Deleting Imported Key Material
Use the post /v1/cckm/aws/keys/{id}/delete-material
API to delete an imported key material from the AWS KMS.
Syntax
curl -k '<IP>/api/v1/cckm/aws/keys/{id}/delete-material' -X POST -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id}
represents the key ID.
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
key_material_id (optional) | string | ID of the key material to delete. If you provide a key material ID, that key material will be deleted. If an ID is not provided, the latest key material will be deleted. You can obtain the key material ID from the AWS parameters in the Viewing the List of Rotations of a Specified Key API. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/aws/keys/40387a72-6e24-4cdd-8840-b586757c44bf/delete-material' -X POST -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJjNWMwZGJlNC1lMmJmLTQ3M2MtODY4MC01NWVkMWIzMDEzMmEiLCJzdWIiOiJsb2NhbHxhNjdjMzc0OC05YTRiLTRhZGQtYjNkOS0wNTRiYTIwYmUzYWMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMDhkNDI5ZjktNDgzYi00ODdlLWJjOTQtNGE1Mjc2ZDI2ZjZjIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjkxZGNhYjVkLWJmNDktNDk1Yi1iM2YyLWQ5ZjlkOGU5MDQ5MyIsImlhdCI6MTYwNDU1OTY0OCwiZXhwIjoxNjA0NTU5OTQ4fQ.j_7biN5YJm188ZzU-IMDsTxJ3X57GbzkOxunP4XE6J0' --compressed
Example Response
{
"id": "40387a72-6e24-4cdd-8840-b586757c44bf",
"uri": "kylo:kylo:cckm:aws-key:40387a72-6e24-4cdd-8840-b586757c44bf",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-11-05T07:01:48.965088Z",
"updatedAt": "2020-11-05T07:03:24.400322315Z",
"kms_id": "0b90f8de-8617-498d-ad63-ca18eb717ae7",
"kms": "kms",
"synced_at": "2020-11-05T07:01:48.959221Z",
"rotation_status": "",
"local_key_id": "361d928ac7e340d093e7d231c80ca934acc62528601647ce86a219c9a82f4f93",
"local_key_name": "test-key",
"cloud_name": "aws",
"key_type": "symmetric",
"basic_view_enabled": false,
"region": "ap-south-1",
"gone": false,
"key_material_origin": "cckm",
"aws_param": {
"AWSAccountId": "123456789012",
"Arn": "arn:aws:kms:ap-south-1:123456789012:key/031c5703-aaf7-425e-a141-7e0c6f5886ab",
"CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
"Enabled": false,
"EncryptionAlgorithms": [
"SYMMETRIC_DEFAULT"
],
"KeyID": "031c5703-aaf7-425e-a141-7e0c6f5886ab",
"KeyManager": "CUSTOMER",
"KeyState": "PendingImport",
"KeyUsage": "ENCRYPT_DECRYPT",
"Origin": "EXTERNAL",
"CreationDate": "2020-11-05T07:01:36Z",
"Policy": {
"Id": "key-default-1",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Enable IAM User Permissions",
"Action": "kms:*",
"Effect": "Allow",
"Resource": "*",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
}
}
]
},
"Alias": [
"alias/aws-test-key-External"
],
"Tags": [
{
"TagKey": "key",
"TagValue": "value"
}
],
"KeyRotationEnabled": false,
"ExpirationModel": "KEY_MATERIAL_EXPIRES"
}
}
The sample output shows that the imported key material (with ID 40387a72-6e24-4cdd-8840-b586757c44bf
) is deleted from the AWS KMS.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.