List keys
4 minute read
POST
Use this endpoint to get a list with details about your SSH keys.https://daas.digicert.com/apicontroller/v1/key/list
Related topic
For more information about SSH keys and how to discover SSH keys configured on your server, see SSH keys.
Example requests and responses
cURL
curl --location --request POST 'https://daas.digicert.com/apicontroller/v1/key/list' \
--header 'X-DC-DEVKEY: {{api_key}}' \
--header 'Content-Type: application/json' \
--data-raw
'{
"accountId": 5153184,
"searchCriteriaList": [{
"key": "keyName",
"operation": "EQUALS",
"value": ["f83d1b65a899a602c5c026beb32f21fd119b5976b34c16fb27496b5d68f3405a"]
}, {
"key": "keyIp",
"operation": "EQUALS",
"value": ""
}, {
"key": "keyPath",
"operation": "EQUALS",
"value": "C:\\Certbotold1\\archive\\17feb202001.cert-testing.com\\privkey10.pem"
}],
"divisionIds": [],
"isDuplicateKeyList": true,
"startIndex": 1,
"pageSize": 50,
"filterSelected": "keyName",
"sortedColumnId": "ip",
"sortOrder": "ASC"
}'
200 OK
{
"error": null,
"data": {
"totalCount": 1,
"currentCount": 1,
"totalKeys": 0,
"keyDetailsList": [{
"keyName": null,
"securityLevel": "Not secure",
"ip": "",
"port": null,
"type": "RSA",
"firstDiscovered": 1650259868203,
"duplicateCount": null,
"scanName": "",
"protocol": null,
"filePath": "C:\\Certbotold1\\keys\\0049_key-certbot.pem",
"isRootKey": null,
"isOrphanKey": null,
"source": null,
"serverHost": "Box64",
"isProtectedKey": null
}]
}
}
Request parameters
| Name | Req/Opt | Type | Description |
|---|---|---|---|
| accountId | required | string | Account ID. |
| searchCriteriaList | optional | array | Filter results by specified values. The array includes key, operation and value. For definitions, see the Filter options for searchCriteriaList table below. Example: |
| divisionIds | required | array | User’s division IDs. |
| startIndex | optional | integer | Index of the first result. Default: 1 |
| pageSize | optional | integer | Number of records per page. Allowed values: 0 to 512Default: 50 |
| filterSelected | required | string | The value to show in the results for each sensor that meets the search criteria. Allowed values: name, ip, port, type, scanName, authenticationMethods, keyAlgorithm, protocol, duplicateKeys,userName, source, filePath, serverHost, orphanKeys |
| isDuplicateKeyList | required | boolean | Whether any duplicate key exist. Default: true |
| sortedColumnId | optional | string | Sort results by specified parameter. Allowed values: serialNumber, ip, port, scanName, serverSecurity, isCertPresent, cnDefault: ip |
| sortOrder | optional | string | Sort direction. Allowed values: DESC (descending: 9-0, Z-A), ASC (ascending: 0-9, A-Z)Default: DESC |
Response parameters
| Name | Type | Description |
|---|---|---|
| error | object | Includes error codes, if any. |
| data | object | Object with information about the filter results. |
| .. totalCount | integer | Total number of keys based on the filter criteria. |
| .. currentCount | integer | Number of records on current page. |
| .. keydetailList | array | Container for key details. |
| .. .. keyName | string | Key name. Max length: 80 characters. |
| .. .. securityLevel | string | Security status of the key. Possible values: Secure, Not secure |
| .. .. ip | string | IP address related to the key. |
| .. .. port | integer | Default SSH enabled port. |
| .. .. type | string | Type of the key. Possible values: SSH |
| .. .. firstDiscovered | integer | Timestamp for when the key was first discovered. **Format:**epoch in millisecond. Epoch corresponds to 0 hours, 0 minutes, and 0 seconds (00:00:00) Coordinated Universal Time (UTC) on a specific date, which varies from system to system. Example: 1596781119000 |
| .. .. duplicateCount | integer | Number of duplicates detected for the key. |
| .. .. scanName | string | Scan associated with the key. |
| .. .. protocol | string | Protocol used to set up an encrypted connection between the systems to communicate over the internet. Possible values: SSH1, SSH2. |
| .. .. filepath | string | The file path from where the key is discovered. |
| .. .. isRootKey | boolean | Whether it is a type of root key. |
| .. .. isOrphanKey | boolean | Whether it is an orphan key. A key is orphaned when it cannot be used further because the pair is no longer on the server. |
| .. .. source | string | The source used to identify the key. Possible values: Agent, Sensor. |
| .. .. serverHost | string | The server host associated with the key. |
| .. .. isProtectedKey | boolean | Whether it is a protected key. |
Filter options for searchCriteriaList
The array includes key, operation and value.
| Key | Operation | Value |
|---|---|---|
userName | EQUALS | Cert Central Admin, system |
keyName | EQUALS | Key name |
ip | EQUALS | IP address |
keyPath | EQUALS | Path to the key |
port | EQUALS | 22 |
authenticationMethods | EQUALS | gssapi-keyex, gssapi-with-mic, hostbased., keyboard-interactive, password, publickey, unavailable |
duplicateKeys | EQUALS | No, Yes |
type | EQUALS | SSH |
rotationLimit | EQUALS | 6 months, 9 months1 year, 2 years. |
keyAlgorithm | EQUALS | ECDSA SHA2 NISTP256 256, RSA1 1024, RSA1 2048, SSH DSS 1024, SSH RSA 1024, SSH ED25519 256, SSH RSA 2048, SSH RSA 3072, SSH RSA 4096. |
protocol | EQUALS | SSH1, SSH2 |
scanName | EQUALS | Scan name |
Was this page helpful?
Provide feedback