security-key-manager
Suggest changes
PDFs
external-restore-get-iter
Note: In ONTAP 9.8 and earlier releases, there is no REST API to restore key IDs from key management servers.
This ONTAPI call does not have an equivalent REST API call.
external-status-get-iter
GET /api/security/key-managers
Note: In ONTAP 9.8 and earlier releases, there is no REST API to return key management server status.
Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
key-server |
No REST Equivalent |
|
key-server-status |
No REST Equivalent |
|
node |
No REST Equivalent |
|
vserver |
No REST Equivalent |
|
max-records |
max_records |
Specifies the maximum number of records to return before paging. |
key-query-get-iter
GET /api/security/key-managers/{security_key_manager.uuid}/keys/{node.uuid}/key-ids
Note: The REST API is available in ONTAP 9.11 release and onwards. In ONTAP 9.10 and earlier releases, there is no REST API to return information about individual keys.
Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
key-id |
key-id |
|
key-server |
key-server |
|
key-store |
key-store |
|
key-tag |
key-tag |
|
key-type |
key-type |
|
key-user |
key-user |
|
node |
node-uuid |
|
restored |
restored |
|
vserver |
svm-name |
|
max-records |
max_records |
Specifies the maximum number of records to return before paging. |
security-key-manager-add
Note: The security-key-manager-add ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-external-add-servers.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-add-iter
Note: The security-key-manager-add-iter ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-external-add-servers.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-backup-get
Note: The security-key-manager-backup-get ONTAPI has been deprecated as of ONTAP 9.6. This ONTAPI has been replaced by security-key-manager-onboard-backup-get.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-config-get
Note: In ONTAP 9.8 and earlier releases, there is no REST API to retrieve key manager configuration options.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-config-modify
Note: In ONTAP 9.8 and earlier releases, there is no REST API to modify key manager configuration options.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-create-key
Note: The security-key-manager-create-key ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-key-database-create-key. In ONTAP 9.8 and earlier releases, there is no REST API to create an authentication key.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-delete
Note: The security-key-manager-delete ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-external-remove-servers.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-delete-iter
Note: The security-key-manager-delete-iter ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-external-remove-servers.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-delete-keys
Note: The security-key-manager-delete-keys ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-onboard-disable.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-delete-kmip-config
Note: The security-key-manager-delete-kmip-config ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-external-disable.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-external-add-servers
POST /api/security/key-managers/{uuid}/key-servers
Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
key-servers |
server |
When adding a single server, use the server REST API attribute. To add multiple key-servers, use records, which is an array of servers. |
vserver |
No REST Equivalent |
When using a REST API to add key-servers, identify the key manager by the UUID in the path. |
security-key-manager-external-disable
DELETE /api/security/key-managers/{uuid}
Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
vserver |
No REST Equivalent |
When using a REST API to disable a key manager, identify the key manager by the UUID in the path. |
security-key-manager-external-enable
POST /api/security/key-managers
Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
client-cert |
external.client_certificate |
|
key-servers |
external.servers |
|
keyservers-are-clustered |
external.servers.secondary_key_servers |
In the REST API, if external.servers.secondary_key_servers is populated, then the key servers are clustered. |
server-ca-certs |
external.server_ca_certificates |
|
vserver |
svm |
UUID of the SVM to add key-manager to. Not applicable if adding to Vserver. |
security-key-manager-external-get
GET /api/security/key-managers/{uuid}/key-servers/{server}
Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
client-cert |
No REST Equivalent |
|
info |
No REST Equivalent |
|
key-server |
server |
|
keyservers-are-clustered |
No REST Equivalent |
|
server-ca-certs |
No REST Equivalent |
|
timeout |
timeout |
|
vserver |
No REST Equivalent |
UUID in the REST API identifies the key manager. |
key-server |
No REST Equivalent |
ONTAPI attribute key-server is already described in this section. |
security-key-manager-external-get-iter
GET /api/security/key-managers/{uuid}/key-servers
Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
client-cert |
No REST Equivalent |
|
info |
No REST Equivalent |
|
key-server |
server |
|
keyservers-are-clustered |
No REST Equivalent |
|
server-ca-certs |
No REST Equivalent |
|
timeout |
timeout |
|
vserver |
No REST Equivalent |
UUID in the REST API path identifies the key manager. |
max-records |
max_records |
Specifies the maximum number of records to return before paging. |
security-key-manager-external-modify
PATCH /api/security/key-managers/{uuid}
Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
client-cert |
external.client_certificate |
|
keyservers-are-clustered |
external.servers.secondary_key_servers |
In the REST API, if external.servers.secondary_key_servers is populated, then the key servers are clustered. |
server-ca-certs |
external.server_ca_certificates |
|
vserver |
No REST Equivalent |
UUID in the REST API path identifies the key manager to be updated. |
security-key-manager-external-modify-server
PATCH /api/security/key-managers/{uuid}/key-servers/{server}
Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
key-server |
No REST Equivalent |
UUID of the key server is in the REST API path. |
password |
password |
|
secondary-servers |
secondary_key_servers |
|
timeout |
timeout |
|
username |
username |
|
vserver |
No REST Equivalent |
UUID of the key manager to which the key server is associated is in the REST API path. |
security-key-manager-external-remove-servers
DELETE /api/security/key-managers/{uuid}/key-servers/{server}
Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
key-servers |
No REST Equivalent |
UUID of the key-server to remove is in the REST API path. |
vserver |
No REST Equivalent |
UUID of the key manager to which the key server is associated is in the REST API path. |
security-key-manager-get
Note: The security-key-manager-add ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-external-get.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-get-iter
Note: The security-key-manager-add ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-external-get..
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-key-database-create-key
Note: In ONTAP 9.8 and earlier releases, there is no REST API to create a key.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-key-database-delete-key
Note: In ONTAP 9.8 and earlier releases, there is no REST API to delete a key.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-key-migrate
POST /api/security/key-managers/{source.uuid}/migrate
Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
from-vserver |
No REST Equivalent |
source.uuid in the REST API path specifies the from key-manager |
to-vserver |
uuid |
uuid specifies the "to" key-manager |
security-key-manager-key-store-get-iter
Note: In ONTAP 9.8 and earlier releases, there is no REST API to retrieve the key-store of each key manager. However, you can use the GET /api/security/key-managers REST API to get information about one or more key managers. Included in that information are the details about the key-store for each key manager.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-onboard-backup-get
GET /api/security/key-managers/{uuid}
Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
vserver |
No REST Equivalent |
UUID in the REST API path identifies the key manager for which to retrieve the backup. |
security-key-manager-onboard-disable
DELETE /api/security/key-managers/{uuid}
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
vserver |
No REST Equivalent |
UUID in the REST API path identifies the key manager to disable. |
security-key-manager-onboard-enable
POST /api/security/key-managers
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
cc-mode-enabled |
No REST Equivalent |
|
okm-on-usb-enabled |
No REST Equivalent |
|
onboard-passphrase |
onboard.passphrase |
|
vserver |
No REST Equivalent |
security-key-manager-onboard-sync
PATCH /api/security/key-managers/{uuid}
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
passphrase |
onboard.existing_passphrase |
|
vserver |
No REST Equivalent |
UUID in the REST API path identifies the key manager to sync. |
security-key-manager-onboard-update-passphrase
PATCH /api/security/key-managers/{uuid}
Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.
| ONTAPI attribute | REST attribute | Comment |
|---|---|---|
existing-passphrase |
onboard.existing_passphrase |
|
new-passphrase |
onboard.passphrase |
|
vserver |
No REST Equivalent |
UUID in the REST API path identifies the key manager to update. |
security-key-manager-query-get
Note: The security-key-manager-query-get ONTAPI is deprecated. This ONTAPI is replaced by key-query-get-iter. In ONTAP 9.8 and earlier releases, there is no REST API to query individual keys.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-query-get-iter
Note: The security-key-manager-query-get-iter ONTAPI is deprecated. This ONTAPI is replaced by key-query-get-iter. In ONTAP 9.8 and earlier releases, there is currently no REST API to query individual keys.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-query-v2-get
Note: The security-key-manager-query-v2-get ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by key-query-get-iter. In ONTAP 9.8 and earlier releases, there is no REST API to query individual keys.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-query-v2-get-iter
Note: The security-key-manager-query-v2-get-iter ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by key-query-get-iter. In ONTAP 9.8 and earlier releases, there is no REST API to query individual keys.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-restore-get
Note: The security-key-manager-restore-get ONTAPI is deprecated. This ONTAPI is replaced by external-restore-get-iter. In ONTAP 9.8 and earlier releases, there is no REST API to restore key IDs from key management servers.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-restore-get-iter
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-restore-v2-get
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-restore-v2-get-iter
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-setup
Note: The security-key-manager-setup ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-onboard-enable for Onboard Key Manager (OKM) and security-key-manager-external-enable for External Key Management (EKM).
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-update-passphrase
Note: The security-key-manager-update-passphrase ONTAPI is deprecated as of ONTAP 9.6. This ONTAPI is replaced by security-key-manager-onboard-update-passphrase to update the passphrase on the local cluster and security-key-manager-onboard-sync to update the passphrase on the partner cluster.
This ONTAPI call does not have an equivalent REST API call.
security-key-manager-volume-encryption-supported
Note: There is no REST API to determine if volume_encryption is supported. However, you can use the GET /api/security/key-managers REST API to get information about one or more key managers. Included in that information is whether volume_encryption is supported.
This ONTAPI call does not have an equivalent REST API call.