Skip to main content

Create A Key

Optionally, in case you haven’t created a Docker image encryption key before, create the encryption key via the TSB swagger-UI by accessing the key store with the /v1/key POST command.

NOTE

When utilizing CloudHSM service, refer to Cloud Connectivity Details for accurate API-Endpoint URI. For on-premise deployments, verify API-Endpoint URI with your administrator. Contact your service administrator for authentication credentials in any setup (on-prem or cloud).

Add the TSB connection parameters provided by the Securosys CloudHSM operations team or by your HSM/TSB administrator and adapt the marked parameters according your needs.

Example of a curl command for key creation:

curl -X 'POST' \ 
'<TSB_APIendpoint>/v1/key' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <bearer_token>'\
-H 'Content-Type: application/json' \
-d '{
"label": "SecurosysEncKey01",
"algorithm": "RSA",
"keySize": 2048,
"attributes": {
"encrypt": true,
"decrypt": true,
"verify": false,
"sign": false,
"wrap": false,
"unwrap": false,
"derive": false,
"bip32": false,
"extractable": false,
"modifiable": false,
"destroyable": false,
"sensitive": true,
"copyable": false
}
} '
WARNING

To enable support for the Securosys Docker Image Encryption plugin, ensure that the key flags encrypt and decrypt are configured to true.