Downloading Keys Created on AWS to CCKM
Use the post /v1/cckm/aws/synchronization-jobs API to download the keys created on the AWS KMS to the CCKM based on the KMS name and regions. If any region is not specified, then the AWS keys from all the regions will be synchronized.
Syntax
curl -k '<IP>/api/v1/cckm/aws/synchronization-jobs' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "kms": ["<kms_identifier>"],\n "regions": ["<region>"]\n}' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| kms | array of strings | Name or ID of the KMS from which the AWS keys will be synchronized. |
| regions | array of strings | Regions from which the AWS keys will be synchronized. |
| synchronize_all | boolean | Set to true to synchronize all keys from all KMS and regions. |
Note
The synchronize_alland kms, regions parameters are mutually exclusive. Specify either synchronize_all or kms and regions.
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/aws/synchronization-jobs' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJjNWMwZGJlNC1lMmJmLTQ3M2MtODY4MC01NWVkMWIzMDEzMmEiLCJzdWIiOiJsb2NhbHxhNjdjMzc0OC05YTRiLTRhZGQtYjNkOS0wNTRiYTIwYmUzYWMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMDhkNDI5ZjktNDgzYi00ODdlLWJjOTQtNGE1Mjc2ZDI2ZjZjIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImU5YWUwYTI3LWVlYjQtNGNhZi04YjE4LTdhNzIzMDBkOTA0MCIsImlhdCI6MTYwNDU1ODEzOCwiZXhwIjoxNjA0NTU4NDM4fQ.MIMArFeC4cpPNTYOd39mu6_-yihdN0CDl_917eH8-kY' -H 'Content-Type: application/json' --data-binary $'{\n "kms": ["kms"],\n "synchronize_all": false,\n "regions": ["ap-south-1"]\n}' --compressed
Example Response
{
"id": "afef70ff-311e-46c1-8ead-e1999e8c6d46",
"uri": "kylo:kylo:cckm:synchronize:afef70ff-311e-46c1-8ead-e1999e8c6d46",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-11-05T06:38:25.308834396Z",
"updatedAt": "2020-11-05T06:38:25.310835309Z",
"overall_status": "in_progress",
"cloud": "aws",
"regions": [
"ap-south-1"
],
"kms": [
"kms"
],
"abort": false
}
The sample output shows that the synchronization-jobs API has started downloading the keys from the region (ap-southeast-1) of the KMS (kms) to the CCKM. The status of synchronization process is in progress. A unique ID (afef70ff-311e-46c1-8ead-e1999e8c6d46) for the synchronization process is returned.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Note
You can also schedule synchronization of the AWS keys when needed using the scheduler API. Refer to Scheduling Synchronization for details.
