Modifying a key group

You can modify information about objects in a key group in the IBM Security Guardium Key Lifecycle Manager database. Before you begin, determine the changed information for the group, such as the number of more keys that you want to add to the group.

About this task

You can use the Modify Key Group dialog or the following REST interfaces to modify objects in a key group in the IBM Security Guardium Key Lifecycle Manager database:
  • Group Entry Add REST Service
  • Group Entry Delete REST Service
Your role must have permissions to the modify action and to the appropriate device group.

Procedure

  1. Go to the appropriate page or directory:
    • Graphical user interface:
      1. Log on to the graphical user interface.
      2. In the Key and Device Management section on Welcome page, select LTO.
      3. Click Go to > Manage keys and devices.
      4. Alternatively, right-click LTO and select Manage keys and devices.
      5. On the management page for LTO, select a key group in the Key Group column.
      6. Click Modify.
      7. Alternatively, right-click a key group and then select Modify, or double-click a key group entry.
    • REST interface:
      • Open a REST client.
  2. Modify the key group information:
    • Graphical user interface:
      1. On the Modify Key Group dialog, change the appropriate fields. Your role must have specific permissions for each action. For example, to delete a key from the group, your role must have a permission to the delete action and a permission to the appropriate device group.
      2. Click Modify Key Group.
    • REST interface:
      To delete a key from the group, you can send the following HTTP request:
      DELETE https://localhost:port/SKLM/rest/v1/keygroups/KEY-a3ce9230-bef9-
      42bd-86b7-6d208ec119cf
      Content-Type: application/json
      Accept: application/json
      Authorization: SKLMAuth userAuthId=139aeh34567m
      To add the same key back into the group again, you can send the following HTTP request:
      POST https://localhost:port/SKLM/rest/v1/keygroupentry
      Content-Type: application/json
      Accept : application/json
      Authorization: SKLMAuth userAuthId=139aeh34567m
      {"name":"GROUP-myKeyGroup", "entry": "KEY-a3ce9230-bef9-42bd-86b7-
      6d208ec119cf"}
  3. A success indicator varies, depending on the interface:
    • Graphical user interface:

      For required fields, a column displays changed data. For optional fields, you might need to reopen the Modify Key Group dialog to see the changed values, and then click Cancel.

    • Rest interface:

      The status code 200 OK indicates success.

What to do next

Next, you can use the LTO Key and Device Management page to associate the key group with specific devices.