Key Templates
The CipherTrust Data Security Platform Service provides the support of templates for creating Keys. This template is used to specify the attributes of a key for various operations. Attributes (key_attributes) specified in a template are applied to all the keys that reference the template by a name.
Note
Members only of
adminandKey Adminsgroups are allowed to manage templates.Members of
Key UsersandRestricted Key Usersgroups can only read templates.
Managing templates
The following operations can be performed on templates:
Create templates
Get template
list templates
Update template
Delete templates
Creating templates
To create a template:
Syntax
ksctl templates create --name <name> --description <description> --labels <comma-separated-key:value> --meta <comma-separated-key:value>--key_attributes <comma-separated-key:value>
Here,
name- name of template.description- description of template.labels- key/value pairs to group templates.meta- end-user/service data defined in the template.key_attributes- attributes of a key defined the template.
Example Request
ksctl templates create --name 'Test Template New' --desc 'Symmetric' --labels 'sale=HR' --meta '{ "color":"Red"}' --key_attributes '{ "algorithm": "AES", "size": 256 }'
Example Response
{
"id": "211d1451-5280-491b-ae17-00543bfaa32a",
"uri": "kylo:kylo:vault:templates:test-template-new-211d1451-5280-491b-ae17-00543bfaa32a",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2024-05-01T10:16:21.486296Z",
"updatedAt": "2024-05-01T10:16:21.486296Z",
"name": "Test Template New",
"description": "Symmetric",
"meta": {
"color": "Red"
},
"labels": {
"sale": "HR"
},
"key_attributes": {
"algorithm": "AES",
"size": 256
}
}
Getting details of templates
To get detail of a template:
Syntax
ksctl templates get --id <name/ID-of-a-template>
Example Request
ksctl templates get --id "211d1451-5280-491b-ae17-00543bfaa32a"
Example Response
{
"id": "211d1451-5280-491b-ae17-00543bfaa32a",
"uri": "kylo:kylo:vault:templates:test-template-new-211d1451-5280-491b-ae17-00543bfaa32a",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2024-05-01T10:16:21.486296Z",
"updatedAt": "2024-05-01T10:16:21.486296Z",
"name": "Test Template New",
"description": "Symmetric",
"meta": {
"color": "Red"
},
"labels": {
"sale": "HR"
},
"key_attributes": {
"size": 256,
"algorithm": "AES"
}
}
Getting list of templates
To fetch a list of template:
Syntax
ksctl templates list --labels-query <query-filter>
Here, labels-query filters results that match label selector expressions. Multiple values are logically ANDed.
Example Request
ksctl templates list --labels-query "team=HR"
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "8d6dd37a-1183-4e92-8c5f-5ba3d4714c41",
"uri": "kylo:kylo:vault:templates:8d6dd37a-1183-4e92-8c5f-5ba3d4714c41",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2024-05-01T07:17:26.836585Z",
"updatedAt": "2024-05-01T07:43:13.092583Z",
"name": "tp-8d6dd37a-1183-4e92-8c5f-5ba3d4714c41",
"description": "test template create",
"meta": {
"color": "red"
},
"labels": {
"team": "HR"
},
"key_attributes": {
"meta": {
"cte": {
"cte_versioned": false,
"encryption_mode": "CBC",
"unique_to_client": true,
"persistent_on_client": true
},
"kmip": {
"custom": [
{
"type": "TextString",
"x-attr1": "test_12"
},
{
"type": "TextString",
"x-attr2": "test_13"
}
],
"alternative_names": [],
"app_specific_info": [
{
"application_data": "thalesdocs",
"application_namespace": "namespace"
},
{
"application_data": "thalesdocs_ew",
"application_namespace": "namespace_1"
}
],
"contact_information": "Thales"
},
"versionedKey": true,
"customAttributes": [
{
"name": "x-nae-attr",
"value": "test"
}
]
},
"size": 256,
"algorithm": "AES"
}
}
]
}
Updating templates
To update a template:
Syntax
ksctl templates update --id <template id> --name <name> --description <description> --labels <comma-separated-key:value> --meta <comma-separated-key:value> --key_attributes <comma-separated-key:value>
Here,
name- name of template.description- description of template.labels- key/value pairs to group templates.meta- end-user/service data defined in the template.key_attributes- attributes of a key defined the template.
Example Request
ksctl templates update --id "211d1451-5280-491b-ae17-00543bfaa32a" --key_attributes '{ "algorithm": "AES", "size": 256, "objectType": "Symmetric Key", "format": "raw" }'
Example Response
{
"id": "211d1451-5280-491b-ae17-00543bfaa32a",
"uri": "kylo:kylo:vault:templates:test-template-new-211d1451-5280-491b-ae17-00543bfaa32a",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2024-05-01T10:16:21.486296Z",
"updatedAt": "2024-05-01T10:18:46.321065Z",
"name": "Test Template New",
"description": "Symmetric",
"meta": {
"color": "Red"
},
"labels": {
"sale": "HR"
},
"key_attributes": {
"algorithm": "AES",
"size": 256,
"objectType": "Symmetric Key",
"format": "raw"
}
}
Deleting templates
To delete a template:
Syntax
ksctl templates delete --id <id/name>
Example Request
ksctl templates delete --id "8d6dd37a-1183-4e92-8c5f-5ba3d4714c41"
Example Response
There will be no response if template is deleted successfully.
