SSH · Schema

SSH Key

Schema for an SSH public key registered in a key management system

SSHSecure ShellRemote AccessCryptographyNetwork SecuritySystem Administration

Properties

Name Type Description
id string Unique key identifier
userId string Owner user ID
keyType string SSH key algorithm type
publicKey string Public key in OpenSSH format (e.g., 'ssh-ed25519 AAAA...')
fingerprint string SHA-256 fingerprint in format 'SHA256:base64string'
comment string Key comment, typically user@hostname
createdAt string
lastUsedAt stringnull
View JSON Schema on GitHub

JSON Schema

ssh-key-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://www.openssh.com/schemas/ssh-key",
  "title": "SSH Key",
  "description": "Schema for an SSH public key registered in a key management system",
  "type": "object",
  "required": ["id", "keyType", "publicKey", "fingerprint"],
  "properties": {
    "id": {
      "type": "string",
      "description": "Unique key identifier"
    },
    "userId": {
      "type": "string",
      "description": "Owner user ID"
    },
    "keyType": {
      "type": "string",
      "enum": ["rsa", "ed25519", "ecdsa", "dsa"],
      "description": "SSH key algorithm type"
    },
    "publicKey": {
      "type": "string",
      "description": "Public key in OpenSSH format (e.g., 'ssh-ed25519 AAAA...')",
      "pattern": "^(ssh-rsa|ssh-ed25519|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|sk-ssh-ed25519@openssh\\.com) [A-Za-z0-9+/=]+( .*)?$"
    },
    "fingerprint": {
      "type": "string",
      "description": "SHA-256 fingerprint in format 'SHA256:base64string'",
      "pattern": "^SHA256:[A-Za-z0-9+/]{43}$"
    },
    "comment": {
      "type": "string",
      "description": "Key comment, typically user@hostname"
    },
    "createdAt": {
      "type": "string",
      "format": "date-time"
    },
    "lastUsedAt": {
      "type": ["string", "null"],
      "format": "date-time"
    }
  },
  "$defs": {
    "SSHCertificate": {
      "type": "object",
      "required": ["certificate", "principals", "validAfter", "validBefore"],
      "properties": {
        "certificate": {
          "type": "string",
          "description": "Signed certificate in OpenSSH certificate format"
        },
        "serialNumber": {
          "type": "integer"
        },
        "principals": {
          "type": "array",
          "items": { "type": "string" },
          "description": "List of authorized principals (usernames or hostnames)"
        },
        "validAfter": {
          "type": "string",
          "format": "date-time"
        },
        "validBefore": {
          "type": "string",
          "format": "date-time"
        },
        "certType": {
          "type": "string",
          "enum": ["user", "host"]
        },
        "fingerprint": {
          "type": "string"
        }
      }
    }
  }
}