June 20-22 Announcing HashiConf Europe full schedule: keynotes, sessions, labs & more Register Now
  • Overview
    • Enforce Policy as Code
    • Infrastructure as Code
    • Inject Secrets into Terraform
    • Integrate with Existing Workflows
    • Manage Kubernetes
    • Manage Network Infrastructure
    • Manage Virtual Machine Images
    • Multi-Cloud Deployment
    • Terraform CLI
    • Terraform Cloud
    • Terraform Enterprise
  • Registry
  • Tutorials
    • About the Docs
    • Intro to Terraform
    • Configuration Language
    • Terraform CLI
    • Terraform Cloud
    • Terraform Enterprise
    • Provider Use
    • Plugin Development
    • Registry Publishing
    • Integration Program
    • Terraform Tools
    • CDK for Terraform
    • Glossary
  • Community
GitHubTerraform Cloud
Download

    Terraform Cloud and Enterprise

  • Overview
  • Plans and Features
  • Getting Started
    • API Docs template
    • Overview
    • Account
    • Agent Pools
    • Agent Tokens
    • Applies
    • Audit Trails
    • Comments
    • Configuration Versions
    • Cost Estimates
    • Feature Sets
    • Invoices
    • IP Ranges
    • Notification Configurations
    • OAuth Clients
    • OAuth Tokens
    • Organizations
    • Organization Memberships
    • Organization Tags
    • Organization Tokens
    • Plan Exports
    • Plans
    • Policies
    • Policy Checks
    • Policy Sets
    • Policy Set Parameters
      • Modules
      • Providers
      • Private Provider Versions and Platforms
      • GPG Keys
    • Runs
    • Run Tasks
    • Run Tasks Integration
    • Run Triggers
    • SSH Keys
    • State Versions
    • State Version Outputs
    • Subscriptions
    • Team Access
    • Team Membership
    • Team Tokens
    • Teams
    • User Tokens
    • Users
    • Variables
    • VCS Events
    • Workspaces
    • Workspace-Specific Variables
    • Workspace Resources
    • Variable Sets
      • Overview
      • Module Sharing
      • Organizations
      • Runs
      • Settings
      • Terraform Versions
      • Users
      • Workspaces
    • Changelog
    • Stability Policy
    • Overview
    • Creating Workspaces
    • Naming
    • Terraform Configurations
      • Overview
      • Managing Variables
      • Overview
      • VCS Connections
      • Access
      • Notifications
      • SSH Keys for Modules
      • Run Triggers
      • Run Tasks
    • Terraform State
    • JSON Filtering
    • Remote Operations
    • Viewing and Managing Runs
    • Run States and Stages
    • Run Modes and Options
    • UI/VCS-driven Runs
    • API-driven Runs
    • CLI-driven Runs
    • The Run Environment
    • Installing Software
    • Users
    • Teams
    • Organizations
    • Permissions
    • Two-factor Authentication
    • API Tokens
      • Overview
      • Microsoft Azure AD
      • Okta
      • SAML
      • Linking a User Account
      • Testing
    • Overview
    • GitHub.com
    • GitHub.com (OAuth)
    • GitHub Enterprise
    • GitLab.com
    • GitLab EE and CE
    • Bitbucket Cloud
    • Bitbucket Server and Data Center
    • Azure DevOps Services
    • Azure DevOps Server
    • Troubleshooting
    • Overview
    • Adding Public Providers and Modules
    • Publishing Private Providers
    • Publishing Private Modules
    • Using Providers and Modules
    • Configuration Designer
  • Migrating to Terraform Cloud
    • Overview
    • Using Sentinel with Terraform 0.12
    • Manage Policies
    • Enforce and Override Policies
    • Mocking Terraform Sentinel Data
    • Working With JSON Result Data
      • Overview
      • tfconfig
      • tfconfig/v2
      • tfplan
      • tfplan/v2
      • tfstate
      • tfstate/v2
      • tfrun
    • Example Policies
    • Overview
    • AWS
    • GCP
    • Azure
      • Overview
      • Service Catalog
      • Admin Guide
      • Developer Reference
      • Example Customizations
      • V1 Setup Instructions
    • Splunk Integration
    • Kubernetes Integration
    • Run Tasks Integration
    • Overview
    • IP Ranges
    • Data Security
    • Security Model
    • Overview
    • Part 1: Overview of Our Recommended Workflow
    • Part 2: Evaluating Your Current Provisioning Practices
    • Part 3: How to Evolve Your Provisioning Practices
    • Part 3.1: From Manual Changes to Semi-Automation
    • Part 3.2: From Semi-Automation to Infrastructure as Code
    • Part 3.3: From Infrastructure as Code to Collaborative Infrastructure as Code
    • Part 3.4: Advanced Workflow Improvements

  • Terraform Cloud Agents

  • Terraform Enterprise Admin

  • Other Docs

  • Intro to Terraform
  • Configuration Language
  • Terraform CLI
  • Terraform Cloud
  • Terraform Enterprise
  • Provider Use
  • Plugin Development
  • Registry Publishing
  • Integration Program
  • Terraform Tools
  • CDK for Terraform
  • Glossary
Type '/' to Search

»GPG Keys API

These endpoints are only relevant to private providers. When you publish a private provider to the Terraform Cloud private registry, you must upload the public key of the GPG keypair used to sign the release. Refer to Preparing and Adding a Signing Key for more details.

You need owners team or Manage Private Registry permissions to add, update, or delete GPG keys in a private registry.

»Add a GPG Key

POST /api/registry/:registry_name/v2/gpg-keys

»Parameters

ParameterDescription
:registry_nameMust be private.

Uploads a GPG Key to a private registry scoped with a namespace. The response will provide a "key-id", which is required to Create a Provider Version.

StatusResponseReason
201JSON API document (type: "gpg-keys")Successfully uploads a GPG key to a private provider
422JSON API error objectMalformed request body (missing attributes, wrong types, etc.)
403JSON API error objectForbidden - not available for public providers
404JSON API error objectUser not authorized

»Request Body

This POST endpoint requires a JSON object with the following properties as a request payload.

Properties without a default value are required.

Key pathTypeDefaultDescription
data.typestringMust be "gpg-keys".
data.attributes.namespacestringThe namespace of the provider. Must be the same as the organization_name for the provider.
data.attributes.ascii-armorstringA valid gpg-key string.

»Sample Payload

{
  "data": {
    "type": "gpg-keys",
    "attributes": {
      "namespace": "hashicorp",
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n"
    }  }
}
{
  "data": {
    "type": "gpg-keys",
    "attributes": {
      "namespace": "hashicorp",
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n"
    }  }
}

»Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request POST \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys
curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request POST \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys

»Sample Response

{
  "data": {
    "type": "gpg-keys",
    "id": "23",
    "attributes": {
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "created-at": "2022-02-11T19:16:59Z",
      "key-id": "32966F3FB5AC1129",
      "namespace": "hashicorp",
      "source": "",
      "source-url": null,
      "trust-signature": "",
      "updated-at": "2022-02-11T19:16:59Z"
    },
    "links": {
      "self": "/v2/gpg-keys/23"
    }
  }
}
{
  "data": {
    "type": "gpg-keys",
    "id": "23",
    "attributes": {
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "created-at": "2022-02-11T19:16:59Z",
      "key-id": "32966F3FB5AC1129",
      "namespace": "hashicorp",
      "source": "",
      "source-url": null,
      "trust-signature": "",
      "updated-at": "2022-02-11T19:16:59Z"
    },
    "links": {
      "self": "/v2/gpg-keys/23"
    }
  }
}

»Get GPG Key

GET /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id

»Parameters

ParameterDescription
:registry_nameMust be private.
:namespaceThe namespace of the provider scoped to the GPG key.
:key_idThe id of the GPG key.

Gets the content of a GPG key.

StatusResponseReason
201JSON API document (type: "gpg-keys")Successfully uppdates a GPG key
422JSON API error objectMalformed request body (missing attributes, wrong types, etc.)
403JSON API error objectForbidden - not available for public providers
404JSON API error objectGPG key not found or user not authorized

»Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request GET \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129
curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request GET \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129

»Sample Response

  "data": {
    "type": "gpg-keys",
    "id": "2",
    "attributes": {
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "created-at": "2022-02-24T17:07:25Z",
      "key-id": "32966F3FB5AC1129",
      "namespace": "hashicorp",
      "source": "",
      "source-url": null,
      "trust-signature": "",
      "updated-at": "2022-02-24T17:07:25Z"
    },
    "links": {
      "self": "/v2/gpg-keys/2"
    }
  }
}
  "data": {
    "type": "gpg-keys",
    "id": "2",
    "attributes": {
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "created-at": "2022-02-24T17:07:25Z",
      "key-id": "32966F3FB5AC1129",
      "namespace": "hashicorp",
      "source": "",
      "source-url": null,
      "trust-signature": "",
      "updated-at": "2022-02-24T17:07:25Z"
    },
    "links": {
      "self": "/v2/gpg-keys/2"
    }
  }
}

»Update a GPG Key

PATCH /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id

»Parameters

ParameterDescription
:registry_nameMust be private.
:namespaceThe namespace of the provider scoped to the GPG key.
:key_idThe id of the GPG key.

Updates the specified GPG key. Only the namespace attribute can be updated, and namespace has to match an organization the user has permission to access.

StatusResponseReason
201JSON API document (type: "gpg-keys")Successfully uppdates a GPG key
422JSON API error objectMalformed request body (missing attributes, wrong types, etc.)
403JSON API error objectForbidden - not available for public providers
404JSON API error objectGPG key not found or user not authorized

»Request Body

This PATCH endpoint requires a JSON object with the following properties as a request payload.

Properties without a default value are required.

Key pathTypeDefaultDescription
data.typestringMust be "gpg-keys".
data.attributes.namespacestringThe namespace of the provider. Must be the same as the organization_name for the provider.

»Sample Payload

{
  "data": {
    "type": "gpg-keys",
    "attributes": {
      "namespace": "new-namespace",
    }
  }
}
{
  "data": {
    "type": "gpg-keys",
    "attributes": {
      "namespace": "new-namespace",
    }
  }
}

»Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request PATCH \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129
curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request PATCH \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129

»Sample Response

{
  "data": {
    "type": "gpg-keys",
    "id": "2",
    "attributes": {
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "created-at": "2022-02-24T17:07:25Z",
      "key-id": "32966F3FB5AC1129",
      "namespace": "new-name",
      "source": "",
      "source-url": null,
      "trust-signature": "",
      "updated-at": "2022-02-24T17:12:10Z"
    },
    "links": {
      "self": "/v2/gpg-keys/2"
    }
  }
}
{
  "data": {
    "type": "gpg-keys",
    "id": "2",
    "attributes": {
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "created-at": "2022-02-24T17:07:25Z",
      "key-id": "32966F3FB5AC1129",
      "namespace": "new-name",
      "source": "",
      "source-url": null,
      "trust-signature": "",
      "updated-at": "2022-02-24T17:12:10Z"
    },
    "links": {
      "self": "/v2/gpg-keys/2"
    }
  }
}

»Delete a GPG Key

DELETE /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id

»Parameters

ParameterDescription
:registry_nameMust be private.
:namespaceThe namespace of the provider scoped to the GPG key.
:key_idThe id of the GPG key.
StatusResponseReason
201JSON API document (type: "gpg-keys")Successfully deletes a GPG key
422JSON API error objectMalformed request body (missing attributes, wrong types, etc.)
403JSON API error objectForbidden - not available for public providers
404JSON API error objectGPG key not found or user not authorized

»Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request DELETE \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129
curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request DELETE \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129
github logoEdit this page
  • Overview
  • Docs
  • Extend
  • Privacy
  • Security
  • Press Kit
  • Consent Manager