Reference
CCKM API
- AWS APIs
  - AWS Custom Key Store APIs
  - AWS KMS Management APIs
  - Key Life Cycle Management APIs
    - Creating AWS Keys on CCKM
    - Fetching List of AWS Keys
    - Viewing Details of AWS Keys
    - Deleting AWS Keys from CCKM
    - Downloading Keys Created on AWS to CCKM
    - Synchronizing AWS Keys
    - Viewing Synchronization Status
    - Aborting Synchronization Jobs
    - Viewing Details of Synchronization Jobs
    - Uploading Keys to AWS KMS
    - Importing Key Material to AWS KMS
    - Deleting Imported Key Material
    - Scheduling Key Deletion
    - Canceling Deletion of Keys
    - Updating Key Policy
    - Updating Key Description
    - Enabling AWS Keys
    - Disabling AWS Keys
    - Adding Tags to AWS Keys
    - Removing Tags from AWS Keys
    - Adding Alias to AWS Keys
    - Deleting Alias from AWS Keys
    - Verifying Alias on AWS KMS
    - Enabling Key for Rotation Job
    - Disabling Key for Rotation Job
    - Enabling Automatic Key Rotation
    - Disabling Automatic Key Rotation
    - Rotating Keys on AWS KMS
    - Replicating Multi-Region AWS Keys
    - Changing the Primary Key of a Multi-Region AWS Key
    - Creating a Bulk Job
    - Viewing the List of Bulk Jobs
    - Viewing Details of a Bulk Job
    - Canceling a Bulk Job
  - Policy Template Management APIs
  - AWS Reports APIs
  - Response Parameters of AWS KMS Management APIs
  - Response Parameters of Key Life Cycle Management APIs
- Azure APIs
  - Subscription APIs
  - Vault Management APIs
  - Key Life Cycle Management APIs
    - Creating Azure Keys
    - Fetching List of Azure Keys
    - Viewing Details of Azure Keys
    - Updating Key Parameters
    - Deleting Keys from CCKM
    - Refreshing an Azure Key
    - Soft-Deleting Azure Keys
    - Purging Azure Keys
    - Uploading Keys to Azure Key Vault
    - Downloading Keys Created on Azure Vault to CCKM
    - Synchronizing Azure Keys
    - Viewing Synchronization Status
    - Viewing Details of Synchronization Jobs
    - Aborting Synchronization Jobs
    - Enabling Key for Rotation Job
    - Disabling Key for Rotation Job
    - Enabling Key for Backup Job
    - Disabling Key for Backup Job
  - Azure Secrets Management APIs
    - Creating Azure Secrets
    - Fetching List of Azure Secrets
    - Viewing Details of Azure Secrets
    - Updating Attributes of Azure Secrets
    - Deleting Azure Secrets with Backup from CCKM
    - Soft-Deleting Azure Secrets
    - Recovering Soft-Deleted Azure Secrets
    - Purging Azure Secrets
    - Restoring Deleted Azure Secrets
    - Synchronizing Azure Secrets
    - Viewing Synchronization Status
    - Viewing Details of Synchronization Jobs
    - Canceling Synchronization Jobs
  - Azure Certificates Management APIs
    - Creating Azure Certificates
    - Fetching List of Azure Certificates
    - Viewing Details of Azure Certificates
    - Updating Attributes of Azure Certificates
    - Deleting Azure Certificates with Backup from CCKM
    - Soft-Deleting Azure Certificates
    - Recovering Soft-Deleted Azure Certificates
    - Purging Azure Certificates
    - Restoring Deleted Azure Certificates
    - Synchronizing Azure Certificates
    - Viewing Synchronization Status
    - Viewing Details of Synchronization Jobs
    - Canceling Synchronization Jobs
    - Importing Azure Certificates
  - Disaster Management APIs
  - Azure Reports APIs
  - Azure Bulk Job Management APIs
    - Creating Azure Bulk Job
    - Fetching List of Azure Bulk Jobs
    - Viewing Details of an Azure Bulk Job
    - Canceling an Azure Bulk Job
    - Deleting an Azure Bulk Job
  - Response Parameters of Azure Vault Management APIs
  - Response Parameters of Key Life Cycle Management APIs
- Google Cloud APIs
  - Google Cloud Project APIs
    - Fetching a Project from Google Cloud
    - Viewing Google Cloud Projects
    - Adding Google Cloud Projects
    - Viewing Details of a Google Cloud Project
    - Deleting a Google Cloud Project
  - Google Cloud Key Ring APIs
    - Getting Google Cloud Key Rings
    - Adding Google Cloud Key Rings
    - Listing Google Cloud Key Rings
    - Viewing Details of a Google Cloud Key Ring
    - Updating a Google Cloud Key Ring
    - Granting Permissions to Users or Groups
    - Deleting Google Cloud Key Rings
  - Google Cloud Key APIs
    - Creating a Google Cloud Key
    - Viewing Google Cloud Keys
    - Getting Details of a Google Cloud Key
    - Updating a Google Cloud Key
    - Viewing Versions of a Google Cloud Key
    - Adding a Version to a Google Cloud Key
    - Viewing Details of a Google Cloud Key Version
    - Refreshing Details of a Google Cloud Key Version
    - Refreshing Details of Google Cloud Key and All Its Versions
    - Updating All Versions of a Google Cloud Key
    - Viewing Details of an Update All Versions Operation
    - Enabling a Version of a Google Cloud Key
    - Disabling a Version of a Google Cloud Key
    - Scheduling Destruction of a Google Cloud Key Version
    - Canceling Scheduled Destruction of a Google Cloud Key Version
    - Re-importing a Google Cloud Key Version
    - Downloading Public Key for an Asymmetric Version
    - Uploading a New Key to Google Cloud
    - Synchronizing Google Cloud Keys
    - Viewing Synchronization Status
    - Viewing Details of a Synchronization Job
    - Canceling a Synchronization Job
    - Enabling Auto Rotation of Google Cloud Keys
    - Disabling Auto Rotation of Google Cloud Keys
  - Google Cloud Location API
  - Google Cloud Report APIs
- Google Cloud EKM APIs
- Microsoft DKE APIs
  - Creating DKE Endpoints
  - Fetching List of DKE Endpoints
  - Viewing Details of a DKE Endpoint
  - Updating a DKE Endpoint
  - Deleting a DKE Endpoint
  - Rotating a DKE Endpoint
  - Enabling DKE Endpoint
  - Disabling DKE Endpoint
  - Enabling Key-Rotation Schedule for DKE Endpoint
  - Disabling Key-Rotation Schedule for DKE Endpoint
  - Archiving a DKE Endpoint
  - Recovering a DKE Endpoint
  - Creating DKE Authorized Tenants
  - Viewing Details of a DKE Authorized Tenant
  - Fetching List of DKE Authorized Tenants
  - Updating a DKE Authorized Tenant
  - Deleting a DKE Authorized Tenant
  - Fetching List of DKE Roles
- SAP APIs
  - SAP Applications API
  - SAP Groups APIs
    - Fetching List of Groups from SAP
    - Managing Permissions on SAP Users or Groups
    - Adding SAP Groups
    - Viewing SAP Groups Added to CipherTrust Manager
    - Viewing Details of SAP Groups
    - Updating Connection of SAP Groups
    - Deleting a SAP Group
    - Fetching the Group Service Connectability Parameters from SAP
  - SAP Keys APIs
    - Creating SAP Key
    - Fetching SAP Keys
    - Getting Details of a SAP Key
    - Updating SAP Key Attributes
    - Deleting a SAP Key Backup from CCKM
    - Deleting a Key from SAP
    - Deleting a SAP Key
    - Adding SAP Key Version
    - Viewing SAP Key Versions
    - Getting Details of a SAP Key Version
    - Synchronizing SAP Keys
    - Updating a SAP Key Version
    - Viewing Synchronization Status
    - Viewing the Job Status
    - Creating New Jobs
    - Uploading Keys to SAP
    - Viewing Synchronization Process Details
    - Canceling Synchronization
    - Enabling Auto Rotation of SAP Keys
    - Disabling Auto Rotation of SAP Keys
    - Creating a Dynamic Key Reference (DKR)
    - Viewing the List of DKRs
    - Getting Details of a DKR
    - Updating Details of a DKR
    - Deleting a DKR from CCKM
    - Deleting a DKR from SAP
  - SAP Reports APIs
- SAP HYOK APIs
  - Creating SAP Keystore
  - Fetching SAP Keystore
  - Viewing Details of a SAP Keystore
  - Updating SAP Keystore
  - Deleting a SAP Keystore
  - Blocking Access to the SAP External Keystore
  - Unblocking Access to the SAP External Keystore
  - Create External Key in SAP Keystore
  - Fetching SAP External Keys
  - Viewing Details of a SAP External Key in SAP Keystore
  - Updating SAP External key
  - Deleting a SAP External Key
  - Blocking Access to the SAP External Key
  - Unblocking Access to the SAP External Key
  - Enabling the SAP External Key
  - Disabling the SAP External Key
  - Viewing the Version Details for SAP HYOK
  - Fetching SAP External Key Versions
  - Archiving the SAP External Key
  - Recovering the SAP External Key
  - Archiving the SAP Keystore
  - Recovering SAP Keystore
  - Granting Permissions to Users or Groups
  - SAP Invoked APIs
    - Fetching the Keystore Metadata
    - Fetching the Key Metadata
    - Encrypting the Data using a Symmetric Key
    - Decrypting the Data using a Symmetric Key
    - Encrypting the Data using an Asymmetric Key
    - Decrypting the Data using an Asymmetric Key
    - Creating a Digital Signature
    - Verifying a Digital Signature
    - Generating the Random Bytes
    - Fetching the Public Key
    - Fetching Metadata of all Versions of a Key
- Salesforce APIs
  - Salesforce Organization APIs
    - Getting Salesforce Organizations
    - Adding Salesforce Organizations
    - Listing Salesforce Organizations
    - Viewing Details of a Salesforce Organization
    - Updating a Salesforce Organization
    - Granting Permissions to Users or Groups
    - Deleting Salesforce Organizations
  - Salesforce Tenant Secret APIs
    - Creating a Salesforce Tenant Secret
    - Viewing Salesforce Tenant Secrets
    - Getting Details of a Salesforce Tenant Secret
    - Destroying a Salesforce Tenant Secret
    - Synchronizing Tenant Secrets
    - Importing a Tenant Secret
    - Viewing Synchronizing Status
    - Viewing Details of a Synchronization Job
    - Canceling a Synchronization Job
    - Uploading Salesforce Tenant Secrets
    - Deleting Backup of a Salesforce Tenant Secret
    - Activate a Cache-Only Key
    - Fetching a Salesforce Cache-Only Key for a Given Identifier
    - Updating a Salesforce Cache-Only Key
    - Uploading a Salesforce Cache-Only Key
  - Salesforce Issuer APIs
    - Creating a Salesforce Issuer
    - Deleting a Salesforce Issuer
    - Viewing Salesforce Issuers
    - Viewing Details of a Salesforce Issuer
    - Updating a Salesforce Issuer
  - Salesforce Reports APIs
  - Salesforce Cache Only Key Endpoints APIs
  - Salesforce Cloud Certificates APIs
  - Salesforce Named Credentials APIs
- Oracle Cloud APIs
  - OCI Vaults APIs
    - Fetching List of OCI Vaults from Oracle
    - Adding OCI Vaults
    - Viewing OCI Vaults Added to CipherTrust Manager
    - Viewing Details of OCI Vaults
    - Managing Permissions on OCI Users or Groups
    - Deleting OCI Vaults
    - Updating Connection of OCI Vaults
  - OCI Keys APIs
    - Creating OCI Keys
    - Fetching OCI Keys
    - Getting Details of an OCI Key
    - Updating OCI Key Attributes
    - Deleting an OCI Key
    - Canceling Deletion of an OCI Key
    - Deleting an OCI Key Backup from CCKM
    - Restoring a Deleted OCI Key
    - Scheduling Deletion of an OCI Key
    - Adding OCI Key Version
    - Viewing OCI Key Versions
    - Getting Details of an OCI Key Version
    - Scheduling Deletion of an OCI Key Version
    - Canceling Scheduled Deletion of an OCI Key Version
    - Uploading Keys to OCI
    - Synchronizing OCI Keys
    - Viewing Synchronization Status
    - Viewing Synchronization Process Details
    - Canceling Synchronization
    - Changing the Compartment of an OCI Key
    - Disabling an OCI Key
    - Enabling an OCI Key
    - Refreshing an OCI Key
    - Enabling Auto Rotation of OCI Keys
    - Disabling Auto Rotation of OCI Keys
  - OCI Subscribed Regions API
  - OCI Compartments API
  - OCI Reports APIs
- OCI External APIs
  - Issuers APIs
    - Creating an Issuer
    - Returning a List of Issuers
    - Viewing Details of an Issuer
    - Updating Issuers
    - Deleting Issuers
  - External Vaults APIs
    - Creating an External vault
    - Blocking Access to External Vaults
    - Unblocking Access to External vaults
  - External Keys APIs
    - Creating an External Key
    - Blocking Access to External keys
    - Unblocking Access to External keys
  - OCI Invoked APIs
    - Fetching the Metadata of External Vaults
    - Fetching the Metadata of External Keys
    - Fetching the Metadata of a Version of External Keys
    - Encrypting Data Using External Keys
    - Decrypting Data Using External Keys
    - Generating Random Bytes
- Key Material Export and Upload
- Scheduler APIs
  - Scheduling Synchronization
  - Scheduling Key Rotation
  - Scheduling Key Rotation and Auto Rotation of Credentials
  - Automatic Cloud Key Discovery
  - Response Parameters
- Google Workspace CSE APIs
  - Creating an Issuer
  - Viewing Issuers
  - Viewing Details of an Issuer
  - Deleting an Issuer
  - Creating KACLS Endpoints
  - Viewing KACLS Endpoints
  - Viewing Details of a KACLS Endpoint
  - Updating a KACLS Endpoint
  - Disabling a KACLS Endpoint
  - Enabling a KACLS Endpoint
  - Archiving a KACLS Endpoint
  - Recovering a KACLS Endpoint
  - Deleting a KACLS Endpoint
  - Rotating Endpoint Keys (rotate-key)
  - Viewing KACLS Endpoint Perimeters
  - Updating a KACLS Endpoint Perimeter
  - Encrypting Private Keys (wrapprivatekey)
  - Viewing KACLS Endpoint Rewrap Configuration
  - Updating a Rewrap Configuration
  - Viewing KACLS Endpoint Privileged-Unwrap Configuration
  - Updating a KACLS Endpoint Privileged-Unwrap Configuration
  - Google Invoked APIs
    - Encrypting Data Encryption Keys (wrap)
    - Decrypting Data Encryption Keys (unwrap)
    - Decrypting and Downloading Document (privilegedunwrap)
    - Viewing the KACLS Endpoint Status
    - Signing Private Keys (privatekeysign)
    - Decrypting Content Encryption Keys (privatekeydecrypt)
    - Decrypting and Downloading Gmail Message (privilegedprivatekeydecrypt)
    - Listing KACLS Public JWKS
    - Migrating from an Old KACLS to a New KACLS
    - Validating the Resource Key Hash
    - Publishing Public JSON Web Key Set (JWKS) at /Certs
    - Decrypting Data in a Privileged Context
    - Encrypting the Bulk Imported Data (privilegedwrap)
- Settings APIs
  - Updating CCKM Settings
  - Fetching CCKM Settings
  - Updating the Azure Key Expiry Notification Settings
  - Fetching the Azure Key Expiry Notification Settings
  - Updating the AWS Key Expiry Notification Settings
  - Fetching the AWS Key Expiry Notification Settings
Server Audit Record Reference
- Key Errors
- Certificate Errors
- Authentication Errors
- General Errors

Validating the Resource Key Hash

The POST /v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/digest API takes a DEK wrapped with the wrap API, and returns the base64 encoded resource_key_hash.

Request Parameters

Parameter	Type	Description
authorization	string	A JWT issued by the Google service account for this request.
reason	string	Additional information about the operation.
wrapped_key	string	The base64 binary object returned by the `wrap` call.

Example Request

{
    authorization: <Authz-JWT>,
    reason: "",
    wrapped_key: " eyJ3cmFwcGVkX2tleSI6IkozSnZCTEdVOFlWeWlocGpsWXpyd..."
}

Example Response

{
    resource_key_hash: "qClT153ghqBOLPpdMsc4S4n6okPrRaLPBYT0zRcn+go="
}

Response Codes

Response Code	Description
2xx	Success
4xx	Client errors

Refer to HTTP status codes for details.

Suggest A Change

Validating the Resource Key Hash

Request Parameters

Example Request

Example Response

Response Codes

On this page