Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

Key Life Cycle Management APIs

Downloading Keys Created on AWS to CCKM

search

Please Note:

Downloading Keys Created on AWS to CCKM

Use the post /v1/cckm/aws/synchronization-jobs API to download the keys created on the AWS KMS to the CCKM based on the KMS name and regions. If any region is not specified, then the AWS keys from all the regions will be synchronized.

Syntax

curl -k '<IP>/api/v1/cckm/aws/synchronization-jobs' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n  "kms": ["<kms_identifier>"],\n  "regions": ["<region>"]\n}' --compressed

Request Parameters

Parameter Type Description
AUTHTOKEN string Authorization token.
kms array of strings Name or ID of the KMS from which the AWS keys will be synchronized.
regions array of strings Regions from which the AWS keys will be synchronized.
synchronize_all boolean Set to true to synchronize all keys from all KMS and regions.

The synchronize_alland kms, regions parameters are mutually exclusive. Specify either synchronize_all or kms and regions.

Example Request

curl -k 'https://127.0.0.1/api/v1/cckm/aws/synchronization-jobs' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJjNWMwZGJlNC1lMmJmLTQ3M2MtODY4MC01NWVkMWIzMDEzMmEiLCJzdWIiOiJsb2NhbHxhNjdjMzc0OC05YTRiLTRhZGQtYjNkOS0wNTRiYTIwYmUzYWMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMDhkNDI5ZjktNDgzYi00ODdlLWJjOTQtNGE1Mjc2ZDI2ZjZjIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImU5YWUwYTI3LWVlYjQtNGNhZi04YjE4LTdhNzIzMDBkOTA0MCIsImlhdCI6MTYwNDU1ODEzOCwiZXhwIjoxNjA0NTU4NDM4fQ.MIMArFeC4cpPNTYOd39mu6_-yihdN0CDl_917eH8-kY' -H 'Content-Type: application/json' --data-binary $'{\n  "kms": ["kms"],\n "synchronize_all": false,\n  "regions": ["ap-south-1"]\n}' --compressed

Example Response

{
"id": "afef70ff-311e-46c1-8ead-e1999e8c6d46",
"uri": "kylo:kylo:cckm:synchronize:afef70ff-311e-46c1-8ead-e1999e8c6d46",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-11-05T06:38:25.308834396Z",
"updatedAt": "2020-11-05T06:38:25.310835309Z",
"overall_status": "in_progress",
"cloud": "aws",
"regions": [
    "ap-south-1"
],
"kms": [
    "kms"
],
"abort": false
}

The sample output shows that the synchronization-jobs API has started downloading the keys from the region (ap-southeast-1) of the KMS (kms) to the CCKM. The status of synchronization process is in progress. A unique ID (afef70ff-311e-46c1-8ead-e1999e8c6d46) for the synchronization process is returned.

To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.

Response Codes

Response Code Description
2xx Success
4xx Client errors
5xx Server errors

Refer to HTTP status codes for details.

You can also schedule synchronization of the AWS keys when needed using the scheduler API. Refer to Scheduling Synchronization for details.