current, desired types.M
 		}
 	}
 
-	// Add new keys
+	// Add new key
 	for k, desiredValue := range desiredMap {
 		if _, ok := mapPayload[k]; !ok {
 			mapPayload[k] = desiredValue
 
@@ -0,0 +1,24 @@
+package key
+
+const markdownDescription = `
+Schema for a STACKIT service account access key resource.` + "\n" + `
+~> This resource is in beta and may be subject to breaking changes in the future. Use with caution. See our [guide](https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources) for how to opt-in to use beta resources.
+## Example Usage` + "\n" + `
+
+### Automatically rotate access tokens` + "\n" +
+	"```terraform" + `
+resource "stackit_service_account" "sa" {
+  project_id = var.stackit_project_id
+  name 		 = "sa01"
+}
+
+resource "time_rotating" "rotate" {
+  rotation_days = 80
+}
+
+resource "stackit_service_account_key" "sakey" {
+  project_id            = var.stackit_project_id
+  service_account_email = stackit_service_account.sa.email
+  ttl_days              = 90
+}
+` + "\n```"