REST API reference
Retrieve AKVs configured for all clusters and SVMs
Suggest changes
PDFs
GET /security/azure-key-vaults
Introduced In: 9.8
Retrieves AKVs configured for all clusters and SVMs. Note: This method is only available to the Azure NetApp Files Cloud Volume Services.
Related ONTAP commands
-
security key-manager external azure show -
security key-manager external azure check
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
state.code |
integer |
query |
False |
Filter by state.code |
state.available |
boolean |
query |
False |
Filter by state.available |
state.message |
string |
query |
False |
Filter by state.message |
scope |
string |
query |
False |
Filter by scope |
svm.uuid |
string |
query |
False |
Filter by svm.uuid |
svm.name |
string |
query |
False |
Filter by svm.name |
ekmip_reachability.node.name |
string |
query |
False |
Filter by ekmip_reachability.node.name |
ekmip_reachability.node.uuid |
string |
query |
False |
Filter by ekmip_reachability.node.uuid |
ekmip_reachability.reachable |
boolean |
query |
False |
Filter by ekmip_reachability.reachable |
ekmip_reachability.message |
string |
query |
False |
Filter by ekmip_reachability.message |
ekmip_reachability.code |
integer |
query |
False |
Filter by ekmip_reachability.code |
proxy_port |
integer |
query |
False |
Filter by proxy_port |
uuid |
string |
query |
False |
Filter by uuid |
proxy_username |
string |
query |
False |
Filter by proxy_username |
proxy_type |
string |
query |
False |
Filter by proxy_type |
name |
string |
query |
False |
Filter by name |
client_id |
string |
query |
False |
Filter by client_id |
azure_reachability.message |
string |
query |
False |
Filter by azure_reachability.message |
azure_reachability.reachable |
boolean |
query |
False |
Filter by azure_reachability.reachable |
azure_reachability.code |
integer |
query |
False |
Filter by azure_reachability.code |
proxy_host |
string |
query |
False |
Filter by proxy_host |
key_id |
string |
query |
False |
Filter by key_id |
tenant_id |
string |
query |
False |
Filter by tenant_id |
fields |
array[string] |
query |
False |
Specify the fields to return. |
max_records |
integer |
query |
False |
Limit the number of records returned. |
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.
|
return_records |
boolean |
query |
False |
The default is true for GET calls. When set to false, only the number of records is returned.
|
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
Response
Status: 200, Ok| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[azure_key_vault] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"records": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"azure_reachability": {
"code": "346758",
"message": "AKV service is not reachable from all nodes - reason."
},
"client_id": "aaaaaaaa-bbbb-aaaa-bbbb-aaaaaaaaaaaa",
"client_secret": "abcdef",
"ekmip_reachability": {
"code": "346758",
"message": "embedded KMIP server status unavailable on node.",
"node": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "node1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
}
},
"key_id": "https://keyvault1.vault.azure.net/keys/key1",
"name": "https://kmip-akv-keyvault.vault.azure.net/",
"proxy_host": "proxy.eng.com",
"proxy_password": "proxypassword",
"proxy_port": "1234",
"proxy_type": "http",
"proxy_username": "proxyuser",
"scope": "svm",
"state": {
"code": "346758",
"message": "Top-level internal key protection key (KEK) is unavailable on the following nodes with the associated reasons: Node: node1. Reason: No volumes created yet for the SVM. Wrapped KEK status will be available after creating encrypted volumes."
},
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"tenant_id": "zzzzzzzz-yyyy-zzzz-yyyy-zzzzzzzzzzzz",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
}
}Error
Status: Default, Error| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": {
"code": "string",
"message": "string"
},
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
_links
| Name | Type | Description |
|---|---|---|
self |
azure_reachability
Indicates whether or not the AKV service is reachable from all the nodes in the cluster.
This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.
| Name | Type | Description |
|---|---|---|
code |
integer |
Code corresponding to the status message. Returns a 0 if AKV service is reachable from all nodes in the cluster. |
message |
string |
Error message set when reachability is false. |
reachable |
boolean |
Set to true when the AKV service is reachable from all nodes of the cluster. |
node
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
|
uuid |
string |
ekmip_reachability
Provides the connectivity status for the given SVM on the given node to all EKMIP servers configured on all nodes of the cluster.
This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.
| Name | Type | Description |
|---|---|---|
code |
integer |
Code corresponding to the error message. Returns a 0 if a given SVM is able to communicate to the EKMIP servers of all of the nodes in the cluster. |
message |
string |
Error message set when cluster-wide EKMIP server availability from the given SVM and node is false. |
node |
||
reachable |
boolean |
Set to true if the given SVM on the given node is able to communicate to all EKMIP servers configured on all nodes in the cluster. |
state
Indicates whether or not the AKV wrapped internal key is available cluster wide.
This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.
| Name | Type | Description |
|---|---|---|
available |
boolean |
Set to true when an AKV wrapped internal key is present on all nodes of the cluster. |
code |
integer |
Code corresponding to the status message. Returns a 0 if AKV wrapped key is available on all nodes in the cluster. |
message |
string |
Error message set when top-level internal key protection key (KEK) availability on cluster is false. |
svm
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
azure_key_vault
| Name | Type | Description |
|---|---|---|
_links |
||
azure_reachability |
Indicates whether or not the AKV service is reachable from all the nodes in the cluster.
This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the |
|
client_id |
string |
Application client ID of the deployed Azure application with appropriate access to an AKV. |
client_secret |
string |
Password used by the application to prove its identity to AKV. |
ekmip_reachability |
array[ekmip_reachability] |
|
key_id |
string |
Key Identifier of AKV key encryption key. |
name |
string |
Name of the deployed AKV that is used by the Azure NetApp Files Cloud Volume Services for storing keys. |
proxy_host |
string |
Proxy host. |
proxy_password |
string |
Proxy password. Password is not audited. |
proxy_port |
integer |
Proxy port. |
proxy_type |
string |
Type of proxy. |
proxy_username |
string |
Proxy username. |
scope |
string |
Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster". |
state |
Indicates whether or not the AKV wrapped internal key is available cluster wide.
This is an advanced property; there is an added cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the |
|
svm |
||
tenant_id |
string |
Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV. |
uuid |
string |
A unique identifier for the Azure Key Vault (AKV). |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |