CLI changelog

Changes

Changes in this version include:

Addition of a --force (-f) flag to object-delete. This flag forces deletion of the kmip object regardless of the object's state.

Addition of a --force (-f) flag to adapter-delete. This flag will attempt to force delete all kmip objects within the adapter, then deletes the specified adapter.

Changes

Changes in this version include:

Addition of a --crk-id (-k) flag to list kmip_adapters with the specified key ID.

Changes

Changes in this version include:

Support for the key management interoperability protocol (KMIP).

The "Targeting Endpoint" string no longer prints when the -o json flag is given in any command.

Changes

Changes in this version include:

An internal update GoLang versions. It includes no feature additions.

Changes

Changes in this version include:

Support for the ability to force the deletion of a key ring.

Also added the following info message that prints to stderr that says which Key Protect endpoint a CLI action is going to hit.

Targeting endpoint: https://qa.us-south.kms.test.cloud.ibm.com
Listing KMIP Objects...
OK
Object ID                              Object Type     Object State   Created At                      Updated At   
08082ff4-821b-4689-83ec-15cac5bd1939   Symmetric Key   Pre-Active     2024-02-22 00:10:46 +0000 UTC   2024-02-22 00:11:23 +0000 UTC   
2b4d7937-afbe-4ba6-b818-ef25e1d6e183   Symmetric Key   Pre-Active     2024-01-23 21:59:21 +0000 UTC   2024-01-23 21:59:21 +0000 UTC   
3c10176d-98f2-455d-9da1-a4857c648576   Symmetric Key   Compromised    2024-01-22 15:35:08 +0000 UTC   2024-01-22 15:35:08 +0000 UTC

Changes

Changes in this version include:

Support for the ability to set descriptions during key creation.

Changes

Release date: 2023-06-27

Changes in this version include:

Support for counting the number of key versions regardless of whether the key is in an active state.

Changes

Changes in this version include:

• Support for creating instance rotation policies as well as the ability to enable and disable rotation policies for an individual key.
• Support also for the ability to create keys with policy overrides and the capability for filtering the listing of keys.

Changes

Changes in this version include:

• Support for the new search parameter to filter the list of keys returned from the keys command
• Support also for the new sort parameters to order the list of keys returned from the keys command

Changes

Changes in this version include support for filters when listing keys, support for listing the versions of a key, and support for using aliases in place of key IDs.

Changes

Changes included in this version:

• The environment variable KP_PRIVATE_ADDR is no longer required when authenticating to private.cloud.ibm.com. More information is available about using the CLI with private endpoints.
• The environment variable IBMCLOUD_TRACE gives you more visibility into your diagnostics. Learn more at the CLI documentation.
• Updated help text and messages.

Changes

Changes included in this version:

• Added support for São-Paulo region.

Changes

Changes included in this version:

• Added support for targeting private endpoints.

Changes

Changes included in this version:

• Added feature for key synchronizing as a new subcommand under key.

• Updated the "Internal server error" response message to return the actual error message.

Changes

Changes included in this version:

• The JSON response for the retrieval of multiple objects like listing keys, policies, and registrations is set as an empty array: [] when there are no objects returned by the service.

• The JSON response for the retrieval of a single object, like a key policy, is set as an empty object: {} when there is no policy returned by the service.

Changes

Changes included in this version:

• Error messages have been formatted to make them easier for users to understand.

• Additional validation for sha1 encryption ensures that requests are only made to the correct endpoint.

Changes

There are minor changes in this latest release.

Support for IBM Cloud® Hyper Protect Crypto Services specific algorithms in Key Create and Key Rotate.

Changes

There are minor changes in this release.

• Key purge command supports purging a deleted key resulting in the permanent deletion of information related to that key. After being purged, the key is not available to be restored: ibmcloud kp key purge <keyID>.
• Support for the new ca-tor regional endpoint; all Key Protect operations supported via CLI can be performed for this region: ibmcloud kp region-set ca-tor (sets the target endpoint to key protect ca-tor endpoint).

Changes

There are minor changes in this release.

• Key Update command has been added, supporting transferring your key from its current key ring to a new key ring.

Changes

There are major changes in this release.

• Key Ring support is added to the CLI supporting customization and best practices.
• Key Alias feature is added to the CLI adding first-in-class management support.
• Added support for Osaka (jp-osa) endpoint.
• Instance policy command supports the new sub commands.
• Minor changes include JSON output support in sub commands and the deprecation of some commands, features and flags.

Changes

• Commands that specify JSON outout (--output json) now return an empty JSON structure if there is no output.

Changes

• Changed the command successful message from SUCCESS TO OK.

• Remove additional line breaks in the response.

• For Windows, OK and FAILED messages are the same color as the ibmcloud command colors.

Add these commands

Update these commands

Add these commands

• kp import-token create: create an import token

• kp import-token key-encrypt: encrypt the key that you want to import to the service

• kp import-token nonce-encrypt: encrypt the nonce that is generated by Key Protect

• kp import-token show: retrieve an import token

• kp key: perform operations on keys

• kp keys: list the keys that are available in your Key Protect instance

• kp region-set: target a different Key Protect regional endpoint

Deprecate these commands

• kp create: use kp import-token create or kp key create

• kp delete: use kp key delete

• kp get: use kp key show

• kp import-token encrypt-key: use kp import-token key-encrypt

• kp import-token encrypt-nonce: use kp import-token nonce-encrypt

• kp import-token get: use kp import-token show

• kp list: use kp keys

• kp policy: use kp key policies or kp key policy-update

• kp rotate: use kp key rotate

• kp unwrap: use kp key unwrap

• kp wrap: use kp key wrap

Deprecated commands

All deprecated commands work in versions 0.4.0 and 0.5.0. That is, version 0.5.0 is backwards compatible with versions 0.3.9 and 0.4.0. For example, you can issue the kp create command even though it's deprecated in version 0.5.0.

The intent is to remove support for deprecated commands in the next CLI version, which is anticipated the end of September, 2020.

Updates

• Update usage information for all ibmcloud kp commands and sub-commands

• Fix bug in the JSON output format option (--output json) for all commands that support JSON output