OCI Reports APIs
CCKM provides options to generate key visibility reports based on key-related activities between CCKM and Oracle vaults and rotation schedules. Use the reports to track keys by their expiration dates.
Oracle reports are categorized as:
Key Activity Report: Inspect individual Oracle key histories by operations, for example, when they were refreshed, rotated, edited, or deleted. Also, use this report to compare key activities between CCKM and Oracle vaults.
Key Rotation Report: Track keys that have been rotated or will be rotated between the selected period.
Key Aging Report: Track Oracle keys by their expiration dates. Audit a range of dates, from past material deletions to future scheduled deletions, within selected Oracle vaults.
Use the OCI reports APIs to:
Generate a report
View the list of existing reports
View details of a particular report
Delete a report from CCKM
View the content of a generated report
Download the content of a report in CSV
Generating an OCI Report
Use the post /v1/cckm/oci/reports API to generate a report. This API starts the report generation. The report content can be verified by running the get /v1/cckm/oci/reports/{id}/contents API. Refer to Viewing Content of Generated OCI Reports.
Note
OCI supports key rotation reports for a period of maximum 14 days. When generating key rotation reports, make sure that the period between the start and end time is not more than 14 days.
Syntax
curl -k '<IP>/api/v1/cckm/oci/reports' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "name": "<report name>",\n "start_time": "<start time>",\n "end_time": "<end time>",\n "report_type": "<report type>",\n "oci_params": [<OCI parameters>]\n}' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| name | string | Name for the report. |
| report_type | string | Type of the report. The supported types are: • key-report• key-rotation• key-aging |
| oci_params | JSON | OCI parameter. Refer to OCI Parameter for details. |
| start_time | string | Start time from when the report is to be generated. Default start time is end_time-24hrs. |
| end_time | string | End time for the report. Default end time is the time when the call is initiated. |
Note
If end_time and start_time are not specified, a report for the last 24 hours is generated.
OCI Parameter
| Parameter | Type | Description |
|---|---|---|
| vault | string | Resource ID of the OCI vault on the CipherTrust Manager. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/reports' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI4NDQ3NTdmMS1hMWNmLTRhMzEtYWZiNC0zNTdhNGM3NmVkYjciLCJzdWIiOiJsb2NhbHwxNjEyYjYyYy1mYWFiLTQ1NzQtYWQ4Ny00ZTBmMDRlNWZlMzUiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiOTYyNDEwNzktOGU1Ni00MGM5LWJhMmMtN2Y0MjZhMWZhZjQwIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImMxNjRhNGNjLTI5YmYtNDlkNy1iODlmLTdlZGVjNmZkOTAwNiIsImlhdCI6MTYzNjM0OTkzMSwiZXhwIjoxNjM2MzUwMjMxfQ.GfqrxEWAttYDfCrn8xuDQMOYnCENcq1aOxi8ZLhe7qY' -H 'Content-Type: application/json' --data-binary $'{\n "start_time": "2021-11-06T06:37:07Z",\n "end_time": "2021-11-06T08:37:07Z",\n "name": "ab-report",\n "report_type": "key-report",\n "oci_params": [\n {\n "vault": "cac0dc79-de8a-4cde-a5f3-84c1b42b637e"\n }\n ]\n}' --compressed
Example Response
{
"id": "534c09d8-befc-447f-96b8-740ea3200520",
"uri": "kylo:kylo:cckm:oci-reports:534c09d8-befc-447f-96b8-740ea3200520",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-02-07T04:44:54.842134932Z",
"updatedAt": "2022-02-07T04:44:54.845464762Z",
"overall_status": "in_progress",
"detailed_status": {
"cac0dc79-de8a-4cde-a5f3-84c1b42b637e": "in_progress"
},
"abort": false,
"connection": "oci1",
"report_type": "key-rotation",
"vaults": [
"cac0dc79-de8a-4cde-a5f3-84c1b42b637e"
],
"start_time": "2022-02-02T00:00:00Z",
"end_time": "2022-02-02T20:00:00Z",
"name": "ab-report"
}
The output shows that the "overall_status" of the report is "in_progress". Wait until the status becomes Completed. To check the status, run the get /v1/cckm/oci/reports (refer to Viewing List of Existing OCI Reports) or get /v1/cckm/oci/reports/{id} API (refer to Viewing Details of a Particular OCI Report).
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Viewing List of Existing OCI Reports
Use the get /v1/cckm/oci/reports API to view the list of updated reports. The results can be filtered using the request query parameters.
Syntax
curl -k '<IP>/api/v1/cckm/oci/reports?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Request Parameter
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Request Query Parameters
| Parameter | Type | Description |
|---|---|---|
| id | string | Internal ID of the OCI report. |
| overall_status | string | Overall status of the OCI report. The status can be: • completed• in progress• failed |
| name | string | Name of the OCI report. |
| report_type | string | Type of the OCI report. The supported types are: • key-report• key-rotation• key-aging |
| skip | integer | Number of records to skip. For example, if "skip":5 is specified, the first five records will not be displayed in the output. |
| limit | integer | Numbers of records to display. For example, if "limit":10 is specified, then the next 10 records (after skipping the number of records specified in the skip parameter) will be displayed in the output. |
| sort | string | Comma-delimited list of properties to sort the results. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/reports?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI4NDQ3NTdmMS1hMWNmLTRhMzEtYWZiNC0zNTdhNGM3NmVkYjciLCJzdWIiOiJsb2NhbHwxNjEyYjYyYy1mYWFiLTQ1NzQtYWQ4Ny00ZTBmMDRlNWZlMzUiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiOTYyNDEwNzktOGU1Ni00MGM5LWJhMmMtN2Y0MjZhMWZhZjQwIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImMxNjRhNGNjLTI5YmYtNDlkNy1iODlmLTdlZGVjNmZkOTAwNiIsImlhdCI6MTYzNjM0OTkzMSwiZXhwIjoxNjM2MzUwMjMxfQ.GfqrxEWAttYDfCrn8xuDQMOYnCENcq1aOxi8ZLhe7qY' --compressed
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "534c09d8-befc-447f-96b8-740ea3200520",
"uri": "kylo:kylo:cckm:oci-reports:534c09d8-befc-447f-96b8-740ea3200520",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-02-07T04:44:54.842135Z",
"updatedAt": "2022-02-07T04:44:54.845465Z",
"overall_status": "in_progress",
"detailed_status": {
"cac0dc79-de8a-4cde-a5f3-84c1b42b637e": "in_progress"
},
"abort": false,
"connection": "oci1",
"report_type": "key-rotation",
"vaults": [
"cac0dc79-de8a-4cde-a5f3-84c1b42b637e"
],
"start_time": "2022-02-02T00:00:00Z",
"end_time": "2022-02-02T20:00:00Z",
"name": "ab-report"
}
]
}
The output shows two OCI reports with their details.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Viewing Details of a Particular OCI Report
Use the get /v1/cckm/oci/reports/{id} API to view the details of an OCI report.
Syntax
curl -k '<IP>/api/v1/cckm/oci/reports/{id}' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id} represents the resource ID of the OCI report on the CipherTrust Manager.
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/reports/534c09d8-befc-447f-96b8-740ea3200520' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI4NDQ3NTdmMS1hMWNmLTRhMzEtYWZiNC0zNTdhNGM3NmVkYjciLCJzdWIiOiJsb2NhbHwxNjEyYjYyYy1mYWFiLTQ1NzQtYWQ4Ny00ZTBmMDRlNWZlMzUiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiOTYyNDEwNzktOGU1Ni00MGM5LWJhMmMtN2Y0MjZhMWZhZjQwIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImMxNjRhNGNjLTI5YmYtNDlkNy1iODlmLTdlZGVjNmZkOTAwNiIsImlhdCI6MTYzNjM0OTkzMSwiZXhwIjoxNjM2MzUwMjMxfQ.GfqrxEWAttYDfCrn8xuDQMOYnCENcq1aOxi8ZLhe7qY' --compressed
Example Response
{
"id": "534c09d8-befc-447f-96b8-740ea3200520",
"uri": "kylo:kylo:cckm:oci-reports:534c09d8-befc-447f-96b8-740ea3200520",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-02-07T04:44:54.842135Z",
"updatedAt": "2022-02-07T04:51:28.094618Z",
"completed_at": "2022-02-07T04:51:28.094291Z",
"overall_status": "completed",
"detailed_status": {
"cac0dc79-de8a-4cde-a5f3-84c1b42b637e": "completed"
},
"abort": false,
"connection": "oci1",
"report_type": "key-rotation",
"vaults": [
"cac0dc79-de8a-4cde-a5f3-84c1b42b637e"
],
"start_time": "2022-02-02T00:00:00Z",
"end_time": "2022-02-02T20:00:00Z",
"name": "ab-report"
}
The output shows the details of an OCI report with the specified resource ID.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Viewing Content of Generated OCI Reports
Use the get /v1/cckm/oci/reports/{id}/contents API to view the content of an OCI report on console. Use the request query parameters to filter the content of the report.
Syntax
curl -k '<IP>/api/v1/cckm/oci/reports/{id}/contents?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id} represents the resource ID of the OCI report on the CipherTrust Manager.
Request Parameter
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Request Query Parameters
| Parameter | Type | Description |
|---|---|---|
| key_name | string | Name of the OCI key. |
| oci_key_id | string | ID of the OCI key. |
| vault_id | string | Resource ID of the OCI vault. |
| key_activity | string | Activity performed on the key. |
| origin | string | Origin of the key. |
| user_name | string | Name of the CCKM user who performed the operation. |
| skip | integer | Number of records to skip. For example, if "skip":5 is specified, the first five records will not be displayed in the output. |
| limit | integer | Numbers of records to display. For example, if "limit":10 is specified, then the next 10 records (after skipping the number of records specified in the skip parameter) will be displayed in the output. |
| sort | string | Comma-delimited list of properties to sort the results. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/reports/534c09d8-befc-447f-96b8-740ea3200520/contents?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI4NDQ3NTdmMS1hMWNmLTRhMzEtYWZiNC0zNTdhNGM3NmVkYjciLCJzdWIiOiJsb2NhbHwxNjEyYjYyYy1mYWFiLTQ1NzQtYWQ4Ny00ZTBmMDRlNWZlMzUiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiOTYyNDEwNzktOGU1Ni00MGM5LWJhMmMtN2Y0MjZhMWZhZjQwIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImMxNjRhNGNjLTI5YmYtNDlkNy1iODlmLTdlZGVjNmZkOTAwNiIsImlhdCI6MTYzNjM0OTkzMSwiZXhwIjoxNjM2MzUwMjMxfQ.GfqrxEWAttYDfCrn8xuDQMOYnCENcq1aOxi8ZLhe7qY' --compressed
Example Response
{
"skip": 0,
"limit": 1,
"total": 10,
"resources": [
{
"id": "534c09d8-befc-447f-96b8-740ea3200520",
"uri": "kylo:kylo:cckm:oci-reports:534c09d8-befc-447f-96b8-740ea3200520",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-02-07T04:45:46.252928Z",
"updatedAt": "2022-02-07T04:45:46.244451Z",
"key_name": "TestKeyForDemo",
"event_type": "CreateKeyVersion.begin",
"oci_key_id": "ocid1.key.oc1.iad.bzqawsedaagyg.abuwcljsqawseddz4elaqlwmcz56c3tic2ndcofkndggg6cji7dolbvuwyhq",
"vault_id": "ocid1.vault.oc1.iad.bzqawsedaaeuk.abuwcljtaqawsedpqud5hgd7ikl7pmfn7q6wogbigjryu4udtkinnkmyacrq",
"key_activity": "CreateKeyVersion",
"event_time": "2022-02-02T07:53:06.253Z",
"user_name": "user@example.com"
}
]
}
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Downloading Content of OCI Reports in CSV
Use the get /v1/cckm/oci/reports/{id}/download API to download the comma-separated OCI report. The report is downloaded as a CSV file named as <report-name>-<report-type>.csv, for example, oci-report-key-report.csv.
Syntax
curl -k '<IP>/api/v1/cckm/oci/reports/{id}/download' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id} represents the resource ID of the OCI report on the CipherTrust Manager.
Request Parameter
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/reports/534c09d8-befc-447f-96b8-740ea3200520/download' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI4NDQ3NTdmMS1hMWNmLTRhMzEtYWZiNC0zNTdhNGM3NmVkYjciLCJzdWIiOiJsb2NhbHwxNjEyYjYyYy1mYWFiLTQ1NzQtYWQ4Ny00ZTBmMDRlNWZlMzUiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiOTYyNDEwNzktOGU1Ni00MGM5LWJhMmMtN2Y0MjZhMWZhZjQwIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImMxNjRhNGNjLTI5YmYtNDlkNy1iODlmLTdlZGVjNmZkOTAwNiIsImlhdCI6MTYzNjM0OTkzMSwiZXhwIjoxNjM2MzUwMjMxfQ.GfqrxEWAttYDfCrn8xuDQMOYnCENcq1aOxi8ZLhe7qY' --compressed
The report is downloaded as a CSV file named as <report-name>-<report-type>.csv, for example, oci-report-key-report.csv.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Deleting a Report from CCKM
Use the delete /v1/cckm/oci/reports/{id} API to delete an OCI report from CCKM.
Syntax
curl -k '<IP>/api/v1/cckm/oci/reports/{id}' -X DELETE -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id} represents the resource ID of the OCI report on the CipherTrust Manager.
Request Parameter
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/reports/534c09d8-befc-447f-96b8-740ea3200520' -X DELETE -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI4NDQ3NTdmMS1hMWNmLTRhMzEtYWZiNC0zNTdhNGM3NmVkYjciLCJzdWIiOiJsb2NhbHwxNjEyYjYyYy1mYWFiLTQ1NzQtYWQ4Ny00ZTBmMDRlNWZlMzUiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiOTYyNDEwNzktOGU1Ni00MGM5LWJhMmMtN2Y0MjZhMWZhZjQwIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImMxNjRhNGNjLTI5YmYtNDlkNy1iODlmLTdlZGVjNmZkOTAwNiIsImlhdCI6MTYzNjM0OTkzMSwiZXhwIjoxNjM2MzUwMjMxfQ.GfqrxEWAttYDfCrn8xuDQMOYnCENcq1aOxi8ZLhe7qY' --compressed
Example Response
{
"status": 204
}
The output shows that the report with the specified resource ID is deleted from CCKM.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
