Use the Add Default Key Group for Rollover REST Service to add a
default key group rollover to serve keys to a device group on a specific date. The rollover key
group takes the place of the previous default key group.
- Operation
POST
- URL
- https://host:port/SKLM/rest/v1/keygroups/rollover
By default, Guardium® Key Lifecycle Manager server
listens to the secure port 9443 (HTTPS) for communication.
During IBM® Security Guardium Key Lifecycle Manager installation, you can modify this
default port.
Request Parameters
Parameter |
Description |
host |
Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server. |
port |
Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests. |
Request Headers
Header name |
Value |
Content-Type |
application/json |
Accept |
application/json |
Authorization |
SKLMAuth userAuthId=<authIdValue> |
Accept-Language |
Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or
de. |
Request body
JSON
object with the following
specification:
JSON property name |
Description |
keyGroupName |
Required. Specify the case-sensitive name of
an existing key group. |
usage |
Required. Specify the device group. You can
include the following values:
- LTO
- Specifies
the
LTO device group. The key is used
in secure communication with LTO tape drives.
- BRCD_ENCRYPTOR
- Specifies the
BRCD_ENCRYPTOR device
group that
is in the LTO device family.
- userdevicegroup
- Specifies a new, user-defined instance
of the
LTO device
family. The value cannot exceed 16 characters in length. For example: myLTO .
|
effectiveDate |
Required. Specify the date on which this key group is set as default for
rollover. The value is a current or future date in yyyy-MM-dd format. |
Response Headers
Header name |
Value and description |
Status Code |
- 200 OK
- The request was successful. The response body contains the requested representation.
- 400 Bad Request
- The authentication information was not provided in the correct format.
- 401 Unauthorized
- The authentication credentials were missing or incorrect.
- 404 Not Found Error
- The processing of the request fails.
- 500 Internal Server Error
- The processing of the request fails because of an unexpected condition on the server.
|
Content-Type |
application/json |
Content-Language |
Locale for the response message. |
Success response
body
JSON object with
the following specification:
JSON property name |
Description |
code |
Returns the code that is specified by the status property. |
status |
Returns the status to indicate whether the key
group is marked for rollover. |
Error Response Body
JSON object with the following specification.
JSON property name |
Description |
code |
Returns the application error code. |
message |
Returns a message that describes the error. |
Examples
- Service request to add a key group for rollover
POST https://localhost:port/SKLM/rest/v1/keygroups/rollover
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"keyGroupName":"myLTOKeyGroup","usage":"LTO","effectiveDate":"2017-05-30"}
- Success response
Status Code: 200 OK
{"code": "0","status": "Succeeded"}
- Service request to add a key group
for rollover with wrong usage
POST https://localhost:port/SKLM/rest/v1/keygroups/rollover
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"keyGroupName":"myLTOKeyGroup","usage":"LTT","effectiveDate":"2017-05-30"}
- Error response
Status Code: 400 Bad Request
{"code":"CTGKM0830E","message":"Device group is not valid: LTT"}