Exports the security object as components.

  • Published on Jun 2, 2025
  • 1 minute(s) read
Prev Next
Post
/crypto/v1/keys/components/export

Exports the security object as components. This API can only be called through an approval request and won't work if called directly. This requires a key custodian policy and quorum approval policy to be set at the group level. A new approval request needs to be created (see POST /sys/v1/approval_requests), then after getting the required approvals, the key custodians can fetch the result of this approval request (See POST /sys/v1/approval_requests/:req_id/result). Each key custodian will be able to get only their component.

Only AES, DES, DES3 & HMAC objects are exportable by components.

This is described in detail in the following article: https://support.fortanix.com/hc/en-us/articles/360043559332-User-s-Guide-Key-Components

Security
HTTP
Type bearer
API Key: apiKeyAuth
Header parameter nameAuthorization
Body parameters
Expand All
object
key
OneOf
SobjectDescriptorVariantKid
object (SobjectDescriptorVariantKid)
kid
string (uuid) Required
SobjectDescriptorVariantName
object (SobjectDescriptorVariantName)
name
string Required
Max length4096
Pattern^[^\n]*[^\s\n][^\n]*$
SobjectDescriptorVariantTransientKey
object (SobjectDescriptorVariantTransientKey)
transient_key
string (byte) Required
SobjectDescriptorVariantInline
object (SobjectDescriptorVariantInline)
inline
object Required
value
string (byte) Required
obj_type
string Required
Valid values[ "AES", "ARIA", "DES", "DES3", "SEED", "RSA", "DSA", "EC", "KCDSA", "ECKCDSA", "BIP32", "BLS", "OPAQUE", "HMAC", "LEDABETA", "ROUND5BETA", "SECRET", "LMS", "XMSS", "MLDSA", "MLDSABETA", "MLKEM", "MLKEMBETA", "CERTIFICATE", "PBE" ]
wrap_key_params
object
key
OneOf
SobjectDescriptorVariantKid
object (SobjectDescriptorVariantKid)
kid
string (uuid) Required
SobjectDescriptorVariantName
object (SobjectDescriptorVariantName)
name
string Required
Max length4096
Pattern^[^\n]*[^\s\n][^\n]*$
SobjectDescriptorVariantTransientKey
object (SobjectDescriptorVariantTransientKey)
transient_key
string (byte) Required
SobjectDescriptorVariantInline
object (SobjectDescriptorVariantInline)
inline
object Required
value
string (byte) Required
obj_type
string Required
Valid values[ "AES", "ARIA", "DES", "DES3", "SEED", "RSA", "DSA", "EC", "KCDSA", "ECKCDSA", "BIP32", "BLS", "OPAQUE", "HMAC", "LEDABETA", "ROUND5BETA", "SECRET", "LMS", "XMSS", "MLDSA", "MLDSABETA", "MLKEM", "MLKEMBETA", "CERTIFICATE", "PBE" ]
alg
string Required
Valid values[ "AES", "ARIA", "DES", "DES3", "SEED", "RSA", "DSA", "KCDSA", "EC", "ECKCDSA", "BIP32", "BLS", "LMS", "XMSS", "MLDSA", "MLDSABETA", "MLKEM", "MLKEMBETA", "HMAC", "LEDABETA", "ROUND5BETA", "PBE" ]
mode
OneOf
string
string
Valid values[ "ECB", "CBC", "CBCNOPAD", "CFB", "OFB", "CTR", "GCM", "CCM", "KW", "KWP", "FF1" ]
object
OneOf
RsaEncryptionPaddingVariantOaep
object (RsaEncryptionPaddingVariantOaep)
OAEP
object Required
mgf
OneOf
MgfVariantMgf1
object (MgfVariantMgf1)
mgf1
object Required
hash
string Required
Valid values[ "BLAKE2B256", "BLAKE2B384", "BLAKE2B512", "BLAKE2S256", "RIPEMD160", "SSL3", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512", "STREEBOG256", "STREEBOG512", "SHA3_224", "SHA3_256", "SHA3_384", "SHA3_512" ]
RsaEncryptionPaddingVariantPkcs1V15
object (RsaEncryptionPaddingVariantPkcs1V15)
PKCS1_V15
object Required
RsaEncryptionPaddingVariantRawDecrypt
object (RsaEncryptionPaddingVariantRawDecrypt)
RAW_DECRYPT
object Required
iv
string (byte)
ad
string (byte)
tag_len
integer | null
custodians
Array of object (Principal) Required
OneOf
PrincipalVariantApp
object (PrincipalVariantApp)
app
string (uuid) Required
PrincipalVariantUser
object (PrincipalVariantUser)
user
string (uuid) Required
PrincipalVariantPlugin
object (PrincipalVariantPlugin)
plugin
string (uuid) Required
PrincipalVariantUserViaApp
object (PrincipalVariantUserViaApp)
userviaapp
object Required
user_id
string (uuid) Required
scopes
Array of string (OauthScope) Required
string
Valid values[ "app", "openid", "email", "profile" ]
string
string
Valid values[ "system" ]
string
string
Valid values[ "unregistereduser" ]
method
string
Valid values[ "XOR" ]
description
string | null
Responses
2XX

Success result

Expand All
object
components
Array of object (SobjectComponent)
object
component
string (byte)
component_kcv
string
custodian
OneOf
PrincipalVariantApp
object (PrincipalVariantApp)
app
string (uuid)
PrincipalVariantUser
object (PrincipalVariantUser)
user
string (uuid)
PrincipalVariantPlugin
object (PrincipalVariantPlugin)
plugin
string (uuid)
PrincipalVariantUserViaApp
object (PrincipalVariantUserViaApp)
userviaapp
object
user_id
string (uuid)
scopes
Array of string (OauthScope)
string
Valid values[ "app", "openid", "email", "profile" ]
string
string
Valid values[ "system" ]
string
string
Valid values[ "unregistereduser" ]
iv
string (byte)
tag
string (byte)
key_kcv
string
key_kcv_cmac
string
description
string | null