Add primary key servers to an external key manager
Suggest changes
PDFs
POST /security/key-managers/{uuid}/key-servers
Introduced In: 9.6
Adds primary key servers to a configured external key manager.
Required properties
-
uuid- UUID of the external key manager. -
server- Primary Key server name.
Related ONTAP commands
-
security key-manager external add-servers
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
uuid |
string |
path |
True |
External key manager UUID |
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
Request Body
| Name | Type | Description |
|---|---|---|
password |
string |
Password credentials for connecting with the key server. This is not audited. |
records |
array[records] |
An array of key servers specified to add multiple key servers to a key manager in a single API call. Valid in POST only and not valid if |
server |
string |
External key server for key management. If no port is provided, a default port of 5696 is used. Not valid in POST if |
Example request
{
"password": "password",
"records": [
{
"password": "password",
"server": "bulkkeyserver.com:5698"
}
],
"server": "keyserver1.com:5698"
}Response
Status: 201, Created| Name | Type | Description |
|---|---|---|
num_records |
integer |
Number of records |
records |
array[key_server] |
Example response
{
"num_records": 1,
"records": [
{
"password": "password",
"records": [
{
"password": "password",
"server": "bulkkeyserver.com:5698"
}
],
"server": "keyserver1.com:5698"
}
]
}Headers
| Name | Description | Type |
|---|---|---|
Location |
Useful for tracking the resource location |
string |
Error
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
65536038 |
A maximum of 4 active primary key servers are allowed. |
65536042 |
Cannot add key server because it is already a secondary key server. |
65536600 |
Cannot add a key server while a node is out quorum. |
65536821 |
The certificate is not installed. |
65536824 |
Multitenant key management is not supported in MetroCluster configurations. |
65536828 |
External key management is not enabled for the SVM. |
65536834 |
Failed to get existing key-server details for the SVM. |
65536852 |
Failed to query supported KMIP protocol versions. |
65536870 |
Key management servers are already configured. |
65536870 |
The key management servers already exist. |
65536871 |
Duplicate key management servers exist. |
65536921 |
The following issues were found. Unable to execute command on KMIP server. |
66060338 |
Unable to establish secure connection to KMIP server due to incorrect server_ca certificates. |
66060339 |
Unable to establish secure connection to KMIP server due to incorrect client certificates. |
66060340 |
Unable to establish secure connection to KMIP server due to Cryptsoft error. |
Also see the table of common errors in the Response body overview section of this documentation.
Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
node
| Name | Type | Description |
|---|---|---|
name |
string |
|
uuid |
string |
key_server_state
The connectivity state of the key server for a specific node.
| Name | Type | Description |
|---|---|---|
node |
||
state |
string |
Key server connectivity state |
connectivity
This property contains the key server connectivity state of all nodes in the cluster.
This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.
| Name | Type | Description |
|---|---|---|
cluster_availability |
boolean |
Set to true when key server connectivity state is available on all nodes of the cluster. |
node_states |
array[key_server_state] |
An array of key server connectivity states for each node. |
records
| Name | Type | Description |
|---|---|---|
password |
string |
Password credentials for connecting with the key server. This is not audited. |
server |
string |
External key server for key management. If no port is provided, a default port of 5696 is used. Not valid in POST if |
key_server
| Name | Type | Description |
|---|---|---|
password |
string |
Password credentials for connecting with the key server. This is not audited. |
records |
array[records] |
An array of key servers specified to add multiple key servers to a key manager in a single API call. Valid in POST only and not valid if |
server |
string |
External key server for key management. If no port is provided, a default port of 5696 is used. Not valid in POST if |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |