Updating a Google Cloud Key
Use the patch /v1/cckm/google/keys/{id} API to update the attributes of a Google Cloud key with the given ID.
For symmetric keys, you can update
primary_version,next_rotation_time,rotation_period, andlabels.For asymmetric keys, you can update
version_template_algorithmandlabels.
Syntax
curl -k '<IP>/api/v1/cckm/google/keys/{id}' -X PATCH -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "primary_version": "<primary_version>",\n "next_rotation_time": "<next_rotation_time>",\n "rotation_period": "<rotation_period>",\n "labels": {"<label-key>": "<label-value>"},\n "version_template_algorithm": "<version_template_algorithm>"\n}' --compressed
Here, {id} represents the resource ID of the Google Cloud key on the CipherTrust Manager. The resource id is different than key_id.
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| labels | string of JSON | Labels (tags) attached to the Google Cloud key in the form of key-value JSON pairs, for example, "isakey": "yes". For Google label requirements, refer to [Labeling keys |
| next_rotation_time | string | (Symmetric keys only) Time when the Google Cloud key will be automatically rotated by Google Cloud KMS (symmetric key only). The time must be in the RFC3339 format, for example, "2022-07-31T17:18:37.085Z". |
| primary_version_id | string | (Symmetric keys only) Version number of the new primary version for the Google Cloud key. Set the primary version from the existing versions of a Google Cloud key. A Google Cloud key has multiple versions, but a symmetric key can have at most one primary key version. The primary key version is used to encrypt data if you do not specify a key version. Asymmetric keys do not have primary versions; you must specify the version when using the key. |
| rotation_period | string | (Symmetric keys only) Frequency at which the Google Cloud key will be automatically rotated by Google Cloud KMS. The frequency must be in the format "<duration>s", that is, duration in seconds terminated by s, for example, "360000s". |
| version_template_algorithm | string | (Asymmetric keys only) Algorithm for the asymmetric Google Cloud key. The supported algorithms are: • RSA_SIGN_PSS_2048_SHA256 • RSA_SIGN_PSS_3072_SHA256 • RSA_SIGN_PSS_4096_SHA256 • RSA_SIGN_PSS_4096_SHA512 • RSA_SIGN_PKCS1_2048_SHA256 • RSA_SIGN_PKCS1_3072_SHA256 • RSA_SIGN_PKCS1_4096_SHA256 • RSA_SIGN_PKCS1_4096_SHA512 • RSA_DECRYPT_OAEP_2048_SHA256 • RSA_DECRYPT_OAEP_3072_SHA256 • RSA_DECRYPT_OAEP_4096_SHA256 • RSA_DECRYPT_OAEP_4096_SHA512 • EC_SIGN_P256_SHA256 • EC_SIGN_P384_SHA384 • EC_SIGN_SECP256K1_SHA256 (Only for protection level, HSM) • GOOGLE_SYMMETRIC_ENCRYPTION • HMAC_SHA256 Algorithm of a symmetric Google Cloud key cannot be changed. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/google/keys/2f18eade-2fd9-4c48-85f7-550107729299' -X PATCH -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI0MmFmZDExNy02YzllLTRhNGUtOTAwYS1lYjlhNDNjYWE5ZDIiLCJzdWIiOiJsb2NhbHwzMTI5ODdkMS0wOWNiLTQxZTEtOThmNy1jZjRhNzgwNTZiMTMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNDVmOWE3NWUtMzI1NC00NWJkLWE0NzYtOWU2NWUyNjdmNGVkIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjdiYzNkOWM4LWRiYTQtNDVmMy05YWNiLWI3NGM2MzQyYzYyMCIsImlhdCI6MTYxNDc1MTg1MSwiZXhwIjoxNjE0NzUyMTUxfQ.ahdxfM7-WA4u7sotHy6qelc9MkoZytst7oZWsvE7Cr0' -H 'Content-Type: application/json' --data-binary $'{\n "primary_version": "",\n "next_rotation_time": "",\n "rotation_period": "",\n "labels": {},\n "version_template_algorithm": "RSA_DECRYPT_OAEP_4096_SHA512"\n}' --compressed
Example Response
{
"id": "2f18eade-2fd9-4c48-85f7-550107729299",
"uri": "kylo:kylo:cckm:gcp-keys:3bb59aca-8969-4a85-adca-12e661327dd0",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-05-05T03:06:13.442981Z",
"updatedAt": "2021-05-05T06:11:03.368388982Z",
"cloud_name": "gcp",
"key_id": "TestKey2",
"project_id": "gemalto-kyloeng",
"location_id": "global",
"key_ring_id": "cckm",
"key_ring_name": "projects/gemalto-kyloeng/locations/global/keyRings/demo-key-ring",
"gone": false,
"auto_rotate": false,
"status": "AVAILABLE",
"gcp_params": {
"name": "projects/gemalto-kyloeng/locations/global/keyRings/demo-key-ring/cryptoKeys/TestKey2",
"primary": "",
"createTime": "2021-05-05T03:06:14.289985Z",
"purpose": "ASYMMETRIC_DECRYPT",
"next_rotation_time": null,
"protectionLevel": "SOFTWARE",
"algorithm": "RSA_DECRYPT_OAEP_4096_SHA512"
}
}
The sample output displays the list of Google Cloud key rings based on the specified Google Cloud connection, location, and project ID.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
