Show public keys

Shows all public keys for a resource as newline delimited string for compatibility with the authorized_keys SSH format.

Returns an empty string if the resource does not exist, to prevent attackers from determining whether a resource exists.

Kinds of resources

Kind

Description

User

One unique human

Host

A single logical machine (in the broad sense, not just physical)

Layer

A collection of hosts that have the same privileges

Group

A collection of users and groups that have the same privileges

Policy

Privileges on policies enable a user to create and modify objects and permissions

Variable

A secret such as a password, API key, SSH key, etc.

Webservice

An HTTP(S) web service which performs sensitive operations
 

Entity IDs must be URL-encoded.

URI

  
GET /public_keys/{account}/{kind}/{identifier}

Any identifier included in the URL must be URL-encoded to be recognized by the Conjur API.

Examples:

Identifier

URL-Encoded

myapp-01

myapp-01(no change)

alice@devops

alice%40devops

prod/aws/db-password

prod%2Faws%2Fdb-password

research+development

research%2Bdevelopment

sales&marketing

sales%26marketing

URI Parameters

Parameter

Type

Mandatory

Description

account

String

Yes

Organization account name.

Example: myorg

kind

String

Yes

kind of resource of which to show public keys

Example: user

identifier

String

Yes

the identifier of the object

Example: alice

Example using curl

  
curl https://eval.conjur.org/public_keys/myorg/user/alice

Response

Code

Description

200

Public keys returned as newline delimited string

Example URI

For example, to show all the public keys for the user “alice”:

  
GET /public_keys/myorg/user/alice

Response 200

Headers

  
Content-Type: text/plain

Body

  
ssh-rsa AAAAB3Nzabc2 admin@alice.com
ssh-rsa AAAAB3Nza3nx alice@example.com