---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "stackit_service_account_access_token Resource - stackit"
subcategory: ""
description: |-
  Service account access token schema.
  Example Usage
  Automatically rotate access tokens
  
  resource "stackit_service_account" "sa" {
    project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    name       = "sa01"
  }
  
  resource "time_rotating" "rotate" {
    rotation_days = 80
  }
  
  resource "stackit_service_account_access_token" "sa_token" {
    project_id            = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    service_account_email = stackit_service_account.sa.email
    ttl_days              = 180
  
    rotate_when_changed = {
      rotation = time_rotating.rotate.id
    }
  }
---

# stackit_service_account_access_token (Resource)

Service account access token schema.
## Example Usage


### Automatically rotate access tokens
```terraform
resource "stackit_service_account" "sa" {
  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  name       = "sa01"
}

resource "time_rotating" "rotate" {
  rotation_days = 80
}

resource "stackit_service_account_access_token" "sa_token" {
  project_id            = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  service_account_email = stackit_service_account.sa.email
  ttl_days              = 180

  rotate_when_changed = {
    rotation = time_rotating.rotate.id
  }
}

```



<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `project_id` (String) STACKIT project ID associated with the service account token.
- `service_account_email` (String) Email address linked to the service account.

### Optional

- `rotate_when_changed` (Map of String) A map of arbitrary key/value pairs that will force recreation of the token when they change, enabling token rotation based on external conditions such as a rotating timestamp. Changing this forces a new resource to be created.
- `ttl_days` (Number) Specifies the token's validity duration in days. If unspecified, defaults to 90 days.

### Read-Only

- `access_token_id` (String) Identifier for the access token linked to the service account.
- `active` (Boolean) Indicate whether the token is currently active or inactive
- `created_at` (String) Timestamp indicating when the access token was created.
- `id` (String) Terraform's internal resource identifier. It is structured as "`project_id`,`service_account_email`,`access_token_id`".
- `token` (String, Sensitive) JWT access token for API authentication. Prefixed by 'Bearer' and should be stored securely as it is irretrievable once lost.
- `valid_until` (String) Estimated expiration timestamp of the access token. For precise validity, check the JWT details.