1. Account Administration
  2. Authentication
  3. SSH Keys for SFTP
  4. Uploading Private SSH Keys

Uploading Private SSH Keys

You can store and manage your keys on the Private Keys page. Keys with or without passphrase are accepted.

Note:

The SuiteScript Server SuiteScript feature must be enabled to access the Private Keys page. For help enabling this feature, see Enabling SuiteScript.

To upload a new key:

  1. Go to Setup > Company > Preferences > Keys.

  2. At the top of the page, click the Create New button.

  3. In the New Private Key window, on the Details tab, enter a descriptive name for this key in the Name field.

  4. In the ID field, enter the script ID for this key. The script ID of the key lets you access the key using SuiteScript. You should make this a descriptive ID with no spaces or special characters. NetSuite prefixes the script ID with ‘custkey’.

  5. In the Description field, enter a description of this key, such as its use and who maintains it.

  6. On the Files tab, in the Private Key File field, choose a private key file. This file must be in PEM format.

    Example key files are the id_rsa, id_ecdsa, and id_dsa files.

  7. In the Password field, enter the same password that you used when you generated the key using the ssh-keygen command.

  8. In the Audience tab, check the Restrict to Employees box to restrict the usage of the key in SuiteScript to the specified list of employees.

    Employees must also be using roles with the Key Access permission to be able to execute a script that accesses a key.

  9. To restrict access through SuiteScript to specific scripts, enter the script IDs in the Restrict to Scripts field.

    For more information about restricting access to keys, see Locking and Restricting Certificates.

  10. Click Save. The key is decrypted and validated using the provided password. The key and password are securely stored to the NetSuite database.

Note:

When testing in various accounts, you must re-upload your key to the new account. For example, if you upload a key in your production account and refresh your sandbox account, you must still re-upload your key in the sandbox account.

You can view the list of uploaded keys on the Keys page.

Related Topics

General Notices