As a first activity, create keys and key groups for IBM Security Guardium Key Lifecycle Manager. Before you begin, determine the quantity of
keys and the purpose of individual key groups that your organization requires.
About this task
You can use the Create Key Group dialog. Alternatively, you can use the
Group Create REST Service to create a group to which you want to add keys. Then,
use the Secret Key Create REST Service to create one or more symmetric keys in
the existing group. Your role must have the permission to the create action and a
permission to the appropriate device group.
Procedure
-
Go to the appropriate page or directory:
- Graphical user interface:
- Log on to the graphical user interface.
- In the Key and Device Management section on Welcome page, select
LTO.
- Click .
- Alternatively, right-click LTO and select Guided key and
device creation.
- REST interface:
-
Create a key group:
- Graphical user
interface:
- On the Step 1: Create Key Groups page, click Create
on the Key Group table.
- On the Create
Key Group dialog, specify values
for the required and optional parameters. For example, you might create
a key group with 100 keys.
- Click Create Key Group.
- REST interface:
- Obtain a unique user authentication
identifier to access IBM Security Guardium Key Lifecycle Manager REST
services. For more information about the authentication process, see Authentication process for REST services.
- To run Group Create REST Service, send the HTTP POST request. Pass the user
authentication identifier that you obtained in
Step a
along with the request
message as shown in the following
example.POST https://localhost:<port>/SKLM/rest/v1/keygroups/newGroup
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth authId=139aeh34567m
{"usage":"LTO"}
- Use Group List REST Service to obtain the value of the uuid for the group
that you created. For example,
GET https://localhost:port/SKLM/rest/v1/keygroups?name=newGroup
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth authId=139aeh34567m
Accept-Language : en
- Then, create a group of keys and store them in the group by using Secret Key Create
REST Service. For example, you can send the following HTTP
request:
POST https://localhost:port/SKLM/rest/v1/keys
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth authId=139aeh34567m
{"alias":"abc","numOfKeys":"10","KEYGROUP-316408ac-f433-4c11-92bc-
0de46d05bee9","usage":"LTO"}
What to do next
Back up new keys before the keys are served to devices. You can go to the next
guided step to define specific devices, and associate key groups with the devices. Select
Step 2: Identify Drives or click Go to Next Step.