Skip to main content
A newer release of this product is available.

Add primary key servers to an external key manager

Contributors

POST /security/key-managers/{uuid}/key-servers

Introduced In: 9.6

Adds key servers to a configured external key manager.

Required properties

  • uuid - UUID of the external key manager.

  • server - Key server name.

  • security key-manager external add-servers

Parameters

Name Type In Required Description

uuid

string

path

True

External key manager UUID

return_records

boolean

query

False

The default is false. If set to true, the records are returned.

  • Default value:

Request Body

Name Type Description

_links

_links

password

string

Password credentials for connecting with the key server. This is not audited.

records

array[records]

An array of key servers specified to add multiple key servers to a key manager in a single API call. Valid in POST only and not valid if server is provided.

secondary_key_servers

array[string]

A list of the secondary key servers associated with the primary key server.

server

string

External key server for key management. If no port is provided, a default port of 5696 is used. Not valid in POST if records is provided.

timeout

integer

I/O timeout in seconds for communicating with the key server.

username

string

KMIP username credentials for connecting with the key server.

Example request
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "password": "password",
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "password": "password",
      "secondary_key_servers": [
        "string"
      ],
      "server": "keyserver1.com:5698",
      "timeout": "60",
      "username": "username"
    }
  ],
  "secondary_key_servers": [
    "string"
  ],
  "server": "keyserver1.com:5698",
  "timeout": "60",
  "username": "username"
}

Response

Status: 201, Created
Name Type Description

_links

_links

num_records

integer

Number of records

records

array[key_server]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "password": "password",
      "records": [
        {
          "_links": {
            "self": {
              "href": "/api/resourcelink"
            }
          },
          "password": "password",
          "secondary_key_servers": [
            "string"
          ],
          "server": "keyserver1.com:5698",
          "timeout": "60",
          "username": "username"
        }
      ],
      "secondary_key_servers": [
        "string"
      ],
      "server": "keyserver1.com:5698",
      "timeout": "60",
      "username": "username"
    }
  ]
}

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

65536038

A maximum of 4 active key servers are allowed.

65536821

The certificate is not installed.

65536822

Multitenant key management is not supported in the current cluster version.

65536824

Multitenant key management is not supported in MetroCluster configurations.

65536828

External key management is not enabled for the SVM.

65536834

Failed to get existing key-server details for the SVM.

65536852

Failed to query supported KMIP protocol versions.

65536870

Key management servers are already configured.

65536871

Duplicate key management servers exist.

65536921

The following issues were found. Unable to execute command on KMIP server.

66060338

Unable to establish secure connection to KMIP server due to incorrect server_ca certificates.

66060339

Unable to establish secure connection to KMIP server due to incorrect client certificates.

66060340

Unable to establish secure connection to KMIP server due to Cryptsoft error.

Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

self

href

records

Name Type Description

_links

_links

password

string

Password credentials for connecting with the key server. This is not audited.

secondary_key_servers

array[string]

A list of the secondary key servers associated with the primary key server.

server

string

External key server for key management. If no port is provided, a default port of 5696 is used. Not valid in POST if records is provided.

timeout

integer

I/O timeout in seconds for communicating with the key server.

username

string

KMIP username credentials for connecting with the key server.

key_server

Name Type Description

_links

_links

password

string

Password credentials for connecting with the key server. This is not audited.

records

array[records]

An array of key servers specified to add multiple key servers to a key manager in a single API call. Valid in POST only and not valid if server is provided.

secondary_key_servers

array[string]

A list of the secondary key servers associated with the primary key server.

server

string

External key server for key management. If no port is provided, a default port of 5696 is used. Not valid in POST if records is provided.

timeout

integer

I/O timeout in seconds for communicating with the key server.

username

string

KMIP username credentials for connecting with the key server.

Name Type Description

next

href

self

href

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.