Uploading Keys to SAP
Use the post /v1/cckm/sap/upload-key
API to upload a key from the source key to a SAP group. Specify the following details:
ID of the group where the key needs to be uploaded.
Key parameters such as description, type, name, and exportable etc.
Source key tier and source key identifier of the key to be uploaded from a key source.
Syntax
curl -k '<IP>/api/v1/cckm/sap/upload-key' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "source_key_identifier": "<source-key-identifier>",\n "source_key_tier": "<source-key-tier>",\n "group": "<sap-group-id>",\n "name": "<key-name>",\n "description": "<key description>",\n "type": "<key-type>",\n "exportable": <true|false>,\n "operations": [\n "<operation1>",\n "<operation2>"\n ]\n}' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
group | string | Name or ID of the SAP group where the key is to be created. |
name | string | Name for the key. |
operations | array of strings | List of operations allowed to the key. |
source_key_identifier | string | ID of the source key that will be uploaded to SAP. |
source_key_tier | string | Tier of the source key. The options are: • local for the CipherTrust Manager• dsm for the Data Security Manager• hsm-luna for Luna HSMThe default tier is local . |
type | string | Type of the SAP key. The type can be: • AES • RSA • EC |
description | string | Description of the key. |
exportable | boolean | Whether the key is exportable. Set to true to make the key exportable, set to false for a non-exportable key. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/sap/upload-key' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI0MmFmZDExNy02YzllLTRhNGUtOTAwYS1lYjlhNDNjYWE5ZDIiLCJzdWIiOiJsb2NhbHwzMTI5ODdkMS0wOWNiLTQxZTEtOThmNy1jZjRhNzgwNTZiMTMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNDVmOWE3NWUtMzI1NC00NWJkLWE0NzYtOWU2NWUyNjdmNGVkIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjdiYzNkOWM4LWRiYTQtNDVmMy05YWNiLWI3NGM2MzQyYzYyMCIsImlhdCI6MTYxNDc1MTg1MSwiZXhwIjoxNjE0NzUyMTUxfQ.ahdxfM7-WA4u7sotHy6qelc9MkoZytst7oZWsvE7Cr0' -H 'Content-Type: application/json' --data-binary $'{\n "source_key_identifier": "eb97abc94d3d4d9cb6325b0372dc6c7a4f6b7c81ed9b4f39b78264333b6fc18f",\n "source_key_tier": "local",\n "group": "489ac34d-3e9c-4be3-8c1c-2c383bf31461",\n "name": "AB-CM-KeyUpload",\n "description": "This is upload key from CM",\n "type": "AES",\n "exportable": true,\n "operations": [\n "ENCRYPT",\n "DECRYPT"\n ]\n}' --compressed
Example Response
{
"id": "2d8d78bf-0bdd-4a6e-9d29-3f1fe64430c2",
"uri": "kylo:kylo:cckm:sap-key:2d8d78bf-0bdd-4a6e-9d29-3f1fe64430c2",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-10-19T09:14:31.363689058Z",
"updatedAt": "2021-10-19T09:14:31.360768399Z",
"cloud_name": "sap",
"tenant": "thales-preprod",
"sap_param": {
"description": "This is upoad key",
"enabled": true,
"exportable": true,
"groupId": "3d62e129-acbf-4b3e-b1ad-e3b9779be668",
"sap_key_id": "c571aff1-bbc4-4bd3-bbc2-e74bccae0752",
"keystoreContext": {
"customerHeld": false
},
"meta": {
"created": "2021-10-19T09:14:49.623326",
"creatorId": "171cdee5-947e-4bcd-ae0b-562256624904",
"creatorName": "creator.name@xyz.com",
"imported": true,
"primaryVersion": 0,
"totalVersions": 1
},
"name": "SAPKeyUploadFromHSMLuna",
"operations": [
"DECRYPT",
"ENCRYPT"
],
"role": "UNSPECIFIED",
"size": 3072,
"type": "RSA"
},
"source_key_identifier": "001e4f76-9066-465d-a585-b43363f6ec60",
"source_key_type": "rsa",
"source_key_tier": "hsm-luna",
"cckm_group_id": "ba7e428c-e3d9-491e-a40d-3574e5fea4e3",
"backup_blob": "",
"gone": false,
"origin": "hsm-luna",
"auto_rotate": false,
"sap_application": "GENERAL",
"sap_group_name": "CCKM-Test",
"status": "AVAILABLE"
}
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.