Enabling Key for Rotation Job
Use the /v1/cckm/azure/keys/{id}/enable-rotation-job enable an Azure key for scheduled rotation job. To use this API, first create a new rotation job configuration, the job_config_id is required to call this API. Refer to Scheduling Key Rotation for details.
Syntax
curl -k '<IP>/api/v1/cckm/azure/keys/{id}/enable-rotation-job' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "job_config_id": "<job_config_id>",\n "auto_rotate_key_source": "<key_material_source>",\n "auto_rotate_key_type": "<key_type>",\n "auto_rotate_key_size": <key_size>,\n "auto_rotate_enable_key": <boolean>\n}' --compressed
Here, {id} represents the key ID.
Request Parameter
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| auto_rotate_key_source | string | Source of the key material. Possible options are: • native • hsm-luna (FM-enabled Luna HSM is not supported as a key source) • dsm • external-cm • ciphertrust |
| auto_rotate_partition_id | string | ID of the partition in which the Luna HSM key will be created. |
| auto_rotate_domain_id | string | ID of the DSM domain in which the key will be created. |
| auto_rotate_external_cm_domain_id | string | ID of the external CipherTrust Manager domain in which the external CipherTrust Manager key will be created. |
| auto_rotate_key_type | string | Algorithm for the key. Possible options are: • EC - "Soft" Elliptic Curve key. • EC-HSM - "Hard" Elliptic Curve key (only for premium key vaults). • RSA: "Soft" RSA key. • RSA-HSM: "Hard" RSA key (only for premium key vaults). |
| job_config_id | string | Id of the scheduler job that will perform key rotation. |
| auto_rotate_ec_name | string | Name of the Elliptical curve key. Required only when key_type=EC. Possible options are: • P-256 • P-384 • P-521 • SECP256K1 |
| auto_rotate_enable_key | boolean | Flag to enable the newly rotated key. |
| auto_rotate_key_size | integer | Size of the new rotated key. Required only when key_type=RSA. Possible options are: •2048 • 3072 • 4096 |
| auto_rotate_release_policy | JSON | New key release policy for the exportable keys. |
Example Request
curl -k 'https://54.175.71.61/api/v1/cckm/azure/keys/45b35f7b-b7b7-416c-a29c-4568d354fd2c/enable-rotation-job' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1NjlmZTIyMy0zZGM2LTRhZDctYjE5YS1lYjFlZTY4MDBlMzUiLCJzdWIiOiJsb2NhbHxjNjc2ZGM1Zi1iMjNjLTQ4ODgtYTZmYi05MjMwNWU3MDdkNDMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiYTlhZmY2ZGMtYTdjYy00NmJiLThiYTUtMDg3OWViZGRiZTA1Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImQ3MDY1MDhiLTllYWYtNDQ0Mi04MGY4LWM4NTA2ODBlOWUyZCIsImlhdCI6MTYwMzEwNDA4NCwiZXhwIjoxNjAzMTA0Mzg0fQ.Kp-X2Y9cb_PSJtIasz_krM6wip4s8_LTu7ozPJZ_2Hs' -H 'Content-Type: application/json' --data-binary $'{\n "job_config_id": "c7cd8d4c-6ef5-4de5-b107-2054160abb3a",\n "auto_rotate_key_source": "native",\n "auto_rotate_key_type": "RSA",\n "auto_rotate_key_size": 2048,\n "auto_rotate_enable_key": true\n}' --compressed
Example Response
{
"id": "45b35f7b-b7b7-416c-a29c-4568d354fd2c",
"uri": "kylo:kylo:cckm:azure-key:45b35f7b-b7b7-416c-a29c-4568d354fd2c",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-10-19T06:10:52.784557Z",
"updatedAt": "2020-10-19T07:04:16.520845Z",
"key_vault": "key-vault-softkeys::260ecbe7-777b-4d3c-84ea-887620498863",
"key_vault_id": "da2e6bb6-845c-4a3a-8c10-831065f6e855",
"region": "northcentralus",
"deleted": false,
"backup_at": "2020-10-19T06:10:40.371055Z",
"soft_delete_enabled": true,
"key_soft_deleted_in_azure": false,
"status": "ACTIVE",
"syncedAt": "2020-10-19T05:28:32Z",
"created_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"modified_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"version": "927bb136b2674414ac65a90660703f4f",
"key_size": 2048,
"backup": "701e44d020d44689b97c26a5de3cd6a5a05a91f8f7bd4b63998e423ef6f1b668",
"key_name": "newTestKey2048",
"cloud_name": "AzureCloud",
"azure_param": {
"key": {
"kid": "https://key-vault-softkeys.vault.azure.net/keys/newTestKey2048/927bb136b2674414ac65a90660703f4f",
"kty": "RSA",
"key_ops": [
"encrypt",
"decrypt",
"sign",
"verify",
"wrapKey",
"unwrapKey"
],
"n": "2kZsxVk8RHI5UIBm0v-LKTm3pm_jbLOqFcUe7dnYoaKXCp2XHfBad0jVu-oM8C5k8Ka_K5cVT9OQrtnfR_RptAL6SvtWzuUXiMgasovvX_Kc5cA54UtnuNO3-bHeijVWfH2VosGlf5PT0tB_nf8CAQplbWG3374YRozjxS5Ds22KSDbtli0CZiGL6v1jtBm24D-Y64PVHOBVejLDM6YesCSO1XkdMAgm7DItO04YmDoxOJcbfxLsmYN_HYvMKbqVAU4P1EeIEFmKAJ-7PbScfnW2mfAY_wTN1pe7GIfHpY1d1JoP96acYrj1k7sLuG5ZzXMEEHG711ayWVfANHJJQw",
"e": "AAAAAAABAAE"
},
"attributes": {
"recoveryLevel": "CustomizedRecoverable+Purgeable",
"enabled": true,
"created": 1603085312,
"updated": 1603085312
}
},
"azure_created_at": "2020-10-19T05:28:32Z",
"azure_updated_at": "2020-10-19T05:28:32Z",
"tenant": "d27d849e-e487-4b0e-a54c-a71e67687d10",
"labels": {
"auto_rotate_enable_key": true,
"auto_rotate_key_size": 2048,
"auto_rotate_key_source": "native",
"auto_rotate_key_type": "RSA",
"job_config_id": "c7cd8d4c-6ef5-4de5-b107-2054160abb3a"
},
"key_material_origin": "unknown",
"gone": false,
"version_count": 2
}
The sample output shows that the key (with ID 45b35f7b-b7b7-416c-a29c-4568d354fd2c) is enabled for the scheduled key rotation.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
