HashiCorp Developer AI Private beta now available Sign up today
Terraform
Terraform Home

You are viewing documentation for version v202211-1. View latest version.

SSH Keys

The ssh-key object represents an SSH key which includes a name and the SSH private key. An organization can have multiple SSH keys available.

SSH keys can be used in two places:

  • They can be assigned to VCS provider integrations (available in the API as oauth-tokens). Azure DevOps Server and Bitbucket Server require an SSH key. Other providers only need an SSH key if your repositories include submodules that are only accessible via SSH (instead of your VCS provider's API).
  • They can be assigned to workspaces and used when Terraform needs to clone modules from a Git server. This is only necessary when your configurations directly reference modules from a Git server; you do not need to do this if you use Terraform Cloud's private module registry.

Listing and viewing SSH keys requires either permission to manage VCS settings for the organization, or admin access to at least one workspace. (More about permissions.)

Important: The list and read methods on this API only provide metadata about SSH keys. The actual private key text is write-only, and Terraform Cloud never provides it to users via the API or UI.

List SSH Keys

GET /organizations/:organization_name/ssh-keys

ParameterDescription
:organization_nameThe name of the organization to list SSH keys for.

Note: This endpoint cannot be accessed with organization tokens. You must access it with a user token or team token.

StatusResponseReason
200Array of JSON API documents (type: "ssh-keys")Success
404JSON API error objectOrganization not found or user not authorized

Query Parameters

This endpoint supports pagination with standard URL query parameters. Remember to percent-encode [ as %5B and ] as %5D if your tooling doesn't automatically encode URLs. If neither pagination query parameters are provided, the endpoint will not be paginated and will return all results.

ParameterDescription
page[number]Optional. If omitted, the endpoint will return the first page.
page[size]Optional. If omitted, the endpoint will return 20 ssh keys per page.

Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  https://app.terraform.io/api/v2/organizations/my-organization/ssh-keys

Sample Response

{
  "data": [
    {
      "attributes": {
        "name": "SSH Key"
      },
      "id": "sshkey-GxrePWre1Ezug7aM",
      "links": {
        "self": "/api/v2/ssh-keys/sshkey-GxrePWre1Ezug7aM"
      },
      "type": "ssh-keys"
    }
  ]
}

Get an SSH Key

GET /ssh-keys/:ssh_key_id

ParameterDescription
:ssh_key_idThe SSH key ID to get.

This endpoint is for looking up the name associated with an SSH key ID. It does not retrieve the key text.

Note: This endpoint cannot be accessed with organization tokens. You must access it with a user token or team token.

StatusResponseReason
200JSON API document (type: "ssh-keys")Success
404JSON API error objectSSH key not found or user not authorized

Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  https://app.terraform.io/api/v2/ssh-keys/sshkey-GxrePWre1Ezug7aM

Sample Response

{
  "data": {
    "attributes": {
      "name": "SSH Key"
    },
    "id": "sshkey-GxrePWre1Ezug7aM",
    "links": {
      "self": "/api/v2/ssh-keys/sshkey-GxrePWre1Ezug7aM"
    },
    "type": "ssh-keys"
  }
}

Create an SSH Key

POST /organizations/:organization_name/ssh-keys

ParameterDescription
:organization_nameThe name of the organization to create an SSH key in. The organization must already exist, and the token authenticating the API request must have permission to manage VCS settings. (More about permissions.)

Note: This endpoint cannot be accessed with organization tokens. You must access it with a user token or team token.

StatusResponseReason
201JSON API document (type: "ssh-keys")Success
422JSON API error objectMalformed request body (missing attributes, wrong types, etc.)
404JSON API error objectUser not authorized

Request Body

This POST endpoint requires a JSON object with the following properties as a request payload.

Properties without a default value are required.

Key pathTypeDefaultDescription
data.typestringMust be "ssh-keys".
data.attributes.namestringA name to identify the SSH key.
data.attributes.valuestringThe text of the SSH private key.

Sample Payload

{
  "data": {
    "type": "ssh-keys",
    "attributes": {
      "name": "SSH Key",
      "value": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAm6+JVgl..."
    }
  }
}

Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request POST \
  --data @payload.json \
  https://app.terraform.io/api/v2/organizations/my-organization/ssh-keys

Sample Response

{
  "data": {
    "attributes": {
      "name": "SSH Key"
    },
    "id": "sshkey-GxrePWre1Ezug7aM",
    "links": {
      "self": "/api/v2/ssh-keys/sshkey-GxrePWre1Ezug7aM"
    },
    "type": "ssh-keys"
  }
}

Update an SSH Key

PATCH /ssh-keys/:ssh_key_id

ParameterDescription
:ssh_key_idThe SSH key ID to update.

This endpoint replaces the name of an existing SSH key.

Editing SSH keys requires permission to manage VCS settings. (More about permissions.)

Note: This endpoint cannot be accessed with organization tokens. You must access it with a user token or team token.

StatusResponseReason
200JSON API document (type: "ssh-keys")Success
404JSON API error objectSSH key not found or user not authorized

Request Body

This POST endpoint requires a JSON object with the following properties as a request payload.

Properties without a default value are required.

Key pathTypeDefaultDescription
data.typestringMust be "ssh-keys".
data.attributes.namestring(nothing)A name to identify the SSH key. If omitted, the existing name is preserved.

Sample Payload

{
  "data": {
    "attributes": {
      "name": "SSH Key for GitHub"
    }
  }
}

Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request PATCH \
  --data @payload.json \
  https://app.terraform.io/api/v2/ssh-keys/sshkey-GxrePWre1Ezug7aM

Sample Response

{
  "data": {
    "attributes": {
      "name": "SSH Key for GitHub"
    },
    "id": "sshkey-GxrePWre1Ezug7aM",
    "links": {
      "self": "/api/v2/ssh-keys/sshkey-GxrePWre1Ezug7aM"
    },
    "type": "ssh-keys"
  }
}

Delete an SSH Key

DELETE /ssh-keys/:ssh_key_id

ParameterDescription
:ssh_key_idThe SSH key ID to delete.

Deleting SSH keys requires permission to manage VCS settings. (More about permissions.)

Note: This endpoint cannot be accessed with organization tokens. You must access it with a user token or team token.

StatusResponseReason
204NothingSuccess
404JSON API error objectSSH key not found or user not authorized

Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request DELETE \
  https://app.terraform.io/api/v2/ssh-keys/sshkey-GxrePWre1Ezug7aM