»GPG Keys API

These endpoints are only relevant to private providers. When you publish a private provider to the Terraform Cloud private registry, you must upload the public key of the GPG keypair used to sign the release. Refer to Preparing and Adding a Signing Key for more details.

You need owners team or Manage Private Registry permissions to add, update, or delete GPG keys in a private registry.

»Add a GPG Key

POST /api/registry/:registry_name/v2/gpg-keys

»Parameters

Parameter	Description
`:registry_name`	Must be `private`.

Uploads a GPG Key to a private registry scoped with a namespace. The response will provide a "key-id", which is required to Create a Provider Version.

Status	Response	Reason
201	JSON API document (`type: "gpg-keys"`)	Successfully uploads a GPG key to a private provider
422	JSON API error object	Malformed request body (missing attributes, wrong types, etc.)
403	JSON API error object	Forbidden - not available for public providers
404	JSON API error object	User not authorized

»Request Body

This POST endpoint requires a JSON object with the following properties as a request payload.

Properties without a default value are required.

Key path	Type	Description
`data.type`	string	Must be `"gpg-keys"`.
`data.attributes.namespace`	string	The namespace of the provider. Must be the same as the `organization_name` for the provider.
`data.attributes.ascii-armor`	string	A valid gpg-key string.

»Sample Payload

{
  "data": {
    "type": "gpg-keys",
    "attributes": {
      "namespace": "hashicorp",
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n"
    }  }
}

{
  "data": {
    "type": "gpg-keys",
    "attributes": {
      "namespace": "hashicorp",
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n"
    }  }
}

»Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request POST \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request POST \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys

»Sample Response

{
  "data": {
    "type": "gpg-keys",
    "id": "23",
    "attributes": {
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "created-at": "2022-02-11T19:16:59Z",
      "key-id": "32966F3FB5AC1129",
      "namespace": "hashicorp",
      "source": "",
      "source-url": null,
      "trust-signature": "",
      "updated-at": "2022-02-11T19:16:59Z"
    },
    "links": {
      "self": "/v2/gpg-keys/23"
    }
  }
}

{
  "data": {
    "type": "gpg-keys",
    "id": "23",
    "attributes": {
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "created-at": "2022-02-11T19:16:59Z",
      "key-id": "32966F3FB5AC1129",
      "namespace": "hashicorp",
      "source": "",
      "source-url": null,
      "trust-signature": "",
      "updated-at": "2022-02-11T19:16:59Z"
    },
    "links": {
      "self": "/v2/gpg-keys/23"
    }
  }
}

»Get GPG Key

GET /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id

»Parameters

Parameter	Description
`:registry_name`	Must be `private`.
`:namespace`	The namespace of the provider scoped to the GPG key.
`:key_id`	The id of the GPG key.

Gets the content of a GPG key.

Status	Response	Reason
201	JSON API document (`type: "gpg-keys"`)	Successfully uppdates a GPG key
422	JSON API error object	Malformed request body (missing attributes, wrong types, etc.)
403	JSON API error object	Forbidden - not available for public providers
404	JSON API error object	GPG key not found or user not authorized

»Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request GET \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request GET \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129

»Sample Response

  "data": {
    "type": "gpg-keys",
    "id": "2",
    "attributes": {
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "created-at": "2022-02-24T17:07:25Z",
      "key-id": "32966F3FB5AC1129",
      "namespace": "hashicorp",
      "source": "",
      "source-url": null,
      "trust-signature": "",
      "updated-at": "2022-02-24T17:07:25Z"
    },
    "links": {
      "self": "/v2/gpg-keys/2"
    }
  }
}

  "data": {
    "type": "gpg-keys",
    "id": "2",
    "attributes": {
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "created-at": "2022-02-24T17:07:25Z",
      "key-id": "32966F3FB5AC1129",
      "namespace": "hashicorp",
      "source": "",
      "source-url": null,
      "trust-signature": "",
      "updated-at": "2022-02-24T17:07:25Z"
    },
    "links": {
      "self": "/v2/gpg-keys/2"
    }
  }
}

»Update a GPG Key

PATCH /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id

»Parameters

Parameter	Description
`:registry_name`	Must be `private`.
`:namespace`	The namespace of the provider scoped to the GPG key.
`:key_id`	The id of the GPG key.

Updates the specified GPG key. Only the namespace attribute can be updated, and namespace has to match an organization the user has permission to access.

Status	Response	Reason
201	JSON API document (`type: "gpg-keys"`)	Successfully uppdates a GPG key
422	JSON API error object	Malformed request body (missing attributes, wrong types, etc.)
403	JSON API error object	Forbidden - not available for public providers
404	JSON API error object	GPG key not found or user not authorized

»Request Body

This PATCH endpoint requires a JSON object with the following properties as a request payload.

Properties without a default value are required.

Key path	Type	Default	Description
`data.type`	string		Must be `"gpg-keys"`.
`data.attributes.namespace`	string		The namespace of the provider. Must be the same as the `organization_name` for the provider.

»Sample Payload

{
  "data": {
    "type": "gpg-keys",
    "attributes": {
      "namespace": "new-namespace",
    }
  }
}

{
  "data": {
    "type": "gpg-keys",
    "attributes": {
      "namespace": "new-namespace",
    }
  }
}

»Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request PATCH \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request PATCH \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129

»Sample Response

{
  "data": {
    "type": "gpg-keys",
    "id": "2",
    "attributes": {
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "created-at": "2022-02-24T17:07:25Z",
      "key-id": "32966F3FB5AC1129",
      "namespace": "new-name",
      "source": "",
      "source-url": null,
      "trust-signature": "",
      "updated-at": "2022-02-24T17:12:10Z"
    },
    "links": {
      "self": "/v2/gpg-keys/2"
    }
  }
}

{
  "data": {
    "type": "gpg-keys",
    "id": "2",
    "attributes": {
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "created-at": "2022-02-24T17:07:25Z",
      "key-id": "32966F3FB5AC1129",
      "namespace": "new-name",
      "source": "",
      "source-url": null,
      "trust-signature": "",
      "updated-at": "2022-02-24T17:12:10Z"
    },
    "links": {
      "self": "/v2/gpg-keys/2"
    }
  }
}

»Delete a GPG Key

DELETE /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id

»Parameters

Parameter	Description
`:registry_name`	Must be `private`.
`:namespace`	The namespace of the provider scoped to the GPG key.
`:key_id`	The id of the GPG key.

Status	Response	Reason
201	JSON API document (`type: "gpg-keys"`)	Successfully deletes a GPG key
422	JSON API error object	Malformed request body (missing attributes, wrong types, etc.)
403	JSON API error object	Forbidden - not available for public providers
404	JSON API error object	GPG key not found or user not authorized

»Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request DELETE \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request DELETE \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129

Terraform Cloud and Enterprise

Other Docs

»GPG Keys API

»Add a GPG Key

»Parameters

»Request Body

»Sample Payload

»Sample Request

»Sample Response

»Get GPG Key

»Parameters

»Sample Request

»Sample Response

»Update a GPG Key

»Parameters

»Request Body

»Sample Payload

»Sample Request

»Sample Response

»Delete a GPG Key

»Parameters

»Sample Request