Package com.ibm.cloud.ibm_key_protect_api.v2

Class IbmKeyProtectApi

  • public class IbmKeyProtectApi
extends com.ibm.cloud.sdk.core.service.BaseService
    IBM Key Protect helps you provision encrypted keys for apps across IBM Cloud. As you manage the lifecycle of your keys, you can benefit from knowing that your keys are secured by cloud-based FIPS 140-2 Level 3 hardware security modules (HSMs) that protect against theft of information. You can use the Key Protect API to store, generate, and retrieve your key material. Keys within the service can protect any type of data in your symmetric key-based encryption solution. API Version: 2.0.0

    • Field Detail

      • DEFAULT_SERVICE_NAME

        public static final String DEFAULT_SERVICE_NAME
        Default service name used when configuring the `IbmKeyProtectApi` client.
        See Also:
        Constant Field Values

      • PARAMETERIZED_SERVICE_URL

        public static final String PARAMETERIZED_SERVICE_URL
        The parameterized service endpoint URL.
        See Also:
        Constant Field Values

    • Constructor Detail

      • IbmKeyProtectApi

        public IbmKeyProtectApi​(String serviceName,
                        com.ibm.cloud.sdk.core.security.Authenticator authenticator)
        Constructs an instance of the `IbmKeyProtectApi` client. The specified service name and authenticator are used to configure the client instance.
        Parameters:
        serviceName - the service name to be used when configuring the client instance
        authenticator - the Authenticator instance to be configured for this client

    • Method Detail

      • newInstance

        public static IbmKeyProtectApi newInstance()
        Class method which constructs an instance of the `IbmKeyProtectApi` client. The default service name is used to configure the client instance.
        Returns:
        an instance of the `IbmKeyProtectApi` client using external configuration

      • newInstance

        public static IbmKeyProtectApi newInstance​(String serviceName)
        Class method which constructs an instance of the `IbmKeyProtectApi` client. The specified service name is used to configure the client instance.
        Parameters:
        serviceName - the service name to be used when configuring the client instance
        Returns:
        an instance of the `IbmKeyProtectApi` client using external configuration

      • newInstance

        public static IbmKeyProtectApi newInstance​(com.ibm.cloud.sdk.core.security.Authenticator authenticator)
        Class method which constructs an instance of the `IbmKeyProtectApi` client. The default service name is used to configure the client instance. The specified authenticator is used to configure the client instance.
        Parameters:
        authenticator - the Authenticator instance to be configured for this client
        Returns:
        an instance of the `IbmKeyProtectApi` client using external configuration

      • constructServiceUrl

        public static String constructServiceUrl​(Map<String,​String> providedUrlVariables)
        Constructs a service URL by formatting the parameterized service URL. The parameterized service URL is: 'https://{region}.kms.cloud.ibm.com' The default variable values are: - 'region': 'us-south'
        Parameters:
        providedUrlVariables - map from variable names to desired values. If a variable is not provided in this map, the default variable value will be used instead.
        Returns:
        the formatted URL with all variable placeholders replaced by values.

      • getKeyCollectionMetadata

        public com.ibm.cloud.sdk.core.http.ServiceCall<Void> getKeyCollectionMetadata​(GetKeyCollectionMetadataOptions getKeyCollectionMetadataOptions)
        Retrieve key total. Returns the same HTTP headers as a GET request without returning the entity-body. This operation returns the number of keys in your instance in a header called `Key-Total`.
        Parameters:
        getKeyCollectionMetadataOptions - the GetKeyCollectionMetadataOptions containing the options for the call
        Returns:
        a ServiceCall with a void result

      • createKey

        public com.ibm.cloud.sdk.core.http.ServiceCall<Key> createKey​(CreateKeyOptions createKeyOptions)
        Create a key. Creates a new key with specified key material. Key Protect designates the resource as either a root key or a standard key based on the `extractable` value that you specify. A successful `POST /keys` operation adds the key to the service and returns the details of the request in the response entity-body, if the Prefer header is set to `return=representation`.
        Parameters:
        createKeyOptions - the CreateKeyOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type Key

      • getKeys

        public com.ibm.cloud.sdk.core.http.ServiceCall<ListKeys> getKeys​(GetKeysOptions getKeysOptions)
        List keys. Retrieves a list of keys that are stored in your Key Protect service instance. **Important:** When a user of Key Protect on Satellite views lists of keys through the [IBM Console](https://cloud.ibm.com/login), or programmatically via this API, keys with ["fine grain" permissions](/docs/key-protect?topic=key-protect-grant-access-keys#grant-access-key-level) won't appear due to the manner in which the service aggregates the collection. While the user can still use the key resource, only by using the CLI or API and passing the specific key ID can a user access the metadata and other details of the key. **Note:** `GET /keys` will not return the key material in the response body. You can retrieve the key material for a standard key with a subsequent `GET /keys/{id}` request.
        Parameters:
        getKeysOptions - the GetKeysOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type ListKeys

      • createKeyWithPoliciesOverrides

        public com.ibm.cloud.sdk.core.http.ServiceCall<Key> createKeyWithPoliciesOverrides​(CreateKeyWithPoliciesOverridesOptions createKeyWithPoliciesOverridesOptions)
        Create a key with policy overrides. Creates a new key with specified key material and key policies. This API overrides the policy configurations set at instance level with policies provided in the payload. Key Protect designates the resource as a root key or a standard key based on the extractable value that you specify. A successful `POST /keys_with_policy_overrides` operation adds the key and key policies to the service and returns the details of the request in the response entity-body, if the Prefer header is set to `return=representation`.
        Parameters:
        createKeyWithPoliciesOverridesOptions - the CreateKeyWithPoliciesOverridesOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type Key

      • getKey

        public com.ibm.cloud.sdk.core.http.ServiceCall<GetKey> getKey​(GetKeyOptions getKeyOptions)
        Retrieve a key. Retrieves a key and its details by specifying the ID or alias of the key.
        Parameters:
        getKeyOptions - the GetKeyOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type GetKey

      • actionOnKey

        @Deprecated
public com.ibm.cloud.sdk.core.http.ServiceCall<KeyActionOneOfResponse> actionOnKey​(ActionOnKeyOptions actionOnKeyOptions)
        Deprecated.
        this method is deprecated and may be removed in a future release
        Invoke an action on a key. **Note:** This API has been **deprecated** and transitioned to individual request paths. Existing actions using this API will continue to be supported, but new actions will no longer be added to it. We recommend, if possible, aligning your request URLs to the new API path. The generic format of actions is now the following: `/api/v2/keys/<key_ID>/actions/<action>` where `key_ID` is the key you want to operate on/with and `action` is the same action that was passed as a query parameter previously. Invokes an action on a specified key. This method supports the following actions: - `disable`: [Disable operations](/docs/key-protect?topic=key-protect-disable-keys) for a key - `enable`: [Enable operations](/docs/key-protect?topic=key-protect-disable-keys#enable-api) for a key - `restore`: [Restore a root key](/docs/key-protect?topic=key-protect-restore-keys) - `rewrap`: Use a root key to [rewrap or reencrypt a data encryption key](/docs/key-protect?topic=key-protect-rewrap-keys) - `rotate`: [Create a new version](/docs/key-protect?topic=key-protect-rotate-keys) of a root key - `setKeyForDeletion`: [Authorize deletion](/docs/key-protect?topic=key-protect-delete-dual-auth-keys#set-key-deletion-api) for a key with a dual authorization policy - `unsetKeyForDeletion`: [Remove an authorization](/docs/key-protect?topic=key-protect-delete-dual-auth-keys#unset-key-deletion-api) for a key with a dual authorization policy - `unwrap`: Use a root key to [unwrap or decrypt a data encryption key](/docs/key-protect?topic=key-protect-unwrap-keys) - `wrap`: Use a root key to [wrap or encrypt a data encryption key](/docs/key-protect?topic=key-protect-wrap-keys) **Note:** If you unwrap a wrapped data encryption key (WDEK) that was not wrapped by the latest version of the key, the service also returns the a new WDEK, wrapped with the latest version of the key as the ciphertext field. The recommendation is to store and use that WDEK, although older WDEKs will continue to work.
        Parameters:
        actionOnKeyOptions - the ActionOnKeyOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type KeyActionOneOfResponse

      • patchKey

        public com.ibm.cloud.sdk.core.http.ServiceCall<PatchKeyResponseBody> patchKey​(PatchKeyOptions patchKeyOptions)
        Update (patch) a key. Update attributes of a key. Currently only the following attributes are applicable for update: - keyRingID Note: If provided, the `X-Kms-Key-Ring` header should specify the key's current key ring. To change the key ring of the key, specify the new key ring in the request body.
        Parameters:
        patchKeyOptions - the PatchKeyOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type PatchKeyResponseBody

      • deleteKey

        public com.ibm.cloud.sdk.core.http.ServiceCall<DeleteKey> deleteKey​(DeleteKeyOptions deleteKeyOptions)
        Delete a key. Deletes a key by specifying the ID or alias of the key. By default, Key Protect requires a single authorization to delete keys. For added protection, you can [enable a dual authorization policy](#set-key-policies) to safely delete keys from your service instance. **Important:** After a key has been deleted, any data that is encrypted by the key becomes inaccessible, though this can be reversed if the key is restored within the 30-day time frame. After 30 days, key metadata, registrations, and policies are available for up to 90 days, at which point the key becomes eligible to be purged. Note that once a key is no longer restorable and has been purged, its associated data can no longer be accessed. **Note:** By default, Key Protect blocks the deletion of a key that's protecting a cloud resource, such as a Cloud Object Storage bucket. Use `GET keys/{id}/registrations` to verify if the key has an active registration to a resource. To delete the key and its associated registrations, set the optional `force` parameter to `true`.
        Parameters:
        deleteKeyOptions - the DeleteKeyOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type DeleteKey

      • getKeyMetadata

        public com.ibm.cloud.sdk.core.http.ServiceCall<GetKeyMetadata> getKeyMetadata​(GetKeyMetadataOptions getKeyMetadataOptions)
        Retrieve key metadata. Retrieves the details of a key by specifying the ID of the key.
        Parameters:
        getKeyMetadataOptions - the GetKeyMetadataOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type GetKeyMetadata

      • purgeKey

        public com.ibm.cloud.sdk.core.http.ServiceCall<PurgeKey> purgeKey​(PurgeKeyOptions purgeKeyOptions)
        Purge a deleted key. Purges all key metadata and registrations associated with the specified key. This method requires setting the [_KeyPurge_ permission](https://cloud.ibm.com/docs/key-protect?topic=key-protect-grant-access-keys#grant-access-keys-specific-functions) that is not enabled by default. Purging a key can only be applied to a key in the **Destroyed** (5) state. After a key is deleted, there is a wait period of up to four hours before purge key operation is allowed. **Important:** When you purge a key, you permanently shred its contents and associated data. The action cannot be reversed.
        Parameters:
        purgeKeyOptions - the PurgeKeyOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type PurgeKey

      • restoreKey

        public com.ibm.cloud.sdk.core.http.ServiceCall<InputStream> restoreKey​(RestoreKeyOptions restoreKeyOptions)
        Restore a key. [Restore a key](/docs/key-protect?topic=key-protect-restore-keys) that has been deleted.
        Parameters:
        restoreKeyOptions - the RestoreKeyOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type InputStream

      • getKeyVersions

        public com.ibm.cloud.sdk.core.http.ServiceCall<ListKeyVersions> getKeyVersions​(GetKeyVersionsOptions getKeyVersionsOptions)
        List key versions. Retrieves all versions of a root key by specifying the ID or alias of the key. When you rotate a root key, you generate a new version of the key. If you're using the root key to protect resources across IBM Cloud, the registered cloud services that you associate with the key use the latest key version to wrap your data. [Learn more](/docs/key-protect?topic=key-protect-key-rotation).
        Parameters:
        getKeyVersionsOptions - the GetKeyVersionsOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type ListKeyVersions

      • wrapKey

        public com.ibm.cloud.sdk.core.http.ServiceCall<WrapKeyResponseBody> wrapKey​(WrapKeyOptions wrapKeyOptions)
        Wrap a key. Use a root key to [wrap or encrypt a data encryption key](/docs/key-protect?topic=key-protect-wrap-keys). When present, the ciphertext contains the DEK wrapped by the latest version of the key (WDEK). It is recommended to store and use this WDEK in future calls to Key Protect.
        Parameters:
        wrapKeyOptions - the WrapKeyOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type WrapKeyResponseBody

      • unwrapKey

        public com.ibm.cloud.sdk.core.http.ServiceCall<UnwrapKeyResponseBody> unwrapKey​(UnwrapKeyOptions unwrapKeyOptions)
        Unwrap a key. Use a root key to [unwrap or decrypt a data encryption key](/docs/key-protect?topic=key-protect-unwrap-keys). **Note:** When you unwrap a wrapped data encryption key (WDEK) by using a rotated root key, the service returns a new ciphertext in the response entity-body. Each ciphertext remains available for `unwrap` actions. If you unwrap a DEK with a previous ciphertext, the service also returns the latest ciphertext and latest key version in the response. Use the latest ciphertext for future unwrap operations.
        Parameters:
        unwrapKeyOptions - the UnwrapKeyOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type UnwrapKeyResponseBody

      • rewrapKey

        public com.ibm.cloud.sdk.core.http.ServiceCall<RewrapKeyResponseBody> rewrapKey​(RewrapKeyOptions rewrapKeyOptions)
        Rewrap a key. Use a root key to [rewrap or reencrypt a data encryption key](/docs/key-protect?topic=key-protect-rewrap-keys).
        Parameters:
        rewrapKeyOptions - the RewrapKeyOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type RewrapKeyResponseBody

      • rotateKey

        public com.ibm.cloud.sdk.core.http.ServiceCall<Void> rotateKey​(RotateKeyOptions rotateKeyOptions)
        Rotate a key. [Create a new version](/docs/key-protect?topic=key-protect-rotate-keys) of a root key.
        Parameters:
        rotateKeyOptions - the RotateKeyOptions containing the options for the call
        Returns:
        a ServiceCall with a void result

      • setKeyForDeletion

        public com.ibm.cloud.sdk.core.http.ServiceCall<Void> setKeyForDeletion​(SetKeyForDeletionOptions setKeyForDeletionOptions)
        Set a key for deletion. [Authorize deletion](/docs/key-protect?topic=key-protect-delete-dual-auth-keys#set-key-deletion-api) for a key with a dual authorization policy.
        Parameters:
        setKeyForDeletionOptions - the SetKeyForDeletionOptions containing the options for the call
        Returns:
        a ServiceCall with a void result

      • unsetKeyForDeletion

        public com.ibm.cloud.sdk.core.http.ServiceCall<Void> unsetKeyForDeletion​(UnsetKeyForDeletionOptions unsetKeyForDeletionOptions)
        Unset a key for deletion. [Remove an authorization](/docs/key-protect?topic=key-protect-delete-dual-auth-keys#unset-key-deletion-api) for a key with a dual authorization policy.
        Parameters:
        unsetKeyForDeletionOptions - the UnsetKeyForDeletionOptions containing the options for the call
        Returns:
        a ServiceCall with a void result

      • enableKey

        public com.ibm.cloud.sdk.core.http.ServiceCall<Void> enableKey​(EnableKeyOptions enableKeyOptions)
        Enable a key. [Enable operations](/docs/key-protect?topic=key-protect-disable-keys#enable-api) for a key.
        Parameters:
        enableKeyOptions - the EnableKeyOptions containing the options for the call
        Returns:
        a ServiceCall with a void result

      • disableKey

        public com.ibm.cloud.sdk.core.http.ServiceCall<Void> disableKey​(DisableKeyOptions disableKeyOptions)
        Disable a key. [Disable operations](/docs/key-protect?topic=key-protect-disable-keys) for a key.
        Parameters:
        disableKeyOptions - the DisableKeyOptions containing the options for the call
        Returns:
        a ServiceCall with a void result

      • syncAssociatedResources

        public com.ibm.cloud.sdk.core.http.ServiceCall<Void> syncAssociatedResources​(SyncAssociatedResourcesOptions syncAssociatedResourcesOptions)
        Sync associated resources. Initiate a [manual data synchronization](/docs/key-protect?topic=key-protect-sync-associated-resources&interface=api) request to the associated resources of a key. Regular key lifecycle events automatically notify integrated services of any change. However, in the case a service does not respond to a key lifecycle event notification after four hours, the `sync` API may be used to initiate a renotification to the integrated services that manage the associated resources linked to the key. **Note:** The services that manage the associated resources linked to the key are responsible for maintaining current records of the key state and version. Key Protect does not have the ability to force data synchronization for other services, which may take up to four hours to complete. The `sync` API is meant to **initiate** a request for all associated resources to synchronize their key records with the information returned from the Key Protect API.
        Parameters:
        syncAssociatedResourcesOptions - the SyncAssociatedResourcesOptions containing the options for the call
        Returns:
        a ServiceCall with a void result

      • putPolicy

        public com.ibm.cloud.sdk.core.http.ServiceCall<GetKeyPoliciesOneOf> putPolicy​(PutPolicyOptions putPolicyOptions)
        Set key policies. Creates or updates one or more policies for the specified key. You can set policies for a key, such as an [automatic rotation policy](/docs/key-protect?topic=key-protect-set-rotation-policy) or a [dual authorization policy](/docs/key-protect?topic=key-protect-set-dual-auth-key-policy) to protect against the accidental deletion of keys. Use `PUT /keys/{id}/policies` to create new policies for a key or update an existing policy.
        Parameters:
        putPolicyOptions - the PutPolicyOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type GetKeyPoliciesOneOf

      • getPolicy

        public com.ibm.cloud.sdk.core.http.ServiceCall<GetKeyPoliciesOneOf> getPolicy​(GetPolicyOptions getPolicyOptions)
        List key policies. Retrieves a list of policies that are associated with a specified key. You can set policies for a key, such as an [automatic rotation policy](/docs/key-protect?topic=key-protect-set-rotation-policy) or a [dual authorization policy](/docs/key-protect?topic=key-protect-set-dual-auth-key-policy) to protect against the accidental deletion of keys. Use `GET /keys/{id}/policies` to browse the policies that exist for a specified key.
        Parameters:
        getPolicyOptions - the GetPolicyOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type GetKeyPoliciesOneOf

      • putInstancePolicy

        public com.ibm.cloud.sdk.core.http.ServiceCall<Void> putInstancePolicy​(PutInstancePolicyOptions putInstancePolicyOptions)
        Set instance policies. Creates or updates one or more policies for the specified service instance. **Note:** When you set an instance policy, Key Protect associates the policy information with keys that you add to the instance after the policy is updated. This operation does not affect existing keys in the instance.
        Parameters:
        putInstancePolicyOptions - the PutInstancePolicyOptions containing the options for the call
        Returns:
        a ServiceCall with a void result

      • getInstancePolicy

        public com.ibm.cloud.sdk.core.http.ServiceCall<GetInstancePoliciesOneOf> getInstancePolicy​(GetInstancePolicyOptions getInstancePolicyOptions)
        List instance policies. Retrieves a list of policies that are associated with a specified service instance. You can manage advanced preferences for keys in your service instance by creating instance-level policies. Use `GET /instance/policies` to browse the policies that are associated with the specified instance. Currently, dual authorization policies are supported.
        Parameters:
        getInstancePolicyOptions - the GetInstancePolicyOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type GetInstancePoliciesOneOf

      • getAllowedIPPort

        public com.ibm.cloud.sdk.core.http.ServiceCall<AllowedIPPort> getAllowedIPPort​(GetAllowedIPPortOptions getAllowedIpPortOptions)
        Retrieve allowed IP port. Retrieves the private endpoint port associated with your service instance's active allowed IP policy. If the instance does not contain an active allowed IP policy, no information will be returned.
        Parameters:
        getAllowedIpPortOptions - the GetAllowedIPPortOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type AllowedIPPort

      • postImportToken

        public com.ibm.cloud.sdk.core.http.ServiceCall<ImportToken> postImportToken​(PostImportTokenOptions postImportTokenOptions)
        Create an import token. Creates an import token that you can use to encrypt and import root keys into the service. [Learn more](/docs/key-protect?topic=key-protect-importing-keys#using-import-tokens). When you call `POST /import_token`, Key Protect creates an RSA key-pair from its HSMs. The service encrypts and stores the private key in the HSM, and returns the corresponding public key when you call `GET /import_token`. You can create only one import token per service instance.
        Parameters:
        postImportTokenOptions - the PostImportTokenOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type ImportToken

      • getImportToken

        public com.ibm.cloud.sdk.core.http.ServiceCall<GetImportToken> getImportToken​(GetImportTokenOptions getImportTokenOptions)
        Retrieve an import token. Retrieves the import token that is associated with your service instance. When you call `GET /import_token`, Key Protect returns the public key that you can use to encrypt and import key material to the service, along with details about the key. **Note:** After you reach the `maxAllowedRetrievals` or `expirationDate` for the import token, the import token and its associated public key can no longer be used for key operations. To create a new import token, use `POST /import_token`.
        Parameters:
        getImportTokenOptions - the GetImportTokenOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type GetImportToken

      • getRegistrations

        public com.ibm.cloud.sdk.core.http.ServiceCall<RegistrationWithTotalCount> getRegistrations​(GetRegistrationsOptions getRegistrationsOptions)
        List registrations for a key. Retrieves a list of registrations that are associated with a specified root key. When you use a root key to protect an IBM Cloud resource, such as a Cloud Object Storage bucket, Key Protect creates a registration between the resource and root key. You can use `GET /keys/{id}/registrations` to understand which cloud resources are protected by the key that you specify.
        Parameters:
        getRegistrationsOptions - the GetRegistrationsOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type RegistrationWithTotalCount

      • getRegistrationsAllKeys

        public com.ibm.cloud.sdk.core.http.ServiceCall<RegistrationWithTotalCount> getRegistrationsAllKeys​(GetRegistrationsAllKeysOptions getRegistrationsAllKeysOptions)
        List registrations for any key. Retrieves a list of registrations that match the Cloud Resource Name (CRN) query that you specify. When you use a root key to protect an IBM Cloud resource, such as a Cloud Object Storage bucket, Key Protect creates a registration between the resource and root key. You can use `GET /keys/registrations` to understand which cloud resources are protected by keys in your Key Protect service instance.
        Parameters:
        getRegistrationsAllKeysOptions - the GetRegistrationsAllKeysOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type RegistrationWithTotalCount

      • createKeyAlias

        public com.ibm.cloud.sdk.core.http.ServiceCall<KeyAlias> createKeyAlias​(CreateKeyAliasOptions createKeyAliasOptions)
        Create an alias. Creates a unique alias for the specified key.
        Parameters:
        createKeyAliasOptions - the CreateKeyAliasOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type KeyAlias

      • deleteKeyAlias

        public com.ibm.cloud.sdk.core.http.ServiceCall<Void> deleteKeyAlias​(DeleteKeyAliasOptions deleteKeyAliasOptions)
        Delete an alias. Deletes an alias from the associated key. Delete alias does not delete the key.
        Parameters:
        deleteKeyAliasOptions - the DeleteKeyAliasOptions containing the options for the call
        Returns:
        a ServiceCall with a void result

      • createKeyRing

        public com.ibm.cloud.sdk.core.http.ServiceCall<Void> createKeyRing​(CreateKeyRingOptions createKeyRingOptions)
        Create a key ring. Create a key ring in the instance with the specified name. The key ring ID `default` is a reserved key ring ID and cannot be created nor destroyed. The `default` key ring is an initial key ring that is generated with each newly created instance. All keys not associated with an otherwise specified key ring exist within the default key ring.
        Parameters:
        createKeyRingOptions - the CreateKeyRingOptions containing the options for the call
        Returns:
        a ServiceCall with a void result

      • deleteKeyRing

        public com.ibm.cloud.sdk.core.http.ServiceCall<Void> deleteKeyRing​(DeleteKeyRingOptions deleteKeyRingOptions)
        Delete key ring. Delete the key ring from the instance. The key ring ID `default` cannot be destroyed.
        Parameters:
        deleteKeyRingOptions - the DeleteKeyRingOptions containing the options for the call
        Returns:
        a ServiceCall with a void result

      • getKmipAdapter

        public com.ibm.cloud.sdk.core.http.ServiceCall<ListKMIPAdapters> getKmipAdapter​(GetKmipAdapterOptions getKmipAdapterOptions)
        Retrieve a KMIP Adapter. Retrieves a KMIP adapter using its id / name.
        Parameters:
        getKmipAdapterOptions - the GetKmipAdapterOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type ListKMIPAdapters

      • deleteKmipAdapter

        public com.ibm.cloud.sdk.core.http.ServiceCall<Void> deleteKmipAdapter​(DeleteKmipAdapterOptions deleteKmipAdapterOptions)
        Delete a KMIP Adapter. Deletes a KMIP Adapter, including all its client certificates, with the given id / name.
        Parameters:
        deleteKmipAdapterOptions - the DeleteKmipAdapterOptions containing the options for the call
        Returns:
        a ServiceCall with a void result

      • deleteKmipObject

        public com.ibm.cloud.sdk.core.http.ServiceCall<Void> deleteKmipObject​(DeleteKmipObjectOptions deleteKmipObjectOptions)
        Delete a KMIP object from a KMIP Adapter. Deletes a KMIP object from a KMIP Adapter given its id. Changes the state of the KMIP object to 5 (Destroyed) and erases its key material. Any data encrypted by this KMIP object will be crypto erased when the KMIP Object changes it state to 5 (Destroyed).
        Parameters:
        deleteKmipObjectOptions - the DeleteKmipObjectOptions containing the options for the call
        Returns:
        a ServiceCall with a void result

      • addKmipClientCertificate

        public com.ibm.cloud.sdk.core.http.ServiceCall<ListKMIPClientCertificates> addKmipClientCertificate​(AddKmipClientCertificateOptions addKmipClientCertificateOptions)
        Add a client certificate to a KMIP Adapter. Add a client certificate to a KMIP Adapter. It might take up to 5 minutes for a KMIP call using the newly add certificate to pass authentication. A maximum of 200 client certificates can be associated with a KMIP Adapter at a time.
        Parameters:
        addKmipClientCertificateOptions - the AddKmipClientCertificateOptions containing the options for the call
        Returns:
        a ServiceCall with a result of type ListKMIPClientCertificates

      • deleteKmipClientCertificate

        public com.ibm.cloud.sdk.core.http.ServiceCall<Void> deleteKmipClientCertificate​(DeleteKmipClientCertificateOptions deleteKmipClientCertificateOptions)
        Delete a client certificate from a KMIP Adapter. Removes a client certificate from a KMIP Adapter given its id / name. It might take up to 5 minutes for a KMIP call using deleted certificate to fail authentication.
        Parameters:
        deleteKmipClientCertificateOptions - the DeleteKmipClientCertificateOptions containing the options for the call
        Returns:
        a ServiceCall with a void result