Using a virtual private endpoint
After you created your VPC and you want to connect to Key Protect service for your data encryption needs, you can create a virtual private endpoint in your VPC to access Key Protect service within your VPC network.
You can configure the VPE to use the IP addresses of your choice, which are allocated from a subnet within your VPC. VPEs are bound to a VPE gateway and serve as an intermediary that enables your workload to interact with Key Protect.
To connect to Key Protect by using a virtual private endpoint, you must use the Key Protect API, SDK, or Terraform. The Key Protect UI has to be accessed through public network from your VPC.
Before you begin
Before you target a virtual private endpoint for Key Protect:
- Ensure that you have provisioned a Virtual Private Cloud.
- Ensure that you have conducted planning for Virtual Private Endpoints.
- Ensure that correct access controls are set for your virtual private endpoint.
- Understand the limitations of having a virtual private endpoint.
- Ensure that you have created and understand how to access a VPE gateway.
- Understand how to view details of a Virtual Private Endpoint.
Virtual private endpoint settings, specifically the Internet Protocol (IP) address, may need to be manually updated during Disaster recovery and business continuity actions.
Virtual Private Service Endpoints
The following table lists regions where Key Protect service supports VPE. It also lists Key Protect endpoints supported from each region. You can connect to Key Protect service in another region using supported endpoints. For example, from the
Sydney region, you can use Key Protect service in
us-south region using the us-south endpoint.
When connecting to a VPE via CLI or API, you will need to specify the CRN of the region that you will use to connect to the Key Protect service. Use the table below to locate the CRN of the target region.
| Region | Endpoints Supported in Region | CRN | |
|---|---|---|---|
| Dallas | |||
private.us-south.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-south:::endpoint:private.us-south.kms.cloud.ibm.com |
||
private.us-east.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-east:::endpoint:private.us-east.kms.cloud.ibm.com |
||
private.eu-gb.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-gb:::endpoint:private.eu-gb.kms.cloud.ibm.com |
||
private.eu-de.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-de:::endpoint:private.eu-de.kms.cloud.ibm.com |
||
private.au-syd.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:au-syd:::endpoint:private.au-syd.kms.cloud.ibm.com |
||
private.jp-tok.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:jp-tok:::endpoint:private.jp-tok.kms.cloud.ibm.com |
||
| Washington | |||
private.us-south.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-south:::endpoint:private.us-south.kms.cloud.ibm.com |
||
private.us-east.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-east:::endpoint:private.us-east.kms.cloud.ibm.com |
||
private.eu-gb.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-gb:::endpoint:private.eu-gb.kms.cloud.ibm.com |
||
private.eu-de.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-de:::endpoint:private.eu-de.kms.cloud.ibm.com |
||
private.au-syd.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:au-syd:::endpoint:private.au-syd.kms.cloud.ibm.com |
||
private.jp-tok.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:jp-tok:::endpoint:private.jp-tok.kms.cloud.ibm.com |
||
| Sydney | |||
private.us-south.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-south:::endpoint:private.us-south.kms.cloud.ibm.com |
||
private.us-east.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-east:::endpoint:private.us-east.kms.cloud.ibm.com |
||
private.eu-gb.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-gb:::endpoint:private.eu-gb.kms.cloud.ibm.com |
||
private.eu-de.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-de:::endpoint:private.eu-de.kms.cloud.ibm.com |
||
private.au-syd.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:au-syd:::endpoint:private.au-syd.kms.cloud.ibm.com |
||
private.jp-tok.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:jp-tok:::endpoint:private.jp-tok.kms.cloud.ibm.com |
||
| Tokyo | |||
private.us-south.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-south:::endpoint:private.us-south.kms.cloud.ibm.com |
||
private.us-east.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-east:::endpoint:private.us-east.kms.cloud.ibm.com |
||
private.eu-gb.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-gb:::endpoint:private.eu-gb.kms.cloud.ibm.com |
||
private.eu-de.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-de:::endpoint:private.eu-de.kms.cloud.ibm.com |
||
private.au-syd.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:au-syd:::endpoint:private.au-syd.kms.cloud.ibm.com |
||
private.jp-tok.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:jp-tok:::endpoint:private.jp-tok.kms.cloud.ibm.com |
||
| London | |||
private.us-south.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-south:::endpoint:private.us-south.kms.cloud.ibm.com |
||
private.us-east.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-east:::endpoint:private.us-east.kms.cloud.ibm.com |
||
private.eu-gb.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-gb:::endpoint:private.eu-gb.kms.cloud.ibm.com |
||
private.eu-de.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-de:::endpoint:private.eu-de.kms.cloud.ibm.com |
||
private.au-syd.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:au-syd:::endpoint:private.au-syd.kms.cloud.ibm.com |
||
private.jp-tok.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:jp-tok:::endpoint:private.jp-tok.kms.cloud.ibm.com |
||
| Frankfurt | |||
private.us-south.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-south:::endpoint:private.us-south.kms.cloud.ibm.com |
||
private.us-east.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-east:::endpoint:private.us-east.kms.cloud.ibm.com |
||
private.eu-gb.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-gb:::endpoint:private.eu-gb.kms.cloud.ibm.com |
||
private.eu-de.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-de:::endpoint:private.eu-de.kms.cloud.ibm.com |
||
private.au-syd.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:au-syd:::endpoint:private.au-syd.kms.cloud.ibm.com |
||
private.jp-tok.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:jp-tok:::endpoint:private.jp-tok.kms.cloud.ibm.com |