CLI changelog
Learn about updates to the Key Protect Command Line Interface (CLI) plug-in.
To update your Key Protect CLI plug-in, see updating the CLI plug-in.
When you log in to the IBM Cloud CLI, you're notified when updates are available.
Be sure to keep your CLI installation up-to-date so that you can use the latest commands and flags that are available for the Key Protect CLI plug-in.
CLI version 0.10.2
Release date: 2024-08-19
Changes
Changes in this version include:
Addition of a --force
(-f
) flag to object-delete
. This flag forces deletion of the kmip object regardless of the object's state.
Addition of a --force
(-f
) flag to adapter-delete
. This flag will attempt to force delete all kmip objects within the adapter, then deletes the specified adapter.
CLI version 0.10.1
Release date: 2024-07-01
Changes
Changes in this version include:
Addition of a --crk-id
(-k
) flag to list kmip_adapters with the specified key ID.
CLI version 0.10.0
Release date: 2024-04-15
Changes
Changes in this version include:
Support for the key management interoperability protocol (KMIP).
The "Targeting Endpoint" string no longer prints when the -o json
flag is given in any command.
CLI version 0.9.3
Release date: 2023-12-07
Changes
Changes in this version include:
An internal update GoLang versions. It includes no feature additions.
CLI version 0.9.1
Release date: 2023-11-09
Changes
Changes in this version include:
Support for the ability to force the deletion of a key ring.
Also added the following info message that prints to stderr
that says which Key Protect endpoint a CLI action is going to hit.
Targeting endpoint: https://qa.us-south.kms.test.cloud.ibm.com
Listing KMIP Objects...
OK
Object ID Object Type Object State Created At Updated At
08082ff4-821b-4689-83ec-15cac5bd1939 Symmetric Key Pre-Active 2024-02-22 00:10:46 +0000 UTC 2024-02-22 00:11:23 +0000 UTC
2b4d7937-afbe-4ba6-b818-ef25e1d6e183 Symmetric Key Pre-Active 2024-01-23 21:59:21 +0000 UTC 2024-01-23 21:59:21 +0000 UTC
3c10176d-98f2-455d-9da1-a4857c648576 Symmetric Key Compromised 2024-01-22 15:35:08 +0000 UTC 2024-01-22 15:35:08 +0000 UTC
CLI version 0.9.0
Release date: 2023-09-12
Changes
Changes in this version include:
Support for the ability to set descriptions during key creation.
CLI version 0.8.0
Release date: 2023-06-27
Changes
Release date: 2023-06-27
Changes in this version include:
Support for counting the number of key versions regardless of whether the key is in an active state.
CLI version 0.7.0
Release date: 2022-10-14
Changes
Changes in this version include:
- Support for creating instance rotation policies as well as the ability to enable and disable rotation policies for an individual key.
- Support also for the ability to create keys with policy overrides and the capability for filtering the listing of keys.
CLI version 0.6.12
Release date: 2022-08-12
Changes
Changes in this version include:
- Support for the new search parameter to filter the list of keys returned from the
keys
command - Support also for the new sort parameters to order the list of keys returned from the
keys
command
CLI version 0.6.11
Release date: 2022-06-27
Changes
Changes in this version include support for filters when listing keys, support for listing the versions of a key, and support for using aliases in place of key IDs.
CLI version 0.6.10
Release date: 2022-02-08
Changes
Changes included in this version:
- The environment variable
KP_PRIVATE_ADDR
is no longer required when authenticating toprivate.cloud.ibm.com
. More information is available about using the CLI with private endpoints. - The environment variable
IBMCLOUD_TRACE
gives you more visibility into your diagnostics. Learn more at the CLI documentation. - Updated help text and messages.
CLI version 0.6.9
Release date: 2021-12-14
Changes
Changes included in this version:
- Added support for São-Paulo region.
CLI version 0.6.8
Release date: 2021-11-05
Changes
Changes included in this version:
- Added support for targeting private endpoints.
CLI version 0.6.7
The release binary is not currently available. When released, please use v0.6.8.
CLI version 0.6.6
Release date: 2021-10-11
Changes
Changes included in this version:
-
Added feature for key synchronizing as a new subcommand under
key
. -
Updated the "Internal server error" response message to return the actual error message.
CLI version 0.6.5
Release date: 2021-08-30
Changes
Changes included in this version:
-
The JSON response for the retrieval of multiple objects like listing keys, policies, and registrations is set as an empty array:
[]
when there are no objects returned by the service. -
The JSON response for the retrieval of a single object, like a key policy, is set as an empty object:
{}
when there is no policy returned by the service.
CLI version 0.6.4
Release date: 2021-07-23
Changes
Changes included in this version:
-
Error messages have been formatted to make them easier for users to understand.
-
Additional validation for sha1 encryption ensures that requests are only made to the correct endpoint.
CLI version 0.6.3
Release date: 2021-06-25
Changes
There are minor changes in this latest release.
Support for IBM Cloud® Hyper Protect Crypto Services specific algorithms in Key Create and Key Rotate.
CLI version 0.6.2
Release date: 2021-05-20
Changes
There are minor changes in this release.
- Key purge command supports purging a deleted key resulting in the permanent deletion of information related to that key. After being purged, the key is not available
to be restored:
ibmcloud kp key purge <keyID>
. - Support for the new
ca-tor
regional endpoint; all Key Protect operations supported via CLI can be performed for this region:ibmcloud kp region-set ca-tor
(sets the target endpoint to key protectca-tor
endpoint).
CLI version 0.6.1
Release date: 2021-04-30
Changes
There are minor changes in this release.
- Key Update command has been added, supporting transferring your key from its current key ring to a new key ring.
CLI version 0.6.0
Release date: 2021-02-25
Changes
There are major changes in this release.
- Key Ring support is added to the CLI supporting customization and best practices.
- Key Alias feature is added to the CLI adding first-in-class management support.
- Added support for Osaka (jp-osa) endpoint.
- Instance policy command supports the new sub commands.
- Minor changes include JSON output support in sub commands and the deprecation of some commands, features and flags.
CLI version 0.5.2
Release date: 2020-09-21
Changes
- Commands that specify JSON outout (
--output json
) now return an empty JSON structure if there is no output.
CLI version 0.5.1 (deprecated)
Release date: 2020-07-21
Changes
-
Changed the
command successful
message fromSUCCESS
TOOK
. -
Remove additional line breaks in the response.
-
For Windows,
OK
andFAILED
messages are the same color as theibmcloud
command colors.
CLI version 0.5.0 (deprecated)
Release date: 2020-06-19
Documentation: CLI reference, version 0.5.0
Add these commands
kp instance
-
kp instance policies : list policies associated with an instance
-
kp instance policy-update allowed-network : update the instance policy and set the "allowed network" to public-and-private or private-only
-
kp instance policy-update dual-auth-delete : update the instance policy and enable or disable the "dual authorization delete" policy
kp key
-
kp key cancel-delete : cancel a previously scheduled request to delete a key
-
kp key disable : disable a root key and temporarily revoke access to the key's associated data in the cloud
-
kp key enable : enable a root key that was previously disabled; this action restores the key's encrypt and decrypt operations
-
kp key restore : restore a previously deleted root key, which restores access to its associated data in the cloud
-
kp key policy-update dual-auth-delete : update the "dual authorization delete" policy associated with a key
-
kp key policy-update rotation : update the "rotation" policy associated with a key
-
kp key schedule-delete : authorize a key, with a "dual-auth-delete" policy, to be deleted
kp registrations
- kp registrations : list registrations, which are associations between keys and other cloud resources such as Cloud Object Storage (COS) buckets or Cloud Databases deployments
Update these commands
kp import-token
-
kp import-token key-encrypt : add the
-a
(--hash) option; encrypt keys using the SHA-1 algorithm for Hyper Protect Crypto Services (HPCS) -
kp import-token nonce-encrypt : add the
-c
(--cbc) option; encrypt the nonce using the AES-CBC encryption algorithm; only supported for HPCS
kp key
- kp key
delete : add the
-f
(--force) option to delete a key, with force, which is used to delete a key that has existing "registrations"
kp keys
- kp
keys : add the
-n
(--number-of-keys) and-s
(--starting-offset) options to retrieve a subset of keys
CLI version 0.4.0 (deprecated)
Release date: 2020-05-01
Major changes were made to the ibmcloud kp
command structure.
Add these commands
-
kp import-token create
: create an import token -
kp import-token key-encrypt
: encrypt the key that you want to import to the service -
kp import-token nonce-encrypt
: encrypt the nonce that is generated by Key Protect -
kp import-token show
: retrieve an import token -
kp key
: perform operations on keys -
kp keys
: list the keys that are available in your Key Protect instance -
kp region-set
: target a different Key Protect regional endpoint
Deprecate these commands
-
kp create
: usekp import-token create
orkp key create
-
kp delete
: usekp key delete
-
kp get
: usekp key show
-
kp import-token encrypt-key
: usekp import-token key-encrypt
-
kp import-token encrypt-nonce
: usekp import-token nonce-encrypt
-
kp import-token get
: usekp import-token show
-
kp list
: usekp keys
-
kp policy
: usekp key policies
orkp key policy-update
-
kp rotate
: usekp key rotate
-
kp unwrap
: usekp key unwrap
-
kp wrap
: usekp key wrap
Deprecated commands
All deprecated commands work in versions 0.4.0 and 0.5.0. That is, version 0.5.0 is backwards compatible with versions 0.3.9 and 0.4.0. For example, you can issue the kp create
command even though it's deprecated in version 0.5.0.
The intent is to remove support for deprecated commands in the next CLI version, which is anticipated the end of September, 2020.
CLI version 0.3.9 (deprecated)
Release date: 2019-11-11
Updates
-
Update usage information for all
ibmcloud kp
commands and sub-commands -
Fix bug in the JSON output format option (
--output json
) for all commands that support JSON output