Manage keys

As a user with the AAE_Admin role, you can use the Credential Vault API to generate, save, check the status of, and apply keys.

Generate a Public/Private key pair after a fresh Control Room installation

This URL can only be used after a fresh installation. After generating the key pair, use the following URL to save the keys. Once the keys are saved, no more keys can be generated for this Control Room.

POST http://<your_control_room_url>/v2/credentialvault/keys

Response:

{
  "privateKey": "string",
  "publicKey": "string"
}

Save a Public/Private key pair and mode after a Public/Private key pair is generated

Use the URL above to generate a Public/Private key pair, then use this endpoint to save the key pair. This URL generates a Data encryption key and opens the Credential Vault.
Note: New keys cannot be generated after a key pair is saved.
PUT http://<your_control_room_url>/v2/credentialvault/keys

Body parameters:

Field Required Description
publicKey Required Provides the Public key from the key pair generated with the URL above.
privateKey Required Provides the Private key from the key pair generated with the URL above.
mode Required Specifies the Credential Vault mode. Possible values: Express or Custom

Response:

204 Keys are saved

Check if Private key has been applied or not

Use this endpoint to check the Credential Vault status. If the Private key has been applied, the Credential Vault is unlocked.

GET http://<your_control_room_url>/v2/credentialvault/keys/private

Response: The response returns if the Private key has been applied or not.

{
  "applied": true/false
}

Apply Private key to unlock the Credential Vault after restarting the Control Room in manual mode

PUT http://<your_control_room_url>/v2/credentialvault/keys/private
Body parameters:
Field Required Description
privateKey Required Unlocks the Credential Vault using the private key that was generated after Control Room installation. See Generate Private/Public key pair
Response:
Private key has been successfully applied

Retrieve RSA Public key encoded with Base64.

GET http://<your_control_room_url>/v2/credentialvault/keys/transport/public

Response:

{
  "publicKey": "string"
}