Mark a key as trusted using CloudHSM CLI

The content in this section provides instructions on using CloudHSM CLI to mark a key as trusted.

Using the CloudHSM CLI login command, log in as a crypto user (CU).

Use the key list command to identify the key reference of the key you want to mark as trusted. The following example lists the key with the label key_to_be_trusted.


aws-cloudhsm > key list --filter attr.label=test_aes_trusted
        {
  "error_code": 0,
  "data": {
    "matched_keys": [
      {
        "key-reference": "0x0000000000200333",
        "attributes": {
          "label": "test_aes_trusted"
        }
      }
    ],
    "total_key_count": 1,
    "returned_key_count": 1
  }
}

Using the Log out of an HSM using CloudHSM CLI command, log out as a crypto user (CU).
Using the Log in to an HSM using CloudHSM CLI command, log in as an admin.

Using the key set-attribute command with the key reference you identified in step 2, set the key's trusted value to true:


aws-cloudhsm > key set-attribute --filter key-reference=<Key Reference> --name trusted --value true
{
  "error_code": 0,
  "data": {
    "message": "Attribute set successfully"
  }
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Filter by keys

Manage quorum authentication (M of N)