Powershell logo

PowerShell is a rapidly rising shell and programming language that is now cross-platform and simple to use. By combining PowerShell with the DigitalOcean API, we can quickly provision resources, such as virtual machines, known as Droplets, from scripts of functions.

In this article, we explore how to leverage the DigitalOcean REST API with PowerShell to deploy a droplet into the existing environment.

Installing PowerShell Core

If you are running a Windows system, you might have the previous version of PowerShell known as Windows PowerShell. If you have Linux, you will need to install PowerShell to make sure that we can run the commands and scripts needed. Follow this link for instructions as to how to do this.


One of the great things about PowerShell 7 is that it can be installed side-by-side on Windows systems and will not affect the existing Windows PowerShell environment. In this way, it is easy to get started and not break any existing scripts.

Create API Keys from DigitalOcean

For Terraform to communicate with DigitalOcean, we need to generate API Keys for use with the DigitalOcean provider. The following steps outline how to create a new API key specifically for use with Terraform. You might use other API Keys, but it is best practice to not reuse keys, where you can, to easily disable access when necessary.

  1. Login to the DigitalOcean control panel.
  1. Navigate to the API section.
  1. Click on “Generate New Token.”
  1. Enter a token name and allow the token both read and write privileges.
  1. Copy the API Key, as you will not be shown it again. We will then use this for Terraform.

Generate a new personal access token.

DigitalOcean REST API

A lot of information is found in the DigitalOcean REST API documentation, but we are focused on the authentication and droplet creation calls. To authenticate, we need the following, as pulled from the documentation. This is accomplished via OAuth, which is a substitute for a username and password. This token, therefore, must be well-protected as it will allow full access to a DigitalOcean account. The following headers are necessary for proper authentication:

  • Authorization: Bearer digitaloceanapitoken
  • Content-Type: application/json

Without these headers, the API will not be able to authenticate, and it will also not understand how to parse the data coming in.

Creating the JSON configuration

In this example, we are provisioning a simple droplet resource. We want to use their cheapest available plan in the NYC1 data center, and add on a couple of options that will make the droplet more flexible to use in the future.

  • Droplet Image: ubuntu-18.04-x64
  • Region: NYC1
  • Size: s1-vcpu1-1gb

Because we need to pass in our configuration via JSON, we can format using the following:

$JSON = @{
  "name"               = "test-web-vm"
  "region"             = "nyc1"
  "size"               = "s-1vcpu-1gb"
  "image"              = "ubuntu-18-04-x64"
  "ipv6"               = $true
  "private_networking" = $true
	"monitoring"         = $true
} | ConvertTo-JSON -Compress

The additional commands that we are adding here are for monitoring, ipv6, and private networking. Monitoring means that you will have metrics, such as CPU and memory, from within the DigitalOcean cloud console. You can then set alerts on these metrics, so it is very useful for the future. IPv6 means that your droplet will be accessible from IPv6, which helps to future-proof your droplets. Finally, private networking means that your droplet will get a 10.x.x.x address that is accessible by other droplets but not the public internet.

There is one other very useful ability and that is user data. For Linux, this allows you to run certain commands on the provisioning of the VM, such as updating packages. We can include this right into the JSON configuration, by adding this attribute on:

$JSON = @{
“name” = “test-web-vm”
“region” = “nyc1”
“size” = “s-1vcpu-1gb”
“image” = “ubuntu-18-04-x64”
“ipv6” = $true
“private_networking” = $true
“monitoring” = $true
“user_data” = “#cloud-confignpackage_update: truenpackage_upgrade: true”
} | ConvertTo-JSON -Compress

When populating a user config, you might notice that it can look a bit strange. You need to be careful of line breaks and double quotes to avoid breaking the JSON config.

Provisioning the Droplet

Now that we have created our configuration, we will deploy the droplet. To do this, we simply need to run the cmdlet Invoke-RestMethod in PowerShell using our configuration:

$JSON = @{
  "name"               = "test-web-vm"
  "region"             = "nyc1"
  "size"               = "s-1vcpu-1gb"
  "image"              = "ubuntu-18-04-x64"
  "ipv6"               = true
  "private_networking" = true
	"monitoring"         = true
	"user_data"          = "#cloud-confignpackage_update: truenpackage_upgrade: true"
} | ConvertTo-JSON -Compress

$Params = @{
  "URI"            = "https://api.digitalocean.com/v2/droplets"
  "Method"         = "POST"
  "Body"           = $JSON
	"Authentication" = "OAuth"
  "Token"          = ('digitaloceanapitoken' | ConvertTo-SecureString -AsPlainText)
  "ErrorAction"    = 'Stop'
  "Headers"        = @{
	  "Content-Type" = "application/json"

Invoke-RestMethod @Params

After doing this, we should get a success message from the console, with a return code of 200 that indicates that the droplet creation was successful.

After going into the console, you will find that the droplet now appears as expected with all the configuration options as defined. It may take a few moments to create, but one of the hallmarks of DigitalOcean is the speed of Droplet creation.

Droplet creation

Additional Options

There are a few additional options that you might want to apply, depending on the circumstances. Listed below are some parameters that can make deploying a droplet even easier:

  • ssh_keys
  • backups
  • volumes
  • tags

It is best practice to not allow direct SSH access using a root password. Therefore, providing SSH keys upon provisioning is a far more secure method. DigitalOcean offers backups, for a cost, and you can enable this from within an API call. Additionally, DigitalOcean volumes can be attached to a droplet to allow for movable block storage. Finally, tagging allows you to categorize and apply certain policies, such as firewalls to a droplet.

Wrapping Up

As you can tell by combining PowerShell with the DigitalOcean API, we can quickly and easily provision a droplet. As you read further into the documentation, you might find that there is far more that you can do to make this work effectively and allow you to integrate PowerShell into your configurations.

Profile Photo for Adam Bertram Adam Bertram
Adam Bertram is a 20+ year veteran of IT and an experienced online business professional. He’s a consultant, Microsoft MVP, blogger, trainer, published author and content marketer for multiple technology companies.
Read Full Bio »