POST SSH/ImportPrivateKey
Adds or reuses a Base64 private key for a device. This method can be used to import keys that will not otherwise be discovered by Server Agent because they are stored differently. If you want to assign an existing keyset to a policy folder, call POST SSH/AddSelfServicePrivateKey.
Requirements
- Token scope: SSH:Discover
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
DeviceGuid |
The GUID that identifies a device. Depending on your environment, the GUID may be expressed with or without curly braces {}. For example, {3d6b61d-1c71-4603-883f-25b8c2ceecdd}. To get the GUID, use POST SSH/KeysetDetails or the UI. For example:
|
Filepath |
Path of the file with the key. |
Format |
Format of the private key. Supported formats: Valid formats: OpenSSH, PuTTY,SSH2, or Tectia. |
KeyContentBase64 |
Base64 contents of private key file, in the OpenSSH, PuTTY, SSH2, or Tectia format. |
Passphrase (Optional) |
Passphrase to decrypt the key. To specify a password, use your own company password standards or follow the guidelines from the National Institute of Standards and Technology (NIST). |
Username |
Name on user specified device that will own the key. |
Returns
Name |
Description |
---|---|
KeyId |
Identifier of newly created key. |
Response |
SshWebResponse object with result of the operation. For more information, see SSH SshWebResponse object. |
Example: Import a Private Key
Request
POST https://tpp.venafi.example/vedsdk/SSH/ImportPrivateKey Authorization:Bearer 4MyGeneratedBearerTknz== { "KeyContentBase64" : " LS0tLS1C...", "DeviceGuid":"{21a8574c-f448-4a8c-aa13-cbd6a07df49b}", "Username":"user", "Filepath":"/db/privatekey/25", "Format":"OpenSSH" }
Response
HTTP/1.1 200 OK { "KeyId":146, "SshWebResponse":{"Success":true} }