Skip to main content
Version: 0.5.0

Security Resources

The security category provides commands for managing security resources in Aruba Cloud, including Key Management System (KMS) keys for encryption and security.

Available Resources

KMS Keys

KMS (Key Management Service) keys provide encryption key management for securing your data and resources.

Quick Commands:

# List all KMS keys
acloud security kms list

# Get KMS key details
acloud security kms get <kms-id>

# Create a KMS key
acloud security kms create --name "my-kms-key" --region "ITBG-Bergamo" --billing-period "Hour"

# Update a KMS key
acloud security kms update <kms-id> --name "updated-name" --tags "production"

# Delete a KMS key
acloud security kms delete <kms-id>

Cryptographic Keys

Cryptographic keys are nested inside a KMS instance and provide AES or RSA encryption material.

Quick Commands:

# List all keys in a KMS instance
acloud security key list --kms-id <kms-id>

# Get key details
acloud security key get <key-id> --kms-id <kms-id>

# Create a key
acloud security key create --kms-id <kms-id> --name "my-key" --algorithm "Aes"

# Delete a key
acloud security key delete <key-id> --kms-id <kms-id>

KMIP Services

KMIP services are nested inside a KMS instance and expose a KMIP endpoint for certificate-based client authentication.

Quick Commands:

# List all KMIP services in a KMS instance
acloud security kmip list --kms-id <kms-id>

# Get KMIP service details
acloud security kmip get <kmip-id> --kms-id <kms-id>

# Create a KMIP service (and wait for certificate)
acloud security kmip create --kms-id <kms-id> --name "my-kmip" --wait

# Download certificate and private key (PEM)
acloud security kmip download <kmip-id> --kms-id <kms-id>

# Delete a KMIP service
acloud security kmip delete <kmip-id> --kms-id <kms-id>

Command Structure

All security commands follow this structure:

acloud security <resource> <action> [arguments] [flags]

Where:

  • <resource>: The type of resource (e.g., kms)
  • <action>: The operation to perform (e.g., list, get, create, update, delete)
  • [arguments]: Required arguments (e.g., resource IDs)
  • [flags]: Optional flags (e.g., --name, --region, --tags)

Common Patterns

Listing Resources

acloud security <resource> list

Getting Resource Details

acloud security <resource> get <resource-id>

Creating Resources

acloud security <resource> create [required-args] [flags]

Updating Resources

acloud security <resource> update <resource-id> [flags]

Deleting Resources

acloud security <resource> delete <resource-id> [--yes]

Project Context

Security resources are scoped to a project. You can either:

  1. Use the --project-id flag:

    acloud security kms list --project-id <project-id>
  2. Set a context:

    acloud context set my-prod --project-id <project-id>
    acloud security kms list # Uses context project ID

See Installation - Context Management for more information.

Next Steps