Add Key Default Rollover REST Service

Use the Add Key Default Rollover REST Service to add a default key rollover for a specific date for 3592 tape drive.

Operation: POST
URL: https://host:port/SKLM/rest/v1/rollover/3592

By default, Guardium Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM Security Guardium Key Lifecycle Manager installation, you can modify this default port.

Request

Request Parameters

Parameter	Description
host	Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server.
port	Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests.

Request Headers

Header name	Value
Content-Type	`application/json`
Accept	`application/json`
Authorization	`SKLMAuth userAuthId=<authIdValue>`
Accept-Language	Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, `en` or `de`.

Request body

JSON object with the following specification:

JSON property name Description

JSON property name	Description
alias	Specify the alias of an existing key. It is not case-sensitive.
keyDefaultType	Specify whether the key is used as the system default or partner key, or both. You can specify the following values: 1 Indicates that the key is the system default. 2 Indicates that the key is the partner key. 3 Indicates that the key is both the system default key and partner key.
effectiveDate	Specify the date on which this key group is set for default rollover. The value is a current or future date in `yyyy-MM-dd` format.

alias

Specify the alias of an existing key. It is not case-sensitive.

keyDefaultType

Specify whether the key is used as the system default or partner key, or both.

You can specify the following values:

1: Indicates that the key is the system default.
2: Indicates that the key is the partner key.
3: Indicates that the key is both the system default key and partner key.

effectiveDate

Specify the date on which this key group is set for default rollover. The value is a current or future date in yyyy-MM-dd format.

Response

Response Headers

Header name	Value and description
Status Code	200 OK The request was successful. The response body contains the requested representation. 400 Bad Request The authentication information was not provided in the correct format. 401 Unauthorized The authentication credentials were missing or incorrect. 404 Not Found Error The processing of the request fails. 500 Internal Server Error The processing of the request fails because of an unexpected condition on the server.
Content-Type	`application/json`
Content-Language	Locale for the response message.

Success response body

JSON object with the following specification:

JSON property name	Description
code	Returns the code that is specified by the status property.
status	Returns the status to indicate whether the key group is marked for rollover.

Error Response Body

JSON object with the following specification.

JSON property name	Description
code	Returns the application error code.
message	Returns a message that describes the error.

Examples

Service request to add a wrapping key for rollover

POST https://localhost:port/SKLM/rest/v1/rollover/3592
Accept: application/json
Accept-Language: en
Authorization: SKLMAuth userAuthId=b27c9eaa-cef7-4a65-87f2-8a964ac5ace2
Content-Type: application/json
{
  "alias": "key2",
  "keyDefaultType": "1",
  "usage": "3592",
  "effectiveDate": "2021-11-05"
}'

Success response

Status Code: 200 OK
{"code": "0","status": "Succeeded"}

Service request to add a wrapping key for rollover with incorrect usage

POST https://9.202.176.124:9443/SKLM/rest/v1/rollover/3592
Accept: application/json
Accept-Language: en
Authorization: SKLMAuth userAuthId=b27c9eaa-cef7-4a65-87f2-8a964ac5ace2
Content-Type: application/json
{
  "alias": "key2",
  "keyDefaultType": "1",
  "usage": "userdevicegroup",
  "effectiveDate": "2021-11-05"
}

Error response

{
  "code": "CTGKM0830E",
  "message": "Device group is not valid: LTO"
}