You can start encryption globally for the HCP for cloud scale system. Starting encryption initializes, configures, and unseals the key management server and returns an initial root token and a set of unseal keys. Once encryption is started, it can't be removed. The best practice is to encrypt and securely store the initial root token and unseal keys separately.
HTTP request syntax (URI)
POST https://host_ip:9099/mapi/v1/s3_encryption/set
Request structure
Not applicable.
Response structure
The response body structure is:
{ "value": {true|false}, "rootToken":"root_token, "unsealKeys":["unseal_key_1","unseal_key_2","unseal_key_3","unseal_key_4","unseal_key_5"] }
Parameter |
Type |
Description |
---|---|---|
value | Boolean | true if encryption is on, false otherwise. |
rootToken | Hex | The initial root token, used to authenticate login to the key management server. |
unsealKeys | Hex | A set of unseal keys. A quorum of unseal keys is required to restart the key management server. |
Return codes
Status code |
HTTP name |
Description |
---|---|---|
200 | OK | The request was executed successfully. |
401 | Unauthorized | Access was denied because credentials are not valid. |
405 | Method Not Allowed | The specified HTTP method is not allowed for a storage component. Resend using POST. |
503 | Service Unavailable | The key management system has not been set up. |
Example
Request example:
POST https://10.10.24.195:9099/mapi/v1/s3_encryption/set
JSON response:
{ "value":true, "rootToken":"s.FBZngLG9RcyjBzddCxTwoMkk", "unsealKeys":[ "f7a0652cbe07d573a7eeab127ff102454c33adc9402e49622ffa5b5f43cec0794e", "4d7e620a694cb607dd1e503027f82880f376edfb1024548d0121572a3dc989c685", "6c6081054e26ec55824eb97481acd1f31d660d99e4ba158ca4248e39a8d4de1e16", "5dd42c8c60d60469d675dbaad15ff2a78d262cb42e2f9a798aa0b09f368b8caff4", "fdc2f29b4359a550916b43071501dab257b73f911960c7fc793f1a279f71091482"] }