Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

SAP Keys APIs

Enabling Auto Rotation of SAP Keys

search

Please Note:

Enabling Auto Rotation of SAP Keys

Use the post /v1/cckm/sap/keys/{id}/enable-auto-rotation API to enable auto rotation of a SAP key with the given ID.

Syntax

curl -k '<IP>/api/v1/cckm/sap/keys/{id}/enable-auto-rotation' -X POST -H 'Authorization: Bearer AUTHTOKEN' --compressed

Here, {id} represents the resource ID of the SAP key for which automatic key rotation is to be enabled.

Request Parameters

ParameterTypeDescription
AUTHTOKENstringAuthorization token.
auto_rotate_key_sourcestringSource of key material for the new SAP key. The options are:
• native
• hsm-luna
• dsm
• ciphertrust
job_config_idstringID of the key rotation scheduler job.
auto_rotate_domain_idstring(DSM keys only) ID of the domain in which the DSM key will be created. Specify this when auto_rotate_key_source is dsm.
auto_rotate_partition_idstring(Luna HSM keys only) ID of the partition in which the HSM key will be created. Specify this when auto_rotate_key_source is hsm-luna.

Example Request

curl -k 'https://127.0.0.1/api/v1/cckm/sap/keys/ecc73bfb-7605-4263-abb8-84fe431d35fb/enable-auto-rotation' -X POST -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI0MmFmZDExNy02YzllLTRhNGUtOTAwYS1lYjlhNDNjYWE5ZDIiLCJzdWIiOiJsb2NhbHwzMTI5ODdkMS0wOWNiLTQxZTEtOThmNy1jZjRhNzgwNTZiMTMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNDVmOWE3NWUtMzI1NC00NWJkLWE0NzYtOWU2NWUyNjdmNGVkIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjdiYzNkOWM4LWRiYTQtNDVmMy05YWNiLWI3NGM2MzQyYzYyMCIsImlhdCI6MTYxNDc1MTg1MSwiZXhwIjoxNjE0NzUyMTUxfQ.ahdxfM7-WA4u7sotHy6qelc9MkoZytst7oZWsvE7Cr0' --compressed

Example Response

{
    "id": "85b60d4c-39b2-42e4-a87a-f930ef35cbe9",
    "uri": "kylo:kylo:cckm:sap-key:testsapkey-22thoct-14f1c536-7b19-44ca-b720-eff431e3ff67",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-10-22T03:27:42.087228Z",
    "labels": {
        "auto_rotate_key_source": "native",
        "job_config_id": "932bdc70-a960-4c32-ba22-f1ed62c029e7"
    },
    "updatedAt": "2021-10-27T07:34:20.133055084Z",
    "cloud_name": "sap",
    "tenant": "thales-preprod",
    "sap_param": {
        "enabled": true,
        "exportable": false,
        "groupId": "c838f874-3bf2-41d5-88c2-b5f5bf8094a8",
        "sap_key_id": "85b60d4c-39b2-42e4-a87a-f930ef35cbe9",
        "keystoreContext": {
            "customerHeld": false
        },
        "meta": {
            "created": "2021-10-22T03:27:41Z",
            "creatorId": "171cdee5-947e-4bcd-ae0b-562256624904",
            "creatorName": "creator.name@xyz.com",
            "imported": false,
            "primaryVersion": 3,
            "totalVersions": 4
        },
        "name": "TestSapKey--22thOct",
        "operations": [
            "DECRYPT",
            "ENCRYPT"
        ],
        "role": "UNSPECIFIED",
        "size": 256,
        "type": "AES"
    },
    "cckm_group_name": "CCKM",
    "cckm_group_id": "003d0903-508c-4162-95e3-f59a11c8351a",
    "gone": false,
    "origin": "native",
    "auto_rotate": true,
    "sap_application": "GENERAL",
    "sap_group_name": "CCKM",
    "Deleted": false,
    "status": "AVAILABLE"
}

The sample output shows details such as the key material origin and other parameters for automatic rotation of the specified SAP key.

Response Codes

Response CodeDescription
2xxSuccess
4xxClient errors
5xxServer errors

Refer to HTTP status codes for details.