Scheduling Key Rotation and Auto Rotation of Credentials
This section describes the APIs that are used to create job configuration and run jobs for different clouds. These APIs are used to perform the following tasks:
Creating Job Configurations (for Key Rotation and for Auto Rotation of Credentials for Specified External Custom Key Store)
Fetching List of Job Configurations
Viewing Details of Job Configurations
Updating Job Configurations
Deleting Job Configurations
Manually Running Jobs
Viewing List of Job Runs
Viewing Details of Job Runs
Deleting Job Runs
Creating Job Configurations (for Key Rotation)
Use the post /v1/scheduler/job-configs
API to create a new job configuration for key rotation.
Syntax
curl -k '<IP>/api/v1/scheduler/job-configs' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "name": "<configuration name>",\n "operation": "<operation>",\n "description": "<description>",\n "run_on": "<run on>",\n "run_at": "<time when you want to run the job>"\n "cckm_key_rotation_params": {< key rotation parameters>}\n}' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
name | string | Name of the job configuration. |
operation | string | Type of operation that can be scheduled. •For key rotation, specify cckm_key_rotation . Also, specify cckm_key_rotation_params . |
run_at | string | Time when a job will run. Specify this parameter using the cron expression format: "* * * * *" . |
cckm_key_rotation_params | JSON | Optional.Parameters for configuring a key rotation job such as cloud_name , expiration , expire_in , and rotation_after . Refer to Rotation Parameters for details. |
description | string | Description for the job configuration. |
disabled | boolean | Flag to disable job configuration. Set to true to disable the job. |
end_date | string | End date for a job configuration. The job becomes inactive at this time. Specify the value in the RFC3339 format. |
run_on | string | Node in a cluster on which the job configuration will run. Possible values are: • any : Runs the job configuration on any node.• <specific node id> : Runs the job configuration on the specified node. |
start_date | string | Time to start a job configuration. The job becomes active at this time. Specify the value in the RFC3339 format. |
Rotation Parameters
Parameter | Type | Description |
---|---|---|
cloud_name | string | Name of the cloud. The cloud name can be aws , AzureCloud , gcp , microsoft-dke , oci , sfdc , or sap . |
aws_param | json | (Applicable to the AWS cloud) Whether to retain the key alias with timestamp on the archived key after rotation. Set "retain_alias": true to retain the alias. If set to false , the alias is not retained after rotation. |
expiration | string | Expiration time of the new key that is created through rotation. If not specified, the new key material never expires. For example, if you set expiration to 6d , the key material of the new key will expire after six days of its creation. The options are:• Xd for x days• Yh for y hours |
expire_in | string | Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set expire_in to 6h . This parameter is not valid for cloud_name "gcp". The options are:• Xd for x days• Yh for y hours |
rotation_after | string | (Applicable when cloud_name is set to aws or AzureCloud .) Number of days after which the keys will be rotated. Specify Xd for x days. The first key rotation will happen after x days of key creation. Subsequent key rotations will happen after every x days of the last rotation date.For example, if you set rotation_after to 6d , the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days. |
sfdc_param | json | (Applicable to the Salesforce cloud) Salesforce specific parameters. Refer to Salesforce Parameters for details. |
Salesforce Parameters
Parameter | Type | Description |
---|---|---|
certificate_id | string | ID of the certificate whose public key will be used to encrypt the tenant secret. |
domain_id | string | (Applicable to DSM as key source) ID of the DSM domain where the key will be created to upload to Salesforce. Specify domain_id if key_source is dsm . |
key_source | string | Source of the key material. The source can be: • native • dsm • ciphertrust |
key_derivation_mode | string | Key derivation mode. The modes can be: • PBKDF2 • NONE |
key_type | array of strings | Type of the Salesforce tenant secret for which the keys will be rotated. The key type can be: • Data • EventBus • SearchIndex • DeterministicData • Analytics |
organization_id | string | ID of the Salesforce organization to which the tenant secret belongs. |
Example Request
curl -k 'https://127.0.0.1/api/v1/scheduler/job-configs' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIzMTNhMDc2ZS1kOTU4LTRjZTktYTY3Ni1lNDYyNzI1YjFhYTciLCJzdWIiOiJsb2NhbHxkNWM5Njk4Zi0xZmQ2LTRiN2MtODBhZi05YTU4ZmE0OGQzNWQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMmI0MjFhYWItNDNiNy00NzdmLTgzYjUtOTA3M2U1NGZhN2FiIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjE0YTY2YjQ0LTk3ODAtNGZlYS05MzI5LWM4YWY5NjAyNzU2MSIsImlhdCI6MTU5NTU3NTgyNywiZXhwIjoxNTk1NTc2MTI3fQ.tAZ3qiehHuvV9q8aq3a9s4stbIcVy-OHeoVnBaSlV0I' -H 'Content-Type: application/json' --data-binary $'{\n "name": "rotate AWS keys",\n "operation": "cckm_key_rotation",\n "description": "This is to rotate AWS keys",\n "run_on": "any",\n "run_at": "0 1 * * *",\n "cckm_key_rotation_params": {\n "cloud_name": "aws"\n }\n}' --compressed
Example Response
{
"id": "94f04fba-c9b2-49f9-a211-b595345ac238",
"uri": "kylo:kylo:scheduler:job_configs:94f04fba-c9b2-49f9-a211-b595345ac238",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-07-14T11:19:49.821134916Z",
"name": "rotate AWS keys",
"updatedAt": "2020-07-14T11:19:49.821134916Z",
"description": "This is to rotate AWS keys",
"operation": "cckm_key_rotation",
"run_at": "0 1 * * *",
"run_on": "any",
"job_config_params": {
"cloud_name": "aws"
}
}
The sample output shows that a job configuration is created and a unique ID (94f04fba-c9b2-49f9-a211-b595345ac238
) for the job configuration is returned.
To know more about response parameters, refer to Response Parameters.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Creating Job Configurations (for Auto Rotation of Credentials for Specified External Custom Key Store)
Use the post /v1/scheduler/job-configs
API to create a new job configuration for the auto rotation of the credential for a specified external custom key store.
Syntax
curl -k '<IP>/api/v1/scheduler/job-configs' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "name":"<configuration name>",\n "operation": "<operation>",\n "description":"<description>",\n "run_at":"<time when you want to run the job>",\n "end_date":"<end date for the job>",\n "disabled":boolean,\n "cckm_xks_credential_rotation_params":{\n "cloud_name":"<cloud name>"\n }\n}' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
name | string | Name of the job configuration. |
operation | string | Type of operation that can be scheduled. For auto rotation of the credential for a specified external custom key store, specify cckm_xks_credential_rotation . Also, specify cckm_xks_credential_rotation_params . |
run_at | string | Time when a job will run. Specify this parameter using the cron expression format: "* * * * *" . |
cckm_xks_credential_rotation_params | JSON | Parameter to enable auto rotation of the credential for a specified external custom key store. The only parameter used in this JSON is cloud_name and the only supported cloud is aws . |
description | string | Description for the job configuration. |
disabled | boolean | Flag to disable job configuration. Set to true to disable the job. |
end_date | string | End date for a job configuration. The job becomes inactive at this time. Specify the value in the RFC3339 format. |
run_on | string | Node in a cluster on which the job configuration will run. Possible values are: • any : Runs the job configuration on any node.• <specific node id> : Runs the job configuration on the specified node. |
start_date | string | Time to start a job configuration. The job becomes active at this time. Specify the value in the RFC3339 format. |
Example Request
curl -k 'https://127.0.0.1/api/v1/scheduler/job-configs' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI0ZTZkMTc2Zi02YjRhLTQ5MGItYmI1NC02OThiNDAwNWQ1Y2IiLCJzdWIiOiJsb2NhbHw3OTg3ODYwOC05ZmQ5LTQ4NmUtODU5OS1hZDJhNTQ5MDg3ZDgiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJjbGllbnRfaWQiOiI4MzdjODQwZC03NWRkLTRiNGYtYTMxOC03OWNiMTZjYTI0OGQiLCJjbGllbnRfbmFtZSI6ImFwaS1wbGF5Z3JvdW5kIiwiY2xpZW50X3R5cGUiOiJwdWJsaWMiLCJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNTQ5YjRhNjAtMTJkYS00MTYxLTk4ODAtNzlhZmU0ZmFlMTMzIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6Ijc1MDk4NzUzLTU4YzctNDg1Yi1hOGUyLTA1ZWE3ZmU4MWNkNCIsImlhdCI6MTY4Mzc0Mjc3MSwiZXhwIjoxNjgzNzQzMDcxfQ.mwqXsAGkPCCy-yqoevNZ_0pTpKkAQkmeoLAG1fZpuLg' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "name":"rotate_cckm_credential",\n "operation":"cckm_xks_credential_rotation",\n "description":"aws custom keytsore credential rotation",\n "run_at":"0/1 * * * *",\n "end_date":"2023-05-11T00:46:14.647857Z",\n "disabled":false,\n "cckm_xks_credential_rotation_params":{\n "cloud_name":"aws"\n }\n}' --compressed
Example Response
{
"id": "ff29eeec-82bf-4e15-81bb-ef7c43099203",
"uri": "kylo:kylo:scheduler:job_configs:ff29eeec-82bf-4e15-81bb-ef7c43099203",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2023-05-10T18:23:19.335240582Z",
"name": "rotate_cckm_credential",
"updatedAt": "2023-05-10T18:23:19.335240582Z",
"description": "aws custom keytsore credential rotation",
"operation": "cckm_xks_credential_rotation",
"run_at": "0/1 * * * *",
"run_on": "any",
"disabled": false,
"end_date": "2023-05-11T00:46:14.647857Z",
"job_config_params": {
"cloud_name": "aws"
}
}
The sample output shows that a job configuration for the auto rotation of the credential for a specified external custom key store is created and a unique ID (29eeec-82bf-4e15-81bb-ef7c43099203"
) for the job configuration is returned.
To know more about response parameters, refer to Response Parameters.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Fetching List of Job Configurations
Use the get /v1/scheduler/job-configs
API to view the list of job configurations for a specified account. The results can be filtered using the query parameters.
Syntax
curl -k '<IP>/api/v1/scheduler/job-configs?skip=0&limit=10' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Request Query Parameters
Parameter | Type | Description |
---|---|---|
skip | integer | Number of records to skip. For example, if "skip":5 is specified, the first five records will not be displayed in the output. |
limit | integer | Numbers of records to display. For example, if "limit":10 is specified, then the next 10 records (after skipping the number of records specified in the skip parameter) will be displayed in the output. |
sort | string | Comma-delimited list of properties to sort the results. |
name | string | Name of the job configuration. |
id | string | ID of the job configuration. |
operation | string | Name of the operation. |
disabled | string | Disabled job configuration. |
cloud_name | string | Name of the cloud. Refer to Rotation Parameters. |
expire_in | string | Period during which certain keys are going to expire. Refer to Rotation Parameters. |
createdBefore | string | Job configuration created on or before the specified time. |
createdAfter | string | Job configuration created on or after the specified time. |
Example Request
curl -k 'https://127.0.0.1/api/v1/scheduler/job-configs?skip=0&limit=10' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIzMTNhMDc2ZS1kOTU4LTRjZTktYTY3Ni1lNDYyNzI1YjFhYTciLCJzdWIiOiJsb2NhbHxkNWM5Njk4Zi0xZmQ2LTRiN2MtODBhZi05YTU4ZmE0OGQzNWQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiOWJiMmNlMmEtZmI2My00MTczLWFhOGItNTA1N2M0OTdkZTJkIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImE3M2IwM2RmLWNkMDQtNGMyMi04N2JlLWI3ZWI5OTk4MjlhNyIsImlhdCI6MTU5NTU4NDY5NywiZXhwIjoxNTk1NTg0OTk3fQ.J1abeDodJdkXcp_nIDbn__qDPg4F8xjwLbm6Wx5DOKY' --compressed
Example Response
{
"skip": 0,
"limit": 10,
"total": 2,
"resources": [
{
"id": "c574efd3-10f2-48c6-ae18-e0700ac8145e",
"uri": "kylo:kylo:scheduler:job_configs:c574efd3-10f2-48c6-ae18-e0700ac8145e",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-07-14T11:21:06.571758Z",
"name": "rotate AWS keys",
"updatedAt": "2020-07-14T11:25:24.817444Z",
"description": "rotate all AWS keys",
"operation": "cckm_key_rotation",
"run_at": "0 1 * * *",
"run_on": "any",
"job_config_params": {
"cloud_name": "aws"
}
},
{
"id": "94f04fba-c9b2-49f9-a211-b595345ac238",
"uri": "kylo:kylo:scheduler:job_configs:94f04fba-c9b2-49f9-a211-b595345ac238",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-07-14T11:19:49.821135Z",
"name": "rotate AWS keys",
"updatedAt": "2020-07-14T11:19:49.821135Z",
"description": "This is to rotate AWS keys",
"operation": "cckm_key_rotation",
"run_at": "0 1 * * *",
"run_on": "any",
"job_config_params": {
"cloud_name": "aws"
}
}
]
}
The sample output shows the list of job configurations for a specified account.
To know more about response parameters, refer to Response Parameters.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Viewing Details of Job Configurations
Use the get /v1/scheduler/job-configs/{id}
API to view the details of a job configuration with a specific ID.
Syntax
curl -k '<IP>/api/v1/scheduler/job-configs/{id}' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id}
represents the ID of the job configuration.
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/scheduler/job-configs/94f04fba-c9b2-49f9-a211-b595345ac238' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJiYzc5M2E4ZC00YWVhLTRlM2EtYWRiYy05YmRlMDhjYjE5MDYiLCJzdWIiOiJsb2NhbHw2MjgyZDZkNC0wZGI5LTRmZmEtYjc4Ny0xNzY0NTFiMmViNGQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiODI1OWFhZTEtNjkzMi00NzE2LTlhMjItNzAzZWFlNzc2MWUzIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjU4OWU2NjBjLWU1MzgtNGZmOS04MWQzLWNiMWI3MWYzZDNhYiIsImlhdCI6MTU5NDcyNjE3OCwiZXhwIjoxNTk0NzI2NDc4fQ.xzoksM7OjCC65lPg3keDS3iGnz4C6ZHFUgNlAHl7dVQ' --compressed
Example Response
{
"id": "94f04fba-c9b2-49f9-a211-b595345ac238",
"uri": "kylo:kylo:scheduler:job_configs:94f04fba-c9b2-49f9-a211-b595345ac238",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-07-14T11:19:49.821135Z",
"name": "rotate AWS keys",
"updatedAt": "2020-07-14T11:19:49.821135Z",
"description": "This is to rotate AWS keys",
"operation": "cckm_key_rotation",
"run_at": "0 1 * * *",
"run_on": "any",
"job_config_params": {
"cloud_name": "aws"
}
}
The sample output shows the details corresponding to a specific job configuration ID (94f04fba-c9b2-49f9-a211-b595345ac238
).
To know more about response parameters, refer to Response Parameters.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Updating Job Configurations
Use the patch /v1/scheduler/job-configs/{id}
API to update an existing job configuration. You can modify key rotation parameters such as aws_param
, sfdc_param
, expire_in
, and expiration
.
Syntax
curl -k '<IP>/api/v1/scheduler/job-configs/{id}' -X PATCH -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{ \n "cckm_key_rotation_params": {<key rotation parameters>}' --compressed
Here, {id}
represents the ID of the job configuration.
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
cckm_key_rotation_params | JSON | Key rotation parameters. Refer to Rotation Parameters for details. |
Rotation Parameters
Parameter | Type | Description |
---|---|---|
aws_param | json | (Applicable to the AWS cloud) Whether to retain the key alias with timestamp on the archived key after rotation. Set "retain_alias": true to retain the alias. If set to false , the alias is not retained after rotation. |
expiration | string | Expiration time of the new key that is created through rotation. If not specified, the new key material never expires. For example, if you set expiration to 6d , the key material of the new key will expire after six days of its creation. The options are:• Xd for x days• Yh for y hours |
expire_in | string | Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set expire_in to 6h . This parameter is not valid for cloud_name "gcp". The options are:• Xd for x days• Yh for y hours |
rotation_after | string | (Applicable when cloud_name is set to aws or AzureCloud .) Number of days after which the keys will be rotated. Specify Xd for x days. The first key rotation will happen after x days of key creation. Subsequent key rotations will happen after every x days of the last rotation date.For example, if you set rotation_after to 6d , the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days. |
sfdc_param | json | (Applicable to the Salesforce cloud) Salesforce specific parameters. Refer to Salesforce Parameters for details. |
Salesforce Parameters
Parameter | Type | Description |
---|---|---|
certificate_id | string | ID of the certificate whose public key will be used to encrypt the tenant secret. |
domain_id | string | (Applicable to DSM as key source) ID of the DSM domain where the key will be created to upload to Salesforce. Specify domain_id if key_source is dsm . |
key_source | string | Source of the key material. The source can be: • native • dsm • ciphertrust |
key_derivation_mode | string | Key derivation mode. The modes can be: • PBKDF2 • NONE |
key_type | array of strings | Type of the Salesforce tenant secret for which the keys will be rotated. The key type can be: • Data • EventBus • SearchIndex • DeterministicData • Analytics |
organization_id | string | ID of the Salesforce organization to which the tenant secret belongs. |
Example Request
curl -k 'https://127.0.0.1/api/v1/scheduler/job-configs/94f04fba-c9b2-49f9-a211-b595345ac238' -X PATCH -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJiYzc5M2E4ZC00YWVhLTRlM2EtYWRiYy05YmRlMDhjYjE5MDYiLCJzdWIiOiJsb2NhbHw2MjgyZDZkNC0wZGI5LTRmZmEtYjc4Ny0xNzY0NTFiMmViNGQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiODI1OWFhZTEtNjkzMi00NzE2LTlhMjItNzAzZWFlNzc2MWUzIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjU4OWU2NjBjLWU1MzgtNGZmOS04MWQzLWNiMWI3MWYzZDNhYiIsImlhdCI6MTU5NDcyNjE3OCwiZXhwIjoxNTk0NzI2NDc4fQ.xzoksM7OjCC65lPg3keDS3iGnz4C6ZHFUgNlAHl7dVQ' -H 'Content-Type: application/json' --data-binary $'{ \n "cckm_key_rotation_params": {\n "expire_in": "2d"\n }\n}' --compressed
Example Response
{
"id": "94f04fba-c9b2-49f9-a211-b595345ac238",
"uri": "kylo:kylo:scheduler:job_configs:94f04fba-c9b2-49f9-a211-b595345ac238",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-07-14T11:19:49.821135Z",
"name": "rotate AWS keys",
"updatedAt": "2020-07-14T11:19:49.821135Z",
"description": "This is to rotate AWS keys",
"operation": "cckm_key_rotation",
"run_at": "0 1 * * *",
"run_on": "any",
"job_config_params": {
"expire_in": "2d",
"cloud_name": "aws"
}
The sample output shows that the expire_in
parameter is modified to 2d
which means that the scheduler will rotate all the keys that will expire in 2 days.
To know more about response parameters, refer to Response Parameters.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Deleting Job Configurations
Use the delete /v1/scheduler/job-configs/{id}
API to delete a job configuration.
Syntax
curl -k 'https://<IP>/api/v1/scheduler/job-configs/{id}' -X DELETE -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id}
represents the ID of the job configuration.
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/scheduler/job-configs/94f04fba-c9b2-49f9-a211-b595345ac238' -X DELETE -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJiYzc5M2E4ZC00YWVhLTRlM2EtYWRiYy05YmRlMDhjYjE5MDYiLCJzdWIiOiJsb2NhbHw2MjgyZDZkNC0wZGI5LTRmZmEtYjc4Ny0xNzY0NTFiMmViNGQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiODI1OWFhZTEtNjkzMi00NzE2LTlhMjItNzAzZWFlNzc2MWUzIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjU4OWU2NjBjLWU1MzgtNGZmOS04MWQzLWNiMWI3MWYzZDNhYiIsImlhdCI6MTU5NDcyNjE3OCwiZXhwIjoxNTk0NzI2NDc4fQ.xzoksM7OjCC65lPg3keDS3iGnz4C6ZHFUgNlAHl7dVQ' --compressed
Example Response
{
"status": 204
}
The sample output shows that the job configuration is deleted successfully and "status": 204
is returned in response.
Manually Running Jobs
Use the post /v1/scheduler/job-configs/{id}/run-now API
to manually run a job when needed.
Syntax
curl -k '<IP>/api/v1/scheduler/job-configs/{id}/run-now' -X POST -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id}
represents the ID of the job configuration.
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/scheduler/job-configs/94f04fba-c9b2-49f9-a211-b595345ac238/run-now' -X POST -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJiYzc5M2E4ZC00YWVhLTRlM2EtYWRiYy05YmRlMDhjYjE5MDYiLCJzdWIiOiJsb2NhbHw2MjgyZDZkNC0wZGI5LTRmZmEtYjc4Ny0xNzY0NTFiMmViNGQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiODI1OWFhZTEtNjkzMi00NzE2LTlhMjItNzAzZWFlNzc2MWUzIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjU4OWU2NjBjLWU1MzgtNGZmOS04MWQzLWNiMWI3MWYzZDNhYiIsImlhdCI6MTU5NDcyNjE3OCwiZXhwIjoxNTk0NzI2NDc4fQ.xzoksM7OjCC65lPg3keDS3iGnz4C6ZHFUgNlAHl7dVQ' --compressed
Example Response
{
"job_id": "a858090b-fd49-46ad-a775-f0936c3d7cbc",
"job_config_id": "94f04fba-c9b2-49f9-a211-b595345ac238"
}
This API creates a new job and waits for the job to be posted on the job queue. A "job_id"
is returned if the job is posted within about 30 seconds.
To know more about response parameters, refer to Response Parameters.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Viewing List of Job Runs
Use the get /v1/scheduler/jobs
API to view the list of job runs for the logged in account. You can view the results of jobs executed in the past, including status and error count.
Syntax
curl -k '<IP>/api/v1/scheduler/jobs?skip=0&limit=10' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Request Query Parameters
Parameter | Type | Description |
---|---|---|
skip | integer | Number of records to skip. For example, if "skip":5 is specified, the first five records will not be displayed in the output. |
limit | integer | Numbers of records to display. For example, if "limit":10 is specified, then the next 10 records (after skipping the number of records specified in the skip parameter) will be displayed in the output. |
sort | string | Comma-delimited list of properties to sort the results. |
id | string | ID of the scheduler job. |
name | string | Name of the job configuration. |
account | string | Name of the logged in account. |
job_config_id | string | ID of the job configuration. |
operation | string | Name of the operation. |
status | string | Status of the job run. |
createdBefore | string | Jobs created on or before the specified time. |
createdAfter | string | Jobs created on or after the specified time. |
processing_node | string | Node or IP address on which the job is run. |
Example Request
curl -k 'https://127.0.0.1/api/v1/scheduler/jobs?skip=0&limit=10' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIyYWUwY2UxMy1lYzFhLTRiYmYtYTA5Yi02MDYzYzdkNjZiNzMiLCJzdWIiOiJsb2NhbHxmMjYyYTc5MS0wYzgyLTQ2MTYtOGJlNi0xMDhjYzFlNzI2MDEiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMThjM2Q2NDAtN2Q2NS00NjdjLTk3ZmQtN2ZkODY4NDVlMzNiIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImQ3ODQ0NDQxLTViOWItNDQzYy05NThiLWQ3ZGQ3MjJiNjFmYSIsImlhdCI6MTU5NTMyOTQxMywiZXhwIjoxNTk1MzI5NzEzfQ.n3fk1Ft70G695YM8I0cUb3InItuPCqP1AhrbzxkHpfM' --compressed
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "a858090b-fd49-46ad-a775-f0936c3d7cbc",
"uri": "kylo:kylo:scheduler:jobs:a858090b-fd49-46ad-a775-f0936c3d7cbc",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-07-21T09:59:43.258025Z",
"name": "rotate aws keys",
"updatedAt": "2020-07-21T10:00:05.297503Z",
"job_config_id": "94f04fba-c9b2-49f9-a211-b595345ac238",
"description": "This is to rotate aws keys",
"operation": "cckm_key_rotation",
"job_config_params": {
"cloud_name": "aws"
},
"enqueued_at": "2020-07-21T09:59:43.25751Z",
"status": "completed",
"processing_node": "local-node",
"details": {
"job_id": "a858090b-fd49-46ad-a775-f0936c3d7cbc",
"job_config_id": "94f04fba-c9b2-49f9-a211-b595345ac238",
"name": "rotate aws keys",
"operation": "cckm_key_rotation",
"status": "completed",
"details": {
"total_keys": 6,
"num_rotated": 6
}
}
}
]
}
The sample output shows the list of jobs for a logged in account.
To know more about response parameters, refer to Response Parameters.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Viewing Details of Job Runs
Use the get /v1/scheduler/jobs/{id}
API to view details of a specific job run.
Syntax
curl -k '<IP>/api/v1/scheduler/jobs/{id}' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id}
represents the ID of the scheduler job.
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/scheduler/jobs/a858090b-fd49-46ad-a775-f0936c3d7cbc' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJiYzc5M2E4ZC00YWVhLTRlM2EtYWRiYy05YmRlMDhjYjE5MDYiLCJzdWIiOiJsb2NhbHw2MjgyZDZkNC0wZGI5LTRmZmEtYjc4Ny0xNzY0NTFiMmViNGQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiODI1OWFhZTEtNjkzMi00NzE2LTlhMjItNzAzZWFlNzc2MWUzIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjU4OWU2NjBjLWU1MzgtNGZmOS04MWQzLWNiMWI3MWYzZDNhYiIsImlhdCI6MTU5NDcyNjE3OCwiZXhwIjoxNTk0NzI2NDc4fQ.xzoksM7OjCC65lPg3keDS3iGnz4C6ZHFUgNlAHl7dVQ' --compressed
Example Response
{
"id": "a858090b-fd49-46ad-a775-f0936c3d7cbc",
"uri": "kylo:kylo:scheduler:jobs:a858090b-fd49-46ad-a775-f0936c3d7cbc",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-07-21T09:59:43.258025Z",
"name": "rotate aws keys",
"updatedAt": "2020-07-21T10:00:05.297503Z",
"job_config_id": "94f04fba-c9b2-49f9-a211-b595345ac238",
"description": "This is to rotate aws keys",
"operation": "cckm_key_rotation",
"job_config_params": {
"cloud_name": "aws"
},
"enqueued_at": "2020-07-21T09:59:43.25751Z",
"status": "completed",
"processing_node": "local-node",
"details": {
"job_id": "a858090b-fd49-46ad-a775-f0936c3d7cbc",
"job_config_id": "94f04fba-c9b2-49f9-a211-b595345ac238",
"name": "rotate aws keys",
"operation": "cckm_key_rotation",
"status": "completed",
"details": {
"total_keys": 6,
"num_rotated": 6
}
}
}
The sample output shows the details corresponding to a specific job ID (a858090b-fd49-46ad-a775-f0936c3d7cbc
).
To know more about response parameters, refer to Response Parameters.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Deleting Job Runs
Use the delete /v1/scheduler/jobs/{id}
API to delete a job run.
Syntax
curl -k '<IP>/api/v1/scheduler/jobs/{id}' -X DELETE -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id}
represents the ID of the scheduler job.
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/scheduler/jobs/a858090b-fd49-46ad-a775-f0936c3d7cbc' -X DELETE -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJiYzc5M2E4ZC00YWVhLTRlM2EtYWRiYy05YmRlMDhjYjE5MDYiLCJzdWIiOiJsb2NhbHw2MjgyZDZkNC0wZGI5LTRmZmEtYjc4Ny0xNzY0NTFiMmViNGQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiODI1OWFhZTEtNjkzMi00NzE2LTlhMjItNzAzZWFlNzc2MWUzIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjRjYzQ4Y2I1LTRjMGQtNGZiOS1hMmE1LTg4Njg3ZDE1YzQ4MyIsImlhdCI6MTU5NDcyNjU1MSwiZXhwIjoxNTk0NzI2ODUxfQ.Nx2JsU7eD1QUdPOxE94DbCuWBjh9N5a6c96oVpnaKLs' --compressed
Example Response
{
"status": 204
}
The sample output shows that the job is deleted successfully and "status": 204
is returned in response.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.