Adding a key or key group

You can add more keys or key groups for use with IBM Security Guardium Key Lifecycle Manager. Before you begin, determine your site policy on the default key groups and naming for key prefixes.

About this task

You can use the Create Key Group dialog. Alternatively, you might first use the Group Create REST Service to create a group to which you want to add keys, and then use the Secret Key Create REST Service to create one or more symmetric keys in the existing group. Your role must have the permission to the create action and a permission to the appropriate device group.

Procedure

  1. Go to the appropriate page or directory:
    • Graphical user interface:
      1. Log on to the graphical user interface.
      2. In the Key and Device Management section on Welcome page, select LTO.
      3. Click Go to > Manage keys and devices.
      4. Alternatively, right-click LTO and select Manage keys and devices.
      5. On the management page for LTO, click Add.
      6. Click Key Group.
  2. Create a key or key group:
    • Graphical user interface
      1. On the Create Key Group dialog, specify values for the required and optional parameters. For example, you might optionally specify that this key group is the default.
      2. Click Create Key Group.
    • REST interface:
      1. Create a group to which you might add keys by using Group Create REST Service.
        For example, you can send the following HTTP request by using a REST client:
        POST https://localhost:port/SKLM/rest/v1/keygroups/newGroup
        Content-Type: application/json
        Accept: application/json
        Authorization: SKLMAuth authId=139aeh34567m
        {"usage":"LTO"}
      2. Use Group List REST Service to obtain the value of the uuid for the group that you created. For example, you can send the following HTTP request:
        GET https://localhost:port/SKLM/rest/v1/keygroups?name=newGroup
        Content-Type: application/json
        Accept: application/json
        Authorization: SKLMAuth authId=139aeh34567m
        Accept-Language : en
      3. Create a group of keys and store them in the group by using Secret Key Create REST Service. For example, you can send the following HTTP request:
        POST https://localhost:port/SKLM/rest/v1/keys
        Content-Type: application/json
        Accept: application/json
        Authorization: SKLMAuth authId=139aeh34567m
        {"alias":"abc","numOfKeys":"10","KEYGROUP-316408ac-f433-4c11-92bc-
        0de46d05bee9","usage":"LTO"}

What to do next

Back up new keys before the keys are served to devices. You might also associate key groups with specific devices.