Add API endpoint to retrieve SSH public key for push mirrors
Release notes
GitLab now provides an API endpoint to retrieve SSH public keys for push mirrors, enabling automated setup of mirror authentication and reducing manual intervention in repository management workflows.
Problem to solve
Currently, GitLab's API allows creating push mirrors with SSH key authentication, but there's no programmatic way to retrieve the generated public key. Users must manually access the web UI to copy the key, which breaks automation workflows and increases operational overhead, especially in environments managing multiple repositories and mirrors.
Proposal
Add a new API endpoint to retrieve the SSH public key for a specific push mirror:
GET /api/v4/projects/:id/remote_mirrors/:mirror_id/ssh_public_keyExpected response:
{
"public_key": "ssh-rsa AAAAB3NzaC1...",
"fingerprint": "SHA256:...",
"created_at": "2024-01-17T12:00:00Z"
}The endpoint will:
- Require appropriate authentication and authorization
- Be rate-limited to prevent abuse
- Include audit logging for security tracking
- Return both the public key and its fingerprint
- Be accessible only to users with Maintainer access or higher
We would also need to update the documentation https://docs.gitlab.com/ee/api/remote_mirrors.html
Intended users
Unknown
Feature Usage Metrics
We will track:
- Number of API calls to the key retrieval endpoint
- Success rate of automated mirror setups
- Time between mirror creation and first successful sync
- Percentage of mirrors using API-retrieved keys vs manual setup
- Error rates and types for the endpoint
Does this feature require an audit event?
Yes, this feature requires audit events for:
- Each successful retrieval of an SSH public key
- Failed attempts to access the endpoint
- Key regeneration events