KMIP Secret Data List REST Service

Use KMIP Secret Data List REST Service to obtain the list of KMIP secret data objects. For example, you might list the secret data that is registered by the client.

Operation: GET
URL: https://host:port/SKLM/rest/v1/secretData

By default, Guardium® Key Lifecycle Manager server listens to non-secure port 9080 (HTTP) and secure port 9443 (HTTPS) for communication. During IBM® Security Guardium Key Lifecycle Manager installation, you can modify these default ports.

Note: The non-secure port 9080 is not applicable when IBM Security Guardium Key Lifecycle Manager is deployed in a containerized environment.

Request

Request Parameters

Parameter	Description
host	Specify the IP address or host name of the IBM Security Guardium Key Lifecycle Manager server.
port	Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests.

Request Headers

Header name	Value
Content-Type	`application/json`
Accept	`application/json`
Authorization	`SKLMAuth userAuthId=<authIdValue>`
Accept-Language	Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example: `en` or `de`

Response

Response Headers

Header name	Value and description
Status Code	200 OK The request was successful. The response body contains the requested representation. 400® Bad Request The authentication information was not provided in the correct format. 401 Unauthorized The authentication credentials were missing or incorrect. 404 Not Found Error The processing of the request fails. 500 Internal Server Error The processing of the request fails because of an unexpected condition on the server.
Content-Type	`application/json`
Content-Language	Locale for the response message.

Success response body

JSON object with the following specification:

JSON property name	Description
Unique Identifier	Returns the unique ID of the secret data object.
Cryptographic Length	Returns the cryptographic length of the secret data object.
Operation Policy Name	Identifies operation policy that controls the key management operations on the secret data object.
Activation Date	Returns the secret data object activation date.
Deactivation Date	Identifies the date on which the secret data object is deactivated.
Contact Information	Represents the contact information.
Revocation Reason	Indicates the reason for revoking the managed secret data object. For example, `compromised`, `expired`, or `no longer used`
Name	Returns the name that identifies and locates the secret data object.
Cryptographic Parameters	Returns the parameters for cryptographic operations.
Object Group	Returns the group that contains the secret data object.
Link	Identifies the target managed secret data object by its unique identifier.
Digest	Contains the digest value of the key or secret data.
Application Specific Information	Stores information specific to the application that uses managed secret data object.
Custom Attributes	Returns the vendor defined custom attributes.
Type	Returns the secret data. For example. PASSWORD.
Archive Date	Returns the secret data archived date.
Initial Date	Returns the initial date and time of the initialization of the managed secret data object.
Last Changed Date	Returns the date and time of the last change to the contents or attributes of the managed secret data object.
Destroy Date	Returns the date and time when the managed secret data object was destroyed.
Compromise Occurrence Date	Returns the date and time of when the managed secret data object was first believed to be compromised.
Lease Time	Defines a time interval for a managed secret data object. After the lease time, the client cannot use the object without obtaining another lease.
State	Defines the state of the secret data object. For example, ACTIVE, PRE_ACTIVE.
Owner	Defines the thumb-print reference of the creator of the secret data object.

Error Response Body

JSON object with the following specification.

JSON property name	Description
code	Returns the application error code.
message	Returns a message that describes the error.

Example

Service request to obtain the list of secret data objects

GET https://localhost:port/SKLM/rest/v1/secretData
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
Accept-Language : en

Success response

Status Code : 200 OK
[
    {
        "Unique Identifier": "K_SEC_DATA-a29fba3-fd8327a2-74ba-43aa-bd3b-78a549a5295f",
        "Cryptographic Length": "",
        "Operation Policy Name": "",
        "Activation Date": "",
        "Deactivation Date": "",
        "Contact Information": "",
        "Revocation Reason": "",
        "Name": "",
        "Cryptographic Parameters": "",
        "Object Group": "",
        "Link": "",
        "Digest": "[[INDEX 0] [HASH SHA256] [VALUE xd4,xbc,x96,xe4,xb9,x23,x77,x0d,x75,x01,xe8,x9f,x89,xa8,xe6,xe4,xd8,x7b,xb6,x1f,x1d,x2a,x79,x39,xde,x77,x2a,x77,xa2,x21,xa4,xdb] [DIGESTED_KEY_FORMAT OPAQUE]]",
        "Application Specific Information": "",
        "Custom Attributes": "[[NAME x-ID] [[INDEX 0] [TYPE JAVA_STRING] [VALUE TC-315-12]]]",
        "Type": "PASSWORD",
        "Archive Date": "",
        "Initial Date": "12/13/18, 2:41:07 AM Eastern Standard Time",
        "Last Changed Date": "12/13/18, 2:41:07 AM Eastern Standard Time",
        "Destroy Date": "",
        "Compromise Occurence Date": "",
        "Compromise Date": "",
        "Lease Time": "",
        "State": "PRE_ACTIVE",
        "Owner": "THUMB=9oCiSdC8KC5dpi5kFo/pYuwHOs27VLmfXgUpkrncrGqH9JVqjHcAHWfuJzvaP9Tc8b0J7QPjcJhH\r\nATT6c3pw8A=="
    }
]

Error response

Status Code : 500 Internal Server Error
Content-Language: en
{
    "code": "CTGKM1100E",
    "message": "CTGKM1100E  Object (machinetype) with identifier MACHINE-d110f48-bd8659ef-3c90-4e74-8c2d-a398e1d1e72d cannot be found."
}