Use Refresh Master Key for Device Group REST Service to refresh the
master key for a specific device group or for all device groups. Only an IBM® Security Guardium® Key Lifecycle Manager administrator can perform this operation.
- Operation
POST- URL
- To refresh the master keys for all device groups
- https://host:port/SKLM/rest/v1/ckms/deviceGroupMasterKey/rotate
- To refresh the master key for a specific device group
- https://host:port/SKLM/rest/v1/ckms/deviceGroupMasterKey/{deviceGroupName}/rotate
By default, Guardium Key Lifecycle Manager server
listens to the secure port 9443 (HTTPS) for communication.
During IBM Security Guardium Key Lifecycle Manager installation, you can modify this
default port.
Request Parameters
| Parameter |
Description |
| host |
Specify the IP address or host name of the IBM Security Guardium Key Lifecycle Manager server. |
| port |
Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests. |
| deviceGroupName |
Optional. Specify the name of the device group for which you want to refresh the master key.
If you do not specify this parameter, master keys for all the device groups are refreshed. |
Request Headers
| Header name |
Value |
| Content-Type |
application/json |
| Accept |
application/json |
| Authorization |
SKLMAuth userAuthId=<authIdValue> |
| Accept-Language |
Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or
de. |
Request Body
JSON object with the following specification:
| JSON property name |
Description |
| force |
Specify true if you want to enforce master key refresh for the device
groups. Else, specify false and the master key is refreshed only if the key
rotation is due. The key rotation value is specified in the Enable or Disable Master Key for Device Group REST Service. |
Response Headers
| Header name |
Value and description |
| Status Code |
- 200 OK
- The request was successful. The response body contains the requested representation.
- 400 Bad Request
- The authentication information was not provided in the correct format.
- 401 Unauthorized
- The authentication credentials were missing or incorrect.
- 404 Not Found Error
- The processing of the request fails.
- 500 Internal Server Error
- The processing of the request fails because of an unexpected condition on the server.
|
| Content-Type |
application/json |
| Content-Language |
Locale for the response message. |
Success response body
JSON object with the following specification:
| JSON property name |
Description |
| Code |
Returns 0 when the request is successful. Otherwise,
returns 1. |
| Status |
Returns the status message to indicate whether the request is successful or
not. |
| message_id |
Returns the success or error message ID. |
Error Response Body
JSON object with the following specification.
| JSON property name |
Description |
| code |
Returns the application error code. |
| message |
Returns a message that describes the error. |
Examples
- Service request to enforce master key refresh for all the device groups
POST https://localhost:port/SKLM/rest/v1/ckms/deviceGroupMasterKey/rotate
{"force" : "true"}
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth userAuthId=4259b494-9cb2-4414-87b4-9a17b9f916c7
Accept-Language : en
- Success response
{"code":"1","status":"CTGKM3300I
Successfully rotated device group master key on 0 device groups.","messageId":"CTGKM3300I"}
- Error response
{"code":"CTGKM0630E","message":"CTGKM0630E Validation error: falsee for parameter force."}