Mark a key as trusted using CloudHSM CLI

Focus mode

Mark a key as trusted using CloudHSM CLI - AWS CloudHSM

The content in this section provides instructions on using CloudHSM CLI to mark a key as trusted.

Using the CloudHSM CLI login command, log in as a crypto user (CU).

Use the key list command to identify the key reference of the key you want to mark as trusted. The following example lists the key with the label key_to_be_trusted.


aws-cloudhsm > key list --filter attr.label=test_aes_trusted
        {
  "error_code": 0,
  "data": {
    "matched_keys": [
      {
        "key-reference": "0x0000000000200333",
        "attributes": {
          "label": "test_aes_trusted"
        }
      }
    ],
    "total_key_count": 1,
    "returned_key_count": 1
  }
}

Using the Log out of an HSM using CloudHSM CLI command, log out as a crypto user (CU).
Using the Log in to an HSM using CloudHSM CLI command, log in as an admin.

Using the key set-attribute command with the key reference you identified in step 2, set the key's trusted value to true:


aws-cloudhsm > key set-attribute --filter key-reference=<Key Reference> --name trusted --value true
{
  "error_code": 0,
  "data": {
    "message": "Attribute set successfully"
  }
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Filter by keys

Manage quorum authentication (M of N)

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

Unable to save cookie preferences

Mark a key as trusted using CloudHSM CLI

Did this page help you?

Next topic:

Previous topic:

Need help?