Enable or Disable Master Key for Device Group REST Service
Use Enable or Disable Master Key for Device Group REST Service to enable or disable the master key for a device group. Only an IBM® Security Guardium® Key Lifecycle Manager administrator can perform this operation.
- Operation
POST
- URL
- https://host:port/SKLM/rest/v1/ckms/deviceGroupMasterKey/{deviceGroupName}
By default, Guardium Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM Security Guardium Key Lifecycle Manager installation, you can modify this default port.
Request
Request Headers
Header name | Value |
---|---|
Content-Type | application/json |
Accept | application/json |
Authorization | SKLMAuth userAuthId=<authIdValue> |
Accept-Language | Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or de. |
Request body
JSON object with the following specification:
JSON property | Description |
---|---|
rotationPeriod | Optional. Specify the rotation period in number of days. The value must be a positive
integer. This value defines the next due date of rotation of master key for the specified device group. If you do not want the key to expire, specify the value as 0. |
algorithm | Optional. Specify the algorithm with which the master key is to be created for the device group. The supported algorithm is AES. |
keySize | Optional. Specify the size of the master key. The supported key sizes are 128-bit and 256-bit. |
enable | Specify true if you want to enable the master key for the device group. Else, specify false. |
Response
Response Headers
Header name | Value and description |
---|---|
Status Code |
|
Content-Type | application/json |
Content-Language | Locale for the response message. |
Success response body
JSON object with the following specification:
JSON property name | Description |
---|---|
Code | Returns 0 when the request is successful. Otherwise, returns 1. |
Status | Returns the status message to indicate whether the request is successful or not. |
message_id | Returns the success or error message ID. |
Error Response Body
JSON object with the following specification.
JSON property name | Description |
---|---|
code | Returns the application error code. |
message | Returns a message that describes the error. |
Examples
- Service request to enable the master key for device group GPFS
POST https://localhost:port/SKLM/rest/v1/ckms/deviceGroupMasterKey/GPFS {"enable" : "true","rotationPeriod" : "0","algorithm" : "AES","keySize" : "128"} Content-Type: application/json Accept : application/json Authorization: SKLMAuth userAuthId=4259b494-9cb2-4414-87b4-9a17b9f916c7 Accept-Language : en
- Success response
{"code":"0","status":"CTGKM3302I Successfully enabled device group master key for device group GPFS.","messageId":"CTGKM3302I"}
- Service request to disable the master key for device group GPFS
POST https://localhost:port/SKLM/rest/v1/ckms/deviceGroupMasterKey/GPFS {"enable" : "false"} Content-Type: application/json Accept : application/json Authorization: SKLMAuth userAuthId=4259b494-9cb2-4414-87b4-9a17b9f916c7 Accept-Language : en
- Success response
{"code":"0","status":"CTGKM3303I Successfully disabled device group master key for device group GPFS.","messageId":"CTGKM3303I"}
- Error response
{"code":"CTGKM1539E","message":"CTGKM1539E Algorithm DES not supported."}