Create KeyID (Certificate-Based Authentication)
KeyIDs are used to encrypt objects that can be moved between VMs within a single Cloud VM Set.
This example uses certificate-based authentication.
Important: If you plan to use envelope encryption, you must use either AES-256 or AES-XTS-256.
Request
|
Method |
URI |
|---|---|
|
POST |
/api/1.0/symm_keyid/ |
Privileges Required
Any valid KeyControl user account with CLOUD_ADMIN privileges can create KeyIDs for any Cloud VM Set to which they have access. In order to access a Cloud VM Set, the user must be a member of the Cloud Admin Group to which the Cloud VM Set belongs.
Parameters
|
Name |
Type |
Example |
|---|---|---|
|
b64iv |
string |
Wf/agh8uGWE8Az5abkrnNw== The iv (initialization vector) to use for the base64 encoded KeyID. |
|
b64key |
string |
Wf/agh8uGWE8Az5abkrnNw== The base64 encoded KeyID. |
|
cipher |
string |
SFRXUAEAx6GPafdafacxcv== The crypto-algorithm to use for the base64 encoded KeyID cipher. The following ciphers are supported: AES-256 and AES-XTS-256 |
|
description |
string |
"VM1 instance key" A description for the KeyID. |
| expiration_date | string |
Never The date on which the KeyID expires. Use NEVER if the KeyID never expires, otherwise use the date in mm/dd/yyyy format. |
|
name |
string |
K1 The name of the KeyID. |
|
onexpiry |
string |
"NO USE" Allowable values: "NO USE", "SHRED" |
Response
|
Name |
Type |
Example |
|---|---|---|
|
result |
string |
success |
Errors
|
Reason |
Example |
|---|---|
|
Malformed parameter value |
Parameter value malformed. |
|
Invalid parameter value |
Invalid parameter value. |
