Enable or Disable Master Key for Device Group REST Service
Use Enable or Disable Master Key for Device Group REST Service to enable or disable the master key for a device group. Only an IBM® Security Guardium® Key Lifecycle Manager administrator can perform this operation.
- Operation
POST
- URL
- https://host:port/SKLM/rest/v1/ckms/deviceGroupMasterKey/{deviceGroupName}
By default, Guardium Key Lifecycle Manager server
listens to non-secure port 9080 (HTTP) and secure port 9443
(HTTPS) for communication. During IBM Security Guardium Key Lifecycle Manager
installation, you can modify these default ports.
Note: The non-secure port 9080 is not applicable
when IBM Security Guardium Key Lifecycle Manager is deployed in a containerized
environment.
Request
Request Headers
Header name | Value |
---|---|
Content-Type | application/json |
Accept | application/json |
Authorization | SKLMAuth userAuthId=<authIdValue> |
Accept-Language | Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example: en or de |
Request body
JSON object with the following specification:
JSON property | Description |
---|---|
rotationPeriod | Optional. Specify the rotation period in number of days. The value must be a positive
integer. This value defines the next due date of rotation of master key for the specified device group. If you do not want the key to expire, specify the value as 0. |
algorithm | Optional. Specify the algorithm with which the master key is to be created for the device group. The supported algorithm is AES. |
keySize | Optional. Specify the size of the master key. The supported key sizes are 128-bit and 256-bit. |
enable | Specify true if you want to enable the master key for the device group. Else, specify false. |
Response
Response Headers
Header name | Value and description |
---|---|
Status Code |
|
Content-Type | application/json |
Content-Language | Locale for the response message. |
Success response body
JSON object with the following specification:
JSON property name | Description |
---|---|
Code | Returns 0 when the request is successful. Otherwise, returns 1. |
Status | Returns the status message to indicate whether the request is successful or not. |
message_id | Returns the success or error message ID. |
Error Response Body
JSON object with the following specification.
JSON property name | Description |
---|---|
code | Returns the application error code. |
message | Returns a message that describes the error. |
Examples
- Service request to enable the master key for device group GPFS
POST https://localhost:port/SKLM/rest/v1/ckms/deviceGroupMasterKey/GPFS {"enable" : "true","rotationPeriod" : "0","algorithm" : "AES","keySize" : "128"} Content-Type: application/json Accept : application/json Authorization: SKLMAuth userAuthId=4259b494-9cb2-4414-87b4-9a17b9f916c7 Accept-Language : en
- Success response
{"code":"0","status":"CTGKM3302I Successfully enabled device group master key for device group GPFS.","messageId":"CTGKM3302I"}
- Service request to disable the master key for device group GPFS
POST https://localhost:port/SKLM/rest/v1/ckms/deviceGroupMasterKey/GPFS {"enable" : "false"} Content-Type: application/json Accept : application/json Authorization: SKLMAuth userAuthId=4259b494-9cb2-4414-87b4-9a17b9f916c7 Accept-Language : en
- Success response
{"code":"0","status":"CTGKM3303I Successfully disabled device group master key for device group GPFS.","messageId":"CTGKM3303I"}
- Error response
{"code":"CTGKM1539E","message":"CTGKM1539E Algorithm DES not supported."}