Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Google Cloud Key APIs

Creating a Google Cloud Key

search

Please Note:

Creating a Google Cloud Key

Use the post /v1/cckm/google/keys API to create a new Google Cloud key.

Syntax

curl -k '<IP>/api/v1/cckm/google/keys' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n  "key_ring": "<key-ring-name>",\n  "gcp_key_params": {\n    "gcp_key_params"\n  }\n}' --compressed

Request Parameters

ParameterTypeDescription
AUTHTOKENstringAuthorization token.
gcp_key_paramsJSONParameters to specify properties of the Google Cloud key. Refer to Google Cloud Key Parameters for details.
key_ringstringID or resource URL of the Google Cloud key ring where the key is to be created.

Google Cloud Key Parameters

ParameterTypeDescription
algorithmstringAlgorithm for the Google Cloud key. The supported algorithms are:
• RSA_SIGN_PSS_2048_SHA256
• RSA_SIGN_PSS_3072_SHA256
• RSA_SIGN_PSS_4096_SHA256
• RSA_SIGN_PSS_4096_SHA512
• RSA_SIGN_PKCS1_2048_SHA256
• RSA_SIGN_PKCS1_3072_SHA256
• RSA_SIGN_PKCS1_4096_SHA256
• RSA_SIGN_PKCS1_4096_SHA512
• RSA_DECRYPT_OAEP_2048_SHA256
• RSA_DECRYPT_OAEP_3072_SHA256
• RSA_DECRYPT_OAEP_4096_SHA256
• RSA_DECRYPT_OAEP_4096_SHA512
• EC_SIGN_P256_SHA256
• EC_SIGN_P384_SHA384
• EC_SIGN_SECP256K1_SHA256 (Only for protection level, HSM)
• GOOGLE_SYMMETRIC_ENCRYPTION
key_namestringName for the Google Cloud key.
protection_levelstringProtection level for the Google Cloud key. The options are:
• SOFTWARE
• HSM
purposestringPurpose of the Google Cloud key. The options are:
• ENCRYPT_DECRYPT
• ASYMMETRIC_SIGN
• ASYMMETRIC_DECRYPT

Note

labels|string of JSON|Labels (tags) attached to the Google Cloud key in the form of key-value JSON pairs, for example, "isakey": "yes". For Google label requirements, refer to Google Cloud requirements for labels.

next_rotation_time|string|Time when the Google Cloud key will be automatically rotated by Google Cloud KMS (symmetric key only). The time must be in the RFC3339 format, for example, "2022-07-31T17:18:37.085Z". rotation_period|string| (Symmetric keys only) Frequency at which the Google Cloud key will be automatically rotated by Google Cloud KMS. The frequency must be in the format "<duration>s", that is, duration in seconds terminated by s, for example, "360000s".

Example Request

curl -k 'https://127.0.0.1/api/v1/cckm/google/keys' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI0MmFmZDExNy02YzllLTRhNGUtOTAwYS1lYjlhNDNjYWE5ZDIiLCJzdWIiOiJsb2NhbHwzMTI5ODdkMS0wOWNiLTQxZTEtOThmNy1jZjRhNzgwNTZiMTMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNDVmOWE3NWUtMzI1NC00NWJkLWE0NzYtOWU2NWUyNjdmNGVkIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjdiYzNkOWM4LWRiYTQtNDVmMy05YWNiLWI3NGM2MzQyYzYyMCIsImlhdCI6MTYxNDc1MTg1MSwiZXhwIjoxNjE0NzUyMTUxfQ.ahdxfM7-WA4u7sotHy6qelc9MkoZytst7oZWsvE7Cr0' -H 'Content-Type: application/json' --data-binary $'{\n  "key_ring": "projects/gemalto-kyloeng/locations/global/keyRings/ny-test-ring",\n  "gcp_key_params": {\n    "key_name": "NewTestKey",\n    "purpose": "ENCRYPT_DECRYPT",\n    "protection_level": "SOFTWARE",\n    "algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",\n    "labels": {\n      "isakey": "yes"\n    }\n  }\n}' --compressed

Example Response

{
    "id": "2f18eade-2fd9-4c48-85f7-550107729299",
    "uri": "kylo:kylo:cckm:gcp-keys:2f18eade-2fd9-4c48-85f7-550107729299",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-05-04T11:29:39.90657103Z",
    "updatedAt": "2021-05-04T11:29:39.90537929Z",
    "cloud_name": "gcp",
    "key_id": "NewTestKey",
    "project_id": "gemalto-kyloeng",
    "location_id": "global",
    "key_ring_id": "ny-test-ring",
    "key_ring_name": "projects/gemalto-kyloeng/locations/global/keyRings/ny-test-ring",
    "gone": false,
    "auto_rotate": false,
    "status": "AVAILABLE",
    "gcp_params": {
        "name": "projects/gemalto-kyloeng/locations/global/keyRings/ny-test-ring/cryptoKeys/NewTestKey",
        "primary": "projects/gemalto-kyloeng/locations/global/keyRings/ny-test-ring/cryptoKeys/NewTestKey/cryptoKeyVersions/1",
        "createTime": "2021-05-04T11:29:40.551270629Z",
        "labels": {
            "isakey": "yes"
        },
        "purpose": "ENCRYPT_DECRYPT",
        "next_rotation_time": null,
        "protectionLevel": "SOFTWARE",
        "algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION"
    }
}

The sample output shows that a new Google Cloud key with the resource ID 2f18eade-2fd9-4c48-85f7-550107729299 is created. This ID is used to view, update, and delete a Google Cloud key and add and view its versions.

Response Codes

Response CodeDescription
2xxSuccess
4xxClient errors
5xxServer errors

Refer to HTTP status codes for details.

On this page