Create KeyID (Access Token-Based Authentication)
KeyIDs are used to encrypt objects that can be moved between VMs within a single Cloud VM Set.
This example uses access token-based authentication.
Important: If you plan to use envelope encryption, you must use either AES-256 or AES-XTS-256.
Request
|
Method |
URI |
|---|---|
|
POST |
v5/keyids/ |
Privileges Required
Any valid KeyControl user account with CLOUD_ADMIN privileges can create KeyIDs for any Cloud VM Set to which they have access. In order to access a Cloud VM Set, the user must be a member of the Cloud Admin Group to which the Cloud VM Set belongs.
Parameters
|
Name |
Type |
Example |
|---|---|---|
|
keyid |
string |
aws_key The name of the KeyID. |
|
cvmsetname |
string |
my-cloud-vm-set The name of the Cloud VM Set with which this KeyID will be associated. |
|
desc |
string |
"This key is for AWS" A description for the KeyID. |
|
cipher |
string |
AES-256 The crypto-algorithm to use for the encryption. Allowable values: AES-XTS-512, AES-XTS-256, AES-256, AES-128 Important: If you plan to use envelope encryption, you must use either AES-256 or AES-XTS-256. |
|
keysize |
int |
256 Optional. The key size must match the key length for the selected cipher. |
|
expire |
int |
1554155040 The length of time (in seconds from epoch) for which this KeyID will be valid. Specify |
|
onexpiry |
string |
"NO USE" Allowable values: "NO USE", "SHRED" |
|
key |
string |
YWJjZGFiY2RhYmNkYWJjZA== The Base64 encoded key. If the |
|
iv |
string |
MTIzNDU2Nzg5MDEyMzQ1Ng== The iv (initialization vector) to use for the encoded key. |
Response
|
Name |
Type |
Example |
|---|---|---|
|
result |
string |
success |
Errors
|
Reason |
Example |
|---|---|
|
Invalid Cipher |
Encryption cipher not supported. |
|
Invalid keysize |
Encryption cipher does not match the keysize. |
