Key Life Cycle Management APIs
This section describes the CCKM Key Life Cycle Management APIs for AWS. Before proceeding, you must have an AWS account added to the CCKM.
These APIs are used to perform the following tasks:
Common ID Parameters
While managing AWS keys using the API or CLI, you might notice a number of key-related parameters such as id
, uri
, and local_key_name
are displayed in the output.
As part of key generation, a CipherTrust Data Security Platform Service resource and a cloud resource are generated in CCKM. The information received from these resources is merged into one. The following table lists some sample resources and defines them.
Parameter | Description |
---|---|
"id": "89dfabc2-ae71-4c9f-b242-c87f9b2a9660" | ID of the resource on the CipherTrust Data Security Platform Service. This id is internal to CipherTrust Data Security Platform Service and is not visible on the CipherTrust Data Security Platform Service GUI. The REST APIs to get/list keys also do not return this information. |
"uri": "kylo:kylo:cckm:aws-key:89dfabc2-ae71-4c9f-b242-c87f9b2a9660" | URI of the CipherTrust Data Security Platform Service resource. |
"local_key_id": "c82b792a634d4eb38738db52d45ba43d3fc95256064b4788889fa11ee29c85fb" | ID of the CipherTrust Data Security Platform Service source key that was uploaded to the AWS cloud when creating the key. |
"local_key_name": "cckm/aws/thalescryptolabs/use1/demo/s3/aes256" | Label of the CipherTrust Data Security Platform Service source key that was uploaded to the AWS cloud when creating the key. |
"Arn": "arn:aws:kms:us-east-1:771663151343:key/6c195996-191f-40cf-81e7-eee328d40d0b" | Amazon Resource Name (ARN) of the KMS key. Refer to AWS Key Management Service (AWS KMS) for examples. The Arn parameter is displayed under aws_params , which indicates the parameter is from the AWS cloud. |
"KeyID": "6c195996-191f-40cf-81e7-eee328d40d0b" | ID of the key in AWS KMS. |