IBM Cloud Docs
Retrieving your instance ID and cloud resource name (CRN)

Retrieving your instance ID and cloud resource name (CRN)

You can target an individual IBM® Key Protect instance for operations by including its unique identifier, or instance ID, in API requests to the service. Similarly, it can also be helpful to know your relevant cloud resource name (CRN).

Viewing your instance ID and CRN in the IBM Cloud console

You can view the instance ID that is associated with your Key Protect instance by navigating to your IBM Cloud resource list.

  1. Log in to the IBM Cloud console.

  2. Go to Menu > Resource List, and then click Services to browse a list of your cloud services.

  3. Click the table row. This opens the resources table side panel, where you can see the CRN and instance GUID.

  4. Click on the instance name link. This will open your Key Protect instance.

  5. From the Keys page, click the Details box to open a side panel. Your instance ID and CRN are listed here as code snippets.

Retrieving an instance ID and CRN with the CLI

You can also retrieve the instance ID for your Key Protect instance by using the IBM Cloud CLI.

  1. Log in to IBM Cloud with the IBM Cloud CLI.

    ibmcloud login
    

    If the login fails, run the ibmcloud login --sso command to try again. The --sso parameter is required when you log in with a federated ID. If this option is used, go to the link listed in the CLI output to generate a one-time passcode.

  2. Select the account, region, and resource group that contain your provisioned instance of Key Protect.

  3. Retrieve the Cloud Resource Name (CRN) that uniquely identifies your Key Protect instance.

    ibmcloud resource service-instance <instance_name> --id
    

    Replace <instance_name> with the unique alias that you assigned to your Key Protect instance. If you do not know the name of your instance, run the ibmcloud resource service-instances command to retrieve a list of instance names that you provisioned in the selected region.

    The following truncated example shows the CLI output.

    crn:v1:bluemix:public:kms:us-south:a/f047b55a3362ac06afad8a3f2f5586ea:42454b3b-5b06-407b-a4b3-34d9ef323901:: 42454b3b-5b06-407b-a4b3-34d9ef323901
    

    The 42454b3b-5b06-407b-a4b3-34d9ef323901 value is an example instance ID.

Retrieving an instance ID with the API

You might want to retrieve the instance ID programmatically to help you build and connect your application. You can call the IBM Cloud Resource Controller API, and then pipe the JSON output to jq to extract this value.

  1. Retrieve an IBM Cloud IAM access token.

  2. Call the Resource Controller API to retrieve your instance ID.

    $ curl -X GET \
        "https://resource-controller.cloud.ibm.com/v2/resource_instances" \
        -H "authorization: Bearer <IAM_token>" | jq -r '.resources[] | select(.name | contains("<instance_name>")) | .guid'
    

    Replace <instance_name> with the unique alias that you assigned to your Key Protect instance. If you do not know the name of your instance, make a GET /v2/resource_instances request to retrieve a list of instance names that you provisioned in the selected region.

    The following output shows an example instance ID:

    42454b3b-5b06-407b-a4b3-34d9ef323901