Use Key Update REST Service to update
key metadata in the database. For example, you might move an individual
key in one key group to another key group.
- Operation
PUT- URL
- https://<host>:<port>/GKLM/rest/v1/keys
By default, IBM® Guardium Key Lifecycle Manager server
listens to the secure port 9443 (HTTPS) for communication.
During IBM Guardium Key Lifecycle Manager installation, you can modify this
default port.
Request Parameters
| Parameter |
Description |
| host |
Specify the IP address or hostname of the IBM Guardium Key Lifecycle Manager server. |
| port |
Specify the port number on which the IBM Guardium Key Lifecycle Manager server listens for requests. |
Request Headers
| Header name |
Value |
| Content-Type |
application/json |
| Accept |
application/json |
| Authorization |
SKLMAuth userAuthId=<authIdValue> |
| Accept-Language |
Any valid locale that is supported by IBM Guardium Key Lifecycle Manager. For example, en or
de. |
Request body
| Property name |
Description |
| uuid |
Specify the universal unique identifier of the
individual key that you want to update. |
| usage |
Optional. Specify a unique endpoint (device group), such as LTO. You can
specify the following values:
- LTO
- Specifies the
LTO endpoint (device group).
- 3592
- Specifies the 3592 endpoint (device group).
- DS5000
- Specifies the DS5000 endpoint (device group).
- DS8000®
- Specifies the DS8000 endpoint (device group).
- GPFS
- Specifies the IBM Spectrum® Scale (previously
known as GPFS) endpoint (device group).
- PEER_TO_PEER
- Specifies the
PEER_TO_PEER
endpoint (device group).
- DS8000_TCT
- Specifies the
DS8000_TCT
endpoint (device group) that is in the GPFS
endpoint family.
- BRCD_ENCRYPTOR
- Specifies the
BRCD_ENCRYPTOR endpoint (device group) that is in the LTO
endpoint family.
- ONESECURE
- Specifies the
ONESECURE endpoint (device group) that is in the DS5000 endpoint family
- GENERIC
- Specifies a endpoint family that uses the Key Management Interoperability Protocol to interact
with IBM Guardium Key Lifecycle Manager. The
GENERIC
endpoint (device group) enables management of KMIP objects.
- ETERNUS_DX
- Specifies the ETERNUS_DX endpoint that is in the DS5000 endpoint family.
- XIV
- Specifies the IBM Spectrum Accelerate (previously
known as XIV) endpoint.
- userendpoint
- Specifies a user-defined endpoint that is based on a supported endpoint family.
|
| attributes |
Specify one or more of the following attribute-value
pairs:
- compromised
- Specifies whether the use of a key is compromised. The only value
is y (
compromised). You cannot change a compromised key
or certificate to an uncompromised state.
- groupName
- Specifies the name of a valid key group. You cannot move the last key in a default key group to
a different group. You can change the key group name to a key group that is used by a different
endpoint (device group) in the same endpoint family if:
- The key group and its keys are not the default endpoint (device group).
- The key group and its keys are not attached to a device.
For example, you can change such a group from the myLTO endpoint (device group) to
yourLTO endpoint (device group) in the LTO endpoint family.
In the DS5000
endpoint family, a key group is generated for each DS5000 device when the device is created. You
cannot create a DS5000 device with a key group attribute. However, you can create a new key group
and specify the group name of a DS5000 device with the new key group.
- information informationstring
- Specifies more information about the use of an object.
|
Response Headers
| Header name |
Value and description |
| Status Code |
- 200 OK
- The request was successful. The response body contains the requested representation.
- 400 Bad Request
- The authentication information was not provided in the correct format.
- 401 Unauthorized
- The authentication credentials were missing or incorrect.
- 404 Not Found Error
- The processing of the request fails.
- 500 Internal Server Error
- The processing of the request fails because of an unexpected condition on the server.
|
| Content-Type |
application/json |
| Content-Language |
Locale for the response message. |
Success response body
JSON object with
the following specification:
| JSON property name |
Description |
| status |
Returns the status with an appropriate message
that indicates whether the key is updated. |
Error Response Body
JSON object with the following specification.
| JSON property name |
Description |
| code |
Returns the application error code. |
| message |
Returns a message that describes the error. |
Examples
- Service request to update the group and key details
PUT https://<host>:<port>/GKLM/rest/v1/keys
Content-Type: application/json
Accept : application/json
Authorization : SKLMAuth userAuthId=37ea1939-1374-4db7-84cd-14e399be2d20
Accept-Language : en
{"uuid":"KEY-61bd4100-9880-450f-a1a5-7efe19a8d0f5","attributes":"groupName
newGroup1,information movedTonewGroup1"}
- Success response
Status Code : 200 OK
Content-Language: en
{"code":"0","status":"Succeeded"}
- Service request to update the key when uuid parameter
is missing
PUT https://<host>:<port>/GKLM/rest/v1/keys
Content-Type: application/json
Accept : application/json
Authorization : SKLMAuth userAuthId=37ea1939-1374-4db7-84cd-14e399be2d20
Accept-Language : en
{}
- Error response
Status Code: 400 Bad Request
Content-Language: en
{ "code": "CTGKM0631E", "message": "CTGKM0631E Missing required
parameter " uuid " ."}