Adding keys

You can add more keys for use with DS5000 storage servers. Before you begin, determine your site policy for naming key prefixes.

About this task

You can use the Add Key dialog or the Secret Key Create REST Service to create one or more symmetric keys in the existing group. Your role must have the permission to the create action and a permission to the appropriate device group.

1. Go to the appropriate page or directory.
   • Graphical user interface:
     1. Log on to the graphical user interface.
     2. In the Key and Device Management section on Welcome page, select DS5000.
     3. Click Go to > Manage keys and devices.
     4. Alternatively, right-click DS5000 and select Manage keys and devices.
     5. On the management page for DS5000, click Add.
     6. Click More Keys.
   • REST interface:
     • Open a REST client.
2. Create keys.
   • Graphical user interface:

     On the Add Key dialog, specify values for the required parameters. Then, click Add More Keys.

   • REST interface:
     1. Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
     2. To invoke the Group List REST Service, send the HTTP GET request. Pass the user authentication identifier that you obtained in Step a along with the request message as shown in the following example:

        GET https://localhost:port/SKLM/rest/v1/keygroups
        Content-Type: application/json
        Accept : application/json
        Authorization: SKLMAuth authId=139aeh34567m
        Accept-Language : en

        The output might look like this example:

        Status Code : 200 OK
        Content-Language: en
        [
        	{
        		"group name": "DS5K-ds5kdevice",
        		"group type": "KEY",
        		"group uuid": "KEYGROUP-9c97d9aa-b5f0-41a1-b65f-119756168211",
        		"initialization date": "6/4/10 12:00:00 AM Central Standard Time",
        		"activation date": "6/4/10 12:00:00 AM Central Standard Time",
        	"keys":
        [
        	{
        		"uuid": "KEY-66b0a3a2-3c52-4088-8772-0a1ddebf5803",
        		"alias(es)": "dsk000000000000000000",
        		"key store name(s)": "defaultKeyStore "
        	},
        	{
        		"uuid": "KEY-3f1230fd-59ef-4c15-82e6-40d68ac5f2ab",
        		"alias(es)": "dsk000000000000000001",
        		"key store name(s)": "defaultKeyStore "
        .
        .
        .

     3. Use the Secret Key Create REST Service to create more keys and store them in the group. For example, you can send the following HTTP request:

        POST https://localhost:port/SKLM/rest/v1/keys
        Content-Type: application/json
        Accept : application/json
        Authorization: SKLMAuth authId=139aeh34567m
        {"alias":"abc","numOfKeys":"10","keyGroupUuid":"KEYGROUP-9c97d9aa-
        b5f0-41a1-b65f-119756168211",","usage":"DS5000"}

3. A success indicator varies, depending on the interface:
   • Graphical user interface:

     The additional keys are visible in the table of keys on the Modify Keys page. Back up new keys before the keys are served to devices.

   • Rest interface:

     The status code 200 OK indicates success.

What to do next

Next, you can associate the device with a machine.