Backup Run Restore REST Service

Use the Backup Run Restore REST Service to restore from an existing backup file. Before you begin, obtain the password that was used to create the backup file that you intend to use.

Only one backup or restore task can run at a time. Before you start a restore task, isolate the system for maintenance. IBM® Security Guardium® Key Lifecycle Manager server automatically restarts after the restore process is complete. Verify the environment before you bring the IBM Security Guardium Key Lifecycle Manager server back into production.

Operation: POST
URL: https://host:port/SKLM/rest/v1/ckms/restore

By default, Guardium Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM Security Guardium Key Lifecycle Manager installation, you can modify this default port.

Request

Request Parameters

Parameter	Description
host	Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server.
port	Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests.

Request Headers

Header name	Value
Content-Type	`application/json`
Accept	`application/json`
Authorization	`SKLMAuth userAuthId=<authIdValue>`
Accept-Language	Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, `en` or `de`.

Request body

JSON Object with the following specification.

JSON property name	Description
backupFilePath	Specify the full path and file name that contains the backup data. To determine this directory, examine the value of the sklm.backup.dir property in the SKLMgrConfig.properties file.
password	You must specify the password to restore data from the backup file if IBM Security Guardium Key Lifecycle Manager uses a password-based encryption method. Note: You need not specify the password to restore the data if IBM Security Guardium Key Lifecycle Manager is configured to use Hardware Security Module (HSM) to store the master encryption key. For more information about HSM-based encryption, see HSM-based encryption for backups. To restore a backup file, you must provide the password that was used to encrypt the data in that file during the backup operation.

JSON property name

Description

backupFilePath

Specify the full path and file name that contains the backup data.

To determine this directory, examine the value of the sklm.backup.dir property in the SKLMgrConfig.properties file.

password

You must specify the password to restore data from the backup file if IBM Security Guardium Key Lifecycle Manager uses a password-based encryption method.

Note: You need not specify the password to restore the data if IBM Security Guardium Key Lifecycle Manager is configured to use Hardware Security Module (HSM) to store the master encryption key. For more information about HSM-based encryption, see HSM-based encryption for backups.

To restore a backup file, you must provide the password that was used to encrypt the data in that file during the backup operation.

Response

Response Headers

Header name	Value and description
Status Code	200 OK The request was successful. The response body contains the requested representation. 400 Bad Request The authentication information was not provided in the correct format. 401 Unauthorized The authentication credentials were missing or incorrect. 404 Not Found Error The processing of the request fails. 500 Internal Server Error The processing of the request fails because of an unexpected condition on the server.
Content-Type	`application/json`
Content-Language	Locale for the response message.

Success response body

JSON object with the following specification.

JSON property name	Description
code	Returns the value that is specified by the status property.
status	Returns the status message to indicate whether the restore task was successful. -1 State is unknown. The task is not run since the last time the IBM Security Guardium Key Lifecycle Manager server started. 0 The restore succeeded. 1 The restore task failed.

Error Response Body

JSON object with the following specification.

JSON property name	Description
code	Returns the application error code.
message	Returns a message that describes the error.

Note: Backup Run Restore REST Service returns the 500 Internal Server Error response when a restore operation fails. In the response body, you can see only the status message without status code 1.

Examples

Service request to run a backup restore task

POST https://localhost:port/SKLM/rest/v1/ckms/restore
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
Accept-Language : en
{"backupFilePath":"/opt/IBM/WebSphere/Liberty/products/sklm/data/sklm_v2.7.0_20160705235417-1200_
backup.jar","password":"passw0rd"}

Success response

Status Code : 200 OK
Content-Language: en
{"code":"0","status":"Restore operation succeeded. Restart the server."}

Service request with incorrect backupFilePath value

POST https://localhost:port/SKLM/rest/v1/ckms/restore
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
Accept-Language : en
{
  "backupFilePath": "string",
  "password": "abc"
}

Error response

Status Code : 500 Internal Server Error
Content-Language: en
{
  "code": "CTGKM0901E",
  "message": "CTGKM0901E Backup operation fails because the backup directory cannot be resolved. Specify a valid backup directory name and path, and retry the operation."
}