"import"
********

* Description

* Usage

* Required Parameters

* Optional Parameters

* Global Parameters

* Example using required parameter


Description
===========

Imports AES and RSA keys to create a new key. The key material must be
base64-encoded and wrapped by the vault’s public RSA wrapping key
before you can import it. Key Management supports both RSA and AES
keys. The AES keys are symmetric keys of length 128 bits (16 bytes),
192 bits (24 bytes), or 256 bits (32 bytes), and the RSA keys are
asymmetric keys of length 2048 bits (256 bytes), 3072 bits (384
bytes), and 4096 bits (512 bytes). Furthermore, the key length must
match what you specify at the time of import. When importing an
asymmetric key, only private key must be wrapped in PKCS8 format while
the corresponding public key is generated internally by KMS.

The top level –endpoint parameter must be supplied for this operation.


Usage
=====

   oci kms management key import [OPTIONS]


Required Parameters
===================

--compartment-id, -c [text]

The OCID of the compartment that contains this key.

--display-name [text]

A user-friendly name for the key. It does not have to be unique, and
it is changeable. Avoid entering confidential information.

--key-shape [complex type]

This is a complex type whose value must be valid JSON. The value can
be provided as a string on the command line or passed in as a file
using the file://path/to/file syntax.

The "--generate-param-json-input" option can be used to generate an
example of the JSON which must be provided. We recommend storing this
example in a file, modifying it as needed and then passing it back in
via the file:// syntax.

--wrapped-import-key [complex type]

This is a complex type whose value must be valid JSON. The value can
be provided as a string on the command line or passed in as a file
using the file://path/to/file syntax.

The "--generate-param-json-input" option can be used to generate an
example of the JSON which must be provided. We recommend storing this
example in a file, modifying it as needed and then passing it back in
via the file:// syntax.


Optional Parameters
===================

--defined-tags [complex type]

Usage of predefined tag keys. These predefined keys are scoped to
namespaces. Example: *{“foo-namespace”: {“bar-key”: “foo-value”}}*
This is a complex type whose value must be valid JSON. The value can
be provided as a string on the command line or passed in as a file
using the file://path/to/file syntax.

The "--generate-param-json-input" option can be used to generate an
example of the JSON which must be provided. We recommend storing this
example in a file, modifying it as needed and then passing it back in
via the file:// syntax.

--freeform-tags [complex type]

Simple key-value pair that is applied without any predefined name,
type, or scope. Exists for cross-compatibility only. Example: *{“bar-
key”: “value”}* This is a complex type whose value must be valid JSON.
The value can be provided as a string on the command line or passed in
as a file using the file://path/to/file syntax.

The "--generate-param-json-input" option can be used to generate an
example of the JSON which must be provided. We recommend storing this
example in a file, modifying it as needed and then passing it back in
via the file:// syntax.

--from-json [text]

Provide input to this command as a JSON document from a file using the
file://path-to/file syntax.

The "--generate-full-command-json-input" option can be used to
generate a sample json file to be used with this command option. The
key names are pre-populated and match the command option names
(converted to camelCase format, e.g. compartment-id –> compartmentId),
while the values of the keys need to be populated by the user before
using the sample file as an input to this command. For any command
option that accepts multiple values, the value of the key can be a
JSON array.

Options can still be provided on the command line. If an option exists
in both the JSON document and the command line then the command line
specified value will be used.

For examples on usage of this option, please see our “using CLI with
advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Conte
nt/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

--protection-mode [text]

The key’s protection mode indicates how the key persists and where
cryptographic operations that use the key are performed. A protection
mode of *HSM* means that the key persists on a hardware security
module (HSM) and all cryptographic operations are performed inside the
HSM. A protection mode of *SOFTWARE* means that the key persists on
the server, protected by the vault’s RSA wrapping key which persists
on the HSM. All cryptographic operations that use a key with a
protection mode of *SOFTWARE* are performed on the server. By default,
a key’s protection mode is set to *HSM*. You can’t change a key’s
protection mode after the key is created or imported.

Accepted values are:

   HSM, SOFTWARE


Global Parameters
=================

Use "oci --help" for help on global parameters.

"--auth-purpose", "--auth", "--cert-bundle", "--cli-auto-prompt", "--
cli-rc-file", "--config-file", "--connection-timeout", "--debug", "--
defaults-file", "--endpoint", "--generate-full-command-json-input", "
--generate-param-json-input", "--help", "--latest-version", "--max-
retries", "--no-retry", "--opc-client-request-id", "--opc-request-id",
"--output", "--profile", "--proxy", "--query", "--raw-output", "--
read-timeout", "--realm-specific-endpoint", "--region", "--release-
info", "--request-id", "--version", "-?", "-d", "-h", "-i", "-v"


Example using required parameter
================================

Copy and paste the following example into a JSON file, replacing the
example parameters with your own.

       oci kms management key import --generate-param-json-input key-shape > key-shape.json
       oci kms management key import --generate-param-json-input wrapped-import-key > wrapped-import-key.json

Copy the following CLI commands into a file named example.sh. Run the
command by typing “bash example.sh” and replacing the example
parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-
like shell. You need to set up the OCI configuration and appropriate
security policies before trying the examples.

       export compartment_id=<substitute-value-of-compartment_id> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/kms/management/key/import.html#cmdoption-compartment-id
       export display_name=<substitute-value-of-display_name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/kms/management/key/import.html#cmdoption-display-name

       oci kms management key import --compartment-id $compartment_id --display-name $display_name --key-shape file://key-shape.json --wrapped-import-key file://wrapped-import-key.json
