REST API reference
Update a primary key server
Suggest changes
PDFs
PATCH /security/key-managers/{uuid}/key-servers/{server}
Introduced In: 9.6
Updates a primary key server.
Related ONTAP commands
-
security key-manager external modify-server
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
uuid |
string |
path |
True |
External key manager UUID |
server |
string |
path |
True |
Primary key server configured in the external key manager. |
Request Body
| Name | Type | Description |
|---|---|---|
_links |
||
connectivity |
This property contains the key server connectivity state of all nodes in the cluster.
This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the |
|
create_remove_timeout |
integer |
The key server timeout for create and remove operations. -1 indicates that the server will wait indefinitely for the event to occur. 0 indicates that the server will not wait and will immediately timeout if it does not receive a response. |
password |
string |
Password credentials for connecting with the key server. This is not audited. |
records |
array[records] |
An array of key servers specified to add multiple key servers to a key manager in a single API call. Valid in POST only and not valid if |
secondary_key_servers |
array[string] |
A list of the secondary key servers associated with the primary key server. |
server |
string |
External key server for key management. If no port is provided, a default port of 5696 is used. Not valid in POST if |
timeout |
integer |
I/O timeout in seconds for communicating with the key server. -1 indicates that the server will wait indefinitely for the event to occur. 0 indicates that the server will not wait and will immediately timeout if it does not receive a response. |
username |
string |
KMIP username credentials for connecting with the key server. |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"connectivity": {
"node_states": [
{
"node": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "node1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"state": "not_responding"
}
]
},
"create_remove_timeout": 60,
"password": "password",
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"connectivity": {
"node_states": [
{
"node": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "node1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"state": "not_responding"
}
]
},
"password": "password",
"server": "bulkkeyserver.com:5698",
"timeout": 60,
"username": "username"
}
],
"secondary_key_servers": [
"secondary1.com",
"10.1.2.3"
],
"server": "keyserver1.com:5698",
"timeout": 60,
"username": "username"
}Response
Status: 200, OkError
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
65536600 |
Cannot modify a key server while a node is out quorum. |
65536824 |
Multitenant key management is not supported in MetroCluster configurations. |
65536828 |
External key management is not enabled for the SVM. |
65536843 |
The key management server is not configured for the SVM. |
65536845 |
Missing username. |
65536846 |
Missing password. |
65536880 |
One or more of the following values must be provided "timeout", "username", "password", "secondary_key_servers", "create_remove_timeout". |
65536921 |
Unable to execute the command on the KMIP server. |
65537400 |
Exceeded maximum number of secondary key servers. |
65538407 |
A secondary key server is a duplicate of the associated primary key server. |
65538408 |
The list of secondary key servers contains duplicates. |
65538413 |
A secondary key server address is not formatted correctly. |
65538502 |
A secondary key server is also a primary key server. |
65538503 |
Support for adding secondary key servers requires an ECV of ONTAP 9.11.1 or later. |
Also see the table of common errors in the Response body overview section of this documentation.
| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
self |
node
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
|
uuid |
string |
key_server_state
The connectivity state of the key server for a specific node.
| Name | Type | Description |
|---|---|---|
node |
||
state |
string |
Key server connectivity state |
connectivity
This property contains the key server connectivity state of all nodes in the cluster.
This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.
| Name | Type | Description |
|---|---|---|
cluster_availability |
boolean |
Set to true when key server connectivity state is available on all nodes of the cluster. |
node_states |
array[key_server_state] |
An array of key server connectivity states for each node. |
records
| Name | Type | Description |
|---|---|---|
_links |
||
connectivity |
This property contains the key server connectivity state of all nodes in the cluster.
This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the |
|
password |
string |
Password credentials for connecting with the key server. This is not audited. |
server |
string |
External key server for key management. If no port is provided, a default port of 5696 is used. Not valid in POST if |
timeout |
integer |
I/O timeout in seconds for communicating with the key server. |
username |
string |
KMIP username credentials for connecting with the key server. |
key_server
| Name | Type | Description |
|---|---|---|
_links |
||
connectivity |
This property contains the key server connectivity state of all nodes in the cluster.
This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the |
|
create_remove_timeout |
integer |
The key server timeout for create and remove operations. -1 indicates that the server will wait indefinitely for the event to occur. 0 indicates that the server will not wait and will immediately timeout if it does not receive a response. |
password |
string |
Password credentials for connecting with the key server. This is not audited. |
records |
array[records] |
An array of key servers specified to add multiple key servers to a key manager in a single API call. Valid in POST only and not valid if |
secondary_key_servers |
array[string] |
A list of the secondary key servers associated with the primary key server. |
server |
string |
External key server for key management. If no port is provided, a default port of 5696 is used. Not valid in POST if |
timeout |
integer |
I/O timeout in seconds for communicating with the key server. -1 indicates that the server will wait indefinitely for the event to occur. 0 indicates that the server will not wait and will immediately timeout if it does not receive a response. |
username |
string |
KMIP username credentials for connecting with the key server. |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |