Manage PGP keys

You can use REST APIs to create, delete, or update PGP keys for the following resources:

  • Products
  • Partners
  • Unmanaged products
  • Applications

For information on managing PGP keys from the UI, see Pretty Good Privacy (PGP).

Note Using the UI you can only create PGP keys. Using REST APIs you can create, update, or delete PGP keys.

Create, delete, or update PGP keys

POST

You can create a PGP key for a resource by specifying a name, also known as alias, and the key content encoded in Base64.

Applications, partners, and unmanaged products use a public PGP key.

POST /api/v2/applications/applicationId/pgpkeys

{

“name”: “new_pgpKey”

“content”: {{public_pgpkey_content}}

}

Products use a private PGP key. To create a private PGP key, provide the content of the PGP key, encoded in base64, as well as the clear text password associated with the key.

POST /api/v2/products/productid/pgpkeys

{

“name”: “new_pgpKey”

“content”: {{private_pgpkey_content}}

“password”: {{private_pgpkey_password}}

}

Products use a private PGP key. To create a private PGP key, provide the PGP key content, encoded in base64, as well as the clear text password associated with the key.

POST /api/v2/products/productid/pgpkeys

{

“name”: “new_pgpKey”

“content”: {{private_pgpkey_content}}

“password”: {{private_pgpkey_password}}

}

Example

The following example shows how to create a partner public PGP key, where Content is the public PGP key provided by the partner.

POST /api/v2/partners/{businessId}/pgpkeys

{

"name": "public_ssh_key",

"Content": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tClZlcnNpb246IEJDUEcgdjEuNDgKCm1RRU5CRjBaeFBFQkNB

RERoQ0QvUUxkWTZqd2hJQzZ0aGVMbGx3a3MvNnlQbU15OVp2TkdMb3BnMUhHSkNqTWoKTHI4Z0xTcFN4ckZyQjB5L3NETDh5dnJzdDlic3N1aGh

PdFUxMjNPSHhWdTdNcEFPeldGYmNndnR3QVNYUHVWSApwdjNwR1N4V1NEVHBXMTJhcXVQLzJKeExMTm1oaDFCc3hYNGN1NlIzUXBZMnl0ckxqWk

E5eUtOSm9vRlJ6MjA2ClBuSHJ4aVdGYkxac0dTM051QkUzWXpVU3hGMzZHUlVBaGtqY2RMUktMOG9rZlVJRjF0blp3UnBHN3I0KzFwejIKYTB4N

kk4SjVkRitHUjh6ZEdHTGl4aXcybFRqV0RWSG4ydzFIa1ZNUjNPSFV0TXhKbThPWjl0VlBFaVYzSnhBNwppd01uQWtzMzZnek53Zk9oekwyZUJ3

dnJaN2o2dWZSRk5vRHBBQkVCQUFHMEZXTnlhWE4wYVc1aE1qQXhPU0E4ClkwQmpMbkp2UG9rQk9nUVRBUUlBSkFVQ1hSbkU4UVVKQkxaYWtBb0xC

d2dKQkFNR0JRSUtDQlVGQVFNQ0NBa0sKQXhZQkFnQUtDUkQxamZvdjBSZDhRd2ZIQi85a1Z4MlV0Sy9kSndMSGdQYWNsTGZwVHpRb3k1L1VPQ1p4

TWRScQpEenN1VHAvLzZoUUw4Sm5MblBuMkFMY0lDN1MzT2doWEp6RTZKaC9tZDJEZndic2ExVXNqeG1YSWtCYTAwRnF0Ckx2OUdJTjdNRFN5bmZ

JeXBYNnA3UFNWNmFrUmNneFlqbEl2b0IyN1ppS0wwbXhhUWFMKzQ0RFlNMjg5ZnhaaHEKc2s5NmJXUFVVbVVsZzBNdFlncmE2VjNGNjNLL3poWG1

6QTFNUnVUdGJWVXlISDJtYnJqTUpqRjdZSXB2UVZsdgp6S3lBUXN5QXpnbmNEc0k1SnpEb255eGJwU0YrRDJmcUhyUVhQMVZEZEZON2pmTk15Syth

QjZUbHZxQmR5OWU2ClZJeDFJczI0Y3h2WjlnUGZyeTVLb2VMbjZjc25UYXp6NUxvZ3FlWE5JL1RGZ3k1VHVRRU5CRjBaeFBFQkNBQ3AKSG81YlFw

ZUQ4bjhFQ0xQdlJDRm1FRWU1TG05T3V2c2M4aXZORlZUWGtYeXg1YUxBTlVNYkxFS2hJanpoUnY1YwpmbmIyU0pld1hybDNtZEdaTklRMlZsOUROW

lp2amZ5eXJRVGYxdUwralZtQk5sQ3V3UmFvdzE0cnRnK1RDMGl4Clg4Y051NG9OQk80TDdnaWJMaXpZLzdubUNUd010VnhpQkFhTXRhazE3YlcyZn

ZTQUlhakUvdFg3YjdhdUxNK2gKdnBvdUNHQmFSQTZTOHdJaUVRdk9WK2RnNmZZT1AwdzgwNit0dUpTTFBqckRBZzZTdHZYUWlXSnVwb3k5Q3RNUgp

hMTZPYnJCbXdjN01CclI5VUZBWWhrblI1Q3R3WGdKcVpWWThxT2R6dTh6QXhrWnA5dU1nUzhvUlhndWNUTnlVCkFjR2Q4WDRRRlpVL2lSb1AwMzNq

QUJFQkFBR0pBVG9FR0FFQ0FDUUZBbDBaeFBJRkNRUzJXcEFLQ3djSUNRUUQKQmdVQ0NnZ1ZCUUVEQWdnSkNnTVdBUUlBQ2drUTlZMzZMOUVYZkVNd

FlBZi9UREpBeDR0aHd2bjRVRXdUdzhOUgpVRzdSOENjc3JkYUhHMGdGaVMxMmhJTGU3R0dLTGtpSzI4ZXFhL0lWdDMwZGg3Q05DNlpja3QyQnB6Zk

Q1a1lXCm5FeTcvMkRnQkdoV2NpTFhFTFlrZUpyN0NsQjRuVHBkazBnM3BRaTExV1d0S2pMa1ZLMmgwNnVBdzd2Z0RqNmwKdlJueU9yTEJobElobnU0

OXd2Vi9RZGFGYjI5U1kwdTBlUkdESjlnSGFiellBczZTa0JWdDlOMW1EVytOZ1A4cQpwbE54d09qc2ZldUZCd1hUNy9EZXpaakNqQ2J3QUZNY083S3

VlS0R3YjJZRmV1UTgzL3NZWlpmWnpDTE92OFZaCk1LbUVvMVU4bW9XazFKUmZJRHJ5U0I5Zm1obndaRzlYbXNqV2R5QVJkbHg0c2dTOFptNEFvek92

OUwrL1BLZXQKQkE9PQo9NklURQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg==",

"PrivateKey": "false"

}

GET

You can retrieve a public PGP key using its business ID or name. You can also retrieve all the PGP keys in a specific resource.

  • GET /api/v2/applications/applicationId/pgpkeys
  • GET /api/v2/unmanagedproducts/unmanagedProductId/pgpkeys
  • GET /api/v2/partners/partnerId/pgpkeys
  • GET /api/v2/products/productid/pgpkeys

You can retrieve a private PGP key using its business ID or name. You can also retrieve all the PGP keys for an entity.

For information on retrieving the PGP key content, see Retrieve credential contents .

If you do not provide an encryption key for a product, the content retrieved is null.

PUT

You can update the content of a PGP key while preserving its alias, using the same body syntax as for POST. The password should match the PGP key content.

  • PUT /api/v2/applications/applicationId/pgpkeys
  • PUT /api/v2/unmanagedproducts/unmanagedProductId/pgpkeys
  • PUT /api/v2/partners/partnerId/pgpkeys
  • PUT /api/v2/products/productid/pgpkeys
Note If the PGP key is used in a flow, you must use the _forced option.

DELETE

You can remove a PGP key that is no longer used in flows, for example when an expired PGP key is replaced by a new one.

You can identify the PGP key using its name or business id.

Key request fields

This table describes field settings when creating or updating a private key. For keys created during registration, isPrivateKey is set to false, so you can only update the public key in the key pair.

When updating an SSH key, you can update the public key without having to provide the private key for the key pair.

REST API resource

PGP keys

POST /api/v2/products/id/pgpkeys

In create mode:

  • The product PGP key must be a private  key.
  • The keyContent is  mandatory.
  • The keyPassword is mandatory for a PGP key.
  • You must set isPrivateKey true. 

PUT /api/v2/products/id/pgpkeys

 

In update mode:

  • If isPrivateKey=true:
    • The keyContent must be a private key.
    • The keyPassword is required.
  • If isPrivateKey=false:
    • The keyContent must be a public key.
  • If you do not provide isPrivateKey:
    • The key content type is autodetected based on keyContent.

You can replace the corresponding certificate with a public one. This allows for the updating of keys imported during registration, such as the SecureTransport admind.

POST /api/v2/products/id/communicationprofiles

PUT /api/v2/products/id/communicationprofiles

  • Same as POST /api/v2/products/id/keys for new keys.
  • Same as PUT /api/v2/products/id/keys for updating keys.

The keyAlias takes the value of the key name.

POST /api/v2/partners

PUT /api/v2/partners

  • The keyContent must be a public key.
  • The keyContent is mandatory.
  • You must set isPrivateKey to false.

 

Central Governance | Document Directory

Related Links