Importing Key Material to AWS KMS
Use the post /v1/cckm/aws/keys/{id}/import-material
API to import the key material to the AWS KMS.
Syntax
Here, {id}
represents the key material ID.
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
key_expiration | boolean | Flag to disable encryption on the key which is getting rotated. |
source_key_tier | string | Tier of the source. Possible options are: • local for CipherTrust Manager (default)• dsm for Data Security Manager • external-cm for external CipherTrust Manager• hsm-luna for Luna HSM (FM-enabled Luna HSM is not supported as a key source). |
source_key_identifier | string | Name or ID of the key to be imported to the AWS KMS. • If source_key_tier is local , this is the ID of the CipherTrust Manager key to be uploaded. By default, a new CipherTrust Manager key is generated automatically.• If source_key_tier is dsm , this is the ID of the DSM key to be uploaded. source_key_identifier is a mandatory parameter.If the key material is reimported, AWS allows reimporting the same key material only. It is mandatory to provide the source_key_identifier of the same CipherTrust Manager or DSM key which was imported previously. |
valid_to | string | Key expiration time of the newly rotated key, must be formatted as per RFC3339 . |
Example Request
Example Response
The sample output shows that the key material is imported to the AWS KMS. As the key is not created on the AWS KMS, its origin is EXTERNAL
. A unique ID (40387a72-6e24-4cdd-8840-b586757c44bf
) for the imported key is returned.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.