Show Public Keys

Shows all public keys for a resource as newline delimited string for compatibility with the authorized_keys SSH format.

Returns an empty string if the resource does not exist, to prevent attackers from determining whether a resource exists.

Kinds of resources

Kind

Description

User

one unique human

Host

a single logical machine (in the broad sense, not just physical)

Layer

a collection of hosts that have the same privileges

Group

a collection of users and groups that have the same privileges

Policy

privileges on policies enable a user to create and modify objects and permissions

Variable

a secret such as a password, API key, SSH key, etc

Webservice

an HTTP(S) web service which performs sensitive operations

 

Entity IDs must be URL-encoded

URI

 
GET /public_keys/{account}/{kind}/{identifier}

Any identifier included in the URL must be URL-encoded to be recognized by the Conjur API.

Examples:

Identifier

URL-Encoded

myapp-01

myapp-01(no change)

alice@devops

alice%40devops

prod/aws/db-password

prod%2Faws%2Fdb-password

research+development

research%2Bdevelopment

sales&marketing

sales%26marketing

Example using curl

 
curl https://eval.conjur.org/public_keys/myorg/user/alice

Response

Code

Description

200

Public keys returned as newline delimited string

Example URI

For example, to show all the public keys for the user “alice”:

 
GET /public_keys/myorg/user/alice

URI Parameters

Parameter

Type

Mandatory

Description

account

String

Yes

Organization account name

Example: myorg

kind

String

Yes

kind of resource of which to show public keys

Example: user

identifier

String

Yes

the identifier of the object

Example: alice

Response 200

Headers

 
Content-Type: text/plain

Body

 
ssh-rsa AAAAB3Nzabc2 admin@alice.com

ssh-rsa AAAAB3Nza3nx alice@example.com