Using the Admin module

Creating keys

Two types of keys can be created:

Symmetric keys use the AES-GCM algorithm. The following table shows the supported usage and modules:

Module	wrap	unwrap	encrypt	decrypt
KACLS	X	X
Key Access Management	X	X
Crypto API	X	X	X	X

Whenever a new symmetric key is created, it becomes the default key with the active status for the related tenant and module.

Asymmetric keys use the RSA-OAEP algorithm. The following table shows the supported usage and modules:
Module wrap unwrap encrypt decrypt
Key Access Management X X X X
DKE X X X X

Module	wrap	unwrap	encrypt	decrypt
Key Access Management	X	X	X	X
DKE	X	X	X	X

To create keys, use the following API route:

POST /api/v1/{tenantid}/admin/{moduleName}/key

For more information, see the API documentation.

Getting information about keys

Getting information about keys is only available for the modules supporting keys: KACLS, Key Access Management, DKE, Crypto API.

To get a list of keys for a module, use the following API route:

GET /api/v1/{tenantid}/admin/{moduleName}/keys

To get information about a specific key, use the following API route and add the key identifier:

GET /api/v1/{tenantId]/admin/{moduleName]/keys/{keyId}

For more information, see the API documentation.

Updating keys

Updating keys consists in modifying the display_name and status. This operation is only available for the modules supporting keys: KACLS, Key Access Management, DKE, Crypto API.

To update a key for a specific module, use the following API route:

PATCH /api/v1/{tenantId]/admin/{moduleName]/keys/{keyId}

If a key is compromised, it can no longer be used for encryption and decryption. Such operations on a compromised key will raise a 403 error.

For more information, see the API documentation.