REST API reference
Retrieve key managers
Suggest changes
PDFs
GET /security/key-managers
Retrieves key managers.
Related ONTAP commands
-
security key-manager show-keystore -
security key-manager external show
Learn more
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
onboard.enabled |
boolean |
query |
False |
Filter by onboard.enabled |
external.server_ca_certificates.uuid |
string |
query |
False |
Filter by external.server_ca_certificates.uuid |
external.client_certificate.uuid |
string |
query |
False |
Filter by external.client_certificate.uuid |
external.servers.server |
string |
query |
False |
Filter by external.servers.server |
external.servers.timeout |
integer |
query |
False |
Filter by external.servers.timeout |
external.servers.username |
string |
query |
False |
Filter by external.servers.username |
uuid |
string |
query |
False |
Filter by uuid |
svm.uuid |
string |
query |
False |
Filter by svm.uuid |
svm.name |
string |
query |
False |
Filter by svm.name |
scope |
string |
query |
False |
Filter by scope |
fields |
array[string] |
query |
False |
Specify the fields to return. |
max_records |
integer |
query |
False |
Limit the number of records returned. |
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached. |
return_records |
boolean |
query |
False |
The default is true for GET calls. When set to false, only the number of records is returned. |
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
Response
Status: 200, Ok| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[security_key_manager] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"records": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"external": {
"client_certificate": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"server_ca_certificates": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"servers": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"server": "keyserver1.com:5698",
"timeout": 60,
"username": "username"
}
},
"onboard": {
"existing_passphrase": "The cluster password of length 32-256 ASCII characters.",
"passphrase": "The cluster password of length 32-256 ASCII characters."
},
"scope": "svm",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"uuid": "string"
}
}Error
Status: Default, Error| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": {
"code": "string",
"message": "string"
},
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
_links
| Name | Type | Description |
|---|---|---|
self |
client_certificate
Client certificate
| Name | Type | Description |
|---|---|---|
_links |
||
uuid |
string |
Certificate UUID |
server_ca_certificates
Security certificate object reference
| Name | Type | Description |
|---|---|---|
_links |
||
uuid |
string |
Certificate UUID |
key_server_readcreate
| Name | Type | Description |
|---|---|---|
_links |
||
server |
string |
External key server for key management. If no port is provided, a default port of 5696 is used. |
timeout |
integer |
I/O timeout in seconds for communicating with the key server. |
username |
string |
Username credentials for connecting with the key server. |
external
Configures external key management
| Name | Type | Description |
|---|---|---|
client_certificate |
Client certificate |
|
server_ca_certificates |
array[server_ca_certificates] |
The UUIDs of the server CA certificates already installed in the cluster or SVM. The array of certificates are common for all the keyservers per SVM. |
servers |
array[key_server_readcreate] |
The set of external key servers. |
onboard
Configures onboard key management. After configuring onboard key management, save the encrypted configuration data in a safe location so that you can use it if you need to perform a manual recovery operation.
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
Is the onboard key manager enabled? |
existing_passphrase |
string |
The cluster-wide passphrase. This is not audited. |
passphrase |
string |
The cluster-wide passphrase. This is not audited. |
svm
SVM, applies only to SVM-scoped objects.
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
security_key_manager
| Name | Type | Description |
|---|---|---|
_links |
||
external |
Configures external key management |
|
onboard |
Configures onboard key management. After configuring onboard key management, save the encrypted configuration data in a safe location so that you can use it if you need to perform a manual recovery operation. |
|
scope |
string |
Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster". |
svm |
SVM, applies only to SVM-scoped objects. |
|
uuid |
string |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |