Uploading Keys to SAP
Use the post /v1/cckm/sap/upload-key
API to upload a key from the source key to a SAP group. Specify the following details:
ID of the group where the key needs to be uploaded.
Key parameters such as description, type, name, and exportable etc.
Source key tier and source key identifier of the key to be uploaded from a key source.
Syntax
curl -k '<IP>/api/v1/cckm/sap/upload-key' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "source_key_identifier": "<source-key-identifier>",\n "source_key_tier": "<source-key-tier>",\n "group": "<sap-group-id>",\n "name": "<key-name>",\n "description": "<key description>",\n "type": "<key-type>",\n "exportable": <true|false>,\n "operations": [\n "<operation1>",\n "<operation2>"\n ]\n}' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
group | string | Name or ID of the SAP group where the key is to be created. |
name | string | Name for the key. |
operations | array of strings | List of operations allowed to the key. |
source_key_identifier | string | ID of the source key that will be uploaded to SAP. |
source_key_tier | string | Tier of the source key. The options are: • local for the CipherTrust Manager (default)• dsm for the Data Security Manager• hsm-luna for Luna HSM (FM-enabled Luna HSM is not supported as a key source)• external-cm for the external CipherTrust Manager |
type | string | Type of the SAP key. The type can be: • AES • RSA • EC |
description | string | Description of the key. |
exportable | boolean | Whether the key is exportable. Set to true to make the key exportable, set to false for a non-exportable key.Note: For the key created in the AWS Key store, the value should not be set to true . |
role (optional) | string | Specifies the role for the key. MASTER_KEY value provides a default value for key role. If provided in request, where possible, it will automatically be converted to the appropriate key roles based on the application context and key type. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/sap/upload-key' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI0MmFmZDExNy02YzllLTRhNGUtOTAwYS1lYjlhNDNjYWE5ZDIiLCJzdWIiOiJsb2NhbHwzMTI5ODdkMS0wOWNiLTQxZTEtOThmNy1jZjRhNzgwNTZiMTMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNDVmOWE3NWUtMzI1NC00NWJkLWE0NzYtOWU2NWUyNjdmNGVkIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjdiYzNkOWM4LWRiYTQtNDVmMy05YWNiLWI3NGM2MzQyYzYyMCIsImlhdCI6MTYxNDc1MTg1MSwiZXhwIjoxNjE0NzUyMTUxfQ.ahdxfM7-WA4u7sotHy6qelc9MkoZytst7oZWsvE7Cr0' -H 'Content-Type: application/json' --data-binary $'{\n "source_key_identifier": "eb97abc94d3d4d9cb6325b0372dc6c7a4f6b7c81ed9b4f39b78264333b6fc18f",\n "source_key_tier": "local",\n "group": "489ac34d-3e9c-4be3-8c1c-2c383bf31461",\n "name": "AB-CM-KeyUpload",\n "description": "This is upload key from CM",\n "type": "AES",\n "exportable": true,\n "operations": [\n "ENCRYPT",\n "DECRYPT"\n ]\n}' --compressed
Example Response
{
"id": "2d8d78bf-0bdd-4a6e-9d29-3f1fe64430c2",
"uri": "kylo:kylo:cckm:sap-key:2d8d78bf-0bdd-4a6e-9d29-3f1fe64430c2",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-10-19T09:14:31.363689058Z",
"updatedAt": "2021-10-19T09:14:31.360768399Z",
"cloud_name": "sap",
"tenant": "thales-preprod",
"sap_param": {
"description": "This is upoad key",
"enabled": true,
"exportable": true,
"groupId": "3d62e129-acbf-4b3e-b1ad-e3b9779be668",
"sap_key_id": "c571aff1-bbc4-4bd3-bbc2-e74bccae0752",
"keystoreContext": {
"customerHeld": false
},
"meta": {
"created": "2021-10-19T09:14:49.623326",
"creatorId": "171cdee5-947e-4bcd-ae0b-562256624904",
"creatorName": "creator.name@xyz.com",
"imported": true,
"primaryVersion": 0,
"totalVersions": 1
},
"name": "AB-CM-KeyUpload",
"operations": [
"DECRYPT",
"ENCRYPT"
],
"role": "UNSPECIFIED",
"size": 3072,
"type": "RSA"
},
"source_key_identifier": "001e4f76-9066-465d-a585-b43363f6ec60",
"source_key_type": "rsa",
"source_key_tier": "local",
"cckm_group_id": "ba7e428c-e3d9-491e-a40d-3574e5fea4e3",
"backup_blob": "",
"gone": false,
"origin": "native",
"auto_rotate": false,
"sap_application": "GENERAL",
"sap_group_name": "CCKM-Test",
"status": "AVAILABLE"
}
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.