SSH keys API reference
Thessh-key object represents an SSH key which includes a name and the SSH private key. An organization can have multiple SSH keys available.
SSH keys can be used in two places:
- You can assign them to VCS provider integrations, which are available in the API as
oauth-tokens. Refer toOAuth Tokens for additional information. Azure DevOps Server and Bitbucket Data Center require an SSH key. Other providers only require an SSH key when your repositories include submodules that are only accessible using an SSH connection instead of your VCS provider's API. - They can beassigned to workspaces and used when Terraform needs to clone modules from a Git server. This is only necessary when your configurations directly reference modules from a Git server; you do not need to do this if you use HCP Terraform'sprivate module registry.
Listing and viewing SSH keys requires either permission to manage VCS settings for the organization, or admin access to at least one workspace. (More about permissions.)
Important: The list and read methods on this API only provide metadata about SSH keys. The actual private key text is write-only, and HCP Terraform never provides it to users via the API or UI.
List SSH Keys
GET /organizations/:organization_name/ssh-keys
| Parameter | Description |
|---|---|
:organization_name | The name of the organization to list SSH keys for. |
Note: This endpoint cannot be accessed withorganization tokens. You must access it with auser token orteam token.
| Status | Response | Reason |
|---|---|---|
| 200 | Array ofJSON API documents (type: "ssh-keys") | Success |
| 404 | JSON API error object | Organization not found or user not authorized |
Query Parameters
This endpoint supports paginationwith standard URL query parameters. Remember to percent-encode[ as%5B and] as%5D if your tooling doesn't automatically encode URLs. If neither pagination query parameters are provided, the endpoint will not be paginated and will return all results.
| Parameter | Description |
|---|---|
page[number] | Optional. If omitted, the endpoint will return the first page. |
page[size] | Optional. If omitted, the endpoint will return 20 ssh keys per page. |
Sample Request
curl \ --header "Authorization: Bearer $TOKEN" \ https://app.terraform.io/api/v2/organizations/my-organization/ssh-keysSample Response
{ "data": [ { "attributes": { "name": "SSH Key" }, "id": "sshkey-GxrePWre1Ezug7aM", "links": { "self": "/api/v2/ssh-keys/sshkey-GxrePWre1Ezug7aM" }, "type": "ssh-keys" } ]}Get an SSH Key
GET /ssh-keys/:ssh_key_id
| Parameter | Description |
|---|---|
:ssh_key_id | The SSH key ID to get. |
This endpoint is for looking up the name associated with an SSH key ID. It does not retrieve the key text.
Note: This endpoint cannot be accessed withorganization tokens. You must access it with auser token orteam token.
| Status | Response | Reason |
|---|---|---|
| 200 | JSON API document (type: "ssh-keys") | Success |
| 404 | JSON API error object | SSH key not found or user not authorized |
Sample Request
curl \ --header "Authorization: Bearer $TOKEN" \ https://app.terraform.io/api/v2/ssh-keys/sshkey-GxrePWre1Ezug7aMSample Response
{ "data": { "attributes": { "name": "SSH Key" }, "id": "sshkey-GxrePWre1Ezug7aM", "links": { "self": "/api/v2/ssh-keys/sshkey-GxrePWre1Ezug7aM" }, "type": "ssh-keys" }}Create an SSH Key
POST /organizations/:organization_name/ssh-keys
| Parameter | Description |
|---|---|
:organization_name | The name of the organization to create an SSH key in. The organization must already exist, and the token authenticating the API request must have permission to manage VCS settings. (More about permissions.) |
Note: This endpoint cannot be accessed withorganization tokens. You must access it with auser token orteam token.
| Status | Response | Reason |
|---|---|---|
| 201 | JSON API document (type: "ssh-keys") | Success |
| 422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
| 404 | JSON API error object | User not authorized |
Request Body
This POST endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
| Key path | Type | Default | Description |
|---|---|---|---|
data.type | string | Must be"ssh-keys". | |
data.attributes.name | string | A name to identify the SSH key. | |
data.attributes.value | string | The text of the SSH private key. |
Sample Payload
{ "data": { "type": "ssh-keys", "attributes": { "name": "SSH Key", "value": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAm6+JVgl..." } }}Sample Request
curl \ --header "Authorization: Bearer $TOKEN" \ --header "Content-Type: application/vnd.api+json" \ --request POST \ --data @payload.json \ https://app.terraform.io/api/v2/organizations/my-organization/ssh-keysSample Response
{ "data": { "attributes": { "name": "SSH Key" }, "id": "sshkey-GxrePWre1Ezug7aM", "links": { "self": "/api/v2/ssh-keys/sshkey-GxrePWre1Ezug7aM" }, "type": "ssh-keys" }}Update an SSH Key
PATCH /ssh-keys/:ssh_key_id
| Parameter | Description |
|---|---|
:ssh_key_id | The SSH key ID to update. |
This endpoint replaces the name of an existing SSH key.
Editing SSH keys requires permission to manage VCS settings. (More about permissions.)
Note: This endpoint cannot be accessed withorganization tokens. You must access it with auser token orteam token.
| Status | Response | Reason |
|---|---|---|
| 200 | JSON API document (type: "ssh-keys") | Success |
| 404 | JSON API error object | SSH key not found or user not authorized |
Request Body
This POST endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
| Key path | Type | Default | Description |
|---|---|---|---|
data.type | string | Must be"ssh-keys". | |
data.attributes.name | string | (nothing) | A name to identify the SSH key. If omitted, the existing name is preserved. |
Sample Payload
{ "data": { "attributes": { "name": "SSH Key for GitHub" } }}Sample Request
curl \ --header "Authorization: Bearer $TOKEN" \ --header "Content-Type: application/vnd.api+json" \ --request PATCH \ --data @payload.json \ https://app.terraform.io/api/v2/ssh-keys/sshkey-GxrePWre1Ezug7aMSample Response
{ "data": { "attributes": { "name": "SSH Key for GitHub" }, "id": "sshkey-GxrePWre1Ezug7aM", "links": { "self": "/api/v2/ssh-keys/sshkey-GxrePWre1Ezug7aM" }, "type": "ssh-keys" }}Delete an SSH Key
DELETE /ssh-keys/:ssh_key_id
| Parameter | Description |
|---|---|
:ssh_key_id | The SSH key ID to delete. |
Deleting SSH keys requires permission to manage VCS settings. (More about permissions.)
Note: This endpoint cannot be accessed withorganization tokens. You must access it with auser token orteam token.
| Status | Response | Reason |
|---|---|---|
| 204 | No Content | Success |
| 404 | JSON API error object | SSH key not found or user not authorized |
Sample Request
curl \ --header "Authorization: Bearer $TOKEN" \ --header "Content-Type: application/vnd.api+json" \ --request DELETE \ https://app.terraform.io/api/v2/ssh-keys/sshkey-GxrePWre1Ezug7aM