Creating Azure Keys
Use the post /v1/cckm/azure/keys API to create Azure keys.
Syntax
curl -k '<IP>/api/v1/cckm/azure/keys' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "key_name": "<key_name>",\n "key_vault": "<key_vault>",\n "azure_param": {<azure_params>}' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| azure_param | JSON | Azure key parameters. Refer to Azure Parameters for details. |
| key_name | string | Name for the Azure key. Key names can only contain alphanumeric characters and dashes. |
| key_vault | string | Name or ID of the Azure vault where the key will be created. |
Azure Parameters
| Parameter | Type | Description |
|---|---|---|
| kty | string | Type of key to create. Possible options are: • EC- "Soft" Elliptic Curve key. • EC-HSM- "Hard" Elliptic Curve key (only for premium key vaults). • RSA- "Soft" RSA key. • RSA-HSM- "Hard" RSA key (only for premium key vaults). |
| attributes | JSON | Attributes for the key such as exp, enabled, and nbf. Possible option are: • nbf - Activation date for the key in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740. • exp - Expiration date for the key in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740. • enabled - Specify whether the key is enabled or disabled (true/false). |
| crv | string | Elliptical curve name for the key. Possible options are: • P-256 • P-384 • P-521 • SECP256K1 |
| key_ops | array of strings | Cryptographic operations performed by the key. Possible options are: • encrypt • decrypt • sign • verify • wrapKey • unwrapKey • import (applicable to RSA-HSM keys). This parameter is mandatory when creating a KEK. |
| key_size | integer | Size for the RSA and RSA-HSM keys. Possible options are: • 2048 • 3072 • 4096 |
| tags | JSON | An optional parameter to add additional information to the key. The value must be specified as the key-value pair. Refer to the following rules on tag values. |
CCKM allows the following characters in tag values:
Alphanumeric characters
Special characters ** ! @ # $ ) ( { } > < ? + - / [ ] ^ & + = | ~ ` ; . ' _ **
CCKM does not allow colon (:) and precent (%) special characters in tag values.
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/keys' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3 MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb2 1haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAw MDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6Ijg0MjMxNmZhLWFiOTItNGQ2Ni1hMjQ4LTkxM2I2MmNhOTQzNSIsImlhdCI6MTYwMTQ2MDc5NCwiZXhwIjoxNjAxNDYxMDk0fQ.4ZoMwbFAYHRHfQbf_yhQ-f5j75HaNaWViOSunTrt8xw' -H 'Content-Type: application/json' --data-binary $'{\n "key_name": "Test-key",\n "key_vault": "bedb82b9-582c-402d-9874-f3368722cf46",\n "azure_param": {\n "kty": "RSA",\n "key_size":3072,\n "attributes": {\n "nbf": 1662702740,\n "exp": 1662702740\n }\n }\n}' --compressed
Example Response
{
"id": "94a392f3-52e8-4542-90b6-b8554c046492",
"uri": "kylo:kylo:cckm:azure-key:94a392f3-52e8-4542-90b6-b8554c046492",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-09-30T10:13:47.500574756Z",
"updatedAt": "2020-09-30T10:13:47.49855808Z",
"key_vault": "keyvault-softkeys::12e533dd-b5c2-4e58-a264-0cd812dc5a34",
"key_vault_id": "bedb82b9-582c-402d-9874-f3368722cf46",
"region": "northcentralus",
"deleted": false,
"backup_at": "2020-09-30T10:13:47.49001426Z",
"soft_delete_enabled": true,
"key_soft_deleted_in_azure": false,
"status": "ACTIVE",
"syncedAt": "2020-09-30T10:13:46Z",
"created_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"modified_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"version": "e6d8dd366c024902b00e116af5e99ecc",
"key_size": 3072,
"backup": "a67e5fb314aa47d6b9d33522ae1cc8f511b92313a30b47e58411
68da27f97f32",
"key_name": "Test-key",
"cloud_name": "AzureCloud",
"azure_param": {
"key": {
"kid": "https://keyvault-softkeys.vault.azure.net/keys/Test-key/e6d8dd366c024902b00e116af5e99ecc",
"kty": "RSA",
"key_ops": [
"encrypt",
"decrypt",
"sign",
"verify",
"wrapKey",
"unwrapKey"
],
"n": "pQPKeqvSEMpQ29j3bzG3Vsz-ufp5p-
JNCI1jX4lEhmL41Xmq7CVz6HkUgwPS0PC6qZc6dHXhfkewzNtmB81T5X8XYk3vK0LNckQouDoFJRm3heAyao88ei6zUndmceWGq- OmNjVMiOVViPiB46l3NAhErHVgh8DLb7gWU3yMyu4eAZGNXVYMS0BfKSy6C_ Gz9Pz4vbmJj-7jTxD_xmKuaoKkR4g2bCFDldBE8RJjtBNF_ K8XcNEoZxVuEHYlzTOQ5eXQct8LqXVgfFtwhf2BYC7cVrK0smnN-pAor_ gurBRyEtiJQV08QCwBXh4PGjWviMPt0LTkfzjLB7yIFtrAlpAece9rbfPULNOSqLuGxhFDJGHWw6IB7IIVex_ NVeBfxsbyAHOD0t3UE0VrYijrv6gVz5-VqjC1OGcqtMEEld5- aS2HlMbfpmRhTxWTbg11KKSPIm6RqplSgqMMlzSEriuCA4l6hxGRuuQRfCOqAIUQqe_9Wx433yJKF8cCt",
"e": "AQAB"
},
"attributes": {
"recoveryLevel": "CustomizedRecoverable+Purgeable",
"enabled": true,
"nbf": 1662702740,
"exp": 1662702740,
"created": 1601460826,
"updated": 1601460826
}
},
"azure_created_at": "2020-09-30T10:13:46Z",
"azure_updated_at": "2020-09-30T10:13:46Z",
"tenant": "d27d849e-e487-4b0e-a54c-a71e67687d10",
"azure_expire_at": "2022-09-09T05:52:20Z",
"key_material_origin": "native",
"gone": false
}
The sample output shows that a key (Test-key) is created in the Azure key vault (keyvault-softkeys). A unique ID (94a392f3-52e8-4542-90b6-b8554c046492) for the key is returned. As the key is created in Azure vault, key material's origin is native.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
