Retrieve the Barbican KMS configuration for an SVM

security key-manager external barbican show
security key-manager external barbican check

Parameters

Name	Type	In	Required	Description
uuid	string	path	True	Barbican KMS UUID
fields	array[string]	query	False	Specify the fields to return.

Name

Type

In

Required

Description

uuid

string

path

True

Barbican KMS UUID

fields

array[string]

query

False

Specify the fields to return.

Response

Status: 200, Ok

Name Type Description

Name	Type	Description
_links	_links
application_cred_id	string	Keystone application credentials ID required to access the specified Barbican KMS.
barbican_reachability	barbican_reachability	Indicates whether the Barbican KMS is reachable from all nodes in the cluster. This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET request or an instance GET request unless it is explicitly requested using the field's query parameter or GET for all advanced properties is enabled.
configuration	configuration	Security keystore object reference.
enabled	boolean	Indicates whether the configuration is enabled.
key_id	string	Key Identifier URL of the Barbican KMS key encryption key. Must be an HTTPS URL.
keystone_url	string	Keystone URL for the access token. Must be an HTTPS URL.
proxy_host	string	Proxy host name.
proxy_port	integer	Proxy port number.
proxy_type	string	Type of proxy.
proxy_username	string	Proxy username.
scope	string	Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".
state	state	Indicates whether or not the SVM key encryption key (KEK) is available cluster wide. This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the `fields` query parameter or GET for all advanced properties is enabled.
svm	svm	SVM, applies only to SVM-scoped objects.
timeout	integer	Connection timeout in seconds.
uuid	string	A unique identifier of the Barbican KMS.
verify	boolean	Verify the identity of the Barbican KMS.
verify_host	boolean	Verify the identity of the Barbican KMS host name.

_links

application_cred_id

string

Keystone application credentials ID required to access the specified Barbican KMS.

barbican_reachability

Indicates whether the Barbican KMS is reachable from all nodes in the cluster. This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET request or an instance GET request unless it is explicitly requested using the field's query parameter or GET for all advanced properties is enabled.

configuration

Security keystore object reference.

enabled

boolean

Indicates whether the configuration is enabled.

key_id

string

Key Identifier URL of the Barbican KMS key encryption key. Must be an HTTPS URL.

keystone_url

string

Keystone URL for the access token. Must be an HTTPS URL.

proxy_host

string

Proxy host name.

proxy_port

integer

Proxy port number.

proxy_type

string

Type of proxy.

proxy_username

string

Proxy username.

scope

string

Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".

state

Indicates whether or not the SVM key encryption key (KEK) is available cluster wide. This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

svm

SVM, applies only to SVM-scoped objects.

timeout

integer

Connection timeout in seconds.

uuid

string

A unique identifier of the Barbican KMS.

verify

boolean

Verify the identity of the Barbican KMS.

verify_host

boolean

Verify the identity of the Barbican KMS host name.

Example response

{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "application_cred_id": "63e3cb77f84f42b7a0395a3efb7636f9",
  "barbican_reachability": {
    "code": "346758",
    "message": "Barbican KMS is not reachable from all nodes - <reason>.",
    "reachable": ""
  },
  "configuration": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "default",
    "uuid": "1cd8a442-86d1-11e0-ae1c-123478563434"
  },
  "key_id": "https://172.29.58.184:9311/v1/secrets/5c610a4f-ea97-44b5-8682-f4daeafa9647",
  "keystone_url": "https://keystoneip:5000/v3/auth/tokens",
  "proxy_host": "proxy.eng.com",
  "proxy_port": 1234,
  "proxy_type": "http",
  "proxy_username": "proxyuser",
  "scope": "string",
  "state": {
    "cluster_state": "",
    "code": "346758",
    "message": "Top-level internal key encryption key is unavailable on the following nodes with the associated reasons: Node: node1. Reason: No volumes created yet for the SVM. Wrapped KEK status will be available after creating encrypted volumes."
  },
  "svm": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  },
  "timeout": 60,
  "uuid": "1cd8a442-86d1-11e0-ae1c-123478563434"
}

Error

Status: Default

ONTAP Error Response Codes

Error Code	Description
65539801	The Barbican Key Management Service is unreachable from one or more nodes.

Error Code

Description

65539801

The Barbican Key Management Service is unreachable from one or more nodes.

Also see the table of common errors in the Response body overview section of this documentation.

Name	Type	Description
error	returned_error

Name

Type

Description

error

returned_error

Example error

{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name	Type	Description
href	string

Name

Type

Description

href

string

_links

Name	Type	Description
self	href

Name

Type

Description

self

href

barbican_reachability

Indicates whether the Barbican KMS is reachable from all nodes in the cluster. This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET request or an instance GET request unless it is explicitly requested using the field's query parameter or GET for all advanced properties is enabled.

Name	Type	Description
code	string	Code corresponding to the error message. Returns 0 if Barbican KMS is reachable from all nodes in the cluster.
message	string	Set to the appropriate error message when 'reachable' is false.
reachable	boolean	Set to true if the Barbican KMS is reachable from all nodes of the cluster.

Name

Type

Description

code

string

Code corresponding to the error message. Returns 0 if Barbican KMS is reachable from all nodes in the cluster.

message

string

Set to the appropriate error message when 'reachable' is false.

reachable

boolean

Set to true if the Barbican KMS is reachable from all nodes of the cluster.

configuration

Security keystore object reference.

Name	Type	Description
_links	_links
name	string	Name of the configuration.
uuid	string	Keystore UUID.

Name

Type

Description

_links

name

string

Name of the configuration.

uuid

string

Keystore UUID.

state

Indicates whether or not the SVM key encryption key (KEK) is available cluster wide. This is an advanced property; there is an added computational cost to retrieving its value. The property is not populated for either a collection GET or an instance GET unless it is explicitly requested using the fields query parameter or GET for all advanced properties is enabled.

Name	Type	Description
cluster_state	boolean	Set to true when an SVM-KEK is present on all nodes of the cluster.
code	string	Code corresponding to the status message. Returns a 0 if the SVM-KEK is available on all nodes in the cluster.
message	string	Error message returned when there's no SVM-KEK availability on the cluster.

Name

Type

Description

cluster_state

boolean

Set to true when an SVM-KEK is present on all nodes of the cluster.

code

string

Code corresponding to the status message. Returns a 0 if the SVM-KEK is available on all nodes in the cluster.

message

string

Error message returned when there's no SVM-KEK availability on the cluster.

svm

SVM, applies only to SVM-scoped objects.

Name	Type	Description
_links	_links
name	string	The name of the SVM. This field cannot be specified in a PATCH method.
uuid	string	The unique identifier of the SVM. This field cannot be specified in a PATCH method.

Name

Type

Description

_links

name

string

The name of the SVM. This field cannot be specified in a PATCH method.

uuid

string

The unique identifier of the SVM. This field cannot be specified in a PATCH method.

error_arguments

Name	Type	Description
code	string	Argument code
message	string	Message argument

Name

Type

Description

code

string

Argument code

message

string

Message argument

returned_error

Name	Type	Description
arguments	array[error_arguments]	Message arguments
code	string	Error code
message	string	Error message
target	string	The target parameter that caused the error.

Name

Type

Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.

Retrieve the Barbican KMS configuration for an SVM

Creating your file...

Related ONTAP commands

Parameters

Response

Error

Definitions