Create an AKV configuration for all clusters and SVMs

05/08/2024 Contributors

PDFs

POST /security/azure-key-vaults

Configures the AKV configuration for all clusters and SVMs.

Required properties

svm.uuid or svm.name - Existing SVM in which to create a AKV.
client_id - Application (client) ID of the deployed Azure application with appropriate access to an AKV.
tenant_id - Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV.
client_secret - Password used by the application to prove its identity to AKV.
key_id- Key Identifier of AKV encryption key.
name - Name of the deployed AKV used by ONTAP for storing keys.

security key-manager external azure enable

Learn more

DOC /security/azure-key-vaults

Parameters

Name	Type	In	Required	Description
return_records	boolean	query	False	The default is false. If set to true, the records are returned.

Name

Type

Required

Description

return_records

boolean

query

False

The default is false. If set to true, the records are returned.

Request Body

Name	Type	Description
_links	_links
client_id	string	Application client ID of the deployed Azure application with appropriate access to an AKV.
client_secret	string	Password used by the application to prove its identity to AKV.
key_id	string	Key Identifier of AKV key encryption key.
name	string	Name of the deployed AKV that will be used by ONTAP for storing keys. example: https://kmip-akv-keyvault.vault.azure.net/ format: uri
scope	string	Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".
state	state	Indicates whether the AKV key protection is available cluster wide.
svm	svm
tenant_id	string	Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV.
uuid	string	A unique identifier for the Azure Key Vault (AKV).

Name

Type

Description

_links

client_id

string

Application client ID of the deployed Azure application with appropriate access to an AKV.

client_secret

string

Password used by the application to prove its identity to AKV.

key_id

string

Key Identifier of AKV key encryption key.

name

string

Name of the deployed AKV that will be used by ONTAP for storing keys.

example: https://kmip-akv-keyvault.vault.azure.net/
format: uri

scope

string

Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".

state

Indicates whether the AKV key protection is available cluster wide.

svm

tenant_id

string

Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV.

uuid

string

A unique identifier for the Azure Key Vault (AKV).

Example request

{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "client_id": "aaaaaaaa-bbbb-aaaa-bbbb-aaaaaaaaaaaa",
  "client_secret": "abcdef",
  "key_id": "https://keyvault1.vault.azure.net/keys/key1/a8e619fd8f234db3b0b95c59540e2a74",
  "name": "https://kmip-akv-keyvault.vault.azure.net/",
  "scope": "svm",
  "state": {
    "code": 346758,
    "message": "AKV key protection is unavailable in following nodes - node1, node2."
  },
  "svm": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  },
  "tenant_id": "zzzzzzzz-yyyy-zzzz-yyyy-zzzzzzzzzzzz",
  "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
}

Response

Status: 201, Created

Name	Type	Description
_links	_links
num_records	integer	Number of records
records	array[azure_key_vault]

Name

Type

Description

_links

num_records

integer

Number of records

records

array[azure_key_vault]

Example response

{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "client_id": "aaaaaaaa-bbbb-aaaa-bbbb-aaaaaaaaaaaa",
    "client_secret": "abcdef",
    "key_id": "https://keyvault1.vault.azure.net/keys/key1/a8e619fd8f234db3b0b95c59540e2a74",
    "name": "https://kmip-akv-keyvault.vault.azure.net/",
    "scope": "svm",
    "state": {
      "code": 346758,
      "message": "AKV key protection is unavailable in following nodes - node1, node2."
    },
    "svm": {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "name": "svm1",
      "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
    },
    "tenant_id": "zzzzzzzz-yyyy-zzzz-yyyy-zzzzzzzzzzzz",
    "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
  }
}

Error

Status: Default

ONTAP Error Response Codes

Error Code	Description
3735553	Failed to create self-signed certificate.
3735664	The specified key size is not supported in FIPS mode.
3735665	The specified hash function is not supported in FIPS mode.
3735700	The specified key size is not supported.
52559972	The certificates start date is later than the current date.
65537500	A key manager has already been configured for this SVM.
65537503	Passwords do not match.
65537504	Internal error. Failed to store configuration in internal database.
65537505	One or more volume encryption keys of the given SVM are stored on a key manager configured for the admin SVM.
65537506	AKV is not supported in MetroCluster configurations.
65537512	AKV cannot be configured for the given SVM as not all nodes in the cluster have the azure.key.vault capability needed to enable the feature.
65537514	Failed to check or update the azure.key.vault feature capability.
65537518	Failed to find an interface with Cluster role.

Name	Type	Description
error	error

Name

Type

Description

error

Example error

{
  "error": {
    "arguments": {
      "code": "string",
      "message": "string"
    },
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name	Type	Description
href	string

Name

Type

Description

href

string

_links

Name	Type	Description
self	href

Name

Type

Description

self

href

state

Indicates whether the AKV key protection is available cluster wide.

Name	Type	Description
cluster_state	boolean	Set to true when AKV key protection is available on all nodes of the cluster.
code	integer	Code corresponding to the status message. Returns a 0 if AKV key protection is available in all nodes of the cluster.
message	string	Error message set when cluster availability is false.

Name

Type

Description

cluster_state

boolean

Set to true when AKV key protection is available on all nodes of the cluster.

code

integer

Code corresponding to the status message. Returns a 0 if AKV key protection is available in all nodes of the cluster.

message

string

Error message set when cluster availability is false.

svm

Name	Type	Description
_links	_links
name	string	The name of the SVM.
uuid	string	The unique identifier of the SVM.

Name

Type

Description

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

azure_key_vault

Name	Type	Description
_links	_links
client_id	string	Application client ID of the deployed Azure application with appropriate access to an AKV.
client_secret	string	Password used by the application to prove its identity to AKV.
key_id	string	Key Identifier of AKV key encryption key.
name	string	Name of the deployed AKV that will be used by ONTAP for storing keys. example: https://kmip-akv-keyvault.vault.azure.net/ format: uri
scope	string	Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".
state	state	Indicates whether the AKV key protection is available cluster wide.
svm	svm
tenant_id	string	Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV.
uuid	string	A unique identifier for the Azure Key Vault (AKV).

Name

Type

Description

_links

client_id

string

Application client ID of the deployed Azure application with appropriate access to an AKV.

client_secret

string

Password used by the application to prove its identity to AKV.

key_id

string

Key Identifier of AKV key encryption key.

name

string

Name of the deployed AKV that will be used by ONTAP for storing keys.

example: https://kmip-akv-keyvault.vault.azure.net/
format: uri

scope

string

Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".

state

Indicates whether the AKV key protection is available cluster wide.

svm

tenant_id

string

Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV.

uuid

string

A unique identifier for the Azure Key Vault (AKV).

_links

Name	Type	Description
next	href
self	href

Name

Type

Description

href

self

href

error_arguments

Name	Type	Description
code	string	Argument code
message	string	Message argument

Name

Type

Description

code

string

Argument code

message

string

Message argument

error

Name	Type	Description
arguments	array[error_arguments]	Message arguments
code	string	Error code
message	string	Error message
target	string	The target parameter that caused the error.

Name

Type

Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.

Create an AKV configuration for all clusters and SVMs

Creating your file...

Required properties

Related ONTAP commands

Learn more

Parameters

Request Body

Response

Error

Definitions