update_shared_secret

Use this API to update the shared secret for a central manager and its associated managed units. This API is only available as a grdapi.

Be sure to run update_shared_secret from a central manager.

Set the shared secret before you register the central manager and managed units. For more information, see Registering units.

When you update the shared secret from the central manager, the secret is propagated from the central managed to all associated managed units that are available. An error message is returned if a managed unit is offline or not available.

Note: The central manager and all managed units must be on the same Guardium version.

This API is available in Guardium v11.4 and later.

GuardAPI syntax

update_shared_secret parameter=value

Parameters

Parameter Value type Description
enable Boolean Required. When enable is set to 1, Guardium® follows strong password rules for the shared secret. That is, the value of SharedSecret must be a minimum of 15 characters, and follow the rules that are described in store password validation.
Valid values:
  • 0 (false)
  • 1 (true)
Default = 0 (false)
Note: While SharedSecret uses the strong password rules, the shared secret is not related to passwords.
SharedSecret String A shared secret that allows communication between the central manager and associated managed units.
api_target_host String

Specifies the target hosts where the API executes. Valid values:
  • all_managed: execute on all managed units but not the central manager
  • all: execute on all managed units and the central manager
  • group:<group name>: execute on all managed units identified by <group name>
  • host name or IP address of a managed unit: specified from the central manager to execute on a managed unit.  For example, api_target_host=10.0.1.123.
  • host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.

Examples

The following example shows the shared secret with strong password rules enabled. In addition, only the available managed units are updated.

grdapi update_shared_secret SharedSecret="!QertyqUerty!1029" enable=true
ID=0
The following managed unit was offline: sys-vm01.my.company.com.
The offline unit(s) will not be updated
Updating managed unit : sys-vm03.my.company.com.
Updating managed unit : sys-vm04.my.company.com.