Manage keys by using the Web Services API

the {{ch}} application programming interface (api) enables you to interact with {{ch}} by using scripts, programs (such as postman), or curl commands from the command line rather than interacting with the web dashboard thus, you can schedule routine tasks and procedures and set up automatic responses as needed the {{ch}} api connects various software systems, applications, and devices, enabling them to communicate with one another, enhancing user experiences, and increasing business efficiency consider the following advantages of using the api automation use them to automate repetitive or time consuming tasks so you can focus on more complex tasks security take advantage of an additional layer of protection against unauthorized breaches by requiring authentication and authorization for any request to access sensitive data cost efficiency access useful third party tools and infrastructure, which helps avoid the expense of building complex in house systems the {{ch}} api consists of endpoints that support authentication, administration, application logs, custom services management, dashboard, iam, remote desktop, google cse, google ekm, and key management key management includes managing keys, key types, approvers, services, and mailer templates with support for key printing for more information, see the following documentation on the {{ch}} rest api https //docs futurex com/cryptohub https //docs futurex com/cryptohub within the rest api section https //cryptohuburl/keys/v1/docs/ for swagger interactive api documentation service identification use the deployed service uuid to manage keys to find the service uuid, go to any deployed service and copy the last section of the webpage url (such as the numbers after deployed/ in this url https //cryptohuburl/cuserv/#/deployed/0140d4ed d808 0004 0000 541623a0088b ) key identification managing keys involves the following associated uuids key order uuid a key generated within {{ch}} (either within the ui or by api) is known as a key order all key based api operations use the key order uuid as the top level uuid find more information on the key order at https //cryptohuburl/keys/v1/docs/ under "rkproto keys key" objinfo uuid key version uuid this uuid is for the versioning of the key and is the legacy uuid used for key identification within the web ui this shows up in both the key orders table under the key lifecycle management service and the legacy key database within the administrative services create an application partition and identity {{ch}} supports both administration and key management access by using the json api you must create an application partition and its associated identity to enable authentication and communication through a json web request the application partition specifies which administrative key management permissions and key access to grant to the application identity create an application partition perform the following steps to create an application partition log in to the {{ch}} web dashboard under dual control with your administrator users select the gear icon in the upper right corner of the page and go to administration > user management > partitions select \[ add ] and configure the following settings basic info role name enter keymanagerapi login count requirement select normal hsm partition select enabled role type select principal service permissions select 3des ktk xor 3 components , generate key , import key permissions (none) advanced info external name (none) rest api login select enabled excrypt api login select disabled kmip api login select disabled select \[ deploy ] create application identity perform the following steps to create an application identity log in to the {{ch}} web dashboard under dual control with your administrator users select the gear icon in the upper right corner of the page and go to administration > user management > applications select \[ add ] and configure the following settings basic info login name enter keymanagerapi common name enter keymanagerapi hsm application select enabled locked select disabled partitions enter keymanagerapi authentication select api key select \[ deploy ] your browser prompts you to download a text file api key keymanagerapi txt containing the api key, which you can use for web api authentication authenticate to the application partition you must authenticate the application identity before executing json api calls the following use case shows authentication by using the api key downloaded in the previous section configure the following postman workspace authorization parameters auth type select api key key select x api key value select api key add to select header swagger /keys/v1/docs/ select \[ authorize ] enter the api key and select \[ authorize ] again run api key life cycle operations the following operations generate, import, and list keys generate key postman workspace body parameters json syntax { "name" "test pek 3", "keytype" "3des pek", "serviceuuid" "0140d4ed d808 0004 0000 541623a0088b" } swagger /keys/v1/docs/ import key postman workspace body parameters json syntax { "name" "test pek 4", "keytype" "3des pek", "serviceuuid" "0140d4ed d808 0000 0001 46451947cc93", "importparams" { "usemodifier" false, "keytransferkeyuuid" "0140d4ed 67fc 0008 0001 36180772e5d3", "format" "tr31", "keyblock" "b0096p0tn00e00008378ad73bb7b6408cca6ca7c14d8bdddafe9e75957746e9fb23f31798b69c1f5c0a838dcb0b1408c" } } { "keyuuid" "0140d4ed 67fc 0018 0002 64fa14ff6881", "message" "success", "status" "success" } swagger /keys/v1/docs/ get a list of keys postman workspace body parameters json syntax { "name" "test pek 4", "keytype" "3des pek", "serviceuuid" "0140d4ed d808 0000 0001 36180772e5d3", "importparams" { "usemodifier" false, "keytransferkeyuuid" "0140d4ed 67fc 0008 0001 36180772e5d3", "format" "tr31", "keyblock" "b0096p0tn00e00008378ad73bb7b6408cca6ca7c14d8bdddafe9e75957746e9fb23f31798b69c1f5c0a838dcb0b1408c" } } { "keyuuid" "0140d4ed 67fc 0018 0002 64fa14ff6881", "message" "success", "status" "success" } swagger /keys/v1/docs/