Your suggested change has been received. Thank you.


Suggest A Change….


CCKM Administration



Please Note:


This section provides an overview of the CipherTrust Manager interfaces.


The CipherTrust Manager includes a CLI tool, named ksctl, that can be downloaded and run locally to control a remote CipherTrust Manager appliance. ksctl exclusively uses the REST API to communicate with the CipherTrust Manager, so anything that you can do with the tool, you can also do directly with the REST API. Conversely, ksctl exposes most of the functionality of the REST API. It can perform management functions, such as managing registration tokens and clients.

ksctl is designed to be run from a remote system, not on the CipherTrust Manager itself.

To use the CLI:

  1. Open the CipherTrust Manager URL in a browser.

  2. Click the API & CLI Documentation link. The API playground is displayed.

  3. At the top left, click CLI Guide. The CLI documentation is displayed.

  4. At the top right, click the CLI download button. This downloads the file.

  5. Unzip the file. The extracted files contain platform specific files. For example, the file for Windows is ksctl-win-amd64, and for Linux, the file is ksctl-linux-amd64.

  6. Set up the ksctl- file for your system. Refer to the CipherTrust Manager CLI documentation for details.

  7. Run ksctl cckm to run CCKM specific commands.

Refer to the CipherTrust Manager documentation for details. For details on commands related to CCKM, refer to the online documentation of ksctl cckm.


Use the REST interface from the API playground or through any REST client such as curl. The REST interface acquires an authorization token internally and uses it for making API calls.

Acquiring an Authorization Token

To acquire a token:

  1. Open the CipherTrust Manager URL in a browser. The login page is displayed.

  2. Click the API & CLI Documentation link. The API playground is displayed.

  3. At the top right, click Authenticate.

  4. Enter username and password.

  5. Click POST.

This acquires an API token and prefills it in the playground examples. The token expires in 300 seconds (5 minutes). When it expires, use this tool again to acquire a new token.

On successful token generation, the remaining token expiry time in seconds is displayed. Two new buttons, Clear Credentials and Re Authenticate, are also displayed at the top right.

Using the Token

The authorization token acquired above is used in examples in the API playground. The token expires in 5 minutes; if expired, generate a new token, as described in Acquiring an Authorization Token.

Making an API Call

To make an API call, find the API in the left pane and click it. In the right pane, specify the required parameters, and click an appropriate button (for example, POST, GET, DELETE, or Curl). For example, to add an AWS account to the CCKM:

  1. In the left pane, click CCKM > AWSKms.

  2. Click Add AWS KMS - post. The right pane shows the Add AWS KMS - post section.

  3. In the body field, specify required parameters with their values, as shown below.

      "account_id": "123456789012",
      "connection": "test_aws-connection",
      "name": "AWS_KMS_test",
      "regions": ["eu-north-1"]

    Expand schema under the body field for names and types of fields. Hover your mouse over each field to view its description. The parameter names and casing in the body field must match with those shown in the schema. Also, ensure that parameters and their values are specified in double quotes.

  4. Click POST.

Alternatively, to get an equivalent curl command, click the Curl button. The curl equivalent will be shown in the text field below. Use the curl tool to run the command to make the REST API call.

Similarly, all API calls can be made by referring to the schema shown in the playground.


Use the CipherTrust Manager's GUI (also called the Management Console) to perform management functions such as managing AWS accounts and keys. These functions can also be performed using the CLI tool or the REST API.

To use the GUI:

  1. Open the CipherTrust Manager URL in a browser. The login page is displayed.

  2. Enter Username and Password.

  3. Click Log In. By default, the Applications page is displayed.

  4. Click Cloud Key Manager to open the application.