Accessing virtual private endpoints in specific regions
After you created your VPC and you want to connect to Key Protect service for your data encryption needs, you can create a virtual private endpoint (VPE) in your VPC to access Key Protect service within your VPC network.
You can configure the VPE to use the IP addresses of your choice, which are allocated from a subnet within your VPC. VPEs are bound to a VPE gateway and serve as an intermediary that enables your workload to interact with Key Protect.
Before you begin
Before you target a VPE for Key Protect:
- Ensure that you have provisioned a Virtual Private Cloud.
- Ensure that you have conducted planning for Virtual Private Endpoints.
- Ensure that correct access controls are set for your VPE.
- Understand the limitations of having a VPE.
- Ensure that you have created and understand how to access a VPE gateway.
- Understand how to view details of a VPE.
VPE settings, specifically the Internet Protocol (IP) address, may need to be manually updated during Disaster recovery and business continuity actions.
Virtual Private Service Endpoints
The following table lists regions where Key Protect service supports VPE. It also lists Key Protect endpoints supported from each region. You can connect to Key Protect service in another region using supported endpoints. For example, from the
Sydney region, you can use Key Protect service in
us-south region using the us-south endpoint.
When connecting to a VPE via CLI or API, you will need to specify the CRN of the region that you will use to connect to the Key Protect service. Use the table below to locate the CRN of the target region.
| Region | Endpoints Supported in Region | CRN | |
|---|---|---|---|
| Dallas | |||
private.us-south.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-south:::endpoint:private.us-south.kms.cloud.ibm.com |
||
private.us-east.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-east:::endpoint:private.us-east.kms.cloud.ibm.com |
||
private.eu-gb.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-gb:::endpoint:private.eu-gb.kms.cloud.ibm.com |
||
private.eu-de.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-de:::endpoint:private.eu-de.kms.cloud.ibm.com |
||
private.au-syd.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:au-syd:::endpoint:private.au-syd.kms.cloud.ibm.com |
||
private.jp-tok.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:jp-tok:::endpoint:private.jp-tok.kms.cloud.ibm.com |
||
| Washington | |||
private.us-south.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-south:::endpoint:private.us-south.kms.cloud.ibm.com |
||
private.us-east.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-east:::endpoint:private.us-east.kms.cloud.ibm.com |
||
private.eu-gb.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-gb:::endpoint:private.eu-gb.kms.cloud.ibm.com |
||
private.eu-de.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-de:::endpoint:private.eu-de.kms.cloud.ibm.com |
||
private.au-syd.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:au-syd:::endpoint:private.au-syd.kms.cloud.ibm.com |
||
private.jp-tok.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:jp-tok:::endpoint:private.jp-tok.kms.cloud.ibm.com |
||
| Sydney | |||
private.us-south.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-south:::endpoint:private.us-south.kms.cloud.ibm.com |
||
private.us-east.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-east:::endpoint:private.us-east.kms.cloud.ibm.com |
||
private.eu-gb.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-gb:::endpoint:private.eu-gb.kms.cloud.ibm.com |
||
private.eu-de.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-de:::endpoint:private.eu-de.kms.cloud.ibm.com |
||
private.au-syd.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:au-syd:::endpoint:private.au-syd.kms.cloud.ibm.com |
||
private.jp-tok.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:jp-tok:::endpoint:private.jp-tok.kms.cloud.ibm.com |
||
| Tokyo | |||
private.us-south.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-south:::endpoint:private.us-south.kms.cloud.ibm.com |
||
private.us-east.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-east:::endpoint:private.us-east.kms.cloud.ibm.com |
||
private.eu-gb.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-gb:::endpoint:private.eu-gb.kms.cloud.ibm.com |
||
private.eu-de.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-de:::endpoint:private.eu-de.kms.cloud.ibm.com |
||
private.au-syd.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:au-syd:::endpoint:private.au-syd.kms.cloud.ibm.com |
||
private.jp-tok.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:jp-tok:::endpoint:private.jp-tok.kms.cloud.ibm.com |
||
| London | |||
private.us-south.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-south:::endpoint:private.us-south.kms.cloud.ibm.com |
||
private.us-east.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-east:::endpoint:private.us-east.kms.cloud.ibm.com |
||
private.eu-gb.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-gb:::endpoint:private.eu-gb.kms.cloud.ibm.com |
||
private.eu-de.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-de:::endpoint:private.eu-de.kms.cloud.ibm.com |
||
private.au-syd.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:au-syd:::endpoint:private.au-syd.kms.cloud.ibm.com |
||
private.jp-tok.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:jp-tok:::endpoint:private.jp-tok.kms.cloud.ibm.com |
||
| Frankfurt | |||
private.us-south.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-south:::endpoint:private.us-south.kms.cloud.ibm.com |
||
private.us-east.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:us-east:::endpoint:private.us-east.kms.cloud.ibm.com |
||
private.eu-gb.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-gb:::endpoint:private.eu-gb.kms.cloud.ibm.com |
||
private.eu-de.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:eu-de:::endpoint:private.eu-de.kms.cloud.ibm.com |
||
private.au-syd.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:au-syd:::endpoint:private.au-syd.kms.cloud.ibm.com |
||
private.jp-tok.kms.cloud.ibm.com |
crn:v1:bluemix:public:kms:jp-tok:::endpoint:private.jp-tok.kms.cloud.ibm.com |