Merge pull request #7837 from ovh/dev/gbarideau/kms-kmip-iam-rights

Adding KMIP IAM rights

Author: Y0Coss

pages/manage_and_operate/kms/kms-kmip/guide.de-de.md

@@ -1,7 +1,7 @@
 ---
 title: "How to connect a compatible product using KMIP protocol"
 excerpt: "How to communicate with the OVHcloud KMS using KMIP protocol"
-updated: 2025-03-03
+updated: 2025-05-12
 ---
 
 ## Objective
@@ -49,6 +49,35 @@ Then it's possible to exchange KMIP messages such as defined in the standard. De
 
 You can use as well our SDK for Go: <https://github.com/ovh/kmip-go>
 
+### IAM Rights
+
+KMIP operations with IAM users need specific authorisations as described below:
+
+| KMIP Operation | Description | Action |
+| -------------- | ----------- | ------ |
+| Create | Create managed object | okms:kmip:create |
+| Get | Get managed object | okms:kmip:get |
+| Register | Register managed object| okms:kmip:register |
+| Activate | Activate managed object | okms:kmip:activate |
+| Revoke | Revoke managed object | okms:kmip:revoke |
+| Destroy | Destroy managed object | okms:kmip:destroy |
+| CreateKeyPair | Create key pair | okms:kmip:createKeyPair |
+| AddAttribute | Add managed object attribute | okms:kmip:addAttribute |
+| GetAttributes | Get one or more of managed object attributes | okms:kmip:getAttributes |
+| GetAttributeList | Get list of the attribute names | okms:kmip:getAttributeList |
+| ModifyAttribute | Modify managed object attribute | okms:kmip:modifyAttribute |
+| DeleteAttribute | Delete managed object attribute | okms:kmip:deleteAttribute |
+| Locate | Locate managed object | okms:kmip:locate |
+| Archive | Archive managed object | okms:kmip:archive |
+| Recover | Recover managed object | okms:kmip:recover |
+| ReKey | Rekey managed object | okms:kmip:rekey |
+| ObtainLease | Obtain lease on managed object | okms:kmip:obtainLease |
+| GetUsageAllocation | Get Usage Allocation of managed object | okms:kmip:getUsageAllocation |
+| Encrypt | Encrypt with managed object | okms:kmip:encrypt |
+| Decrypt | Decrypt with managed object | okms:kmip:decrypt |
+| Sign | Sign with managed object | okms:kmip:sign |
+| Signature Verify | Verify with managed object | okms:kmip:signatureVerify |
+
 ### KMIP coverage
 
 The OVHcloud KMS covers a part of 1.0 to 1.4 versions of the KMIP standard.

pages/manage_and_operate/kms/kms-kmip/guide.en-asia.md

@@ -1,7 +1,7 @@
 ---
 title: "How to connect a compatible product using KMIP protocol"
 excerpt: "How to communicate with the OVHcloud KMS using KMIP protocol"
-updated: 2025-03-03
+updated: 2025-05-12
 ---
 
 ## Objective
@@ -49,6 +49,35 @@ Then it's possible to exchange KMIP messages such as defined in the standard. De
 
 You can use as well our SDK for Go: <https://github.com/ovh/kmip-go>
 
+### IAM Rights
+
+KMIP operations with IAM users need specific authorisations as described below:
+
+| KMIP Operation | Description | Action |
+| -------------- | ----------- | ------ |
+| Create | Create managed object | okms:kmip:create |
+| Get | Get managed object | okms:kmip:get |
+| Register | Register managed object| okms:kmip:register |
+| Activate | Activate managed object | okms:kmip:activate |
+| Revoke | Revoke managed object | okms:kmip:revoke |
+| Destroy | Destroy managed object | okms:kmip:destroy |
+| CreateKeyPair | Create key pair | okms:kmip:createKeyPair |
+| AddAttribute | Add managed object attribute | okms:kmip:addAttribute |
+| GetAttributes | Get one or more of managed object attributes | okms:kmip:getAttributes |
+| GetAttributeList | Get list of the attribute names | okms:kmip:getAttributeList |
+| ModifyAttribute | Modify managed object attribute | okms:kmip:modifyAttribute |
+| DeleteAttribute | Delete managed object attribute | okms:kmip:deleteAttribute |
+| Locate | Locate managed object | okms:kmip:locate |
+| Archive | Archive managed object | okms:kmip:archive |
+| Recover | Recover managed object | okms:kmip:recover |
+| ReKey | Rekey managed object | okms:kmip:rekey |
+| ObtainLease | Obtain lease on managed object | okms:kmip:obtainLease |
+| GetUsageAllocation | Get Usage Allocation of managed object | okms:kmip:getUsageAllocation |
+| Encrypt | Encrypt with managed object | okms:kmip:encrypt |
+| Decrypt | Decrypt with managed object | okms:kmip:decrypt |
+| Sign | Sign with managed object | okms:kmip:sign |
+| Signature Verify | Verify with managed object | okms:kmip:signatureVerify |
+
 ### KMIP coverage
 
 The OVHcloud KMS covers a part of 1.0 to 1.4 versions of the KMIP standard.

pages/manage_and_operate/kms/kms-kmip/guide.en-au.md

@@ -1,7 +1,7 @@
 ---
 title: "How to connect a compatible product using KMIP protocol"
 excerpt: "How to communicate with the OVHcloud KMS using KMIP protocol"
-updated: 2025-03-03
+updated: 2025-05-12
 ---
 
 ## Objective
@@ -49,6 +49,35 @@ Then it's possible to exchange KMIP messages such as defined in the standard. De
 
 You can use as well our SDK for Go: <https://github.com/ovh/kmip-go>
 
+### IAM Rights
+
+KMIP operations with IAM users need specific authorisations as described below:
+
+| KMIP Operation | Description | Action |
+| -------------- | ----------- | ------ |
+| Create | Create managed object | okms:kmip:create |
+| Get | Get managed object | okms:kmip:get |
+| Register | Register managed object| okms:kmip:register |
+| Activate | Activate managed object | okms:kmip:activate |
+| Revoke | Revoke managed object | okms:kmip:revoke |
+| Destroy | Destroy managed object | okms:kmip:destroy |
+| CreateKeyPair | Create key pair | okms:kmip:createKeyPair |
+| AddAttribute | Add managed object attribute | okms:kmip:addAttribute |
+| GetAttributes | Get one or more of managed object attributes | okms:kmip:getAttributes |
+| GetAttributeList | Get list of the attribute names | okms:kmip:getAttributeList |
+| ModifyAttribute | Modify managed object attribute | okms:kmip:modifyAttribute |
+| DeleteAttribute | Delete managed object attribute | okms:kmip:deleteAttribute |
+| Locate | Locate managed object | okms:kmip:locate |
+| Archive | Archive managed object | okms:kmip:archive |
+| Recover | Recover managed object | okms:kmip:recover |
+| ReKey | Rekey managed object | okms:kmip:rekey |
+| ObtainLease | Obtain lease on managed object | okms:kmip:obtainLease |
+| GetUsageAllocation | Get Usage Allocation of managed object | okms:kmip:getUsageAllocation |
+| Encrypt | Encrypt with managed object | okms:kmip:encrypt |
+| Decrypt | Decrypt with managed object | okms:kmip:decrypt |
+| Sign | Sign with managed object | okms:kmip:sign |
+| Signature Verify | Verify with managed object | okms:kmip:signatureVerify |
+
 ### KMIP coverage
 
 The OVHcloud KMS covers a part of 1.0 to 1.4 versions of the KMIP standard.

pages/manage_and_operate/kms/kms-kmip/guide.en-ca.md

@@ -1,7 +1,7 @@
 ---
 title: "How to connect a compatible product using KMIP protocol"
 excerpt: "How to communicate with the OVHcloud KMS using KMIP protocol"
-updated: 2025-03-03
+updated: 2025-05-12
 ---
 
 ## Objective
@@ -49,6 +49,35 @@ Then it's possible to exchange KMIP messages such as defined in the standard. De
 
 You can use as well our SDK for Go: <https://github.com/ovh/kmip-go>
 
+### IAM Rights
+
+KMIP operations with IAM users need specific authorisations as described below:
+
+| KMIP Operation | Description | Action |
+| -------------- | ----------- | ------ |
+| Create | Create managed object | okms:kmip:create |
+| Get | Get managed object | okms:kmip:get |
+| Register | Register managed object| okms:kmip:register |
+| Activate | Activate managed object | okms:kmip:activate |
+| Revoke | Revoke managed object | okms:kmip:revoke |
+| Destroy | Destroy managed object | okms:kmip:destroy |
+| CreateKeyPair | Create key pair | okms:kmip:createKeyPair |
+| AddAttribute | Add managed object attribute | okms:kmip:addAttribute |
+| GetAttributes | Get one or more of managed object attributes | okms:kmip:getAttributes |
+| GetAttributeList | Get list of the attribute names | okms:kmip:getAttributeList |
+| ModifyAttribute | Modify managed object attribute | okms:kmip:modifyAttribute |
+| DeleteAttribute | Delete managed object attribute | okms:kmip:deleteAttribute |
+| Locate | Locate managed object | okms:kmip:locate |
+| Archive | Archive managed object | okms:kmip:archive |
+| Recover | Recover managed object | okms:kmip:recover |
+| ReKey | Rekey managed object | okms:kmip:rekey |
+| ObtainLease | Obtain lease on managed object | okms:kmip:obtainLease |
+| GetUsageAllocation | Get Usage Allocation of managed object | okms:kmip:getUsageAllocation |
+| Encrypt | Encrypt with managed object | okms:kmip:encrypt |
+| Decrypt | Decrypt with managed object | okms:kmip:decrypt |
+| Sign | Sign with managed object | okms:kmip:sign |
+| Signature Verify | Verify with managed object | okms:kmip:signatureVerify |
+
 ### KMIP coverage
 
 The OVHcloud KMS covers a part of 1.0 to 1.4 versions of the KMIP standard.

pages/manage_and_operate/kms/kms-kmip/guide.en-gb.md

@@ -1,7 +1,7 @@
 ---
 title: "How to connect a compatible product using KMIP protocol"
 excerpt: "How to communicate with the OVHcloud KMS using KMIP protocol"
-updated: 2025-03-03
+updated: 2025-05-12
 ---
 
 ## Objective
@@ -49,6 +49,35 @@ Then it's possible to exchange KMIP messages such as defined in the standard. De
 
 You can use as well our SDK for Go: <https://github.com/ovh/kmip-go>
 
+### IAM Rights
+
+KMIP operations with IAM users need specific authorisations as described below:
+
+| KMIP Operation | Description | Action |
+| -------------- | ----------- | ------ |
+| Create | Create managed object | okms:kmip:create |
+| Get | Get managed object | okms:kmip:get |
+| Register | Register managed object| okms:kmip:register |
+| Activate | Activate managed object | okms:kmip:activate |
+| Revoke | Revoke managed object | okms:kmip:revoke |
+| Destroy | Destroy managed object | okms:kmip:destroy |
+| CreateKeyPair | Create key pair | okms:kmip:createKeyPair |
+| AddAttribute | Add managed object attribute | okms:kmip:addAttribute |
+| GetAttributes | Get one or more of managed object attributes | okms:kmip:getAttributes |
+| GetAttributeList | Get list of the attribute names | okms:kmip:getAttributeList |
+| ModifyAttribute | Modify managed object attribute | okms:kmip:modifyAttribute |
+| DeleteAttribute | Delete managed object attribute | okms:kmip:deleteAttribute |
+| Locate | Locate managed object | okms:kmip:locate |
+| Archive | Archive managed object | okms:kmip:archive |
+| Recover | Recover managed object | okms:kmip:recover |
+| ReKey | Rekey managed object | okms:kmip:rekey |
+| ObtainLease | Obtain lease on managed object | okms:kmip:obtainLease |
+| GetUsageAllocation | Get Usage Allocation of managed object | okms:kmip:getUsageAllocation |
+| Encrypt | Encrypt with managed object | okms:kmip:encrypt |
+| Decrypt | Decrypt with managed object | okms:kmip:decrypt |
+| Sign | Sign with managed object | okms:kmip:sign |
+| Signature Verify | Verify with managed object | okms:kmip:signatureVerify |
+
 ### KMIP coverage
 
 The OVHcloud KMS covers a part of 1.0 to 1.4 versions of the KMIP standard.

pages/manage_and_operate/kms/kms-kmip/guide.en-ie.md

@@ -1,7 +1,7 @@
 ---
 title: "How to connect a compatible product using KMIP protocol"
 excerpt: "How to communicate with the OVHcloud KMS using KMIP protocol"
-updated: 2025-03-03
+updated: 2025-05-12
 ---
 
 ## Objective
@@ -49,6 +49,35 @@ Then it's possible to exchange KMIP messages such as defined in the standard. De
 
 You can use as well our SDK for Go: <https://github.com/ovh/kmip-go>
 
+### IAM Rights
+
+KMIP operations with IAM users need specific authorisations as described below:
+
+| KMIP Operation | Description | Action |
+| -------------- | ----------- | ------ |
+| Create | Create managed object | okms:kmip:create |
+| Get | Get managed object | okms:kmip:get |
+| Register | Register managed object| okms:kmip:register |
+| Activate | Activate managed object | okms:kmip:activate |
+| Revoke | Revoke managed object | okms:kmip:revoke |
+| Destroy | Destroy managed object | okms:kmip:destroy |
+| CreateKeyPair | Create key pair | okms:kmip:createKeyPair |
+| AddAttribute | Add managed object attribute | okms:kmip:addAttribute |
+| GetAttributes | Get one or more of managed object attributes | okms:kmip:getAttributes |
+| GetAttributeList | Get list of the attribute names | okms:kmip:getAttributeList |
+| ModifyAttribute | Modify managed object attribute | okms:kmip:modifyAttribute |
+| DeleteAttribute | Delete managed object attribute | okms:kmip:deleteAttribute |
+| Locate | Locate managed object | okms:kmip:locate |
+| Archive | Archive managed object | okms:kmip:archive |
+| Recover | Recover managed object | okms:kmip:recover |
+| ReKey | Rekey managed object | okms:kmip:rekey |
+| ObtainLease | Obtain lease on managed object | okms:kmip:obtainLease |
+| GetUsageAllocation | Get Usage Allocation of managed object | okms:kmip:getUsageAllocation |
+| Encrypt | Encrypt with managed object | okms:kmip:encrypt |
+| Decrypt | Decrypt with managed object | okms:kmip:decrypt |
+| Sign | Sign with managed object | okms:kmip:sign |
+| Signature Verify | Verify with managed object | okms:kmip:signatureVerify |
+
 ### KMIP coverage
 
 The OVHcloud KMS covers a part of 1.0 to 1.4 versions of the KMIP standard.

pages/manage_and_operate/kms/kms-kmip/guide.en-sg.md

@@ -1,7 +1,7 @@
 ---
 title: "How to connect a compatible product using KMIP protocol"
 excerpt: "How to communicate with the OVHcloud KMS using KMIP protocol"
-updated: 2025-03-03
+updated: 2025-05-12
 ---
 
 ## Objective
@@ -49,6 +49,35 @@ Then it's possible to exchange KMIP messages such as defined in the standard. De
 
 You can use as well our SDK for Go: <https://github.com/ovh/kmip-go>
 
+### IAM Rights
+
+KMIP operations with IAM users need specific authorisations as described below:
+
+| KMIP Operation | Description | Action |
+| -------------- | ----------- | ------ |
+| Create | Create managed object | okms:kmip:create |
+| Get | Get managed object | okms:kmip:get |
+| Register | Register managed object| okms:kmip:register |
+| Activate | Activate managed object | okms:kmip:activate |
+| Revoke | Revoke managed object | okms:kmip:revoke |
+| Destroy | Destroy managed object | okms:kmip:destroy |
+| CreateKeyPair | Create key pair | okms:kmip:createKeyPair |
+| AddAttribute | Add managed object attribute | okms:kmip:addAttribute |
+| GetAttributes | Get one or more of managed object attributes | okms:kmip:getAttributes |
+| GetAttributeList | Get list of the attribute names | okms:kmip:getAttributeList |
+| ModifyAttribute | Modify managed object attribute | okms:kmip:modifyAttribute |
+| DeleteAttribute | Delete managed object attribute | okms:kmip:deleteAttribute |
+| Locate | Locate managed object | okms:kmip:locate |
+| Archive | Archive managed object | okms:kmip:archive |
+| Recover | Recover managed object | okms:kmip:recover |
+| ReKey | Rekey managed object | okms:kmip:rekey |
+| ObtainLease | Obtain lease on managed object | okms:kmip:obtainLease |
+| GetUsageAllocation | Get Usage Allocation of managed object | okms:kmip:getUsageAllocation |
+| Encrypt | Encrypt with managed object | okms:kmip:encrypt |
+| Decrypt | Decrypt with managed object | okms:kmip:decrypt |
+| Sign | Sign with managed object | okms:kmip:sign |
+| Signature Verify | Verify with managed object | okms:kmip:signatureVerify |
+
 ### KMIP coverage
 
 The OVHcloud KMS covers a part of 1.0 to 1.4 versions of the KMIP standard.

pages/manage_and_operate/kms/kms-kmip/guide.en-us.md

@@ -1,7 +1,7 @@
 ---
 title: "How to connect a compatible product using KMIP protocol"
 excerpt: "How to communicate with the OVHcloud KMS using KMIP protocol"
-updated: 2025-03-03
+updated: 2025-05-12
 ---
 
 ## Objective
@@ -49,6 +49,35 @@ Then it's possible to exchange KMIP messages such as defined in the standard. De
 
 You can use as well our SDK for Go: <https://github.com/ovh/kmip-go>
 
+### IAM Rights
+
+KMIP operations with IAM users need specific authorisations as described below:
+
+| KMIP Operation | Description | Action |
+| -------------- | ----------- | ------ |
+| Create | Create managed object | okms:kmip:create |
+| Get | Get managed object | okms:kmip:get |
+| Register | Register managed object| okms:kmip:register |
+| Activate | Activate managed object | okms:kmip:activate |
+| Revoke | Revoke managed object | okms:kmip:revoke |
+| Destroy | Destroy managed object | okms:kmip:destroy |
+| CreateKeyPair | Create key pair | okms:kmip:createKeyPair |
+| AddAttribute | Add managed object attribute | okms:kmip:addAttribute |
+| GetAttributes | Get one or more of managed object attributes | okms:kmip:getAttributes |
+| GetAttributeList | Get list of the attribute names | okms:kmip:getAttributeList |
+| ModifyAttribute | Modify managed object attribute | okms:kmip:modifyAttribute |
+| DeleteAttribute | Delete managed object attribute | okms:kmip:deleteAttribute |
+| Locate | Locate managed object | okms:kmip:locate |
+| Archive | Archive managed object | okms:kmip:archive |
+| Recover | Recover managed object | okms:kmip:recover |
+| ReKey | Rekey managed object | okms:kmip:rekey |
+| ObtainLease | Obtain lease on managed object | okms:kmip:obtainLease |
+| GetUsageAllocation | Get Usage Allocation of managed object | okms:kmip:getUsageAllocation |
+| Encrypt | Encrypt with managed object | okms:kmip:encrypt |
+| Decrypt | Decrypt with managed object | okms:kmip:decrypt |
+| Sign | Sign with managed object | okms:kmip:sign |
+| Signature Verify | Verify with managed object | okms:kmip:signatureVerify |
+
 ### KMIP coverage
 
 The OVHcloud KMS covers a part of 1.0 to 1.4 versions of the KMIP standard.