GPG keys API reference
These endpoints are only relevant to private providers. When you publish a private provider to the HCP Terraform private registry, you must upload the public key of the GPG keypair used to sign the release. Refer to Preparing and Adding a Signing Key for more details.
You need owners team or Manage Private Registry permissions to add, update, or delete GPG keys in a private registry.
List GPG Keys
GET /api/registry/:registry_name/v2/gpg-keys
Parameters
Parameter | Description |
---|---|
:registry_name | Must be private . |
Query Parameters
This endpoint supports pagination with standard URL query parameters. Remember to percent-encode [
as %5B
and ]
as %5D
if your tooling does not automatically encode URLs.
Parameter | Description |
---|---|
filter[namespace] | Required. A comma-separated list of one or more namespaces. The namespaces must be an authorized HCP Terraform or Terraform Enterprise organization name. |
page[number] | Optional. If omitted, the endpoint returns the first page. |
page[size] | Optional. If omitted, the endpoint returns 20 GPG keys per page. |
Gets a list of GPG keys belonging to the specified namespaces.
Status | Response | Reason |
---|---|---|
200 | JSON API document (type: "gpg-keys" ) | Successfully fetched GPG keys |
400 | JSON API error object | Error - missing namespaces in request |
403 | JSON API error object | Forbidden - no authorized namespaces specified in request |
Sample Request
curl \ --header "Authorization: Bearer $TOKEN" \ --header "Content-Type: application/vnd.api+json" \ --request GET \ "https://app.terraform.io/api/registry/private/v2/gpg-keys?filter%5Bnamespace%5D=my-organization,my-other-organization"
Sample Response
{ "data": [ { "type": "gpg-keys", "id": "1", "attributes": { "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----...", "created-at": "2022-02-08T19:15:47Z", "key-id": "C4E5E6C66C79C778", "namespace": "my-other-organization", "source": "", "source-url": null, "trust-signature": "", "updated-at": "2022-02-08T19:15:47Z" }, "links": { "self": "/v2/gpg-keys/1" } }, { "type": "gpg-keys", "id": "140", "attributes": { "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----...", "created-at": "2022-04-28T21:32:11Z", "key-id": "C4E5E6C66C79C778", "namespace": "my-organization", "source": "", "source-url": null, "trust-signature": "", "updated-at": "2022-04-28T21:32:11Z" }, "links": { "self": "/v2/gpg-keys/140" } } ], "links": { "first": "/v2/gpg-keys?filter%5Bnamespace%5D=my-organization%2Cmy-other-organization&page%5Bnumber%5D=1&page%5Bsize%5D=15", "last": "/v2/gpg-keys?filter%5Bnamespace%5D=my-organization%2Cmy-other-organization&page%5Bnumber%5D=1&page%5Bsize%5D=15", "next": null, "prev": null }, "meta": { "pagination": { "page-size": 15, "current-page": 1, "next-page": null, "prev-page": null, "total-pages": 1, "total-count": 2 } }}
Add a GPG Key
POST /api/registry/:registry_name/v2/gpg-keys
Parameters
Parameter | Description |
---|---|
:registry_name | Must be private . |
Uploads a GPG Key to a private registry scoped with a namespace. The response will provide a "key-id", which is required to Create a Provider Version.
Status | Response | Reason |
---|---|---|
201 | JSON API document (type: "gpg-keys" ) | Successfully uploads a GPG key to a private provider |
422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
403 | JSON API error object | Forbidden - not available for public providers |
404 | JSON API error object | User not authorized |
Request Body
This POST endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
Key path | Type | Default | Description |
---|---|---|---|
data.type | string | Must be "gpg-keys" . | |
data.attributes.namespace | string | The namespace of the provider. Must be the same as the organization_name for the provider. | |
data.attributes.ascii-armor | string | A valid gpg-key string. |
Sample Payload
{ "data": { "type": "gpg-keys", "attributes": { "namespace": "hashicorp", "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n" } }}
Sample Request
curl \ --header "Authorization: Bearer $TOKEN" \ --header "Content-Type: application/vnd.api+json" \ --request POST \ --data @payload.json \ https://app.terraform.io/api/registry/private/v2/gpg-keys
Sample Response
{ "data": { "type": "gpg-keys", "id": "23", "attributes": { "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n", "created-at": "2022-02-11T19:16:59Z", "key-id": "32966F3FB5AC1129", "namespace": "hashicorp", "source": "", "source-url": null, "trust-signature": "", "updated-at": "2022-02-11T19:16:59Z" }, "links": { "self": "/v2/gpg-keys/23" } }}
Get GPG Key
GET /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id
Parameters
Parameter | Description |
---|---|
:registry_name | Must be private . |
:namespace | The namespace of the provider scoped to the GPG key. |
:key_id | The id of the GPG key. |
Gets the content of a GPG key.
Status | Response | Reason |
---|---|---|
200 | JSON API document (type: "gpg-keys" ) | Successfully fetched GPG key |
403 | JSON API error object | Forbidden - not available for public providers |
404 | JSON API error object | GPG key not found or user not authorized |
Sample Request
curl \ --header "Authorization: Bearer $TOKEN" \ --header "Content-Type: application/vnd.api+json" \ --request GET \ https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129
Sample Response
{ "data": { "type": "gpg-keys", "id": "2", "attributes": { "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n", "created-at": "2022-02-24T17:07:25Z", "key-id": "32966F3FB5AC1129", "namespace": "hashicorp", "source": "", "source-url": null, "trust-signature": "", "updated-at": "2022-02-24T17:07:25Z" }, "links": { "self": "/v2/gpg-keys/2" } }}
Update a GPG Key
PATCH /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id
Parameters
Parameter | Description |
---|---|
:registry_name | Must be private . |
:namespace | The namespace of the provider scoped to the GPG key. |
:key_id | The id of the GPG key. |
Updates the specified GPG key. Only the namespace
attribute can be updated, and namespace
has to match an organization
the user has permission to access.
Status | Response | Reason |
---|---|---|
201 | JSON API document (type: "gpg-keys" ) | Successfully updates a GPG key |
422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
403 | JSON API error object | Forbidden - not available for public providers |
404 | JSON API error object | GPG key not found or user not authorized |
Request Body
This PATCH endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
Key path | Type | Default | Description |
---|---|---|---|
data.type | string | Must be "gpg-keys" . | |
data.attributes.namespace | string | The namespace of the provider. Must be the same as the organization_name for the provider. |
Sample Payload
{ "data": { "type": "gpg-keys", "attributes": { "namespace": "new-namespace", } }}
Sample Request
curl \ --header "Authorization: Bearer $TOKEN" \ --header "Content-Type: application/vnd.api+json" \ --request PATCH \ --data @payload.json \ https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129
Sample Response
{ "data": { "type": "gpg-keys", "id": "2", "attributes": { "ascii-armor": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINB...=txfz\n-----END PGP PUBLIC KEY BLOCK-----\n", "created-at": "2022-02-24T17:07:25Z", "key-id": "32966F3FB5AC1129", "namespace": "new-name", "source": "", "source-url": null, "trust-signature": "", "updated-at": "2022-02-24T17:12:10Z" }, "links": { "self": "/v2/gpg-keys/2" } }}
Delete a GPG Key
DELETE /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id
Parameters
Parameter | Description |
---|---|
:registry_name | Must be private . |
:namespace | The namespace of the provider scoped to the GPG key. |
:key_id | The id of the GPG key. |
Status | Response | Reason |
---|---|---|
201 | JSON API document (type: "gpg-keys" ) | Successfully deletes a GPG key |
422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
403 | JSON API error object | Forbidden - not available for public providers |
404 | JSON API error object | GPG key not found or user not authorized |
Sample Request
curl \ --header "Authorization: Bearer $TOKEN" \ --header "Content-Type: application/vnd.api+json" \ --request DELETE \ --data @payload.json \ https://app.terraform.io/api/registry/private/v2/gpg-keys/hashicorp/32966F3FB5AC1129