You can modify information about objects in a key group in the IBM Security Guardium Key Lifecycle Manager database. Before you begin, determine the
changed information for the group, such as the number of more keys that you want to add to the
group.
About this task
You can use the
Modify Key Group dialog or the following REST interfaces to
modify objects in a key group in the
IBM Security Guardium Key Lifecycle Manager
database:
- Group Entry Add REST Service
- Group Entry Delete REST Service
Your role must have permissions to the modify action and to
the appropriate device group.
Procedure
-
Go to the appropriate page or directory:
- Graphical user interface:
- Log on to the graphical user interface.
- In the Key and Device Management section on Welcome page, select
LTO.
- Click .
- Alternatively, right-click LTO and select Manage keys and
devices.
- On the management page for
LTO
, select a key group in the Key
Group column.
- Click Modify.
- Alternatively, right-click a key group and then select Modify, or
double-click a key group entry.
- REST interface:
-
Modify the key group information:
- Graphical user interface:
- On the Modify Key Group dialog,
change the
appropriate fields. Your role must have specific
permissions for each action. For example, to delete a key from the
group, your role must have a permission to the delete action and a
permission to the appropriate device group.
- Click Modify
Key Group.
- REST interface:
To delete a key from the group, you can send the following HTTP
request:
DELETE https://localhost:port/SKLM/rest/v1/keygroups/KEY-a3ce9230-bef9-
42bd-86b7-6d208ec119cf
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
To add the same key back into the group again, you can send the following HTTP
request:
POST https://localhost:port/SKLM/rest/v1/keygroupentry
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"name":"GROUP-myKeyGroup", "entry": "KEY-a3ce9230-bef9-42bd-86b7-
6d208ec119cf"}
-
A success indicator varies, depending on the interface:
- Graphical user interface:
For required
fields, a column
displays changed data. For optional fields, you might need to reopen
the Modify Key Group dialog to see the changed values, and then click Cancel.
- Rest interface:
The status code 200 OK
indicates
success.
What to do next
Next, you can use the LTO
Key and Device Management page to associate the key group
with specific devices.