REST API reference
Update key manager configurations
Suggest changes
-
PDF of this doc site
Collection of separate PDF docs
Creating your file...
PATCH /security/key-manager-configs
Introduced In: 9.10
Updates key manager configurations. Updates the key manager health monitor policy.
Related ONTAP commands
-
security key-manager config modify -
security key-manager health policy modify
Request Body
| Name | Type | Description |
|---|---|---|
_links |
||
cc_mode_enabled |
boolean |
Indicates whether the Common Criteria Mode configuration is enabled. |
cloud_kms_retry_count |
integer |
Cloud key manager connection retry count. Supported value range of 0-10. |
health_monitor_policy |
Manages the keystore configurations. |
|
health_monitor_polling_interval |
integer |
Health Monitor Polling Period, in minutes. Supported value range of 15-30 minutes. |
passphrase |
string |
Current cluster-wide passphrase. This is a required field when setting the cc_mode_enabled field value to true. This is not audited. |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"cloud_kms_retry_count": 3,
"health_monitor_polling_interval": 20,
"passphrase": "The cluster passphrase of length 64-256 ASCII characters."
}Response
Status: 200, OkError
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
65536139 |
Cluster-wide passphrase is incorrect. |
65536805 |
Common Criteria Mode requires an effective cluster version of ONTAP 9.4 or later. |
65536806 |
Passphrase length error. |
65536807 |
MetroCluster cannot be configured while in Common Criteria mode. |
65536809 |
Common Criteria mode is disabled on the cluster. Contact technical support for assistance in enabling Common Criteria mode. |
65537301 |
The Onboard Key Manager is not enabled. |
65537302 |
The passphrase field is required when changing cc_mode_enabled to true. |
65537303 |
Modifying polling period requires an effective cluster version of ONTAP 9.10 or later. |
65537304 |
Unable to modify polling period because no external key management is configured on the cluster. |
65538404 |
Modifying cloud keymanager retry count requires an effective cluster version of ONTAP 9.11 or later. |
65539303 |
Modifying the health monitor policy requires an effective cluster version of 9.15 or later. |
65539304 |
The health monitor policy feature is not enabled. |
Also see the table of common errors in the Response body overview section of this documentation.
| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
self_link
| Name | Type | Description |
|---|---|---|
self |
akv
Azure Key Vault Key Management Service policy options
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
Indicates whether health monitor is enabled. |
manage_volume_offline |
boolean |
Indicates whether the health monitor manages the volume offline operation. |
aws
Amazon Web Services Key Management Service policy options
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
Indicates whether health monitor is enabled. |
manage_volume_offline |
boolean |
Indicates whether the health monitor manages the volume offline operation. |
gcp
Google Cloud Key Management Service policy options
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
Indicates whether health monitor is enabled. |
manage_volume_offline |
boolean |
Indicates whether the health monitor manages the volume offline operation. |
ikp
IBM Key Protect Key Management Service policy options
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
Indicates whether health monitor is enabled. |
manage_volume_offline |
boolean |
Indicates whether the health monitor manages the volume offline operation. |
kmip
External Key Manager policy options
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
Indicates whether health monitor is enabled. |
manage_volume_offline |
boolean |
Indicates whether the health monitor manages the volume offline operation. |
okm
Onboard Key Manager policy options
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
Indicates whether health monitor is enabled. |
manage_volume_offline |
boolean |
Indicates whether the health monitor manages the volume offline operation. |
health_monitor_policy
Manages the keystore configurations.
| Name | Type | Description |
|---|---|---|
akv |
Azure Key Vault Key Management Service policy options |
|
aws |
Amazon Web Services Key Management Service policy options |
|
gcp |
Google Cloud Key Management Service policy options |
|
ikp |
IBM Key Protect Key Management Service policy options |
|
kmip |
External Key Manager policy options |
|
okm |
Onboard Key Manager policy options |
key_manager_config
Manages the various key manager configuration options.
| Name | Type | Description |
|---|---|---|
_links |
||
cc_mode_enabled |
boolean |
Indicates whether the Common Criteria Mode configuration is enabled. |
cloud_kms_retry_count |
integer |
Cloud key manager connection retry count. Supported value range of 0-10. |
health_monitor_policy |
Manages the keystore configurations. |
|
health_monitor_polling_interval |
integer |
Health Monitor Polling Period, in minutes. Supported value range of 15-30 minutes. |
passphrase |
string |
Current cluster-wide passphrase. This is a required field when setting the cc_mode_enabled field value to true. This is not audited. |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |