OCI Reports APIs
CCKM provides options to generate key visibility reports based on key-related activities between CCKM and Oracle vaults and rotation schedules. Use the reports to track keys by their expiration dates.
Oracle reports are categorized as:
-
Key Activity Report: Inspect individual Oracle key histories by operations, for example, when they were refreshed, rotated, edited, or deleted. Also, use this report to compare key activities between CCKM and Oracle vaults.
-
Key Rotation Report: Track keys that have been rotated or will be rotated between the selected period.
-
Key Aging Report: Track Oracle keys by their expiration dates. Audit a range of dates, from past material deletions to future scheduled deletions, within selected Oracle vaults.
Use the OCI reports APIs to:
-
Generate a report
-
View the list of existing reports
-
View details of a particular report
-
Delete a report from CCKM
-
View the content of a generated report
-
Download the content of a report in CSV
Generating an OCI Report
Use the post /v1/cckm/oci/reports API to generate a report. This API starts the report generation. The report content can be verified by running the get /v1/cckm/oci/reports/{id}/contents API. Refer to Viewing Content of Generated OCI Reports.
Syntax
curl -k '<IP>/api/v1/cckm/oci/reports' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "name": "<report name>",\n "start_time": "<start time>",\n "end_time": "<end time>",\n "report_type": "<report type>",\n "oci_params": [<OCI parameters>]\n}' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| name | string | Name for the report. |
| report_type | string | Type of the report. The supported types are: • key-report• key-rotation• key-aging |
| oci_params | JSON | OCI parameter. Refer to OCI Parameter for details. |
| start_time | string | Start time from when the report is to be generated. Default start time is end_time-24hrs. |
| end_time | string | End time for the report. Default end time is the time when the call is initiated. |
If end_time and start_time are not specified, a report for the last 24 hours is generated.
OCI Parameter
| Parameter | Type | Description |
|---|---|---|
| vault | string | Resource ID of the OCI vault on the CipherTrust Manager. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/reports' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI4NDQ3NTdmMS1hMWNmLTRhMzEtYWZiNC0zNTdhNGM3NmVkYjciLCJzdWIiOiJsb2NhbHwxNjEyYjYyYy1mYWFiLTQ1NzQtYWQ4Ny00ZTBmMDRlNWZlMzUiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiOTYyNDEwNzktOGU1Ni00MGM5LWJhMmMtN2Y0MjZhMWZhZjQwIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImMxNjRhNGNjLTI5YmYtNDlkNy1iODlmLTdlZGVjNmZkOTAwNiIsImlhdCI6MTYzNjM0OTkzMSwiZXhwIjoxNjM2MzUwMjMxfQ.GfqrxEWAttYDfCrn8xuDQMOYnCENcq1aOxi8ZLhe7qY' -H 'Content-Type: application/json' --data-binary $'{\n "start_time": "2021-11-06T06:37:07Z",\n "end_time": "2021-11-06T08:37:07Z",\n "name": "ab-report",\n "report_type": "key-report",\n "oci_params": [\n {\n "vault": "cac0dc79-de8a-4cde-a5f3-84c1b42b637e"\n }\n ]\n}' --compressed
Example Response
{
"id": "534c09d8-befc-447f-96b8-740ea3200520",
"uri": "kylo:kylo:cckm:oci-reports:534c09d8-befc-447f-96b8-740ea3200520",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-02-07T04:44:54.842134932Z",
"updatedAt": "2022-02-07T04:44:54.845464762Z",
"overall_status": "in_progress",
"detailed_status": {
"cac0dc79-de8a-4cde-a5f3-84c1b42b637e": "in_progress"
},
"abort": false,
"connection": "oci1",
"report_type": "key-rotation",
"vaults": [
"cac0dc79-de8a-4cde-a5f3-84c1b42b637e"
],
"start_time": "2022-02-02T00:00:00Z",
"end_time": "2022-02-02T20:00:00Z",
"name": "ab-report"
}
The output shows that the "overall_status" of the report is "in_progress". Wait until the status becomes Completed. To check the status, run the get /v1/cckm/oci/reports (refer to Viewing List of Existing OCI Reports) or get /v1/cckm/oci/reports/{id} API (refer to Viewing Details of a Particular OCI Report).
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Viewing List of Existing OCI Reports
Use the get /v1/cckm/oci/reports API to view the list of updated reports. The results can be filtered using the request query parameters.
Syntax
curl -k '<IP>/api/v1/cckm/oci/reports?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Request Parameter
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Request Query Parameters
| Parameter | Type | Description |
|---|---|---|
| id | string | Internal ID of the OCI report. |
| overall_status | string | Overall status of the OCI report. The status can be: • completed• in progress• failed |
| name | string | Name of the OCI report. |
| report_type | string | Type of the OCI report. The supported types are: • key-report• key-rotation• key-aging |
| skip | integer | Number of records to skip. For example, if "skip":5 is specified, the first five records will not be displayed in the output. |
| limit | integer | Numbers of records to display. For example, if "limit":10 is specified, then the next 10 records (after skipping the number of records specified in the skip parameter) will be displayed in the output. |
| sort | string | Comma-delimited list of properties to sort the results. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/reports?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI4NDQ3NTdmMS1hMWNmLTRhMzEtYWZiNC0zNTdhNGM3NmVkYjciLCJzdWIiOiJsb2NhbHwxNjEyYjYyYy1mYWFiLTQ1NzQtYWQ4Ny00ZTBmMDRlNWZlMzUiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiOTYyNDEwNzktOGU1Ni00MGM5LWJhMmMtN2Y0MjZhMWZhZjQwIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImMxNjRhNGNjLTI5YmYtNDlkNy1iODlmLTdlZGVjNmZkOTAwNiIsImlhdCI6MTYzNjM0OTkzMSwiZXhwIjoxNjM2MzUwMjMxfQ.GfqrxEWAttYDfCrn8xuDQMOYnCENcq1aOxi8ZLhe7qY' --compressed
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "534c09d8-befc-447f-96b8-740ea3200520",
"uri": "kylo:kylo:cckm:oci-reports:534c09d8-befc-447f-96b8-740ea3200520",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-02-07T04:44:54.842135Z",
"updatedAt": "2022-02-07T04:44:54.845465Z",
"overall_status": "in_progress",
"detailed_status": {
"cac0dc79-de8a-4cde-a5f3-84c1b42b637e": "in_progress"
},
"abort": false,
"connection": "oci1",
"report_type": "key-rotation",
"vaults": [
"cac0dc79-de8a-4cde-a5f3-84c1b42b637e"
],
"start_time": "2022-02-02T00:00:00Z",
"end_time": "2022-02-02T20:00:00Z",
"name": "ab-report"
}
]
}
The output shows two OCI reports with their details.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Viewing Details of a Particular OCI Report
Use the get /v1/cckm/oci/reports/{id} API to view the details of an OCI report.
Syntax
curl -k '<IP>/api/v1/cckm/oci/reports/{id}' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id} represents the resource ID of the OCI report on the CipherTrust Manager.
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/reports/534c09d8-befc-447f-96b8-740ea3200520' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI4NDQ3NTdmMS1hMWNmLTRhMzEtYWZiNC0zNTdhNGM3NmVkYjciLCJzdWIiOiJsb2NhbHwxNjEyYjYyYy1mYWFiLTQ1NzQtYWQ4Ny00ZTBmMDRlNWZlMzUiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiOTYyNDEwNzktOGU1Ni00MGM5LWJhMmMtN2Y0MjZhMWZhZjQwIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImMxNjRhNGNjLTI5YmYtNDlkNy1iODlmLTdlZGVjNmZkOTAwNiIsImlhdCI6MTYzNjM0OTkzMSwiZXhwIjoxNjM2MzUwMjMxfQ.GfqrxEWAttYDfCrn8xuDQMOYnCENcq1aOxi8ZLhe7qY' --compressed
Example Response
{
"id": "534c09d8-befc-447f-96b8-740ea3200520",
"uri": "kylo:kylo:cckm:oci-reports:534c09d8-befc-447f-96b8-740ea3200520",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-02-07T04:44:54.842135Z",
"updatedAt": "2022-02-07T04:51:28.094618Z",
"completed_at": "2022-02-07T04:51:28.094291Z",
"overall_status": "completed",
"detailed_status": {
"cac0dc79-de8a-4cde-a5f3-84c1b42b637e": "completed"
},
"abort": false,
"connection": "oci1",
"report_type": "key-rotation",
"vaults": [
"cac0dc79-de8a-4cde-a5f3-84c1b42b637e"
],
"start_time": "2022-02-02T00:00:00Z",
"end_time": "2022-02-02T20:00:00Z",
"name": "ab-report"
}
The output shows the details of an OCI report with the specified resource ID.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Viewing Content of Generated OCI Reports
Use the get /v1/cckm/oci/reports/{id}/contents API to view the content of an OCI report on console. Use the request query parameters to filter the content of the report.
Syntax
curl -k '<IP>/api/v1/cckm/oci/reports/{id}/contents?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id} represents the resource ID of the OCI report on the CipherTrust Manager.
Request Parameter
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Request Query Parameters
| Parameter | Type | Description |
|---|---|---|
| key_name | string | Name of the OCI key. |
| oci_key_id | string | ID of the OCI key. |
| vault_id | string | Resource ID of the OCI vault. |
| key_activity | string | Activity performed on the key. |
| origin | string | Origin of the key. |
| user_name | string | Name of the CCKM user who performed the operation. |
| skip | integer | Number of records to skip. For example, if "skip":5 is specified, the first five records will not be displayed in the output. |
| limit | integer | Numbers of records to display. For example, if "limit":10 is specified, then the next 10 records (after skipping the number of records specified in the skip parameter) will be displayed in the output. |
| sort | string | Comma-delimited list of properties to sort the results. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/reports/534c09d8-befc-447f-96b8-740ea3200520/contents?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI4NDQ3NTdmMS1hMWNmLTRhMzEtYWZiNC0zNTdhNGM3NmVkYjciLCJzdWIiOiJsb2NhbHwxNjEyYjYyYy1mYWFiLTQ1NzQtYWQ4Ny00ZTBmMDRlNWZlMzUiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiOTYyNDEwNzktOGU1Ni00MGM5LWJhMmMtN2Y0MjZhMWZhZjQwIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImMxNjRhNGNjLTI5YmYtNDlkNy1iODlmLTdlZGVjNmZkOTAwNiIsImlhdCI6MTYzNjM0OTkzMSwiZXhwIjoxNjM2MzUwMjMxfQ.GfqrxEWAttYDfCrn8xuDQMOYnCENcq1aOxi8ZLhe7qY' --compressed
Example Response
{
"skip": 0,
"limit": 1,
"total": 10,
"resources": [
{
"id": "534c09d8-befc-447f-96b8-740ea3200520",
"uri": "kylo:kylo:cckm:oci-reports:534c09d8-befc-447f-96b8-740ea3200520",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-02-07T04:45:46.252928Z",
"updatedAt": "2022-02-07T04:45:46.244451Z",
"key_name": "TestKeyForDemo",
"event_type": "CreateKeyVersion.begin",
"oci_key_id": "ocid1.key.oc1.iad.bzqawsedaagyg.abuwcljsqawseddz4elaqlwmcz56c3tic2ndcofkndggg6cji7dolbvuwyhq",
"vault_id": "ocid1.vault.oc1.iad.bzqawsedaaeuk.abuwcljtaqawsedpqud5hgd7ikl7pmfn7q6wogbigjryu4udtkinnkmyacrq",
"key_activity": "CreateKeyVersion",
"event_time": "2022-02-02T07:53:06.253Z",
"user_name": "user@example.com"
}
]
}
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Downloading Content of OCI Reports in CSV
Use the get /v1/cckm/oci/reports/{id}/download API to download the comma-separated OCI report. The report is downloaded as a CSV file named as <report-name>-<report-type>.csv, for example, oci-report-key-report.csv.
Syntax
curl -k '<IP>/api/v1/cckm/oci/reports/{id}/download' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id} represents the resource ID of the OCI report on the CipherTrust Manager.
Request Parameter
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/reports/534c09d8-befc-447f-96b8-740ea3200520/download' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI4NDQ3NTdmMS1hMWNmLTRhMzEtYWZiNC0zNTdhNGM3NmVkYjciLCJzdWIiOiJsb2NhbHwxNjEyYjYyYy1mYWFiLTQ1NzQtYWQ4Ny00ZTBmMDRlNWZlMzUiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiOTYyNDEwNzktOGU1Ni00MGM5LWJhMmMtN2Y0MjZhMWZhZjQwIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImMxNjRhNGNjLTI5YmYtNDlkNy1iODlmLTdlZGVjNmZkOTAwNiIsImlhdCI6MTYzNjM0OTkzMSwiZXhwIjoxNjM2MzUwMjMxfQ.GfqrxEWAttYDfCrn8xuDQMOYnCENcq1aOxi8ZLhe7qY' --compressed
The report is downloaded as a CSV file named as <report-name>-<report-type>.csv, for example, oci-report-key-report.csv.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Deleting a Report from CCKM
Use the delete /v1/cckm/oci/reports/{id} API to delete an OCI report from CCKM.
Syntax
curl -k '<IP>/api/v1/cckm/oci/reports/{id}' -X DELETE -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id} represents the resource ID of the OCI report on the CipherTrust Manager.
Request Parameter
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/reports/534c09d8-befc-447f-96b8-740ea3200520' -X DELETE -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI4NDQ3NTdmMS1hMWNmLTRhMzEtYWZiNC0zNTdhNGM3NmVkYjciLCJzdWIiOiJsb2NhbHwxNjEyYjYyYy1mYWFiLTQ1NzQtYWQ4Ny00ZTBmMDRlNWZlMzUiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiOTYyNDEwNzktOGU1Ni00MGM5LWJhMmMtN2Y0MjZhMWZhZjQwIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImMxNjRhNGNjLTI5YmYtNDlkNy1iODlmLTdlZGVjNmZkOTAwNiIsImlhdCI6MTYzNjM0OTkzMSwiZXhwIjoxNjM2MzUwMjMxfQ.GfqrxEWAttYDfCrn8xuDQMOYnCENcq1aOxi8ZLhe7qY' --compressed
Example Response
{
"status": 204
}
The output shows that the report with the specified resource ID is deleted from CCKM.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.