tklmDeviceUpdate

Use the tklmDeviceUpdate command to update the attributes of a device in the IBM Security Key Lifecycle Manager database. If the attribute does not exist, it is added to the device entry.

Note: The IBM Security Key Lifecycle Manager command-line interface commands will be deprecated in the later versions of IBM Security Key Lifecycle Manager. Use the REST interfaces instead.

Purpose

Use this command to update the attributes of a device in the IBM Security Key Lifecycle Manager database. If the attribute does not exist, it is added to the device entry.

Permissions

Your role must have a permission to the modify action and a permission to the appropriate device group.

Syntax

tklmDeviceUpdate -type {LTO | 3592 | DS5000 | DS8000 | BRCD_ENCRYPTOR | ONESECURE | GENERIC | userdevicegroup} -uuid deviceID -attributes {attributevaluepair} {attributevaluepair}

Parameters

-uuid
Required. Specify the Universal Unique Identifier of the device. For example, DEVICE-74386920-148c-47b2-a1e2-d19194b315cf might be the value.
-type
Specify the device group.
LTO
Specifies the LTO device group.
3592
Specifies the 3592 device group.
DS5000
Specifies the DS5000 device group.
DS8000
Specifies the DS8000 device group.
BRCD_ENCRYPTOR
Specifies the BRCD_ENCRYPTOR device group that is in the LTO device family.
ONESECURE
Specifies the ONESECURE device group that is in the DS5000 device family.
GENERIC
Specifies a device family that uses the Key Management Interoperability Protocol to interact with IBM Security Key Lifecycle Manager. The GENERIC device group enables management of KMIP objects.

Do not use the command-line interface to add a device to the GENERIC device group, or to change a GENERIC device group attribute.

userdevicegroup
Specifies a user-defined group that is based on a supported device family.
-attributes
Specify one or more attribute-value pairs.
You can specify the following device attributes:
aliasOne
Specifies a default alias for a certificate that is used by a 3592 tape drive or a DS8000 Turbo drive. Not used for an LTO tape drive or DS5000 storage server.
  • 3592 tape drive

    The value is optional for a 3592 tape drive and specifies the primary certificate that the device in the 3592 device family uses if the primary certificate is not available. If this attribute is not specified, the partner default certificate is used, as specified by a table entry for the device group in the IBM Security Key Lifecycle Manager database.

  • DS8000 Turbo drive

    The value is optional for a DS8000 Turbo drive and matches the label Primary certificate for image in the graphical user interface panels for a DS8000 Turbo drive.

Use the tklmDeviceGroupAttributeList and tklmDeviceGroupAttributeUpdate commands to view and change the value. This value was previously stored in the obsolete configuration parameter drive.default.alias1.

aliasTwo
Used for a 3592 tape drive or a DS8000 Turbo drive. Not used for an LTO tape drive or DS5000 storage server.
  • 3592 tape drive

    This attribute specifies a default alternative alias for a 3592 tape drive. This value can be the same, or different from the value that is specified for the primary certificate.

    The value specifies the secondary certificate that the device in the 3592 device family uses if the primary certificate is not available. If this attribute is not specified, the partner default certificate is used, as specified by a table entry for the device group in the IBM Security Key Lifecycle Manager database.

  • DS8000 Turbo drive

    For a device in the DS8000 device family, the value specifies a secondary certificate that is available for use. For example, you might use this certificate to unlock a DS8000 Turbo drive in the case of a deadlock condition.

Use the tklmDeviceGroupAttributeList and tklmDeviceGroupAttributeUpdate commands to view and change the value. This value was previously stored in the obsolete configuration parameter drive.default.alias2.

description
Specifies more information that describes the type of drive or its purpose.
deviceText
Specifies unique text not greater than 96 bytes in length that describes a DS5000 storage server.
serialNumber
For a DS5000 storage server, specifies the serial number of drive. You can change the serial number of a DS5000 storage server to another serial number that is not currently in use.
symAlias
Specifies an alias that is used to identify an existing key or key group for an LTO tape drive that you create. The attribute is also used for DS5000 storage server to change or associate a new device key container. This value is stored in the IBM Security Key Lifecycle Manager database.
worldwideName
Specifies the name of a device, which is a nonsecure address that is used in combination with other device information, such as a serial number, to define devices and device paths. Specify a 16-character hexadecimal value that contains only the characters ABCDEFabcdef1234567890.

Examples

This Jython-formatted command updates the value of the aliasTwo attribute of a 3592 tape drive in the IBM Security Key Lifecycle Manager database.

print AdminTask.tklmDeviceUpdate 
	('[-uuid DEVICE-64c588ad-5ed8-4934-8c84-64cb9e11d990 
		-attributes "{aliasTwo myPartner99}"]')

This Jython-formatted command updates the value of the symAlias attribute of an LTO tape drive in the IBM Security Key Lifecycle Manager database.

print AdminTask.tklmDeviceUpdate 
	('[-uuid DEVICE-44b123ad-5ed8-4934-8c84-64cb9e11d990 
		-attributes "{symAlias LTOKey000001} {description myLTOdrive}"]')

This Jython-formatted command updates the value of the description attribute of a DS8000 Turbo drive in the IBM Security Key Lifecycle Manager database.

print AdminTask.tklmDeviceUpdate 
	('[-uuid DEVICE-15d499ad-3ad8-3333-8c84-64cb9e11d990 
		-attributes "{description myDevice}"]')