You can specify a wrapping key for future use as the system default or system partner
wrapping key.
Before you begin
Before you begin, review the following considerations:
- Do not specify two defaults for the same rollover date.
- No validation happens on whether the selected wrapping key is expired or expires at the time of
the rollover. Ensure that the wrapping key is not expired at the time of the rollover.
- If a wrapping key does not exist at the time of rollover, IBM Security Guardium Key Lifecycle
Manager continues to use the current default wrapping key.
- You can add or delete table entries, but cannot modify an entry.
About this task
You can use the Add Future Write Default dialog to add a default wrapping
key rollover for a specific date and device group. Alternatively, you can use the Add Key Default Rollover REST Service
.
Your role must have the permission to the create action and a
permission to the appropriate device group.
Procedure
- Using graphical interface
- Log in to the graphical user interface.
- In the Key and Device Management section on
Welcome page, select 3592.
- Click . Alternatively, right-click 3592 and
select Manage default rollover.
- On the management page for 3592, click Add.
- On the Add Future Write Default dialog, select the wrapping
key.
- Specify whether the key becomes a partner or default wrapping key on the effective
date.
- Select the effective date.
- Click Add Future Write Default.
- To delete a 3592 wrapping key context from the rollover table:
- Select a 3592 wrapping key context and click Delete. Read the warning
message. Then, click OK.
- The wrapping key is unmarked as a future system default or partner wrapping key, but is
otherwise not changed or deleted.
- Using REST interface
- Open the Swagger UI. For more information, see Using Swagger UI.
- Authenticate and authorize to access the REST APIs. For more information, see Authentication process for REST services.
- Go to the Key rollover section.
- Use the
Add Key Default Rollover REST Service
to add a
default wrapping key rollover for a specific date. The rollover key takes the place of the previous
default key.
POST https://localhost:port/SKLM/rest/v1/rollover/3592
Accept: application/json
Accept-Language: en
Authorization: SKLMAuth userAuthId=b27c9eaa-cef7-4a65-87f2-8a964ac5ace2
Content-Type: application/json
{
"alias": "key2",
"keyDefaultType": "1",
"effectiveDate": "2021-11-05"
}'
- Use the
List Key Default Rollover REST Service
to list
key rollovers in a rollover list.
GET https://localhost:port/SKLM/rest/v1/rollover/3592?usage=3592
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
- Use the
Delete Key Default Rollover REST Service
to
remove a wrapping key rollover that is specified in a rollover list.
DELETE https://localhost:port/SKLM/rest/v1/rollover/3592/ROLLOVER-d70d6f8-90409301-ecc7-4e3e-ad25-e687b8f9d5ee
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m