Examples: KeyIDs

For KeyID operations, a Cloud VM Set has to be selected:

$ hicli cvmset select "Amazon EC2"

Create a KeyID:

$ hicli keyid new aws_key --description "Key for Amazon"

Create a KeyID using the encryption algorithm AES-XTS-512 and a custom Base64 encryption key and iv (initialization vector). Note: The Base64 key has been truncated in the following example. When you create the keyid, make sure you specify the full encryption key.

$ hicli keyid new custom_key --description "This uses my Base64 key" --crypto_algo='AES-XTS-512'
--key="Q0NOdkJBQWZROUd6emhvRFU1a ... Bb0hJN2RYaQ==" --iv="MTIzNDU2Nzg5MDEyMzQ1Ng==" --expiry=1000 --onexpiry='SHRED'

List KeyIDs:

$ hicli keyid list
Key Name     | Description              | Algorithm
---------------------------------------------------------
aws_key      | Key for Amazon           | AES-256
custom_key   | This uses my Base64 key  | AES-XTS-512

Show KeyID details:

$ hicli keyid detail aws_key
Description		Key for Amazon
Algorithm		AES-256
Expires		Never
Onexpiry		Shred
Status			Active

Fetch a KeyID. Note: The Base64 key has been truncated in the following example. hicli will return the full Base64 encryption key.

$ hicli keyid fetch custom_key
key value       | Q0NOdkJBQWZROUd6emhvRFU1a ... Bb0hJN2RYaQ==
iv value        | MTIzNDU2Nzg5MDEyMzQ1Ng==

Change KeyID attributes:

$ hicli keyid set aws_key --expiration="12/31/2015" --onexpiry=no_use

Revoke a KeyID:

$ hicli keyid revoke aws_key

Change KeyID attributes:

$ hicli keyid set aws_key --expiration="12/31/2015" --onexpiry=no_use

Unrevoke a KeyID:

$ hicli keyid unrevoke aws_key

Remove a KeyID:

$ hicli keyid rm aws_key