Archiving transactional data of keys served to clients

IBM® Security Guardium® Key Lifecycle Manager stores the transactional data of keys that are served to clients in a database table. To prevent the database table from overflowing, you can regularly archive this transactional data. During the backup, restore, and replication operations, IBM Security Guardium Key Lifecycle Manager automatically archives the transactional data to avoid process failure because of database overflow.

About this task

You can run the Archive Served Data List REST Service to archive the data. This REST service purges the records in the database table and stores the transactional data in a comma-separated values (CSV) file.

The CSV file and a checksum file are included in a JAR file that is saved in the SKLM_DATA\DevAuditArchives folder.

The JAR and CSV file names have a date and time stamp as suffix (ServedData_datetimestamp.jar). For example: SKLM_DATA\ServedDataListArchives\ServedData_20190606160311+0530.jar

Note: If you run the Served Data List REST Service after you archive the database table, zero records are retrieved from the table because it is purged.
During the backup, restore, and replication operations, IBM Security Guardium Key Lifecycle Manager checks the number of records in the database table. If the number of records is equal to or greater than 100000, the Archive Served Data List REST Service is automatically triggered and data is archived. If you do not have many key serving transactions, you can disable this auto-archival operation by setting the following property in the SKLMConfig.properties file on the server:
enableServedDataArchive=false
By default, this property is set as true:
enableServedDataArchive=true

Do not directly edit the configuration file. Instead, use Update Config Property REST Service to update the properties.

Procedure

  • To archive the transactional data of keys that are served to clients
    1. Open a REST client.
    2. Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
    3. Run Archive Served Data List REST Service.
  • To disable the auto-archival of transactional data of keys that are served to clients during backup, restore, and replication processes
    1. Open a REST client.
    2. Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
    3. Run Update Config Property REST Service as follows:
      PUT https://localhost:port/SKLM/rest/v1/configProperties
      { "enableServedDataArchive" : "false"}