Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

Google Cloud Key APIs

Updating a Google Cloud Key

search

Please Note:

Updating a Google Cloud Key

Use the patch /v1/cckm/google/keys/{id} API to update the attributes of a Google Cloud key with the given ID.

  • For symmetric keys, you can update primary_version, next_rotation_time, rotation_period, and labels.

  • For asymmetric keys, you can update version_template_algorithm and labels.

Syntax

curl -k '<IP>/api/v1/cckm/google/keys/{id}' -X PATCH -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n  "primary_version": "<primary_version>",\n  "next_rotation_time": "<next_rotation_time>",\n  "rotation_period": "<rotation_period>",\n  "labels": {"<label-key>": "<label-value>"},\n  "version_template_algorithm": "<version_template_algorithm>"\n}' --compressed

Here, {id} represents the resource ID of the Google Cloud key on the CipherTrust Manager. The resource id is different than key_id.

Request Parameters

ParameterTypeDescription
AUTHTOKENstringAuthorization token.
labelsstring of JSONLabels (tags) attached to the Google Cloud key in the form of key-value JSON pairs, for example, "isakey": "yes". For Google label requirements, refer to [Labeling keys
next_rotation_timestring(Symmetric keys only) Time when the Google Cloud key will be automatically rotated by Google Cloud KMS (symmetric key only). The time must be in the RFC3339 format, for example, "2022-07-31T17:18:37.085Z".
primary_version_idstring(Symmetric keys only) Version number of the new primary version for the Google Cloud key. Set the primary version from the existing versions of a Google Cloud key.
A Google Cloud key has multiple versions, but a symmetric key can have at most one primary key version. The primary key version is used to encrypt data if you do not specify a key version.
Asymmetric keys do not have primary versions; you must specify the version when using the key.
rotation_periodstring(Symmetric keys only) Frequency at which the Google Cloud key will be automatically rotated by Google Cloud KMS. The frequency must be in the format "<duration>s", that is, duration in seconds terminated by s, for example, "360000s".
version_template_algorithmstring(Asymmetric keys only) Algorithm for the asymmetric Google Cloud key. The supported algorithms are:
• RSA_SIGN_PSS_2048_SHA256
• RSA_SIGN_PSS_3072_SHA256
• RSA_SIGN_PSS_4096_SHA256
• RSA_SIGN_PSS_4096_SHA512
• RSA_SIGN_PKCS1_2048_SHA256
• RSA_SIGN_PKCS1_3072_SHA256
• RSA_SIGN_PKCS1_4096_SHA256
• RSA_SIGN_PKCS1_4096_SHA512
• RSA_DECRYPT_OAEP_2048_SHA256
• RSA_DECRYPT_OAEP_3072_SHA256
• RSA_DECRYPT_OAEP_4096_SHA256
• RSA_DECRYPT_OAEP_4096_SHA512
• EC_SIGN_P256_SHA256
• EC_SIGN_P384_SHA384
• EC_SIGN_SECP256K1_SHA256 (Only for protection level, HSM)
• GOOGLE_SYMMETRIC_ENCRYPTION
• HMAC_SHA256
Algorithm of a symmetric Google Cloud key cannot be changed.

Example Request

curl -k 'https://127.0.0.1/api/v1/cckm/google/keys/2f18eade-2fd9-4c48-85f7-550107729299' -X PATCH -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI0MmFmZDExNy02YzllLTRhNGUtOTAwYS1lYjlhNDNjYWE5ZDIiLCJzdWIiOiJsb2NhbHwzMTI5ODdkMS0wOWNiLTQxZTEtOThmNy1jZjRhNzgwNTZiMTMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNDVmOWE3NWUtMzI1NC00NWJkLWE0NzYtOWU2NWUyNjdmNGVkIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjdiYzNkOWM4LWRiYTQtNDVmMy05YWNiLWI3NGM2MzQyYzYyMCIsImlhdCI6MTYxNDc1MTg1MSwiZXhwIjoxNjE0NzUyMTUxfQ.ahdxfM7-WA4u7sotHy6qelc9MkoZytst7oZWsvE7Cr0' -H 'Content-Type: application/json' --data-binary $'{\n  "primary_version": "",\n  "next_rotation_time": "",\n  "rotation_period": "",\n  "labels": {},\n  "version_template_algorithm": "RSA_DECRYPT_OAEP_4096_SHA512"\n}' --compressed

Example Response

{
    "id": "2f18eade-2fd9-4c48-85f7-550107729299",
    "uri": "kylo:kylo:cckm:gcp-keys:3bb59aca-8969-4a85-adca-12e661327dd0",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-05-05T03:06:13.442981Z",
    "updatedAt": "2021-05-05T06:11:03.368388982Z",
    "cloud_name": "gcp",
    "key_id": "TestKey2",
    "project_id": "gemalto-kyloeng",
    "location_id": "global",
    "key_ring_id": "cckm",
    "key_ring_name": "projects/gemalto-kyloeng/locations/global/keyRings/demo-key-ring",
    "gone": false,
    "auto_rotate": false,
    "status": "AVAILABLE",
    "gcp_params": {
        "name": "projects/gemalto-kyloeng/locations/global/keyRings/demo-key-ring/cryptoKeys/TestKey2",
        "primary": "",
        "createTime": "2021-05-05T03:06:14.289985Z",
        "purpose": "ASYMMETRIC_DECRYPT",
        "next_rotation_time": null,
        "protectionLevel": "SOFTWARE",
        "algorithm": "RSA_DECRYPT_OAEP_4096_SHA512"
    }
}

The sample output displays the list of Google Cloud key rings based on the specified Google Cloud connection, location, and project ID.

Response Codes

Response CodeDescription
2xxSuccess
4xxClient errors
5xxServer errors

Refer to HTTP status codes for details.