Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

Google Cloud Key APIs

Updating a Google Cloud Key

search

Please Note:

Updating a Google Cloud Key

Use the patch /v1/cckm/google/keys/{id} API to update the attributes of a Google Cloud key with the given ID.

  • For symmetric keys, you can update primary_version, next_rotation_time, rotation_period, and labels.

  • For asymmetric keys, you can update version_template_algorithm and labels.

Syntax

curl -k '<IP>/api/v1/cckm/google/keys/{id}' -X PATCH -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n  "primary_version": "<primary_version>",\n  "next_rotation_time": "<next_rotation_time>",\n  "rotation_period": "<rotation_period>",\n  "labels": {"<label-key>": "<label-value>"},\n  "version_template_algorithm": "<version_template_algorithm>"\n}' --compressed

Here, {id} represents the resource ID of the Google Cloud key on the CipherTrust Manager. The resource id is different than key_id.

Request Parameters

Parameter Type Description
AUTHTOKEN string Authorization token.
labels string of JSON Labels (tags) attached to the Google Cloud key in the form of key-value JSON pairs, for example, "isakey": "yes". For Google label requirements, refer to [Labeling keys
next_rotation_time string (Symmetric keys only) Time when the Google Cloud key will be automatically rotated by Google Cloud KMS (symmetric key only). The time must be in the RFC3339 format, for example, "2022-07-31T17:18:37.085Z".
primary_version_id string (Symmetric keys only) Version number of the new primary version for the Google Cloud key. Set the primary version from the existing versions of a Google Cloud key.
A Google Cloud key has multiple versions, but a symmetric key can have at most one primary key version. The primary key version is used to encrypt data if you do not specify a key version.
Asymmetric keys do not have primary versions; you must specify the version when using the key.
rotation_period string (Symmetric keys only) Frequency at which the Google Cloud key will be automatically rotated by Google Cloud KMS. The frequency must be in the format "<duration>s", that is, duration in seconds terminated by s, for example, "360000s".
version_template_algorithm string (Asymmetric keys only) Algorithm for the asymmetric Google Cloud key. The supported algorithms are:
• RSA_SIGN_PSS_2048_SHA256
• RSA_SIGN_PSS_3072_SHA256
• RSA_SIGN_PSS_4096_SHA256
• RSA_SIGN_PSS_4096_SHA512
• RSA_SIGN_PKCS1_2048_SHA256
• RSA_SIGN_PKCS1_3072_SHA256
• RSA_SIGN_PKCS1_4096_SHA256
• RSA_SIGN_PKCS1_4096_SHA512
• RSA_DECRYPT_OAEP_2048_SHA256
• RSA_DECRYPT_OAEP_3072_SHA256
• RSA_DECRYPT_OAEP_4096_SHA256
• RSA_DECRYPT_OAEP_4096_SHA512
• EC_SIGN_P256_SHA256
• EC_SIGN_P384_SHA384
• EC_SIGN_SECP256K1_SHA256 (Only for protection level, HSM)
• GOOGLE_SYMMETRIC_ENCRYPTION
• HMAC_SHA256
Algorithm of a symmetric Google Cloud key cannot be changed.

Example Request

curl -k 'https://127.0.0.1/api/v1/cckm/google/keys/2f18eade-2fd9-4c48-85f7-550107729299' -X PATCH -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI0MmFmZDExNy02YzllLTRhNGUtOTAwYS1lYjlhNDNjYWE5ZDIiLCJzdWIiOiJsb2NhbHwzMTI5ODdkMS0wOWNiLTQxZTEtOThmNy1jZjRhNzgwNTZiMTMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNDVmOWE3NWUtMzI1NC00NWJkLWE0NzYtOWU2NWUyNjdmNGVkIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjdiYzNkOWM4LWRiYTQtNDVmMy05YWNiLWI3NGM2MzQyYzYyMCIsImlhdCI6MTYxNDc1MTg1MSwiZXhwIjoxNjE0NzUyMTUxfQ.ahdxfM7-WA4u7sotHy6qelc9MkoZytst7oZWsvE7Cr0' -H 'Content-Type: application/json' --data-binary $'{\n  "primary_version": "",\n  "next_rotation_time": "",\n  "rotation_period": "",\n  "labels": {},\n  "version_template_algorithm": "RSA_DECRYPT_OAEP_4096_SHA512"\n}' --compressed

Example Response

{
    "id": "2f18eade-2fd9-4c48-85f7-550107729299",
    "uri": "kylo:kylo:cckm:gcp-keys:3bb59aca-8969-4a85-adca-12e661327dd0",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-05-05T03:06:13.442981Z",
    "updatedAt": "2021-05-05T06:11:03.368388982Z",
    "cloud_name": "gcp",
    "key_id": "TestKey2",
    "project_id": "gemalto-kyloeng",
    "location_id": "global",
    "key_ring_id": "cckm",
    "key_ring_name": "projects/gemalto-kyloeng/locations/global/keyRings/demo-key-ring",
    "gone": false,
    "auto_rotate": false,
    "status": "AVAILABLE",
    "gcp_params": {
        "name": "projects/gemalto-kyloeng/locations/global/keyRings/demo-key-ring/cryptoKeys/TestKey2",
        "primary": "",
        "createTime": "2021-05-05T03:06:14.289985Z",
        "purpose": "ASYMMETRIC_DECRYPT",
        "next_rotation_time": null,
        "protectionLevel": "SOFTWARE",
        "algorithm": "RSA_DECRYPT_OAEP_4096_SHA512"
    }
}

The sample output displays the list of Google Cloud key rings based on the specified Google Cloud connection, location, and project ID.

Response Codes

Response Code Description
2xx Success
4xx Client errors
5xx Server errors

Refer to HTTP status codes for details.