POST SSH/ExportSelfServiceAuthorizedKey

Downloads public keys with manual provisioning. This API call does not currently apply to downloads from Authorized_keys files.

Requirements

  • Permissions:  If the caller must have Owner permission of the key. The permissions automatically set on the created virtual device object. Otherwise, the caller must have Read permission and Private Key Read permission to the policy folder
  • Token scope:  SSH

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

KeyId The identifier of key to download from Trust Protection Platform. To get the KeyId, call GET SSH/KeysetDetails.
Format (Optional) Format of the key material:

OpenSSH, PuTTY, SSH2, or Tectia.

(only for private keys). If format is not specified, the value is taken from the policy. If the policy format is not specified, the default is OpenSSH.

Returns

For valid requests, SSH/ExportSelfServiceAuthorizedKey returns a HTTP 200 message and the following data in the message body:

Response description

Name

Description

KeyMaterial

The description of the key format.

Response

Returns Success and True when the private key exported successfully. Otherwise, returns the SSH SshWebResponse object.

Example: Export a public key via SSH

Request

POST https://tpp.venafi.example/vedsdkvedsdk/SSH/ExportSelfServiceAuthorizedKey
 Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "KeyId":453,
   "Format":"SSH2",
}

Response

HTTP/1.1 200 OK
{
   "KeyMaterial":"-----BEGIN RSA PRIVATE KEY-----\u000aMIIEog...
       -----END RSA PRIVATE KEY-----\u000a",
   "Response":{
      "Success":true
   }
}