Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

Key Life Cycle Management APIs

Enabling Key for Rotation Job

search

Please Note:

Enabling Key for Rotation Job

Use the /v1/cckm/azure/keys/{id}/enable-rotation-job enable an Azure key for scheduled rotation job. To use this API, first create a new rotation job configuration, the job_config_id is required to call this API. Refer to Scheduling Key Rotation for details.

Syntax

curl -k '<IP>/api/v1/cckm/azure/keys/{id}/enable-rotation-job' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n  "job_config_id": "<job_config_id>",\n  "auto_rotate_key_source": "<key_material_source>",\n  "auto_rotate_key_type": "<key_type>",\n  "auto_rotate_key_size": <key_size>,\n  "auto_rotate_enable_key": <boolean>\n}' --compressed

Here, {id} represents the key ID.

Request Parameter

ParameterTypeDescription
AUTHTOKENstringAuthorization token.
auto_rotate_key_sourcestringSource of the key material. Possible options are:
• native
• hsm-luna
• dsm
• ciphertrust
auto_rotate_partition_idstringID of the partition in which the Luna HSM key will be created.
auto_rotate_key_typestringType of the key. Possible options are:
• RSA
• EC
job_config_idstringId of the scheduler job that will perform key rotation.
auto_rotate_ec_namestringName of the Elliptical curve key. Required only when key_type=EC. Possible options are:
• P-256
• P-384
• P-521
• SECP256K1
auto_rotate_enable_keybooleanFlag to enable the newly rotated key.
auto_rotate_key_sizeintegerSize of the new rotated key. Required only when key_type=RSA. Possible options are:
•2048
• 3072
• 4096
auto_rotate_domain_idstringID of the domain in which the key will be created.

Example Request

curl -k 'https://54.175.71.61/api/v1/cckm/azure/keys/45b35f7b-b7b7-416c-a29c-4568d354fd2c/enable-rotation-job' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1NjlmZTIyMy0zZGM2LTRhZDctYjE5YS1lYjFlZTY4MDBlMzUiLCJzdWIiOiJsb2NhbHxjNjc2ZGM1Zi1iMjNjLTQ4ODgtYTZmYi05MjMwNWU3MDdkNDMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiYTlhZmY2ZGMtYTdjYy00NmJiLThiYTUtMDg3OWViZGRiZTA1Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImQ3MDY1MDhiLTllYWYtNDQ0Mi04MGY4LWM4NTA2ODBlOWUyZCIsImlhdCI6MTYwMzEwNDA4NCwiZXhwIjoxNjAzMTA0Mzg0fQ.Kp-X2Y9cb_PSJtIasz_krM6wip4s8_LTu7ozPJZ_2Hs' -H 'Content-Type: application/json' --data-binary $'{\n  "job_config_id": "c7cd8d4c-6ef5-4de5-b107-2054160abb3a",\n  "auto_rotate_key_source": "native",\n  "auto_rotate_key_type": "RSA",\n  "auto_rotate_key_size": 2048,\n  "auto_rotate_enable_key": true\n}' --compressed

Example Response

{
"id": "45b35f7b-b7b7-416c-a29c-4568d354fd2c",
"uri": "kylo:kylo:cckm:azure-key:45b35f7b-b7b7-416c-a29c-4568d354fd2c",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-10-19T06:10:52.784557Z",
"updatedAt": "2020-10-19T07:04:16.520845Z",
"key_vault": "key-vault-softkeys::260ecbe7-777b-4d3c-84ea-887620498863",
"key_vault_id": "da2e6bb6-845c-4a3a-8c10-831065f6e855",
"region": "northcentralus",
"deleted": false,
"backup_at": "2020-10-19T06:10:40.371055Z",
"soft_delete_enabled": true,
"key_soft_deleted_in_azure": false,
"status": "ACTIVE",
"syncedAt": "2020-10-19T05:28:32Z",
"created_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"modified_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"version": "927bb136b2674414ac65a90660703f4f",
"key_size": 2048,
"backup": "701e44d020d44689b97c26a5de3cd6a5a05a91f8f7bd4b63998e423ef6f1b668",
"key_name": "newTestKey2048",
"cloud_name": "AzureCloud",
"azure_param": {
    "key": {
        "kid": "https://key-vault-softkeys.vault.azure.net/keys/newTestKey2048/927bb136b2674414ac65a90660703f4f",
        "kty": "RSA",
        "key_ops": [
            "encrypt",
            "decrypt",
            "sign",
            "verify",
            "wrapKey",
            "unwrapKey"
        ],
        "n": "2kZsxVk8RHI5UIBm0v-LKTm3pm_jbLOqFcUe7dnYoaKXCp2XHfBad0jVu-oM8C5k8Ka_K5cVT9OQrtnfR_RptAL6SvtWzuUXiMgasovvX_Kc5cA54UtnuNO3-bHeijVWfH2VosGlf5PT0tB_nf8CAQplbWG3374YRozjxS5Ds22KSDbtli0CZiGL6v1jtBm24D-Y64PVHOBVejLDM6YesCSO1XkdMAgm7DItO04YmDoxOJcbfxLsmYN_HYvMKbqVAU4P1EeIEFmKAJ-7PbScfnW2mfAY_wTN1pe7GIfHpY1d1JoP96acYrj1k7sLuG5ZzXMEEHG711ayWVfANHJJQw",
        "e": "AAAAAAABAAE"
    },
    "attributes": {
        "recoveryLevel": "CustomizedRecoverable+Purgeable",
        "enabled": true,
        "created": 1603085312,
        "updated": 1603085312
    }
},
"azure_created_at": "2020-10-19T05:28:32Z",
"azure_updated_at": "2020-10-19T05:28:32Z",
"tenant": "d27d849e-e487-4b0e-a54c-a71e67687d10",
"labels": {
    "auto_rotate_enable_key": true,
    "auto_rotate_key_size": 2048,
    "auto_rotate_key_source": "native",
    "auto_rotate_key_type": "RSA",
    "job_config_id": "c7cd8d4c-6ef5-4de5-b107-2054160abb3a"
},
"key_material_origin": "unknown",
"gone": false,
"version_count": 2
}

The sample output shows that the key (with ID 45b35f7b-b7b7-416c-a29c-4568d354fd2c) is enabled for the scheduled key rotation.

To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.

Response Codes

Response CodeDescription
2xxSuccess
4xxClient errors
5xxServer errors

Refer to HTTP status codes for details.