Skip to main content

Update a primary key server

Contributors

PATCH /security/key-managers/{uuid}/key-servers/{server}

Introduced In: 9.6

Updates a primary key server.

  • security key-manager external modify-server

Parameters

Name Type In Required Description

uuid

string

path

True

External key manager UUID

server

string

path

True

Primary key server configured in the external key manager.

Request Body

Name Type Description

_links

_links

connectivity

connectivity

This property contains the key server connectivity state of all nodes in the cluster. This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

create_remove_timeout

integer

The key server timeout for create and remove operations. -1 indicates that the server will wait indefinitely for the event to occur. 0 indicates that the server will not wait and will immediately timeout if it does not receive a response.

password

string

Password credentials for connecting with the key server. This is not audited.

records

array[records]

An array of key servers specified to add multiple key servers to a key manager in a single API call. Valid in POST only and not valid if server is provided.

secondary_key_servers

array[string]

A list of the secondary key servers associated with the primary key server.

server

string

External key server for key management. If no port is provided, a default port of 5696 is used. Not valid in POST if records is provided.

timeout

integer

I/O timeout in seconds for communicating with the key server. -1 indicates that the server will wait indefinitely for the event to occur. 0 indicates that the server will not wait and will immediately timeout if it does not receive a response.

username

string

KMIP username credentials for connecting with the key server.

Example request
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "connectivity": {
    "node_states": [
      {
        "node": {
          "_links": {
            "self": {
              "href": "/api/resourcelink"
            }
          },
          "name": "node1",
          "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
        },
        "state": "not_responding"
      }
    ]
  },
  "create_remove_timeout": 60,
  "password": "password",
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "connectivity": {
        "node_states": [
          {
            "node": {
              "_links": {
                "self": {
                  "href": "/api/resourcelink"
                }
              },
              "name": "node1",
              "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
            },
            "state": "not_responding"
          }
        ]
      },
      "password": "password",
      "server": "bulkkeyserver.com:5698",
      "timeout": 60,
      "username": "username"
    }
  ],
  "secondary_key_servers": [
    "secondary1.com",
    "10.1.2.3"
  ],
  "server": "keyserver1.com:5698",
  "timeout": 60,
  "username": "username"
}

Response

Status: 200, Ok

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

65536600

Cannot modify a key server while a node is out quorum.

65536824

Multitenant key management is not supported in MetroCluster configurations.

65536828

External key management is not enabled for the SVM.

65536843

The key management server is not configured for the SVM.

65536845

Missing username.

65536846

Missing password.

65536880

One or more of the following values must be provided "timeout", "username", "password", "secondary_key_servers", "create_remove_timeout".

65536921

Unable to execute the command on the KMIP server.

65537400

Exceeded maximum number of secondary key servers.

65538407

A secondary key server is a duplicate of the associated primary key server.

65538408

The list of secondary key servers contains duplicates.

65538413

A secondary key server address is not formatted correctly.

65538502

A secondary key server is also a primary key server.

65538503

Support for adding secondary key servers requires an ECV of ONTAP 9.11.1 or later.

Also see the table of common errors in the Response body overview section of this documentation.

Name Type Description

error

returned_error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

self

href

node

Name Type Description

_links

_links

name

string

uuid

string

key_server_state

The connectivity state of the key server for a specific node.

Name Type Description

node

node

state

string

Key server connectivity state

connectivity

This property contains the key server connectivity state of all nodes in the cluster. This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

Name Type Description

cluster_availability

boolean

Set to true when key server connectivity state is available on all nodes of the cluster.

node_states

array[key_server_state]

An array of key server connectivity states for each node.

records

Name Type Description

_links

_links

connectivity

connectivity

This property contains the key server connectivity state of all nodes in the cluster. This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

password

string

Password credentials for connecting with the key server. This is not audited.

server

string

External key server for key management. If no port is provided, a default port of 5696 is used. Not valid in POST if records is provided.

timeout

integer

I/O timeout in seconds for communicating with the key server.

username

string

KMIP username credentials for connecting with the key server.

key_server

Name Type Description

_links

_links

connectivity

connectivity

This property contains the key server connectivity state of all nodes in the cluster. This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

create_remove_timeout

integer

The key server timeout for create and remove operations. -1 indicates that the server will wait indefinitely for the event to occur. 0 indicates that the server will not wait and will immediately timeout if it does not receive a response.

password

string

Password credentials for connecting with the key server. This is not audited.

records

array[records]

An array of key servers specified to add multiple key servers to a key manager in a single API call. Valid in POST only and not valid if server is provided.

secondary_key_servers

array[string]

A list of the secondary key servers associated with the primary key server.

server

string

External key server for key management. If no port is provided, a default port of 5696 is used. Not valid in POST if records is provided.

timeout

integer

I/O timeout in seconds for communicating with the key server. -1 indicates that the server will wait indefinitely for the event to occur. 0 indicates that the server will not wait and will immediately timeout if it does not receive a response.

username

string

KMIP username credentials for connecting with the key server.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

returned_error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.