Update the AKV configuration

Optional properties

client_secret - New password used to prove the application's identity to the AKV.
key_id- Key Identifier of the new AKV key encryption key.
proxy_type` - Type of proxy (http, https etc.) if proxy configuration is used.
proxy_host - Proxy hostname if proxy configuration is used.
proxy_port - Proxy port number if proxy configuration is used.
proxy_username - Proxy username if proxy configuration is used.
proxy_password - Proxy password if proxy configuration is used.
client_id - Application (client) ID of the deployed Azure application with appropriate access to an AKV.
tenant_id - Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV.

security key-manager external azure update-client-secret
security key-manager external azure rekey-external
security key-manager external azure update-config

Parameters

Name	Type	In	Required	Description
uuid	string	path	True	AKV UUID
return_timeout	integer	query	False	The number of seconds to allow the call to execute before returning. When doing a POST, PATCH, or DELETE operation on a single record, the default is 0 seconds. This means that if an asynchronous operation is started, the server immediately returns HTTP code 202 (Accepted) along with a link to the job. If a non-zero value is specified for POST, PATCH, or DELETE operations, ONTAP waits that length of time to see if the job completes so it can return something other than 202. Default value: 1 Max value: 120 Min value: 0

Name

Type

In

Required

Description

uuid

string

path

True

AKV UUID

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When doing a POST, PATCH, or DELETE operation on a single record, the default is 0 seconds. This means that if an asynchronous operation is started, the server immediately returns HTTP code 202 (Accepted) along with a link to the job. If a non-zero value is specified for POST, PATCH, or DELETE operations, ONTAP waits that length of time to see if the job completes so it can return something other than 202.

Default value: 1
Max value: 120
Min value: 0

Request Body

Name Type Description

Name	Type	Description
_links	_links
azure_reachability	azure_reachability	Indicates whether or not the AKV service is reachable from all the nodes in the cluster. This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the `fields` query parameter or GET for all advanced properties is enabled.
client_id	string	Application client ID of the deployed Azure application with appropriate access to an AKV.
client_secret	string	Password used by the application to prove its identity to AKV.
ekmip_reachability	array[ekmip_reachability]
key_id	string	Key Identifier of AKV key encryption key.
name	string	Name of the deployed AKV that is used by the Azure NetApp Files Cloud Volume Services for storing keys.
proxy_host	string	Proxy host.
proxy_password	string	Proxy password. Password is not audited.
proxy_port	integer	Proxy port.
proxy_type	string	Type of proxy.
proxy_username	string	Proxy username.
scope	string	Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".
state	state	Indicates whether or not the AKV wrapped internal key is available cluster wide. This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the `fields` query parameter or GET for all advanced properties is enabled.
svm	svm
tenant_id	string	Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV.
uuid	string	A unique identifier for the Azure Key Vault (AKV).

_links

azure_reachability

Indicates whether or not the AKV service is reachable from all the nodes in the cluster. This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

client_id

string

Application client ID of the deployed Azure application with appropriate access to an AKV.

client_secret

string

Password used by the application to prove its identity to AKV.

ekmip_reachability

array[ekmip_reachability]

key_id

string

Key Identifier of AKV key encryption key.

name

string

Name of the deployed AKV that is used by the Azure NetApp Files Cloud Volume Services for storing keys.

proxy_host

string

Proxy host.

proxy_password

string

Proxy password. Password is not audited.

proxy_port

integer

Proxy port.

proxy_type

string

Type of proxy.

proxy_username

string

Proxy username.

scope

string

Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".

state

Indicates whether or not the AKV wrapped internal key is available cluster wide. This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

svm

tenant_id

string

Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV.

uuid

string

A unique identifier for the Azure Key Vault (AKV).

Example request

{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "azure_reachability": {
    "code": "346758",
    "message": "AKV service is not reachable from all nodes - reason."
  },
  "client_id": "aaaaaaaa-bbbb-aaaa-bbbb-aaaaaaaaaaaa",
  "client_secret": "abcdef",
  "ekmip_reachability": [
    {
      "code": "346758",
      "message": "embedded KMIP server status unavailable on node.",
      "node": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "node1",
        "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
      }
    }
  ],
  "key_id": "https://keyvault1.vault.azure.net/keys/key1",
  "name": "https://kmip-akv-keyvault.vault.azure.net/",
  "proxy_host": "proxy.eng.com",
  "proxy_password": "proxypassword",
  "proxy_port": "1234",
  "proxy_type": "http",
  "proxy_username": "proxyuser",
  "scope": "string",
  "state": {
    "code": "346758",
    "message": "Top-level internal key protection key (KEK) is unavailable on the following nodes with the associated reasons: Node: node1. Reason: No volumes created yet for the SVM. Wrapped KEK status will be available after creating encrypted volumes."
  },
  "svm": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  },
  "tenant_id": "zzzzzzzz-yyyy-zzzz-yyyy-zzzzzzzzzzzz",
  "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
}

Response

Status: 200, Ok

Response

Status: 202, Accepted

Error

Status: Default

ONTAP Error Response Codes

Error Code	Description
65537120	Azure Key Vault is not configured for the given SVM.
65537504	Internal error. Failed to store configuration in internal database.
65537517	The field "client_secret" must be specified.
65537541	No inputs were provided for the patch request.
65537547	One or more volume encryption keys for encrypted volumes of this data SVM are stored in the key manager configured for the admin SVM. Use the REST API POST method to migrate this data SVM's keys from the admin SVM's key manager to this data SVM's key manager before running the rekey operation.

Name	Type	Description
error	error

Name

Type

Description

error

Example error

{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name	Type	Description
href	string

Name

Type

Description

href

string

_links

Name	Type	Description
self	href

Name

Type

Description

self

href

azure_reachability

Indicates whether or not the AKV service is reachable from all the nodes in the cluster. This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

Name	Type	Description
code	integer	Code corresponding to the status message. Returns a 0 if AKV service is reachable from all nodes in the cluster.
message	string	Error message set when reachability is false.
reachable	boolean	Set to true when the AKV service is reachable from all nodes of the cluster.

Name

Type

Description

code

integer

Code corresponding to the status message. Returns a 0 if AKV service is reachable from all nodes in the cluster.

message

string

Error message set when reachability is false.

reachable

boolean

Set to true when the AKV service is reachable from all nodes of the cluster.

node

Name	Type	Description
_links	_links
name	string
uuid	string

Name

Type

Description

_links

name

string

uuid

string

ekmip_reachability

Provides the connectivity status for the given SVM on the given node to all EKMIP servers configured on all nodes of the cluster. This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

Name	Type	Description
code	integer	Code corresponding to the error message. Returns a 0 if a given SVM is able to communicate to the EKMIP servers of all of the nodes in the cluster.
message	string	Error message set when cluster-wide EKMIP server availability from the given SVM and node is false.
node	node
reachable	boolean	Set to true if the given SVM on the given node is able to communicate to all EKMIP servers configured on all nodes in the cluster.

Name

Type

Description

code

integer

Code corresponding to the error message. Returns a 0 if a given SVM is able to communicate to the EKMIP servers of all of the nodes in the cluster.

message

string

Error message set when cluster-wide EKMIP server availability from the given SVM and node is false.

node

reachable

boolean

Set to true if the given SVM on the given node is able to communicate to all EKMIP servers configured on all nodes in the cluster.

state

Indicates whether or not the AKV wrapped internal key is available cluster wide. This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

Name	Type	Description
available	boolean	Set to true when an AKV wrapped internal key is present on all nodes of the cluster.
code	integer	Code corresponding to the status message. Returns a 0 if AKV wrapped key is available on all nodes in the cluster.
message	string	Error message set when top-level internal key protection key (KEK) availability on cluster is false.

Name

Type

Description

available

boolean

Set to true when an AKV wrapped internal key is present on all nodes of the cluster.

code

integer

Code corresponding to the status message. Returns a 0 if AKV wrapped key is available on all nodes in the cluster.

message

string

Error message set when top-level internal key protection key (KEK) availability on cluster is false.

svm

Name	Type	Description
_links	_links
name	string	The name of the SVM.
uuid	string	The unique identifier of the SVM.

Name

Type

Description

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

azure_key_vault

Name Type Description

Name	Type	Description
_links	_links
azure_reachability	azure_reachability	Indicates whether or not the AKV service is reachable from all the nodes in the cluster. This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the `fields` query parameter or GET for all advanced properties is enabled.
client_id	string	Application client ID of the deployed Azure application with appropriate access to an AKV.
client_secret	string	Password used by the application to prove its identity to AKV.
ekmip_reachability	array[ekmip_reachability]
key_id	string	Key Identifier of AKV key encryption key.
name	string	Name of the deployed AKV that is used by the Azure NetApp Files Cloud Volume Services for storing keys.
proxy_host	string	Proxy host.
proxy_password	string	Proxy password. Password is not audited.
proxy_port	integer	Proxy port.
proxy_type	string	Type of proxy.
proxy_username	string	Proxy username.
scope	string	Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".
state	state	Indicates whether or not the AKV wrapped internal key is available cluster wide. This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the `fields` query parameter or GET for all advanced properties is enabled.
svm	svm
tenant_id	string	Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV.
uuid	string	A unique identifier for the Azure Key Vault (AKV).

_links

azure_reachability

Indicates whether or not the AKV service is reachable from all the nodes in the cluster. This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

client_id

string

Application client ID of the deployed Azure application with appropriate access to an AKV.

client_secret

string

Password used by the application to prove its identity to AKV.

ekmip_reachability

array[ekmip_reachability]

key_id

string

Key Identifier of AKV key encryption key.

name

string

Name of the deployed AKV that is used by the Azure NetApp Files Cloud Volume Services for storing keys.

proxy_host

string

Proxy host.

proxy_password

string

Proxy password. Password is not audited.

proxy_port

integer

Proxy port.

proxy_type

string

Type of proxy.

proxy_username

string

Proxy username.

scope

string

Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".

state

Indicates whether or not the AKV wrapped internal key is available cluster wide. This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

svm

tenant_id

string

Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV.

uuid

string

A unique identifier for the Azure Key Vault (AKV).

error_arguments

Name	Type	Description
code	string	Argument code
message	string	Message argument

Name

Type

Description

code

string

Argument code

message

string

Message argument

error

Name	Type	Description
arguments	array[error_arguments]	Message arguments
code	string	Error code
message	string	Error message
target	string	The target parameter that caused the error.

Name

Type

Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.

Update the AKV configuration

Creating your file...

Optional properties

Related ONTAP commands

Parameters

Request Body

Response

Response

Error

Definitions