Monday, 20 December 2021

IBM Key Protect - Computer says "No"

Whilst tinkering with IBM Key Protect, the computer was most definitely saying "No" 

ic kp keys --instance-id $guid

Retrieving keys...

FAILED

kp.Error: correlation_id='8638482c-706f-4959-9d39-cb583f4e7692', msg='Unauthorized: The user does not have access to the specified resource'

Thankfully, the internet had the answer ( the internet is my friend ) : -


The error is actually described in the introduction to ibm_kms_key, but easily overread. The set region for the provider currently has to match the region of the KMS instance.

The referenced Terraform provider documentation - ibm_kms_key - adds some context: -

The region parameter in the provider.tf file must be set. If region parameter is not specified, us-south is used as default

I double-checked where my Key Protect instance was located: -

ic resource service-instances --output JSON | jq -r '.[] | select(.name | endswith("kms"))' | jq -r .region_id

eu-gb

and directed the CLI tool to target that region: -

ic kp region-set eu-gb

OK

and retried my command: -

ic kp keys --instance-id $guid

Retrieving keys...
OK
Key ID                                 Key Name   
595e2c8e-f99c-45c0-82c3-997dd646dcf3   terraform-state-key-davehay-1638264407   

Good to go!

No comments:

Today I Learned - useful keyboard shortcut for macOS

Last night, I chose to charge my Apple Magic Mouse - which, you might say, seems like a reasonable thing to do. The thing is that, anyone wh...