Skip to main content
A newer release of this product is available.

Retrieve information about security configured on the cluster

Contributors

GET /security

Introduced In: 9.7

Retrieves information about the security configured on the cluster.

  • security config show

Parameters

Name Type In Required Description

fields

array[string]

query

False

Specify the fields to return.

Response

Status: 200, Ok
Name Type Description

_links

_links

fips

fips

Cluster-wide Federal Information Processing Standards (FIPS) mode information.

management_protocols

management_protocols

Cluster-wide security protocols related information.

onboard_key_manager_configurable_status

onboard_key_manager_configurable_status

Indicates whether the Onboard Key Manager can be configured in the cluster.

software_data_encryption

software_data_encryption

Cluster-wide software data encryption related information.

tls

tls

Cluster-wide Transport Layer Security (TLS) configuration information

Example response
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "onboard_key_manager_configurable_status": {
    "code": 65537300,
    "message": "No platform support for volume encryption in following nodes - node1, node2."
  },
  "tls": {
    "cipher_suites": [
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
    ],
    "protocol_versions": [
      "string"
    ]
  }
}

Error

Status: Default, Error
Name Type Description

error

returned_error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

self

href

fips

Cluster-wide Federal Information Processing Standards (FIPS) mode information.

Name Type Description

enabled

boolean

Indicates whether or not the software FIPS mode is enabled on the cluster. Our FIPS compliance involves configuring the use of only approved algorithms in applicable contexts (for example TLS), as well as the use of formally validated cryptographic module software implementations, where applicable. The US government documents concerning FIPS 140-2 outline the relevant security policies in detail.

management_protocols

Cluster-wide security protocols related information.

Name Type Description

rsh_enabled

boolean

Indicates whether or not security protocol rsh is enabled on the cluster.

telnet_enabled

boolean

Indicates whether or not security protocol telnet is enabled on the cluster.

onboard_key_manager_configurable_status

Indicates whether the Onboard Key Manager can be configured in the cluster.

Name Type Description

code

integer

Code corresponding to the status message. Returns a 0 if the Onboard Key Manager can be configured in the cluster.

message

string

Reason that Onboard Key Manager cannot be configured in the cluster.

supported

boolean

Set to true if the Onboard Key Manager can be configured in the cluster.

software_data_encryption

Cluster-wide software data encryption related information.

Name Type Description

conversion_enabled

boolean

Indicates whether or not software encryption conversion is enabled on the cluster. A PATCH request initiates the conversion of all non-encrypted metadata volumes in the cluster to encrypted metadata volumes and all non-NAE aggregates to NAE aggregates. For the PATCH request to start, the cluster must have either an Onboard or an external key manager set up and the aggregates should either be empty or have only metadata volumes. No data volumes should be present in any of the aggregates in the cluster. For MetroCluster configurations, a PATCH request enables conversion on all the aggregates and metadata volumes of both local and remote clusters and is not allowed when the MetroCluster is in switchover state.

disabled_by_default

boolean

Indicates whether or not default software data at rest encryption is disabled on the cluster.

tls

Cluster-wide Transport Layer Security (TLS) configuration information

Name Type Description

cipher_suites

array[string]

Names a cipher suite that the system can select during TLS handshakes. A list of available options can be found on the Internet Assigned Number Authority (IANA) website.

protocol_versions

array[string]

Names a TLS protocol version that the system can select during TLS handshakes. The use of SSLv3 or TLSv1 is discouraged.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

returned_error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.