A JWT asserting that the user is allowed to unwrap a key for resource_name. See authorization tokens.
reason
string (UTF-8)
A passthrough JSON string providing additional context about the operation. The JSON provided should be sanitized before being displayed. Max size: 1 KB.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-11-14 UTC."],[[["\u003cp\u003eThis API call takes a wrapped Data Encryption Key (DEK) and returns a base64 encoded resource key hash.\u003c/p\u003e\n"],["\u003cp\u003eThe request body requires an authorization token, a reason for the operation, and the wrapped key.\u003c/p\u003e\n"],["\u003cp\u003eA successful response provides the resource key hash, while failures return a structured error reply.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003edigest\u003c/code\u003e endpoint is used for this operation within the Key Access Control List Service (KACLS).\u003c/p\u003e\n"],["\u003cp\u003eSee the provided links for more details on authorization tokens, resource key hash, wrap API, rewrap API and structured errors.\u003c/p\u003e\n"]]],["This call digests a wrapped Data Encryption Key (DEK) using a POST request to the KACLS URL's `/digest` endpoint. The request body includes a `wrapped_key`, an `authorization` JWT, and a `reason` string. Upon success, the response returns a JSON object containing the base64 encoded `resource_key_hash`. Failure results in a structured error reply. The `resource_key_hash` can be later used in resources.\n"],null,["# Method: digest\n\nThis call takes a Data Encryption Key (DEK) wrapped with the wrap API, and\nreturns the base64 encoded\n[resource key hash](/workspace/cse/reference/resource-key-hash).\n\nSee also: [`rewrap`](/workspace/cse/reference/rewrap)\n\n### HTTP request\n\n`POST https://`\u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e`/digest`\n\nReplace \u003cvar translate=\"no\"\u003eKACLS_URL\u003c/var\u003e with the Key Access Control List\nService (KACLS) URL.\n\n### Path parameters\n\nNone.\n\n### Request body\n\nThe request body contains data with the following structure:\n\n| JSON representation ||\n|------------------------------------------------------------------------------|---|\n| ``` { \"authorization\": string, \"reason\": string, \"wrapped_key\": string } ``` |\n\n| Fields ||\n|-----------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `authorization` | `string` A JWT asserting that the user is allowed to unwrap a key for `resource_name`. See [authorization tokens](/workspace/cse/reference/authorization-tokens). |\n| `reason` | `string (UTF-8)` A passthrough JSON string providing additional context about the operation. The JSON provided should be sanitized before being displayed. Max size: 1 KB. |\n| `wrapped_key` | `string` The base64 binary object returned by [`wrap`](/workspace/cse/reference/wrap). |\n\n### Response body\n\nIf successful, this method returns a base64 encoded\n[resource key hash](/workspace/cse/reference/resource-key-hash).\n\nIf the operation fails, a\n[structured error reply](/workspace/cse/reference/structured-errors)\nshould be returned.\n\n| JSON representation ||\n|-----------------------------------------|---|\n| ``` { \"resource_key_hash\": string } ``` |\n\n| Fields ||\n|---------------------|-------------------------------------------------------------------------------------------------------------|\n| `resource_key_hash` | `string` base64 encoded binary object. See [resource key hash](/workspace/cse/reference/resource-key-hash). |\n\n### Example\n\n#### Request\n\n POST https://mykacls.example.com/v1/digest\n\n {\n \"wrapped_key\": \"7qTh6Mp+svVwYPlnZMyuj8WHTrM59wl/UI50jo61Qt/QubZ9tfsUc1sD62xdg3zgxC9quV4r+y7AkbfIDhbmxGqP64pWbZgFzOkP0JcSn+1xm/CB2E5IknKsAbwbYREGpiHM3nzZu+eLnvlfbzvTnJuJwBpLoPYQcnPvcgm+5gU1j1BjUaNKS/uDn7VbVm7hjbKA3wkniORC2TU2MiHElutnfrEVZ8wQfrCEpuWkOXs98H8QxUK4pBM2ea1xxGj7vREAZZg1x/Ci/E77gHxymnZ/ekhUIih6Pwu75jf+dvKcMnpmdLpwAVlE1G4dNginhFVyV/199llf9jmHasQQuaMFzQ9UMWGjA1Hg2KsaD9e3EL74A5fLkKc2EEmBD5v/aP+1RRZ3ISbTOXvxqYIFCdSFSCfPbUhkc9I2nHS0obEH7Q7KiuagoDqV0cTNXWfCGJ1DtIlGQ9IA6mPDAjX8Lg==\",\n \"authorization\": \"eyJhbGciOi...\",\n \"reason\": \"{client:'drive' op:'read'}\"\n }\n\n#### Response\n\n {\n \"resource_key_hash\": \"qClT153ghqBOLPpdMsc4S4n6okPrRaLPBYT0zRcn+go=\"\n }"]]
