Getting information about access keys and SSH keys

You can get a list of access keys and SSH keys with information about each key. Access keys and SSH keys share the same URI path. You can use the filter parameter to get the keys of either type.

Method and URI

To get information about all access keys and SSH keys, use a GET method and a URI:

GET     https://{hostname|IP}/api/identity/key

To get information about a specific access key or an SSH key, use a GET method and a URI:

GET     https://{hostname|IP}/api/identity/key/{identityKeyId}

Tip

To get an {identityKeyId} value based on its name, follow the instructions in Getting an {identityKeyId}.

Parameters

Parameter 1: filter

Specify criteria to get access keys or SSH keys.

  • Values: To get only access keys, use the following value:

[
    {
        "property": "keytype",
        "value":    ["exch_key"],
        "op":       "NOT IN"
    }
]

To get only SSH keys, use the following value:

[
    {
        "property": "keytype",
        "value":    "ssh_private_key",
        "op":       "="
    }
]
  • Type: List. Available in the web user interface.

Parameter 1.1: filter > property

Specify a property to apply to the filter.

  • Value: keytype

  • Type: List. Available in the web user interface.

Parameter 1.2: filter > value

Specify the property value that you want to apply to the filter.

  • Type: List or system string. Available in the web user interface.

Data

None.

Example 1: Get information about all access keys

Assume that you added access keys to IBM Spectrum Protect Plus. A Python snippet that is similar to the following example can be used to request information about the access keys:

_params = {
    "filter": str([{
        "property": "keytype",
        "value":    ["exch_key"],
        "op":       "NOT IN"
    }])
}

requests.get('https://' + spp_ipv4 + '/api/identity/key',
    params=_params, headers={...}, verify=...)
_images/reference_accesskey_get1.png

Figure 57 The same action can be taken in the IBM Spectrum Protect Plus web user interface: In the navigation pane, click System Configuration > Keys and Certificates, and ensure that the Access Key tab is displayed.

The response body for the Python snippet displays a list of all access keys and all SSH keys. The HTTP status of this response is 200 (OK).

{
    "links": {...},
    "total": 3,
    "keys": [
        {
            "links": {...},
            "resourceType": "key",
            "id": "1002",
            "name": "BlueMachines Amazon EC2 Key1",
            "keytype": "iam_key",
            "keyalgorithm": null,
            "length": 0,
            "user": null,
            "comment": null,
            "fingerprint": null,
            "publickey": null,
            "access": "G9493LAPUDNDPL9J38SW",
            "secret": null,
            "privatekey": "",
            "tenant": null,
            "tenantID": null,
            "clientID": null,
            "clientSecret": null,
            "adminUser": null,
            "adminUserPass": null,
            "rbacPath": "root:0/identity:0/identitytype:key/identitykey:1002"
        },
        {
            ...
            "id": "1003",
            "name": "BlueMachines IBM COS Dallas Key",
            ...
        },
        {...}
    ]
}

Example 2: Get information about all SSH keys

Assume that you added SSH keys to IBM Spectrum Protect Plus. A Python snippet that is similar to the following example can be used to request information about the SSH keys:

_params = {
    "filter": str([{
        "property": "keytype",
        "value":    "ssh_private_key",
        "op":       "="
    }])
}

requests.get('https://' + spp_ipv4 + '/api/identity/key',
    params=_params, headers={...}, verify=...)
_images/reference_ssh_get01.png

Figure 58 The same action can be taken in the IBM Spectrum Protect Plus web user interface: In the Keys and Certificates pane, click the SSH Keys tab.

The response body for the Python snippet displays a list of all access keys and all SSH keys. The HTTP status of this response is 200 (OK).

{
    "links": {...},
    "total": 2,
    "keys": [
        {
            "links": {...},
            "resourceType": "key",
            "id": "1006",
            "name": "Oracle - Dallas 1 SSH",
            "keytype": "ssh_private_key",
            "keyalgorithm": "RSA",
            "length": 1024,
            "user": "sarah-oracle1",
            "comment": null,
            "fingerprint": "5f:96:57:e2:43:52:16:25:c2:27:25:e7:39:9f:05:b7",
            "publickey": "ssh-rsa 22EYOeQkIV0OlvepsVdy2NoktYdwZhfR9JFMNkUj3IXd3p
↪...
↪0pvuGdiXPlEV/XxE3yqRDGqwiVQYMSOZd9wgfjOFMbq9DkTZYpfivZXjzFWoJVKNYSx ",
            "access": null,
            "secret": "",
            "privatekey": null,
            "tenant": null,
            "tenantID": null,
            "clientID": null,
            "clientSecret": null,
            "adminUser": null,
            "adminUserPass": null,
            "rbacPath": "root:0/identity:0/identitytype:key/identitykey:1006"
        },
        {
            ...
            "id": "1007",
            "name": "support-vm SSH",
            ...
        }
    ]
}

Example 3: Get information about a specific access key

In this example, a Python snippet is used to get information about a specific access key: BlueMachines IBM COS Dallas Key ({identityKeyId} 1003).

identity_key_id = "1003"

requests.get('https://' + spp_ipv4 + '/api/identity/key/' + identity_key_id,
    headers={...}, verify=...)

The request prompts a response that is structured as shown, with the HTTP status of 200 (OK).

{
    "links": {...},
    "resourceType": "key",
    "id": "1003",
    "name": "BlueMachines IBM COS Dallas Key",
    "keytype": "iam_key",
    "keyalgorithm": null,
    "length": 0,
    "user": null,
    "comment": null,
    "fingerprint": null,
    "publickey": null,
    "access": "COJf710BhRzrCvARh7gH",
    "secret": null,
    "privatekey": "",
    "tenant": null,
    "tenantID": null,
    "clientID": null,
    "clientSecret": null,
    "adminUser": null,
    "adminUserPass": null,
    "rbacPath": "root:0/identity:0/identitytype:key/identitykey:1003"
}