You can generate new key encryption keys (KEKs) for all storage components.
HTTP request syntax (URI)
POST https://host_ip:9099/mapi/v1/s3_encryption/rekey
Request structure
{ "code": "{KEY_COMPROMISE|SUPERSEDED}"[, "message": "reason"] }
Parameter | Required | Type | Description |
---|---|---|---|
code | Yes | Enum | KEY_COMPROMISE if rekey is requested because a key was compromised, SUPERSEDED if rekey is requested per policy or another reason. |
message | No | String | Text details on the reason for asking for new keys. |
Response structure
Not applicable.
Return codes
Status code |
HTTP name |
Description |
---|---|---|
200 | OK | The request was executed successfully. |
400 | Bad Request | Encryption is not enabled on the HCP for cloud scale system. |
401 | Unauthorized | Access was denied because credentials are not valid. |
405 | Method Not Allowed | The specified HTTP method is not allowed. Resend using POST. |
Example
Request example:
POST https://10.10.24.195:9099/mapi/v1/s3_encryption/rekey
JSON request:
{ "code": "SUPERSEDED", "message": "Retire existing keys 2022-12-31" }