RekeySoftwareEncryptionAtRestMasterKey
You can use the RekeySoftwareEncryptionAtRestMasterKey
method to rekey the software encryption-at-rest master key used to encrypt DEKs (Data Encryption Keys). During cluster creation, software encryption at rest is configured to use Internal Key Management (IKM). This rekey method can be used after cluster creation to use either IKM or External Key Management (EKM).
Parameters
This method has the following input parameters. If the keyManagementType
parameter is not specified, the rekey operation is performed using the existing key management configuration. If the keyManagementType
is specified and the key provider is external, the keyProviderID
parameter must also be used.
Parameter | Description | Type | Optional |
---|---|---|---|
keyManagementType |
The type of key management used to manage the master key. Possible values are:
If this parameter is not specified, the rekey operation is performed using the existing key management configuration. |
string |
True |
keyProviderID |
The ID of the key provider to use. This is a unique value returned as part of one of the |
integer |
True |
Return values
This method has the following return values:
Parameter | Description | Type | Optional |
---|---|---|---|
asyncHandle |
Determine the status of the rekey operation using this |
integer |
False |
Request example
Requests for this method are similar to the following example:
{ "method": "rekeysoftwareencryptionatrestmasterkey", "params": { "keyManagementType": "external", "keyProviderID": "<ID number>" } }
Response example
This method returns a response similar to the following example:
{ "asyncHandle": 1 }