Terraform
GPG Keys API
These endpoints are only relevant to private providers. When you publish a private provider to the Terraform Cloud private registry, you must upload the public key of the GPG keypair used to sign the release. Refer to Preparing and Adding a Signing Key for more details.
You need owners team or Manage Private Registry permissions to add, update, or delete GPG keys in a private registry.
List GPG Keys
GET /api/registry/:registry_name/v2/gpg-keys
Parameters
| Parameter | Description |
|---|---|
:registry_name | Must be private. |
Query Parameters
This endpoint supports pagination with standard URL query parameters. Remember to percent-encode [ as %5B and ] as %5D if your tooling does not automatically encode URLs.
| Parameter | Description |
|---|---|
filter[namespace] | Required. A comma-separated list of one or more namespaces. The namespaces must be authorized TFC/TFE organization names. |
page[number] | Optional. If omitted, the endpoint returns the first page. |
page[size] | Optional. If omitted, the endpoint returns 20 GPG keys per page. |
Gets a list of GPG keys belonging to the specified namespaces.
| Status | Response | Reason |
|---|---|---|
| 200 | JSON API document (type: "gpg-keys") | Successfully fetched GPG keys |
| 400 | JSON API error object | Error - missing namespaces in request |
| 403 | JSON API error object | Forbidden - no authorized namespaces specified in request |
Sample Request
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request GET \
"https://app.terraform.io/api/registry/private/v2/gpg-keys?filter%5Bnamespace%5D=my-organization,my-other-organization"
Sample Response
{
"data": [
{
"type": "gpg-keys",
"id": "1",
"attributes": {
"ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----...",
"created-at": "2022-02-08T19:15:47Z",
"key-id": "C4E5E6C66C79C778",
"namespace": "my-other-organization",
"source": "",
"source-url": null,
"trust-signature": "",
"updated-at": "2022-02-08T19:15:47Z"
},
"links": {
"self": "/v2/gpg-keys/1"
}
},
{
"type": "gpg-keys",
"id": "140",
"attributes": {
"ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----...",
"created-at": "2022-04-28T21:32:11Z",
"key-id": "C4E5E6C66C79C778",
"namespace": "my-organization",
"source": "",
"source-url": null,
"trust-signature": "",
"updated-at": "2022-04-28T21:32:11Z"
},
"links": {
"self": "/v2/gpg-keys/140"
}
}
],
"links": {
"first": "/v2/gpg-keys?filter%5Bnamespace%5D=my-organization%2Cmy-other-organization&page%5Bnumber%5D=1&page%5Bsize%5D=15",
"last": "/v2/gpg-keys?filter%5Bnamespace%5D=my-organization%2Cmy-other-organization&page%5Bnumber%5D=1&page%5Bsize%5D=15",
"next": null,
"prev": null
},
"meta": {
"pagination": {
"page-size": 15,
"current-page": 1,
"next-page": null,
"prev-page": null,
"total-pages": 1,
"total-count": 2
}
}
}
Add a GPG Key
POST /api/registry/:registry_name/v2/gpg-keys
Parameters
| Parameter | Description |
|---|---|
:registry_name | Must be private. |
Uploads a GPG Key to a private registry scoped with a namespace. The response will provide a "key-id", which is required to Create a Provider Version.
| Status | Response | Reason |
|---|---|---|
| 201 | JSON API document (type: "gpg-keys") | Successfully uploads a GPG key to a private provider |
| 422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
| 403 | JSON API error object | Forbidden - not available for public providers |
| 404 | JSON API error object | User not authorized |
Request Body
This POST endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
| Key path | Type | Default | Description |
|---|---|---|---|
data.type | string | Must be "gpg-keys". | |
data.attributes.namespace | string | The namespace of the provider. Must be the same as the organization_name for the provider. | |
data.attributes.ascii-armor | string | A valid gpg-key string. |
Sample Payload
{
"data": {
"type": "gpg-keys",
"attributes": {
"namespace": "hashicorp",
"ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n"
} }
}
Sample Request
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request POST \
--data @payload.json \
https://app.terraform.io/api/registry/private/v2/gpg-keys
Sample Response
{
"data": {
"type": "gpg-keys",
"id": "23",
"attributes": {
"ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
"created-at": "2022-02-11T19:16:59Z",
"key-id": "32966F3FB5AC1129",
"namespace": "hashicorp",
"source": "",
"source-url": null,
"trust-signature": "",
"updated-at": "2022-02-11T19:16:59Z"
},
"links": {
"self": "/v2/gpg-keys/23"
}
}
}
Get GPG Key
GET /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id
Parameters
| Parameter | Description |
|---|---|
:registry_name | Must be private. |
:namespace | The namespace of the provider scoped to the GPG key. |
:key_id | The id of the GPG key. |
Gets the content of a GPG key.
| Status | Response | Reason |
|---|---|---|
| 200 | JSON API document (type: "gpg-keys") | Successfully fetched GPG key |
| 403 | JSON API error object | Forbidden - not available for public providers |
| 404 | JSON API error object | GPG key not found or user not authorized |
Sample Request
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request GET \
https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129
Sample Response
"data": {
"type": "gpg-keys",
"id": "2",
"attributes": {
"ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
"created-at": "2022-02-24T17:07:25Z",
"key-id": "32966F3FB5AC1129",
"namespace": "hashicorp",
"source": "",
"source-url": null,
"trust-signature": "",
"updated-at": "2022-02-24T17:07:25Z"
},
"links": {
"self": "/v2/gpg-keys/2"
}
}
}
Update a GPG Key
PATCH /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id
Parameters
| Parameter | Description |
|---|---|
:registry_name | Must be private. |
:namespace | The namespace of the provider scoped to the GPG key. |
:key_id | The id of the GPG key. |
Updates the specified GPG key. Only the namespace attribute can be updated, and namespace has to match an organization the user has permission to access.
| Status | Response | Reason |
|---|---|---|
| 201 | JSON API document (type: "gpg-keys") | Successfully updates a GPG key |
| 422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
| 403 | JSON API error object | Forbidden - not available for public providers |
| 404 | JSON API error object | GPG key not found or user not authorized |
Request Body
This PATCH endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
| Key path | Type | Default | Description |
|---|---|---|---|
data.type | string | Must be "gpg-keys". | |
data.attributes.namespace | string | The namespace of the provider. Must be the same as the organization_name for the provider. |
Sample Payload
{
"data": {
"type": "gpg-keys",
"attributes": {
"namespace": "new-namespace",
}
}
}
Sample Request
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request PATCH \
--data @payload.json \
https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129
Sample Response
{
"data": {
"type": "gpg-keys",
"id": "2",
"attributes": {
"ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
"created-at": "2022-02-24T17:07:25Z",
"key-id": "32966F3FB5AC1129",
"namespace": "new-name",
"source": "",
"source-url": null,
"trust-signature": "",
"updated-at": "2022-02-24T17:12:10Z"
},
"links": {
"self": "/v2/gpg-keys/2"
}
}
}
Delete a GPG Key
DELETE /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id
Parameters
| Parameter | Description |
|---|---|
:registry_name | Must be private. |
:namespace | The namespace of the provider scoped to the GPG key. |
:key_id | The id of the GPG key. |
| Status | Response | Reason |
|---|---|---|
| 201 | JSON API document (type: "gpg-keys") | Successfully deletes a GPG key |
| 422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
| 403 | JSON API error object | Forbidden - not available for public providers |
| 404 | JSON API error object | GPG key not found or user not authorized |
Sample Request
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request DELETE \
--data @payload.json \
https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129