Administrative operations for KMIP
You can use the Guardium® Key Lifecycle Manager server graphical user interface or REST APIs for some KMIP-specific administrative tasks. For example, updating the KMIP listener port, modifying the attributes of the KMIP objects.
- Managing the following KMIP information
through the IBM Security Guardium Key Lifecycle Manager graphical user
interface:
- Configuration of the KMIP ports and timeout settings.
- Current KMIP certificate, indicating which certificate is in use for secure server or server/client communication.
- Secure communication configuration, indicating whether TLS/KMIP or TLS is specified.
- Updating KMIP attributes for keys and
certificates.
For example, you can use the Key Attribute Update REST Service to update specific parameters.
- Listing and deleting client-registered KMIP templates.Clients use a template to specify the cryptographic attributes of new objects in a standardized or convenient way. The template is a managed object that contains attributes in operations that the client can set for a cryptographic object. For example, the client can set application-specific information.
- KMIP Template List REST Service
- List KMIP templates that IBM Security Guardium Key Lifecycle Manager provides. For example, you might list all templates. For more information, see KMIP Template List REST Service.
- KMIP Template Delete REST Service
- Delete KMIP templates that clients registered with IBM Security Guardium Key Lifecycle Manager. For more information, see KMIP Template Delete REST Service.
- Listing and deleting secret data such as passwords or a seed that is used to generate keys.
- KMIP Secret Data Delete REST Service
- Delete secret data that KMIP clients sent to IBM Security Guardium Key Lifecycle Manager. For more information, see KMIP Secret Data Delete REST Service.
- KMIP Secret Data List REST Service
- List secret data that KMIP clients sent to IBM Security Guardium Key Lifecycle Manager. For more information, see KMIP Secret Data List REST Service.
- Setting default port and timeout properties.
- KMIPListener.ssl.port
- Specifies the port on which the Guardium Key Lifecycle Manager server listens for requests from libraries. The server communicates over the TLS socket by using Key Management Interoperability Protocol.
- TransportListener.ssl.port
- Specifies the port on which Guardium Key Lifecycle Manager server listens for requests from tape libraries that communicate by using the TLS protocol.
- TransportListener.ssl.timeout
- Specifies how long the socket waits on a read() before closing. This property is used for the TLS socket.
- Enabling or disabling delete requests from KMIP clients.
An authenticated client can request delete operations that might have a significant impact on the availability of a key, on server performance, and on key security. Specify the enableKMIPDelete attribute with either the Device Group Attribute Update REST Service or the Device Group Create REST Service to determine whether IBM Security Guardium Key Lifecycle Manager acts on these requests.
kmipAuthNeeded=true
). To update the property file, use the Update Config Property REST Service.