Uploading Keys to OCI
Use the post /v1/cckm/oci/upload-key
API to upload a key from a key source to an OCI vault. Specify the following details.
ID of the vault where the key needs to be uploaded.
Key parameters such as description, protection mode, and name etc.
Source key tier.
Source key identifier of the key to be uploaded from a key source.
Supported key algorithms and sizes.
CM (AES128, AES192, AES256, RSA2048, RSA3072, RSA4096)
DSM (AES128, AES256, RSA2048, RSA3072, RSA4096)
HSM LUNA (AES128, AES192, AES256, RSA2048, RSA3072, RSA4096)
Syntax
curl -k '<IP>/api/v1/cckm/oci/upload-key' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "compartment_id": "<compartment-id>",\n "source_key_identifier": "<source-key-identifier>",\n "source_key_tier": "<source-key-tier>",\n "vault": "oci-vault-id",\n "name": "<key-name>",\n "protection_mode": "<HSM|SOFTWARE>"\n}' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
compartment_id | string | ID of the Oracle compartment where the key vault resides. |
name | string | Name for the key. |
protection_mode | string | Protection mode of the key. A protection mode specifies where your Master Encryption Keys (MEKs) are stored and processed - either in the HSM or in the SOFTWARE. |
source_key_identifier | string | ID of the key that will be uploaded from a key source to OCI. |
source_key_tier | string | Key source from where the key will be uploaded. The options are: • local for the CipherTrust Manager• dsm for the Data Security Manager• hsm-luna for Luna HSMThe default tier is local . |
vault | string | ID of the OCI vault where the key is to be created. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/upload-key' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIxYzU1ZWY0Yi01MThjLTQ5ZmMtODRmMy1mYjk4MGY4YTQ3ODQiLCJzdWIiOiJsb2NhbHwyZjBmZWViNC02MjkwLTQ4ZWQtYmU1Yy0wYmU4NTVkMzE4NzMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiODU3ZDEyYjItNjljZi00OWY1LThkYjktMjI0NWMwODNiODg5Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjQ4MGI4NmU0LWI2NTgtNGE3OC05N2NkLTk1OWY0OWNmMmM0NSIsImlhdCI6MTY0Mzg2MzU2MywiZXhwIjoxNjQzODYzODYzfQ.RQ3jtVuxiPWCxM6SNC9GEzfq0mmMvO-efLgq8BeA95k' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "source_key_identifier": "8ad3eeb3ce184a9897fb1b8204f7e6958b6184d189734279af002ab494ab17f5",\n "compartment_id": "ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audpd4d4mcf5zluymff6sq",\n "source_key_tier": "local",\n "vault": "39166a6e-a6ae-4e6f-9c14-ec0b423fd306",\n "name": "KeyUploadpkv",\n "protection_mode": "SOFTWARE"\n}' --compressed
Example Response
{
"id": "ae15ab65-b579-4cee-a9fa-3926bd3b3d19",
"uri": "kylo:kylo:cckm:oci-key:ae15ab65-b579-4cee-a9fa-3926bd3b3d19",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-02-03T04:51:03.036036548Z",
"updatedAt": "2022-02-03T04:51:03.034873002Z",
"cloud_name": "oci",
"vault_id": "39166a6e-a6ae-4e6f-9c14-ec0b423fd306",
"tenancy": "gemaltoproductdev",
"region": "us-ashburn-1",
"key_material_origin": "cckm",
"oci_params": {
"compartment_id": "ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audpd4d4mcf5zluymff6sq",
"current_key_version": "ocid1.keyversion.oc1.iad.bzq26sunaaeuk.avaimh5v6mqaa.abuwcljs52vmu6pjycqvenhiv2a5gsjkkkkspei3veo3w3vmf7syghkerrga",
"display_name": "KeyUploadpkv",
"key_id": "ocid1.key.oc1.iad.bzq26sunaaeuk.abuwcljs3pnuin2f2kpy3glyl6erdzpon2xssiqdy6hgksvinwgynrkj2dda",
"algorithm": "AES",
"length": 32,
"lifecycle_state": "CREATING",
"time_created": "2022-02-03T04:51:01.728Z",
"vault_name": "CCKM-Testing",
"defined_tags": {},
"freeform_tags": {},
"protection_mode": "SOFTWARE",
"is_primary": true
}
}
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.