Generate

Members of an organization can generate certificates for themselves Signing certificates for other users requires a special permission

TypeScript

import { cloudApi, serviceClients, Session } from "@yandex-cloud/nodejs-sdk";

const GenerateSshCertificateRequest =
  cloudApi.organizationmanager.ssh_certificate_service
    .GenerateSshCertificateRequest;

(async () => {
  const authToken = process.env["YC_OAUTH_TOKEN"];
  const session = new Session({ oauthToken: authToken });
  const client = session.client(serviceClients.SshCertificateServiceClient);

  const result = await client.generate(
    GenerateSshCertificateRequest.fromPartial({
      // cloudId: "cloudId",
      // organizationId: "organizationId",
      // subjectId: "subjectId",
      // osLogin: "osLogin",
      publicKey: "publicKey",
    })
  );
  console.log(result);
})();

Python

import os
import grpc
import yandexcloud

from yandex.cloud.organizationmanager.v1.ssh_certificate_service_pb2 import (
    GenerateSshCertificateRequest,
)
from yandex.cloud.organizationmanager.v1.ssh_certificate_service_pb2_grpc import (
    SshCertificateServiceStub,
)

token = os.getenv("YC_OAUTH_TOKEN")

sdk = yandexcloud.SDK(token=token)

service = sdk.client(SshCertificateServiceStub)
response = service.Generate(
    GenerateSshCertificateRequest(
        # cloud_id = "cloudId",
        # organization_id = "organizationId",
        # subject_id = "subjectId",
        # os_login = "osLogin",
        public_key="publicKey"
    )
)
print(response)

GenerateSshCertificateRequest

One of scope

• cloudId : string

  the cloud must be attached to an organization

• organizationId : string

One of subject

• subjectId : string

  specify subject to generate certificate for default login

• osLogin : string

  specify os_login for a specific login

publicKey : string

GenerateSshCertificateResponse

signedCertificate : string

as per specification https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD

---