Retrieving the Policy Package from the ESA
Use the RPS API to retrieve the policy package from the ESA.
This section describes how to invoke the RPS APIs to retrieve the policy package using the ESA.
Note: Ensure that the Export Resilient Package permission is granted to the role that is assigned to the user exporting the package from the ESA.
Warning: Do not modify the package that has been exported using the RPS Service API.
To retrieve the policy package from the ESA:
- Download the policy package from the ESA and encrypt the policy package using a KMS, then run the following command.
curl -H "Authorization: Bearer <TOKEN>" -X 'POST' \
'https://<ESA_IP or Hostname>/pty/v1/rps/export?version=1&coreversion=1' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-o <Policy_package> \
-d '{
"kek": {
"publicKey": {
"label": "<Key_name>",
"value": "<Value of public key>",
"algorithm": "<RSA_Algorithm>"
}
}
}' -k -v
For example:
curl -H "Authorization: Bearer <TOKEN>" -X 'POST' \
'https://10.49.6.231:443/pty/v1/rps/export?version=1&coreversion=1' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-o policy-py-v1.json \
-d '{
"kek": {
"publicKey": {
"label": "key_name",
"value": "-----BEGIN PUBLIC KEY-----\n<Public Key Value>\n-----END PUBLIC KEY-----",
"algorithm": "RSA-OAEP-SHA1"
}
}
}' -k -v
For more information about the RPS API, refer to the section Using the Resilient Package REST APIs.
Note: Ensure that the new line in the public key is replaced with the \n character.
For more information about the public key, refer to the section Creating an Data Encryption Key (DEK).
The policy package is downloaded to your machine.
- Copy the policy package file to an AWS S3 bucket or AWS EFS, as required.
Feedback
Was this page helpful?