Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

Key Life Cycle Management APIs

Updating Key Parameters

search

Please Note:

Updating Key Parameters

Use the patch /v1/cckm/azure/keys/{id} API to update the parameters of a key. You can modify the key attributes (such as expiration and activation time), key operations, and tags.

Syntax

curl -k '<IP>/api/v1/cckm/azure/keys/{id}' -X PATCH -H 'Authorization: Bearer
AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "key_ops":
["<key_operations>"]\n}' --compressed

Here, {id} represents the key ID.

Request Parameters

Parameter Type Description
AUTHTOKEN string Authorization token.
attributes JSON Attributes to be updated such as exp, enabled, and nbf. Possible option are:
• nbf - Activation date for the key in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740.
• exp - Expiration date for the key in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740.
• enabled - Specify whether the key is enabled or disabled (true/false).
key_ops array of strings Cryptographic operations the key can perform. Possible options are:
• encrypt
• decrypt
• sign
• verify
• wrapKey
• unwrapKey
tags JSON An optional parameter to add additional information to the key. The value must be specified as the key-value pair. Refer to the following rules on tag values.

  • CCKM allows the following characters in tag values:

    • Alphanumeric characters

    • Special characters ! @ # $ ) ( { } > < ? + - / [ ] ^ & + = | ~ ` ; . ' _

  • CCKM does not allow the following special characters in tag values:
    \ , : " %

Example Request

curl -k 'https://127.0.0.1/api/v1/cckm/azure/keys/94a392f3-52e8-4542-90b6-b8554c046492' -X PATCH -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6Ijg0MjMxNmZhLWFiOTItNGQ2Ni1hMjQ4LTkxM2I2MmNhOTQzNSIsImlhdCI6MTYwMTQ2MDc5NCwiZXhwIjoxNjAxNDYxMDk0fQ.4ZoMwbFAYHRHfQbf_yhQ-f5j75HaNaWViOSunTrt8xw' -H 'Content-Type: application/json' --data-binary $'{\n "key_ops": ["encrypt",\n"decrypt",\n"sign"]\n}' --compressed

Example Response

{
    "id": "94a392f3-52e8-4542-90b6-b8554c046492",
    "uri": "kylo:kylo:cckm:azure-key:94a392f3-52e8-4542-90b6-b8554c046492",
    "account": "kylo:kylo:admin:accounts:kylo",
    "application": "ncryptify:gemalto:admin:apps:kylo",
    "devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
    "createdAt": "2020-09-30T10:13:47.500575Z",
    "updatedAt": "2020-09-30T10:17:13.803318868Z",
    "key_vault": "keyvault-softkeys::12e533dd-b5c2-4e58-a264-0cd812dc5a34",
    "key_vault_id": "bedb82b9-582c-402d-9874-f3368722cf46",
    "region": "northcentralus",
    "deleted": false,
    "backup_at": "2020-09-30T10:13:47.490014Z",
    "soft_delete_enabled": true,
    "key_soft_deleted_in_azure": false,
    "status": "ACTIVE",
    "syncedAt": "2020-09-30T10:13:46Z",
    "created_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
    "modified_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
    "version": "e6d8dd366c024902b00e116af5e99ecc",
    "key_size": 3072,
    "backup": "971a66b249e34d31b92b1c46ce0586feaefb9a69149144d4826c7db39ab7edb7",
    "key_name": "Test-key",
    "cloud_name": "AzureCloud",
    "azure_param": {
        "key": {
            "kid": "https://keyvault-softkeys.vault.azure.net/keys/Test
            -key/e6d8dd366c024902b00e116af5e99ecc",
            "kty": "RSA",
            "key_ops": [
                "encrypt",
                "decrypt",
                "sign"
            ],
            "n": "pQPKeqvSEMpQ29j3bzG3Vsz-ufp5p-        JNCI1jX4lEhmL41Xmq7CVz6HkUgwPS0PC6qZc6dHXhfkewzNtmB81T5X8XYk3vK0LNckQouDoFJRm3heAyao88ei6zUndmceWGq-            OmNjVMiOVViPiB46l3NAhErHVgh8DLb7gWU3yMyu4eAZGNXVYMS0BfKSy6C_            Gz9Pz4vbmJj-7jTxD_xmKuaoKkR4g2bCFDldBE8RJjtBNF_K8XcNEoZxVuEHYlzTOQ5eXQct8LqXVgfFtwhf2BYC7cVrK0smnN-pAor_            gurBRyEtiJQV08QCwBXh4PGjWviMPt0LTkfzjLB7yIFtrAlpAece9rbfPULNOSqLuGxhFDJGHWw6IB7IIVex_           NVeBfxsbyAHOD0t3UE0VrYijrv6gVz5-VqjC1OGcqtMEEld5-           aS2HlMbfpmRhTxWTbg11KKSPIm6RqplSgqMMlzSEriuCA4l6hxGRuuQRfCOqAIUQqe_9Wx433yJKF8cCt",
            "e": "AQAB"
        },
        "attributes": {
            "recoveryLevel": "CustomizedRecoverable+Purgeable",
            "enabled": true,
            "nbf": 1662702740,
            "exp": 1662702740,
            "created": 1601460826,
            "updated": 1601461032
        }
    },
    "azure_created_at": "2020-09-30T10:13:46Z",
    "azure_updated_at": "2020-09-30T10:13:46Z",
    "tenant": "d27d849e-e487-4b0e-a54c-a71e67687d10",
    "azure_expire_at": "2022-09-09T05:52:20Z",
    "key_material_origin": "native",
    "gone": false
}

The sample output shows that the key_ops parameter is modified and the key (Test-key) can perform the following crypto operations:

  • encrypt

  • decrypt

  • sign

To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.

Response Codes

Response Code Description
2xx Success
4xx Client errors
5xx Server errors

Refer to HTTP status codes for details.