Get JWKS for Key Rotation Policy

GET {{authPath}}/environments/{{envID}}/keyRotationPolicies/{{krpID}}/jwks

The GET /environments/{envID}/keyRotationPolicies/{krpID}/jwks endpoint fetches the public keys of all KRP keys attached to a KRP in JWKS format. For more information, see RFC 7517.

The following parameters are shown for each key:

kty

The is the key type, which identifies the cryptographic algorithm family used with the key. Options are RSA. The kty parameter of enclosing JWK values will be consistent with the algorithm parameter of the KrpKey.

This is the RSA public exponent parameter, which is used in the RSA Key blinding operation.

kid

This is the key ID parameter, which is used to match a corresponding kid key value in the JWT token to validate the requestor and grant access to the specified API endpoint. The kid parameter of enclosing JWK values will refer to the UUID assigned to KrpKeys at creation time. These UUIDs are Type 1 (time-based) and therefore denote a chronological rotation order.

use

This is the public key use parameter, which identifies the intended use of the public key. Options are sig (signature) and enc (encryption). The use parameter of enclosing JWK values must be consistent with UsageType assigned to the parent KRP.

This is the RSA modulus parameter, which is used in the RSA Key blinding operation.

x5t

This is an X.509 certificate SHA-1 thumbprint parameter, which is a base64url-encoded SHA-1 thumbprint of the DER encoding of an X.509 certificate.

x5c

This is an X.509 certificate chain parameter, which is a chain of one or more PKIX certificates.

RESPONSES

status: OK

{&quot;keys&quot;:[{&quot;kty&quot;:&quot;RSA&quot;,&quot;e&quot;:&quot;AQAB&quot;,&quot;use&quot;:&quot;sig&quot;,&quot;kid&quot;:&quot;default&quot;,&quot;x5c&quot;:[&quot;MIIDLDCCAhSgAwIBAgIGAWW17v5GMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRUwEwYDVQQKEwxQaW5nSWRlbnRpdHkxEzARBgNVBAMTCnByb2Qtb2F1dGgwHhcNMTgwOTA3MjEyNzQzWhcNMjMwOTA2MjEyNzQzWjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ08xDzANBgNVBAcTBkRlbnZlcjEVMBMGA1UEChMMUGluZ0lkZW50aXR5MRMwEQYDVQQDEwpwcm9kLW9hdXRoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgQ8twHSmSlT28I7iTi4+IsA3jgfhGPx0pIC27LTDf0q4wBE8Ap5dG7kqL9GE7zoxleghUs6APP0qKWaTxBSqxISzZmZpRQqipM+Tog3wgLciIbRozRHTXmCmzFJcG5spoe2XtcZ3zMRs9kkOUzxN2XMXHBidQKFB82/NjDwqhW/gdbS1vJLt1j9gjl60wvXcTwFzTkqh6owGjMCVFrraEv+H6XdhP4VMM7gsPOSD+IJke0CmQyVMVXVWoydahMLqLuz59HBUCYFcW0HVJLDMKJvNoFhY9xZW3oiVrNPP7COdv5+4SLq3EIi5WVd9TglYDQt2SmyDV36pcBPautKvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB42oNEjRUNRbMEnrQ6UyyyVu+DW6lL19RJoCasb4hRWe/YHr11xF3+JMObsaaRBA0/jJ7SAFiJxNpBC48ceXDK+mS3VbGDBj+Isi19Csa1HO0VpERKuNuaXmUGmJm4hkMcYFbnjC9+g/3bzDDiZWAiZUrqVA6HEj4MXb5/m7492msSFnhZ06qjAVj/qpRcVBIAIy1XCvTB2X913x4r+CjrWd0x3nHcjr2qfnmw96qPQU82MagWXenNNZbLpy+rDbWjYDB/bW3Rgp4704PLixar5gGR69x3JCvfr7N45oOYTQcZmTzsF75Ee2bsR2NXu1KvI7fLgLifz25V/eqYtjY&quot;],&quot;alg&quot;:&quot;RSA&quot;,&quot;n&quot;:&quot;jgQ8twHSmSlT28I7iTi4-IsA3jgfhGPx0pIC27LDf0q4wBE8Ap5dG7kqL9GE7zoxleghUs6APQ0qKWaTxBSqxISzZmZpRQqipM-Tog3wgLciIbRtyRHTXmCmzFJcG5spoe2XtcZ3zMRs9kkOUzxN2XMXHBidQKFB82_NjDwqhW_gdbS1vJLt1j9gjl60wvXcTwFzTkqh6owGjMCVFrraEv-H6XdhP4VMM7gsPOSD-IJke0CmQyVMVXVWoydahMLqLuz59HBUCYFcW0HVJLDMKJvNoFhY9xZW3oiVrNPP7COdv5-4SLq3EIi5WVd9TglYDQt2SmyDV36pcBPautKvQ&quot;}]}