Set encryption state

Content Platform for Cloud Scale Management API Reference

Version
2.6.x
Audience
anonymous
Part Number
MK-HCPCS007-09

You can start encryption globally for the HCP for cloud scale system. Starting encryption initializes, configures, and unseals the key management server and returns an initial root token and a set of unseal keys. Once encryption is started, it can't be removed. The best practice is to encrypt and securely store the initial root token and unseal keys separately.

HTTP request syntax (URI)

POST https://host_ip:9099/mapi/v1/s3_encryption/set

Request structure

Not applicable.

Response structure

The response body structure is:

{
  "value": {true|false},
  "rootToken":"root_token,
  "unsealKeys":["unseal_key_1","unseal_key_2","unseal_key_3","unseal_key_4","unseal_key_5"]
  }

Parameter

Type

Description

value Boolean true if encryption is on, false otherwise.
rootToken Hex The initial root token, used to authenticate login to the key management server.
unsealKeys Hex A set of unseal keys. A quorum of unseal keys is required to restart the key management server.

Return codes

Status code

HTTP name

Description

200 OK The request was executed successfully.
401 Unauthorized Access was denied because credentials are not valid.
405 Method Not Allowed The specified HTTP method is not allowed for a storage component. Resend using POST.
503 Service Unavailable The key management system has not been set up.

Example

Request example:

POST https://10.10.24.195:9099/mapi/v1/s3_encryption/set

JSON response:

{
  "value":true,
  "rootToken":"s.FBZngLG9RcyjBzddCxTwoMkk",
  "unsealKeys":[
    "f7a0652cbe07d573a7eeab127ff102454c33adc9402e49622ffa5b5f43cec0794e",
    "4d7e620a694cb607dd1e503027f82880f376edfb1024548d0121572a3dc989c685",
    "6c6081054e26ec55824eb97481acd1f31d660d99e4ba158ca4248e39a8d4de1e16",
    "5dd42c8c60d60469d675dbaad15ff2a78d262cb42e2f9a798aa0b09f368b8caff4",
    "fdc2f29b4359a550916b43071501dab257b73f911960c7fc793f1a279f71091482"]
}