Skip to main content

Create A Key

Optionally, in case you haven’t created a Docker image encryption key before, create the encryption key via the TSB swagger-UI by accessing the key store with the /v1/key POST command.

NOTE

When utilizing CloudHSM service, refer to Cloud Connectivity Details for accurate API-Endpoint URI. For on-premise deployments, verify API-Endpoint URI with your administrator. Contact your service administrator for authentication credentials in any setup (on-prem or cloud).

Add the TSB connection parameters provided by the Securosys CloudHSM operations team or by your HSM/TSB administrator and adapt the marked parameters according your needs.

Example of a curl command for key creation:

curl -X 'POST' \ 
'<TSB_APIendpoint>/v1/key' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <bearer_token>'\
-H 'Content-Type: application/json' \
-d '{
"label": "SecurosysEncKey01",
"algorithm": "RSA",
"keySize": 2048,
"attributes": {
"encrypt": true,
"decrypt": true,
"verify": false,
"sign": false,
"wrap": false,
"unwrap": false,
"derive": false,
"bip32": false,
"extractable": false,
"modifiable": false,
"destroyable": false,
"sensitive": true,
"copyable": false
}
} '
WARNING

To enable support for the Securosys Docker Image Encryption plugin, ensure that the key flags encrypt and decrypt are configured to true.

Get started withCloudHSM for free.
Other questions?Ask Sales.
Feedback
Need help?