Skip to main content
A newer release of this product is available.

Retrieve key managers

Contributors

GET /security/key-managers

Retrieves key managers.

  • security key-manager show-keystore

  • security key-manager external show

Parameters

Name Type In Required Description

onboard.enabled

boolean

query

False

Filter by onboard.enabled

external.server_ca_certificates.uuid

string

query

False

Filter by external.server_ca_certificates.uuid

external.client_certificate.uuid

string

query

False

Filter by external.client_certificate.uuid

external.servers.server

string

query

False

Filter by external.servers.server

external.servers.timeout

integer

query

False

Filter by external.servers.timeout

external.servers.username

string

query

False

Filter by external.servers.username

uuid

string

query

False

Filter by uuid

svm.uuid

string

query

False

Filter by svm.uuid

svm.name

string

query

False

Filter by svm.name

scope

string

query

False

Filter by scope

fields

array[string]

query

False

Specify the fields to return.

max_records

integer

query

False

Limit the number of records returned.

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

return_records

boolean

query

False

The default is true for GET calls. When set to false, only the number of records is returned.

order_by

array[string]

query

False

Order results by specified fields and optional [asc

Response

Status: 200, Ok
Name Type Description

_links

_links

num_records

integer

Number of records

records

array[security_key_manager]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "external": {
        "client_certificate": {
          "_links": {
            "self": {
              "href": "/api/resourcelink"
            }
          },
          "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
        },
        "server_ca_certificates": [
          {
            "_links": {
              "self": {
                "href": "/api/resourcelink"
              }
            },
            "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
          }
        ],
        "servers": [
          {
            "_links": {
              "self": {
                "href": "/api/resourcelink"
              }
            },
            "server": "keyserver1.com:5698",
            "timeout": 60,
            "username": "username"
          }
        ]
      },
      "onboard": {
        "existing_passphrase": "The cluster password of length 32-256 ASCII characters.",
        "passphrase": "The cluster password of length 32-256 ASCII characters."
      },
      "scope": "string",
      "svm": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "svm1",
        "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
      },
      "uuid": "string"
    }
  ]
}

Error

Status: Default, Error
Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

next

href

self

href

Name Type Description

self

href

client_certificate

Client certificate

Name Type Description

_links

_links

uuid

string

Certificate UUID

server_ca_certificates

Security certificate object reference

Name Type Description

_links

_links

uuid

string

Certificate UUID

key_server_readcreate

Name Type Description

_links

_links

server

string

External key server for key management. If no port is provided, a default port of 5696 is used.

timeout

integer

I/O timeout in seconds for communicating with the key server.

username

string

Username credentials for connecting with the key server.

external

Configures external key management

Name Type Description

client_certificate

client_certificate

Client certificate

server_ca_certificates

array[server_ca_certificates]

The UUIDs of the server CA certificates already installed in the cluster or SVM. The array of certificates are common for all the keyservers per SVM.

servers

array[key_server_readcreate]

The set of external key servers.

onboard

Configures onboard key management. After configuring onboard key management, save the encrypted configuration data in a safe location so that you can use it if you need to perform a manual recovery operation.

Name Type Description

enabled

boolean

Is the onboard key manager enabled?

existing_passphrase

string

The cluster-wide passphrase. This is not audited.

passphrase

string

The cluster-wide passphrase. This is not audited.

svm

SVM, applies only to SVM-scoped objects.

Name Type Description

_links

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

security_key_manager

Name Type Description

_links

_links

external

external

Configures external key management

onboard

onboard

Configures onboard key management. After configuring onboard key management, save the encrypted configuration data in a safe location so that you can use it if you need to perform a manual recovery operation.

scope

string

Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".

svm

svm

SVM, applies only to SVM-scoped objects.

uuid

string

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.