Fetching List of AWS Keys
Use the get /v1/cckm/aws/keys
API to view the list of the AWS keys. The results can be filtered using the query parameters.
Syntax
curl -k '<IP>/api/v1/cckm/aws/keys?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Request Query Parameters
Parameter | Type | Description |
---|---|---|
id | string | Internal ID of the AWS key. |
keyid | string | ID of the AWS key. |
arn | string | Amazon Resource Name (ARN) of the key. |
alias | string | Alias of the key. |
kms | string | Name of the AWS KMS. |
kms_id | string | ID of the AWS KMS. |
region | string | Region name. |
cloud_name | string | Cloud name. |
origin | string | Source of the AWS customer master key (CMK) key material. The key origin cannot be changed. The origin of the key can be: • AWS_KMS • EXTERNAL |
job_config_id | string | ID of the scheduler configuration job. |
cckm_policy_template_id | string | ID of the policy template applied to the key. |
enabled | boolean | Fetches the enabled keys. |
gone | boolean | Fetches keys based on their existence in the cloud. |
tags | string | Fetches the keys based on valid tag values. |
keystate | string | State of the AWS key. |
keyusage | string | Usage of the AWS key. |
rotation_job_enabled | boolean | Fetches the key based on the rotation job status. |
CustomerMasterKeySpec | string | Fetches keys based on CustomerMasterKeySpec. |
key_material_origin | string | Source of the key material. The origin of the key can be: • cckm: Key material is created on CCKM. • native: Key material is created on the AWS cloud. • unknown: Source of the key material is unknown. It is different than CCKM and the native cloud. |
key_source | string | Name of the key material source - LOCAL (CipherTrust Manager). |
multi_region | boolean | Whether the key is a multi-region key. Specify true for a multi-region key, false for a single-region key. |
multi_region_key_type | string | Type of the multi-region key, PRIMARY or REPLICA. |
skip | integer | Number of records to skip. For example, if "skip":5 is specified, the first five records will not be displayed in the output. |
limit | integer | Numbers of records to display. For example, if "limit":10 is specified, then the next 10 records (after skipping the number of records specified in the skip parameter ) will be displayed in the output. |
sort | string | Comma-delimited list of properties to sort the results. |
blocked | boolean | Fetches keys based on the block state. |
custom_key_store_id | string | Fetches keys based on the custom key store id. |
custom_key_store_name | string | Fetches keys based on the custom key store name. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/aws/keys?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJjNWMwZGJlNC1lMmJmLTQ3M2MtODY4MC01NWVkMWIzMDEzMmEiLCJzdWIiOiJsb2NhbHxhNjdjMzc0OC05YTRiLTRhZGQtYjNkOS0wNTRiYTIwYmUzYWMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMDhkNDI5ZjktNDgzYi00ODdlLWJjOTQtNGE1Mjc2ZDI2ZjZjIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImU5YWUwYTI3LWVlYjQtNGNhZi04YjE4LTdhNzIzMDBkOTA0MCIsImlhdCI6MTYwNDU1ODEzOCwiZXhwIjoxNjA0NTU4NDM4fQ.MIMArFeC4cpPNTYOd39mu6_-yihdN0CDl_917eH8-kY' --compressed
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "baf58871-2503-4d13-a84a-339aeb8fdfaf",
"uri": "kylo:kylo:cckm:aws-key:baf58871-2503-4d13-a84a-339aeb8fdfaf",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-11-05T06:35:42.443457Z",
"updatedAt": "2020-11-05T06:35:42.441822Z",
"kms_id": "0b90f8de-8617-498d-ad63-ca18eb717ae7",
"kms": "kms",
"synced_at": "2020-11-05T06:35:42.438074Z",
"rotation_status": "",
"cloud_name": "aws",
"key_type": "symmetric",
"basic_view_enabled": false,
"region": "ap-south-1",
"gone": false,
"key_material_origin": "native",
"aws_param": {
"AWSAccountId": "123456789012",
"Arn": "arn:aws:kms:ap-south-1:123456789012:key/623321f4-a7d4-4d52-89bf-a9f26a29360e",
"CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
"Enabled": true,
"EncryptionAlgorithms": [
"SYMMETRIC_DEFAULT"
],
"KeyID": "623321f4-a7d4-4d52-89bf-a9f26a29360e",
"KeyManager": "CUSTOMER",
"KeyState": "Enabled",
"KeyUsage": "ENCRYPT_DECRYPT",
"Origin": "AWS_KMS",
"CreationDate": "2020-11-05T06:35:29Z",
"Policy": {
"Id": "key-default-1",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Enable IAM User Permissions",
"Action": "kms:*",
"Effect": "Allow",
"Resource": "*",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
}
}
]
},
"Alias": [
"alias/aws-test-key"
],
"Tags": [
{
"TagKey": "key",
"TagValue": "value"
}
],
"KeyRotationEnabled": false
}
}
]
}
The sample output shows the list of the AWS keys.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.