Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

OCI Keys APIs

Adding OCI Key Version

search

Adding OCI Key Version

Use the post /v1/cckm/oci/keys/{id}/versions API to add a new version to the OCI key. Specify whether the version will be created natively on OCI or uploaded from an external key source.

While uploading RSA key versions, if the Protection Mode is HSM, OCI shows the key version Source as Internal instead of External. This is an OCI issue, and not related to CCKM.

Syntax

curl -k '<IP>/api/v1/cckm/oci/keys/{id}/versions' -X POST -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n \n  "is_native": true\n}' --compressed

Here, {id} is the resource ID of the OCI key.

Request Parameters

Parameter Type Description
AUTHTOKEN string Authentication token.
is_native boolean Whether the key version will be created natively or uploaded from a key source. Set to true for a native key, false for a key source.
source_key_identifier string ID of the key that will be uploaded from a key source to OCI.
source_key_tier string Key source from where the key will be uploaded. The options are:
local for the CipherTrust Manager
dsm for the Data Security Manager
hsm-luna for Luna HSM
The default tier is local.

When is_native is set to true, then source_key_identifier and source_key_tier are not required.

Example Request

curl -k 'https://127.0.0.1/api/v1/cckm/oci/keys/69f02b1d-c7c7-45fb-84e3-7d2f86a3f60b/versions' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIxYzU1ZWY0Yi01MThjLTQ5ZmMtODRmMy1mYjk4MGY4YTQ3ODQiLCJzdWIiOiJsb2NhbHwyZjBmZWViNC02MjkwLTQ4ZWQtYmU1Yy0wYmU4NTVkMzE4NzMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiODU3ZDEyYjItNjljZi00OWY1LThkYjktMjI0NWMwODNiODg5Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjBjYTM2YTI5LWUyYzktNDkyZi05YjE3LTIwODM2MDIyNWVjOSIsImlhdCI6MTY0Mzg2Mzg4MywiZXhwIjoxNjQzODY0MTgzfQ.lcwHs7FhSH3oe32vWdyShTvsTGLrmO5WIFvMdu_l-wo' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n \n  "is_native": true\n}' --compressed

Example Response

{
    "id": "ec7acd24-bbe7-40c1-9c66-efb4467559c9",
    "uri": "kylo:kylo:cckm:oci-key-version:ec7acd24-bbe7-40c1-9c66-efb4467559c9",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2022-02-03T04:51:54.435551104Z",
    "updatedAt": "2022-02-03T04:51:54.434169972Z",
    "key_material_origin": "native",
    "gone": false,
    "oci_key_version_params": {
        "compartment_id": "ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audpd4d4mcf5zluymff6sq",
        "version_id": "ocid1.keyversion.oc1.iad.b5q6uxdhaahdg.avaimh5v62iaa.abuwcljstdcbcw2rpy56v5m55t5ygq4xucitd6wdqrmk4dazymr2zya7zabq",
        "key_id": "ocid1.key.oc1.iad.b5q6uxdhaahdg.abuwcljrbluqjkyywbhoho652oxrngjibgq5yhtxbeonszmmj7g4zgj4efma",
        "time_created": "2022-02-03T04:51:54.139Z",
        "vault_id": "ocid1.vault.oc1.iad.b5q6uxdhaahdg.abuwcljs6qwagycytfmnryece3u55fswvaioqfeozixgt5if5f354umdamdq",
        "lifecycle_state": "CREATING",
        "origin": "INTERNAL",
        "is_primary": true
    }
}

Response Codes

Response Code Description
2xx Success
4xx Client errors
5xx Server errors

Refer to HTTP status codes for details.