Upload and Propagate GPG Signing Keys for Distribution

JFrog REST APIs
Products
JFrog Xray
Content Type
REST API
ft:sourceType
Paligo

Description: GPG Keys are used to sign Release Bundles v1. The GPG key pair will automatically be propagated to Artifactory Source and Destinations. You can use this to do one of the following:

Important

For information about propagating Release Bundle v2 signing keys, see Propagate Public Signing Key.

  • Upload a GPG key pair to JFrog Distribution from your file systemGPG Signing

  • Retrieve keys from a vault.

Notes:

  • Requires JFrog Mission Control version 4.5.0 and above.

  • Distribution relies on JFrog Mission Control communicating to the JPDs to propagate the GPG Keys

  • The keys must be copied and pasted into the request body.

  • You cannot use public_key and private_key parameters with the vault_data parameter.

  • The vault_id parameter should be Hashicorp as it is the only supported vault for now.

Since: 2.4

Note

From version 2.8.1, Distribution supports managing multiple GPG signing keysto sign Release Bundles. This enables you to assign a signing key pair per Release Bundle providing you with the granularity to choose which keys to use to sign the Release Bundles instead of using the same key pair to sign all.GPG Signing

Security: Admin only

Usage: POST /api/v1/keys/{protocol: pgp|gpg}

Request headers: N/A

Consumes: application/json

Note

The JSON request body should have "set_as_default": true if this is the first key that is set or if there is no default key in Artifactory.

POST:/api/v1/keys/{protocol: pgp|gpg}

body:
{
    "key": {
        "public_key": "-----BEGIN PGP PUBLIC KEY BLOCK-----...-----END PGP PUBLIC KEY BLOCK-----",
        "private_key": "-----BEGIN PGP PRIVATE KEY BLOCK-----...-----END PGP PRIVATE KEY BLOCK-----"
    },
    "propagate_to_edge_nodes": true,
    "fail_on_propagation_failure": false
}
Expected response:
{
        "report": {
                "message" : "error message if exists"
                "status" : PARTIAL_SUCCESS | SUCCESS | FAILURE | PROPAGATION_NOT_REQUESTED | PROPAGATION_NOT_SUPPORTED_BY_MISSION_CONTROL | NO_GPG_KEY_TO_PROPAGATE
                "details" : [
                        {
                                "jpd_id" : "id1",
                                "name" : "US-EAST"
                                "key_alias" : "my first key"
                                "status" : "SUCCESS"
                        },
                        {
                                "jpd_id" : "id2",
                                "name" : "US-WEST"
                                "key_alias" : "my first key"
                                "status" : "SUCCESS"
                        },
                ]
        }
}

Multiple GPG Keys Sample

{
 "key": {
    "alias": "name",
    "public_key" : "",
"private_key": ""
 },
 "propagate_to_edge_nodes" : false,
 "fail_on_propagation_failure": false,
 "set_as_default": true
}

Vault Sample Usage

body:
{
    "fail_on_propagation_failure": false,
    "propagate_to_edge_nodes": false,
    "key": {
        "vault_data": {
            "vault_id": "hashicorp",
            "public_key": {
                "path": "kv/public/path",
                "key": "public"
            },
            "private_key": {
                "path": "kv/private/path",
                "key": "private"
            }
Expected response:
{
    "report": {
        "message" : "error message if exists"
        "status" : PARTIAL_SUCCESS | SUCCESS | FAILURE | PROPAGATION_NOT_REQUESTED | PROPAGATION_NOT_SUPPORTED_BY_MISSION_CONTROL | NO_GPG_KEY_TO_PROPAGATE
        "details" : [
            {
                "jpd_id" : "id1",
                "name" : "US-EAST"
                "key_alias" : "my first key"
                "status" : "SUCCESS"
            },
            {
                "jpd_id" : "id2",
                "name" : "US-WEST"
                "key_alias" : "my first key"
                "status" : "SUCCESS"
            },
        ]
    }
}