Keys
This part of the API is the means by which you operate on your SSH/signing keys.
Last updated
This part of the API is the means by which you operate on your SSH/signing keys.
Last updated
This part of the API is the means by which you operate on your SSH/signing keys. These keys are needed in order to login to instances over SSH, as well as signing requests to this API (see the HTTP Signature Authentication Scheme outlined in Appendix B for more details).
Currently CloudAPI supports uploads of public keys in the OpenSSH format.
Note that while it's possible to provide a name attribute for an SSH key in order to use it as a human-friendly alias, this attribute's presence is optional. When it's not provided, the ssh key fingerprint will be used as the name instead.
Keys can optionally be submitted along with a hardware attestation certificate signed by a trusted hardware manufacturer, which will be validated and processed. Keys generated in hardware devices which require some form of multi-factor authentication to sign requests (e.g. the device requires a PIN or Touch input) are marked by this mechanism and may be specially treated by Triton and Manta as providing a kind of 2-factor authentication (depending on administrator policy).
For the following routes, the parameter placeholder :key can be replaced with with either the key's name or its fingerprint. It's strongly recommended to use fingerprint when possible, since the name attribute does not have any uniqueness constraints.
Lists all public keys we have on record for the specified account.
None
Array of key objects. Each key object has the following fields:
Possible multifactor values:
For all possible errors, see CloudAPI HTTP Responses.
Retrieves the record for an individual key.
None
Possible multifactor values:
For all possible errors, see CloudAPI HTTP Responses.
or
Uploads a new OpenSSH key to Triton for use in HTTP signing and SSH.
For all possible errors, see CloudAPI HTTP Responses.
or
Deletes a single SSH key, by name or fingerprint.
None
None
For all possible errors, see CloudAPI HTTP Responses.
or
Example Request
Example Response
Field
Type
Description
name
String
Name for this key
fingerprint
String
Key fingerprint
key
String
Public key in OpenSSH format
attested
Boolean
Indicates if the key has a hardware device attestation
multifactor
Array[String]
Lists any additional factors required to use (if attested)
Value
Meaning
pin
Input of a PIN or password is required for key use
touch
Touch input (not authenticated -- i.e. not a fingerprint) is required for key use
Error Code
Description
ResourceNotFound
If :login does not exist
Field
Type
Description
name
String
Name for this key
fingerprint
String
Key fingerprint
key
String
OpenSSH formatted public key
attested
Boolean
Indicates if the key has a hardware device attestation
multifactor
Array[String]
Lists any additional factors required to use (if attested)
Value
Meaning
pin
Input of a PIN or password is required for key use
touch
Touch input (not authenticated -- i.e. not a fingerprint) is required for key use
Error Code
Description
ResourceNotFound
If :login or :key does not exist
Field
Type
Description
name
String
Name for this key (optional)
key
String
OpenSSH formatted public key
attestation
Array of String
PEM formatted attestation certificates
Field
Type
Description
name
String
Name for this key
fingerprint
String
Key fingerprint
key
String
OpenSSH formatted public key
attested
Boolean
Indicates if the key has a hardware device attestation
multifactor
Array[String]
Lists any additional factors required to use (if attested)
Error Code
Description
InvalidArgument
If name or key is invalid (usually key)
MissingParameter
If you didn't send a key
ResourceNotFound
If :login does not exist
Error Code
Description
ResourceNotFound
If :login or :key does not exist