Use the Add Default Key Group for Rollover REST Service to add a
default key group rollover to serve keys to a device group on a specific date. The rollover key
group takes the place of the previous default key group.
- Operation
POST- URL
- https://host:port/SKLM/rest/v1/keygroups/rollover
By default, Guardium Key Lifecycle Manager server
listens to the secure port 9443 (HTTPS) for communication.
During IBM Security Guardium Key Lifecycle Manager installation, you can modify this
default port.
Request Parameters
| Parameter |
Description |
| host |
Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server. |
| port |
Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests. |
Request Headers
| Header name |
Value |
| Content-Type |
application/json |
| Accept |
application/json |
| Authorization |
SKLMAuth userAuthId=<authIdValue> |
| Accept-Language |
Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or
de. |
Request body
JSON
object with the following
specification:
| JSON property name |
Description |
| keyGroupName |
Required. Specify the case-sensitive name of
an existing key group. |
| usage |
Required. Specify the device group. You can
include the following values:
- LTO
- Specifies
the
LTO device group. The key is used
in secure communication with LTO tape drives.
- BRCD_ENCRYPTOR
- Specifies the
BRCD_ENCRYPTOR device
group that
is in the LTO device family.
- userdevicegroup
- Specifies a new, user-defined instance
of the
LTO device
family. The value cannot exceed 16 characters in length. For example: myLTO.
|
| effectiveDate |
Required. Specify the date on which this key group is set as default for
rollover. The value is a current or future date in yyyy-MM-dd format. |
Response Headers
| Header name |
Value and description |
| Status Code |
- 200 OK
- The request was successful. The response body contains the requested representation.
- 400 Bad Request
- The authentication information was not provided in the correct format.
- 401 Unauthorized
- The authentication credentials were missing or incorrect.
- 404 Not Found Error
- The processing of the request fails.
- 500 Internal Server Error
- The processing of the request fails because of an unexpected condition on the server.
|
| Content-Type |
application/json |
| Content-Language |
Locale for the response message. |
Success response
body
JSON object with
the following specification:
| JSON property name |
Description |
| code |
Returns the code that is specified by the status property. |
| status |
Returns the status to indicate whether the key
group is marked for rollover. |
Error Response Body
JSON object with the following specification.
| JSON property name |
Description |
| code |
Returns the application error code. |
| message |
Returns a message that describes the error. |
Examples
- Service request to add a key group for rollover
POST https://localhost:port/SKLM/rest/v1/keygroups/rollover
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"keyGroupName":"myLTOKeyGroup","usage":"LTO","effectiveDate":"2017-05-30"}
- Success response
Status Code: 200 OK
{"code": "0","status": "Succeeded"}
- Service request to add a key group
for rollover with wrong usage
POST https://localhost:port/SKLM/rest/v1/keygroups/rollover
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"keyGroupName":"myLTOKeyGroup","usage":"LTT","effectiveDate":"2017-05-30"}
- Error response
Status Code: 400 Bad Request
{"code":"CTGKM0830E","message":"Device group is not valid: LTT"}