Disaster Management APIs
These APIs are used to perform the following tasks:
Recovering Soft-Deleted Azure Keys
Use the post /v1/cckm/azure/keys/{id}/recover API to recover a soft-deleted Azure key.
Syntax
curl -k '<IP>/api/v1/cckm/azure/keys/{id}/recover' -X POST -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id} represents the key ID.
Request Parameter
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/keys/94a392f3-52e8-4542-90b6-b8554c046492/recover' -X POST -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3 MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb2 1haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAw MDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjRmMGExN2Y0LWQxOGUtNGE5YS04ZWM2LTU1ZjI2ZjJjNTMzMiIsImlhdCI6MTYwMTQ2MTEwNiwiZXhwIjoxNjAxNDYxNDA2fQ.P_d2ngOq_AlxqXhfG-saEvQRYZCSzQbzR2S6Jzv6Ogs' --compressed
Example Response
{
"id": "94a392f3-52e8-4542-90b6-b8554c046492",
"uri": "kylo:kylo:cckm:azure-key:94a392f3-52e8-4542-90b6-b8554c046492",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-09-30T10:13:47.500575Z",
"updatedAt": "2020-09-30T10:19:18.674043Z",
"key_vault": "keyvault-softkeys::12e533dd-b5c2-4e58-a264-0cd812dc5a34",
"key_vault_id": "bedb82b9-582c-402d-9874-f3368722cf46",
"region": "northcentralus",
"deleted": false,
"backup_at": "2020-09-30T10:13:47.490014Z",
"soft_delete_enabled": true,
"key_soft_deleted_in_azure": false,
"status": "ACTIVE",
"syncedAt": "2020-09-30T10:13:46Z",
"created_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"modified_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"version": "e6d8dd366c024902b00e116af5e99ecc",
"key_size": 3072,
"backup": "971a66b249e34d31b92b1c46ce0586feaefb9a69149144d4826c7db
39ab7edb7",
"key_name": "Test-key",
"cloud_name": "AzureCloud",
"azure_param": {
"key": {
"kid": "https://keyvault-softkeys.vault.azure.net/keys/Test-key/e6d8dd366c024902b00e116af5e99ecc",
"kty": "RSA",
"key_ops": [
"encrypt",
"decrypt",
"sign"
],
"n": "pQPKeqvSEMpQ29j3bzG3Vsz-ufp5p-
JNCI1jX4lEhmL41Xmq7CVz6HkUgwPS0PC6qZc6dHXhfkewzNtmB81T5X8XYk3vK0LNckQouDoFJRm3heAyao88ei6zUndmceWGq- OmNjVMiOVViPiB46l3NAhErHVgh8DLb7gWU3yMyu4eAZGNXVYMS0BfKSy6C_ Gz9Pz4vbmJj-7jTxD_xmKuaoKkR4g2bCFDldBE8RJjtBNF_ K8XcNEoZxVuEHYlzTOQ5eXQct8LqXVgfFtwhf2BYC7cVrK0smnN-pAor_ gurBRyEtiJQV08QCwBXh4PGjWviMPt0LTkfzjLB7yIFtrAlpAece9rbfPULNOSqLuGxhFDJGHWw6IB7IIVex_ NVeBfxsbyAHOD0t3UE0VrYijrv6gVz5-VqjC1OGcqtMEEld5- aS2HlMbfpmRhTxWTbg11KKSPIm6RqplSgqMMlzSEriuCA4l6hxGRuuQRfCOqAIUQqe_9Wx433yJKF8cCt",
"e": "AQAB"
},
"attributes": {
"recoveryLevel": "CustomizedRecoverable+Purgeable",
"enabled": true,
"nbf": 1662702740,
"exp": 1662702740,
"created": 1601460826,
"updated": 1601461032
}
},
"azure_created_at": "2020-09-30T10:13:46Z",
"azure_updated_at": "2020-09-30T10:13:46Z",
"tenant": "d27d849e-e487-4b0e-a54c-a71e67687d10",
"azure_expire_at": "2022-09-09T05:52:20Z",
"key_material_origin": "native",
"gone": false,
"version_count": 1
}
The sample output shows that the parameter key_soft_deleted_in_azure is set to false. This indicates that the soft-deleted key (Test-key) is recovered.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Restoring Backed up Keys
Use the post /v1/cckm/azure/keys/{id}/restore API to restore a backed up key to the Azure key vault.
Restoration of keys among cross-region vaults is not allowed.
Syntax
curl -k '<IP>/api/v1/cckm/azure/keys/{id}/restore' -H 'Authorization: Bearer
AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "key_vault":
"<key_vault>"\n}' --compressed
Here, {id} represents the key ID.
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| key_vault_id | string | Name or ID of the vault where the key will be restored. By default, the key will restored to the vault from where it was deleted. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/azure/keys/94a392f3-52e8-4542-90b6-b8554c046492/restore' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1MDIzNTY1Yy0xOWI3LTQyY2UtODZmMi1jNWI3MTA1MTJhZjMiLCJzdWIiOiJsb2NhbHwwMWI4M2EwZS1mY2U1LTQ5MjgtODhiNi0zNTNkMmQ3ZTBiNDMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiZGJlNzU2MWYtZDVhOS00ZGEzLWJiZTEtNjlhMTg0Y2U3YzEzIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjRmMGExN2Y0LWQxOGUtNGE5YS04ZWM2LTU1ZjI2ZjJjNTMzMiIsImlhdCI6MTYwMTQ2MTEwNiwiZXhwIjoxNjAxNDYxNDA2fQ.P_d2ngOq_AlxqXhfG-saEvQRYZCSzQbzR2S6Jzv6Ogs' -H 'Content-Type: application/json' --data-binary $'{\n "key_vault": "bedb82b9-582c-402d-9874-f3368722cf46"\n}' --compressed
Example Response
{
"id": "94a392f3-52e8-4542-90b6-b8554c046492",
"uri": "kylo:kylo:cckm:azure-key:94a392f3-52e8-4542-90b6-b8554c046492",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-09-30T10:13:47.500575Z",
"updatedAt": "2020-09-30T10:21:30.139584427Z",
"key_vault": "keyvault-softkeys::12e533dd-b5c2-4e58-a264-0cd812dc5a34",
"key_vault_id": "bedb82b9-582c-402d-9874-f3368722cf46",
"region": "northcentralus",
"deleted": false,
"backup_at": "2020-09-30T10:13:47.490014Z",
"soft_delete_enabled": true,
"key_soft_deleted_in_azure": false,
"status": "ACTIVE",
"syncedAt": "2020-09-30T10:13:46Z",
"created_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"modified_by": "ef767cf9-61dd-4765-a4df-ebd65493c728",
"version": "e6d8dd366c024902b00e116af5e99ecc",
"key_size": 3072,
"backup": "971a66b249e34d31b92b1c46ce0586feaefb9a69149144d4826c7db39ab
7edb7",
"key_name": "Test-key",
"cloud_name": "AzureCloud",
"azure_param": {
"key": {
"kid": "https://keyvault-softkeys.vault.azure.net/keys/
Test-key/e6d8dd366c024902b00e116af5e99ecc",
"kty": "RSA",
"key_ops": [
"encrypt",
"decrypt",
"sign"
],
"n": "pQPKeqvSEMpQ29j3bzG3Vsz-ufp5p-JNCI1jX4lEhmL41Xmq7CVz6HkUgwPS0PC6qZc6dHXhfkewzNtmB81T5X8XYk3vK0LNckQouDoFJRm3heAyao88ei6zUndmceWGq-OmNjVMiOVViPiB46l3NAhErHVgh8DLb7gWU3yMyu4eAZGNXVYMS0BfKSy6C_Gz9Pz4vbmJj-7jTxD_xmKuaoKkR4g2bCFDldBE8RJjtBNF_K8XcNEoZxVuEHYlzTOQ5eXQct8LqXVgfFtwhf2BYC7cVrK0smnN-pAor_gurBRyEtiJQV08QCwBXh4PGjWviMPt0LTkfzjLB7yIFtrAlpAece9rbfPULNOSqLuGxhFDJGHWw6IB7IIVex_NVeBfxsbyAHOD0t3UE0VrYijrv6gVz5-VqjC1OGcqtMEEld5-aS2HlMbfpmRhTxWTbg11KKSPIm6RqplSgqMMlzSEriuCA4l6hxGRuuQRfCOqAIUQqe_9Wx433yJKF8cCt",
"e": "AQAB"
},
"attributes": {
"recoveryLevel": "CustomizedRecoverable+Purgeable",
"enabled": true,
"nbf": 1662702740,
"exp": 1662702740,
"created": 1601460826,
"updated": 1601461032
}
},
"azure_created_at": "2020-09-30T10:13:46Z",
"azure_updated_at": "2020-09-30T10:13:46Z",
"tenant": "d27d849e-e487-4b0e-a54c-a71e67687d10",
"azure_expire_at": "2022-09-09T05:52:20Z",
"key_material_origin": "native",
"gone": false
}
The sample output shows that the key (with ID 94a392f3-52e8-4542-90b6-b8554c046492)is restored to Azure key vault (with vault id bedb82b9-582c-402d-9874-f3368722cf46).
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.