Fetching OCI Keys
Use the get /v1/cckm/oci/keys API to view the list of OCI keys. The results can be filtered using the query parameters.
Syntax
curl -k '<IP>/api/v1/cckm/oci/keys?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer AUTHTOKEN' -H 'accept: application/json' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authentication token. |
Request Query Parameters
| Parameter | Type | Description |
|---|---|---|
| id | string | Internal ID of the OCI key. |
| key_name | string | Name of the OCI key. |
| algorithm | string | Algorithm of the OCI key. |
| length | integer | Length of the OCI key. |
| key_id | string | ID of the OCI key. |
| vault_name | string | OCI vault where the key resides. |
| protection_mode | string | Protection mode of the key - HSM or SOFTWARE. |
| job_config_id | string | ID of the scheduler job that will perform key rotation. |
| lifecycle_state | string | Key state in its lifecycle. Possible states are: • CREATING • UPDATING • CANCELLING_DELETION • PENDING_DELETION • ENABLING • DISABLING |
| tenancy | string | Name of the OCI tenancy. |
| compartment_name | string | Name of the OCI compartment. |
| vault_id | string | ID of the OCI vault. |
| cckm_vault_id | string | ID of the CCKM vault. |
| curve_id | string | Elliptic curve to be used to fetch the keys. Possible values are: • NIST_P256 • NIST_P384 • NIST_P521 |
| gone | string | Fetches the key based on their existence in the cloud. |
| region | string | Fetches the key by the Region (location). |
| local_hyok_key_id | string | ID of the local OCI HYOK key. |
| local_hyok_key_version_id | string | ID of the local OCI HYOK key version. |
| local_key_store_id | string | ID of the local OCI key store. |
| linked_state | boolean | Filter the results by the status of the link between CCKM and OCI Keys. |
| key_material_origin | string | The source of the key material. The origin of the key can be: • cckm: Key material is created on CCKM. • native: Key material is created on the OCI cloud. • unknown: Source of the key material is unknown. It is different than CCKM and the native cloud. |
| blocked | boolean | This field indicates whether the OCI key is blocked. The default is false. |
| state | string | State of the OCI key. |
| skip | integer | Number of records to skip. For example, if "skip":5 is specified, the first five records will not be displayed in the output. |
| limit | integer | Numbers of records to display. For example, if "limit":10 is specified, then the next 10 records (after skipping the number of records specified in the skip parameter) will be displayed in the output. |
| sort | string | Comma-delimited list of properties to sort the results. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/keys?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIxYzU1ZWY0Yi01MThjLTQ5ZmMtODRmMy1mYjk4MGY4YTQ3ODQiLCJzdWIiOiJsb2NhbHwyZjBmZWViNC02MjkwLTQ4ZWQtYmU1Yy0wYmU4NTVkMzE4NzMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiODU3ZDEyYjItNjljZi00OWY1LThkYjktMjI0NWMwODNiODg5Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjA5NDkyNWY3LTQ2YmEtNDdmMS1iNjU4LTE5N2Y0MDQ3NzI0OSIsImlhdCI6MTY0Mzg2MTkxMSwiZXhwIjoxNjQzODYyMjExfQ.qEBd5wJRHPFccILPrdondnSkRNbOwXSYk9Aj4YYE5mg' -H 'accept: application/json' --compressed
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "90671f17-28ff-4f93-86dc-ff08983469e7",
"uri": "kylo:kylo:cckm:oci-key:testocikeypkv-90671f17-28ff-4f93-86dc-ff08983469e7",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-02-03T04:19:01.876714Z",
"updatedAt": "2022-02-03T04:20:05.98142Z",
"vault_id": "5e9ee2f1-1b90-4b7d-b319-2b0848e78e75",
"tenancy": "gemaltoproductdev",
"region": "us-ashburn-1",
"key_material_origin": "native",
"refreshed_at": "2022-02-03T04:19:41.875578Z",
"oci_params": {
"compartment_id": "ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audpd4d4mcf5zluymff6sq",
"current_key_version": "ocid1.keyversion.oc1.iad.b5q6uxdhaahdg.avevmh5vpnaaa.abuwcljtj23rs56toawxq7tsfu2w5wsg3j7sh72yqdej2dr4hwb5lrnf7tna",
"display_name": "TestOciKeypkv",
"key_id": "ocid1.key.oc1.iad.b5q6uxdhaahdg.abuwcljt5pb3bx4orok7zf7nz5buojyovsqi45jvhhuc2cpqh4vglo5zsuaa",
"algorithm": "AES",
"length": 32,
"lifecycle_state": "CREATING",
"time_created": "2022-02-03T04:19:01.547Z",
"vault_name": "cckmqa-automation",
"defined_tags": {},
"freeform_tags": {},
"protection_mode": "SOFTWARE",
"is_primary": true
}
}
]
}
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
