Key Life Cycle Management APIs
This chapter describes how CCKM manages key life cycle management APIs for Azure. These APIs are used to perform the following tasks:
Creating Azure Keys
Use the post /v1/cckm/azure/keys
API to create Azure keys.
Syntax
curl -k '<IP>/api/v1/cckm/azure/keys' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "key_name": "<key_name>",\n "key_vault": "<key_vault>",\n "azure_param": {<azure_params>}' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
azure_param | JSON | Azure key parameters. Refer to Azure Parameters for details. |
key_name | string | Name for the Azure key. Key names can only contain alphanumeric characters and dashes. |
key_vault | string | Name or ID of the Azure vault where the key will be created. |
Azure Parameters
Parameter | Type | Description |
---|---|---|
kty | string | Type of key to create. Possible options are: • EC- "Soft" Elliptic Curve key. • EC-HSM- "Hard" Elliptic Curve key (only for premium key vaults). • RSA- "Soft" RSA key. • RSA-HSM- "Hard" RSA key (only for premium key vaults). |
attributes | JSON | Attributes for the key such as exp, enabled, and nbf. Possible option are: • nbf - Activation date for the key in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740. • exp - Expiration date for the key in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740. • enabled - Specify whether the key is enabled or disabled (true/false). |
crv | string | Elliptical curve name for the key. Possible options are: • P-256 • P-384 • P-521 • SECP256K1 |
key_ops | array of strings | Cryptographic operations performed by the key. Possible options are: • encrypt • decrypt • sign • verify • wrapKey • unwrapKey • import (applicable to RSA-HSM keys). This parameter is mandatory when creating a KEK. |
key_size | integer | Size for the RSA and RSA-HSM keys. Possible options are: • 2048 • 3072 • 4096 |
tags | JSON | An optional parameter to add additional information to the key. The value must be specified as the key-value pair. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/keys' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3 MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc 3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb2 1haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4 iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAw MDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6Ijg0MjMxNmZhLWFiOTItNGQ2Ni1hM jQ4LTkxM2I2MmNhOTQzNSIsImlhdCI6MTYwMTQ2MDc5NCwiZXhwIjoxNjAxNDYxMDk0fQ.4ZoMwbFAYHRHfQbf_yhQ-f5j75HaNaWViOSunTrt8xw' -H 'Content-Type: application/json' --data-binary $'{\n "key_name": "Test-key",\n "key_vault": "bedb82b9-582c-402d-9874-f3368722cf46",\n "azure_param": {\n "kty": "RSA",\n "key_size":3072,\n "attributes": {\n "nbf": 1662702740,\n "exp": 1662702740\n }\n }\n}' --compressed
Example Response
{
"id": "94a392f3-52e8-4542-90b6-b8554c046492",
"uri": "kylo:kylo:cckm:azure-key:94a392f3-52e8-4542-90b6-b8554c046492",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-09-30T10:13:47.500574756Z",
"updatedAt": "2020-09-30T10:13:47.49855808Z",
"key_vault": "keyvault-softkeys::12e533dd-b5c2-4e58-a264-0cd812dc5a34",
"key_vault_id": "bedb82b9-582c-402d-9874-f3368722cf46",
"region": "northcentralus",
"deleted": false,
"backup_at": "2020-09-30T10:13:47.49001426Z",
"soft_delete_enabled": true,
"key_soft_deleted_in_azure": false,
"status": "ACTIVE",
"syncedAt": "2020-09-30T10:13:46Z",
"created_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"modified_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"version": "e6d8dd366c024902b00e116af5e99ecc",
"key_size": 3072,
"backup": "a67e5fb314aa47d6b9d33522ae1cc8f511b92313a30b47e58411
68da27f97f32",
"key_name": "Test-key",
"cloud_name": "AzureCloud",
"azure_param": {
"key": {
"kid": "https://keyvault-softkeys.vault.azure.net/keys/Test-key/e6d8dd366c024902b00e116af5e99ecc",
"kty": "RSA",
"key_ops": [
"encrypt",
"decrypt",
"sign",
"verify",
"wrapKey",
"unwrapKey"
],
"n": "pQPKeqvSEMpQ29j3bzG3Vsz-ufp5p-
JNCI1jX4lEhmL41Xmq7CVz6HkUgwPS0PC6qZc6dHXhfkewzNtmB81T5X8XYk3vK0LNckQouDoFJRm3heAyao88ei6zUndmceWGq- OmNjVMiOVViPiB46l3NAhErHVgh8DLb7gWU3yMyu4eAZGNXVYMS0BfKSy6C_ Gz9Pz4vbmJj-7jTxD_xmKuaoKkR4g2bCFDldBE8RJjtBNF_ K8XcNEoZxVuEHYlzTOQ5eXQct8LqXVgfFtwhf2BYC7cVrK0smnN-pAor_ gurBRyEtiJQV08QCwBXh4PGjWviMPt0LTkfzjLB7yIFtrAlpAece9rbfPULNOSqLuGxhFDJGHWw6IB7IIVex_ NVeBfxsbyAHOD0t3UE0VrYijrv6gVz5-VqjC1OGcqtMEEld5- aS2HlMbfpmRhTxWTbg11KKSPIm6RqplSgqMMlzSEriuCA4l6hxGRuuQRfCOqAIUQqe_9Wx433yJKF8cCt",
"e": "AQAB"
},
"attributes": {
"recoveryLevel": "CustomizedRecoverable+Purgeable",
"enabled": true,
"nbf": 1662702740,
"exp": 1662702740,
"created": 1601460826,
"updated": 1601460826
}
},
"azure_created_at": "2020-09-30T10:13:46Z",
"azure_updated_at": "2020-09-30T10:13:46Z",
"tenant": "d27d849e-e487-4b0e-a54c-a71e67687d10",
"azure_expire_at": "2022-09-09T05:52:20Z",
"key_material_origin": "native",
"gone": false
}
The sample output shows that a key (Test-key
) is created in the Azure key vault (keyvault-softkeys
). A unique ID (94a392f3-52e8-4542-90b6-b8554c046492
) for the key is returned. As the key is created in Azure vault, key material's origin is native
.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Fetching List of Azure Keys
Use the get /v1/cckm/azure/keys
API to fetch the list of Azure keys. The results can be filtered using the query parameters.
Syntax
curl -k '<IP>/api/v1/cckm/azure/keys?skip=0&limit=10&sort=updatedAt' -H
'Authorization: Bearer
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3
MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc
3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb2
1haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4
iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAw
MDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6Ijg0MjMxNmZhLWFiOTItNGQ2Ni1hM
jQ4LTkxM2I2MmNhOTQzNSIsImlhdCI6MTYwMTQ2MDc5NCwiZXhwIjoxNjAxNDYxMDk0fQ.4ZoMwbFAYHRHfQb
f_yhQ-f5j75HaNaWViOSunTrt8xw' --compressed
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Request Query Parameters
Parameter | Type | Description |
---|---|---|
id | string | Internal ID of the Azure key. |
key_vault | string | Name of the Azure key vault. |
key_vault_id | string | ID of the key vault. |
key_name | string | Name of the key. |
cloud_name | string | Name of the cloud. |
region | string | Region name. |
crv | string | EC curve ID. |
status | string | Status of the key. |
backup | string | Backed up keys. |
enabled | boolean | Enabled keys. |
key_size | string | Size of the key. |
job_config_id | string | ID of the scheduler configuration job. |
deleted_in_azure | boolean | Fetches keys based on their availability in Azure. |
algorithm | string | Algorithm type. |
kid | string | Azure key ID. |
gone | boolean | Fetches keys based on their existence in the cloud. |
version | string | Fetches keys based on version. |
rotation_job_enabled | boolean | Fetches key based on the rotation job status. |
key_material_origin | string | Source of the key material. The origin of the key can be: • cckm: Key material is created on CCKM. • native: Key material is created on the Azure cloud. • unknown: Source of the key material is unknown. It is different than CCKM and the native cloud. |
skip | integer | Number of records to skip. For example, if "skip":5 is specified, the first five records will not be displayed in the output. |
limit | integer | Numbers of records to display. For example, if "limit":10 is specified, then the next 10 records (after skipping the number of records specified in the skip parameter) will be displayed in the output. |
sort | string | Comma-delimited list of properties to sort the results. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/keys?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3 MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc 3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb2 1haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4 iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAw MDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6Ijg0MjMxNmZhLWFiOTItNGQ2Ni1hM jQ4LTkxM2I2MmNhOTQzNSIsImlhdCI6MTYwMTQ2MDc5NCwiZXhwIjoxNjAxNDYxMDk0fQ.4ZoMwbFAYHRHfQbf_yhQ-f5j75HaNaWViOSunTrt8xw' --compressed
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "94a392f3-52e8-4542-90b6-b8554c046492",
"uri": "kylo:kylo:cckm:azure-key:94a392f3-52e8-
4542-90b6-b8554c046492",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-09-30T10:13:47.500575Z",
"updatedAt": "2020-09-30T10:13:47.498558Z",
"key_vault": "keyvault-softkeys::12e533dd-b5c2-4e58-a264-
0cd812dc5a34",
"key_vault_id": "bedb82b9-582c-402d-9874-f3368722cf46",
"region": "northcentralus",
"deleted": false,
"backup_at": "2020-09-30T10:13:47.490014Z",
"soft_delete_enabled": true,
"key_soft_deleted_in_azure": false,
"status": "ACTIVE",
"syncedAt": "2020-09-30T10:13:46Z",
"created_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"modified_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"version": "e6d8dd366c024902b00e116af5e99ecc",
"key_size": 3072,
"backup": "a67e5fb314aa47d6b9d33522ae1cc8f511b9
2313a30b47e5841168da27f97f32",
"key_name": "Test-key",
"cloud_name": "AzureCloud",
"azure_param": {
"key": {
"kid": "https://keyvault-softkeys.
vault.azure.net/keys/Test-key
/e6d8dd366c024902b00e116af5e99ecc",
"kty": "RSA",
"key_ops": [
"encrypt",
"decrypt",
"sign",
"verify",
"wrapKey",
"unwrapKey"
],
"n": "pQPKeqvSEMpQ29j3bzG3Vsz-ufp5p-JNCI1jX4lEhmL41Xmq7CVz6HkUgwPS0PC6qZc6dHXhfkewzNtmB81T5X8XYk3vK0LNckQouDoFJRm3heAyao88ei6zUndmceWGq-OmNjVMiOVViPiB46l3NAhErHVgh8DLb7gWU3yMyu4eAZGNXVYMS0BfKSy6C_Gz9Pz4vbmJj-7jTxD_xmKuaoKkR4g2bCFDldBE8RJjtBNF_K8XcNEoZxVuEHYlzTOQ5eXQct8LqXVgfFtwhf2BYC7cVrK0smnN-pAor_
gurBRyEtiJQV08QCwBXh4PGjWviMPt0LTkfzjLB7yIFtrAlpAece9rbfPULNOSqLuGxhFDJGHWw6IB7IIVex_
NVeBfxsbyAHOD0t3UE0VrYijrv6gVz5-VqjC1OGcqtMEEld5-
aS2HlMbfpmRhTxWTbg11KKSPIm6RqplSgqMMlzSEriuCA4l6hxGRuuQRfCOqAIUQqe_9Wx433yJKF8cCt",
"e": "AQAB"
},
"attributes": {
"recoveryLevel": "CustomizedRecoverable
+Purgeable",
"enabled": true,
"nbf": 1662702740,
"exp": 1662702740,
"created": 1601460826,
"updated": 1601460826
}
},
"azure_created_at": "2020-09-30T10:13:46Z",
"azure_updated_at": "2020-09-30T10:13:46Z",
"tenant": "d27d849e-e487-4b0e-a54c-a71e67687d10",
"azure_expire_at": "2022-09-09T05:52:20Z",
"key_material_origin": "native",
"gone": false
}
]
}
The sample output shows the list of Azure keys.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Viewing Details of Azure Keys
Use the get /v1/cckm/azure/keys/{id}
API to view the details of an Azure key with a specific id.
Syntax
curl -k '<IP>/api/v1/cckm/azure/keys/{id}' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id}
represents the key ID.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/keys/94a392f3-52e8-4542-90b6-b8554c046492' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3 MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc 3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb2 1haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4 iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAw MDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6Ijg0MjMxNmZhLWFiOTItNGQ2Ni1hM jQ4LTkxM2I2MmNhOTQzNSIsImlhdCI6MTYwMTQ2MDc5NCwiZXhwIjoxNjAxNDYxMDk0fQ.4ZoMwbFAYHRHfQbf_yhQ-f5j75HaNaWViOSunTrt8xw' --compressed
Example Response
{
"id": "94a392f3-52e8-4542-90b6-b8554c046492",
"uri": "kylo:kylo:cckm:azure-key:94a392f3-52e8-4542-90b6-b8554c046492",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-09-30T10:13:47.500575Z",
"updatedAt": "2020-09-30T10:13:47.498558Z",
"key_vault": "keyvault-softkeys::12e533dd-b5c2-4e58-a264-0cd812dc5a34",
"key_vault_id": "bedb82b9-582c-402d-9874-f3368722cf46",
"region": "northcentralus",
"deleted": false,
"backup_at": "2020-09-30T10:13:47.490014Z",
"soft_delete_enabled": true,
"key_soft_deleted_in_azure": false,
"status": "ACTIVE",
"syncedAt": "2020-09-30T10:13:46Z",
"created_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"modified_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"version": "e6d8dd366c024902b00e116af5e99ecc",
"key_size": 3072,
"backup": "a67e5fb314aa47d6b9d33522ae1cc8f511b92313a30b47e58411
68da27f97f32",
"key_name": "Test-key",
"cloud_name": "AzureCloud",
"azure_param": {
"key": {
"kid": "https://keyvault-softkeys.vault.azure.net/keys/Test-key/e6d8dd366c024902b00e116af5e99ecc",
"kty": "RSA",
"key_ops": [
"encrypt",
"decrypt",
"sign",
"verify",
"wrapKey",
"unwrapKey"
],
"n": "pQPKeqvSEMpQ29j3bzG3Vsz-ufp5p- JNCI1jX4lEhmL41Xmq7CVz6HkUgwPS0PC6qZc6dHXhfkewzNtmB81T5X8XYk3vK0LNckQouDoFJRm3heAyao88ei6zUndmceWGq- OmNjVMiOVViPiB46l3NAhErHVgh8DLb7gWU3yMyu4eAZGNXVYMS0BfKSy6C_ Gz9Pz4vbmJj-7jTxD_xmKuaoKkR4g2bCFDldBE8RJjtBNF_ K8XcNEoZxVuEHYlzTOQ5eXQct8LqXVgfFtwhf2BYC7cVrK0smnN-pAor_ gurBRyEtiJQV08QCwBXh4PGjWviMPt0LTkfzjLB7yIFtrAlpAece9rbfPULNOSqLuGxhFDJGHWw6IB7IIVex_ NVeBfxsbyAHOD0t3UE0VrYijrv6gVz5-VqjC1OGcqtMEEld5- aS2HlMbfpmRhTxWTbg11KKSPIm6RqplSgqMMlzSEriuCA4l6hxGRuuQRfCOqAIUQqe_9Wx433yJKF8cCt",
"e": "AQAB"
},
"attributes": {
"recoveryLevel": "CustomizedRecoverable+Purgeable",
"enabled": true,
"nbf": 1662702740,
"exp": 1662702740,
"created": 1601460826,
"updated": 1601460826
}
},
"azure_created_at": "2020-09-30T10:13:46Z",
"azure_updated_at": "2020-09-30T10:13:46Z",
"tenant": "d27d849e-e487-4b0e-a54c-a71e67687d10",
"azure_expire_at": "2022-09-09T05:52:20Z",
"key_material_origin": "native",
"gone": false,
"version_count": 1
}
The sample output shows the details corresponding to the key (with ID 94a392f3-52e8-4542-90b6-b8554c046492
).
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Updating Key Parameters
Use the patch /v1/cckm/azure/keys/{id}
API to update the parameters of a key. You can modify the key attributes (such as expiration and activation time), key operations, and tags.
Syntax
curl -k '<IP>/api/v1/cckm/azure/keys/{id}' -X PATCH -H 'Authorization: Bearer
AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "key_ops":
["<key_operations>"]\n}' --compressed
Here, {id}
represents the key ID.
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
attributes | JSON | Attributes to be updated such as exp, enabled, and nbf. Possible option are: • nbf - Activation date for the key in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740. • exp - Expiration date for the key in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740. • enabled - Specify whether the key is enabled or disabled (true/false). |
key_ops | array of strings | Cryptographic operations the key can perform. Possible options are: • encrypt • decrypt • sign • verify • wrapKey • unwrapKey |
tags | JSON | An optional parameter to add additional information to the key. The value must be specified as the key-value pair. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/keys/94a392f3-52e8-4542-90b6-b8554c046492' -X PATCH -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6Ijg0MjMxNmZhLWFiOTItNGQ2Ni1hMjQ4LTkxM2I2MmNhOTQzNSIsImlhdCI6MTYwMTQ2MDc5NCwiZXhwIjoxNjAxNDYxMDk0fQ.4ZoMwbFAYHRHfQbf_yhQ-f5j75HaNaWViOSunTrt8xw' -H 'Content-Type: application/json' --data-binary $'{\n "key_ops": ["encrypt",\n"decrypt",\n"sign"]\n}' --compressed
Example Response
{
"id": "94a392f3-52e8-4542-90b6-b8554c046492",
"uri": "kylo:kylo:cckm:azure-key:94a392f3-52e8-4542-90b6-b8554c046492",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-09-30T10:13:47.500575Z",
"updatedAt": "2020-09-30T10:17:13.803318868Z",
"key_vault": "keyvault-softkeys::12e533dd-b5c2-4e58-a264-0cd812dc5a34",
"key_vault_id": "bedb82b9-582c-402d-9874-f3368722cf46",
"region": "northcentralus",
"deleted": false,
"backup_at": "2020-09-30T10:13:47.490014Z",
"soft_delete_enabled": true,
"key_soft_deleted_in_azure": false,
"status": "ACTIVE",
"syncedAt": "2020-09-30T10:13:46Z",
"created_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"modified_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"version": "e6d8dd366c024902b00e116af5e99ecc",
"key_size": 3072,
"backup": "971a66b249e34d31b92b1c46ce0586feaefb9a69149144d4826c7db39ab7edb7",
"key_name": "Test-key",
"cloud_name": "AzureCloud",
"azure_param": {
"key": {
"kid": "https://keyvault-softkeys.vault.azure.net/keys/Test
-key/e6d8dd366c024902b00e116af5e99ecc",
"kty": "RSA",
"key_ops": [
"encrypt",
"decrypt",
"sign"
],
"n": "pQPKeqvSEMpQ29j3bzG3Vsz-ufp5p- JNCI1jX4lEhmL41Xmq7CVz6HkUgwPS0PC6qZc6dHXhfkewzNtmB81T5X8XYk3vK0LNckQouDoFJRm3heAyao88ei6zUndmceWGq- OmNjVMiOVViPiB46l3NAhErHVgh8DLb7gWU3yMyu4eAZGNXVYMS0BfKSy6C_ Gz9Pz4vbmJj-7jTxD_xmKuaoKkR4g2bCFDldBE8RJjtBNF_K8XcNEoZxVuEHYlzTOQ5eXQct8LqXVgfFtwhf2BYC7cVrK0smnN-pAor_ gurBRyEtiJQV08QCwBXh4PGjWviMPt0LTkfzjLB7yIFtrAlpAece9rbfPULNOSqLuGxhFDJGHWw6IB7IIVex_ NVeBfxsbyAHOD0t3UE0VrYijrv6gVz5-VqjC1OGcqtMEEld5- aS2HlMbfpmRhTxWTbg11KKSPIm6RqplSgqMMlzSEriuCA4l6hxGRuuQRfCOqAIUQqe_9Wx433yJKF8cCt",
"e": "AQAB"
},
"attributes": {
"recoveryLevel": "CustomizedRecoverable+Purgeable",
"enabled": true,
"nbf": 1662702740,
"exp": 1662702740,
"created": 1601460826,
"updated": 1601461032
}
},
"azure_created_at": "2020-09-30T10:13:46Z",
"azure_updated_at": "2020-09-30T10:13:46Z",
"tenant": "d27d849e-e487-4b0e-a54c-a71e67687d10",
"azure_expire_at": "2022-09-09T05:52:20Z",
"key_material_origin": "native",
"gone": false
}
The sample output shows that the key_ops
parameter is modified and the key (Test-key
) can perform the following crypto operations:
encrypt
decrypt
sign
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Deleting Keys from CCKM
Use the post /v1/cckm/azure/keys/{id}/delete-backup
API to delete an Azure key and its versions from the CCKM.
Warning
This operation will delete all the versions of a key and they cannot be restored to the vault. Use this option with caution.
Syntax
curl -k '<IP>/api/v1/cckm/azure/keys/{id}/delete-backup' -X POST -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id}
represents the key ID.
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/keys/94a392f3-52e8-4542-90b6-b8554c046492/delete-backup' -X POST -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjRmMGExN2Y0LWQxOGUtNGE5YS04Z WM2LTU1ZjI2ZjJjNTMzMiIsImlhdCI6MTYwMTQ2MTEwNiwiZXhwIjoxNjAxNDYxNDA2fQ.P_d2ngOq_AlxqXhfG-saEvQRYZCSzQbzR2S6Jzv6Ogs' --compressed
Example Response
{
"status": 204
}
The sample output shows that the key is deleted successfully from the CCKM and "status": 204
is returned in response.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Soft-Deleting Azure Keys
Use the post /v1/cckm/azure/keys/{id}/soft-delete
API to soft-delete an Azure key from the key vault.
Caution
This operation permanently deletes keys from non-soft enabled vault.
Syntax
curl -k '<IP>/api/v1/cckm/azure/keys/{id}/soft-delete' -X POST -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id}
represents the key ID.
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/keys/94a392f3-52e8-4542-90b6-b8554c046492/soft-delete' -X POST -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3 MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc 3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb2 1haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4 iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAw MDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjRmMGExN2Y0LWQxOGUtNGE5YS04Z WM2LTU1ZjI2ZjJjNTMzMiIsImlhdCI6MTYwMTQ2MTEwNiwiZXhwIjoxNjAxNDYxNDA2fQ.P_d2ngOq_AlxqXhfG-saEvQRYZCSzQbzR2S6Jzv6Ogs' --compressed
Example Response
{
"id": "94a392f3-52e8-4542-90b6-b8554c046492",
"uri": "kylo:kylo:cckm:azure-key:94a392f3-52e8-4542-90b6-b8554c046492",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-09-30T10:13:47.500575Z",
"updatedAt": "2020-09-30T10:17:13.803319Z",
"key_vault": "keyvault-softkeys::12e533dd-b5c2-4e58-a264-0cd812dc5a34",
"key_vault_id": "bedb82b9-582c-402d-9874-f3368722cf46",
"region": "northcentralus",
"deleted": false,
"backup_at": "2020-09-30T10:13:47.490014Z",
"soft_delete_enabled": true,
"key_soft_deleted_in_azure": true,
"status": "SOFT-DELETED",
"syncedAt": "2020-09-30T10:13:46Z",
"created_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"modified_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"version": "e6d8dd366c024902b00e116af5e99ecc",
"key_size": 3072,
"backup": "971a66b249e34d31b92b1c46ce0586feaefb9a69149144d4826c7db
39ab7edb7",
"key_name": "Test-key",
"cloud_name": "AzureCloud",
"azure_param": {
"key": {
"kid": "https://keyvault-softkeys.vault.azure.net/keys/
Test-key/e6d8dd366c024902b00e116af5e99ecc",
"kty": "RSA",
"key_ops": [
"encrypt",
"decrypt",
"sign"
],
"n": "pQPKeqvSEMpQ29j3bzG3Vsz-ufp5p-
JNCI1jX4lEhmL41Xmq7CVz6HkUgwPS0PC6qZc6dHXhfkewzNtmB81T5X8XYk3vK0LNckQouDoFJRm3heAyao88ei6zUndmceWGq-
OmNjVMiOVViPiB46l3NAhErHVgh8DLb7gWU3yMyu4eAZGNXVYMS0BfKSy6C_
Gz9Pz4vbmJj-7jTxD_xmKuaoKkR4g2bCFDldBE8RJjtBNF_
K8XcNEoZxVuEHYlzTOQ5eXQct8LqXVgfFtwhf2BYC7cVrK0smnN-pAor_
gurBRyEtiJQV08QCwBXh4PGjWviMPt0LTkfzjLB7yIFtrAlpAece9rbfPULNOSqLuGxhFDJGHWw6IB7IIVex_NVeBfxsbyAHOD0t3UE0VrYijrv6gVz5-VqjC1OGcqtMEEld5-aS2HlMbfpmRhTxWTbg11KKSPIm6RqplSgqMMlzSEriuCA4l6hxGRuuQRfCOqAIUQqe_9Wx433yJKF8cCt",
"e": "AQAB"
},
"attributes": {
"recoveryLevel": "CustomizedRecoverable+Purgeable",
"enabled": true,
"nbf": 1662702740,
"exp": 1662702740,
"created": 1601460826,
"updated": 1601461032
}
},
"azure_created_at": "2020-09-30T10:13:46Z",
"azure_updated_at": "2020-09-30T10:13:46Z",
"tenant": "d27d849e-e487-4b0e-a54c-a71e67687d10",
"azure_expire_at": "2022-09-09T05:52:20Z",
"key_material_origin": "native",
"gone": false,
"version_count": 1
}
The sample output shows that the parameter key_soft_deleted_in_azure
is set to true
. This indicates that the key (Test-key
) is soft-deleted from the vault.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Purging Azure Keys
Use the post /v1/cckm/azure/keys/{id}/hard-delete
API to permanently delete an Azure key.
Note
This operation can only be performed on the soft-deleted keys residing in the soft-enabled key vault.
Syntax
curl -k '<IP>/api/v1/cckm/azure/keys/{id}/hard-delete' -X POST -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id}
represents the key ID.
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/keys/94a392f3-52e8-4542-90b6-b8554c046492/hard-delete' -X POST -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjRmMGExN2Y0LWQxOGUtNGE5YS04ZWM2LTU1ZjI2ZjJjNTMzMiIsImlhdCI6MTYwMTQ2MTEwNiwiZXhwIjoxNjAxNDYxNDA2fQ.P_d2ngOq_AlxqXhfG-saEvQRYZCSzQbzR2S6Jzv6Ogs' --compressed
Example Response
{
"id": "94a392f3-52e8-4542-90b6-b8554c046492",
"uri": "kylo:kylo:cckm:azure-key:94a392f3-52e8-4542-90b6-b8554c046492",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-09-30T10:13:47.500575Z",
"updatedAt": "2020-09-30T10:20:36.30319Z",
"key_vault": "keyvault-softkeys::12e533dd-b5c2-4e58-a264-0cd812dc5a34",
"key_vault_id": "bedb82b9-582c-402d-9874-f3368722cf46",
"region": "northcentralus",
"deleted": true,
"backup_at": "2020-09-30T10:13:47.490014Z",
"soft_delete_enabled": true,
"key_soft_deleted_in_azure": true,
"status": "DELETED",
"syncedAt": "2020-09-30T10:13:46Z",
"created_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"modified_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"version": "e6d8dd366c024902b00e116af5e99ecc",
"key_size": 3072,
"backup": "971a66b249e34d31b92b1c46ce0586feaefb9a69149144d4826c7db39ab7edb7",
"key_name": "Test-key",
"cloud_name": "AzureCloud",
"azure_param": {
"key": {
"kid": "https://keyvault-softkeys.vault.azure.net/keys/
Test-key/e6d8dd366c024902b00e116af5e99ecc",
"kty": "RSA",
"key_ops": [
"encrypt",
"decrypt",
"sign"
],
"n": "pQPKeqvSEMpQ29j3bzG3Vsz-ufp5p-
JNCI1jX4lEhmL41Xmq7CVz6HkUgwPS0PC6qZc6dHXhfkewzNtmB81T5X8XYk3vK0LNckQouDoFJRm3heAyao88ei6zUndmceWGq-
OmNjVMiOVViPiB46l3NAhErHVgh8DLb7gWU3yMyu4eAZGNXVYMS0BfKSy6C_
Gz9Pz4vbmJj-7jTxD_xmKuaoKkR4g2bCFDldBE8RJjtBNF_
K8XcNEoZxVuEHYlzTOQ5eXQct8LqXVgfFtwhf2BYC7cVrK0smnN-pAor_
gurBRyEtiJQV08QCwBXh4PGjWviMPt0LTkfzjLB7yIFtrAlpAece9rbfPULNOSqLuGxhFDJGHWw6IB7IIVex_
NVeBfxsbyAHOD0t3UE0VrYijrv6gVz5-VqjC1OGcqtMEEld5-
aS2HlMbfpmRhTxWTbg11KKSPIm6RqplSgqMMlzSEriuCA4l6hxGRuuQRfCOqAIUQqe_9Wx433yJKF8cCt",
"e": "AQAB"
},
"attributes": {
"recoveryLevel": "CustomizedRecoverable+Purgeable",
"enabled": true,
"nbf": 1662702740,
"exp": 1662702740,
"created": 1601460826,
"updated": 1601461032
}
},
"azure_created_at": "2020-09-30T10:13:46Z",
"azure_updated_at": "2020-09-30T10:13:46Z",
"tenant": "d27d849e-e487-4b0e-a54c-a71e67687d10",
"azure_expire_at": "2022-09-09T05:52:20Z",
"key_material_origin": "native",
"gone": false,
"version_count": 1
}
The sample output shows that the parameter status becomes DELETED
. This indicates that the key (Testkey
) is permanently deleted from the Azure vault.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Uploading Keys to Azure Key Vault
Use the post /v1/cckm/azure/upload-key
API to upload a key created on CipherTrust Manager to the Azure key vault.
Syntax
curl -k '<IP>/api/v1/cckm/azure/upload-key' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "key_name": "<key_name>",\n "local_key_identifier": "<local_key_id>",\n "key_vault": "<key_vault>"\n}' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
key_name | string | Name of the key on Azure. Key name can only contain alphanumeric characters and dashes. |
key_vault | string | Name or ID of the key vault where the key will be uploaded. |
azure_param | JSON | Azure key parameters. Refer to Azure Parameters below for details. |
local_key_identifier | string | Name or ID of the CipherTrust Manager key to upload. This parameter is mandatory if source_key_tier is local . |
luna_key_identifier | string | Name or ID of the HSM Luna key to upload. This parameter is mandatory if source_key_tier is hsm-luna . |
password | string | PFX password. Specify only if the PFX certificate is provided. |
pfx | string | PFX key. Specify a Base64 encoded key. |
source_key_tier | string | Tier of the source. Possible options are: • local (default) • pfx • hsm-luna • dsm |
dsm_key_identifier | string | ID of the DSM key. This parameter is mandatory if source_key_tier is dsm . |
kek_kid | string | ID of the Azure key encryption key. |
Azure Parameters
Parameter | Type | Description |
---|---|---|
attributes | JSON | Attributes for the key such as exp, enabled, and nbf. Possible option are: • nbf - Activation date for the key in Unix Epoch time format. • exp - Expiration date for the key in Unix Epoch time format. • enabled - Specify whether the key is enabled or disabled (true/false). |
hsm | boolean | Allow key creation in Azure HSM. Set to true to allow, false to deny. |
key_ops | array of strings | Cryptographic operations performed by the key. Possible options are: • encrypt • decrypt • sign • verify • wrapKey • unwrapKey |
tags | JSON | Optional parameter to add additional information to the key. The value must be specified as the key-value pair. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/upload-key' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3 MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc 3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb2 1haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4 iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAw MDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImI1ZTYwMjQ5LTI5MTgtNDVlNS04Z TM3LThlMWE3MGEwNjYyYSIsImlhdCI6MTYwMTQ2MTQxNiwiZXhwIjoxNjAxNDYxNzE2fQ.R_iu6Qrh_hwBPylzcqOYYfw37Rgt15JEUFQh149DO2o' -H 'Content-Type: application/json' --data-binary $'{\n "key_name": "Uploadtestkey",\n "local_key_identifier": "rsakey",\n "key_
vault": "bedb82b9-582c-402d-9874-f3368722cf46"\n}' --compressed
Example Response
{
"id": "b3779b0a-09ca-4b2d-b9e6-8947bb5d740f",
"uri": "kylo:kylo:cckm:azure-key:b3779b0a-09ca-4b2d-b9e6-8947bb5d740f",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-09-30T10:24:41.448099979Z",
"updatedAt": "2020-09-30T10:24:41.446020965Z",
"key_vault": "keyvault-softkeys::12e533dd-b5c2-4e58-a264-0cd812dc5a34",
"key_vault_id": "bedb82b9-582c-402d-9874-f3368722cf46",
"region": "northcentralus",
"deleted": false,
"backup_at": "2020-09-30T10:24:41.435775419Z",
"soft_delete_enabled": true,
"key_soft_deleted_in_azure": false,
"status": "ACTIVE",
"syncedAt": "2020-09-30T10:24:40Z",
"created_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"modified_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"version": "628cd445146240c3bbd226e3d7ca5c62",
"key_size": 2048,
"backup": "c95104adb1684af69b86927cb993a03e905f0462e19d42c5be40778ac993ddc2",
"key_name": "Uploadtestkey",
"local_key_id": "c9a282fcae5046509212c0d711efc586d255e78316aa4771b5b126b24df9aae3",
"local_key_name": "rsakey",
"cloud_name": "AzureCloud",
"azure_param": {
"key": {
"kid": "https://keyvaultsoftkeys.
vault.azure.net/keys/Uploadtestkey/628cd445146240c3bbd226e3d7ca5c62",
"kty": "RSA",
"key_ops": [
"encrypt",
"decrypt",
"sign",
"verify",
"wrapKey",
"unwrapKey"
],
"n": "nkxK6mYxOvM_ZQfc1AM2vPxslhg5WYGqaP3CtG9K4c6WEoVsPn_Iijc8bRdU02VjlAmIkRqHMms1_xxCSmy2ZMG91PQGwdrX-TeOa6kLv5b-RCsu_IP46SkDSGOgCpD0-DyfUXnPe3zgIfNOulAvFCy-rKbGmzrTuqCkEcznRHHOLiZRP1M4MF5cHBS33aqKaH5KfKndoF5Qk5PhHrqaxJ9SKBa5NL9ZZzm_DC1J4hnu2HcLVq-5cw1xL--uReyKAKsDjYZcxh6C6A9DuDe10qux1LieWJi7xzDJKbmBNWSTqle92kVOvOSy2jfxTdi721FTQucxs_Sh-lZ2eS4rQ",
"e": "AAAAAAABAAE"
},
"attributes": {
"recoveryLevel": "CustomizedRecoverable+Purgeable",
"enabled": true,
"created": 1601461480,
"updated": 1601461480
}
},
"azure_created_at": "2020-09-30T10:24:40Z",
"azure_updated_at": "2020-09-30T10:24:40Z",
"tenant": "d27d849e-e487-4b0e-a54c-a71e67687d10",
"meta": {
"source_key_id": "rsakey"
},
"key_material_origin": "cckm",
"rotated_at": "2020-09-30T10:24:41.435777091Z",
"gone": false
}
The sample output shows that a key (Uploadtestkey) is created on the Azure vault (bedb82b9-582c-402d-9874-f3368722cf46
) and it uses local key material (c9a282fcae5046509212c0d711efc586d255e78316aa4771b5b126b24df9aae3
) created on the CipherTrust Manager. As the key material is created on the Key Manager, key material's origin is cckm
.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Downloading Keys Created on Azure Vault to CCKM
Use the post /v1/cckm/azure/synchronization-jobs
API to download the keys created on the Azure vault to the CCKM.
Syntax
curl -k '<IP>/api/v1/cckm/azure/synchronization-jobs' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "key_vaults": ["<key_vault>"],\n "synchronize_all": <boolean>\n}' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
key_vaults | array of strings | Name or ID of key vaults from which Azure keys will be synchronized. |
synchronize_all | boolean | Set to true to synchronize all keys from all vaults. |
Note
The synchronize_all
and key_vaults
parameters are mutually exclusive. Specify either of the two.
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/synchronization-jobs' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3 MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc 3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb2 1haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4 iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAw MDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImI1ZTYwMjQ5LTI5MTgtNDVlNS04Z TM3LThlMWE3MGEwNjYyYSIsImlhdCI6MTYwMTQ2MTQxNiwiZXhwIjoxNjAxNDYxNzE2fQ.R_iu6Qrh_hwBPylzcqOYYfw37Rgt15JEUFQh149DO2o' -H 'Content-Type: application/json' --data-binary $'{\n "key_vaults": ["bedb82b9-582c-402d-9874-f3368722cf46"],\n "synchronize_all": false\n}' --compressed
Example Response
{
"id": "2321c6fb-acde-4b94-a00b-949c85968af3",
"uri": "kylo:kylo:cckm:synchronize:2321c6fb-acde-4b94-a00b-949c85968af3",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-09-30T10:25:47.057312858Z",
"updatedAt": "2020-09-30T10:25:47.059972903Z",
"overall_status": "in progress",
"cloud": "AzureCloud",
"key_vaults": [
"keyvault-softkeys::12e533dd-b5c2-4e58-a264-0cd812dc5a34"
],
"abort": false
}
The sample output shows that the synchronization-jobs API has started downloading the keys from the vault (bedb82b9-582c-402d-9874-f3368722cf46
) to the CCKM. The status of synchronization process is in progress. A unique ID (2321c6fb-acde-4b94-a00b-949c85968af3
) for the synchronization process is returned.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Viewing Synchronization Status
Use the get /v1/cckm/azure/synchronization-jobs
API to get the synchronization status. The results can be filtered using the query parameters.
Syntax
curl -k '<IP>/api/v1/cckm/azure/synchronization-jobs?skip=0&limit=10' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Request Query Parameters
Parameter | Type | Description |
---|---|---|
id | string | ID of synchronization. |
overall_status | string | Overall synchronization status. |
key_vaults | array | Name or ID of key vault. |
skip | integer | Number of records to skip. For example, if "skip":5 is specified, the first five records will not be displayed in the output. |
limit | integer | Numbers of records to display. For example, if "limit":10 is specified, then the next 10 records (after skipping the number of records specified in the skip parameter) will be displayed in the output. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/synchronization-jobs?skip=0&limit=10' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3 MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc 3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb2 1haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4 iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAw MDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImI1ZTYwMjQ5LTI5MTgtNDVlNS04Z TM3LThlMWE3MGEwNjYyYSIsImlhdCI6MTYwMTQ2MTQxNiwiZXhwIjoxNjAxNDYxNzE2fQ.R_iu6Qrh_hwBPylzcqOYYfw37Rgt15JEUFQh149DO2o' --compressed
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "2321c6fb-acde-4b94-a00b-949c85968af3",
"uri": "kylo:kylo:cckm:synchronize:2321c6fb-acde-4b94-
a00b-949c85968af3",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-09-30T10:25:47.057313Z",
"updatedAt": "2020-09-30T10:26:40.378092Z",
"overall_status": "in progress",
"detailed_status": {
"northcentralus/keyvault-softkeys::12e533dd-b5c2-
4e58-a264-0cd812dc5a34": "in progress"
},
"cloud": "AzureCloud",
"key_vaults": [
"keyvault-softkeys::12e533dd-b5c2-4e58-a264-
0cd812dc5a34"
],
"abort": false
}
]
}
The sample output shows the status of synchronization process.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Viewing Details of Synchronization Jobs
Use the get /v1/cckm/azure/synchronization-jobs/{id}
API to return the details of a synchronization with a specific ID.
Syntax
curl -k '<IP>/api/v1/cckm/azure/synchronization-jobs/{id}' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id}
represents the synchronization job ID.
Request Parameter
Parameter} | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/synchronization-jobs/2321c6fb-acde-4b94-a00b-949c85968af3' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3 MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc 3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb2 1haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4 iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAw MDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjBjMzU3ZGFkLTRiOWUtNDYxNC04O TZmLTk4NjdkOTgzMjA2YSIsImlhdCI6MTYwMTQ2MTY2MywiZXhwIjoxNjAxNDYxOTYzfQ.Yr8elLXclrAysFbeO6deB_yFf1vl9zlbvLHJwZNotEY' --compressed
Example Response
{
"id": "2321c6fb-acde-4b94-a00b-949c85968af3",
"uri": "kylo:kylo:cckm:synchronize:2321c6fb-acde-4b94-a00b-949c85968af3",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-09-30T10:25:47.057313Z",
"updatedAt": "2020-09-30T10:27:25.1795Z",
"completed_at": "2020-09-30T10:27:25.179211Z",
"overall_status": "synchronization completed",
"detailed_status": {
"northcentralus/keyvault-softkeys::12e533dd-b5c2-4e58-a264-
0cd812dc5a34": "vault synchronized successfully"
},
"cloud": "AzureCloud",
"key_vaults": [
"keyvault-softkeys::12e533dd-b5c2-4e58-a264-0cd812dc5a34"
],
"abort": false
}
The sample output shows the details corresponding to the specific synchronization job (with ID 2321c6fbacde-4b94-a00b-949c85968af3
).
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Aborting Synchronization Jobs
Use the post /v1/cckm/azure/synchronization-jobs/{id}/cancel
API to cancel a specific synchronization job.
Syntax
curl -k '<IP>/api/v1/cckm/azure/synchronization-jobs/{id}/cancel' -X POST -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id}
represents the synchronization job ID.
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/synchronization-jobs/2321c6fb-acde-4b94-a00b-949c85968af3/cancel' -X POST -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3 MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc 3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb2 1haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4 iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAw MDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjBjMzU3ZGFkLTRiOWUtNDYxNC04O TZmLTk4NjdkOTgzMjA2YSIsImlhdCI6MTYwMTQ2MTY2MywiZXhwIjoxNjAxNDYxOTYzfQ.Yr8elLXclrAysFbeO6deB_yFf1vl9zlbvLHJwZNotEY' --compressed
Example Response
{
"id": "2321c6fb-acde-4b94-a00b-949c85968af3",
"uri": "kylo:kylo:cckm:synchronize:2321c6fb-acde-
4b94-a00b-949c85968af3",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-09-30T10:25:47.057313Z",
"updatedAt": "2020-09-30T10:26:40.378092Z",
"overall_status": "in progress",
"detailed_status": {
"northcentralus/keyvault-softkeys::12e533dd-b5c2-
4e58-a264-0cd812dc5a34": "in progress"
},
"cloud": "AzureCloud",
"key_vaults": [
"keyvault-softkeys::12e533dd-b5c2-4e58-a264-
0cd812dc5a34"
],
"abort": true
}
The sample output shows that the abort parameter is set to true which indicates that the synchronization job (with ID (2321c6fb-acde-4b94-a00b-949c85968af3
) is canceled.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Enabling Key for Rotation Job
Use the /v1/cckm/azure/keys/{id}/enable-rotation-job
enable an Azure key for scheduled rotation job. To use this API, first create a new rotation job configuration, the job_config_id
is required to call this API. Refer to Scheduling Key Rotation for details.
Syntax
curl -k '<IP>/api/v1/cckm/azure/keys/{id}/enable-rotation-job' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "job_config_id": "<job_config_id>",\n "auto_rotate_key_source": "<key_material_source>",\n "auto_rotate_key_type": "<key_type>",\n "auto_rotate_key_size": <key_size>,\n "auto_rotate_enable_key": <boolean>\n}' --compressed
Here, {id}
represents the key ID.
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
auto_rotate_key_source | string | Source of the key material. Possible options are: • native • hsm-luna • dsm • ciphertrust |
auto_rotate_partition_id | string | ID of the partition in which the Luna HSM key will be created. |
auto_rotate_key_type | string | Type of the key. Possible options are: • RSA • EC |
job_config_id | string | Id of the scheduler job that will perform key rotation. |
auto_rotate_ec_name | string | Name of the Elliptical curve key. Required only when key_type=EC. Possible options are: • P-256 • P-384 • P-521 • SECP256K1 |
auto_rotate_enable_key | boolean | Flag to enable the newly rotated key. |
auto_rotate_key_size | integer | Size of the new rotated key. Required only when key_type=RSA. Possible options are: •2048 • 3072 • 4096 |
auto_rotate_domain_id | string | ID of the domain in which the key will be created. |
Example Request
curl -k 'https://54.175.71.61/api/v1/cckm/azure/keys/45b35f7b-b7b7-416c-a29c-4568d354fd2c/enable-rotation-job' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1NjlmZTIyMy0zZGM2LTRhZDctYjE5YS1lYjFlZTY4MDBlMzUiLCJzdWIiOiJsb2NhbHxjNjc2ZGM1Zi1iMjNjLTQ4ODgtYTZmYi05MjMwNWU3MDdkNDMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiYTlhZmY2ZGMtYTdjYy00NmJiLThiYTUtMDg3OWViZGRiZTA1Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImQ3MDY1MDhiLTllYWYtNDQ0Mi04MGY4LWM4NTA2ODBlOWUyZCIsImlhdCI6MTYwMzEwNDA4NCwiZXhwIjoxNjAzMTA0Mzg0fQ.Kp-X2Y9cb_PSJtIasz_krM6wip4s8_LTu7ozPJZ_2Hs' -H 'Content-Type: application/json' --data-binary $'{\n "job_config_id": "c7cd8d4c-6ef5-4de5-b107-2054160abb3a",\n "auto_rotate_key_source": "native",\n "auto_rotate_key_type": "RSA",\n "auto_rotate_key_size": 2048,\n "auto_rotate_enable_key": true\n}' --compressed
Example Response
{
"id": "45b35f7b-b7b7-416c-a29c-4568d354fd2c",
"uri": "kylo:kylo:cckm:azure-key:45b35f7b-b7b7-416c-a29c-4568d354fd2c",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-10-19T06:10:52.784557Z",
"updatedAt": "2020-10-19T07:04:16.520845Z",
"key_vault": "key-vault-softkeys::260ecbe7-777b-4d3c-84ea-887620498863",
"key_vault_id": "da2e6bb6-845c-4a3a-8c10-831065f6e855",
"region": "northcentralus",
"deleted": false,
"backup_at": "2020-10-19T06:10:40.371055Z",
"soft_delete_enabled": true,
"key_soft_deleted_in_azure": false,
"status": "ACTIVE",
"syncedAt": "2020-10-19T05:28:32Z",
"created_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"modified_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"version": "927bb136b2674414ac65a90660703f4f",
"key_size": 2048,
"backup": "701e44d020d44689b97c26a5de3cd6a5a05a91f8f7bd4b63998e423ef6f1b668",
"key_name": "newTestKey2048",
"cloud_name": "AzureCloud",
"azure_param": {
"key": {
"kid": "https://key-vault-softkeys.vault.azure.net/keys/newTestKey2048/927bb136b2674414ac65a90660703f4f",
"kty": "RSA",
"key_ops": [
"encrypt",
"decrypt",
"sign",
"verify",
"wrapKey",
"unwrapKey"
],
"n": "2kZsxVk8RHI5UIBm0v-LKTm3pm_jbLOqFcUe7dnYoaKXCp2XHfBad0jVu-oM8C5k8Ka_K5cVT9OQrtnfR_RptAL6SvtWzuUXiMgasovvX_Kc5cA54UtnuNO3-bHeijVWfH2VosGlf5PT0tB_nf8CAQplbWG3374YRozjxS5Ds22KSDbtli0CZiGL6v1jtBm24D-Y64PVHOBVejLDM6YesCSO1XkdMAgm7DItO04YmDoxOJcbfxLsmYN_HYvMKbqVAU4P1EeIEFmKAJ-7PbScfnW2mfAY_wTN1pe7GIfHpY1d1JoP96acYrj1k7sLuG5ZzXMEEHG711ayWVfANHJJQw",
"e": "AAAAAAABAAE"
},
"attributes": {
"recoveryLevel": "CustomizedRecoverable+Purgeable",
"enabled": true,
"created": 1603085312,
"updated": 1603085312
}
},
"azure_created_at": "2020-10-19T05:28:32Z",
"azure_updated_at": "2020-10-19T05:28:32Z",
"tenant": "d27d849e-e487-4b0e-a54c-a71e67687d10",
"labels": {
"auto_rotate_enable_key": true,
"auto_rotate_key_size": 2048,
"auto_rotate_key_source": "native",
"auto_rotate_key_type": "RSA",
"job_config_id": "c7cd8d4c-6ef5-4de5-b107-2054160abb3a"
},
"key_material_origin": "unknown",
"gone": false,
"version_count": 2
}
The sample output shows that the key (with ID 45b35f7b-b7b7-416c-a29c-4568d354fd2c
) is enabled for the scheduled key rotation.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Disabling Key for Rotation Job
Use the /v1/cckm/azure/keys/{id}/disable-rotation-job
API to disable the scheduled rotation job for an Azure key.
Syntax
curl -k '<IP>/api/v1/cckm/azure/keys/{id}/disable-rotation-job' -X POST -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id}
represents the key ID.
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://54.175.71.61/api/v1/cckm/azure/keys/45b35f7b-b7b7-416c-a29c-4568d354fd2c/disable-rotation-job' -X POST -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1NjlmZTIyMy0zZGM2LTRhZDctYjE5YS1lYjFlZTY4MDBlMzUiLCJzdWIiOiJsb2NhbHxjNjc2ZGM1Zi1iMjNjLTQ4ODgtYTZmYi05MjMwNWU3MDdkNDMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiYTlhZmY2ZGMtYTdjYy00NmJiLThiYTUtMDg3OWViZGRiZTA1Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImQ3MDY1MDhiLTllYWYtNDQ0Mi04MGY4LWM4NTA2ODBlOWUyZCIsImlhdCI6MTYwMzEwNDA4NCwiZXhwIjoxNjAzMTA0Mzg0fQ.Kp-X2Y9cb_PSJtIasz_krM6wip4s8_LTu7ozPJZ_2Hs' --compressed
Example Response
{
"id": "45b35f7b-b7b7-416c-a29c-4568d354fd2c",
"uri": "kylo:kylo:cckm:azure-key:45b35f7b-b7b7-416c-a29c-4568d354fd2c",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-10-19T06:10:52.784557Z",
"updatedAt": "2020-10-19T07:04:16.520845Z",
"key_vault": "key-vault-softkeys::260ecbe7-777b-4d3c-84ea-887620498863",
"key_vault_id": "da2e6bb6-845c-4a3a-8c10-831065f6e855",
"region": "northcentralus",
"deleted": false,
"backup_at": "2020-10-19T06:10:40.371055Z",
"soft_delete_enabled": true,
"key_soft_deleted_in_azure": false,
"status": "ACTIVE",
"syncedAt": "2020-10-19T05:28:32Z",
"created_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"modified_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"version": "927bb136b2674414ac65a90660703f4f",
"key_size": 2048,
"backup": "701e44d020d44689b97c26a5de3cd6a5a05a91f8f7bd4b63998e423ef6f1b668",
"key_name": "newTestKey2048",
"cloud_name": "AzureCloud",
"azure_param": {
"key": {
"kid": "https://key-vault-softkeys.vault.azure.net/keys/newTestKey2048/927bb136b2674414ac65a90660703f4f",
"kty": "RSA",
"key_ops": [
"encrypt",
"decrypt",
"sign",
"verify",
"wrapKey",
"unwrapKey"
],
"n": "2kZsxVk8RHI5UIBm0v-LKTm3pm_jbLOqFcUe7dnYoaKXCp2XHfBad0jVu-oM8C5k8Ka_K5cVT9OQrtnfR_RptAL6SvtWzuUXiMgasovvX_Kc5cA54UtnuNO3-bHeijVWfH2VosGlf5PT0tB_nf8CAQplbWG3374YRozjxS5Ds22KSDbtli0CZiGL6v1jtBm24D-Y64PVHOBVejLDM6YesCSO1XkdMAgm7DItO04YmDoxOJcbfxLsmYN_HYvMKbqVAU4P1EeIEFmKAJ-7PbScfnW2mfAY_wTN1pe7GIfHpY1d1JoP96acYrj1k7sLuG5ZzXMEEHG711ayWVfANHJJQw",
"e": "AAAAAAABAAE"
},
"attributes": {
"recoveryLevel": "CustomizedRecoverable+Purgeable",
"enabled": true,
"created": 1603085312,
"updated": 1603085312
}
},
"azure_created_at": "2020-10-19T05:28:32Z",
"azure_updated_at": "2020-10-19T05:28:32Z",
"tenant": "d27d849e-e487-4b0e-a54c-a71e67687d10",
"key_material_origin": "unknown",
"gone": false,
"version_count": 2
}
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.