Monday, 20 December 2021

IBM Key Protect - Computer says "No"

Whilst tinkering with IBM Key Protect, the computer was most definitely saying "No" 

ic kp keys --instance-id $guid

Retrieving keys...

FAILED

kp.Error: correlation_id='8638482c-706f-4959-9d39-cb583f4e7692', msg='Unauthorized: The user does not have access to the specified resource'

Thankfully, the internet had the answer ( the internet is my friend ) : -


The error is actually described in the introduction to ibm_kms_key, but easily overread. The set region for the provider currently has to match the region of the KMS instance.

The referenced Terraform provider documentation - ibm_kms_key - adds some context: -

The region parameter in the provider.tf file must be set. If region parameter is not specified, us-south is used as default

I double-checked where my Key Protect instance was located: -

ic resource service-instances --output JSON | jq -r '.[] | select(.name | endswith("kms"))' | jq -r .region_id

eu-gb

and directed the CLI tool to target that region: -

ic kp region-set eu-gb

OK

and retried my command: -

ic kp keys --instance-id $guid

Retrieving keys...
OK
Key ID                                 Key Name   
595e2c8e-f99c-45c0-82c3-997dd646dcf3   terraform-state-key-davehay-1638264407   

Good to go!

No comments:

Reminder - installing podman and skopeo on Ubuntu 22.04

This follows on from: - Lest I forget - how to install pip on Ubuntu I had reason to install podman  and skopeo  on an Ubuntu box: - lsb_rel...