SSH Credentials#

Do not construct this object directly, instead access the ssh_credentials property of an ngrok.Client object.

class ngrok.services.SSHCredentialsClient(client)[source]#

SSH Credentials are SSH public keys that can be used to start SSH tunnels via the ngrok SSH tunnel gateway.

create(public_key, description='', metadata='', acl=[], owner_id=None)[source]#

Create a new ssh_credential from an uploaded public SSH key. This ssh credential can be used to start new tunnels via ngrok’s SSH gateway.

Parameters:
  • description (str) – human-readable description of who or what will use the ssh credential to authenticate. Optional, max 255 bytes.

  • metadata (str) – arbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes.

  • acl (Sequence[str]) – optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of bind:*=example which will allow x=example, y=example, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions.

  • public_key (str) – the PEM-encoded public key of the SSH keypair that will be used to authenticate

  • owner_id (Optional[str, None]) – If supplied at credential creation, ownership will be assigned to the specified User or Bot. Only admins may specify an owner other than themselves. Defaults to the authenticated User or Bot.

https://ngrok.com/docs/api#api-ssh-credentials-create

Return type:

SSHCredential

delete(id)[source]#

Delete an ssh_credential by ID

Parameters:

id (str) – a resource identifier

https://ngrok.com/docs/api#api-ssh-credentials-delete

get(id)[source]#

Get detailed information about an ssh_credential

Parameters:

id (str) – a resource identifier

https://ngrok.com/docs/api#api-ssh-credentials-get

Return type:

SSHCredential

list(before_id=None, limit=None)[source]#

List all ssh credentials on this account

Parameters:
  • before_id (Optional[str, None]) –

  • limit (Optional[str, None]) –

https://ngrok.com/docs/api#api-ssh-credentials-list

Return type:

SSHCredentialList

update(id, description=None, metadata=None, acl=None)[source]#

Update attributes of an ssh_credential by ID

Parameters:
  • id (str) –

  • description (Optional[str, None]) – human-readable description of who or what will use the ssh credential to authenticate. Optional, max 255 bytes.

  • metadata (Optional[str, None]) – arbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes.

  • acl (Optional[Sequence[str], None]) – optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of bind:*=example which will allow x=example, y=example, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions.

https://ngrok.com/docs/api#api-ssh-credentials-update

Return type:

SSHCredential