- Automation: Use them to automate repetitive or time-consuming tasks so you can focus on more complex tasks.
- Security: Take advantage of an additional layer of protection against unauthorized breaches by requiring authentication and authorization for any request to access sensitive data.
- Cost efficiency: Access useful third-party tools and infrastructure, which helps avoid the expense of building complex in-house systems.
- https://CryptoHubURL/keys/v1/docs/ for Swagger interactive API documentation
Service identification
Use the deployed service UUID to manage keys. To find the Service UUID, go to any deployed service and copy the last section of the webpage URL (such as the numbers afterdeployed/ in this URL: https://CryptoHubURL/cuserv/#/deployed/0140d4ed-d808-0004-0000-541623a0088b).Key identification
Managing keys involves the following associated UUIDs:- Key Order UUID: A key generated within CryptoHub (either within the UI or by API) is known as a Key Order. All key-based API operations use the Key Order UUID as the top-level UUID. Find more information on the Key Order at https://CryptoHubURL/keys/v1/docs/ under “rkproto_keys_Key”: objInfo.uuid.
- Key Version UUID: This UUID is for the versioning of the key and is the legacy UUID used for key identification within the Web UI. This shows up in both the Key Orders Table under the Key Lifecycle Management service and the legacy Key Database within the Administrative Services.
Create an application partition and identity
CryptoHub supports both administration and key management access by using the JSON API. You must create an application partition and its associated identity to enable authentication and communication through a JSON web request. The application partition specifies which administrative key management permissions and key access to grant to the application identity.Create an application partition
Perform the following steps to create an application partition:Select the gear icon in the upper-right corner of the page and go to Administration > User Management > Partitions.
Select [ Add ] and configure the following settings:
- Basic Info
- Role Name: Enter
KeyManagerAPI. - Login Count Requirement: Select Normal.
- HSM Partition: Select Enabled.
- Role Type: Select Principal.
- Role Name: Enter
- Service Permissions: Select 3DES KTK XOR 3 Components, Generate Key, Import Key.
- Permissions (none)
- Advanced Info
- External Name (none)
- REST API Login: Select Enabled.
- Excrypt API Login: Select Disabled.
- KMIP API Login: Select Disabled.
Create application identity
Perform the following steps to create an application identity:Select the gear icon in the upper-right corner of the page and go to Administration > User Management > Applications.
Select [ Add ] and configure the following settings:
- Basic Info
- Login Name: Enter
KeyManagerAPI. - Common Name: Enter
KeyManagerAPI. - HSM Application: Select Enabled.
- Locked: Select Disabled.
- Login Name: Enter
- Partitions: Enter
KeyManagerAPI. - Authentication: Select API Key.
Authenticate to the application partition
You must authenticate the application identity before executing JSON API calls. The following use case shows authentication by using the API key downloaded in the previous section.Configure the following Postman Workspace - Authorization Parameters:
- Auth Type: Select API Key
- Key: Select X-API-Key
- Value: Select API Key
- Add to: Select Header
Run API key life cycle operations
The following operations generate, import, and list keys.Generate key
Postman Workspace - Body Parameters JSON Syntax:Text
Import key
Postman Workspace - Body Parameters JSON Syntax:Text
Get a list of keys
Postman Workspace - Body Parameters JSON Syntax:Text