Fetching the Metadata of External Keys
Use the get /v1/cckm/oci/ekm/v1/vaults/{vaultId}/keys/{keyId}/metadata
API to fetch the metadata associated with the latest version of an external key.
The API returns the key specification (algorithm and size), current version ID, status (ACTIVE or BLOCKED), and the supported cryptographic operations (encrypt, decrypt, sign, verify, wrap, and unwrap).
This release supports the encrypt and decrypt operations.
The supported scope value is oci_hyok_getKeyMetadata
.
When running the API,
{vaultId}
is the resource ID of the external vault on the CipherTrust Manager.{keyId}
is the resource ID of the external key on the CipherTrust Manager.
Header
Parameter | Type | Description |
---|---|---|
opc-request-id | String | Unique identifier for the request. If provided, the returned request ID will include this value. Otherwise, a random request ID will be generated by the service. |
Example Request
get https://<Host IP Address>/api/v1/cckm/oci/ekm/v1/vaults/{vaultId}/keys/{keyId}/metadata
<authorization token and other headers>
Example Response
{
"keyId": "650e330b-47b1-4d9f-ab72-866b4e10df39",
"currentKeyVersionId": "1272f6a0-9377-4e9a-9158-460860716eaf",
"keyShape":
{
"algorithm": AES,
"length": 256
},
"state": "ACTIVE",
"keyOps": [
"ENCRYPT",
"DECRYPT"
]
}
Response Codes
Response Code | Description |
---|---|
200 | Ok |
400 | Bad request |
401 | Unauthorized |
404 | Not found |
403 | Forbidden |
500 | Internal server error |
Refer to HTTP status codes for details.