Enabling Auto Rotation of OCI Keys
Use the post /v1/cckm/oci/keys/{id}/enable-auto-rotation API to enable auto rotation of an OCI key with the given ID.
Syntax
curl -k '<IP>/api/v1/cckm/oci/keys/{id}/enable-auto-rotation' -X POST -H 'Authorization: Bearer AUTHTOKEN' -H 'accept: application/json' --compressed
Here, {id} represents the resource ID of the OCI key for which automatic key rotation is to be enabled.
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| auto_rotate_key_source | string | Source of key material for the new OCI key. The options are: • native • hsm-luna (FM-enabled Luna HSM is not supported as a key source) • dsm • external-cm • ciphertrust |
| job_config_id | string | ID of the scheduler job that will perform key rotation. |
| auto_rotate_domain_id | string | (DSM keys only) ID of the domain in which the DSM key will be created. Specify this parameter when auto_rotate_key_source is dsm. |
| auto_rotate_external_cm_domain_id | string | (External CipherTrust Manager keys only) ID of the external CipherTrust Manager domain in which the external CipherTrust Manager key will be created. Specify this when auto_rotate_key_source is external-cm. |
| auto_rotate_partition_id | string | (Luna HSM keys only) ID of the partition in which the HSM key will be created. Specify this parameter when auto_rotate_key_source is hsm-luna. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/oci/keys/ecc73bfb-7605-4263-abb8-84fe431d35fb/enable-auto-rotation' -X POST -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI0MmFmZDExNy02YzllLTRhNGUtOTAwYS1lYjlhNDNjYWE5ZDIiLCJzdWIiOiJsb2NhbHwzMTI5ODdkMS0wOWNiLTQxZTEtOThmNy1jZjRhNzgwNTZiMTMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiNDVmOWE3NWUtMzI1NC00NWJkLWE0NzYtOWU2NWUyNjdmNGVkIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjdiYzNkOWM4LWRiYTQtNDVmMy05YWNiLWI3NGM2MzQyYzYyMCIsImlhdCI6MTYxNDc1MTg1MSwiZXhwIjoxNjE0NzUyMTUxfQ.ahdxfM7-WA4u7sotHy6qelc9MkoZytst7oZWsvE7Cr0' -H 'accept: application/json' --compressed
Example Response
{
"id": "85b60d4c-39b2-42e4-a87a-f930ef35cbe9",
"uri": "kylo:kylo:cckm:oci-key:testocikey-22thoct-14f1c536-7b19-44ca-b720-eff431e3ff67",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-10-22T03:27:42.087228Z",
"labels": {
"auto_rotate_key_source": "native",
"job_config_id": "932bdc70-a960-4c32-ba22-f1ed62c029e7"
},
"updatedAt": "2021-10-27T07:34:20.133055084Z",
"cloud_name": "oci",
"tenant": "thales-preprod",
"oci_param": {
"enabled": true,
"exportable": false,
"groupId": "c838f874-3bf2-41d5-88c2-b5f5bf8094a8",
"oci_key_id": "85b60d4c-39b2-42e4-a87a-f930ef35cbe9",
"keystoreContext": {
"customerHeld": false
},
"meta": {
"created": "2021-10-22T03:27:41Z",
"creatorId": "171cdee5-947e-4bcd-ae0b-562256624904",
"creatorName": "creator.name@xyz.com",
"imported": false,
"primaryVersion": 3,
"totalVersions": 4
},
"name": "TestociKey--22thOct",
"operations": [
"DECRYPT",
"ENCRYPT"
],
"role": "UNSPECIFIED",
"size": 256,
"type": "AES"
},
"cckm_group_name": "CCKM",
"cckm_group_id": "003d0903-508c-4162-95e3-f59a11c8351a",
"gone": false,
"origin": "native",
"auto_rotate": true,
"oci_application": "GENERAL",
"oci_group_name": "CCKM",
"Deleted": false,
"status": "AVAILABLE"
}
The sample output shows details such as the key material origin and other parameters for automatic rotation of the specified OCI key.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
