Creating an External vault
Use the post /v1/cckm/oci/create-external-vault API to create an external vault.
Syntax
curl -k 'https://127.0.0.1/api/v1/cckm/oci/create-external-vault' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "vault_name": <vault_name>,\n "endpoint_url_hostname": <endpoint_url_hostname>,\n "compartment_id": <compartment_id>,\n "issuer_id": <issuer_id>,\n "client_application_id": <client_application_id>\n}' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authentication token. |
| compartment_id | string | ID of the Oracle compartment. |
| endpoint_url_hostname | string | IP address of the CipherTrust Manager or Load Balancer. FQDNs are not supported. |
| endpoint_url_port | integer | Port number for the OCI external vault endpoint URL. Specify the port of the CipherTrust Manager or Load Balancer. The default port is 443.NOTE: The web interface port within CipherTrust Manager can be changed from the default port of 443 to another port. If you plan to change the default port for the CipherTrust Manager web interface, ensure to change it before configuring the OCI EKMS (HYOK) on CCKM. Also, reflect this port change when creating an external vault on CCKM. Changing the default port after configuring OCI EKMS is not supported. Refer to Support for Changing the Default Port of Web Interface Setting for instructions on changing the port when configuring OCI EKMS. |
| issuer_id | string | ID of the issuer. |
| client_application_id | string | ID of the OCI KMS application as registered on the third-party identity provider. |
| vault_name | string | Name of the external vault. |
| connection | string | Name or ID of the Oracle connection on the CipherTrust Manager. |
| source_key_tier | string | Tier of the source. Specify the type of key source allowed in the vault. Possible options are: • local • hsm-luna If the source_key_tier is not specified, you can create local and hsm-luna keys in the vault. |
| partition_id | string | ID of the Luna partition. partition_id is required if hsm-luna is specified as source_key_tier. |
| policy | string | Rego policy to be associated with the vault. |
| tenancy (optional) | string | Name of the OCI tenancy. It is required, if the connection is not provided. |
Example Request
curl -k 'https://52.86.120.81/api/v1/cckm/oci/create-external-vault' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "vault_name": "oci-external-vault-one",\n "endpoint_url_hostname": "localhost",\n "compartment_id": "ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audgd4dt4mcf6zluymff6sq",\n "issuer_id": "95e0d83c-c408-42c7-b3f2-c86cd6bcda51",\n "client_application_id": "kco-5e0d83c-c408-42c7-b3f2-c86cd6bcda56"\n}' --compressed
Example Response
{
"id": "37900289-47cf-4172-91c5-7ea6cb87c4b7",
"uri": "kylo:kylo:cckm:oci-vault:37900289-47cf-4172-91c5-7ea6cb87c4b7",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-06-27T08:50:28.011605208Z",
"updatedAt": "0001-01-01T00:00:00Z",
"vault_name": "oci-external-vault-one",
"connection": "oci-connection",
"endpoint_url_hostname": "localhost",
"compartment_id": "ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audgd4dt4mcf6zluymff6sq",
"issuer_id": "95e0d83c-c408-42c7-b3f2-c86cd6bcda51",
"client_application_id": "kco-5e0d83c-c408-42c7-b3f2-c86cd6bcda56",
"time_created": "2022-02-28T23:18:12.263Z",
"compartment_name": "tenancy",
"endpoint_url": "https://localhost/api/v1/cckm/oci/external-vaults/65e0d83c-c408-42c7-b3f2-c86cd6bcda51",
"local_key_store_id": "65e0d83c-c408-42c7-b3f2-c86cd6bcda51",
"linked_state": false,
"cloud_name": "oci",
"external_vault_type": "local",
"tenancy": "tenancy"
}
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
