4

I am creating a bash executable, which creates an SSH key, and uploads it to a user's Gitlab account. I am aware of how to create the SSH key via the bash executable:

ssh-keygen -o -f ~/.ssh/id_rsa

and I also know how to retrieve from it, however I don't know how to upload it to a user's Gitlab account.

I have found multiple documentations for uploading a user's SSH to Github however not Gitlab (I assume mostly similar...?). So I would use this for Github

curl -u "USERNAME:PASSWORD" --data "{\"title\": \"TITLE\", \"key\": \"$(cat ~/.ssh/id_rsa.pub)\"}" https://api.github.com/user/keys

and I would make USERNAME, PASSWORD, and TITLE input fields for the user to customize.

I want to say that it would be as simple for Gitlab (I found POST /users/:id/keys on their API site, but don't know how to implement it as a curl command), but I don't know how closely related Gitlab and Github are.

dessert
  • 39,392
  • 12
  • 115
  • 163
a.mosallaei
  • 345
  • 1
  • 3
  • 12
  • I am not sure this is related to Ubuntu. – user68186 Aug 01 '19 at 20:27
  • @user68186 is it not? Do you suggest another place for me to ask this? Like maybe Unix & Linux? – a.mosallaei Aug 01 '19 at 20:46
  • @a.mosallaei It’s simple: Do you use Ubuntu? If yes, your question is clearly about [using and administering](https://askubuntu.com/help/on-topic) it and thus on-topic. If you however use another distribution or an unsupported release, [unix.se] is the place to ask. – dessert Aug 01 '19 at 21:21

1 Answers1

4

The first problem you need to solve when using the Gitlab REST API is the authentification, nicely explained in the docs here. I use a personal access token in this post which creation is explained here, but for you with a script authenticating as a specific user an Impersonation token (see here for the creation) may be better suited.

To add an ssh key I need:

POST /user/keys

To send data (and subsequently use the POST method) curl provides the -d option, required fields are title and key. As the default header is Content-Type: application/x-www-form-urlencoded but the API expects json I have to specify that using the -H option:

$ curl -d '{"title":"test key","key":"'"$(cat ~/.ssh/id_rsa.pub)"'"}' -H 'Content-Type: application/json' https://gitlab.com/api/v4/user/keys?private_token=<my_access_token>
{"id":3889765,"title":"test key","key":"ssh-rsa <my_ssh_key>","created_at":"2019-08-01T21:26:40.952Z"}

Now to test the change I just list my ssh keys. The docs say I have to use GET /user/keys, as GET is curl’s default method I just do:

$ curl https://gitlab.com/api/v4/user/keys?private_token=<my_access_token>
[{"id":3889765,"title":"test key","key":"ssh-rsa <my_ssh_key>","created_at":"2019-08-01T21:26:40.952Z"}]

I did this just for testing, so I’m going to delete the key with DELETE /user/keys/:key_id – note that :key_id needs to be substituted by the id of the key to delete:

$ curl -X DELETE https://gitlab.com/api/v4/user/keys/3889765?private_token=<my_access_token>

Here’s a nice article about curl and the common REST methods.

dessert
  • 39,392
  • 12
  • 115
  • 163
  • this is a very in-depth answer, and I really appreciate it. Just a clarifying question, `curl -d '{"title":"test key","key":"'"$(cat ~/.ssh/id_rsa.pub)"'"}' -H 'Content-Type: application/json' https://gitlab.com/api/v4/user/keys?private_token=` this code sends the SSH key to the user's account? I have to have some code to access a user's account, correct? Like some code that takes input of user's username and password. I believe it is written in the API how to receive this data, but if you could clarify for me, I would be more than grateful. – a.mosallaei Aug 01 '19 at 22:24
  • 1
    @a.mosallaei No, with an access token like I used here (see first paragraph) you don’t need this information, just the correct token. I didn’t find a way to authenticate with username and password with the API, which may very well be by design. – dessert Aug 01 '19 at 22:27
  • Ok, that makes sense. I do appreciate it though – a.mosallaei Aug 01 '19 at 22:28
  • @a.mosallaei You’re welcome! Do I correctly read between the lines that you actually want to write a script that *asks* the user for the gitlab credentials and then authenticates with *them*? If yes I think posting that as a [new question](https://askubuntu.com/questions/ask) is the right thing to do. – dessert Aug 01 '19 at 22:35
  • Yes :/. honestly it is easier for me and in the end more reliable for the work I do. I will definitely post it as a new question though. Thanks! – a.mosallaei Aug 01 '19 at 22:39
  • 1
    here's the [new question](https://askubuntu.com/questions/1162782/how-to-authenticate-with-a-users-gitlab-username-and-password-through-a-bash-ex). Thank you for all the help once again!! – a.mosallaei Aug 01 '19 at 22:47