CLI changelog

Learn about updates to the Key Protect Command Line Interface (CLI) plug-in.

To update your Key Protect CLI plug-in, see updating the CLI plug-in.

When you log in to the IBM Cloud CLI, you're notified when updates are available.

Be sure to keep your CLI installation up-to-date so that you can use the latest commands and flags that are available for the Key Protect CLI plug-in.

CLI version 0.10.0

Release date: 2024-04-15

Changes

Changes in this version include:

Support for the key management interoperability protocol (KMIP).

The "Targeting Endpoint" string no longer prints when the -o json flag is given in any command.

CLI version 0.9.3

Release date: 2023-12-07

Changes

Changes in this version include:

An internal update GoLang versions. It includes no feature additions.

CLI version 0.9.1

Release date: 2023-11-09

Changes

Changes in this version include:

Support for the ability to force the deletion of a key ring.

Also added the following info message that prints to stderr that says which Key Protect endpoint a CLI action is going to hit.

Targeting endpoint: https://qa.us-south.kms.test.cloud.ibm.com
Listing KMIP Objects...
OK
Object ID                              Object Type     Object State   Created At                      Updated At   
08082ff4-821b-4689-83ec-15cac5bd1939   Symmetric Key   Pre-Active     2024-02-22 00:10:46 +0000 UTC   2024-02-22 00:11:23 +0000 UTC   
2b4d7937-afbe-4ba6-b818-ef25e1d6e183   Symmetric Key   Pre-Active     2024-01-23 21:59:21 +0000 UTC   2024-01-23 21:59:21 +0000 UTC   
3c10176d-98f2-455d-9da1-a4857c648576   Symmetric Key   Compromised    2024-01-22 15:35:08 +0000 UTC   2024-01-22 15:35:08 +0000 UTC

CLI version 0.9.0

Release date: 2023-09-12

Changes

Changes in this version include:

Support for the ability to set descriptions during key creation.

CLI version 0.8.0

Release date: 2023-06-27

Changes

Release date: 2023-06-27

Changes in this version include:

Support for counting the number of key versions regardless of whether the key is in an active state.

CLI version 0.7.0

Release date: 2022-10-14

Changes

Changes in this version include:

Support for creating instance rotation policies as well as the ability to enable and disable rotation policies for an individual key.
Support also for the ability to create keys with policy overrides and the capability for filtering the listing of keys.

CLI version 0.6.12

Release date: 2022-08-12

Changes

Changes in this version include:

Support for the new search parameter to filter the list of keys returned from the keys command
Support also for the new sort parameters to order the list of keys returned from the keys command

CLI version 0.6.11

Release date: 2022-06-27

Changes

Changes in this version include support for filters when listing keys, support for listing the versions of a key, and support for using aliases in place of key IDs.

CLI version 0.6.10

Release date: 2022-02-08

Changes

Changes included in this version:

The environment variable KP_PRIVATE_ADDR is no longer required when authenticating to private.cloud.ibm.com. More information is available about using the CLI with private endpoints.
The environment variable IBMCLOUD_TRACE gives you more visibility into your diagnostics. Learn more at the CLI documentation.
Updated help text and messages.

CLI version 0.6.9

Release date: 2021-12-14

Changes

Changes included in this version:

Added support for São-Paulo region.

CLI version 0.6.8

Release date: 2021-11-05

Changes

Changes included in this version:

Added support for targeting private endpoints.

CLI version 0.6.7

The release binary is not currently available. When released, please use v0.6.8.

CLI version 0.6.6

Release date: 2021-10-11

Changes

Changes included in this version:

Added feature for key synchronizing as a new subcommand under key.
Updated the "Internal server error" response message to return the actual error message.

CLI version 0.6.5

Release date: 2021-08-30

Changes

Changes included in this version:

The JSON response for the retrieval of multiple objects like listing keys, policies, and registrations is set as an empty array: [] when there are no objects returned by the service.
The JSON response for the retrieval of a single object, like a key policy, is set as an empty object: {} when there is no policy returned by the service.

CLI version 0.6.4

Release date: 2021-07-23

Changes

Changes included in this version:

Error messages have been formatted to make them easier for users to understand.
Additional validation for sha1 encryption ensures that requests are only made to the correct endpoint.

CLI version 0.6.3

Release date: 2021-06-25

Changes

There are minor changes in this latest release.

Support for IBM Cloud® Hyper Protect Crypto Services specific algorithms in Key Create and Key Rotate.

CLI version 0.6.2

Release date: 2021-05-20

Changes

There are minor changes in this release.

Key purge command supports purging a deleted key resulting in the permanent deletion of information related to that key. After being purged, the key is not available to be restored: ibmcloud kp key purge <keyID>.
Support for the new ca-tor regional endpoint; all Key Protect operations supported via CLI can be performed for this region: ibmcloud kp region-set ca-tor (sets the target endpoint to key protect ca-tor endpoint).

CLI version 0.6.1

Release date: 2021-04-30

Changes

There are minor changes in this release.

Key Update command has been added, supporting transferring your key from its current key ring to a new key ring.

CLI version 0.6.0

Release date: 2021-02-25

Changes

There are major changes in this release.

Key Ring support is added to the CLI supporting customization and best practices.
Key Alias feature is added to the CLI adding first-in-class management support.
Added support for Osaka (jp-osa) endpoint.
Instance policy command supports the new sub commands.
Minor changes include JSON output support in sub commands and the deprecation of some commands, features and flags.

CLI version 0.5.2

Release date: 2020-09-21

Changes

Commands that specify JSON outout (--output json) now return an empty JSON structure if there is no output.

CLI version 0.5.1 (deprecated)

Release date: 2020-07-21

Changes

Changed the command successful message from SUCCESS TO OK.
Remove additional line breaks in the response.
For Windows, OK and FAILED messages are the same color as the ibmcloud command colors.

CLI version 0.5.0 (deprecated)

Release date: 2020-06-19

Documentation: CLI reference, version 0.5.0

Add these commands

kp instance

kp instance policies : list policies associated with an instance
kp instance policy-update allowed-network : update the instance policy and set the "allowed network" to public-and-private or private-only
kp instance policy-update dual-auth-delete : update the instance policy and enable or disable the "dual authorization delete" policy

kp key

kp key cancel-delete : cancel a previously scheduled request to delete a key
kp key disable : disable a root key and temporarily revoke access to the key's associated data in the cloud
kp key enable : enable a root key that was previously disabled; this action restores the key's encrypt and decrypt operations
kp key restore : restore a previously deleted root key, which restores access to its associated data in the cloud
kp key policy-update dual-auth-delete : update the "dual authorization delete" policy associated with a key
kp key policy-update rotation : update the "rotation" policy associated with a key
kp key schedule-delete : authorize a key, with a "dual-auth-delete" policy, to be deleted

kp registrations

kp registrations : list registrations, which are associations between keys and other cloud resources such as Cloud Object Storage (COS) buckets or Cloud Databases deployments

Update these commands

kp import-token

kp import-token key-encrypt : add the -a (--hash) option; encrypt keys using the SHA-1 algorithm for Hyper Protect Crypto Services (HPCS)
kp import-token nonce-encrypt : add the -c (--cbc) option; encrypt the nonce using the AES-CBC encryption algorithm; only supported for HPCS

kp key

kp key delete : add the -f (--force) option to delete a key, with force, which is used to delete a key that has existing "registrations"

kp keys

kp keys : add the -n (--number-of-keys) and -s (--starting-offset) options to retrieve a subset of keys

CLI version 0.4.0 (deprecated)

Release date: 2020-05-01

Major changes were made to the ibmcloud kp command structure.

Add these commands

kp import-token create: create an import token
kp import-token key-encrypt: encrypt the key that you want to import to the service
kp import-token nonce-encrypt: encrypt the nonce that is generated by Key Protect
kp import-token show: retrieve an import token
kp key: perform operations on keys
kp keys: list the keys that are available in your Key Protect instance
kp region-set: target a different Key Protect regional endpoint

Deprecate these commands

kp create: use kp import-token create or kp key create
kp delete: use kp key delete
kp get: use kp key show
kp import-token encrypt-key: use kp import-token key-encrypt
kp import-token encrypt-nonce: use kp import-token nonce-encrypt
kp import-token get: use kp import-token show
kp list: use kp keys
kp policy: use kp key policies or kp key policy-update
kp rotate: use kp key rotate
kp unwrap: use kp key unwrap
kp wrap: use kp key wrap

Deprecated commands

All deprecated commands work in versions 0.4.0 and 0.5.0. That is, version 0.5.0 is backwards compatible with versions 0.3.9 and 0.4.0. For example, you can issue the kp create command even though it's deprecated in version 0.5.0.

The intent is to remove support for deprecated commands in the next CLI version, which is anticipated the end of September, 2020.

CLI version 0.3.9 (deprecated)

Release date: 2019-11-11

Updates

Update usage information for all ibmcloud kp commands and sub-commands
Fix bug in the JSON output format option (--output json) for all commands that support JSON output