Create a vault template
Request
Security
| Any | Super User | System Admin | Security Admin | Operator |
|---|---|---|---|---|
| superUser | systemAdmin |
HTTP method
POST /manager/api/{apiResponseType}/1.0/createVaultTemplate.adm HTTP/1.1
Host:{manager.dsnet}
description={vaultTemplateDescription}&name={vaultTemplate1}&vaultWidth={width}&threshold={threshold}&segmentSize={segment}&segmentSizeUnit={MiB|MB}&storagePoolId={poolId}&accessPoolIds={devId1}&accessPoolIds={devId2}&allowedIps={ip1}&allowedIps={ip2}&allowedIps={ip3}&provisioningCode={code}&softQuotaSize={softQuoteSize}&softQuotaUnit={MB|MiB|GB|GiB|TB|TiB}&hardQuotaSize={hardQuotaSize}&hardQuotaUnit={MB|MiB|GB|GiB|TB|TiB}&readThreshold=1&privacyEnabled={true|false}&largeObjectEnabled={true|false}
Curl method
curl -u {admin}:{password}
”https://{manager.dsnet}/manager/api/{apiResponseType}/1.0/createVaultTemplate.adm“ -d
”description={vaultTemplateDescription}&name={vaultTemplate1}&vaultWidth={width}&threshold={threshold}&segmentSize={segment}&segmentSizeUnit={MiB|MB}&storagePoolId={poolId}&accessDeviceIds={devId1}&accessDeviceIds={devId2}&allowedIps={ip1}&allowedIps={ip2}&allowedIps={ip3}&provisioningCode={code}&softQuotaSize={softQuoteSize}&softQuotaUnit={MB|MiB|GB|GiB|TB|TiB}&hardQuotaSize={hardQuotaSize}&hardQuotaUnit={MB|MiB|GB|GiB|TB|TiB}&readThreshold=1&privacyEnabled={true|false}&largeObjectEnabled={true|false}“
Parameters
| Parameter | Type | Usage | Default | Description |
|---|---|---|---|---|
| storagePoolId | Long | Required |
ID of valid storage pool for which to create vault template. |
|
| name | String | Required |
Name of new vault template. |
|
| segmentSize | BigDecimal | Required |
Size of single segment in bytes. |
|
| segmentSizeUnit | String | Required |
Unit that is used for segmentSize. |
|
| vaultWidth | Int | Required |
Vault width |
|
| threshold | Int | Required |
IDA threshold |
|
| accessPoolIds | Set[{accessPoolId}] | Optional |
List of IDs of Access Pools to grant or revoke access to this vault template with value of `{add remove}`. Cannot be used with accessPoolMap. |
|
| accessPoolMap | Map[{accessPoolId}] | Optional | IDs of Access Pools to grant or revoke access to this vault template with value of `{add remove}`. Cannot be used with accessPoolIds. | |
| allowedIps | String | Optional | A comma-separated list of ALL IP addresses (+ optionally action groups) that should have access to the vault | |
| provisioningCode | String | Optional | Description of new vault template. | |
| softQuotaSize | BigDecimal | Optional | Size of soft quota. | |
| softQuotaUnit | String | Optional | Unit of measure for soft quota. For example: bytes, kB, MB, KiB, MiB, etc. | |
| hardQuotaSize | BigDecimal | Optional | Size of hard quota. | |
| hardQuotaUnit | String | Optional | Unit of measure for hard quota. For example: bytes, kB, MB, KiB, MiB, etc. | |
| writeThreshold | Int | Optional | Write threshold. | |
| alertLevel | Int | Optional | Number of running Slicestor devices for vault to be considered working. | |
| privacyEnabled | Boolean | Optional | true |
Enable (true) or disable (false) SecureSlice™ for this vault template. If not provided, value defaults to the system level SecureSlice™ configuration. |
| privacyAlgorithm | String | Optional |
Valid privacy algorithms are aont-aes-gcm-256, aont-rc4-128, aont-aes-128, or aont-aes-256. If not provided, value defaults to the system level SecureSlice™ configuration. |
|
| deleteRestricted | Boolean | Optional | false |
Prevent (true) or allow (false) deletes on the vault.
|
| nameIndexEnabled | Boolean | Optional | true | Enable (true) or disable (false) name index on vault template. It cannot be enabled on 1-wide vault. |
| recoveryListingEnabled | Boolean | Optional | false | Enable (true) or disable (false) Recovery Listing. |
| versioning | Boolean | Optional | ||
| ssecEnabled | Boolean | True/False | Turn on SSE-C (Server-Side Encryption with Customer provided keys) for the vault. Note: When
enabled, SSE-C cannot be disabled on a vault.
|
|
| protectionState | String | Optional | disabled | Possible values are–disabled, or enabled. Note: To support backwards compatibility with ClevOS 3.12.0, this
request accepts the value
Compliance for the Status parameter in
addition to Retention. The protection state Retention and
Compliance are used interchangeably. |
| minimumRetentionPeriod | Long | Optional | 0 | Accepts value in days. Minimum value should be ≥ 0 days. This parameter is only valid if protection state is set to enabled. Note: This is for vault mode only.
|
| maximumRetentionPeriod | Long | Optional | 36159 | Accepts value in days. Maximum value should be ≤ 2,147,483,647 days. This parameter is only valid if protection state is set to enabled. Note: This is for vault mode
only.
|
| defaultRetentionPeriod | Long | Optional | 730 | Accepts value in days. The default must be ≥mininumumRetentionPeriod and
≤maximumRetentionPeriod retention period. This parameter is only valid if protection state is set to enabled. Either defaultRetentionPeriod or defaultPermanentRetentionDurationEnabled should be specified, but not both. Note: This is for vault mode only.
|
| restrictiveAccessControlEnabled | Boolean | Optional | false | Enable restrictive access control on a protected vault. Note: When Restrictive Access Control
is enabled, users with vault access permissions do not obtain equivalent object access permissions.
Object read, metadata write, and access control updates can only be performed by the owner of the
object in a protected vault or any user authorized by the owner. If this setting is disabled, users
with vault permissions inherit equivalent object permissions, such as the ability to modify object
protection. Once enabled, you cannot disable Restrictive Access Control.
|
| ssekpEnabled | Boolean | Optional | false | Turn on SSE-KP (server side encryption with Key Protect managed keys) for the vault. Once enabled, SSE-KP cannot be disabled on a vault. Note: This is a cloud-only feature.
Note: Not supported for management vaults, service vaults, or standard vaults.
|
| notificationServiceTopicOverride | String | Optional | The topic to use instead of the default topic of an associated IBM Cloud Object Storage Notification Service. | |
| notificationServiceId | Long | Optional | The ID of the IBM Cloud Object Storage Notification Service to associate with this vault template. | |
| permanentRetentionEnabled | Boolean | Optional | false | This
allows objects to have permanent retention. This parameter is only valid if protection state is set to enabled. Note: This is vault mode only.
|
| defaultPermanentRetentionDurationEnabled | Boolean | Optional | false |
When set to true, objects written into this vault without a specific retention period will have permanent retention. This parameter is only valid if protection state is set to enabled. Either defaultRetentionPeriod or defaultPermanentRetentionDurationEnabled should be specified, but not both. Note: This is vault mode only.
|
| powerSafeWriteEnabled | Boolean | Enable Power Safe Write for the vault. Returns the Manager-generated ID for the vault template on creation. | ||
| notificationServiceTopicDelegated | Boolean | Optional | Delegate the configuration of the Notification Service topic. | |
| objectExpirationEnabled | Boolean | Optional | False | Enables object expiration. |
| indexFormat | String | Optional | The vault index format to be used by default when creating a vault template. Valid values are deferred, index2, and index4. When nothing is passed, the value is obtained from the default that was set at the storage pool level. | |
| containerVaultObjectLockEnabled | Boolean | Optional | Storage pool containerVaultObjectLockEnabled value | Enable Container vault object lock on a vault template. When this setting is not specified then it will inherit the Storage Pool's Object Lock setting value. |
Response
Returns success or failure status.
JSON response example
{
”responseStatus“: ”ok“,
”responseData“: {
”id“: 8
},
”responseHeader“: {
”status“: ”ok“,
”now“: 1400094291772,
”requestId“: ”U3O@U8CoDkMAACjwCaUAAAAE“
}
}Parameters
| Parameter | Type | Description |
|---|---|---|
| id | Long |
New vault template ID. |