Key Life Cycle Management APIs
This section describes the CCKM Key Life Cycle Management APIs for AWS. Before proceeding, you must have an AWS account added to the CCKM.
These APIs are used to perform the following tasks:
Common ID Parameters
While managing AWS keys using the API or CLI, you might notice a number of key-related parameters such as id
, uri
, and local_key_name
are displayed in the output.
As part of key generation, a CipherTrust Manager resource and a cloud resource are generated in CCKM. The information received from these resources is merged into one. The following table lists some sample resources and defines them.
Parameter | Description |
---|---|
"id": "89dfabc2-ae71-4c9f-b242-c87f9b2a9660" | ID of the resource on the CipherTrust Manager. This id is internal to CipherTrust Manager and is not visible on the CipherTrust Manager GUI. The REST APIs to get/list keys also do not return this information. |
"uri": "kylo:kylo:cckm:aws-key:89dfabc2-ae71-4c9f-b242-c87f9b2a9660" | URI of the CipherTrust Manager resource. uri changes if you use a child domain (subdomain). In this case, the ID of the child domain is embedded in uri . |
"local_key_id": "c82b792a634d4eb38738db52d45ba43d3fc95256064b4788889fa11ee29c85fb" | ID of the CipherTrust Manager source key that was uploaded to the AWS cloud when creating the key. |
"local_key_name": "cckm/aws/thalescryptolabs/use1/demo/s3/aes256" | Label of the CipherTrust Manager source key that was uploaded to the AWS cloud when creating the key. |
"Arn": "arn:aws:kms:us-east-1:771663151343:key/6c195996-191f-40cf-81e7-eee328d40d0b" | Amazon Resource Name (ARN) of the KMS key. Refer to AWS Key Management Service (AWS KMS) for examples. The Arn parameter is displayed under aws_params , which indicates the parameter is from the AWS cloud. |
"KeyID": "6c195996-191f-40cf-81e7-eee328d40d0b" | ID of the key in AWS KMS. |