Skip to content
qibdo qibdo
v1
API version
  • v1
Theme
Book a demo

Register PKI Role

POST
/vault/v1/workspaces/{workspace}/engines/qibdo/certificateAuthorities/{certificate_authority}/roles:register
curl --request POST \
--url https://example.com/vault/v1/workspaces/example/engines/qibdo/certificateAuthorities/example/roles:register \
--header 'Content-Type: application/json' \
--data '{ "workspace": "example", "certificate_authority": "example", "pki_role": {}, "location_id": "example" }'

Defines a new PKI role under a CA. The role’s constraints are validated by domain business rules (well-formed name, non-empty allowed_domains with valid DNS patterns, positive max_ttl, non-empty allowed_key_types, non-empty allowed_extended_key_usages). On success the role is persisted and projected to the vault backend.

workspace
required
string

The workspace the role belongs to.

certificate_authority
required
string

The CA the role is attached to.

Media type application/json

Request payload for Register Qibdo Pki Role

Carries the input fields required to register qibdo pki role.

object
workspace
required

The workspace the role belongs to.

string
certificate_authority
required

The CA the role is attached to.

string
pki_role
required

The role to register.

object
id

The unique identifier of the PKI role (UUID).

stringOutput only
workspace_id

The workspace this role belongs to (UUID, weak reference to taxonomy.workspaces).

stringOutput only
certificate_authority_id

The certificate authority this role is attached to (UUID).

stringOutput only
name

(CA-unique) human-readable role name. Mirrored as the role name on the vault side. 3–64 chars, lowercase letters/digits/hyphen, neither leading nor trailing hyphen.

stringOutput only
allowed_domains

Allowed Common Name / SAN domain patterns. Accepts bare DNS labels and a single leading-wildcard form (*.example.com). At most 64 entries, each at most 253 chars.

Array<string>Output only
max_ttl

Maximum total lifetime any certificate issued under this role may hold.

stringOutput only
/^-?(?:0|[1-9][0-9]{0,11})(?:\.[0-9]{1,9})?s$/
allowed_key_types

Allowed crypto algorithms / key sizes. Names must match the CryptoAlgorithm enum (e.g., RSA_2048, EC_P256, ED25519). At most 16 entries.

Array<string>Output only
allowed_extended_key_usages

Allowed Extended Key Usages.

Array<string>Output only
Allowed values: EXTENDED_KEY_USAGE_UNSPECIFIED EXTENDED_KEY_USAGE_SERVER_AUTH EXTENDED_KEY_USAGE_CLIENT_AUTH EXTENDED_KEY_USAGE_CODE_SIGNING EXTENDED_KEY_USAGE_EMAIL_PROTECTION EXTENDED_KEY_USAGE_TIME_STAMPING EXTENDED_KEY_USAGE_OCSP_SIGNING EXTENDED_KEY_USAGE_IPSEC_USER EXTENDED_KEY_USAGE_IPSEC_TUNNEL
created

Timestamp when the row was created (server-managed).

string format: date-time Output only
updated

Timestamp when the row was last modified (server-managed).

string format: date-time Output only
location_id

Weak reference to a topology Location — where this resource resides. Defaults to the global location when omitted at creation and is immutable thereafter. Only the global location is available in this release.

stringOutput only
location_id

Optional weak reference to a topology Location where the role resides. Defaults to the global location when omitted; immutable after creation. Only the global location is available in this release.

string

OK

Media type application/json

Response payload from Register Qibdo Pki Role

Carries the output produced by register qibdo pki role.

object
pki_role

The persisted role metadata.

object
id

The unique identifier of the PKI role (UUID).

stringOutput only
workspace_id

The workspace this role belongs to (UUID, weak reference to taxonomy.workspaces).

stringOutput only
certificate_authority_id

The certificate authority this role is attached to (UUID).

stringOutput only
name

(CA-unique) human-readable role name. Mirrored as the role name on the vault side. 3–64 chars, lowercase letters/digits/hyphen, neither leading nor trailing hyphen.

stringOutput only
allowed_domains

Allowed Common Name / SAN domain patterns. Accepts bare DNS labels and a single leading-wildcard form (*.example.com). At most 64 entries, each at most 253 chars.

Array<string>Output only
max_ttl

Maximum total lifetime any certificate issued under this role may hold.

stringOutput only
/^-?(?:0|[1-9][0-9]{0,11})(?:\.[0-9]{1,9})?s$/
allowed_key_types

Allowed crypto algorithms / key sizes. Names must match the CryptoAlgorithm enum (e.g., RSA_2048, EC_P256, ED25519). At most 16 entries.

Array<string>Output only
allowed_extended_key_usages

Allowed Extended Key Usages.

Array<string>Output only
Allowed values: EXTENDED_KEY_USAGE_UNSPECIFIED EXTENDED_KEY_USAGE_SERVER_AUTH EXTENDED_KEY_USAGE_CLIENT_AUTH EXTENDED_KEY_USAGE_CODE_SIGNING EXTENDED_KEY_USAGE_EMAIL_PROTECTION EXTENDED_KEY_USAGE_TIME_STAMPING EXTENDED_KEY_USAGE_OCSP_SIGNING EXTENDED_KEY_USAGE_IPSEC_USER EXTENDED_KEY_USAGE_IPSEC_TUNNEL
created

Timestamp when the row was created (server-managed).

string format: date-time Output only
updated

Timestamp when the row was last modified (server-managed).

string format: date-time Output only
location_id

Weak reference to a topology Location — where this resource resides. Defaults to the global location when omitted at creation and is immutable thereafter. Only the global location is available in this release.

stringOutput only
Example
{
"pki_role": {
"allowed_extended_key_usages": [
"EXTENDED_KEY_USAGE_UNSPECIFIED"
]
}
}

Default error response

Media type application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

object
code

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

integer format: int32
message

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

string
details

A list of messages that carry the error details. There is a common set of message types for APIs to use.

Array<object>

Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.

object
@type

The type of the serialized message.

string
key
additional properties
any
Example generated
{
"code": 1,
"message": "example",
"details": [
{
"@type": "example"
}
]
}