Getting information about a list of encryption keys

REST API Reference Guide for Virtual Storage Platform 5000, Virtual Storage Platform E Series, and Virtual Storage Platform G/F Series

Version
93-07-0x
90-09-0x
88-08-10
Audience
anonymous
Part Number
MK-98RD9014-17
You can get information about a list of encryption keys.

Execution permission

Security Administrator (View Only)

Request line

GET base-URL/v1/objects/encryption-keys

Request message

Object ID
None.
Query parameters

Parameter

Type

Filter condition

keyType

string

(Required) Type of keys for which information is to be obtained

  • DEK
  • CEK
  • KEK
  • FREE
  • DEKANDFREE (DEK and FREE)

If you specify DEK, FREE, or DEKANDFREE for this parameter, you can specify other optional parameters.

startKeyId

int

(Optional) ID of the key from which to start getting information

Specify a value in the range from 0 to 4095.

This parameter is valid only if you specify DEK, FREE, or DEKANDFREE for the keyType parameter.

If this parameter is omitted, 0 is assumed.

count

int

(Optional) Number of keys for which information is to be obtained

Specify a value in the range from 1 to 1024.

This parameter is valid only if you specify DEK, FREE, or DEKANDFREE for the keyType parameter.

If this parameter is omitted, 1024 is assumed.

startCreatedTime

ISO8601string

(Optional) Information is obtained about keys that were created on or after the specified date and time.

Specify a value in YYYY-MM-DDThh:mm:ssZ format.

If you also specify the endCreatedTime parameter, specify a date and time that is earlier than the date and time specified for the endCreatedTime parameter.

This parameter is valid only if you specify DEK, FREE, or DEKANDFREE for the keyType parameter.

endCreatedTime

ISO8601string

(Optional) Information is obtained about keys that were created on or before the specified date and time.

Specify a value in YYYY-MM-DDThh:mm:ssZ format.

If you also specify the startCreatedTime parameter, specify a date and time that is later than the date and time specified for the startCreatedTime parameter.

This parameter is valid only if you specify DEK, FREE, or DEKANDFREE for the keyType parameter.

Body

None.

Response message

Body
{
    "data": [
        {
            "keyId": "6",
            "createdTime": "2018-10-29T04:32:26Z",
            "keyType": "DEK",
            "uuid": "-",
            "targetDeviceLocation": "HDD00-08",
            "keyGeneratedLocation": "DKC",
            "numOfBackups": 4
        },
        {
            "keyId": "7",
            "createdTime": "2018-10-29T04:32:26Z",
            "keyType": "DEK",
            "uuid": "-",
            "targetDeviceLocation": "HDD00-09",
            "keyGeneratedLocation": "DKC",
            "numOfBackups": 4
        }
    ]
}

Attribute

Type

Description

keyId

string

ID of the key

If the value of the keyType attribute is CEK or KEK, a hyphen (-) is output.

createdTime

ISO8601string

Date and time when the key was created

If the value of the keyType attribute is KEK and the value of the keyGeneratedLocation attribute is DKC, a hyphen (-) is output.

keyType

string

Type of the key

  • DEK: Encryption key

    The key is used to encrypt stored data.

  • CEK: Key for authentication

    This key is used to encrypt a certificate. It is also used when a DEK is stored in a DKB.

  • KEK: Key for encrypting keys

    This key is used to encrypt a CEK, a DEK, or a FREE key. Only one KEK exists for each storage system.

  • FREE: Unused key that has not been assigned an encryption key

uuid

string

UUID of the key

If the value of the keyType attribute is not KEK, or if the value of the keyType attribute is KEK but no key management server is linked, a hyphen (-) is output.

targetDeviceLocation

string

Device to which the key is assigned

  • Location number of the drive (if the key type is DEK)
  • Location number of the controller (if the key type is CEK)
  • A hyphen (-) (if the key type is KEK or FREE)

keyGeneratedLocation

string

Location where the key was created

  • DKC: Storage system
  • KMS: Key management server

numOfBackups

int

Number of times the key was backed up

If the value of the keyType attribute is KEK, -1 is output, indicating an invalid value.

Status codes

The following table describes the meaning of the status code of the request for this operation. For details on other status codes, see the description on HTTP status codes.

Status code

Message

Description

412

Precondition Failed

This operation is not supported for the microcode version of the storage system.

Coding example

curl -v -H "Accept:application/json" -H "Content-Type:application/json" -H "Authorization:Session d7b673af189048468c5af9bcf3bbbb6f" -X GET https://192.0.2.100/ConfigurationManager/v1/objects/encryption-keys?keyType=DEK