Uploading a Salesforce Cache-Only Key
Use POST /v1/cckm/sfdc/upload-cache-only-key to upload a Salesforce cache-only key.
Note
When using Luna HSM as a key source for cache-only keys, CCKM, Luna HSM, and Salesforce must be geographically closest to minimize the network latency. Salesforce expects a response in less than three seconds, otherwise, testing callout connection from Salesforce fails and cannot fetch the key.
Syntax
curl -k 'https://<IP>/api/v1/cckm/sfdc/upload-cache-only-key' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "organization_id": "03b24ef3-0078-4dbb-9444-a4242f99abcd",\n "type": "Data",\n "source_key_tier": "local",\n "source_key_identifier": "03b24ef3-0078-4dbb-9444-a4242f992d69",\n "certificate_id": "85d546eb-7d94-4016-b426-da22890ee8ff",\n "sfdc_named_credential_id": "0XAB0000000KyuvOAC"\n}' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| organization_id | string | ID of the Salesforce organization where the tenant secret will be created. |
| type | string | Type of the Salesforce tenant secret. The type can be: • Data • EventBus • SearchIndex • DeterministicData • Analytics |
| source_key_tier | string | Tier of the source key. The options are local, dsm, and hsm-luna (FM-enabled Luna HSM is not supported as a key source). The default tier is local. |
| source_key_identifier | string | ID of the source key that will be uploaded to the Salesforce cloud. |
| certificate_id | string | Certificate id whose public key to be used to encrypt tenant secret. Ensure that certificate is 4096-bit key size RSA certificate with Platform Encryption enabled, and without Exportable Private Key option. |
| sfdc_named_credential_id | string | Indicates the Salesforce named credential ID to authenticate cache-only key fetch requests. |
Example Request
curl -k 'https://thales.com/api/v1/cckm/sfdc/upload-cache-only-key' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJmZjhhMDM1ZS02NjExLTQ5ZWUtYWNmNC1lMzgwZTMxNGRhOTIiLCJzdWIiOiJsb2NhbHwzMTk0ZGY4Ny1kOTk2LTRjOGMtYWRmMi03MjNkZDA3NDY2YmIiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiM2U2ZDE3YjUtZjM3YS00ZTI2LThiYWMtZDM4Y2I5N2U2OTI4Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjNkYTQ1M2Y3LTgyYmMtNDY4YS1hYTBjLWNmZGUyNmVmMWEzYiIsImlhdCI6MTYzMzcwMzExNCwiZXhwIjoxNjMzNzAzNDE0fQ.KBj9zRO3ZEKZjL7IRHIwD6XzVAkeoiQINhmZnhLVHgg' -H 'Content-Type: application/json' --data-binary $'{\n "organization_id": "03b24ef3-0078-4dbb-9444-a4242f99abcd",\n "type": "Data",\n "source_key_tier": "local",\n "source_key_identifier": "03b24ef3-0078-4dbb-9444-a4242f992d69",\n "certificate_id": "85d546eb-7d94-4016-b426-da22890ee8ff",\n "sfdc_named_credential_id": "0XAB0000000KyuvOAC"\n}' --compressed
Example Response
{
"id": "a2c9f01e-48fd-4a82-bf40-918e581b3255",
"uri": "kylo:kylo:cckm:Tenant_Secret:a2c9f01e-48fd-4a82-bf40-918e581b3255",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-07-03T20:32:31.526936169Z",
"updatedAt": "2021-07-03T20:32:31.524915269Z",
"cloud_name": "sfdc",
"name": "00DB000000030cINBQ-Data",
"organization_id": "03b24ef3-0078-4dbb-9444-a4242f99abcd",
"error_msg": "",
"sfdc_params": {
"SalesforceID": "01GB0000000UAK9MAO",
"CreatedById": "005B00000021BO4IAM",
"LastModifiedDate": "2021-07-03T20:32:31.000+0000",
"LastModifiedById": "005B00000021BO4IAM",
"SystemModstamp": "2021-07-03T20:32:31.000+0000",
"SecretValueHash": "UNKNOWM=",
"version": 2112,
"status": "ACTIVE",
"source": "REMOTE",
"SecretValueCertificate": "IsaTest",
"type": "Data",
"RemoteKeyCertificate": "cert1",
"RemoteKeyServiceID": "0XAB0000000KyuvOAC",
"RemoteKeyIdentifier": "a2c9f01e-48fd-4a82-bf40-918e581b3255"
},
"source_key_identifier": "626fdff442284cf1ad4b9030c21bfcddb2004e1cfd2b420da7c33d7f50e78c91",
"source_key_tier": "local",
"sfdc_org_id": "00DB000000012ABCDE",
"auto_rotate": false,
"origin": "cckm"
}
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
