Skip to main content
REST API reference
A newer release of this product is available.

Retrieve AKVs configured for all clusters and SVMs

PDFs

GET /security/azure-key-vaults

Introduced In: 9.8

Retrieves AKVs configured for all clusters and SVMs.

  • security key-manager external azure show

  • security key-manager external azure check

Parameters

Name Type In Required Description

authentication_method

string

query

False

Filter by authentication_method

  • Introduced in: 9.10

scope

string

query

False

Filter by scope

svm.uuid

string

query

False

Filter by svm.uuid

svm.name

string

query

False

Filter by svm.name

proxy_port

integer

query

False

Filter by proxy_port

name

string

query

False

Filter by name

state.message

string

query

False

Filter by state.message

state.available

boolean

query

False

Filter by state.available

state.code

integer

query

False

Filter by state.code

key_id

string

query

False

Filter by key_id

client_id

string

query

False

Filter by client_id

proxy_type

string

query

False

Filter by proxy_type

uuid

string

query

False

Filter by uuid

proxy_username

string

query

False

Filter by proxy_username

azure_reachability.message

string

query

False

Filter by azure_reachability.message

azure_reachability.code

integer

query

False

Filter by azure_reachability.code

azure_reachability.reachable

boolean

query

False

Filter by azure_reachability.reachable

tenant_id

string

query

False

Filter by tenant_id

proxy_host

string

query

False

Filter by proxy_host

ekmip_reachability.message

string

query

False

Filter by ekmip_reachability.message

ekmip_reachability.code

integer

query

False

Filter by ekmip_reachability.code

ekmip_reachability.reachable

boolean

query

False

Filter by ekmip_reachability.reachable

ekmip_reachability.node.uuid

string

query

False

Filter by ekmip_reachability.node.uuid

ekmip_reachability.node.name

string

query

False

Filter by ekmip_reachability.node.name

fields

array[string]

query

False

Specify the fields to return.

max_records

integer

query

False

Limit the number of records returned.

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

  • Default value: 15

  • Max value: 120

  • Min value: 0

return_records

boolean

query

False

The default is true for GET calls. When set to false, only the number of records is returned.

  • Default value: 1

order_by

array[string]

query

False

Order results by specified fields and optional [asc

Response

Status: 200, Ok
Name Type Description

_links

_links

num_records

integer

Number of records

records

array[azure_key_vault]
Example response 
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "authentication_method": "client_secret",
      "azure_reachability": {
        "code": 346758,
        "message": "AKV service is not reachable from all nodes - reason."
      },
      "client_id": "aaaaaaaa-bbbb-aaaa-bbbb-aaaaaaaaaaaa",
      "ekmip_reachability": [
        {
          "code": 346758,
          "message": "embedded KMIP server status unavailable on node.",
          "node": {
            "_links": {
              "self": {
                "href": "/api/resourcelink"
              }
            },
            "name": "node1",
            "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
          }
        }
      ],
      "key_id": "https://keyvault1.vault.azure.net/keys/key1",
      "name": "https://kmip-akv-keyvault.vault.azure.net/",
      "proxy_host": "proxy.eng.com",
      "proxy_port": 1234,
      "proxy_type": "http",
      "proxy_username": "proxyuser",
      "scope": "string",
      "state": {
        "code": 346758,
        "message": "Top-level internal key protection key (KEK) is unavailable on the following nodes with the associated reasons: Node: node1. Reason: No volumes created yet for the SVM. Wrapped KEK status will be available after creating encrypted volumes."
      },
      "svm": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "svm1",
        "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
      },
      "tenant_id": "zzzzzzzz-yyyy-zzzz-yyyy-zzzzzzzzzzzz",
      "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
    }
  ]
}

Error

Status: Default, Error
Name Type Description

error

error
Example error 
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

_links

Name Type Description

next

href

self

href

_links

Name Type Description

self

href

azure_reachability

Indicates whether or not the AKV service is reachable from all the nodes in the cluster. This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

Name Type Description

code

integer

Code corresponding to the status message. Returns a 0 if AKV service is reachable from all nodes in the cluster.

message

string

Error message set when reachability is false.

reachable

boolean

Set to true when the AKV service is reachable from all nodes of the cluster.

node

Name Type Description

_links

_links

name

string

uuid

string

ekmip_reachability

Provides the connectivity status for the given SVM on the given node to all EKMIP servers configured on all nodes of the cluster. This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

Name Type Description

code

integer

Code corresponding to the error message. Returns a 0 if a given SVM is able to communicate to the EKMIP servers of all of the nodes in the cluster.

message

string

Error message set when cluster-wide EKMIP server availability from the given SVM and node is false.

node

node

reachable

boolean

Set to true if the given SVM on the given node is able to communicate to all EKMIP servers configured on all nodes in the cluster.

state

Indicates whether or not the AKV wrapped internal key is available cluster wide. This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

Name Type Description

available

boolean

Set to true when an AKV wrapped internal key is present on all nodes of the cluster.

code

integer

Code corresponding to the status message. Returns a 0 if AKV wrapped key is available on all nodes in the cluster.

message

string

Error message set when top-level internal key protection key (KEK) availability on cluster is false.

svm

Name Type Description

_links

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

azure_key_vault

Name Type Description

_links

_links

authentication_method

string

Authentication method for the AKV instance.

azure_reachability

azure_reachability

Indicates whether or not the AKV service is reachable from all the nodes in the cluster. This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

client_id

string

Application client ID of the deployed Azure application with appropriate access to an AKV.

ekmip_reachability

array[ekmip_reachability]

key_id

string

Key Identifier of AKV key encryption key.

name

string

Name of the deployed AKV that will be used by ONTAP for storing keys.

proxy_host

string

Proxy host.

proxy_port

integer

Proxy port.

proxy_type

string

Type of proxy.

proxy_username

string

Proxy username.

scope

string

Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".

state

state

Indicates whether or not the AKV wrapped internal key is available cluster wide. This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

svm

svm

tenant_id

string

Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV.

uuid

string

A unique identifier for the Azure Key Vault (AKV).

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.