Scheduling Destruction of a Google Cloud Key Version
Use the post /v1/cckm/google/keys/{id}/versions/{versionID}/schedule-destroy API to schedule the destruction of a particular version of a Google Cloud key with the given ID. The version state is set to DESTROY_SCHEDULED and destroyTime is set to a time 24 hours in the future. At the scheduled time, the state changes to DESTROYED and the version's key material is deleted permanently.
Syntax
curl -k '<IP>/api/v1/cckm/google/keys/{id}/versions/{versionID}/schedule-destroy' -X POST -H 'Authorization: Bearer AUTHTOKEN' --compressed
Here, {id} represents the resource ID of the parent Google Cloud key and {versionID} represents the resource ID of the key version on the CipherTrust Manager.
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/google/keys/ecc73bfb-7605-4263-abb8-84fe431d35fb/versions/e2f79e23-749d-4579-bef1-5777a4651e9e/schedule-destroy' -X POST -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhOGY3N2IxZS1lOTY2LTQwMjEtODRjMC01YjZiNjAzMTBmOWEiLCJzdWIiOiJsb2NhbHwzM2Y5ZDFmNi04MjJiLTQ0NTItOGM4MC1mYzM0ZGYyZTI3OGQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNjcyMjMzMDAtYjU2ZC00ZmVmLTkwMDEtZGE1NGY2ZDdiMzY4Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImFkOTY4NjRhLWMwMDEtNGVkNS1hOTdmLWIxZjBkZTBjMDg2YiIsImlhdCI6MTYyMDIwMjg3MiwiZXhwIjoxNjIwMjAzMTcyfQ.D9EThFTzVyrJTuwp-11SKI_cmh2rJRuzRAZQOG-sL_4' --compressed
Example Response
{
"id": "e2f79e23-749d-4579-bef1-5777a4651e9e",
"uri": "kylo:kylo:cckm:gcp-key-versions:e2f79e23-749d-4579-bef1-5777a4651e9e",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-05-05T06:32:29.029189Z",
"updatedAt": "2021-05-05T08:24:21.861255777Z",
"parent_key_name": "projects/gemalto-kyloeng/locations/global/keyRings/demo-key-ring/cryptoKeys/doc-test",
"parent_key_id": "ecc73bfb-7605-4263-abb8-84fe431d35fb",
"key_ring_name": "projects/gemalto-kyloeng/locations/global/keyRings/demo-key-ring",
"version": 2,
"is_primary": true,
"key_material_origin": "native",
"deleted": false,
"gone": false,
"gcp_key_version_params": {
"name": "projects/gemalto-kyloeng/locations/global/keyRings/demo-key-ring/cryptoKeys/doc-test/cryptoKeyVersions/2",
"state": "DESTROY_SCHEDULED",
"protectionLevel": "SOFTWARE",
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"createTime": "2021-05-05T06:33:47.319389Z",
"generateTime": "2021-05-05T06:33:47.319389Z",
"destroyTime": "2021-05-06T08:25:40.076753Z",
"destroyEventTime": null
}
}
The sample output displays that a version with the ID e2f79e23-749d-4579-bef1-5777a4651e9e of a Google Cloud key with the ID ecc73bfb-7605-4263-abb8-84fe431d35fb is scheduled to destroy at "destroyTime": "2021-05-06T08:25:40.076753Z".
If you want to cancel the scheduled destruction of a key version before its destroyTime is reached, run the /v1/cckm/google/keys/{id}/versions/{versionID}/cancel-schedule-destroy API. Refer to Canceling Scheduled Destruction of a Google Cloud Key Version.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
