Managing clients, client groups, and their cryptographic objects

You can use the IBM Security Guardium Key Lifecycle Manager graphical user interface or REST APIs to manage clients, their cryptographic objects, and client groups.

Use the following table to understand the management operations that you can perform on a client, client group, and cryptographic object:

Table 1. Operations on clients, client groups, and cryptographic objects
Operation Using graphical user interface Using REST API
Client operations
Creating a client with the IBM Security Guardium Key Lifecycle Manager server. Creating a client by using the graphical user interface Create Client REST Service
Modifying client information. Modifying a client by using the graphical user interface
Deleting a client and its associated objects from the database. Deleting a client or a cryptographic object Delete Client REST Service
Exporting client information. Exporting a client by using the graphical user interface Client Export REST Service
Importing client information. Importing a client by using the graphical user interface Client Import REST Service
Cryptographic object operations
Creating and configuring cryptographic objects for the client devices. Adding cryptographic objects by using the graphical user interface
Note: You can create only keys of key pair and symmetric type from the graphical user interface.
Viewing objects for a client. Viewing the list of clients and cryptographic objects by using the graphical user interface

You can use the Search tab in the IBM Security Guardium Key Lifecycle Manager graphical user interface to find the cryptographic objects based on specific search criteria.

Modifying the cryptographic objects that are associated with a client. Not available Certificate Attribute Update REST Service
Deleting the cryptographic objects that are associated with a client. Not available Delete Object REST Service*
Client group operations
Creating and managing a client group. Creating and managing a client group by using the graphical user interface Client management
* - Clients that use KMIP must use the appropriate KMIP operation, and not the REST API. See http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip.