GPG keys API reference
These endpoints are only relevant to private providers. When you publish a private provider to the HCP Terraform private registry, you must upload the public key of the GPG keypair used to sign the release. Refer to Preparing and Adding a Signing Key for more details.
You need owners team or Manage Private Registry permissions to add, update, or delete GPG keys in a private registry.
List GPG Keys
GET /api/registry/:registry_name/v2/gpg-keys
Parameters
Parameter | Description |
---|---|
:registry_name | Must be private . |
Query Parameters
This endpoint supports pagination with standard URL query parameters. Remember to percent-encode [
as %5B
and ]
as %5D
if your tooling does not automatically encode URLs.
Parameter | Description |
---|---|
filter[namespace] | Required. A comma-separated list of one or more namespaces. The namespaces must be an authorized HCP Terraform or Terraform Enterprise organization name. |
page[number] | Optional. If omitted, the endpoint returns the first page. |
page[size] | Optional. If omitted, the endpoint returns 20 GPG keys per page. |
Gets a list of GPG keys belonging to the specified namespaces.
Status | Response | Reason |
---|---|---|
200 | JSON API document (type: "gpg-keys" ) | Successfully fetched GPG keys |
400 | JSON API error object | Error - missing namespaces in request |
403 | JSON API error object | Forbidden - no authorized namespaces specified in request |
Sample Request
Sample Response
Add a GPG Key
POST /api/registry/:registry_name/v2/gpg-keys
Parameters
Parameter | Description |
---|---|
:registry_name | Must be private . |
Uploads a GPG Key to a private registry scoped with a namespace. The response will provide a "key-id", which is required to Create a Provider Version.
Status | Response | Reason |
---|---|---|
201 | JSON API document (type: "gpg-keys" ) | Successfully uploads a GPG key to a private provider |
422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
403 | JSON API error object | Forbidden - not available for public providers |
404 | JSON API error object | User not authorized |
Request Body
This POST endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
Key path | Type | Default | Description |
---|---|---|---|
data.type | string | Must be "gpg-keys" . | |
data.attributes.namespace | string | The namespace of the provider. Must be the same as the organization_name for the provider. | |
data.attributes.ascii-armor | string | A valid gpg-key string. |
Sample Payload
Sample Request
Sample Response
Get GPG Key
GET /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id
Parameters
Parameter | Description |
---|---|
:registry_name | Must be private . |
:namespace | The namespace of the provider scoped to the GPG key. |
:key_id | The id of the GPG key. |
Gets the content of a GPG key.
Status | Response | Reason |
---|---|---|
200 | JSON API document (type: "gpg-keys" ) | Successfully fetched GPG key |
403 | JSON API error object | Forbidden - not available for public providers |
404 | JSON API error object | GPG key not found or user not authorized |
Sample Request
Sample Response
Update a GPG Key
PATCH /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id
Parameters
Parameter | Description |
---|---|
:registry_name | Must be private . |
:namespace | The namespace of the provider scoped to the GPG key. |
:key_id | The id of the GPG key. |
Updates the specified GPG key. Only the namespace
attribute can be updated, and namespace
has to match an organization
the user has permission to access.
Status | Response | Reason |
---|---|---|
201 | JSON API document (type: "gpg-keys" ) | Successfully updates a GPG key |
422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
403 | JSON API error object | Forbidden - not available for public providers |
404 | JSON API error object | GPG key not found or user not authorized |
Request Body
This PATCH endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
Key path | Type | Default | Description |
---|---|---|---|
data.type | string | Must be "gpg-keys" . | |
data.attributes.namespace | string | The namespace of the provider. Must be the same as the organization_name for the provider. |
Sample Payload
Sample Request
Sample Response
Delete a GPG Key
DELETE /api/registry/:registry_name/v2/gpg-keys/:namespace/:key_id
Parameters
Parameter | Description |
---|---|
:registry_name | Must be private . |
:namespace | The namespace of the provider scoped to the GPG key. |
:key_id | The id of the GPG key. |
Status | Response | Reason |
---|---|---|
201 | JSON API document (type: "gpg-keys" ) | Successfully deletes a GPG key |
422 | JSON API error object | Malformed request body (missing attributes, wrong types, etc.) |
403 | JSON API error object | Forbidden - not available for public providers |
404 | JSON API error object | GPG key not found or user not authorized |
Sample Request