Creating private key credentials

A private key credential lets you store a private key which can be used for public/private key authentication. Private key credentials are commonly used to authenticate with devices or applications over SSH.

Supported key formats (in either PEM or Putty format) are:

  • RSA
  • DSA
  • ECDSA
  • ED25519

When you create a new private key credential, you'll copy and paste the entire contents of your private key file into Aperture, being careful not to add or remove any portion of the contents.

Example contents of a PEM formatted private key file

-----BEGIN RSA PRIVATE KEY-----

MIIBOQIBAAJBAIOLepgdqXJ5gSA12jcjBrM07O4dV/neBXK5mZO7Gc778HuvhJi+

Rv2EuN9sHPx1iQqqhSi8aCuXuS1vpQJATRDbCuFuqvYiUCAwEAAd2EbFxGXNxhjL

loj/Fc3a6UE8GeifbCAQsptSPIT5vhcudZgWFoeydDUIJjWEMDSXrIn79nXvyPy5

BQIhAPU+XwrLGy0Hd4Roug+9IRMrlu0gtSvTJRWQ/b7m0fbfAiEAiVB7bUMynZf4

SwVJ8NAF4AUxnPjEp8D23sCIA3ZcNqWL7myQ0CZ/W/oikBmYxOJPGVcQzhwkDbck

3GJEZuAB/s9BuKgkCdhlrtlM6/7E+y1p++VU6bh2+vd3AiASmnvOZmI8ZwIgf4Qh

u+zYCJfIjtJJpH1lHZW+A60iThKtezaCk7FiAC4=

-----END RSA PRIVATE KEY-----

In this example, you'd copy everything from -----BEGIN RSA PRIVATE KEY----- down through -----END RSA PRIVATE KEY-----.

Example contents of a Putty-formatted private key file

PuTTY-User-Key-File-2: ssh-ed25519

Encryption: none

Comment: ed25519-key-20200313

Public-Lines: 2

AAAAC3NzaC15AAAAIM25yKbNXPlZDI1NTETGRZxFkSjyu71LmjYNWctZjUaZgDQb

XoKd

Private-Lines: 1

AAAAIHSoRtc/JPIDUZwBHs3Pq0ykTJM1V8gg+P3Z96Z6Vi+s

Private-MAC: 61f8b9e52e3238feb16e04fb3bfa400bd2ec8334

TIP  Before you begin, locate and open your private key file in a text editor so that you can copy and paste it's contents in Aperture during the following procedure.

To create a private key credential

  1. From the TLS Protect menu bar, click Inventory > Credentials, and then click Create a New Credential.
  2. Click the Credential Type list and select Private Key.

  3. Click Folder and select the policy folder in which to create your new credential.
  4. In Credential Name, type a unique name for the new credential object, and then click Create and Configure.

  1. In the Edit Credential Settings box, type the username that's associated with the private key you'll use to create your new private key credential.

  2. (Conditional) If you're using an encrypted private key, then in Password for Private Key, type the associated password.
  3. In Private Key File Contents, copy and paste the entire contents from your private key file, making sure that you copy all of it's contents.

    See Example contents of a PEM formatted private key file .

  1. (Optional) In Description, type a description of your new credential.

    A strong description can be useful in helping other administrators better understand the purpose of your new object (such as certificates, jobs, credentials, devices, trust stores, etc.), or to remind yourself later why you created it.

  2. (Optional) Click Contacts and select one or more users or groups to whom you want default system notifications to be sent.

    The default contact is the master administrator.

    For more information about selecting contacts in Trust Protection Platform, see Specifying who should get default system notifications.

  1. When you're finished, click Save.

If at some point you need to replace the private key applied to a private key credential, see Replacing a private key credential's private key.