Key Templates
The CipherTrust Manager provides the support of templates for creating Keys. This template is used to specify the attributes of a key for various operations. Attributes (key_attributes) specified in a template are applied to all the keys that reference the template by a name.
Note
Members only of
adminandKey Adminsgroups are allowed to create templates.Members of
Key UsersandRestricted Key Usersgroups can only read templates.
Note
Currently, templates are not included in domain or partial domain backup. Only option is for customer to re-create them in case of disaster recovery.
Managing templates
The following operations can be performed on templates:
Create templates
Get template
list templates
Update template
Delete templates
Creating templates
To create a template:
Syntax
ksctl templates create --name <name> --description <description> --labels <comma-separated-key:value> --meta <comma-separated-key:value>--key_attributes <comma-separated-key:value>
Here,
name- name of template.description- description of template.labels- key/value pairs to group templates.meta- end-user/service data defined in the template.key_attributes- attributes of a key defined the template.
Example Request
ksctl templates create --name 'Test Template New' --desc 'Symmetric' --labels 'sale=HR' --meta '{ "color":"Red"}' --key_attributes '{ "algorithm": "AES", "size": 256 }'
Example Response
{
"id": "211d1451-5280-491b-ae17-00543bfaa32a",
"uri": "kylo:kylo:vault:templates:test-template-new-211d1451-5280-491b-ae17-00543bfaa32a",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2024-05-01T10:16:21.486296Z",
"updatedAt": "2024-05-01T10:16:21.486296Z",
"name": "Test Template New",
"description": "Symmetric",
"meta": {
"color": "Red"
},
"labels": {
"sale": "HR"
},
"key_attributes": {
"algorithm": "AES",
"size": 256
}
}
Getting details of templates
To get detail of a template:
Syntax
ksctl templates get --id <name/ID-of-a-template>
Example Request
ksctl templates get --id "211d1451-5280-491b-ae17-00543bfaa32a"
Example Response
{
"id": "211d1451-5280-491b-ae17-00543bfaa32a",
"uri": "kylo:kylo:vault:templates:test-template-new-211d1451-5280-491b-ae17-00543bfaa32a",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2024-05-01T10:16:21.486296Z",
"updatedAt": "2024-05-01T10:16:21.486296Z",
"name": "Test Template New",
"description": "Symmetric",
"meta": {
"color": "Red"
},
"labels": {
"sale": "HR"
},
"key_attributes": {
"size": 256,
"algorithm": "AES"
}
}
Getting list of templates
To fetch a list of template:
Syntax
ksctl templates list --labels-query <query-filter>
Here, labels-query filters results that match label selector expressions. Multiple values are logically ANDed.
Example Request
ksctl templates list --labels-query "team=HR"
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "8d6dd37a-1183-4e92-8c5f-5ba3d4714c41",
"uri": "kylo:kylo:vault:templates:8d6dd37a-1183-4e92-8c5f-5ba3d4714c41",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2024-05-01T07:17:26.836585Z",
"updatedAt": "2024-05-01T07:43:13.092583Z",
"name": "tp-8d6dd37a-1183-4e92-8c5f-5ba3d4714c41",
"description": "test template create",
"meta": {
"color": "red"
},
"labels": {
"team": "HR"
},
"key_attributes": {
"meta": {
"cte": {
"cte_versioned": false,
"encryption_mode": "CBC",
"unique_to_client": true,
"persistent_on_client": true
},
"kmip": {
"custom": [
{
"type": "TextString",
"x-attr1": "test_12"
},
{
"type": "TextString",
"x-attr2": "test_13"
}
],
"alternative_names": [],
"app_specific_info": [
{
"application_data": "thalesdocs",
"application_namespace": "namespace"
},
{
"application_data": "thalesdocs_ew",
"application_namespace": "namespace_1"
}
],
"contact_information": "Thales"
},
"versionedKey": true,
"customAttributes": [
{
"name": "x-nae-attr",
"value": "test"
}
]
},
"size": 256,
"algorithm": "AES"
}
}
]
}
Updating templates
To update a template:
Syntax
ksctl templates update --id <template id> --name <name> --description <description> --labels <comma-separated-key:value> --meta <comma-separated-key:value> --key_attributes <comma-separated-key:value>
Here,
name- name of template.description- description of template.labels- key/value pairs to group templates.meta- end-user/service data defined in the template.key_attributes- attributes of a key defined the template.
Example Request
ksctl templates update --id "211d1451-5280-491b-ae17-00543bfaa32a" --key_attributes '{ "algorithm": "AES", "size": 256, "objectType": "Symmetric Key", "format": "raw" }'
Example Response
{
"id": "211d1451-5280-491b-ae17-00543bfaa32a",
"uri": "kylo:kylo:vault:templates:test-template-new-211d1451-5280-491b-ae17-00543bfaa32a",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2024-05-01T10:16:21.486296Z",
"updatedAt": "2024-05-01T10:18:46.321065Z",
"name": "Test Template New",
"description": "Symmetric",
"meta": {
"color": "Red"
},
"labels": {
"sale": "HR"
},
"key_attributes": {
"algorithm": "AES",
"size": 256,
"objectType": "Symmetric Key",
"format": "raw"
}
}
Deleting templates
To delete a template:
Syntax
ksctl templates delete --id <id/name>
Example Request
ksctl templates delete --id "8d6dd37a-1183-4e92-8c5f-5ba3d4714c41"
Example Response
There will be no response if template is deleted successfully.
