Create a vault template

Request

Security

Table 1. Roles capable of executing the Create Vault Template API method
Any Super User System Admin Security Admin Operator
  superUser systemAdmin    

HTTP method

POST /manager/api/{apiResponseType}/1.0/createVaultTemplate.adm HTTP/1.1 Host:{manager.dsnet} description={vaultTemplateDescription}&name={vaultTemplate1}&vaultWidth={width}&threshold={threshold}&segmentSize={segment}&segmentSizeUnit={MiB|MB}&storagePoolId={poolId}&accessPoolIds={devId1}&accessPoolIds={devId2}&allowedIps={ip1}&allowedIps={ip2}&allowedIps={ip3}&provisioningCode={code}&softQuotaSize={softQuoteSize}&softQuotaUnit={MB|MiB|GB|GiB|TB|TiB}&hardQuotaSize={hardQuotaSize}&hardQuotaUnit={MB|MiB|GB|GiB|TB|TiB}&readThreshold=1&privacyEnabled={true|false}&largeObjectEnabled={true|false}

Curl method

curl -u {admin}:{password} ”https://{manager.dsnet}/manager/api/{apiResponseType}/1.0/createVaultTemplate.adm“ -d ”description={vaultTemplateDescription}&name={vaultTemplate1}&vaultWidth={width}&threshold={threshold}&segmentSize={segment}&segmentSizeUnit={MiB|MB}&storagePoolId={poolId}&accessDeviceIds={devId1}&accessDeviceIds={devId2}&allowedIps={ip1}&allowedIps={ip2}&allowedIps={ip3}&provisioningCode={code}&softQuotaSize={softQuoteSize}&softQuotaUnit={MB|MiB|GB|GiB|TB|TiB}&hardQuotaSize={hardQuotaSize}&hardQuotaUnit={MB|MiB|GB|GiB|TB|TiB}&readThreshold=1&privacyEnabled={true|false}&largeObjectEnabled={true|false}“

Parameters

Table 2. Request Parameters for Create Vault Template (createVaultTemplate) API method
Parameter Type Usage Default Description
storagePoolId Long Required  

ID of valid storage pool for which to create vault template.

name String Required  

Name of new vault template.

segmentSize BigDecimal Required  

Size of single segment in bytes.

segmentSizeUnit String Required  

Unit that is used for segmentSize.

vaultWidth Int Required  

Vault width

threshold Int Required  

IDA threshold

accessPoolIds Set[{accessPoolId}] Optional  

List of IDs of Access Pools to grant or revoke access to this vault template with value of `{add remove}`. Cannot be used with accessPoolMap.

accessPoolMap Map[{accessPoolId}] Optional   IDs of Access Pools to grant or revoke access to this vault template with value of `{add remove}`. Cannot be used with accessPoolIds.
allowedIps String Optional   A comma-separated list of ALL IP addresses (+ optionally action groups) that should have access to the vault
provisioningCode String Optional   Description of new vault template.
softQuotaSize BigDecimal Optional   Size of soft quota.
softQuotaUnit String Optional   Unit of measure for soft quota. For example: bytes, kB, MB, KiB, MiB, etc.
hardQuotaSize BigDecimal Optional   Size of hard quota.
hardQuotaUnit String Optional   Unit of measure for hard quota. For example: bytes, kB, MB, KiB, MiB, etc.
writeThreshold Int Optional   Write threshold.
alertLevel Int Optional   Number of running Slicestor devices for vault to be considered working.
privacyEnabled Boolean Optional true

Enable (true) or disable (false) SecureSlice™ for this vault template. If not provided, value defaults to the system level SecureSlice™ configuration.

privacyAlgorithm String Optional  

Valid privacy algorithms are aont-aes-gcm-256, aont-rc4-128, aont-aes-128, or aont-aes-256. If not provided, value defaults to the system level SecureSlice™ configuration.

deleteRestricted Boolean Optional false

Prevent (true) or allow (false) deletes on the vault.

  • If enabled, versioning is set to true.
  • If not given, previous state is retained.
nameIndexEnabled Boolean Optional true Enable (true) or disable (false) name index on vault template. It cannot be enabled on 1-wide vault.
recoveryListingEnabled Boolean Optional false Enable (true) or disable (false) Recovery Listing.
versioning Boolean Optional    
ssecEnabled Boolean True/False   Turn on SSE-C (Server-Side Encryption with Customer provided keys) for the vault.
Note: When enabled, SSE-C cannot be disabled on a vault.
protectionState String Optional disabled Possible values are–disabled, or enabled.
Note: To support backwards compatibility with ClevOS 3.12.0, this request accepts the value Compliance for the Status parameter in addition to Retention. The protection state Retention and Compliance are used interchangeably.
minimumRetentionPeriod Long Optional 0 Accepts value in days. Minimum value should be ≥ 0 days.

This parameter is only valid if protection state is set to enabled.

Note: This is for vault mode only.
maximumRetentionPeriod Long Optional 36159 Accepts value in days. Maximum value should be ≤ 2,147,483,647 days.

This parameter is only valid if protection state is set to enabled.

Note: This is for vault mode only.
defaultRetentionPeriod Long Optional 730 Accepts value in days. The default must be ≥mininumumRetentionPeriod and ≤maximumRetentionPeriod retention period.

This parameter is only valid if protection state is set to enabled.

Either defaultRetentionPeriod or defaultPermanentRetentionDurationEnabled should be specified, but not both.

Note: This is for vault mode only.
restrictiveAccessControlEnabled Boolean Optional false Enable restrictive access control on a protected vault.
Note: When Restrictive Access Control is enabled, users with vault access permissions do not obtain equivalent object access permissions. Object read, metadata write, and access control updates can only be performed by the owner of the object in a protected vault or any user authorized by the owner. If this setting is disabled, users with vault permissions inherit equivalent object permissions, such as the ability to modify object protection. Once enabled, you cannot disable Restrictive Access Control.
ssekpEnabled Boolean Optional false Turn on SSE-KP (server side encryption with Key Protect managed keys) for the vault.

Once enabled, SSE-KP cannot be disabled on a vault.

Note: This is a cloud-only feature.
Note: Not supported for management vaults, service vaults, or standard vaults.
notificationServiceTopicOverride String Optional   The topic to use instead of the default topic of an associated IBM Cloud Object Storage Notification Service.
notificationServiceId Long Optional   The ID of the IBM Cloud Object Storage Notification Service to associate with this vault template.
permanentRetentionEnabled Boolean Optional false This allows objects to have permanent retention.

This parameter is only valid if protection state is set to enabled.

Note: This is vault mode only.
defaultPermanentRetentionDurationEnabled Boolean Optional false

When set to true, objects written into this vault without a specific retention period will have permanent retention.

This parameter is only valid if protection state is set to enabled.

Either defaultRetentionPeriod or defaultPermanentRetentionDurationEnabled should be specified, but not both.

Note: This is vault mode only.
powerSafeWriteEnabled Boolean     Enable Power Safe Write for the vault. Returns the Manager-generated ID for the vault template on creation.
notificationServiceTopicDelegated Boolean Optional   Delegate the configuration of the Notification Service topic.
objectExpirationEnabled Boolean Optional False Enables object expiration.
indexFormat String Optional   The vault index format to be used by default when creating a vault template. Valid values are deferred, index2, and index4. When nothing is passed, the value is obtained from the default that was set at the storage pool level.
containerVaultObjectLockEnabled Boolean Optional Storage pool containerVaultObjectLockEnabled value Enable Container vault object lock on a vault template. When this setting is not specified then it will inherit the Storage Pool's Object Lock setting value.

Response

Returns success or failure status.

JSON response example

{
  ”responseStatus“: ”ok“,
  ”responseData“: {
    ”id“: 8
  },
  ”responseHeader“: {
    ”status“: ”ok“,
    ”now“: 1400094291772,
    ”requestId“: ”U3O@U8CoDkMAACjwCaUAAAAE“
  }
}

Parameters

Table 3. Response Parameters for Create Vault Template (createVaultTemplate) API method
Parameter Type Description
id Long

New vault template ID.