HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
Terraform
Terraform Home

You are viewing documentation for version v202502-1. View latest version.

GPG keys API reference

These endpoints are only relevant to private providers. When you publish a private provider to the HCP Terraform private registry, you must upload the public key of the GPG key-pair that you used to sign the release. The HCP Terraform registry supports RSA or DSA formatted GPG keys. Refer to Preparing and adding a signing key for more details.

You need owners team or Manage Private Registry permissions to add, update, or delete GPG keys in a private registry.

List GPG Keys

GET /api/registry/:registry_name/v2/gpg-keys

Parameters

ParameterDescription
:registry_nameMust be private.

Query Parameters

This endpoint supports pagination with standard URL query parameters. Remember to percent-encode [ as %5B and ] as %5D if your tooling does not automatically encode URLs.

ParameterDescription
filter[namespace]Required. A comma-separated list of one or more namespaces. The namespaces must be an authorized HCP Terraform or Terraform Enterprise organization name.
page[number]Optional. If omitted, the endpoint returns the first page.
page[size]Optional. If omitted, the endpoint returns 20 GPG keys per page.

Gets a list of GPG keys belonging to the specified namespaces.

StatusResponseReason
200JSON API document (type: "gpg-keys")Successfully fetched GPG keys
400JSON API error objectError - missing namespaces in request
403JSON API error objectForbidden - no authorized namespaces specified in request

Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request GET \
  "https://app.terraform.io/api/registry/private/v2/gpg-keys?filter%5Bnamespace%5D=my-organization,my-other-organization"

Sample Response

{
  "data": [
    {
      "type": "gpg-keys",
      "id": "1",
      "attributes": {
        "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----...",
        "created-at": "2022-02-08T19:15:47Z",
        "key-id": "C4E5E6C66C79C778",
        "namespace": "my-other-organization",
        "source": "",
        "source-url": null,
        "trust-signature": "",
        "updated-at": "2022-02-08T19:15:47Z"
      },
      "links": {
        "self": "/v2/gpg-keys/1"
      }
    },
    {
      "type": "gpg-keys",
      "id": "140",
      "attributes": {
        "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----...",
        "created-at": "2022-04-28T21:32:11Z",
        "key-id": "C4E5E6C66C79C778",
        "namespace": "my-organization",
        "source": "",
        "source-url": null,
        "trust-signature": "",
        "updated-at": "2022-04-28T21:32:11Z"
      },
      "links": {
        "self": "/v2/gpg-keys/140"
      }
    }
  ],
  "links": {
    "first": "/v2/gpg-keys?filter%5Bnamespace%5D=my-organization%2Cmy-other-organization&page%5Bnumber%5D=1&page%5Bsize%5D=15",
    "last": "/v2/gpg-keys?filter%5Bnamespace%5D=my-organization%2Cmy-other-organization&page%5Bnumber%5D=1&page%5Bsize%5D=15",
    "next": null,
    "prev": null
  },
  "meta": {
    "pagination": {
      "page-size": 15,
      "current-page": 1,
      "next-page": null,
      "prev-page": null,
      "total-pages": 1,
      "total-count": 2
    }
  }
}

Add a GPG Key

POST /api/registry/:registry_name/v2/gpg-keys

Parameters

ParameterDescription
:registry_nameMust be private.

Uploads a GPG Key to a private registry scoped with a namespace. The response will provide a "key-id", which is required to Create a Provider Version.

StatusResponseReason
201JSON API document (type: "gpg-keys")Successfully uploads a GPG key to a private provider
422JSON API error objectMalformed request body (missing attributes, wrong types, etc.)
403JSON API error objectForbidden - not available for public providers
404JSON API error objectUser not authorized

Request Body

This POST endpoint requires a JSON object with the following properties as a request payload.

Properties without a default value are required.

Key pathTypeDefaultDescription
data.typestringMust be "gpg-keys".
data.attributes.namespacestringThe namespace of the provider. Must be the same as the organization_name for the provider.
data.attributes.ascii-armorstringA valid gpg-key string.

Sample Payload

{
  "data": {
    "type": "gpg-keys",
    "attributes": {
      "namespace": "hashicorp",
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n"
    }  }
}

Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request POST \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys

Sample Response

{
  "data": {
    "type": "gpg-keys",
    "id": "23",
    "attributes": {
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "created-at": "2022-02-11T19:16:59Z",
      "key-id": "32966F3FB5AC1129",
      "namespace": "hashicorp",
      "source": "",
      "source-url": null,
      "trust-signature": "",
      "updated-at": "2022-02-11T19:16:59Z"
    },
    "links": {
      "self": "/v2/gpg-keys/23"
    }
  }
}

Get GPG Key

GET /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id

Parameters

ParameterDescription
:registry_nameMust be private.
:namespaceThe namespace of the provider scoped to the GPG key.
:key_idThe id of the GPG key.

Gets the content of a GPG key.

StatusResponseReason
200JSON API document (type: "gpg-keys")Successfully fetched GPG key
403JSON API error objectForbidden - not available for public providers
404JSON API error objectGPG key not found or user not authorized

Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request GET \
  https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129

Sample Response

{
  "data": {
    "type": "gpg-keys",
    "id": "2",
    "attributes": {
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "created-at": "2022-02-24T17:07:25Z",
      "key-id": "32966F3FB5AC1129",
      "namespace": "hashicorp",
      "source": "",
      "source-url": null,
      "trust-signature": "",
      "updated-at": "2022-02-24T17:07:25Z"
    },
    "links": {
      "self": "/v2/gpg-keys/2"
    }
  }
}

Update a GPG Key

PATCH /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id

Parameters

ParameterDescription
:registry_nameMust be private.
:namespaceThe namespace of the provider scoped to the GPG key.
:key_idThe id of the GPG key.

Updates the specified GPG key. Only the namespace attribute can be updated, and namespace has to match an organization the user has permission to access.

StatusResponseReason
201JSON API document (type: "gpg-keys")Successfully updates a GPG key
422JSON API error objectMalformed request body (missing attributes, wrong types, etc.)
403JSON API error objectForbidden - not available for public providers
404JSON API error objectGPG key not found or user not authorized

Request Body

This PATCH endpoint requires a JSON object with the following properties as a request payload.

Properties without a default value are required.

Key pathTypeDefaultDescription
data.typestringMust be "gpg-keys".
data.attributes.namespacestringThe namespace of the provider. Must be the same as the organization_name for the provider.

Sample Payload

{
  "data": {
    "type": "gpg-keys",
    "attributes": {
      "namespace": "new-namespace",
    }
  }
}

Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request PATCH \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129

Sample Response

{
  "data": {
    "type": "gpg-keys",
    "id": "2",
    "attributes": {
      "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n",
      "created-at": "2022-02-24T17:07:25Z",
      "key-id": "32966F3FB5AC1129",
      "namespace": "new-name",
      "source": "",
      "source-url": null,
      "trust-signature": "",
      "updated-at": "2022-02-24T17:12:10Z"
    },
    "links": {
      "self": "/v2/gpg-keys/2"
    }
  }
}

Delete a GPG Key

DELETE /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id

Parameters

ParameterDescription
:registry_nameMust be private.
:namespaceThe namespace of the provider scoped to the GPG key.
:key_idThe id of the GPG key.
StatusResponseReason
201JSON API document (type: "gpg-keys")Successfully deletes a GPG key
422JSON API error objectMalformed request body (missing attributes, wrong types, etc.)
403JSON API error objectForbidden - not available for public providers
404JSON API error objectGPG key not found or user not authorized

Sample Request

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request DELETE \
  --data @payload.json \
  https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129
Edit this page on GitHub