IBM Cloud Docs
Realigning managed keys with key templates

Realigning managed keys with key templates

After a managed key is created with a key template, you can still update the key template on general properties, key lifecycles, and assigned keystores. If it happens, an Unaligned flag can be displayed on the key details card for keys that are created with the key template. You can then manually realign your key with the key template with the UI, or programmatically with the Unified Key Orchestrator API. You can either realign active or deactivated keys with the key template.

Currently, with the UI, you can only realign assigned keystores with the key template. To realign general properties and key lifecycles, use the Unified Key Orchestrator API.

Realigning managed keys with key templates through the UI

To realign managed keys with key templates by using the UI, complete the following steps:

  1. Log in to the Hyper Protect Crypto Services instance.
  2. Click Managed keys from the navigation to view all the available keys.
  3. Click the Actions icon Actions icon on the key that you want to realign, and select Show details.
  4. To realign the key with key templates, click Actions and select Realign with template.
  5. View the details on the confirmation page, check all boxes, and then click Realign with template to confirm.

Your key is now aligned again with the key template in terms of assigned keystores.

If the key template is archived, you cannot realign the key with key templates.

Realigning keys with key templates through the API

To realign keys with key templates through the API, complete the following steps:

  1. Retrieve your service and authentication credentials to work with keys in the service.

  2. Create a key template by making a POST call to the following endpoint.

    https://uko.<region>.hs-crypto.cloud.ibm.com:<port>/api/v4/managed_keys/<id>/update_from_template

    Replace <id> with the ID of your key.

    For detailed instructions and code examples about using the API method, check out the Hyper Protect Crypto Services Unified Key Orchestrator API reference doc.

What's next