Problem
When adding a GPG key to the HCP Terraform private registry via the API, you may receive the following error response:
{"errors": ["openpgp: invalid argument: no armored data found"]}You may also see this error in the HCP Terraform GPG key settings UI.
Cause
This error typically occurs when invisible characters, such as extra whitespace or newlines, are unintentionally added to the GPG key content. This can happen when copying and pasting the key from a file or terminal into a text editor or API client, which corrupts the armored ASCII format that the API expects.
Solution
To ensure the GPG key is passed to the API correctly, use the jq command-line utility to read the key from a file and insert it into the JSON payload. This method avoids potential formatting issues from manual copy-pasting.
Prerequisites
- A generated GPG key saved to a file (e.g.,
my-gpg-key.gpg). - An API token (
$TOKEN) with appropriate permissions. - The
jqutility installed on your local machine.
Procedure
- Create a
payload.jsonfile based on the sample payload documentation. This file acts as a template for the API request. -
Use the
jqutility to read your GPG key file and insert its contents into theascii-armorattribute of the payload. This command creates a new file,gpg-payload.json, with the correctly formatted request body.$ jq --arg armor "$(cat my-gpg-key.gpg)" '.data.attributes."ascii-armor"=$armor' payload.json > gpg-payload.json
-
Use
curlto submit the newgpg-payload.jsonfile to the HCP Terraform API endpoint, as described in the Add a GPG key documentation.$ curl \ --header "Authorization: Bearer $TOKEN" \ --header "Content-Type: application/vnd.api+json" \ --request POST \ --data @gpg-payload.json \ https://app.terraform.io/api/registry/private/v2/gpg-keys
After running this command, the API should successfully add the GPG key to your HCP Terraform organization.