Creating an External Key
Use the post /v1/cckm/oci/create-external-key
API to create an external key in an external vault. This API only supports AES-256 keys.
Note
CCKM doesn't support FM-enabled Luna HSM as a key source.
Syntax
curl -k 'https://127.0.0.1/api/v1/cckm/oci/create-external-key' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI4OGM3NDY4YS0yMDFhLTQ3ODktYjVlZS00NzZiZDcyZDU0OGQiLCJzdWIiOiJsb2NhbHxhN2IxNDI1Ni04YzU2LTQ1MzUtOGMyMi04ZDI3OTI5MjMwNDMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiYzZjMDg1MDAtMDQwYy00ZDEyLWFmNDgtNTdmNmVhYWUwNDk2Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjdiMjVlOWY0LWM3MDQtNGRiOS04OWM2LWU1ZGRjZTZkZWVlNiIsImlhdCI6MTY2NzM3ODcwNywiZXhwIjoxNjY3Mzc5MDA3fQ.CjWDMMN8kX2C2W6zViIckjHo0Ptcx9zqlT2fModbRx0' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "vault": <vault_name>,\n "name": <key_name>,\n "source_key_tier": <source_key_tier>,\n "source_key_identifier": <source_key_identifier>\n}' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
name | string | Name for the external key. |
vault | string | Resource ID of the external vault on the CipherTrust Manager. The external key will be created in this external vault. |
source_key_tier | string | Tier of the source is local . |
source_key_identifier | string | ID of the key that will be uploaded from a key source to the OCI KMS. • If source_key_tier is local (CipherTrust Manager), this is the ID of the CipherTrust Manager key to be uploaded.source_key_identifier is a mandatory parameter. |
policy | string | Rego policy to be associated with the external key. |
Example Request
curl -k 'https://52.86.120.81/api/v1/cckm/oci/create-external-key' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "vault": "cac0dc79-de8a-4cde-a5f3-84c1b42b637e",\n "name": "oci-external-key-one"\n}' --compressed
Example Response
{
"id": "c10f3299-53e6-438e-b580-9aab5e7c1a41",
"uri": "kylo:kylo:cckm:oci-key:dfsfd-c10f3299-53e6-438e-b580-9aab51234567",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-10-20T09:30:08.737979Z",
"updatedAt": "2022-10-20T09:30:08.73646Z",
"cloud_name": "oci",
"cckm_vault_id": "dfdd7c99-255b-424f-a869-72656abd41d3",
"tenancy": "gemaltoproductdev",
"compartment_name": "gemaltoproductdev",
"key_material_origin": "external-CCKM",
"gone": false,
"oci_params": {
"compartment_id": "ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audpd4d4mcf5123456",
"algorithm": "AES",
"length": 256
},
"local_hyok_key_params": {
"name": "test",
"local_key_store_id": "11534a45-f16f-4ea6-9e8d-da0256064200",
"local_hyok_key_id": "6b125241-8f73-4ca9-9230-4e3802aace72",
"local_hyok_key_version_id": "75946b9e-e8a5-4ee4-a12c-a0aa1f5d32be",
"linked_state": false,
"blocked": false,
"policy": null
}
}
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.