You can add more keys or key groups for use with IBM Security Guardium Key Lifecycle Manager. Before you begin, determine your site policy
on the default key groups and naming for key prefixes.
About this task
You can use the Create Key Group dialog. Alternatively, you might first use
the Group Create REST Service to create a group to which you want to add keys,
and then use the Secret Key Create REST Service to create one or more symmetric
keys in the existing group. Your role must have the permission to the create action and a
permission to the appropriate device group.
Procedure
-
Go to the appropriate page or directory:
- Graphical user interface:
- Log on to the graphical user interface.
- In the Key and Device Management section on Welcome page, select
LTO.
- Click .
- Alternatively, right-click LTO and select Manage keys and
devices.
- On the management page for
LTO
, click Add.
- Click Key Group.
-
Create a key or key group:
- Graphical user interface
- On the Create Key
Group dialog, specify values
for the required and optional parameters. For example, you might optionally
specify that this key group is the default.
- Click Create
Key Group.
- REST interface:
- Create a group to which you might
add keys by using Group
Create REST Service.
For example, you can send the following HTTP request by using a REST
client:
POST https://localhost:port/SKLM/rest/v1/keygroups/newGroup
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth authId=139aeh34567m
{"usage":"LTO"}
- Use Group List REST Service to obtain the value of the uuid for the group
that you created. For example, you can send the following HTTP
request:
GET https://localhost:port/SKLM/rest/v1/keygroups?name=newGroup
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth authId=139aeh34567m
Accept-Language : en
- Create a group of keys and store them in the group by using Secret Key Create REST
Service. For example, you can send the following HTTP
request:
POST https://localhost:port/SKLM/rest/v1/keys
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth authId=139aeh34567m
{"alias":"abc","numOfKeys":"10","KEYGROUP-316408ac-f433-4c11-92bc-
0de46d05bee9","usage":"LTO"}
What to do next
Back up new keys before the
keys are served to devices. You might also associate key groups with
specific devices.