Synchronizing AWS Keys
Use the post /v1/cckm/aws/synchronization-jobs
API to download the keys created on the AWS KMS to the CCKM based on the KMS name and regions. If any region is not specified, then the AWS keys from all the regions will be synchronized.
Syntax
curl -k '<IP>/api/v1/cckm/aws/synchronization-jobs' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "kms": ["<kms_identifier>"],\n "regions": ["<region>"]\n}' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
kms | array of strings | Name or ID of the KMS from which the AWS keys will be synchronized. |
regions | array of strings | Regions from which the AWS keys will be synchronized. |
synchronize_all | boolean | Set to true to synchronize all keys from all KMS and regions. |
Note
The synchronize_all
and kms
, regions
parameters are mutually exclusive. Specify either synchronize_all
or kms
and regions
.
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/aws/synchronization-jobs' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJjNWMwZGJlNC1lMmJmLTQ3M2MtODY4MC01NWVkMWIzMDEzMmEiLCJzdWIiOiJsb2NhbHxhNjdjMzc0OC05YTRiLTRhZGQtYjNkOS0wNTRiYTIwYmUzYWMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMDhkNDI5ZjktNDgzYi00ODdlLWJjOTQtNGE1Mjc2ZDI2ZjZjIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImU5YWUwYTI3LWVlYjQtNGNhZi04YjE4LTdhNzIzMDBkOTA0MCIsImlhdCI6MTYwNDU1ODEzOCwiZXhwIjoxNjA0NTU4NDM4fQ.MIMArFeC4cpPNTYOd39mu6_-yihdN0CDl_917eH8-kY' -H 'Content-Type: application/json' --data-binary $'{\n "kms": ["kms"],\n "synchronize_all": false,\n "regions": ["ap-south-1"]\n}' --compressed
Example Response
{
"id": "afef70ff-311e-46c1-8ead-e1999e8c6d46",
"uri": "kylo:kylo:cckm:synchronize:afef70ff-311e-46c1-8ead-e1999e8c6d46",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-11-05T06:38:25.308834396Z",
"updatedAt": "2020-11-05T06:38:25.310835309Z",
"overall_status": "in_progress",
"cloud": "aws",
"regions": [
"ap-south-1"
],
"kms": [
"kms"
],
"abort": false
}
The sample output shows that the synchronization-jobs
API has started downloading the keys from the region (ap-southeast-1
) of the KMS (kms
) to the CCKM. The status of synchronization process is in progress. A unique ID (afef70ff-311e-46c1-8ead-e1999e8c6d46
) for the synchronization process is returned.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Note
You can also schedule synchronization of the AWS keys when needed using the scheduler API. Refer to Scheduling Synchronization for details.