Help Center/ Data Encryption Workshop/ API Reference/ APIs/ Key Pair Management APIs/ Key Pair Management/ Creating and Importing an SSH Key Pair
Updated on 2026-06-09 GMT+08:00
View PDF
Share

Creating and Importing an SSH Key Pair

Function

Creating and Importing an SSH Key Pair

Calling Method

For details, see Calling APIs.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

  • If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
  • If you are using identity policy-based authorization, the following identity policy-based permissions are required.

    Action

    Access Level

    Resource Type (*: required)

    Condition Key

    Alias

    Dependencies

    kps:SSHKeyPair:create

    Write

    SSHKeyPair *

    • kps:KmsKeyId

    • kps:Algorithm

    kps:domainKeypairs:create
    • kms:cmk:createDataKey
    • kms:cmk:list

URI

POST /v3/{project_id}/keypairs

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Definition

Project ID. For details, see Obtaining a Project ID.

Constraints

N/A

Range

The value returned by the IAM API is used, which contains 32 characters.

Default Value

N/A

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Definition

User token. It can be obtained by calling the IAM API. The value of X-Subject-Token in the response header is the user token.

Constraints

N/A

Range

Obtain the value by calling the IAM API for obtaining the user token.

Default Value

N/A
Table 3 Request body parameters

Parameter

Mandatory

Type

Description

keypair

Yes

CreateKeypairAction object

Definition

Parameter in the request body for creating a key pair

Constraints

N/A

Range

N/A

Default Value

N/A
Table 4 CreateKeypairAction

Parameter

Mandatory

Type

Description

name

Yes

String

Definition

SSH key pair name

Constraints

  • The key pair name must be unique.

  • The SSH key pair name can contain at most 255 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed.

Range

N/A

Default Value

N/A

type

No

String

Definition

Key pair type

Constraints

N/A

Range

  • ssh

  • x509

Default Value

ssh

public_key

No

String

Definition

Public key of the key pair

Constraints

N/A

Range

N/A

Default Value

N/A

scope

No

String

Definition

Domain to which the key pair belongs, which can be tenant-level or user-level.

Constraints

N/A

Range

  • domain

  • user

Default Value

user

user_id

No

String

Definition

ID of the user to which the SSH key pair belongs

Constraints

N/A

Range

N/A

Default Value

N/A

key_protection

No

KeyProtection object

Definition

SSH key pair private key management and protection information

Constraints

N/A

Range

N/A

Default Value

N/A
Table 5 KeyProtection

Parameter

Mandatory

Type

Description

private_key

No

String

Definition

Private key of the imported SSH key pair

Constraints

N/A

Range

N/A

Default Value

N/A

encryption

Yes

Encryption object

Definition

How a private key is encrypted and stored

Constraints

N/A

Range

N/A

Default Value

N/A
Table 6 Encryption

Parameter

Mandatory

Type

Description

type

Yes

String

Definition

Encryption type

Constraints

If KMS is unavailable, set this parameter to default.

Range

  • default: Default encryption mode, which applies to sites where KMS is unavailable.

  • kms: KMS encryption mode

Default Value

default

kms_key_name

No

String

Definition

KMS key name

Constraints

  • If type is set to kms, you must enter the KMS key name or ID.

Range

N/A

Default Value

N/A

kms_key_id

No

String

Definition

KMS key ID

Constraints

  • If type is set to kms, you must enter the KMS key name or ID.

Range

N/A

Default Value

N/A

Response Parameters

Status code: 200

Table 7 Response body parameters

Parameter

Type

Description

keypair

CreateKeypairResp object

Definition

Response body for creating an SSH key pair

Range

N/A
Table 8 CreateKeypairResp

Parameter

Type

Description

name

String

Definition

SSH key pair name

Range

N/A

type

String

Definition

Key pair type

Range

  • ssh

  • x509

public_key

String

Definition

Public key of the key pair

Range

N/A

private_key

String

Definition

Private key of the key pair

Range

  • When creating an SSH key pair, the response contains the private key information.

  • When importing an SSH key pair, the response does not contain the private key information.

fingerprint

String

Definition

Fingerprint information about an SSH key pair

Range

N/A

user_id

String

Definition

ID of the user to which the SSH key pair belongs

Range

N/A

Example Requests

{
  "keypair" : {
    "name" : "demo2"
  }
}

Example Responses

Status code: 200

Request succeeded.

{
  "keypair" : {
    "name" : "demo",
    "type" : "ssh",
    "public_key" : "ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB...",
    "private_key" : "-----BEGIN RSA PRIVATE KEY-----...",
    "fingerprint" : "49:ef:73:2b:9b:7f:2e:0c:58:d3:e3:42:8e:28:04:3b",
    "user_id" : "e4f380899b1248918f3d37098dc63746"
  }
}

Status Codes

Status Code

Description

200

Request succeeded.

Error Codes

See Error Codes.

Parent Topic: Key Pair Management