Uploading Keys to OCI
Use the post /v1/cckm/oci/upload-key API to upload a key from a key source to an OCI vault. Specify the following details.
ID of the vault where the key needs to be uploaded.
Key parameters such as description, protection mode, and name etc.
Source key tier.
Source key identifier of the key to be uploaded from a key source.
Supported key algorithms and sizes.
CM (AES128, AES192, AES256, RSA2048, RSA3072, RSA4096)
DSM (AES128, AES256, RSA2048, RSA3072, RSA4096)
HSM LUNA (AES128, AES192, AES256, RSA2048, RSA3072, RSA4096)
Syntax
curl -k '<IP>/api/v1/cckm/oci/upload-key' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "compartment_id": "<compartment-id>",\n "source_key_identifier": "<source-key-identifier>",\n "source_key_tier": "<source-key-tier>",\n "vault": "oci-vault-id",\n "name": "<key-name>",\n "protection_mode": "<HSM|SOFTWARE>"\n}' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| compartment_id | string | ID of the Oracle compartment where the key vault resides. |
| name | string | Name for the key. |
| protection_mode | string | Protection mode of the key. A protection mode specifies where your Master Encryption Keys (MEKs) are stored and processed - either in the HSM or in the SOFTWARE. |
| source_key_identifier | string | ID of the key that will be uploaded from a key source to OCI. |
| source_key_tier | string | Key source from where the key will be uploaded. The options are: • local for the CipherTrust Manager (default)• dsm for the Data Security Manager• hsm-luna for Luna HSM (FM-enabled Luna HSM is not supported as a key source)• external-cm for the external CipherTrust Manager |
| vault | string | ID of the OCI vault where the key is to be created. |
| defined_tags (optional) | array of strings | Defined tags for the key. A tag consists of a namespace, key, and value. |
| freeform_tags (optional) | array of strings | Freeform tags for the key. A freeform tag is a simple key-value pair with no predefined name, type, or namespace. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/upload-key' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIxYzU1ZWY0Yi01MThjLTQ5ZmMtODRmMy1mYjk4MGY4YTQ3ODQiLCJzdWIiOiJsb2NhbHwyZjBmZWViNC02MjkwLTQ4ZWQtYmU1Yy0wYmU4NTVkMzE4NzMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiODU3ZDEyYjItNjljZi00OWY1LThkYjktMjI0NWMwODNiODg5Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjQ4MGI4NmU0LWI2NTgtNGE3OC05N2NkLTk1OWY0OWNmMmM0NSIsImlhdCI6MTY0Mzg2MzU2MywiZXhwIjoxNjQzODYzODYzfQ.RQ3jtVuxiPWCxM6SNC9GEzfq0mmMvO-efLgq8BeA95k' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "source_key_identifier": "8ad3eeb3ce184a9897fb1b8204f7e6958b6184d189734279af002ab494ab17f5",\n "compartment_id": "ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audpd4d4mcf5zluymff6sq",\n "source_key_tier": "local",\n "vault": "39166a6e-a6ae-4e6f-9c14-ec0b423fd306",\n "name": "KeyUploadpkv",\n "protection_mode": "SOFTWARE"\n}' --compressed
Example Response
{
"id": "ae15ab65-b579-4cee-a9fa-3926bd3b3d19",
"uri": "kylo:kylo:cckm:oci-key:ae15ab65-b579-4cee-a9fa-3926bd3b3d19",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-02-03T04:51:03.036036548Z",
"updatedAt": "2022-02-03T04:51:03.034873002Z",
"cloud_name": "oci",
"vault_id": "39166a6e-a6ae-4e6f-9c14-ec0b423fd306",
"tenancy": "gemaltoproductdev",
"region": "us-ashburn-1",
"key_material_origin": "cckm",
"oci_params": {
"compartment_id": "ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audpd4d4mcf5zluymff6sq",
"current_key_version": "ocid1.keyversion.oc1.iad.bzq26sunaaeuk.avaimh5v6mqaa.abuwcljs52vmu6pjycqvenhiv2a5gsjkkkkspei3veo3w3vmf7syghkerrga",
"display_name": "KeyUploadpkv",
"key_id": "ocid1.key.oc1.iad.bzq26sunaaeuk.abuwcljs3pnuin2f2kpy3glyl6erdzpon2xssiqdy6hgksvinwgynrkj2dda",
"algorithm": "AES",
"length": 32,
"lifecycle_state": "CREATING",
"time_created": "2022-02-03T04:51:01.728Z",
"vault_name": "CCKM-Testing",
"defined_tags": {},
"freeform_tags": {},
"protection_mode": "SOFTWARE",
"is_primary": true
}
}
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
