Terraform
GPG Keys API
These endpoints are only relevant to private providers. When you publish a private provider to the Terraform Cloud private registry, you must upload the public key of the GPG keypair used to sign the release. Refer to Preparing and Adding a Signing Key for more details.
You need owners team or Manage Private Registry permissions to add, update, or delete GPG keys in a private registry.
Add a GPG Key
POST /api/registry/:registry_name/v2/gpg-keys
Parameters
| Parameter | Description |
|---|---|
:registry_name | Must be private. |
Uploads a GPG Key to a private registry scoped with a namespace. The response will provide a "key-id", which is required to Create a Provider Version.
| Status | Response | Reason |
|---|---|---|
| 201 | JSON API document (type: "gpg-keys") | Successfully uploads a GPG key to a private provider |
| 422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
| 403 | JSON API error object | Forbidden - not available for public providers |
| 404 | JSON API error object | User not authorized |
Request Body
This POST endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
| Key path | Type | Default | Description |
|---|---|---|---|
data.type | string | Must be "gpg-keys". | |
data.attributes.namespace | string | The namespace of the provider. Must be the same as the organization_name for the provider. | |
data.attributes.ascii-armor | string | A valid gpg-key string. |
Sample Payload
{
"data": {
"type": "gpg-keys",
"attributes": {
"namespace": "hashicorp",
"ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n"
} }
}
Sample Request
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request POST \
--data @payload.json \
https://app.terraform.io/api/registry/private/v2/gpg-keys
Sample Response
{
"data": {
"type": "gpg-keys",
"id": "23",
"attributes": {
"ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
"created-at": "2022-02-11T19:16:59Z",
"key-id": "32966F3FB5AC1129",
"namespace": "hashicorp",
"source": "",
"source-url": null,
"trust-signature": "",
"updated-at": "2022-02-11T19:16:59Z"
},
"links": {
"self": "/v2/gpg-keys/23"
}
}
}
Get GPG Key
GET /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id
Parameters
| Parameter | Description |
|---|---|
:registry_name | Must be private. |
:namespace | The namespace of the provider scoped to the GPG key. |
:key_id | The id of the GPG key. |
Gets the content of a GPG key.
| Status | Response | Reason |
|---|---|---|
| 201 | JSON API document (type: "gpg-keys") | Successfully uppdates a GPG key |
| 422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
| 403 | JSON API error object | Forbidden - not available for public providers |
| 404 | JSON API error object | GPG key not found or user not authorized |
Sample Request
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request GET \
--data @payload.json \
https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129
Sample Response
"data": {
"type": "gpg-keys",
"id": "2",
"attributes": {
"ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
"created-at": "2022-02-24T17:07:25Z",
"key-id": "32966F3FB5AC1129",
"namespace": "hashicorp",
"source": "",
"source-url": null,
"trust-signature": "",
"updated-at": "2022-02-24T17:07:25Z"
},
"links": {
"self": "/v2/gpg-keys/2"
}
}
}
Update a GPG Key
PATCH /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id
Parameters
| Parameter | Description |
|---|---|
:registry_name | Must be private. |
:namespace | The namespace of the provider scoped to the GPG key. |
:key_id | The id of the GPG key. |
Updates the specified GPG key. Only the namespace attribute can be updated, and namespace has to match an organization the user has permission to access.
| Status | Response | Reason |
|---|---|---|
| 201 | JSON API document (type: "gpg-keys") | Successfully uppdates a GPG key |
| 422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
| 403 | JSON API error object | Forbidden - not available for public providers |
| 404 | JSON API error object | GPG key not found or user not authorized |
Request Body
This PATCH endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
| Key path | Type | Default | Description |
|---|---|---|---|
data.type | string | Must be "gpg-keys". | |
data.attributes.namespace | string | The namespace of the provider. Must be the same as the organization_name for the provider. |
Sample Payload
{
"data": {
"type": "gpg-keys",
"attributes": {
"namespace": "new-namespace",
}
}
}
Sample Request
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request PATCH \
--data @payload.json \
https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129
Sample Response
{
"data": {
"type": "gpg-keys",
"id": "2",
"attributes": {
"ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
"created-at": "2022-02-24T17:07:25Z",
"key-id": "32966F3FB5AC1129",
"namespace": "new-name",
"source": "",
"source-url": null,
"trust-signature": "",
"updated-at": "2022-02-24T17:12:10Z"
},
"links": {
"self": "/v2/gpg-keys/2"
}
}
}
Delete a GPG Key
DELETE /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id
Parameters
| Parameter | Description |
|---|---|
:registry_name | Must be private. |
:namespace | The namespace of the provider scoped to the GPG key. |
:key_id | The id of the GPG key. |
| Status | Response | Reason |
|---|---|---|
| 201 | JSON API document (type: "gpg-keys") | Successfully deletes a GPG key |
| 422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
| 403 | JSON API error object | Forbidden - not available for public providers |
| 404 | JSON API error object | GPG key not found or user not authorized |
Sample Request
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request DELETE \
--data @payload.json \
https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129