Create a vault

Creates a vault.

Request

Security

Table 1. Roles capable of executing the Create Vault API method
Any Super User System Admin Security Admin Operator
  superUser systemAdmin    

HTTP method

POST /manager/api/{apiResponseType}/1.0/createVault.adm HTTP/1.1 Host:{manager.dsnet} name={name}&segmentSize={segmentSize}&segmentSizeUnit={segmentSizeUnit}&vaultWidth={vaultWidth}&threshold={threshold}&storagePoolId={storagePoolId}&privacyEnabled={true|false}&objectExpirationEnabled{true|false}

Curl method

curl -u {admin}:{password}

-k "https://{manager.dsnet}/manager/api/{apiResponseType}/1.0/createVault.adm"

-d "name={name}&segmentSize={segmentSize}&segmentSizeUnit={segmentSizeUnit}&vaultWidth={vaultWidth}&threshold={threshold}&storagePoolId={storagePoolId}&privacyEnabled={true|false}&objectExpirationEnabled{true|false}"

Parameters

Table 2. Request Parameters for Create Vault (createVault) API method
Parameter Type Usage Default Description
name String Required  

Unique name for new vault. Manager device uses this name for all references to this vault. Names can include underscores and alphanumeric characters.

description String Optional  

Description of vault; informational only.

vaultWidth Int Required  

Vault width.

threshold Int Required  

IDA threshold.

writeThreshold Int Optional  

Write threshold.

alertLevel Int Optional  If alertLevel is not set or the difference between vaultWidth and writeThreshold is less than two, then there are no alerts.

Otherwise, alertLevel = writeThreshold + 2

Number of running Slicestor® Devices that are needed for vault to be considered working. Must be ≥ writeThreshold and < vaultWidth.

allotmentId Long Organization not root  

ID of Allotment containing vault. Can be found in (List Allotments) method.

storagePoolId Long Required  

The ID of the storage pool on which this vault should be created

privacyEnabled Boolean Required  

Enable (true) or disable (false) SecureSlice™ for this vault template. If not provided, value defaults to the system level SecureSlice™ configuration.

privacyAlgorithm String Optional  

Valid privacy algorithms are aont-aes-gcm-256, aont-rc4-128, aont-aes-128, or aont-aes-256. If not provided, value defaults to the system level SecureSlice™ configuration.

vaultPurpose String Optional   Possible values of this parameter are: standard (Vault Mode), container (Container Mode), service (Container Mode), or management. If no service vault exists, the default value is "standard". If a service vault exists and the "create only container vaults" option is selected, the default value is "container". Otherwise, no default value is assigned, and it is needed to provide a value for this parameter.
segmentSize BigDecimal Required  

Size of a single segment in bytes.

  • A larger segment size is recommended when a vault is used to access whole files in an atomic manner.
  • A smaller segment size is recommended for streaming applications where parts of a file need to be accessed.
  • 512000 - 20971520 inclusive.
segmentSizeUnit String Required  

Unit that is used for segmentSize.

softQuotaSize BigDecimal Optional  

Size of soft quota.

softQuotaUnit String softQuotaSize>0  

Unit of measure for soft quota. For example: bytes, kB, MB, KiB, MiB, etc.

hardQuotaSize BigDecimal Optional  

Size of hard quota.

hardQuotaUnit String hardQuotaSize>0  

Unit of measure for hard quota. For example: bytes, kB, MB, KiB, MiB, etc.

versioning String Optional false
enabled or disabled
Note: For container vaults, only the values enabled and disabled are allowed. These values correspond with 'allowing' or 'not allowing' container versioning.
nameIndexEnabled Boolean Optional true

Enable (true) or disable (false) name index on vault. It cannot be enabled on 1-wide vault.

recoveryListingEnabled Boolean Optional false

Enable (true) or disable (false) Recovery Listing.

deleteRestricted Boolean Optional false

Prevent (true) or allow (false) deletes on the vault.

  • If enabled, versioning is set to true.
  • If not given, previous state is retained.
provisioningCode String Optional Vault name 

During container creation, the provisioning code is specified (as part of the locationConstraint) to indicate in which container vault the container should be created. If the provisioning code is not set, containers can be created in this container vault if this container vault is configured as the default container vault for an access pool.

region String Optional   Available for container vaults only. It indicates where the contents of this vault resides.
storageClass String Optional   Available for container vaults only. It is a classification assigned to all objects stored within this vault.
mirrorId Long Optional  

ID of mirror of which vault is a part.

mirrorPositionCode String Optional  
  • Position code for this vault in mirror.
  • Must be one of either position1 or position2.
  • If the mirror already has a vault in one of the positions, it must be different.
tags String Optional  

Takes a Set of tag names.

 
migrationSourceVaultId Long Optional  

Set up a vault migration between this newly created vault and an existing source vault.

renameDestinationVault Boolean Optional  

Rename the newly created destination vault with the source vault’s name and apply all the source vault’s access pools, allowed IPs, and authorized users to the destination. The user must have security privileges to enable this option.

protectionState String Optional disabled Possible values are–disabled, or enabled.
Note: To support backwards compatibility with ClevOS 3.12.0, this request accepts the value Compliance for the Status parameter in addition to Retention. The protection state Retention and Compliance are used interchangeably.
minimumRetentionPeriod Long Optional 0 Accepts value in days. Minimum value should be ≥ 0 days.

This parameter is only valid if protection state is set to enabled.

Note: This is for vault mode only.
maximumRetentionPeriod Long Optional 36159 Accepts value in days. Maximum value should be ≤ 2,147,483,647 days.

This parameter is only valid if protection state is set to enabled.

Note: This is for vault mode only.
defaultRetentionPeriod Long Optional 730 Accepts value in days. The default must be ≥mininumumRetentionPeriod and ≤maximumRetentionPeriod retention period.

This parameter is only valid if protection state is set to enabled.

Either defaultRetentionPeriod or defaultPermanentRetentionDurationEnabled should be specified, but not both.

Note: This is for vault mode only.
restrictiveAccessControlEnabled Boolean Optional false Enable restrictive access control on a protected vault.
Note: When Restrictive Access Control is enabled, users with vault access permissions do not obtain equivalent object access permissions. Object read, metadata write, and access control updates can only be performed by the owner of the object in a protected vault or any user authorized by the owner. If this setting is disabled, users with vault permissions inherit equivalent object permissions, such as the ability to modify object protection. Once enabled, you cannot disable Restrictive Access Control.
permanentRetentionEnabled Boolean Optional false This allows objects to have permanent retention.

This parameter is only valid if protection state is set to enabled.

Note: This is vault mode only.
defaultPermanentRetentionDurationEnabled Boolean Optional false

When set to true, objects written into this vault without a specific retention period will have permanent retention.

This parameter is only valid if protection state is set to enabled.

Either defaultRetentionPeriod or defaultPermanentRetentionDurationEnabled should be specified, but not both.

Note: This is vault mode only.
ssecEnabled Boolean True/False   Turn on SSE-C (Server-Side Encryption with Customer provided keys) for the vault.
Note: When enabled, SSE-C cannot be disabled on a vault.
ssekpEnabled Boolean Optional false Turn on SSE-KP (server side encryption with Key Protect managed keys) for the vault.

Once enabled, SSE-KP cannot be disabled on a vault.

Note: This is a cloud-only feature.
Note: Not supported for management vaults, service vaults, or standard vaults.
restrictiveAccessControlEnabled Boolean     Enable restrictive access control on a protected vault.
archiveTiering String Optional disabled Allow container vaults to archive data to reduce data costs.
notificationServiceTopicOverride String Optional   The topic to use instead of the default topic of an associated IBM Cloud Object Storage Notification Service.
notificationServiceId Long Optional   The ID of the IBM Cloud Object Storage Notification Service to associate with this vault.
powerSafeWriteEnabled Boolean     Enable Power Safe Write for the vault.
notificationServiceTopicDelegated Boolean Optional   Delegate the configuration of the Notification Service topic.
objectExpirationEnabled Boolean Optional false Enables object expiration.
organizationId Long Optional   The ID of the organization for the vault.
indexFormat String Optional index2 or index4 The vault index format to be used when creating a vault. Default:
index2
If only the manager is upgraded and the devices are not upgraded to supported version, or there is no system default vault index format configured.
index4
In a system where all the devices are on an object expiration supported software format (vault format is upgraded to support index4).
staticWebsiteHostingEnabled

Boolean

Optional

false
Enables Static Website Hosting on the vault.
  • Vaults must have DNS-compliant names.
  • Static Website Virtual Host Suffix must be configured on the access pool(s) to which this vault will be deployed.
containerVaultObjectLockEnabled Boolean Optional Storage pool containerVaultObjectLockEnabled value Enable container vault object lock on a vault. When this setting is not specified then it will inherit the Storage Pool's Object Lock setting value.
replicationEnabled Boolean Optional Storage pool replicationEnabled value Enables replication on this vault. Once enabled, users will be allowed to configure replication policies for buckets within this vault and the system will start processing.
replicationEndpoint Boolean Optional   Replication endpoint, specified as a URI with no scheme/port. Only relevant if replication is enabled.
replicationSyncLatencyThreshold Integer Optional Optional - 3600 (1 hour, default) Replication sync latency threshold, specified in seconds. Events will be generated if asynchronous object replications take longer than this duration on a regular basis. Only relevant if replication is enabled.

Response

ID of the newly created vault.

JSON response example

{
  ”responseStatus“:”ok“,
  ”responseHeader“:{
    ”status“:”ok“,
    ”now“:{milliseconds from the UNIX epoch},
    ”requestId“:”U2qeIsCoDicAACV9Ad8AAACH“
  },
  ”responseData“:{
    ”id“:9
  }
}

Parameters

Table 3. Response Parameters for Create Vault (createVault) API method
Parameter Type Description
id Long