optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the bind rule. The bind rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rule bind:example.ngrok.io. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule of bind:*.example.com which will allow x.example.com, y.example.com, *.example.com, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule of bind:*=example which will allow x=example, y=example, etc. A rule of '*' is equivalent to no acl at all and will explicitly permit all actions.
Optional description
description:string
human-readable description of who or what will use the ssh credential to authenticate. Optional, max 255 bytes.
id
id:string
Optional metadata
metadata:string
arbitrary user-defined machine-readable data of this ssh credential. Optional, max 4096 bytes.
optional list of ACL rules. If unspecified, the credential will have no restrictions. The only allowed ACL rule at this time is the
bind
rule. Thebind
rule allows the caller to restrict what domains, addresses, and labels the token is allowed to bind. For example, to allow the token to open a tunnel on example.ngrok.io your ACL would include the rulebind:example.ngrok.io
. Bind rules for domains may specify a leading wildcard to match multiple domains with a common suffix. For example, you may specify a rule ofbind:*.example.com
which will allowx.example.com
,y.example.com
,*.example.com
, etc. Bind rules for labels may specify a wildcard key and/or value to match multiple labels. For example, you may specify a rule ofbind:*=example
which will allowx=example
,y=example
, etc. A rule of'*'
is equivalent to no acl at all and will explicitly permit all actions.