Create a Key Management Server (REST API: POST)

Updated

This operation creates a key management server.

Request

Syntax

Send the request using either XML or JSON:

  • XML

    POST <webservice>/CommCell/KeyManagementServers HTTP/1.1 Host: <host name> Accept: application/xml Authtoken: <authentication token> Content-type: application/xml <create_key_management_server_template.xml>

  • JSON

    POST <webservice>/CommCell/KeyManagementServers HTTP/1.1 Host: <host name> Accept: application/json Authtoken: <authentication token> Content-type: application/json <create_key_management_server_template.json>

where <webservice> is the root path that routes the API requests to the Web Server.

For more information, see Available Web Services for REST API.

Request Headers

Name

Description

Host

The host name of the Web Server or the Web Console that is used in the API request.

Accept

The format of the response. Valid values are: application/xml or application/json.

Authtoken

The authentication token that you receive after successfully logging on. For information about receiving an authentication token, see Authentication.

Content-type

The media type that is contained in the request body.

Request Body

Download the XML or JSON file required for this request: create_key_management_server_template.xml or create_key_management_server_template.json. The following table displays the parameters for the request body.

Parameter

Description and Parameter Values

Element

keyProviderName

The name of the key provider

provider

keyProviderType

The provider type of the key management server.

Valid values are:

  • 1, Commvault

  • 2, Key Management Interoperability Protocol (KMIP)

  • 3, Amazon Web Services (AWS)

  • 4, Azure Key Vault

  • 5, SafeNet

  • 6, Passphrase

keyProvider

encryptionType

The cipher to use for data encryption.

Valid values are:

  • 1, AES

  • 2, BLOWFISH

  • 3, DES3

  • 4, GOST

  • 5, SERPENT

  • 6, TWOFISH

keyProvider

encryptionKeyLength

The key length to use with the Advanced Encryption Standard (AES) cipher.

Valid values are:

  • 128

  • 256

keyProvider

host

The IP address or hostname of the third-party key management server. If you have a cluster server setup, then specify the host values of all servers, separated by a comma.

properties

port

The port used by the key management server. If you have a cluster server setup, then all servers must use the same port.

properties

certFilePath

The location of the client certificate.

properties

sslPassPhrase

The passphrase of the certificate, if a passphrase is set.

properties

keyFilePath

The location of the client certificate key.

properties

caCertFilePath

The location of the key management server certificate authority (CA) certificate.

properties

regionName

The region where AWS hosts the key management service.

properties

userName

The AWS Access Key.

userAccount

password

The AWS Secret Access Key.

userAccount

passphrase

The passphrase for the passphrase key management server.

userAccount

clientName

The name of the client that stores the passphrase file for a passphrase key management server.

client

path

The location to export the passphrase file for a passphrase key management server to.

filePath

Response

Response Parameters

Parameter

Description

Element

errorCode

The possible error codes.

Valid values are:

  • 0, a successful completion.

  • 2, a failure.

  • a specific error code.

App_GenericKeyProviderResp

Examples

Sample Request

This request creates a key management server.

XML

POST <webservice>/CommCell/KeyManagementServers HTTP/1.1
Host: client.mydomain.com
Accept: application/xml
Authtoken: QSDK 38568012f4d1e8ee1841d283a47aa3ba78e124ea58354b5fc6
0f4dab8a63347d05cf5552484dafda3bfa4c5db84e580b1cb37bcf8e65b39f7f
8549a443e6f78a2c7be3f31b3d845e24776c835e498e8e883bb40c46bd15af4f
40ca94e823acedcdd4e9659e74b34a07a85c4586cd2ed914b6dce015874783ef7
68fda78183a4208930954a377f66eb56c8b92cexampl4s437a19317ca6ce7f323
3d5a01aca35dbad93468b833f2cf71010809006a937670adce711ca8be46638e8
Content-type: application/xml
<App_AddEncKeyProviderReq>
    <keyProvider>
        <provider>
            <keyProviderName>AWS</keyProviderName>
        </provider>
        <keyProviderType>3</keyProviderType>
        <encryptionType>3</encryptionType>
        <encryptionKeyLength>128</encryptionKeyLength>
        <properties>
            <host></host>
            <port></port>
            <certFilePath></certFilePath>
            <sslPassPhrase></sslPassPhrase>
            <keyFilePath></keyFilePath>
            <caCertFilePath></caCertFilePath>
            <regionName>US East (Ohio)</regionName>
            <userAccount>
                <userName>AKIAJ2N4YJUMDWM2NYEA</userName>
                <password>f09Ly5Vp9gNYTmgWSxSPwz94GDbzQWqXAybYG0PQ</password>
            </userAccount>
            <passphrase></passphrase>
            <passphraseClient>
                <client>
                    <clientName></clientName>
                </client>
                <filePath>
                    <path></path>
                </filePath>
            </passphraseClient>
        </properties>
    </keyProvider>
</App_AddEncKeyProviderReq>
    

JSON

POST <webservice>/CommCell/KeyManagementServers HTTP/1.1
Host: client.mydomain.com
Accept: application/json
Authtoken: QSDK 38568012f4d1e8ee1841d283a47aa3ba78e124ea58354b5fc6
0f4dab8a63347d05cf5552484dafda3bfa4c5db84e580b1cb37bcf8e65b39f7f
8549a443e6f78a2c7be3f31b3d845e24776c835e498e8e883bb40c46bd15af4f
40ca94e823acedcdd4e9659e74b34a07a85c4586cd2ed914b6dce015874783ef7
68fda78183a4208930954a377f66eb56c8b92cexampl4s437a19317ca6ce7f323
3d5a01aca35dbad93468b833f2cf71010809006a937670adce711ca8be46638e8
Content-type: application/json
{
    "keyProvider": {
      "provider": { "keyProviderName":"AWS"},
      "keyProviderType":3,
      "encryptionType":3,
      "encryptionKeyLength":128,
      "properties": {
        "regionName":"US East (Ohio)",
        "userAccount": {
          "userName": "AKIAJ2N4YJUMDWM2NYEA",
          "password": "f09Ly5Vp9gNYTmgWSxSPwz94GDbzQWqXAybYG0PQ"
        },
        "passphraseClient":[
                {
                                "client": {
                                },
                                "filePath": {
                                }
                }
        ]
      }
    }
}
    

Sample Response

XML

<App_GenericKeyProviderResp errorCode="0"/>
    

JSON

{
    "errorCode": 0
}