Enable or Disable Master Key for Device Group REST Service

Use Enable or Disable Master Key for Device Group REST Service to enable or disable the master key for a device group. Only an IBM® Security Guardium® Key Lifecycle Manager administrator can perform this operation.

Operation: POST
URL: https://host:port/SKLM/rest/v1/ckms/deviceGroupMasterKey/{deviceGroupName}

By default, Guardium Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secure port 9443 (HTTPS) for communication. During IBM Security Guardium Key Lifecycle Manager installation, you can modify these default ports.

Note: The non-secure port 9080 is not applicable when IBM Security Guardium Key Lifecycle Manager is deployed in a containerized environment.

Request

Request Headers

Header name	Value
Content-Type	`application/json`
Accept	`application/json`
Authorization	`SKLMAuth userAuthId=<authIdValue>`
Accept-Language	Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example: `en` or `de`

Request body

JSON object with the following specification:

JSON property	Description
rotationPeriod	Optional. Specify the rotation period in number of days. The value must be a positive integer. This value defines the next due date of rotation of master key for the specified device group. If you do not want the key to expire, specify the value as `0`.
algorithm	Optional. Specify the algorithm with which the master key is to be created for the device group. The supported algorithm is AES.
keySize	Optional. Specify the size of the master key. The supported key sizes are 128-bit and 256-bit.
enable	Specify `true` if you want to enable the master key for the device group. Else, specify `false`.

Response

Response Headers

Header name	Value and description
Status Code	200 OK The request was successful. The response body contains the requested representation. 400® Bad Request The authentication information was not provided in the correct format. 401 Unauthorized The authentication credentials were missing or incorrect. 404 Not Found Error The processing of the request fails. 500 Internal Server Error The processing of the request fails because of an unexpected condition on the server.
Content-Type	`application/json`
Content-Language	Locale for the response message.

Success response body

JSON object with the following specification:

JSON property name	Description
Code	Returns `0` when the request is successful. Otherwise, returns `1`.
Status	Returns the status message to indicate whether the request is successful or not.
message_id	Returns the success or error message ID.

Error Response Body

JSON object with the following specification.

JSON property name	Description
code	Returns the application error code.
message	Returns a message that describes the error.

Examples

Service request to enable the master key for device group GPFS

POST https://localhost:port/SKLM/rest/v1/ckms/deviceGroupMasterKey/GPFS 
{"enable" : "true","rotationPeriod" : "0","algorithm" : "AES","keySize" : "128"} 
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth userAuthId=4259b494-9cb2-4414-87b4-9a17b9f916c7
Accept-Language : en

Success response

{"code":"0","status":"CTGKM3302I 
Successfully enabled device group master key for device group GPFS.","messageId":"CTGKM3302I"}

Service request to disable the master key for device group GPFS

POST https://localhost:port/SKLM/rest/v1/ckms/deviceGroupMasterKey/GPFS 
{"enable" : "false"} 
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth userAuthId=4259b494-9cb2-4414-87b4-9a17b9f916c7
Accept-Language : en

Success response

{"code":"0","status":"CTGKM3303I 
Successfully disabled device group master key for device group GPFS.","messageId":"CTGKM3303I"}

Error response

{"code":"CTGKM1539E","message":"CTGKM1539E Algorithm DES not supported."}