SSH Credentials API

Updated 1 month ago by Michael Katz

This topic lists sample queries for CRUD operations that create, read, update, and delete Harness secrets that manage SSH keys.

The ! following the type means that this field is required.

In this topic:

Before You Begin

Get a Secret

This sample retrieves an existing SSH Credentials secret by its ID.

query{
secret(secretId:"iyBV3R8ZQWe48GMiaTht7A",secretType:SSH_CREDENTIAL){
... on SSHCredential{
name
id
authenticationType{
... on SSHAuthentication{
port
userName
}
... on KerberosAuthentication{
principal
port
realm
}
}
}
}
}

The authenticationType element supports credentials using both SSHAuthentication and KerberosAuthentication.

Get a Secret by Name

This sample uses a secretByName query to retrieve an existing secret by its name.

query{
secretByName(name:"testing_SSH",secretType:SSH_CREDENTIAL){
... on SSHCredential{
name
authenticationType{
... on SSHAuthentication{
port
userName
}
... on KerberosAuthentication{
principal
port
realm
}
}
}
}
}

Create an SSH Credentials Secret

This sample creates a secret. The required CreateSecretInput input must include a SecretType.

 mutation($secret: CreateSecretInput!){
createSecret(input: $secret){
secret{
... on SSHCredential{
name
id
authenticationType{
... on SSHAuthentication{
port
userName
}
... on KerberosAuthentication{
principal
port
realm
}
}
}
}
}
}

Query Variables: Inline Key

For the above query, these sample variables supply the SecretType and an inline SSH key.

You must provide the inline SSH key as a Base64-encoded string.

{
"secret": {
"secretType": "SSH_CREDENTIAL",
"sshCredential": {
"name": "ssh_credential_with_inline_key",
"authenticationScheme": "SSH",
"sshAuthentication": {
"port": 22,
"userName": "ubuntu",
"sshAuthenticationMethod": {
"sshCredentialType": "SSH_KEY",
"inlineSSHKey": {
"sshKeySecretFileId": "ePuBMQvPQ0Sl3FGYkd9NQg"
}
}
},
"usageScope": {
"appEnvScopes": [
{
"application": {
"filterType": "ALL"
},
"environment": {
"filterType": "PRODUCTION_ENVIRONMENTS"
}
}
]
}
}
}
}

Query Variables: File Path

These sample variables specify the SecretType, and reference the SSH Key by its file path.

{
"secret": {
"secretType": "SSH_CREDENTIAL",
"sshCredential": {
"name": "Test",
"authenticationScheme": "SSH",
"sshAuthentication": {
"port": 22,
"userName": "ubuntu",
"sshAuthenticationMethod": {
"sshCredentialType": "SSH_KEY_FILE_PATH",
"sshKeyFile": {
"path": "ePuBMQvPQ0Sl3FGYkd9NQg"
}
}
},
"usageScope": {
"appEnvScopes": [
{
"application": {
"filterType": "ALL"
},
"environment": {
"filterType": "PRODUCTION_ENVIRONMENTS"
}
}
]
}
}
}
}

Query Variables: Password

These sample variables supply an inline password for the new secret.

{
"secret": {
"secretType": "SSH_CREDENTIAL",
"sshCredential": {
"name": "Test",
"authenticationScheme": "SSH",
"sshAuthentication": {
"port": 22,
"userName": "ubuntu",
"sshAuthenticationMethod": {
"sshCredentialType": "PASSWORD",
"serverPassword": {
"passwordSecretId": "mq-PSjt0Sjmq43dEE5V1og"
}
}
},
"usageScope": {
"appEnvScopes": [
{
"application": {
"filterType": "ALL"
},
"environment": {
"filterType": "PRODUCTION_ENVIRONMENTS"
}
}
]
}
}
}
}

Query Variables: Kerberos Keytab

These sample variables supply a Kerberos keytab for the new secret.

{
"secret": {
"secretType": "SSH_CREDENTIAL",
"sshCredential": {
"name": "TestSample1",
"authenticationScheme": "KERBEROS",
"kerberosAuthentication": {
"principal": "asdasd",
"realm": "asdasd",
"port": 22,
"tgtGenerationMethod": {
"tgtGenerationUsing": "KEY_TAB_FILE",
"keyTabFile": {
"filePath": "/asd/asdasd"
}
}
},
"usageScope": {
"appEnvScopes": [
{
"application": {
"filterType": "ALL"
},
"environment": {
"filterType": "PRODUCTION_ENVIRONMENTS"
}
}
]
}
}
}
}

Query Variables: Kerberos Password

These sample variables supply a Kerberos password for the new secret.

{
"secret": {
"secretType": "SSH_CREDENTIAL",
"sshCredential": {
"name": "TestSample1",
"authenticationScheme": "KERBEROS",
"kerberosAuthentication": {
"principal": "asdasd",
"realm": "asdasd",
"port": 22,
"tgtGenerationMethod": {
"tgtGenerationUsing": "PASSWORD",
"kerberosPassword": {
"passwordSecretId": "mq-PSjt0Sjmq43dEE5V1og"
}
}
},
"usageScope": {
"appEnvScopes": [
{
"application": {
"filterType": "ALL"
},
"environment": {
"filterType": "PRODUCTION_ENVIRONMENTS"
}
}
]
}
}
}
}

Update a Secret

This sample updates an existing secret. The required UpdateSecretInput input must supply a secretType and an id.

You can update the name or the sshAuthentication/kerberosAuthentication. To update the credentials, you must supply the complete sshAuthentication/kerberosAuthentication as input.

mutation($secret: UpdateSecretInput!){
updateSecret(input: $secret){
secret{
... on SSHCredential{
name
id
authenticationType{
... on SSHAuthentication{
port
userName
}
... on KerberosAuthentication{
principal
port
realm
}
}
}
}
}
}

Query Variables

These sample variables supply the required secretType and id.

{
"secret": {
"secretId": "",
"secretType": "SSH_CREDENTIAL",
"sshCredential": {
"name": "Test",
"authenticationScheme": "SSH",
"sshAuthentication": {
"port": 22,
"userName": "ubuntu",
"sshAuthenticationMethod": {
"sshCredentialType": "PASSWORD",
"serverPassword": {
"passwordSecretId": "mq-PSjt0Sjmq43dEE5V1og"
}
}
},
"usageScope": {
"appEnvScopes": [
{
"application": {
"filterType": "ALL"
},
"environment": {
"filterType": "PRODUCTION_ENVIRONMENTS"
}
}
]
}
}
}
}

Delete a Secret

This sample deletes a specified secret. The required DeleteSecretInput input must supply a secretId and a secretType.

mutation($secret: DeleteSecretInput!){
deleteSecret(input: $secret){
clientMutationId
}
}

Query Variables

Here are query variables for the above deleteSecret operation.

{
"secret": {
"secretId": "okvQ69PMQIqjyI3r5YB1JQ",
"secretType": "SSH_CREDENTIAL"
}
}


How did we do?