Use Refresh Master Key for Endpoint (Device Group) REST Service to
refresh the master key for a specific endpoint (device group) or for all endpoints (device groups). Only an IBM® Guardium® Key Lifecycle Manager administrator can perform this operation.
- Operation
POST- URL
- To refresh the master keys for all endpoints (device groups)
- https://host:port/GKLM/rest/v1/ckms/deviceGroupMasterKey/rotate
- To refresh the master key for a specific endpoint (device group)
- https://host:port/GKLM/rest/v1/ckms/deviceGroupMasterKey/{deviceGroupName}/rotate
By default, IBM Guardium Key Lifecycle Manager server
listens to the secure port 9443 (HTTPS) for communication.
During IBM Guardium Key Lifecycle Manager installation, you can modify this
default port.
Request Parameters
| Parameter |
Description |
| host |
Specify the IP address or host name of the IBM Guardium Key Lifecycle Manager server. |
| port |
Specify the port number on which the IBM Guardium Key Lifecycle Manager server listens for requests. |
| deviceGroupName |
Optional. Specify the name of the endpoint (device group) for which you want to refresh the master key. If
you do not specify this parameter, master keys for all the endpoints (device groups) are refreshed. |
Request Headers
| Header name |
Value |
| Content-Type |
application/json |
| Accept |
application/json |
| Authorization |
SKLMAuth userAuthId=<authIdValue> |
| Accept-Language |
Any valid locale that is supported by IBM Guardium Key Lifecycle Manager. For example, en or
de. |
Request Body
JSON object with the following specification:
| JSON property name |
Description |
| force |
Specify true if you want to enforce master key refresh for the
endpoints (device groups). Else, specify false and the master key is refreshed only if the
key rotation is due. The key rotation value is specified in the Enable or Disable Master Key for Endpoint (Device Group) REST Service. |
Response Headers
| Header name |
Value and description |
| Status Code |
- 200 OK
- The request was successful. The response body contains the requested representation.
- 400® Bad Request
- The authentication information was not provided in the correct format.
- 401 Unauthorized
- The authentication credentials were missing or incorrect.
- 404 Not Found Error
- The processing of the request fails.
- 500 Internal Server Error
- The processing of the request fails because of an unexpected condition on the server.
|
| Content-Type |
application/json |
| Content-Language |
Locale for the response message. |
Success response body
JSON object with the following specification:
| JSON property name |
Description |
| Code |
Returns 0 when the request is successful. Otherwise,
returns 1. |
| Status |
Returns the status message to indicate whether the request is successful or
not. |
| message_id |
Returns the success or error message ID. |
Error Response Body
JSON object with the following specification.
| JSON property name |
Description |
| code |
Returns the application error code. |
| message |
Returns a message that describes the error. |
Examples
- Service request to enforce master key refresh for all the endpoints (device groups)
POST https://localhost:port/GKLM/rest/v1/ckms/deviceGroupMasterKey/rotate
{"force" : "true"}
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth userAuthId=4259b494-9cb2-4414-87b4-9a17b9f916c7
Accept-Language : en
- Success response
{"code":"1","status":"CTGKM3300I
Successfully rotated endpoint master key on 0 endpoints.","messageId":"CTGKM3300I"}
- Error response
{"code":"CTGKM0630E","message":"CTGKM0630E Validation error: falsee for parameter force."}