Keys
This part of the API is the means by which you operate on your SSH/signing keys.
This part of the API is the means by which you operate on your SSH/signing keys. These keys are needed in order to login to instances over SSH, as well as signing requests to this API (see the HTTP Signature Authentication Scheme outlined in Appendix B for more details).
Currently CloudAPI supports uploads of public keys in the OpenSSH format.
Note that while it's possible to provide a name
attribute for an SSH key in order to use it as a human-friendly alias, this attribute's presence is optional. When it's not provided, the ssh key fingerprint will be used as the name
instead.
Keys can optionally be submitted along with a hardware attestation certificate signed by a trusted hardware manufacturer, which will be validated and processed. Keys generated in hardware devices which require some form of multi-factor authentication to sign requests (e.g. the device requires a PIN or Touch input) are marked by this mechanism and may be specially treated by Triton and Manta as providing a kind of 2-factor authentication (depending on administrator policy).
For the following routes, the parameter placeholder :key
can be replaced with with either the key's name
or its fingerprint
. It's strongly recommended to use fingerprint
when possible, since the name
attribute does not have any uniqueness constraints.
ListKeys (GET /:login/keys)
Lists all public keys we have on record for the specified account.
Inputs
None
Returns
Array of key objects. Each key object has the following fields:
Field | Type | Description |
name | String | Name for this key |
fingerprint | String | Key fingerprint |
key | String | Public key in OpenSSH format |
attested | Boolean | Indicates if the key has a hardware device attestation |
multifactor | Array[String] | Lists any additional factors required to use (if attested) |
Possible multifactor
values:
Value | Meaning |
pin | Input of a PIN or password is required for key use |
touch | Touch input (not authenticated -- i.e. not a fingerprint) is required for key use |
Errors
For all possible errors, see CloudAPI HTTP Responses.
Error Code | Description |
ResourceNotFound | If |
CLI Command
Example Request
Example Response
GetKey (GET /:login/keys/:key)
Retrieves the record for an individual key.
Inputs
None
Returns
Field | Type | Description |
name | String | Name for this key |
fingerprint | String | Key fingerprint |
key | String | OpenSSH formatted public key |
attested | Boolean | Indicates if the key has a hardware device attestation |
multifactor | Array[String] | Lists any additional factors required to use (if attested) |
Possible multifactor
values:
Value | Meaning |
pin | Input of a PIN or password is required for key use |
touch | Touch input (not authenticated -- i.e. not a fingerprint) is required for key use |
Errors
For all possible errors, see CloudAPI HTTP Responses.
Error Code | Description |
ResourceNotFound | If |
CLI Command
or
Example Request
Example Response
CreateKey (POST /:login/keys)
Uploads a new OpenSSH key to Triton for use in HTTP signing and SSH.
Inputs
Field | Type | Description |
name | String | Name for this key (optional) |
key | String | OpenSSH formatted public key |
attestation | Array of String | PEM formatted attestation certificates |
Returns
Field | Type | Description |
name | String | Name for this key |
fingerprint | String | Key fingerprint |
key | String | OpenSSH formatted public key |
attested | Boolean | Indicates if the key has a hardware device attestation |
multifactor | Array[String] | Lists any additional factors required to use (if attested) |
Errors
For all possible errors, see CloudAPI HTTP Responses.
Error Code | Description |
InvalidArgument | If name or key is invalid (usually key) |
MissingParameter | If you didn't send a key |
ResourceNotFound | If |
CLI Command
or
Example Request
Example Response
DeleteKey (DELETE /:login/keys/:key)
Deletes a single SSH key, by name or fingerprint.
Inputs
None
Returns
None
Errors
For all possible errors, see CloudAPI HTTP Responses.
Error Code | Description |
ResourceNotFound | If |
CLI Command
or
Example Request
Example Response
Last updated