REST API reference
Retrieve AKVs configured for all clusters and SVMs
Suggest changes
PDFs
GET /security/azure-key-vaults
Introduced In: 9.8
Retrieves AKVs configured for all clusters and SVMs.
Related ONTAP commands
-
security key-manager external azure show -
security key-manager external azure check
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
verify_host |
boolean |
query |
False |
Filter by verify_host
|
enabled |
boolean |
query |
False |
Filter by enabled
|
client_id |
string |
query |
False |
Filter by client_id |
configuration.name |
string |
query |
False |
Filter by configuration.name
|
configuration.uuid |
string |
query |
False |
Filter by configuration.uuid
|
tenant_id |
string |
query |
False |
Filter by tenant_id |
svm.uuid |
string |
query |
False |
Filter by svm.uuid |
svm.name |
string |
query |
False |
Filter by svm.name |
ekmip_reachability.message |
string |
query |
False |
Filter by ekmip_reachability.message |
ekmip_reachability.node.name |
string |
query |
False |
Filter by ekmip_reachability.node.name |
ekmip_reachability.node.uuid |
string |
query |
False |
Filter by ekmip_reachability.node.uuid |
ekmip_reachability.reachable |
boolean |
query |
False |
Filter by ekmip_reachability.reachable |
ekmip_reachability.code |
string |
query |
False |
Filter by ekmip_reachability.code |
vault_host |
string |
query |
False |
Filter by vault_host
|
state.code |
string |
query |
False |
Filter by state.code |
state.available |
boolean |
query |
False |
Filter by state.available |
state.message |
string |
query |
False |
Filter by state.message |
uuid |
string |
query |
False |
Filter by uuid |
proxy_port |
integer |
query |
False |
Filter by proxy_port |
proxy_username |
string |
query |
False |
Filter by proxy_username |
proxy_type |
string |
query |
False |
Filter by proxy_type |
proxy_host |
string |
query |
False |
Filter by proxy_host |
authentication_method |
string |
query |
False |
Filter by authentication_method
|
azure_reachability.code |
string |
query |
False |
Filter by azure_reachability.code |
azure_reachability.reachable |
boolean |
query |
False |
Filter by azure_reachability.reachable |
azure_reachability.message |
string |
query |
False |
Filter by azure_reachability.message |
scope |
string |
query |
False |
Filter by scope |
verify_ip |
boolean |
query |
False |
Filter by verify_ip
|
key_id |
string |
query |
False |
Filter by key_id |
port |
integer |
query |
False |
Filter by port
|
oauth_host |
string |
query |
False |
Filter by oauth_host
|
name |
string |
query |
False |
Filter by name |
fields |
array[string] |
query |
False |
Specify the fields to return. |
max_records |
integer |
query |
False |
Limit the number of records returned. |
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.
|
return_records |
boolean |
query |
False |
The default is true for GET calls. When set to false, only the number of records is returned.
|
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
Response
Status: 200, Ok| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[azure_key_vault] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"num_records": 1,
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"authentication_method": "client_secret",
"azure_reachability": {
"code": "346758",
"message": "AKV service is not reachable from all nodes - reason."
},
"client_certificate": "MIIQKQIBAzCCD+8GCSqGSIb3DQEHAaCCD+AEgg/cMIIP2DCCBg8GCSqGSIb3DQEHBqCCBgAwggX8AgEAMIIF9QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIWkY7ojViJDYCAggAgIIFyJPjIfmM6yTCKVw5ep2oZLwwvRca8pKhISVjw+WjWngh/f6Py/Ty0CwCjDFUZPsUUdSmk78E7SAz0CpQyBwmUuFJQShjZjftHLKRWld3O4sJKB8DzH9Yw1C7En94cyJ1rT4WYoVFmeJcmOXx6h+NFHc7njtXVsKwxc5BF88K3+3kHdV3WyVdXoeXe7yY/+EjFfjtBryp8ljuielX/NFlh5kowhoj+yxnO0c1/0OI1iV3mTIOTXD8qrZVp9ZhAxSTRBd5uDyWMfppqxW2L+9vCUU+ZgmRxtU3VsRLOp/T140OP7Sn1Ch2OE0bIrbYYtcpi04QcUtfEJBMlbbTbJPHDAtiO2KIQKviZL4QMZgho9NNgL4MUpIbNSzDCbuIC+nNMXfgfs0nPZewY+b43H/tMmnZ8Q4kiCFwrUqbFbflBiPMOaJsS0eQaJhDmzM90QEgbesHWgPreAcfMUcN1+BaqHFLHUxLXDxQix6zYiCAtDX6/EKlirRh1TFpmFX2PBd+X6uODhmwm4ub9RKj3In8t5qgtN4q/mTBXjAVDAbTIIEgobBRaXGSSXCBc9W/jRed0DRZD9Bm8T/nV39sZNducwZa5ojYTX8fFMA0cfY6IFivXHjB00coHEEGdgCfC0G8vACqLbb+2NuhMJPtR7Ig50iAPUMc670Z5ItOTQhyYOZ/KagOtvV8sKPCzeAkcMoHlsml89V79zt1fCJQTVWnaGiMj5Orcbskk6vCxhDGeU6q1kgvXJKXOYRF8/wIpv8Y7/rEpnGwE/I0ZOXzdIDHXqA53B1zyOVem25ezWCD+kpoH89XJssYlNjIMJhjVRED61w/DbSXg2yFu/v3ckGapVvTuyAiz5hWUNfl3ptda6GoekKnLqtL4G/RGXCnebLbXg838dlTGBznoCwGTVxXDeVYafz8AjI10qYtTMcbN56ya9kK7IHSkrnFX24xQRQOfmD0Vob71pjdz8r1aXKvD/1X2TkYJHoeEHq0nWpU8vwDG/xhv4YgKJGN9qsEZgiTXETUh5gak8e1tGNkP+fum+1OqlO5oS+SwNa5/eB8eFeJl2Oi48Xi5UapaTRHPFp6kZfPXOu9cEjhILowRIi6glg7FUbmoJcu5OvDIyP9JlyQklw2VtgNlm1QOIvzRenXmy18XnP50NTxx2cIwby8tIcdSn2C2qhj8Gk7q8oxVZGiBgtz4BwyzyKkypwm60BBRrHpAKLw6JM5RISeZnYQfIsId0tGgb61go0RJf0sFtbuvZcSvLI+2Onj8KH1TlmMR4dbuCWE9Ym4sVRmD1D6/f6BoNH0DRg7TJkEFbOadJsNPGzHbKteLdaSMGTNUZ3hEDQeomakQMfvCgypbOLxrTTqfbenHRtN+iFNYW0zCUW6EJoAXp+lqFnwQL52Il2QxwZikE01P2k0GharzAJkXnNaFGnmHIIP6wJrCCSDZwDmr7GI2R5evDlRi17QUg2sulxQV0U8zezzwIUgEe/Whf0ngGJv/QcsL2jyri/tSQbUWs4g+yep4SlE3iddhfqSJzI2iKdAE+HLiHGVO1z70fGEsO6dPLnmh4eoWidgZi9N/SoBy1aT0JpIQ6z6N5ImPfDWu9Y6TWXUg1iyOIXGsxIQVIgUNoB5Ru/ApDxpYpFLk0fH9k9OnEWK5Im33puOQKLno1uwrOmdbG8+x1EY8wc9FvkHGH0Zh4HydiCVUcYSdiGWUxVmgm4OgyiYzcpB+Ar2dzikGc4pBg8fa1a1HN5Q3TK3w4h/HeOUlmA4vWOYuVO1H93ILGP6PWfkug+1Tam6+8yD0W5meiZ0UIZR8TF/9gDb4+4wTFnPwgfTrggEauA8tt8uJtiyBCrYexgZTXIZGTUj/86KXQaJKCreRr/kqwJOWqkNW4CGUVzw7LiI+sArOZqUp/TsxnbNC73XCMNlPsnByb2zCeK13V26Crl84U9sDuqQTJRaIse01MN9AAjpa2QWEwggnBBgkqhkiG9w0BBwGgggmyBIIJrjCCCaowggmmBgsqhkiG9w0BDAoBAqCCCW4wgglqMBwGCiqGSIb3DQEMAQMwDgQIEjm88b1+pnkCAggABIIJSDD3P+vnllSo1mQvmYgZVfV37T3KpurJvMxQScPvalWiF7Q1Iwasf/+N0hKKNr2j/aGZLunLkaG6mLPeBP2l2LCwnUxDu5kYffVVE90WX/bXewbYQribwFNkNhUrSgen8BfhnRlvDrzbBLoHIvDrUFszSVBCYh31Vwgu8p9SjC8K/XlumcLdjSFko85XpoK23euhowjWH+X0kRoYGzorcdNE8z03BKvfR61W2XWzTSaWQ6eZHGs6Urnx5Fe/w50U9tMIi3BCCCqgapUHVdmHqKkmWLikX8LssUcN30JVekM2aJ9v4YO6CoegKAMVDs0tVSOv3KbGC3GNX6lgHu4y1LOZPlPLfPXb0wDHqavlxK3zpHl8sIRzuX3HXSdEdenHYAkSV/IQZ89h+CZUkf0nu/og8eoA8ATDA5g7fj3HXpQ6cYdrUBaHc7ruxHOiWR0GcT4XK4TTz7zZTO1wWPViprUo6ayw0dYZSG22MeDA027YirM044Ifosn9CsqnNLZoOWvA2ao4ippDoBRqv5Hv6n0I3fOAys5nPq3jJtKQ5neqUYo0MrAkoKHo0h6zn0BfvisyB88aM9N0mPD76ykbAERq7151biKbA2tk8bb9dy/sJmk2ojM/D/W1YtrNL4iM6azL2kVN5eiChxCof33/RuRpXfGR8YNeJTl7bq42wL70QKDBRoG1TPcLqdVqz74oshlRspfqvZsbsUatbASBt2T0YG4zfgfGh7sb2ezyougVvzdp77wAJ6n39dc/ZLDdYDzFkQb07984y8LlhIM1AcwFcMh43gWp6A8CJ02l74ednirSqSVOPZ7K9dRw6Y0X8MB4/WGzEcvFeHYIGLBcXi1sBY5wjWnbeuh1wLiSkMDQRB6oGOvF7bJsilkx5PwgWbbqw8KUSuU01skbMAa5T8Hkm4OiSTf2a78E0zIKLGZg7yu9FDIItWYWOkG96MXEBAdOuH+wWYmaEexh51ONrfFwKDuDMZh7MO20TTEQU8oQdjRRoAofXvTcj22GSMTY6XleskZX2ZKxSQdD1tCtkjGRKHSTYza3zLHbBiJTIJw4z6sw9FyTTApg66UAkNtiMa1r9nqTTNaxRWEXMEQVRLzAL2F9aqjgW65xrbYXu/J9Y/SYTcYbX2SRA/JkQ+Y8F68KOoS1pvK1p5/FcEDvprTNDS4lf+aj3HNWuK5wOsrpBhMlb2IfluK/9QwPh9IC/RhHRfimyTPRXAf73cehNdp8DpKwLm+jr30vazFwICpvSbi6Etb6GXfPkKaX7ztpQBqG92m2/0g3LWfPti1zwrPHPBz8y1qQMU268Doo8YvWtI4KGaDAFb6XQhR6t6mqoq/3IP6/g//PZVEnSyUVsPLDJlLF9fiOwTbMZnaiscKv8SGEs//B9JkKrdsRrQRZcnnPjJnJLILblRVAZGuXpSKSYVPzYmOjUx3sSeLSiPoSOcqRIJ0X3s4ED092W3tR4ZXK3fnkFyrIVtRJsB3k/2smiQ6Pc1VuKHh1yTzYjXKRQcDaY3EDP9IWFtjiUfZQoZcijMWt6YXim23m2aN2Ed8qIedikR6OjFHE4Kus/2yegTszSs5CrM7NamKWzeIeNNth/cTcmTGDumsGNTBAsHHSq1KYpqLi4GKLHzU7WNCQRdAcIDEvMZH/CH1mZK7bzb9z038rPf/D5WZrcK1ttd5BjTJjj7GerS0xLkvYIklAJqurjMdWYmQtT4JAHF90/zRKqFFVpSiW074bRQ+PfaLI5C+TwoX5lYD+R91A0qyGKIkFITa8hZFY+Up+rSuREqnpAvdAVL9/gLPF6I+5+D+sVBsGRbw2rFVRbCHdwaTQcAVPeJJy0f/+sOs/PXoejr3siORpf8iLLYOaziGYf1EtunFcCLj8PEOznaUyouJ+lm9YKPBSLULC/sVVy6XUArYfJfq0Ag31YXpJeWPbORxVP/VCm8d/sNjWTQXGN/IjNZaZuliXNgq5nRkPBKwF23ZUYG4pLGpGROLup9nLSgEbpiDmN1Gq/IHSfI/8HpG/yRAoCdqUdre3yL/f9caj8RBBHRYbbfRxtyQ9u2vsrqo1oZ7F+Mu+kjuc9BxCMvJ7JaKwvQJckAkzTo6t10t6MzwiqJ7Au+2oOJ2Ukb/985+TFGS219fmqWfwisOfpuvSkjRj8vIDBBm9itKIS+pVpfz+Mg7kl3WmkUrgF3yjTH5/C51uaSzK2KeEVoWPx/Ps2CX7ATo6AsETp8Na38dT6d+Dm4WM4sBieKt/yOEFhiBNkgpVKAqawKRvLW3U73OIKC8VLFhhnU+ogGxcUq5mZXvMbNDIaU2LvtmtPPo/qL0bOYu76TKc1ZX0R6AXkeImQgRPsdeXPPANtW3la585oZbYxUXRfEIeKmkcv3eSGnPCVesbxxd1SaIJe2j7H9MbHdjYkeFQuECnUhKxg63BVPl/qAEIO5+OKBzM7ctuP8apeGW1iHAueKzJXc5IeFS/3iwkfDLRkrgzBeNIL0IINo3CoGSvn95Z8+LhNSopyqt3uB4rQksUYIwXgkfrEVYujCO0T5dSkk5j10X7WlDm4DHZVLJH+GtL6v9A6xFJNDQfQF0hS+wlXkTkMq7pUiX+Qohf8QRJZEyU5VWo2CesR63j1MFpkB3xybpbjt8oI47XC20GEn3uCjwMwq/3K4ibHnqi16pPPRgI/u3R9TVfvOC2e0xgllrFG6cKUfogUaXoxHqP1KKjUw23bpd9L09LzSDdSHcoDPokWzDee0ZP/Z6VH3rdjQR71kw4VBeT8nKfLP2dGBd0tpWDQhCFK7I9axxxthnv0v09x/J7jhyoLRt5e8lMEfrqtnMWdqjFgYVEQndthZ+9/XvfNk6f5MD8fDheMuvbNThduFSZEcZCLlW4GWKneVji4wdBrV3aCrzAzxy0H7y7nnkyCEvac503UDtr1bk1VJIVsYfYrN2S2DPbp3H2E8r/n6jfBilwFyp3JTJvnRqQTcYHXDieW8Njq46JO6O6wsPwKQTKMfHGxxTRJdRe5yvJD54xvFWw1YEJ/Q2c8cr1NNXEN32e5psfIJ7o48k6bsiyXnbHKSjK781Z5h8Hc3FbUF2U2p5JqLwcD7+bknEunsbWSC37iMk7oweF3hMhKRMm9iYJ8tpxMRcWCOt7ador+Y2fYWBsu/bwXwcRI08TElMCMGCSqGSIb3DQEJFTEWBBRymjnjEbJmrRwh4sRnwudfSQP6KDAxMCEwCQYFKw4DAhoFAAQU+YFhgKEYjfXN/cL70yRrJSHFgUwECHeCTQnUEU0BAgIIAA==",
"client_id": "aaaaaaaa-bbbb-aaaa-bbbb-aaaaaaaaaaaa",
"client_secret": "abcdef",
"configuration": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "default",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563434"
},
"ekmip_reachability": [
{
"code": "346758",
"message": "embedded KMIP server status unavailable on node.",
"node": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "node1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
}
}
],
"key_id": "https://keyvault1.vault.azure.net/keys/key1/12345678901234567890123456789012",
"name": "https://kmip-akv-keyvault.vault.azure.net/",
"oauth_host": "login.microsoftonline.com",
"port": 443,
"proxy_host": "proxy.eng.com",
"proxy_password": "proxypassword",
"proxy_port": 1234,
"proxy_type": "http",
"proxy_username": "proxyuser",
"scope": "string",
"state": {
"code": "346758",
"message": "Top-level internal key protection key (KEK) is unavailable on the following nodes with the associated reasons: Node: node1. Reason: No volumes created yet for the SVM. Wrapped KEK status will be available after creating encrypted volumes."
},
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"tenant_id": "zzzzzzzz-yyyy-zzzz-yyyy-zzzzzzzzzzzz",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412",
"vault_host": "vault.azure.net",
"verify_host": "",
"verify_ip": ""
}
]
}Error
Status: Default, Error| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
_links
| Name | Type | Description |
|---|---|---|
self |
azure_reachability
Indicates whether or not the AKV service is reachable from all the nodes in the cluster.
This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.
| Name | Type | Description |
|---|---|---|
code |
string |
Code corresponding to the status message. Returns a 0 if AKV service is reachable from all nodes in the cluster. |
message |
string |
Error message set when reachability is false. |
reachable |
boolean |
Set to true when the AKV service is reachable from all nodes of the cluster. |
configuration
Security keystore object reference.
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
Name of the configuration. |
uuid |
string |
Keystore UUID. |
node
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
|
uuid |
string |
ekmip_reachability
Provides the connectivity status for the given SVM on the given node to all EKMIP servers configured on all nodes of the cluster.
This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.
| Name | Type | Description |
|---|---|---|
code |
string |
Code corresponding to the error message. Returns a 0 if a given SVM is able to communicate to the EKMIP servers of all of the nodes in the cluster. |
message |
string |
Error message set when cluster-wide EKMIP server availability from the given SVM and node is false. |
node |
||
reachable |
boolean |
Set to true if the given SVM on the given node is able to communicate to all EKMIP servers configured on all nodes in the cluster. |
state
Indicates whether or not the AKV wrapped internal key is available cluster wide.
This is an advanced property; there is an added computationl cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.
| Name | Type | Description |
|---|---|---|
available |
boolean |
Set to true when an AKV wrapped internal key is present on all nodes of the cluster. |
code |
string |
Code corresponding to the status message. Returns a 0 if AKV wrapped key is available on all nodes in the cluster. |
message |
string |
Error message set when top-level internal key protection key (KEK) availability on cluster is false. |
svm
SVM, applies only to SVM-scoped objects.
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
The name of the SVM. This field cannot be specified in a PATCH method. |
uuid |
string |
The unique identifier of the SVM. This field cannot be specified in a PATCH method. |
azure_key_vault
| Name | Type | Description |
|---|---|---|
_links |
||
authentication_method |
string |
Authentication method for the AKV instance. |
azure_reachability |
Indicates whether or not the AKV service is reachable from all the nodes in the cluster.
This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the |
|
client_certificate |
string |
PKCS12 Certificate used by the application to prove its identity to AKV. |
client_id |
string |
Application client ID of the deployed Azure application with appropriate access to an AKV. |
client_secret |
string |
Secret used by the application to prove its identity to AKV. |
configuration |
Security keystore object reference. |
|
ekmip_reachability |
array[ekmip_reachability] |
|
enabled |
boolean |
Indicates whether the configuration is enabled. |
key_id |
string |
Key Identifier of AKV key encryption key. |
name |
string |
Name of the deployed AKV that will be used by ONTAP for storing keys.
|
oauth_host |
string |
Open authorization server host name. |
port |
integer |
Authorization server and vault port number. |
proxy_host |
string |
Proxy host. |
proxy_password |
string |
Proxy password. Password is not audited. |
proxy_port |
integer |
Proxy port. |
proxy_type |
string |
Type of proxy. |
proxy_username |
string |
Proxy username. |
scope |
string |
Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster". |
state |
Indicates whether or not the AKV wrapped internal key is available cluster wide.
This is an advanced property; there is an added computationl cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the |
|
svm |
SVM, applies only to SVM-scoped objects. |
|
tenant_id |
string |
Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV. |
uuid |
string |
A unique identifier for the Azure Key Vault (AKV). |
vault_host |
string |
AKV host subdomain. |
verify_host |
boolean |
Verify the identity of the AKV host name. |
verify_ip |
boolean |
Verify the identity of the AKV IP address. |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |