Sign SSH Public Key

cURL

curl --request POST \
  --url https://us.infisical.com/api/v1/ssh/certificates/sign \
  --header 'Content-Type: application/json' \
  --data '
{
  "certificateTemplateId": "<string>",
  "publicKey": "<string>",
  "principals": [
    "<string>"
  ],
  "certType": "user",
  "ttl": "<string>",
  "keyId": "<string>"
}
'

{
  "serialNumber": "<string>",
  "signedKey": "<string>"
}

POST

api

ssh

certificates

sign

cURL

curl --request POST \
  --url https://us.infisical.com/api/v1/ssh/certificates/sign \
  --header 'Content-Type: application/json' \
  --data '
{
  "certificateTemplateId": "<string>",
  "publicKey": "<string>",
  "principals": [
    "<string>"
  ],
  "certType": "user",
  "ttl": "<string>",
  "keyId": "<string>"
}
'

{
  "serialNumber": "<string>",
  "signedKey": "<string>"
}

Body

application/json

certificateTemplateId

string

required

The ID of the SSH certificate template to sign the SSH public key with.

Minimum string length: 1

publicKey

string

required

The SSH public key to sign.

principals

string[]

required

The list of principals (usernames, hostnames) to include in the certificate.

Minimum array length: 1

certType

enum<string>

default:user

The type of certificate to issue. This can be one of user or host.

Available options:

user,

host

ttl

string

The time to live for the certificate such as 1m, 1h, 1d, ... If not specified, the default TTL for the template will be used.

keyId

string

The key ID to include in the certificate. If not specified, a default key ID will be generated.

Maximum string length: 50

Response

Default Response

serialNumber

string

required

The serial number of the issued SSH certificate.

signedKey

string

required

The SSH certificate or signed SSH public key.

Issue SSH Credentials List

Overview

Organization

Project

Shared

Identity Auth

Secrets Management

Infisical PKI

Secret Scanning

Infisical SSH

Infisical KMS

Other

Sign SSH Public Key

Body

Response