VM instance metadata
Metadata is used by programs that are run when the VM starts. For example, to make a list of users or specify a public SSH key to connect to the VM.
From inside the VM, the metadata server is accessible at the IP address
Metadata format when creating a VM
Metadata is set in the
metadata field as
key:value pairs. Only a string can be used as a value. If you need to pass multiple strings, separate them with the line break character
You can pass metadata values to the CLI as the following file:
--metadata-from-file key=path/to/file. This is convenient when passing values consisting of multiple strings.
You can specify any keys. The keys you need to specify depend on the program that will handle them on your VM. For example, in Linux images provided by Yandex.Cloud, the cloud-init program is used.
Metadata, including user-defined, is stored unencrypted. Anyone who can connect to a VM can get this metadata. If you place confidential information in the metadata, take measures to protect it, for example, by encrypting it.
Programs handling metadata in Yandex.Cloud images
In Linux public images, the program used to configure VMs by default is cloud-init.
In Windows public images, it is Cloudbase-Init.
cloud-init program handles metadata that was passed in the keys
All user-defined metadata for
cloud-init should be passed in the
user-data key. There are several formats of metadata supported by
cloud-init, such as
You can use
user-data to pass SSH keys to a VM and specify which user each key belongs to. To do this, pass them in the
users/ssh_authorized_keys element. For more information, see the section Users and Groups in the
Example of metadata in the
#cloud-config users: - name: demo groups: sudo shell: /bin/bash sudo: ['ALL=(ALL) NOPASSWD:ALL'] ssh-authorized-keys: - ssh-rsa AAAAB3Nza......OjbSMRX firstname.lastname@example.org - ssh-rsa AAAAB3Nza......Pu00jRN user@desktop
To pass SSH keys to a VM, use the
cloud-init will handle only the first key in the list. The key will be assigned to the user specified in the
cloud-init configuration by default. In different images, these users differ.
If you aren't sure which user is set by default, we recommend passing the SSH keys in the