Create A Key
Optionally, in case you haven’t created a Docker image encryption key before, create the encryption key via the TSB swagger-UI by accessing the key store with the /v1/key POST command.
When utilizing CloudHSM service, refer to Cloud Connectivity Details for accurate API-Endpoint URI. For on-premise deployments, verify API-Endpoint URI with your administrator. Contact your service administrator for authentication credentials in any setup (on-prem or cloud).
Add the TSB connection parameters provided by the Securosys CloudHSM operations team or by your HSM/TSB administrator and adapt the marked parameters according your needs.
Example of a curl command for key creation:
- Linux / MacOS
- Windows
curl -X 'POST' \
'<TSB_APIendpoint>/v1/key' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <bearer_token>'\
-H 'Content-Type: application/json' \
-d '{
"label": "SecurosysEncKey01",
"algorithm": "RSA",
"keySize": 2048,
"attributes": {
"encrypt": true,
"decrypt": true,
"verify": false,
"sign": false,
"wrap": false,
"unwrap": false,
"derive": false,
"bip32": false,
"extractable": false,
"modifiable": false,
"destroyable": false,
"sensitive": true,
"copyable": false
}
} '
curl --request POST ^
--url "https://<TSB_APIendpoint>/v1/key" ^
--header "accept: application/json" ^
--header "Authorization: Bearer <bearer_token>" ^
--header "Content-Type: application/json" ^
--data "{\"label\":\"SecurosysEncKey03\",\"algorithm\":\"RSA\",\"keySize\":2048,\"attributes\":{\"encrypt\":true,\"decrypt\":true,\"sign\":false,\"unwrap\":false,\"extractable\":false,\"modifiable\":false,\"destroyable\":false,\"sensitive\":true,\"copyable\":false}}"
To enable support for the Securosys Docker Image Encryption plugin, ensure that the key flags encrypt and decrypt are configured to true.