Create a vault
Creates a vault.
Request
Security
| Any | Super User | System Admin | Security Admin | Operator |
|---|---|---|---|---|
| superUser | systemAdmin |
HTTP method
POST /manager/api/{apiResponseType}/1.0/createVault.adm HTTP/1.1 Host:{manager.dsnet}
name={name}&segmentSize={segmentSize}&segmentSizeUnit={segmentSizeUnit}&vaultWidth={vaultWidth}&threshold={threshold}&storagePoolId={storagePoolId}&privacyEnabled={true|false}&objectExpirationEnabled{true|false}
Curl method
curl -u {admin}:{password}
-k "https://{manager.dsnet}/manager/api/{apiResponseType}/1.0/createVault.adm"
-d
"name={name}&segmentSize={segmentSize}&segmentSizeUnit={segmentSizeUnit}&vaultWidth={vaultWidth}&threshold={threshold}&storagePoolId={storagePoolId}&privacyEnabled={true|false}&objectExpirationEnabled{true|false}"
Parameters
| Parameter | Type | Usage | Default | Description |
|---|---|---|---|---|
| name | String | Required |
Unique name for new vault. Manager device uses this name for all references to this vault. Names can include underscores and alphanumeric characters. |
|
| description | String | Optional |
Description of vault; informational only. |
|
| vaultWidth | Int | Required |
Vault width. |
|
| threshold | Int | Required |
IDA threshold. |
|
| writeThreshold | Int | Optional |
Write threshold. |
|
| alertLevel | Int | Optional | If alertLevel is not set or the difference between
vaultWidth and writeThreshold is less than two, then there
are no alerts. Otherwise, alertLevel = writeThreshold + 2 |
Number of running Slicestor® Devices that are needed for vault to be considered working. Must be ≥ writeThreshold and < vaultWidth. |
| allotmentId | Long | Organization not root |
ID of Allotment containing vault. Can be found in (List Allotments) method. |
|
| storagePoolId | Long | Required |
The ID of the storage pool on which this vault should be created |
|
| privacyEnabled | Boolean | Required |
Enable (true) or disable (false) SecureSlice™ for this vault template. If not provided, value defaults to the system level SecureSlice™ configuration. |
|
| privacyAlgorithm | String | Optional |
Valid privacy algorithms are aont-aes-gcm-256, aont-rc4-128, aont-aes-128, or aont-aes-256. If not provided, value defaults to the system level SecureSlice™ configuration. |
|
| vaultPurpose | String | Optional | Possible values of this parameter are: standard (Vault Mode), container (Container Mode), service (Container Mode), or management. If no service vault exists, the default value is "standard". If a service vault exists and the "create only container vaults" option is selected, the default value is "container". Otherwise, no default value is assigned, and it is needed to provide a value for this parameter. | |
| segmentSize | BigDecimal | Required |
Size of a single segment in bytes.
|
|
| segmentSizeUnit | String | Required |
Unit that is used for segmentSize. |
|
| softQuotaSize | BigDecimal | Optional |
Size of soft quota. |
|
| softQuotaUnit | String | softQuotaSize>0 |
Unit of measure for soft quota. For example: bytes, kB, MB, KiB, MiB, etc. |
|
| hardQuotaSize | BigDecimal | Optional |
Size of hard quota. |
|
| hardQuotaUnit | String | hardQuotaSize>0 |
Unit of measure for hard quota. For example: bytes, kB, MB, KiB, MiB, etc. |
|
| versioning | String | Optional | false |
enabled or disabled
Note: For
container vaults, only the values enabled and disabled are
allowed. These values correspond with 'allowing' or 'not allowing' container versioning.
|
| nameIndexEnabled | Boolean | Optional | true |
Enable (true) or disable (false) name index on vault. It cannot be enabled on 1-wide vault. |
| recoveryListingEnabled | Boolean | Optional | false |
Enable (true) or disable (false) Recovery Listing. |
| deleteRestricted | Boolean | Optional | false |
Prevent (true) or allow (false) deletes on the vault.
|
| provisioningCode | String | Optional | Vault name |
During container creation, the provisioning code is specified (as part of the locationConstraint) to indicate in which container vault the container should be created. If the provisioning code is not set, containers can be created in this container vault if this container vault is configured as the default container vault for an access pool. |
| region | String | Optional | Available for container vaults only. It indicates where the contents of this vault resides. | |
| storageClass | String | Optional | Available for container vaults only. It is a classification assigned to all objects stored within this vault. | |
| mirrorId | Long | Optional |
ID of mirror of which vault is a part. |
|
| mirrorPositionCode | String | Optional |
|
|
| tags | String | Optional | Takes a Set of tag names. |
|
| migrationSourceVaultId | Long | Optional |
Set up a vault migration between this newly created vault and an existing source vault. |
|
| renameDestinationVault | Boolean | Optional |
Rename the newly created destination vault with the source vault’s name and apply all the source vault’s access pools, allowed IPs, and authorized users to the destination. The user must have security privileges to enable this option. |
|
| protectionState | String | Optional | disabled | Possible values are–disabled, or enabled. Note: To support backwards compatibility with ClevOS 3.12.0, this
request accepts the value
Compliance for the Status parameter in
addition to Retention. The protection state Retention and
Compliance are used interchangeably. |
| minimumRetentionPeriod | Long | Optional | 0 | Accepts value in days. Minimum value should be ≥ 0 days. This parameter is only valid if protection state is set to enabled. Note: This is for vault mode only.
|
| maximumRetentionPeriod | Long | Optional | 36159 | Accepts value in days. Maximum value should be ≤ 2,147,483,647 days. This parameter is only valid if protection state is set to enabled. Note: This is for vault mode
only.
|
| defaultRetentionPeriod | Long | Optional | 730 | Accepts value in days. The default must be ≥mininumumRetentionPeriod and
≤maximumRetentionPeriod retention period. This parameter is only valid if protection state is set to enabled. Either defaultRetentionPeriod or defaultPermanentRetentionDurationEnabled should be specified, but not both. Note: This is for vault mode only.
|
| restrictiveAccessControlEnabled | Boolean | Optional | false | Enable restrictive access control on a protected vault. Note: When Restrictive Access Control
is enabled, users with vault access permissions do not obtain equivalent object access permissions.
Object read, metadata write, and access control updates can only be performed by the owner of the
object in a protected vault or any user authorized by the owner. If this setting is disabled, users
with vault permissions inherit equivalent object permissions, such as the ability to modify object
protection. Once enabled, you cannot disable Restrictive Access Control.
|
| permanentRetentionEnabled | Boolean | Optional | false | This
allows objects to have permanent retention. This parameter is only valid if protection state is set to enabled. Note: This is vault mode only.
|
| defaultPermanentRetentionDurationEnabled | Boolean | Optional | false |
When set to true, objects written into this vault without a specific retention period will have permanent retention. This parameter is only valid if protection state is set to enabled. Either defaultRetentionPeriod or defaultPermanentRetentionDurationEnabled should be specified, but not both. Note: This is vault mode only.
|
| ssecEnabled | Boolean | True/False | Turn on SSE-C (Server-Side Encryption with Customer provided keys) for the vault. Note: When
enabled, SSE-C cannot be disabled on a vault.
|
|
| ssekpEnabled | Boolean | Optional | false | Turn on SSE-KP (server side encryption with Key Protect managed keys) for the vault. Once enabled, SSE-KP cannot be disabled on a vault. Note: This is a cloud-only feature.
Note: Not supported for management vaults, service vaults, or standard vaults.
|
| restrictiveAccessControlEnabled | Boolean | Enable restrictive access control on a protected vault. | ||
| archiveTiering | String | Optional | disabled | Allow container vaults to archive data to reduce data costs. |
| notificationServiceTopicOverride | String | Optional | The topic to use instead of the default topic of an associated IBM Cloud Object Storage Notification Service. | |
| notificationServiceId | Long | Optional | The ID of the IBM Cloud Object Storage Notification Service to associate with this vault. | |
| powerSafeWriteEnabled | Boolean | Enable Power Safe Write for the vault. | ||
| notificationServiceTopicDelegated | Boolean | Optional | Delegate the configuration of the Notification Service topic. | |
| objectExpirationEnabled | Boolean | Optional | false | Enables object expiration. |
| organizationId | Long | Optional | The ID of the organization for the vault. | |
| indexFormat | String | Optional | index2 or index4 | The vault index format to be used when creating a vault. Default:
|
| staticWebsiteHostingEnabled | Boolean |
Optional |
false |
Enables Static Website Hosting on the vault.
|
| containerVaultObjectLockEnabled | Boolean | Optional | Storage pool containerVaultObjectLockEnabled value | Enable container vault object lock on a vault. When this setting is not specified then it will inherit the Storage Pool's Object Lock setting value. |
| replicationEnabled | Boolean | Optional | Storage pool replicationEnabled value |
Enables replication on this vault. Once enabled, users will be allowed to configure replication policies for buckets within this vault and the system will start processing. |
| replicationEndpoint | Boolean | Optional | Replication endpoint, specified as a URI with no scheme/port. Only relevant if replication is enabled. | |
| replicationSyncLatencyThreshold | Integer | Optional | Optional - 3600 (1 hour, default) | Replication sync latency threshold, specified in seconds. Events will be generated if asynchronous object replications take longer than this duration on a regular basis. Only relevant if replication is enabled. |
Response
ID of the newly created vault.
JSON response example
{
”responseStatus“:”ok“,
”responseHeader“:{
”status“:”ok“,
”now“:{milliseconds from the UNIX epoch},
”requestId“:”U2qeIsCoDicAACV9Ad8AAACH“
},
”responseData“:{
”id“:9
}
}Parameters
| Parameter | Type | Description |
|---|---|---|
| id | Long |