Creating OCI Keys
Use the post /v1/cckm/oci/keys API to create an OCI key. Specify the following details.
ID of the vault where the key needs to be created
Name for the key
Algorithm of the key
Length of the key
Protection mode of the key
Syntax
curl -k '<IP>/api/v1/cckm/oci/keys' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "vault": "<vault-id>",\n "name": "<key-name>",\n "algorithm": "<algorithm>",\n "compartment_id": "<compartment-id>",\n "length": <key-length>,\n "protection_mode": "<protection-mode>"\n}' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authentication token. |
| algorithm | string | Algorithm of the key. Possible values are: • AES • RSA • ECDSA |
| compartment_id | string | ID of the Oracle compartment where the key vault resides. |
| length | integer | Length of the key. |
| name | string | Name for the key. |
| protection_mode | string | Protection mode of the key. A protection mode specifies where your Master Encryption Keys (MEKs) are stored and processed - either in the HSM or in the SOFTWARE. |
| vault | string | ID of the OCI vault where the key is to be created. |
| curve_id | string | Elliptic curve to be used to create the key. Possible values are: • NIST_P256 • NIST_P384 • NIST_P521 |
| description | string | Description of the key. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/keys' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIxYzU1ZWY0Yi01MThjLTQ5ZmMtODRmMy1mYjk4MGY4YTQ3ODQiLCJzdWIiOiJsb2NhbHwyZjBmZWViNC02MjkwLTQ4ZWQtYmU1Yy0wYmU4NTVkMzE4NzMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiODU3ZDEyYjItNjljZi00OWY1LThkYjktMjI0NWMwODNiODg5Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjA5NDkyNWY3LTQ2YmEtNDdmMS1iNjU4LTE5N2Y0MDQ3NzI0OSIsImlhdCI6MTY0Mzg2MTkxMSwiZXhwIjoxNjQzODYyMjExfQ.qEBd5wJRHPFccILPrdondnSkRNbOwXSYk9Aj4YYE5mg' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "vault": "5e9ee2f1-1b90-4b7d-b319-2b0848e78e75",\n "name": "TestOciKeypkv",\n "algorithm": "AES",\n "compartment_id": "ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audpd4d4mcf5zluymff6sq",\n "length": 32,\n "protection_mode": "SOFTWARE"\n}' --compressed
Example Response
{
"id": "90671f17-28ff-4f93-86dc-ff08983469e7",
"uri": "kylo:kylo:cckm:oci-key:testocikeypkv-90671f17-28ff-4f93-86dc-ff08983469e7",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-02-03T04:19:01.876713568Z",
"updatedAt": "2022-02-03T04:19:01.87483604Z",
"cloud_name": "oci",
"vault_id": "5e9ee2f1-1b90-4b7d-b319-2b0848e78e75",
"tenancy": "gemaltoproductdev",
"region": "us-ashburn-1",
"key_material_origin": "native",
"oci_params": {
"compartment_id": "ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audpd4d4mcf5zluymff6sq",
"current_key_version": "ocid1.keyversion.oc1.iad.b5q6uxdhaahdg.avevmh5vpnaaa.abuwcljtj23rs56toawxq7tsfu2w5wsg3j7sh72yqdej2dr4hwb5lrnf7tna",
"display_name": "TestOciKeypkv",
"key_id": "ocid1.key.oc1.iad.b5q6uxdhaahdg.abuwcljt5pb3bx4orok7zf7nz5buojyovsqi45jvhhuc2cpqh4vglo5zsuaa",
"algorithm": "AES",
"length": 32,
"lifecycle_state": "CREATING",
"time_created": "2022-02-03T04:19:01.547Z",
"vault_name": "cckmqa-automation",
"defined_tags": {},
"freeform_tags": {},
"protection_mode": "SOFTWARE",
"is_primary": true
}
}
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
