• HashiCorp Developer

  • HashiCorp Cloud Platform
  • Terraform
  • Packer
  • Consul
  • Vault
  • Boundary
  • Nomad
  • Waypoint
  • Vagrant
Terraform
  • Install
  • Tutorials
    • About the Docs
    • Configuration Language
    • Terraform CLI
    • Terraform Cloud
    • Terraform Enterprise
    • CDK for Terraform
    • Provider Use
    • Plugin Development
    • Registry Publishing
    • Integration Program
  • Registry(opens in new tab)
  • Try Cloud(opens in new tab)
  • Sign up
Terraform Home

Terraform Cloud

Skip to main content
  • Terraform Cloud

  • Overview
  • Plans and Features
  • Getting Started
    • Overview
    • Account
    • Agent Pools
    • Agent Tokens
    • Applies
    • Audit Trails
    • Assessment Results
    • Comments
    • Configuration Versions
    • Cost Estimates
    • Feature Sets
    • Invoices
    • IP Ranges
    • Notification Configurations
    • OAuth Clients
    • OAuth Tokens
    • Organizations
    • Organization Memberships
    • Organization Tags
    • Organization Tokens
    • Plan Exports
    • Plans
    • Policies
    • Policy Checks
    • Policy Sets
    • Policy Set Parameters
      • Modules
      • Providers
      • Private Provider Versions and Platforms
      • GPG Keys
    • Projects
    • Project Team Access
    • Runs
    • Run Triggers
    • SSH Keys
    • State Versions
    • State Version Outputs
    • Subscriptions
    • Team Membership
    • Team Tokens
    • Teams
    • User Tokens
    • Users
    • Variables
    • VCS Events
    • Workspaces
    • Workspace-Specific Variables
    • Workspace Team Access
    • Workspace Resources
    • Variable Sets
    • Changelog
    • Stability Policy
  • Migrating to Terraform Cloud

  • Terraform Cloud Agents

  • Resources

  • Tutorial Library
  • Certifications
  • Community Forum
    (opens in new tab)
  • Support
    (opens in new tab)
  • GitHub
    (opens in new tab)
  • Terraform Registry
    (opens in new tab)
  1. Developer
  2. Terraform
  3. Terraform Cloud
  4. API
  5. Private Registry
  6. GPG Keys

»GPG Keys API

These endpoints are only relevant to private providers. When you publish a private provider to the Terraform Cloud private registry, you must upload the public key of the GPG keypair used to sign the release. Refer to Preparing and Adding a Signing Key for more details.

You need owners team or Manage Private Registry permissions to add, update, or delete GPG keys in a private registry.

List GPG Keys

GET /api/registry/:registry_name/v2/gpg-keys

Parameters

ParameterDescription
:registry_nameMust be private.

Query Parameters

This endpoint supports pagination with standard URL query parameters. Remember to percent-encode [ as %5B and ] as %5D if your tooling does not automatically encode URLs.

ParameterDescription
filter[namespace]Required. A comma-separated list of one or more namespaces. The namespaces must be authorized TFC/TFE organization names.
page[number]Optional. If omitted, the endpoint returns the first page.
page[size]Optional. If omitted, the endpoint returns 20 GPG keys per page.

Gets a list of GPG keys belonging to the specified namespaces.

StatusResponseReason
200JSON API document (type: "gpg-keys")Successfully fetched GPG keys
400JSON API error objectError - missing namespaces in request
403JSON API error objectForbidden - no authorized namespaces specified in request

Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request GET \
  "https://app.terraform.io/api/registry/private/v2/gpg-keys?filter%5Bnamespace%5D=my-organization,my-other-organization"

Sample Response

{
  "data": [
    {
      "type": "gpg-keys",
      "id": "1",
      "attributes": {
        "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----...",
        "created-at": "2022-02-08T19:15:47Z",
        "key-id": "C4E5E6C66C79C778",
        "namespace": "my-other-organization",
        "source": "",
        "source-url": null,
        "trust-signature": "",
        "updated-at": "2022-02-08T19:15:47Z"
      },
      "links": {
        "self": "/v2/gpg-keys/1"
      }
    },
    {
      "type": "gpg-keys",
      "id": "140",
      "attributes": {
        "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----...",
        "created-at": "2022-04-28T21:32:11Z",
        "key-id": "C4E5E6C66C79C778",
        "namespace": "my-organization",
        "source": "",
        "source-url": null,
        "trust-signature": "",
        "updated-at": "2022-04-28T21:32:11Z"
      },
      "links": {
        "self": "/v2/gpg-keys/140"
      }
    }
  ],
  "links": {
    "first": "/v2/gpg-keys?filter%5Bnamespace%5D=my-organization%2Cmy-other-organization&page%5Bnumber%5D=1&page%5Bsize%5D=15",
    "last": "/v2/gpg-keys?filter%5Bnamespace%5D=my-organization%2Cmy-other-organization&page%5Bnumber%5D=1&page%5Bsize%5D=15",
    "next": null,
    "prev": null
  },
  "meta": {
    "pagination": {
      "page-size": 15,
      "current-page": 1,
      "next-page": null,
      "prev-page": null,
      "total-pages": 1,
      "total-count": 2
    }
  }
}

Add a GPG Key

POST /api/registry/:registry_name/v2/gpg-keys

Parameters

ParameterDescription
:registry_nameMust be private.

Uploads a GPG Key to a private registry scoped with a namespace. The response will provide a "key-id", which is required to Create a Provider Version.

StatusResponseReason
201JSON API document (type: "gpg-keys")Successfully uploads a GPG key to a private provider
422JSON API error objectMalformed request body (missing attributes, wrong types, etc.)
403JSON API error objectForbidden - not available for public providers
404JSON API error objectUser not authorized

Request Body

This POST endpoint requires a JSON object with the following properties as a request payload.

Properties without a default value are required.

Key pathTypeDefaultDescription
data.typestringMust be "gpg-keys".
data.attributes.namespacestringThe namespace of the provider. Must be the same as the organization_name for the provider.
data.attributes.ascii-armorstringA valid gpg-key string.

Sample Payload

{
  "data": {
    "type": "gpg-keys",
    "attributes": {
      "namespace": "hashicorp",
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n"
    }  }
}

Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request POST \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys

Sample Response

{
  "data": {
    "type": "gpg-keys",
    "id": "23",
    "attributes": {
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "created-at": "2022-02-11T19:16:59Z",
      "key-id": "32966F3FB5AC1129",
      "namespace": "hashicorp",
      "source": "",
      "source-url": null,
      "trust-signature": "",
      "updated-at": "2022-02-11T19:16:59Z"
    },
    "links": {
      "self": "/v2/gpg-keys/23"
    }
  }
}

Get GPG Key

GET /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id

Parameters

ParameterDescription
:registry_nameMust be private.
:namespaceThe namespace of the provider scoped to the GPG key.
:key_idThe id of the GPG key.

Gets the content of a GPG key.

StatusResponseReason
200JSON API document (type: "gpg-keys")Successfully fetched GPG key
403JSON API error objectForbidden - not available for public providers
404JSON API error objectGPG key not found or user not authorized

Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request GET \
  https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129

Sample Response

  "data": {
    "type": "gpg-keys",
    "id": "2",
    "attributes": {
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "created-at": "2022-02-24T17:07:25Z",
      "key-id": "32966F3FB5AC1129",
      "namespace": "hashicorp",
      "source": "",
      "source-url": null,
      "trust-signature": "",
      "updated-at": "2022-02-24T17:07:25Z"
    },
    "links": {
      "self": "/v2/gpg-keys/2"
    }
  }
}

Update a GPG Key

PATCH /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id

Parameters

ParameterDescription
:registry_nameMust be private.
:namespaceThe namespace of the provider scoped to the GPG key.
:key_idThe id of the GPG key.

Updates the specified GPG key. Only the namespace attribute can be updated, and namespace has to match an organization the user has permission to access.

StatusResponseReason
201JSON API document (type: "gpg-keys")Successfully updates a GPG key
422JSON API error objectMalformed request body (missing attributes, wrong types, etc.)
403JSON API error objectForbidden - not available for public providers
404JSON API error objectGPG key not found or user not authorized

Request Body

This PATCH endpoint requires a JSON object with the following properties as a request payload.

Properties without a default value are required.

Key pathTypeDefaultDescription
data.typestringMust be "gpg-keys".
data.attributes.namespacestringThe namespace of the provider. Must be the same as the organization_name for the provider.

Sample Payload

{
  "data": {
    "type": "gpg-keys",
    "attributes": {
      "namespace": "new-namespace",
    }
  }
}

Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request PATCH \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129

Sample Response

{
  "data": {
    "type": "gpg-keys",
    "id": "2",
    "attributes": {
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "created-at": "2022-02-24T17:07:25Z",
      "key-id": "32966F3FB5AC1129",
      "namespace": "new-name",
      "source": "",
      "source-url": null,
      "trust-signature": "",
      "updated-at": "2022-02-24T17:12:10Z"
    },
    "links": {
      "self": "/v2/gpg-keys/2"
    }
  }
}

Delete a GPG Key

DELETE /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id

Parameters

ParameterDescription
:registry_nameMust be private.
:namespaceThe namespace of the provider scoped to the GPG key.
:key_idThe id of the GPG key.
StatusResponseReason
201JSON API document (type: "gpg-keys")Successfully deletes a GPG key
422JSON API error objectMalformed request body (missing attributes, wrong types, etc.)
403JSON API error objectForbidden - not available for public providers
404JSON API error objectGPG key not found or user not authorized

Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request DELETE \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129
Edit this page on GitHub

On this page

  1. GPG Keys API
  2. List GPG Keys
  3. Add a GPG Key
  4. Get GPG Key
  5. Update a GPG Key
  6. Delete a GPG Key
Give Feedback(opens in new tab)
  • Certifications
  • System Status
  • Terms of Use
  • Security
  • Privacy
  • Trademark Policy
  • Trade Controls
  • Give Feedback(opens in new tab)