REST API reference
Add primary key servers to an external key manager
Suggest changes
-
PDF of this doc site
Collection of separate PDF docs
Creating your file...
POST /security/key-managers/{uuid}/key-servers
Introduced In: 9.6
Adds primary key servers to a configured external key manager.
Required properties
-
uuid- UUID of the external key manager. -
server- Primary Key server name.
Related ONTAP commands
-
security key-manager external add-servers
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
uuid |
string |
path |
True |
External key manager UUID |
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
Request Body
| Name | Type | Description |
|---|---|---|
_links |
||
password |
string |
Password credentials for connecting with the key server. This is not audited. |
records |
array[records] |
An array of key servers specified to add multiple key servers to a key manager in a single API call. Valid in POST only and not valid if |
secondary_key_servers |
array[string] |
A list of the secondary key servers associated with the primary key server. |
server |
string |
External key server for key management. If no port is provided, a default port of 5696 is used. Not valid in POST if |
timeout |
integer |
I/O timeout in seconds for communicating with the key server. |
username |
string |
KMIP username credentials for connecting with the key server. |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"password": "password",
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"password": "password",
"server": "bulkkeyserver.com:5698",
"timeout": 60,
"username": "username"
}
],
"secondary_key_servers": [
"secondary1.com",
"10.1.2.3"
],
"server": "keyserver1.com:5698",
"timeout": 60,
"username": "username"
}Response
Status: 201, Created| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[key_server] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"password": "password",
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"password": "password",
"server": "bulkkeyserver.com:5698",
"timeout": 60,
"username": "username"
}
],
"secondary_key_servers": [
"secondary1.com",
"10.1.2.3"
],
"server": "keyserver1.com:5698",
"timeout": 60,
"username": "username"
}
]
}Error
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
65536038 |
A maximum of 4 active primary key servers are allowed. |
65536042 |
Cannot add key server because it is already a secondary key server. |
65536600 |
Cannot add a key server while a node is out quorum. |
65536821 |
The certificate is not installed. |
65536822 |
Multitenant key management is not supported in the current cluster version. |
65536824 |
Multitenant key management is not supported in MetroCluster configurations. |
65536828 |
External key management is not enabled for the SVM. |
65536834 |
Failed to get existing key-server details for the SVM. |
65536852 |
Failed to query supported KMIP protocol versions. |
65536870 |
Key management servers are already configured. |
65536871 |
Duplicate key management servers exist. |
65536921 |
The following issues were found. Unable to execute command on KMIP server. |
66060338 |
Unable to establish secure connection to KMIP server due to incorrect server_ca certificates. |
66060339 |
Unable to establish secure connection to KMIP server due to incorrect client certificates. |
66060340 |
Unable to establish secure connection to KMIP server due to Cryptsoft error. |
| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
self |
records
| Name | Type | Description |
|---|---|---|
_links |
||
password |
string |
Password credentials for connecting with the key server. This is not audited. |
server |
string |
External key server for key management. If no port is provided, a default port of 5696 is used. Not valid in POST if |
timeout |
integer |
I/O timeout in seconds for communicating with the key server. |
username |
string |
KMIP username credentials for connecting with the key server. |
key_server
| Name | Type | Description |
|---|---|---|
_links |
||
password |
string |
Password credentials for connecting with the key server. This is not audited. |
records |
array[records] |
An array of key servers specified to add multiple key servers to a key manager in a single API call. Valid in POST only and not valid if |
secondary_key_servers |
array[string] |
A list of the secondary key servers associated with the primary key server. |
server |
string |
External key server for key management. If no port is provided, a default port of 5696 is used. Not valid in POST if |
timeout |
integer |
I/O timeout in seconds for communicating with the key server. |
username |
string |
KMIP username credentials for connecting with the key server. |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |