SSH Credentials API

Updated 4 months ago by Michael Katz

This topic lists sample queries for CRUD operations that create, read, update, and delete Harness secrets that manage SSH keys:

This API is currently in Beta. Where a ! character appears at the end of a parameter's name, this indicates a required parameter.

Get a Secret

This sample retrieves an existing SSH Credentials secret by its ID:

query{
secret(secretId:"iyBV3R8ZQWe48GMiaTht7A",secretType:SSH_CREDENTIAL){
... on SSHCredential{
name
id
authenticationType{
... on SSHAuthentication{
port
userName
}
... on KerberosAuthentication{
principal
port
realm
}
}
}
}
}

The authenticationType element supports credentials using both SSHAuthentication and KerberosAuthentication.

Get a Secret by Name

This sample uses a secretByName query to retrieve an existing secret by its name:

query{
secretByName(name:"testing_SSH",secretType:SSH_CREDENTIAL){
... on SSHCredential{
name
authenticationType{
... on SSHAuthentication{
port
userName
}
... on KerberosAuthentication{
principal
port
realm
}
}
}
}
}

Create an SSH Credentials Secret

This sample creates a secret. The required CreateSecretInput input must include a SecretType:

 mutation($secret: CreateSecretInput!){
createSecret(input: $secret){
secret{
... on SSHCredential{
name
id
authenticationType{
... on SSHAuthentication{
port
userName
}
... on KerberosAuthentication{
principal
port
realm
}
}
}
}
}
}

Query Variables: Inline Key

For the above query, these sample variables supply the SecretType and an inline SSH key.

You must provide the inline SSH key as a Base64-encoded string.

{
"secret": {
"secretType": "SSH_CREDENTIAL",
"sshCredential": {
"name": "ssh_credential_with_inline_key",
"authenticationScheme": "SSH",
"sshAuthentication": {
"port": 22,
"userName": "ubuntu",
"sshAuthenticationMethod": {
"sshCredentialType": "SSH_KEY",
"inlineSSHKey": {
"sshKey": "base64EncodedSSHKey"
}
}
}
}
}
}

Query Variables: File Path

These sample variables specify the SecretType, and reference the SSH Key by its file path:

{
"secret": {
"secretType": "SSH_CREDENTIAL",
"sshCredential": {
"name": "ssh_creden_with_file_path",
"authenticationScheme": "SSH",
"sshAuthentication": {
"port": 22,
"userName": "ubuntu",
"sshAuthenticationMethod": {
"sshCredentialType": "SSH_KEY_FILE_PATH",
"sshKeyFile": {
"path": "/Users/testUser/Desktop/test.pem"
}
}
}
}
}
}

Query Variables: Password

These sample variables supply an inline password for the new secret:

{
"secret": {
"secretType": "SSH_CREDENTIAL",
"sshCredential": {
"name": "ssh_creden_with_password",
"authenticationScheme": "SSH",
"sshAuthentication": {
"port": 22,
"userName": "deepakpatankar",
"sshAuthenticationMethod": {
"sshCredentialType": "PASSWORD",
"serverPassword": {
"password": "password"
}
}
}
}
}
}

Update a Secret

This sample updates an existing secret. The required UpdateSecretInput input must supply a secretType and an id.

You can update the name or the sshAuthentication/kerberosAuthentication. To update the credentials, you must supply the complete sshAuthentication/kerberosAuthentication as input.

mutation($secret: UpdateSecretInput!){
updateSecret(input: $secret){
secret{
... on SSHCredential{
name
id
authenticationType{
... on SSHAuthentication{
port
userName
}
... on KerberosAuthentication{
principal
port
realm
}
}
}
}
}
}

Query Variables

These sample variables supply the required secretType and id:

{
"secret": {
"secretType": "SSH_CREDENTIAL",
"id": "SiAq52l-So2nEJiDFqg3_A",
"sshCredential": {
"name": "ssh_creden_with_password",
"authenticationScheme": "SSH",
"sshAuthentication": {
"port": 22,
"userName": "deepakpatankar",
"sshAuthenticationMethod": {
"sshCredentialType": "PASSWORD",
"serverPassword": {
"password": "password"
}
}
}
}
}
}

Delete a Secret

This sample deletes a specified secret. The required DeleteSecretInput input must supply a secretId and a secretType:

mutation($secret: DeleteSecretInput!){
deleteSecret(input: $secret){
clientMutationId
}
}

Query Variables

Here are query variables for the above deleteSecret operation.

{
"secret": {
"secretId": "okvQ69PMQIqjyI3r5YB1JQ",
"secretType": "SSH_CREDENTIAL"
}
}


How did we do?