Create A Key

Optionally, in case you haven’t created a Docker image encryption key before, create the encryption key via the TSB swagger-UI by accessing the key store with the /v1/key POST command.

NOTE

When utilizing CloudHSM service, refer to Cloud Connectivity Details for accurate API-Endpoint URI. For on-premise deployments, verify API-Endpoint URI with your administrator. Contact your service administrator for authentication credentials in any setup (on-prem or cloud).

Add the TSB connection parameters provided by the Securosys CloudHSM operations team or by your HSM/TSB administrator and adapt the marked parameters according your needs.

Example of a curl command for key creation:

Linux / MacOS

curl -X 'POST' \ 
    '<TSB_APIendpoint>/v1/key' \
    -H 'accept: application/json' \ 
    -H 'Authorization: Bearer <bearer_token>'\
    -H 'Content-Type: application/json' \ 
    -d '{ 
    "label": "SecurosysEncKey01", 
    "algorithm": "RSA", 
    "keySize": 2048, 
    "attributes": {
     "encrypt": true,
     "decrypt": true,
     "verify": false, 
     "sign": false, 
     "wrap": false, 
     "unwrap": false, 
     "derive": false, 
     "bip32": false, 
     "extractable": false,
     "modifiable": false,
     "destroyable": false,
     "sensitive": true,
     "copyable": false 
    } 
} '

Windows

curl --request POST ^
     --url "https://<TSB_APIendpoint>/v1/key" ^
     --header "accept: application/json" ^
     --header "Authorization: Bearer <bearer_token>" ^
     --header "Content-Type: application/json" ^
     --data "{\"label\":\"SecurosysEncKey03\",\"algorithm\":\"RSA\",\"keySize\":2048,\"attributes\":{\"encrypt\":true,\"decrypt\":true,\"sign\":false,\"unwrap\":false,\"extractable\":false,\"modifiable\":false,\"destroyable\":false,\"sensitive\":true,\"copyable\":false}}"

WARNING

To enable support for the Securosys Docker Image Encryption plugin, ensure that the key flags encrypt and decrypt are configured to true.