/create-ssh-cert-issuer

post

https://api.akeyless.io/create-ssh-cert-issuer

Body Params

ProviderType

string

allowed-users

string

required

Defaults to -

Users allowed to fetch the certificate, e.g root,ubuntu

delete_protection

string

Protection from accidental deletion of this object [true/false]

description

string

Description of the object

extensions

object

Signed certificates with extensions, e.g permit-port-forwarding=""

external-username

string

Defaults to false

Externally provided username [true/false]

fixed-user-claim-keyname

string

For externally provided users, denotes the key-name of IdP claim to extract the username from (relevant only for external-username=true)

host-provider

string

Host provider type [explicit/target], Default Host provider is explicit, Relevant only for Secure Remote Access of ssh cert issuer, ldap rotated secret and ldap dynamic secret

item-custom-fields

object

Additional custom fields to associate with the item

json

boolean

Defaults to false

Set output format to JSON

metadata

string

Deprecated - use description

name

string

required

SSH certificate issuer name

principals

string

Signed certificates with principal, e.g example_role1,example_role2

secure-access-api

string

Secure Access SSH control API endpoint. E.g. https://my.sra-server:9900

secure-access-bastion-api

string

Deprecated. use secure-access-api

secure-access-bastion-ssh

string

Deprecated. use secure-access-ssh

secure-access-enable

string

Enable/Disable secure remote access [true/false]

secure-access-enforce-hosts-restriction

boolean

Enable this flag to enforce connections only to the hosts listed in --secure-access-host

secure-access-gateway

string

secure-access-host

array of strings

Target servers for connections (In case of Linked Target association, host(s) will inherit Linked Target hosts - Relevant only for Dynamic Secrets/producers)

secure-access-host

secure-access-ssh

string

Bastion's SSH server. E.g. my.sra-server:22

secure-access-ssh-creds-user

string

SSH username to connect to target server, must be in 'Allowed Users' list

secure-access-use-internal-bastion

boolean

Deprecated. Use secure-access-use-internal-ssh-access

secure-access-use-internal-ssh-access

boolean

Use internal SSH Access

signer-key-name

string

required

A key to sign the certificate with

tag

array of strings

List of the tags attached to this key

tag

target

array of strings

A list of linked targets to be associated, Relevant only for Secure Remote Access for ssh cert issuer, ldap rotated secret and ldap dynamic secret, To specify multiple targets use argument multiple times

target

token

string

Authentication token (see /auth and /configure)

ttl

int64

required

The requested Time To Live for the certificate, in seconds

uid-token

string

The universal identity token, Required only for universal_identity authentication

Responses

200createSSHCertIssuerResponse wraps response body.

defaulterrorResponse wraps any error to return it as a JSON object with one "error" field.