Creating a key group

As a first activity, create keys and key groups for IBM® Security Guardium® Key Lifecycle Manager. Before you begin, determine the quantity of keys and the purpose of individual key groups that your organization requires.

About this task

You can use the Create Key Group dialog. Alternatively, you can use the Group Create REST Service to create a group to which you want to add keys. Then, use the Secret Key Create REST Service to create one or more symmetric keys in the existing group. Your role must have the permission to the create action and a permission to the appropriate device group.


  1. Go to the appropriate page or directory:
    • Graphical user interface:
      1. Log on to the graphical user interface.
      2. In the Key and Device Management section on Welcome page, select LTO.
      3. Click Go to > Guided key and device creation.
      4. Alternatively, right-click LTO and select Guided key and device creation.
    • REST interface:
      • Open a REST client.
  2. Create a key group:
    • Graphical user interface:
      1. On the Step 1: Create Key Groups page, click Create on the Key Group table.
      2. On the Create Key Group dialog, specify values for the required and optional parameters. For example, you might create a key group with 100 keys.
      3. Click Create Key Group.
    • REST interface:
      1. Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
      2. To run Group Create REST Service, send the HTTP POST request. Pass the user authentication identifier that you obtained in Step a along with the request message as shown in the following example.
        POST https://localhost:<port>/SKLM/rest/v1/keygroups/newGroup
        Content-Type: application/json
        Accept : application/json
        Authorization: SKLMAuth authId=139aeh34567m
      3. Use Group List REST Service to obtain the value of the uuid for the group that you created. For example,
        GET https://localhost:port/SKLM/rest/v1/keygroups?name=newGroup
        Content-Type: application/json
        Accept : application/json
        Authorization: SKLMAuth authId=139aeh34567m
        Accept-Language : en
      4. Then, create a group of keys and store them in the group by using Secret Key Create REST Service. For example, you can send the following HTTP request:
        POST https://localhost:port/SKLM/rest/v1/keys
        Content-Type: application/json
        Accept: application/json
        Authorization: SKLMAuth authId=139aeh34567m

What to do next

Back up new keys before the keys are served to devices. You can go to the next guided step to define specific devices, and associate key groups with the devices. Select Step 2: Identify Drives or click Go to Next Step.