Enabling Key-Rotation Schedule for DKE Endpoint
Use the post /v1/cckm/microsoft/dke/endpoints/{id}/enable-key-rotation-job API to enable a key-rotation schedule for a Microsoft DKE endpoint. Specify the following:
- ID of the DKE endpoint
- ID of job scheduler associated with the rotation schedule
Create a DKE endpoint and job scheduler before enabling a key-rotation schedule.
As part of enabling a key-rotation schedule for a given DKE endpoint, the auto_rotate parameter in this endpoint is set to true to reflect that key auto-rotation is now enabled. Also, the labels and job_config_id parameters are added to the endpoint to reflect the associated scheduled key rotation.
To create a job scheduler, use the post /v1/scheduler/job-configs API using the operation parameter of cckm_key_rotation along with the following request parameters:
- start_date
- run_at
- cloud_name of
Microsoft DKE(as part of the cckm_key_rotation_params parameter)
For more information about post /v1/scheduler/job-configs API, refer to Scheduling Key Rotation and Auto Rotation of Credentials.
Note
If the endpoint is in an archived state, you cannot run the post /v1/cckm/microsoft/dke/endpoints/{id}/enable-key-rotation-job API on it.
Syntax
curl -k '<CCKM IP address>/api/v1/cckm/microsoft/dke/endpoints/<id>/enable-key-rotation-job' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "job_config_id": "<job_config_id>"\n}' --compressed
Here, {id} is the ID of the DKE endpoint.
Request Parameter
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| id | string | ID of the DKE endpoint. |
| job_config_id | string | ID of the scheduler job that will perform the rotation of the DKE endpoint. |
Example Request
curl -k 'https://10.171.15.127/api/v1/cckm/microsoft/dke/endpoints/df16d580-2a45-425f-a093-6bb228d895a8/enable-key-rotation-job' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJlZGVjZGEzNS01MjljLTRlMzQtODIyOS0yOWZiZTJkMmM5ZjgiLCJzdWIiOiJsb2NhbHw3ZThiMjZjMC01YmUyLTQ5NjEtOGJhNC1iMTI5NjZiMzZjNzYiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJjbGllbnRfaWQiOiI4MzdjODQwZC03NWRkLTRiNGYtYTMxOC03OWNiMTZjYTI0OGQiLCJjbGllbnRfbmFtZSI6ImFwaS1wbGF5Z3JvdW5kIiwiY2xpZW50X3R5cGUiOiJwdWJsaWMiLCJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNjU5ZDJiOTQtMzJhMC00OWFlLTkxYTItZDMwNmYwMTEyNjNmIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImNmOTljNzZlLWZjOGUtNDJiZi1iMzI5LTcyZDA3Y2U2ZWM2MiIsImlhdCI6MTY5NzU4MzMwMywiZXhwIjoxNjk3NTgzNjAzfQ.k6BvcDm6VsL4hTsRglCtctL310xEMGNDPBxR16zHMhs' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "job_config_id": "0a47cc10-e4ad-4bbc-8ab2-5fdce92841cb"\n}' --compressed
Example Response
{
"id": "9236fc51-d84e-4238-a590-da4d7238cd57",
"uri": "kylo:kylo:cckm:dke-endpoint:9236fc51-d84e-4238-a590-da4d7238cd57",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-10-16T07:12:58.514195Z",
"labels": {
"job_config_id": "e069d011-f3ae-4830-b2e5-f9aeec3b7dfe"
},
"updatedAt": "2023-10-16T07:13:13.464302Z",
"name": "dke_endpoint_5",
"description": "Dke Endpoint",
"key_uri_hostname": "dke.thales.com",
"key_uri": "https://dke.thales.com/api/v1/cckm/microsoft/dke-data-plane/endpoints/9236fc51-d84e-4238-a590-da4d7238cd57/keys/ks-a341f39645f64bc3ba65619c37054a114195ca09ca704151898d049f6e572b47",
"kek_name": "ks-a341f39645f64bc3ba65619c37054a114195ca09ca704151898d049f6e572b47",
"kek_id": "a341f39645f64bc3ba65619c37054a114195ca09ca704151898d049f6e572b47",
"kek_uuid": "86041751-2aee-40ae-b70b-24f3b44e51f2",
"meta": {
"owner": "test",
"purpose": "development"
},
"kek_version": "0",
"key_type": "asymmetric",
"algorithm": "RSA_DECRYPT_OAEP_2048_SHA256",
"enable_success_audit_event": true,
"auth_tenants": [
"95180635-b494-4f57-b9ba-a250aeac741f"
],
"auto_rotate": true,
"status": "Enabled"
}
The sample output shows that the key-rotation schedule for the DKE endpoint with the ID of df16d580-2a45-425f-a093-6bb228d895a8 and the job_config_id of 0a47cc10-e4ad-4bbc-8ab2-5fdce92841cb is successfully enabled. Note that the parameter of auto_rotate is set to true.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
