Creating an External vault
Use the post /v1/cckm/oci/create-external-vault API to create an external vault.
Syntax
curl -k 'https://127.0.0.1/api/v1/cckm/oci/create-external-vault' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "vault_name": <vault_name>,\n "endpoint_url_hostname": <endpoint_url_hostname>,\n "compartment_id": <compartment_id>,\n "issuer_id": <issuer_id>,\n "client_application_id": <client_application_id>\n}' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authentication token. |
| compartment_id | string | ID of the Oracle compartment. |
| endpoint_url_hostname | string | IP address of the CipherTrust Manager or Load Balancer. FQDNs are not supported. |
| endpoint_url_port | integer | Port number for the OCI external vault endpoint URL. Specify the port of the CipherTrust Manager or Load Balancer. The default port is 443. |
| issuer_id | string | ID of the issuer. |
| client_application_id | string | ID of the OCI KMS application as registered on the third-party identity provider. |
| vault_name | string | Name of the external vault. |
| connection | string | Name or ID of the Oracle connection on the CipherTrust Manager. |
| source_key_tier | string | Tier of the source. Specify the type of key source allowed in the vault. Possible option is local (CipherTrust Manager).If the source_key_tier is not specified, you can create local keys in the vault. |
| policy | string | Rego policy to be associated with the vault. |
| endpoint_url_port (optional) | integer | Port-Number for the OCI external vault endpoint URL. The default port is 443. |
| partition_id (optional) | string | Partition ID of the Luna slot. It is required, if 'hsm-luna' is selected as source_key_tier. |
| tenancy (optional) | string | Name of the OCI tenancy. It is required, if the connection is not provided. |
Example Request
curl -k 'https://52.86.120.81/api/v1/cckm/oci/create-external-vault' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "vault_name": "oci-external-vault-one",\n "endpoint_url_hostname": "localhost",\n "compartment_id": "ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audgd4dt4mcf6zluymff6sq",\n "issuer_id": "95e0d83c-c408-42c7-b3f2-c86cd6bcda51",\n "client_application_id": "kco-5e0d83c-c408-42c7-b3f2-c86cd6bcda56"\n}' --compressed
Example Response
{
"id": "37900289-47cf-4172-91c5-7ea6cb87c4b7",
"uri": "kylo:kylo:cckm:oci-vault:37900289-47cf-4172-91c5-7ea6cb87c4b7",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-06-27T08:50:28.011605208Z",
"updatedAt": "0001-01-01T00:00:00Z",
"vault_name": "oci-external-vault-one",
"connection": "oci-connection",
"endpoint_url_hostname": "localhost",
"compartment_id": "ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audgd4dt4mcf6zluymff6sq",
"issuer_id": "95e0d83c-c408-42c7-b3f2-c86cd6bcda51",
"client_application_id": "kco-5e0d83c-c408-42c7-b3f2-c86cd6bcda56",
"time_created": "2022-02-28T23:18:12.263Z",
"compartment_name": "tenancy",
"endpoint_url": "https://localhost/api/v1/cckm/oci/external-vaults/65e0d83c-c408-42c7-b3f2-c86cd6bcda51",
"local_key_store_id": "65e0d83c-c408-42c7-b3f2-c86cd6bcda51",
"linked_state": false,
"cloud_name": "oci",
"external_vault_type": "local",
"tenancy": "tenancy"
}
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
