Add primary key servers to an external key manager
Suggest changes
PDFs
POST /security/key-managers/{uuid}/key-servers
Adds key servers to a configured external key manager.
Required properties
-
uuid- UUID of the external key manager. -
server- Key server name.
Related ONTAP commands
-
security key-manager external add-servers
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned. |
uuid |
string |
path |
True |
External key manager UUID |
Request Body
| Name | Type | Description |
|---|---|---|
_links |
||
connectivity |
This property returns the key server connectivity state on all nodes of the cluster. The state is returned for a node only if the connectivity is not in an available state on that node.
This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the |
|
password |
string |
Password credentials for connecting with the key server. This is not audited. |
records |
array[records] |
An array of key servers specified to add multiple key servers to a key manager in a single API call. Valid in POST only and not valid if |
server |
string |
External key server for key management. If no port is provided, a default port of 5696 is used. Not valid in POST if |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"connectivity": {
"records": [
{
"node": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "node1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"state": "not_responding"
}
]
},
"password": "password",
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"connectivity": {
"records": [
{
"node": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "node1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"state": "not_responding"
}
]
},
"password": "password",
"server": "keyserver1.com:5698"
}
],
"server": "keyserver1.com:5698"
}Response
Status: 201, Created| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[key_server] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"connectivity": {
"records": [
{
"node": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "node1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"state": "not_responding"
}
]
},
"password": "password",
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"connectivity": {
"records": [
{
"node": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "node1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"state": "not_responding"
}
]
},
"password": "password",
"server": "keyserver1.com:5698"
}
],
"server": "keyserver1.com:5698"
}
]
}Error
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
65536038 |
A maximum of 4 active key servers are allowed. |
65536821 |
The certificate is not installed. |
65536822 |
Multitenant key management is not supported in the current cluster version. |
65536824 |
Multitenant key management is not supported in MetroCluster configurations. |
65536828 |
External key management is not enabled for the SVM. |
65536834 |
Failed to get existing key-server details for the SVM. |
65536852 |
Failed to query supported KMIP protocol versions. |
65536870 |
Key management servers are already configured. |
65536871 |
Duplicate key management servers exist. |
65536921 |
The following issues were found. Unable to execute command on KMIP server. |
66060338 |
Unable to establish secure connection to KMIP server due to incorrect server_ca certificates. |
66060339 |
Unable to establish secure connection to KMIP server due to incorrect client certificates. |
66060340 |
Unable to establish secure connection to KMIP server due to Cryptsoft error. |
66060341 |
Unable to establish secure connection to KMIP server due to network configuration issues. |
| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
self |
node
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
|
uuid |
string |
key_server_state
The state of the key server for a specific node.
| Name | Type | Description |
|---|---|---|
node |
||
state |
string |
Key server connectivity state |
connectivity
This property returns the key server connectivity state on all nodes of the cluster. The state is returned for a node only if the connectivity is not in an available state on that node.
This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.
| Name | Type | Description |
|---|---|---|
cluster_availability |
boolean |
Set to true when key server connectivity state is available on all nodes of the cluster. |
records |
array[key_server_state] |
An array of key server connectivity states for each node. |
records
| Name | Type | Description |
|---|---|---|
_links |
||
connectivity |
This property returns the key server connectivity state on all nodes of the cluster. The state is returned for a node only if the connectivity is not in an available state on that node.
This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the |
|
password |
string |
Password credentials for connecting with the key server. This is not audited. |
server |
string |
External key server for key management. If no port is provided, a default port of 5696 is used. Not valid in POST if |
key_server
| Name | Type | Description |
|---|---|---|
_links |
||
connectivity |
This property returns the key server connectivity state on all nodes of the cluster. The state is returned for a node only if the connectivity is not in an available state on that node.
This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the |
|
password |
string |
Password credentials for connecting with the key server. This is not audited. |
records |
array[records] |
An array of key servers specified to add multiple key servers to a key manager in a single API call. Valid in POST only and not valid if |
server |
string |
External key server for key management. If no port is provided, a default port of 5696 is used. Not valid in POST if |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |