Adding OCI Key Version
Use the post /v1/cckm/oci/keys/{id}/versions
API to add a new version to the OCI key. Specify whether the version will be created natively on OCI or uploaded from an external key source.
Note
While uploading RSA key versions, if the Protection Mode is HSM, OCI shows the key version Source as Internal instead of External. This is an OCI issue, and not related to CCKM.
Syntax
curl -k '<IP>/api/v1/cckm/oci/keys/{id}/versions' -X POST -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n \n "is_native": true\n}' --compressed
Here, {id}
is the resource ID of the OCI key.
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authentication token. |
is_native | boolean | Whether the key version will be created natively or uploaded from a key source. Set to true for a native key, false for a key source. |
source_key_identifier | string | ID of the key that will be uploaded from a key source to OCI. |
source_key_tier | string | Key source from where the key will be uploaded. The options are: • local for the CipherTrust Manager• dsm for the Data Security Manager• hsm-luna for Luna HSM (FM-enabled Luna HSM is not supported as a key source)The default tier is local . |
Note
When is_native
is set to true
, then source_key_identifier
and source_key_tier
are not required.
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/keys/69f02b1d-c7c7-45fb-84e3-7d2f86a3f60b/versions' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIxYzU1ZWY0Yi01MThjLTQ5ZmMtODRmMy1mYjk4MGY4YTQ3ODQiLCJzdWIiOiJsb2NhbHwyZjBmZWViNC02MjkwLTQ4ZWQtYmU1Yy0wYmU4NTVkMzE4NzMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiODU3ZDEyYjItNjljZi00OWY1LThkYjktMjI0NWMwODNiODg5Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjBjYTM2YTI5LWUyYzktNDkyZi05YjE3LTIwODM2MDIyNWVjOSIsImlhdCI6MTY0Mzg2Mzg4MywiZXhwIjoxNjQzODY0MTgzfQ.lcwHs7FhSH3oe32vWdyShTvsTGLrmO5WIFvMdu_l-wo' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n \n "is_native": true\n}' --compressed
Example Response
{
"id": "ec7acd24-bbe7-40c1-9c66-efb4467559c9",
"uri": "kylo:kylo:cckm:oci-key-version:ec7acd24-bbe7-40c1-9c66-efb4467559c9",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-02-03T04:51:54.435551104Z",
"updatedAt": "2022-02-03T04:51:54.434169972Z",
"key_material_origin": "native",
"gone": false,
"oci_key_version_params": {
"compartment_id": "ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audpd4d4mcf5zluymff6sq",
"version_id": "ocid1.keyversion.oc1.iad.b5q6uxdhaahdg.avaimh5v62iaa.abuwcljstdcbcw2rpy56v5m55t5ygq4xucitd6wdqrmk4dazymr2zya7zabq",
"key_id": "ocid1.key.oc1.iad.b5q6uxdhaahdg.abuwcljrbluqjkyywbhoho652oxrngjibgq5yhtxbeonszmmj7g4zgj4efma",
"time_created": "2022-02-03T04:51:54.139Z",
"vault_id": "ocid1.vault.oc1.iad.b5q6uxdhaahdg.abuwcljs6qwagycytfmnryece3u55fswvaioqfeozixgt5if5f354umdamdq",
"lifecycle_state": "CREATING",
"origin": "INTERNAL",
"is_primary": true
}
}
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.