Editing key template details

You can edit your key templates in Unified Key Orchestrator with the UI, or programmatically with the Unified Key Orchestrator API.

Editing key templates with the UI

To edit the details of a key template by using the UI, complete the following steps:

Log in to the Hyper Protect Crypto Services instance.
Click Key templates from the navigation to view all the available key templates.
Click the Actions icon on the key template that you want to edit, and select Show details.

Under Key template properties, click Edit on each card to update the properties. Note that you can edit one property card at a time. To edit another property card, save your changes first.

You can update the General properties and Key lifecycle properties. Or, you can view the Key naming and Key material properties. The following are a few properties that you can edit.

Because the key template is already created, you cannot make changes to key naming and key material properties that are marked with a Lock icon.

Table 1. Key template properties
Property	Description
Key template name	A unique, human-readable name for easy identification of your key template. It must be 1–100 characters in length.
Description	(Optional) An extended description for your key template, with up to 200 characters in length.
Initial key state	States of keys that are to be created with the key template, including Pre-active and Active. For more information about key states, see Monitoring the lifecycle of encryption keys in Unified Key Orchestrator.
Activate keys after	(Optional) Plan a date to activate the Pre-active keys to be created since the key creation. It is for planning purpose only.
Deactivate keys after	(Optional) Plan a date to deactivate the keys to be created since the key creation. It is for planning purpose only.

In the Keystores card, click Edit to add or remove the keystores where keys are to be activated. All the displayed keystores belong to the same vault and the same keystore type:
- Add keystores
  
  If you want to distribute keys to be created with this template to other keystores, click Edit and check the corresponding keystore cards.
- Remove keystores
  
  If you want to unlink keys to be created with this template from some of the keystores, click Edit and clear the checkbox in the corresponding keystore cards.
- Create a keystore
  
  If you want to activate keys to be created in a new keystore, click Add keystore. For more instructions, see Creating internal keystores or Connecting to external keystores.
If you have already created keys with this key template before making the changes, an Unaligned flag is displayed on the key details cards of the keys, indicating that those keys are no longer in sync with the key template. If you want to keep these changes, ignore the flag. Otherwise, realign your key with the key template again by selecting Actions > Realign with template. For more information, see Realigning keys with key templates.

If you connect to an external keystore of type Azure Key Vault, you can distribute both HSM-protected keys and software-protected keys to Azure Key Vault (Premium). However, you can distribute only software-protected keys to Azure Key Vault (Standard).

When you finish making changes, click Save to save the changes.
Under Managed Keys, view the total number of managed keys that are created based on this key template. You can also edit the managed keys by clicking the Actions icon on the key that you want to edit, and select Show details. For more information, see Editing key details.

To search for a specific key by using the search bar, or filter keys based on your needs, click the Filter icon in the table.

Editing key templates with the API

To edit key template details through the API, follow these steps:

Retrieve your service and authentication credentials to work with key templates in the service.
Create a key template by making a PATCH call to the following endpoint.
```
https://uko.<region>.hs-crypto.cloud.ibm.com:<port>/api/v4/templates/<id>
```
Replace <id> with the ID of your key template.

For detailed instructions and code examples about using the API method, check out the Hyper Protect Crypto Services Unified Key Orchestrator API reference doc.

Editing keystores for key templates with the API

To edit keystores for existing key templates through the API, complete the following steps:

Retrieve your service and authentication credentials to work with key templates in the service.
Add a keystore to or remove a keystore from a keystore group by making a PATCH call to the following endpoint. The keystore group should match the key template that is associated with the managed key.
```
https://uko.<region>.hs-crypto.cloud.ibm.com:<port>/api/v4/keystores/<id>
```
Replace <id> with the ID of your keystore.
Update the managed key to match the latest version of the associated key template by making a POST call to the following endpoint.
```
https://uko.<region>.hs-crypto.cloud.ibm.com:<port>/api/v4/managed_keys/<id>/update_from_template
```
Replace <id> with the ID of your managed key.

For detailed instructions and code examples about using the API method, check out how to Update an internal keystore or a keystore connection and Update a managed key to match the key template in the Hyper Protect Crypto Services Unified Key Orchestrator API reference doc.

What's next

To find out instructions on creating a key template, check out Creating key templates.
To find out more about managing your key template, check out Viewing a list of key templates.
To find out instructions on deleting a key template, check out Deleting key templates.
To find out instructions on archiving and unarchiving the key template, check out Archiving and unarchiving key templates.
To find out more about realigning keys with the key templates, check out Realigning keys with key templates.
To continue to create keys with the key template created, follow the instruction in Creating managed keys with a key template.