Changes to configuration properties or database values

Changes to most of the configuration properties in the SKLMConfig.properties file or in the IBM® Security Guardium® Key Lifecycle Manager database occur dynamically. However, some changes take effect only after you restart the Guardium Key Lifecycle Manager server.

Depending on the configuration property to be changed, you can use the graphical user interface or the REST interface. Not all properties in the configuration files, such as SKLMConfig.properties, or in the IBM Security Guardium Key Lifecycle Manager database can be changed by using all the interfaces.

Do not directly edit the configuration file. Instead, use Update Config Property REST Service to update the properties.

Table 1. Changes to configuration properties or database entries
Property Installation sets default value Change requires server restart Change possible from REST only
Audit.event.outcome
check mark symbol
   
Audit.eventQueue.max
check mark symbol
   
Audit.event.types
check mark symbol
   
Audit.handler.file.multithreads  
check mark symbol
check mark symbol
Audit.handler.file.name
check mark symbol
   
Audit.handler.file.size
check mark symbol
   
Audit.handler.file.threadlifespan  
check mark symbol
check mark symbol
Audit.isSyslog      
Audit.MaxLogFileNum  
check mark symbol
 
Audit.syslog.server.host      
Audit.syslog.server.port      
Audit.syslog.isSSL      
autoRestartAfterRestore      
backup.export.fileuploadsize
check mark symbol
 
check mark symbol
backup.keycert.before.serving
check mark symbol
 
check mark symbol
browse.root.dir  
check mark symbol
 
cert.valiDATE      
certNotifyExpiryServiceFrequencyInHours      
chainOfTrustEnabled    
check mark symbol
client.socket.timeout    
check mark symbol
config.hash.algo
check mark symbol
check mark symbol
check mark symbol
config.keystore.name
check mark symbol
check mark symbol
You cannot modify this property by using the REST interface.
config.keystore.batchUpdateSize
check mark symbol
check mark symbol
 
config.keystore.batchUpdateTimer
check mark symbol
check mark symbol
 
config.keystore.ssl.certalias*  
check mark symbol
 
data.synchronizing.backup.password      
data.synchronizing.svc.interval      
data.synchronizing.svc.MaxBackupNum      
datasource.switch.time
check mark symbol
check mark symbol
check mark symbol
debug      
deleteMetaData
check mark symbol
check mark symbol
check mark symbol
device.enableMachineAffinity      
deviceTypeMasterKeyAlgorithm      
deviceTypeMasterKeySize      
displaySecretTags
check mark symbol
   
drive.acceptUnknownDrives (replaced by device group attribute device.AutoPendingAutoDiscovery in the IBM Security Guardium Key Lifecycle Manager database)  
drive.default.alias1 (replaced by a device group attribute in the IBM Security Guardium Key Lifecycle Manager database)  
drive.default.alias2 (replaced by a device group attribute in the IBM Security Guardium Key Lifecycle Manager database)  
ds8k.acceptUnknownDrives (replaced by device group attribute device.AutoPendingAutoDiscovery in the IBM Security Guardium Key Lifecycle Manager database)  
enableClientCertPush      
enableHADRStatusInKMIPQuery    
check mark symbol
enableHADRStatusInKMIPQueryFromDbCache    
check mark symbol
enableHighScaleBackup    
check mark symbol
enableLeefFormat  
check mark symbol
 
enablePBEInEKMFWeb    
check mark symbol
enablePBEInHSM    
check mark symbol
fips
check mark symbol
check mark symbol
check mark symbol
isDeleteModifyRestricted      
key.cert.fileuploadsize
check mark symbol
 
check mark symbol
kmipAuthNeeded    
check mark symbol
kmip.request.processing.hostNameLookup    
check mark symbol
KMIPListener.ssl.port*
check mark symbol
check mark symbol
 
lock.timeout    
check mark symbol
maximum.keycert.expiration.period.in.years
check mark symbol
   
maxPendingClientCerts      
notification.enable      
notification.interval      
password.encrypt This property is optional in the configuration file. By default, its value is not set.    
pcache.refresh.interval This property is optional in the configuration file. By default, its value is not set and IBM Security Guardium Key Lifecycle Manager uses the default time interval of 15 minutes.  
check mark symbol
pkcs11.config      
pkcs11.pin    
check mark symbol
pkcs11.pin.obfuscated    
check mark symbol
port.monitoring.svc.interval    
check mark symbol
requireSHA2Signatures    
check mark symbol
rest.user.inactive_time  
check mark symbol
check mark symbol
stopRoundRobinKeyGrps    
check mark symbol
suiteB  
check mark symbol
check mark symbol
symmetricKeySet (an attribute in the IBM Security Guardium Key Lifecycle Manager database)  
tklm.backup.db2.dir     You cannot modify this property by using the REST interface.
tklm.backup.dir Running a backup adds this property to the configuration file.   You cannot modify this property by using the REST interface.
tklm.encryption.keysize
check mark symbol
 
check mark symbol
tklm.encryption.password This is an internally used property. Do not change its value. You cannot modify this property by using the REST interface.
tklm.encryption.pbe.algorithm    
check mark symbol
tklm.lockout.attempts
check mark symbol
 
check mark symbol
tklm.lockout.enable
check mark symbol
 
check mark symbol
TransportListener.ssl.ciphersuites  
check mark symbol
check mark symbol
TransportListener.ssl.clientauthentication    
check mark symbol
TransportListener.ssl.port*
check mark symbol
check mark symbol
 
TransportListener.ssl.protocols
check mark symbol
check mark symbol
 
TransportListener.ssl.timeout  
check mark symbol
 
TransportListener.tcp.port
check mark symbol
check mark symbol
 
TransportListener.tcp.timeout  
check mark symbol
 
Transport.ssl.vulnerableciphers.patterns
check mark symbol
check mark symbol
check mark symbol
Transport.ssl.vulnerableciphers  
check mark symbol
check mark symbol
useMasterKeyInEKMFWeb    
check mark symbol
useMasterKeyInHSM    
check mark symbol
useSKIDefaultLabels      

* If you set this value for the first time, restart is not required. If you later modify the value, restart is required.

Table 2. Topic change log
Date Change description
15 Feb 2022 Corrected the enablePBEInEKMFWeb property name.
30 Nov 2021 Corrected the useMasterKeyInEKMFWeb property name.
10 Sept 2021 Initial version.