Creating Azure Keys
Use the post /v1/cckm/azure/keys
API to create Azure keys.
Syntax
curl -k '<IP>/api/v1/cckm/azure/keys' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "key_name": "<key_name>",\n "key_vault": "<key_vault>",\n "azure_param": {<azure_params>}' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
azure_param | JSON | Azure key parameters. Refer to Azure Parameters for details. |
key_name | string | Name for the Azure key. Key names can only contain alphanumeric characters and dashes. |
key_vault | string | Name or ID of the Azure vault where the key will be created. |
Azure Parameters
Parameter | Type | Description |
---|---|---|
kty | string | Type of key to create. Possible options are: • EC- "Soft" Elliptic Curve key. • EC-HSM- "Hard" Elliptic Curve key (only for premium key vaults). • RSA- "Soft" RSA key. • RSA-HSM- "Hard" RSA key (only for premium key vaults). |
attributes | JSON | Attributes for the key such as exp, enabled, and nbf. Possible option are: • nbf - Activation date for the key in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740. • exp - Expiration date for the key in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740. • enabled - Specify whether the key is enabled or disabled (true/false). |
crv | string | Elliptical curve name for the key. Possible options are: • P-256 • P-384 • P-521 • SECP256K1 |
key_ops | array of strings | Cryptographic operations performed by the key. Possible options are: • encrypt • decrypt • sign • verify • wrapKey • unwrapKey • import (applicable to RSA-HSM keys). This parameter is mandatory when creating a KEK. |
key_size | integer | Size for the RSA and RSA-HSM keys. Possible options are: • 2048 • 3072 • 4096 |
tags | JSON | An optional parameter to add additional information to the key. The value must be specified as the key-value pair. Refer to the following rules on tag values. |
CCKM allows the following characters in tag values:
Alphanumeric characters
Special characters ** ! @ # $ ) ( { } > < ? + - / [ ] ^ & + = | ~ ` ; . ' _ **
CCKM does not allow colon (:) and precent (%) special characters in tag values.
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/keys' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3 MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb2 1haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAw MDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6Ijg0MjMxNmZhLWFiOTItNGQ2Ni1hMjQ4LTkxM2I2MmNhOTQzNSIsImlhdCI6MTYwMTQ2MDc5NCwiZXhwIjoxNjAxNDYxMDk0fQ.4ZoMwbFAYHRHfQbf_yhQ-f5j75HaNaWViOSunTrt8xw' -H 'Content-Type: application/json' --data-binary $'{\n "key_name": "Test-key",\n "key_vault": "bedb82b9-582c-402d-9874-f3368722cf46",\n "azure_param": {\n "kty": "RSA",\n "key_size":3072,\n "attributes": {\n "nbf": 1662702740,\n "exp": 1662702740\n }\n }\n}' --compressed
Example Response
{
"id": "94a392f3-52e8-4542-90b6-b8554c046492",
"uri": "kylo:kylo:cckm:azure-key:94a392f3-52e8-4542-90b6-b8554c046492",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-09-30T10:13:47.500574756Z",
"updatedAt": "2020-09-30T10:13:47.49855808Z",
"key_vault": "keyvault-softkeys::12e533dd-b5c2-4e58-a264-0cd812dc5a34",
"key_vault_id": "bedb82b9-582c-402d-9874-f3368722cf46",
"region": "northcentralus",
"deleted": false,
"backup_at": "2020-09-30T10:13:47.49001426Z",
"soft_delete_enabled": true,
"key_soft_deleted_in_azure": false,
"status": "ACTIVE",
"syncedAt": "2020-09-30T10:13:46Z",
"created_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"modified_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"version": "e6d8dd366c024902b00e116af5e99ecc",
"key_size": 3072,
"backup": "a67e5fb314aa47d6b9d33522ae1cc8f511b92313a30b47e58411
68da27f97f32",
"key_name": "Test-key",
"cloud_name": "AzureCloud",
"azure_param": {
"key": {
"kid": "https://keyvault-softkeys.vault.azure.net/keys/Test-key/e6d8dd366c024902b00e116af5e99ecc",
"kty": "RSA",
"key_ops": [
"encrypt",
"decrypt",
"sign",
"verify",
"wrapKey",
"unwrapKey"
],
"n": "pQPKeqvSEMpQ29j3bzG3Vsz-ufp5p-
JNCI1jX4lEhmL41Xmq7CVz6HkUgwPS0PC6qZc6dHXhfkewzNtmB81T5X8XYk3vK0LNckQouDoFJRm3heAyao88ei6zUndmceWGq- OmNjVMiOVViPiB46l3NAhErHVgh8DLb7gWU3yMyu4eAZGNXVYMS0BfKSy6C_ Gz9Pz4vbmJj-7jTxD_xmKuaoKkR4g2bCFDldBE8RJjtBNF_ K8XcNEoZxVuEHYlzTOQ5eXQct8LqXVgfFtwhf2BYC7cVrK0smnN-pAor_ gurBRyEtiJQV08QCwBXh4PGjWviMPt0LTkfzjLB7yIFtrAlpAece9rbfPULNOSqLuGxhFDJGHWw6IB7IIVex_ NVeBfxsbyAHOD0t3UE0VrYijrv6gVz5-VqjC1OGcqtMEEld5- aS2HlMbfpmRhTxWTbg11KKSPIm6RqplSgqMMlzSEriuCA4l6hxGRuuQRfCOqAIUQqe_9Wx433yJKF8cCt",
"e": "AQAB"
},
"attributes": {
"recoveryLevel": "CustomizedRecoverable+Purgeable",
"enabled": true,
"nbf": 1662702740,
"exp": 1662702740,
"created": 1601460826,
"updated": 1601460826
}
},
"azure_created_at": "2020-09-30T10:13:46Z",
"azure_updated_at": "2020-09-30T10:13:46Z",
"tenant": "d27d849e-e487-4b0e-a54c-a71e67687d10",
"azure_expire_at": "2022-09-09T05:52:20Z",
"key_material_origin": "native",
"gone": false
}
The sample output shows that a key (Test-key
) is created in the Azure key vault (keyvault-softkeys
). A unique ID (94a392f3-52e8-4542-90b6-b8554c046492
) for the key is returned. As the key is created in Azure vault, key material's origin is native
.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.