Loading TOC...

GET /manage/v2/security/properties

Summary

Retrieve security properties for a cluster.

URL Parameters
format The format of the data in the response. Allowed values: json (default), xml, or html. This value overrides the Accept header if both are present.
Request Headers
Accept The expected MIME type of the response. If the format parameter is present, it takes precedence over the Accept header. Allowed values: application/json, application/xml, text/html.
Response Headers
Content-type The MIME type of the data in the reponse, based on the value of the format parameter or Accept header. One of the following: application/xml, application/json, or text/html.

Response

Upon success, MarkLogic Server returns status code 200 (OK). If the request is malformed, a status code of 400 (Bad Request) is returned. A status code of 401 (Unauthorized) is returned if the user does not have the necessary privileges.

Required Privileges

This operation requires the security and manage-admin roles or equivalent privileges.

Usage Notes

The properties that can be returned are listed below.

Note: The properties described here are for XML payloads. In general they are the same for JSON, with the exception that, in JSON, roles is expressed in singular form. For example, in JSON, roles is instead role and the format is: "role":["rolename"].

The structure of the output returned from this REST API is as follows:

keystore

The Key Management Server specification.

This is a complex structure with the following children:

keystore-id

An identifying the keystore

data-encryption

Enable encryption at rest for user data

config-encryption

Enable encryption at rest for configuration files

logs-encryption

Enable encryption at rest for new log files, log files created from this point on.

kms-type

Type of KMS.

backup-option

The embedded KMS is included in backups automatically, to prevent inclusion of the embedded KMS in backups this field should be set to exclude

host-name

The host name of the Key Management Server

port

The Key Management Server's client socket port number

data-encryption-key-id

An string identifying the encryption key at the KMS that should be use to encrypt user data

config-encryption-key-id

An string identifying the encryption key at the KMS that should be use to encrypt configuration files

logs-encryption-key-id

An string identifying the encryption key at the KMS that should be use to encrypt log files

kmip-certificate-path

A path to the Cluster's certificate PEM for securing SSL/TLS communications with the KMS. Each host must have it's copy at the same path.

kmip-key-path

A path to the Cluster's private key PEM for securing SSL/TLS communications with the KMS. Each host must have it's copy at the same path.

kmip-CA-path

A path to the certificate authority (CA) PEM for securing SSL/TLS communications with the KMS. Each host must have it's copy at the same path.

key-size

The minimum size of the encryption keys generated by MarkLogic

slot-id

The HSM token slot id to be used, default 0

p11-driver-path

Path to a shared library that provides support for PKCS#11 devices

p11-wallet-path

Path to a directory where the HSM wallet is located

kms-init-id

logs-encryption-auxiliary-id

Example


curl -X -GET --anyauth -u username:password -H "Accept:application/json" \
  http://localhost:8002/manage/v2/security/properties 

==> MarkLogic returns a response similar to the following:

HTTP/1.1 200 OK
ETag: 3b00eced72d4589d7e2b1a6151698343
Content-type: application/json; charset=UTF-8
Cache-Control: no-cache
Expires: -1
Server: MarkLogic
Content-Length: 355
Connection: Keep-Alive
Keep-Alive: timeout=5

{ "keystore": {
    "data-encryption": "default-off",
    "config-encryption": "off",
    "logs-encryption": "off",
    "kms-type": "internal",
    "host-name": "localhost",
    "port": 9056,
    "data-encryption-key-id": "b38a2a30-0d99-4b94-ad72-ede292fd920b",
    "config-encryption-key-id": "e60db9ce-98e7-4d6f-9eb3-0ed49ef8fe8b",
    "logs-encryption-key-id": "ebc99a7d-3dc5-4991-a231-42ca68e42640"
} }
    

Example


curl -X -GET --anyauth -u username:password -H "Accept:application/xml" \
  http://localhost:8002/manage/v2/security/properties 
 
==> MarkLogic returns a response similar to the following:

HTTP/1.1 200 OK
ETag: 3b00eced72d4589d7e2b1a6151698343
Content-type: application/xml; charset=UTF-8
Cache-Control: no-cache
Expires: -1
Server: MarkLogic
Content-Length: 789
Connection: Keep-Alive
Keep-Alive: timeout=5

<security-properties 
   xsi:schemaLocation="http://marklogic.com/manage/security/properties manage-security-properties.xsd"
   xmlns="http://marklogic.com/manage/security/properties"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <keystore>
    <data-encryption>default-off</data-encryption>
    <config-encryption>on</config-encryption>
    <logs-encryption>off</logs-encryption>
    <kms-type>internal</kms-type>
    <host-name>localhost</host-name>
    <port>9056</port>
    <data-encryption-key-id>8003785c-3fb6-48d2-bb7a-1785ec31a69f</data-encryption-key-id>
    <config-encryption-key-id>96d7c56b-eb6c-4e9a-b3f1-eb10aa82b586</config-encryption-key-id>
    <logs-encryption-key-id>084ddf54-a463-40eb-97a8-e5d3af9753f9</logs-encryption-key-id>
  </keystore>
</security-properties>
    

Comments

    Powered by MarkLogic Server 7.0-4.1 and rundmc | Terms of Use | Privacy Policy