security-key-manager

Contributors

external-restore-get-iter

Note: In ONTAP 9.8 and earlier releases, there is no REST API to restore key IDs from key management servers.

This ONTAPI call does not have an equivalent REST API call.

external-status-get-iter

GET /api/security/key-managers

Note: In ONTAP 9.8 and earlier releases, there is no REST API to return key management server status.

Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

key-server

No REST Equivalent

key-server-status

No REST Equivalent

node

No REST Equivalent

vserver

No REST Equivalent

max-records

max_records

Specifies the maximum number of records to return before paging.

key-query-get-iter

GET /api/security/key-managers/{security_key_manager.uuid}/keys/{node.uuid}/key-ids

Note: The REST API is available in ONTAP 9.11 release and onwards. In ONTAP 9.10 and earlier releases, there is no REST API to return information about individual keys.

Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

key-id

key-id

key-server

key-server

key-store

key-store

key-tag

key-tag

key-type

key-type

key-user

key-user

node

node-uuid

restored

restored

vserver

svm-name

max-records

max_records

Specifies the maximum number of records to return before paging.

security-key-manager-add

Note: The security-key-manager-add ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-external-add-servers.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-add-iter

Note: The security-key-manager-add-iter ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-external-add-servers.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-backup-get

Note: The security-key-manager-backup-get ONTAPI has been deprecated as of ONTAP 9.6. This ONTAPI has been replaced by security-key-manager-onboard-backup-get.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-config-get

Note: In ONTAP 9.8 and earlier releases, there is no REST API to retrieve key manager configuration options.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-config-modify

Note: In ONTAP 9.8 and earlier releases, there is no REST API to modify key manager configuration options.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-create-key

Note: The security-key-manager-create-key ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-key-database-create-key. In ONTAP 9.8 and earlier releases, there is no REST API to create an authentication key.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-delete

Note: The security-key-manager-delete ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-external-remove-servers.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-delete-iter

Note: The security-key-manager-delete-iter ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-external-remove-servers.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-delete-keys

Note: The security-key-manager-delete-keys ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-onboard-disable.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-delete-kmip-config

Note: The security-key-manager-delete-kmip-config ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-external-disable.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-external-add-servers

POST /api/security/key-managers/{uuid}/key-servers

Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

key-servers

server

When adding a single server, use the server REST API attribute. To add multiple key-servers, use records, which is an array of servers.

vserver

No REST Equivalent

When using a REST API to add key-servers, identify the key manager by the UUID in the path.

security-key-manager-external-disable

DELETE /api/security/key-managers/{uuid}

Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

vserver

No REST Equivalent

When using a REST API to disable a key manager, identify the key manager by the UUID in the path.

security-key-manager-external-enable

POST /api/security/key-managers

Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

client-cert

external.client_certificate

key-servers

external.servers

keyservers-are-clustered

external.servers.secondary_key_servers

In the REST API, if external.servers.secondary_key_servers is populated, then the key servers are clustered.

server-ca-certs

external.server_ca_certificates

vserver

svm

UUID of the SVM to add key-manager to. Not applicable if adding to Vserver.

security-key-manager-external-get

GET /api/security/key-managers/{uuid}/key-servers/{server}

Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

client-cert

No REST Equivalent

info

No REST Equivalent

key-server

server

keyservers-are-clustered

No REST Equivalent

server-ca-certs

No REST Equivalent

timeout

timeout

vserver

No REST Equivalent

UUID in the REST API identifies the key manager.

key-server

No REST Equivalent

ONTAPI attribute key-server is already described in this section.

security-key-manager-external-get-iter

GET /api/security/key-managers/{uuid}/key-servers

Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

client-cert

No REST Equivalent

info

No REST Equivalent

key-server

server

keyservers-are-clustered

No REST Equivalent

server-ca-certs

No REST Equivalent

timeout

timeout

vserver

No REST Equivalent

UUID in the REST API path identifies the key manager.

max-records

max_records

Specifies the maximum number of records to return before paging.

security-key-manager-external-modify

PATCH /api/security/key-managers/{uuid}

Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

client-cert

external.client_certificate

keyservers-are-clustered

external.servers.secondary_key_servers

In the REST API, if external.servers.secondary_key_servers is populated, then the key servers are clustered.

server-ca-certs

external.server_ca_certificates

vserver

No REST Equivalent

UUID in the REST API path identifies the key manager to be updated.

security-key-manager-external-modify-server

PATCH /api/security/key-managers/{uuid}/key-servers/{server}

Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

key-server

No REST Equivalent

UUID of the key server is in the REST API path.

password

password

secondary-servers

secondary_key_servers

timeout

timeout

username

username

vserver

No REST Equivalent

UUID of the key manager to which the key server is associated is in the REST API path.

security-key-manager-external-remove-servers

DELETE /api/security/key-managers/{uuid}/key-servers/{server}

Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

key-servers

No REST Equivalent

UUID of the key-server to remove is in the REST API path.

vserver

No REST Equivalent

UUID of the key manager to which the key server is associated is in the REST API path.

security-key-manager-get

Note: The security-key-manager-add ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-external-get.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-get-iter

Note: The security-key-manager-add ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-external-get..

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-key-database-create-key

Note: In ONTAP 9.8 and earlier releases, there is no REST API to create a key.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-key-database-delete-key

Note: In ONTAP 9.8 and earlier releases, there is no REST API to delete a key.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-key-migrate

POST /api/security/key-managers/{source.uuid}/migrate

Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

from-vserver

No REST Equivalent

source.uuid in the REST API path specifies the from key-manager

to-vserver

uuid

uuid specifies the "to" key-manager

security-key-manager-key-store-get-iter

Note: In ONTAP 9.8 and earlier releases, there is no REST API to retrieve the key-store of each key manager. However, you can use the GET /api/security/key-managers REST API to get information about one or more key managers. Included in that information are the details about the key-store for each key manager.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-onboard-backup-get

GET /api/security/key-managers/{uuid}

Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

vserver

No REST Equivalent

UUID in the REST API path identifies the key manager for which to retrieve the backup.

security-key-manager-onboard-disable

DELETE /api/security/key-managers/{uuid}

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

vserver

No REST Equivalent

UUID in the REST API path identifies the key manager to disable.

security-key-manager-onboard-enable

POST /api/security/key-managers

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

cc-mode-enabled

No REST Equivalent

okm-on-usb-enabled

No REST Equivalent

onboard-passphrase

onboard.passphrase

vserver

No REST Equivalent

security-key-manager-onboard-sync

PATCH /api/security/key-managers/{uuid}

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

passphrase

onboard.existing_passphrase

vserver

No REST Equivalent

UUID in the REST API path identifies the key manager to sync.

security-key-manager-onboard-update-passphrase

PATCH /api/security/key-managers/{uuid}

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

existing-passphrase

onboard.existing_passphrase

new-passphrase

onboard.passphrase

vserver

No REST Equivalent

UUID in the REST API path identifies the key manager to update.

security-key-manager-query-get

Note: The security-key-manager-query-get ONTAPI is deprecated. This ONTAPI is replaced by key-query-get-iter. In ONTAP 9.8 and earlier releases, there is no REST API to query individual keys.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-query-get-iter

Note: The security-key-manager-query-get-iter ONTAPI is deprecated. This ONTAPI is replaced by key-query-get-iter. In ONTAP 9.8 and earlier releases, there is currently no REST API to query individual keys.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-query-v2-get

Note: The security-key-manager-query-v2-get ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by key-query-get-iter. In ONTAP 9.8 and earlier releases, there is no REST API to query individual keys.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-query-v2-get-iter

Note: The security-key-manager-query-v2-get-iter ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by key-query-get-iter. In ONTAP 9.8 and earlier releases, there is no REST API to query individual keys.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-restore-get

Note: The security-key-manager-restore-get ONTAPI is deprecated. This ONTAPI is replaced by external-restore-get-iter. In ONTAP 9.8 and earlier releases, there is no REST API to restore key IDs from key management servers.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-restore-get-iter

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-restore-v2-get

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-restore-v2-get-iter

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-setup

Note: The security-key-manager-setup ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-onboard-enable for Onboard Key Manager (OKM) and security-key-manager-external-enable for External Key Management (EKM).

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-update-passphrase

Note: The security-key-manager-update-passphrase ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-onboard-update-passphrase to update the passphrase on the local cluster and security-key-manager-onboard-sync to update the passphrase on the partner cluster.

This ONTAPI call does not have an equivalent REST API call.

security-key-manager-volume-encryption-supported

Note: There is no REST API to determine if volume_encryption is supported. However, you can use the GET /api/security/key-managers REST API to get information about one or more key managers. Included in that information is whether volume_encryption is supported.

This ONTAPI call does not have an equivalent REST API call.