Create an AKV configuration for all clusters and SVMs
Suggest changes
PDFs
POST /security/azure-key-vaults
Introduced In: 9.8
Configures the AKV configuration for all clusters and SVMs.
Required properties
-
svm.uuidorsvm.name- Existing SVM in which to create a AKV. -
client_id- Application (client) ID of the deployed Azure application with appropriate access to an AKV. -
tenant_id- Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV. -
client_secret- Password used by the application to prove its identity to AKV. -
key_id- Key Identifier of AKV encryption key. -
name- Name of the deployed AKV used by ONTAP for storing keys.
Related ONTAP commands
-
security key-manager external azure enable
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
Request Body
| Name | Type | Description |
|---|---|---|
client_id |
string |
Application client ID of the deployed Azure application with appropriate access to an AKV. |
client_secret |
string |
Password used by the application to prove its identity to AKV. |
key_id |
string |
Key Identifier of AKV key encryption key. |
name |
string |
Name of the deployed AKV that will be used by ONTAP for storing keys.
|
svm |
||
tenant_id |
string |
Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV. |
uuid |
string |
A unique identifier for the Azure Key Vault (AKV). |
Example request
{
"client_id": "aaaaaaaa-bbbb-aaaa-bbbb-aaaaaaaaaaaa",
"client_secret": "abcdef",
"key_id": "https://keyvault1.vault.azure.net/keys/key1/a8e619fd8f234db3b0b95c59540e2a74",
"name": "https://kmip-akv-keyvault.vault.azure.net/",
"svm": {
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"tenant_id": "zzzzzzzz-yyyy-zzzz-yyyy-zzzzzzzzzzzz",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
}Response
Status: 201, Created| Name | Type | Description |
|---|---|---|
num_records |
integer |
Number of records |
records |
array[azure_key_vault] |
Example response
{
"records": [
{
"client_id": "aaaaaaaa-bbbb-aaaa-bbbb-aaaaaaaaaaaa",
"client_secret": "abcdef",
"key_id": "https://keyvault1.vault.azure.net/keys/key1/a8e619fd8f234db3b0b95c59540e2a74",
"name": "https://kmip-akv-keyvault.vault.azure.net/",
"svm": {
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"tenant_id": "zzzzzzzz-yyyy-zzzz-yyyy-zzzzzzzzzzzz",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
}
]
}Error
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
3735553 |
Failed to create self-signed certificate. |
3735664 |
The specified key size is not supported in FIPS mode. |
3735665 |
The specified hash function is not supported in FIPS mode. |
3735700 |
The specified key size is not supported. |
52559972 |
The certificates start date is later than the current date. |
65537500 |
A key manager has already been configured for this SVM. |
65537503 |
Passwords do not match. |
65537504 |
Internal error. Failed to store configuration in internal database. |
65537505 |
One or more volume encryption keys of the given SVM are stored on a key manager configured for the admin SVM. |
65537506 |
AKV is not supported in MetroCluster configurations. |
65537512 |
AKV cannot be configured for the given SVM as not all nodes in the cluster have the azure.key.vault capability needed to enable the feature. |
65537514 |
Failed to check or update the azure.key.vault feature capability. |
65537518 |
Failed to find an interface with Cluster role. |
Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
state
Indicates whether the AKV key protection is available cluster wide.
| Name | Type | Description |
|---|---|---|
cluster_state |
boolean |
Set to true when AKV key protection is available on all nodes of the cluster. |
code |
integer |
Code corresponding to the status message. Returns a 0 if AKV key protection is available in all nodes of the cluster. |
message |
string |
Error message set when cluster availability is false. |
svm
| Name | Type | Description |
|---|---|---|
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
azure_key_vault
| Name | Type | Description |
|---|---|---|
client_id |
string |
Application client ID of the deployed Azure application with appropriate access to an AKV. |
client_secret |
string |
Password used by the application to prove its identity to AKV. |
key_id |
string |
Key Identifier of AKV key encryption key. |
name |
string |
Name of the deployed AKV that will be used by ONTAP for storing keys.
|
svm |
||
tenant_id |
string |
Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV. |
uuid |
string |
A unique identifier for the Azure Key Vault (AKV). |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |