Create/Register Secret Data REST Service
Use Create/Register Secret Data REST Service to create or register one ore more secret data objects and associate them with a client.
- Operation
POST
- URL
- https://host:port/SKLM/rest/v1/objects/secret
By default, Guardium® Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM® Security Guardium Key Lifecycle Manager installation, you can modify this default port.
Request
Request Parameters
Parameter | Description |
---|---|
host | Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server. |
port | Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests. |
Request Headers
Header name | Value |
---|---|
Content-Type | application/json |
Accept | application/json |
Authorization | SKLMAuth userAuthId=<authIdValue> |
Accept-Language | Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or de. |
Request body
JSON object with the following specification:
Property name | Description |
---|---|
clientName | Required. Specify the name of the client. |
prefixName | Required. Specify the prefix that is used to create the alias. |
numberOfObjects | Optional. Specify the number of secret data objects. Default value: 1 |
keyBlock | Specify the following parameters if you want to register a secret data object:
|
cryptoUsageMask | Optional. Specify the cryptographic usage for which the secret data is to be
used. Default value: Verify Other possible values: Decrypt, Encrypt_Decrypt, Sign, Sign_Verify, Verify, Wrap, Unwrap, Wrap_Unwrap |
bitlength | Optional. Specify the size of the secret data object. Default value: 60 |
Response
Response Headers
Header name | Value and description |
---|---|
Status Code |
|
Content-Type | application/json |
Content-Language | Locale for the response message. |
Success response body
JSON object with the following specification:
JSON property name | Description |
---|---|
id | Returns the unique identifier (UUID) of the newly created object. If multiple objects are created, an array of the UUIDs is returned. |
messageId | Returns the message identifier. |
Error response body
JSON object with the following specification.
JSON property name | Description |
---|---|
messageId | Returns the message identifier. |
error | Returns a message that describes the error. |
Example
- Create secret data object
-
POST https://localhost:port/SKLM/rest/v1/objects/secret { "clientName":"client_rest", "numberOfObjects":"1", "prefixName":"ddr", "cryptoUsageMask":"Verify", "bitLength":"2048" }
- Success response
-
{ "id": "K_SEC_DATA-bdafff7-2be61867-16b0-4618-867b-c21f1f6267c2", "messageId": "CTGKM6026I" }
- Error response
-
{ "messageId": "CTGKM0631E", "error": "CTGKM0631E Missing required parameter \" prefixName \" ." }
- Register a secret data object
-
POST https://localhost:port/SKLM/rest/v1/objects/secret { "clientName":"client_rest", "keyBlock":{"keyFormat":"OPAQUE","keyMaterial": "4428472B4B6250655368566D597133743677397A244226452948404D635166546A576E5A7234753778214125442A462D4A614E645267556B58703273357638792F423F4528482B4B6250655368566D597133743677397A24432646294A404E635166546A576E5A7234753778214125442A472D4B6150645367556B58703273357638792F423F4528482B4D6251655468576D597133743677397A24432646294A404E635266556A586E327234753778214125442A472D4B6150645367566B59703373367638792F423F4528482B4D6251655468576D5A7134743777217A24432646294A404E635266556A586E3272357538782F413F442A472D4B615064536756"}, "prefixName":"ddr", "cryptoUsageMask":"Verify", "bitLength":"2048" }
- Success response
-
{ "id": "K_SEC_DATA-bdafff7-f2634ef7-cff0-46d8-abd5-e065c8b6476c", "messageId": "CTGKM6026I" }
- Error response
-
{ "messageId": "CTGKM0631E", "error": "CTGKM0631E Missing required parameter \" prefixName \" ." }