Changes to configuration properties or database values
Changes to most of the configuration properties in the SKLMConfig.properties file or in the IBM® Security Guardium® Key Lifecycle Manager database occur dynamically. However, some changes take effect only after you restart the Guardium Key Lifecycle Manager server.
Depending on the configuration property to be changed, you can use the graphical user interface or the REST interface. Not all properties in the configuration files, such as SKLMConfig.properties, or in the IBM Security Guardium Key Lifecycle Manager database can be changed by using all the interfaces.
Do not directly edit the configuration file. Instead, use Update Config Property REST Service to update the properties.
Property | Installation sets default value | Change requires server restart | Change possible from REST only |
---|---|---|---|
Audit.event.outcome |
![]() |
||
Audit.eventQueue.max |
![]() |
||
Audit.event.types |
![]() |
||
Audit.handler.file.multithreads |
![]() |
![]() |
|
Audit.handler.file.name |
![]() |
||
Audit.handler.file.size |
![]() |
||
Audit.handler.file.threadlifespan |
![]() |
![]() |
|
Audit.isSyslog | |||
Audit.MaxLogFileNum |
![]() |
||
Audit.syslog.server.host | |||
Audit.syslog.server.port | |||
Audit.syslog.isSSL | |||
autoRestartAfterRestore | |||
backup.export.fileuploadsize |
![]() |
![]() |
|
backup.keycert.before.serving |
![]() |
![]() |
|
browse.root.dir |
![]() |
||
cert.valiDATE | |||
certNotifyExpiryServiceFrequencyInHours | |||
chainOfTrustEnabled |
![]() |
||
client.socket.timeout |
![]() |
||
config.hash.algo |
![]() |
![]() |
![]() |
config.keystore.name |
![]() |
![]() |
You cannot modify this property by using the REST interface. |
config.keystore.batchUpdateSize |
![]() |
![]() |
|
config.keystore.batchUpdateTimer |
![]() |
![]() |
|
config.keystore.ssl.certalias* |
![]() |
||
data.synchronizing.backup.password | |||
data.synchronizing.svc.interval | |||
data.synchronizing.svc.MaxBackupNum | |||
datasource.switch.time |
![]() |
![]() |
![]() |
debug | |||
deleteMetaData |
![]() |
![]() |
![]() |
device.enableMachineAffinity | |||
deviceTypeMasterKeyAlgorithm | |||
deviceTypeMasterKeySize | |||
displaySecretTags |
![]() |
||
drive.acceptUnknownDrives (replaced by device group attribute device.AutoPendingAutoDiscovery in the IBM Security Guardium Key Lifecycle Manager database) | |||
drive.default.alias1 (replaced by a device group attribute in the IBM Security Guardium Key Lifecycle Manager database) | |||
drive.default.alias2 (replaced by a device group attribute in the IBM Security Guardium Key Lifecycle Manager database) | |||
ds8k.acceptUnknownDrives (replaced by device group attribute device.AutoPendingAutoDiscovery in the IBM Security Guardium Key Lifecycle Manager database) | |||
enableClientCertPush | |||
enableHADRStatusInKMIPQuery |
![]() |
||
enableHADRStatusInKMIPQueryFromDbCache |
![]() |
||
enableHighScaleBackup |
![]() |
||
enableLeefFormat |
![]() |
||
enablePBEInEKMFWeb |
![]() |
||
enablePBEInHSM |
![]() |
||
fips |
![]() |
![]() |
![]() |
isDeleteModifyRestricted | |||
key.cert.fileuploadsize |
![]() |
![]() |
|
kmipAuthNeeded |
![]() |
||
kmip.request.processing.hostNameLookup |
![]() |
||
KMIPListener.ssl.port* |
![]() |
![]() |
|
lock.timeout |
![]() |
||
maximum.keycert.expiration.period.in.years |
![]() |
||
maxPendingClientCerts | |||
notification.enable | |||
notification.interval | |||
password.encrypt | This property is optional in the configuration file. By default, its value is not set. | ||
pcache.refresh.interval | This property is optional in the configuration file. By default, its value is not set and IBM Security Guardium Key Lifecycle Manager uses the default time interval of 15 minutes. |
![]() |
|
pkcs11.config | |||
pkcs11.pin |
![]() |
||
pkcs11.pin.obfuscated |
![]() |
||
port.monitoring.svc.interval |
![]() |
||
requireSHA2Signatures |
![]() |
||
rest.user.inactive_time |
![]() |
![]() |
|
stopRoundRobinKeyGrps |
![]() |
||
suiteB |
![]() |
![]() |
|
symmetricKeySet (an attribute in the IBM Security Guardium Key Lifecycle Manager database) | |||
tklm.backup.db2.dir | You cannot modify this property by using the REST interface. | ||
tklm.backup.dir | Running a backup adds this property to the configuration file. | You cannot modify this property by using the REST interface. | |
tklm.encryption.keysize |
![]() |
![]() |
|
tklm.encryption.password | This is an internally used property. Do not change its value. You cannot modify this property by using the REST interface. | ||
tklm.encryption.pbe.algorithm |
![]() |
||
tklm.lockout.attempts |
![]() |
![]() |
|
tklm.lockout.enable |
![]() |
![]() |
|
TransportListener.ssl.ciphersuites |
![]() |
![]() |
|
TransportListener.ssl.clientauthentication |
![]() |
||
TransportListener.ssl.port* |
![]() |
![]() |
|
TransportListener.ssl.protocols |
![]() |
![]() |
|
TransportListener.ssl.timeout |
![]() |
||
TransportListener.tcp.port |
![]() |
![]() |
|
TransportListener.tcp.timeout |
![]() |
||
Transport.ssl.vulnerableciphers.patterns |
![]() |
![]() |
![]() |
Transport.ssl.vulnerableciphers |
![]() |
![]() |
|
useMasterKeyInEKMFWeb |
![]() |
||
useMasterKeyInHSM |
![]() |
||
useSKIDefaultLabels | |||
* If you set this value for the first time, restart is not required. If you later modify the value, restart is required. |
Date | Change description |
15 Feb 2022 | Corrected the enablePBEInEKMFWeb property name. |
30 Nov 2021 | Corrected the useMasterKeyInEKMFWeb property name. |
10 Sept 2021 | Initial version. |