---
title: Private Keys
summary: >-
  A private key is used to sign a Certificate. A key can be used to sign
  multiple certificates.
url: >-
  https://www.fastly.com/documentation/reference/api/tls/custom-certs/private-keys
---

A private key is used to sign a Certificate. A key can be used to sign multiple certificates.

## Data model

| Field | Type | Description |
|-------|------|-------------|
| `key` | string | The contents of the private key. Must be a PEM-formatted key. Not returned in response body. Required. |
| `name` | string | A customizable name for your private key. Optional. |
| `relationships.tls_activations.id` | string | Alphanumeric string identifying a TLS activation. |
| `relationships.tls_domains.id` | string | The domain name. |
| `type` | string | Resource type. |
| `created_at` | string | Date and time in ISO 8601 format. (Read-only) |
| `deleted_at` | string | Date and time in ISO 8601 format. (Read-only) |
| `id` | string | Alphanumeric string identifying a private Key. (Read-only) |
| `key_length` | integer | The key length used to generate the private key. (Read-only) |
| `key_type` | string | The algorithm used to generate the private key. Must be <code>RSA</code>. (Read-only) |
| `public_key_sha1` | string | Useful for safely identifying the key. (Read-only) |
| `replace` | boolean | A recommendation from Fastly to replace this private key and all associated certificates. (Read-only) |
| `updated_at` | string | Date and time in ISO 8601 format. (Read-only) |

## API endpoints

### List TLS private keys

**GET** `/tls/private_keys`

List all TLS private keys.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `filter[in_use]` | string | query | No | Limit the returned keys to those without any matching TLS certificates. The only valid value is false. |
| `page[number]` | integer | query | No | Current page. |
| `page[size]` | integer | query | No | Number of records per page. |

### Create a TLS private key

**POST** `/tls/private_keys`

Create a TLS private key.

### Get a TLS private key

**GET** `/tls/private_keys/{tls_private_key_id}`

Show a TLS private key.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `tls_private_key_id` | string | path | Yes | Alphanumeric string identifying a private Key. |

### Delete a TLS private key

**DELETE** `/tls/private_keys/{tls_private_key_id}`

Destroy a TLS private key. Only private keys not already matched to any certificates can be deleted.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `tls_private_key_id` | string | path | Yes | Alphanumeric string identifying a private Key. |