Adding a Version to a Google Cloud Key
Use the post /v1/cckm/google/keys/{id}/versions
API to add a new key version to a symmetric or asymmetric Google Cloud key with the given ID. Specify whether the version will be created natively on Google Cloud or uploaded from an external key source.
Syntax
curl -k '<IP>/api/v1/cckm/google/keys/{id}/versions' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n\n "is_native": <true|false>\n}' --compressed
Here, {id}
represents the resource ID of the Google Cloud key on the CipherTrust Manager.
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
is_native | boolean | Whether to create the version natively on Google Cloud or upload from an external key source. • Specify true for a native key version.• When is_native is false , the key version will be uploaded from an external key source. Specify details of the key source in source_key_id and source_key_tier described below. |
algorithm | string | Algorithm for the Google Cloud key version. The supported algorithms are: • RSA_SIGN_PSS_2048_SHA256 • RSA_SIGN_PSS_3072_SHA256 • RSA_SIGN_PSS_4096_SHA256 • RSA_SIGN_PSS_4096_SHA512 • RSA_SIGN_PKCS1_2048_SHA256 • RSA_SIGN_PKCS1_3072_SHA256 • RSA_SIGN_PKCS1_4096_SHA256 • RSA_SIGN_PKCS1_4096_SHA512 • RSA_DECRYPT_OAEP_2048_SHA256 • RSA_DECRYPT_OAEP_3072_SHA256 • RSA_DECRYPT_OAEP_4096_SHA256 • RSA_DECRYPT_OAEP_4096_SHA512 • EC_SIGN_P256_SHA256 • EC_SIGN_P384_SHA384 • EC_SIGN_SECP256K1_SHA256 (Only for protection level, HSM) • GOOGLE_SYMMETRIC_ENCRYPTION • HMAC_SHA256 |
source_key_id | string | ID of the key that will be uploaded from an external key source. |
source_key_tier | string | Key source from where the key will be uploaded. The options can be: • local : CipherTrust Manager• dsm : DSM• hsm-luna : Luna HSM (FM-enabled Luna HSM is not supported as a key source) |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/google/keys/ecc73bfb-7605-4263-abb8-84fe431d35fb/versions' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI0MmFmZDExNy02YzllLTRhNGUtOTAwYS1lYjlhNDNjYWE5ZDIiLCJzdWIiOiJsb2NhbHwzMTI5ODdkMS0wOWNiLTQxZTEtOThmNy1jZjRhNzgwNTZiMTMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNDVmOWE3NWUtMzI1NC00NWJkLWE0NzYtOWU2NWUyNjdmNGVkIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjdiYzNkOWM4LWRiYTQtNDVmMy05YWNiLWI3NGM2MzQyYzYyMCIsImlhdCI6MTYxNDc1MTg1MSwiZXhwIjoxNjE0NzUyMTUxfQ.ahdxfM7-WA4u7sotHy6qelc9MkoZytst7oZWsvE7Cr0' -H 'Content-Type: application/json' --data-binary $'{\n\n "is_native": true\n}' --compressed
Example Response
{
"id": "e2f79e23-749d-4579-bef1-5777a4651e9e",
"uri": "kylo:kylo:cckm:gcp-key-versions:e2f79e23-749d-4579-bef1-5777a4651e9e",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-05-05T06:32:29.029188762Z",
"updatedAt": "2021-05-05T06:32:29.026746133Z",
"parent_key_name": "projects/gemalto-kyloeng/locations/global/keyRings/demo-key-ring/cryptoKeys/doc-test",
"parent_key_id": "ecc73bfb-7605-4263-abb8-84fe431d35fb",
"key_ring_name": "projects/gemalto-kyloeng/locations/global/keyRings/demo-key-ring",
"version": 2,
"is_primary": true,
"key_material_origin": "native",
"deleted": false,
"gone": false,
"gcp_cloud_resource_name": "projects/cckm/locations/global/keyRings/demo-key-ring/cryptoKeys/TestKey/cryptoKeyVersions/2",
"gcp_key_version_params": {
"name": "projects/gemalto-kyloeng/locations/global/keyRings/demo-key-ring/cryptoKeys/doc-test/cryptoKeyVersions/2",
"state": "ENABLED",
"protectionLevel": "SOFTWARE",
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"createTime": "2021-05-05T06:33:47.319389434Z",
"generateTime": "2021-05-05T06:33:47.319389434Z"
}
}
The sample output displays that the new version of the Google Cloud key with the ID ecc73bfb-7605-4263-abb8-84fe431d35fb
is "version": 2,
.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.