How do I manage SSH keys?
Quick answer
Section titled “Quick answer”Notory keeps SSH keys as a directory of public keys. You’ll find them under Catalog & Checkout in the SSH keys tab (not in the Certificates module). Click “Add SSH Key”, give it a name, paste in the public key, and save. Unlike the Certificates module, SSH key management is included in all tiers.
Prerequisites
Section titled “Prerequisites”SSH key management is part of the core feature set (the Catalog & Checkout area) and is available from the Basic tier onward — including in Community mode.
Instructions
Section titled “Instructions”-
Open “Catalog & Checkout”. Select Catalog & Checkout in the left-hand navigation and switch to the SSH keys tab. You’ll see the list of all stored keys.
Screenshot pendingzertifikate-ssh-01'Catalog & Checkout' page with the 'SSH keys' tab active and the list of keysSSH keys live under 'Catalog & Checkout' in the 'SSH keys' tab. -
Add a key. Click “Add SSH Key” and fill out the form:
- Name (required) — e.g. “Deploy-Key CI”.
- Public Key (required) — the full public key as text.
- Optional: Type (e.g.
ssh-ed25519/ssh-rsa), Fingerprint, Comment, Description.
Screenshot pendingzertifikate-ssh-02'Add SSH Key' dialog with the fields Name, Public Key, Type, Fingerprint, CommentThe 'Add SSH Key' dialog. Name and public key are required. -
Save. The key appears in the list in alphabetical order. Use the icons at the end of the row to edit it or (as an administrator) delete it.
Via the REST API: a POST to /api/v1/ssh-keys. name and public_key
are required.
curl -X POST https://demo.notory.io/api/v1/ssh-keys \ -H "Authorization: Bearer inv_dein_token" \ -H "Content-Type: application/json" \ -d '{ "name": "Deploy-Key CI", "public_key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJx7... ci@example.com", "key_type": "ssh-ed25519", "fingerprint": "SHA256:mVYl0dJ4qzX8vN2k...", "comment": "ci@example.com", "assigned_asset_id": null, "description": "Deployment-Key der Build-Pipeline" }'Response HTTP 201 Created:
{ "id": "5b2d8f13-9c40-4e77-a1b6-3f8e0d2c7a91", "tenant_id": "3d9b0c12-4e5a-4f88-b1c7-2a9e6d4f0011", "name": "Deploy-Key CI", "public_key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJx7... ci@example.com", "key_type": "ssh-ed25519", "fingerprint": "SHA256:mVYl0dJ4qzX8vN2k...", "comment": "ci@example.com", "assigned_asset_id": null, "description": "Deployment-Key der Build-Pipeline", "created_at": "2026-07-08T09:40:00Z", "updated_at": "2026-07-08T09:40:00Z"}Other routes: GET /api/v1/ssh-keys (list), GET/PUT/DELETE /api/v1/ssh-keys/{id}. The assigned_asset_id field (linking to an
asset, e.g. the server the key lives on) can currently only be set via the
API — the web form doesn’t offer it yet.
Possible errors: 401 (token missing/invalid), 403 (no write access,
or deletion without the admin role), 404 (SSH key not found), 422
(validation — e.g. empty name or public_key).
What happens behind the scenes?
Section titled “What happens behind the scenes?”- Tenant assignment: The key is assigned to your current tenant and is invisible to other tenants.
- Timestamps:
created_at/updated_atare tracked automatically. Unlike certificates, SSH keys do not store a creator (created_by). - A pure directory: Notory doesn’t validate the key format or verify fingerprints — the fields are for documentation purposes. There is no expiry monitoring (SSH keys have no expiry date).
- No gating: SSH key management is not license-gated — it works in every tier.
- No notification, no webhook: Adding/editing/deleting triggers neither e-mails nor webhook events.
Related topics
Section titled “Related topics”- Certificates — Overview
- Add an SSL/TLS certificate
- Catalog & Custom Fields — the other tabs of “Catalog & Checkout”
- API introduction — authentication, base URL, error codes