Loading TOC...

POST /manage/v2/security

Summary

Perform a security operation such as rotating configuration, data, or log encryption keys.

URL Parameters
operation The operation to be performed. Allowed values: rotate-config-encryption-key, rotate-data-encryption-key, rotate-logs-encryption-key, import-wallet, export-wallet. You can only use this parameter when put the request parameters in request body and use application/x-www-form-url-encoded as the request content type. For other request content types, specify the operation in the JSON or XML payload.
filename When operation is import-wallet, the fully qualified path to an encrypted wallet file on the MarkLogic host. When operation is export-wallet, the fully qualified path to a file on the MarkLogic host where the encrypted wallet should be saved. You can only use this parameter when put the request parameters in request body and use application/x-www-form-url-encoded as the request content type. For other request content types, specify the filename in the JSON or XML payload.
password When operation is import-wallet, password with which to decrypt the wallet file. When operation is export-wallet, the password with which to encrypt the wallet file. You can only use this parameter when put the request parameters in request body and use application/x-www-form-url-encoded as the request content type. For other request content types, specify the password in the JSON or XML payload.
Request Headers
Content-type The MIME type of the data in the request body. Depending upon the value of the format parameter or Accept header, one of application/xml, application/json, or application/x-www-form-url-encoded.

Response

A successful call to the endpoint will return the HTTP code 201 Created. The request has been fulfilled, resulting in the creation of a new resource.

application/x-www-form-urlencodedForm Encoded
application/xmlXML Content
application/jsonJSON Content

Required Privileges

This operation requires the manage-admin role, or the following privilege:

http://marklogic.com/xdmp/privileges/manage

Usage Notes

When importing or exporting a wallet file, the file name specified in the request must be reachable from the host that receives this request. The specified file must be readable by MarkLogic on import, and writable by MarkLogic on export.

Use the export-wallet and import-wallet operations to export or import a keystore wallet. Use the rotate-*-encryption-key operations to manually rotate your various encryption keys. For more details, see Key Management in the Security Guide.

Example


# Rotating the configuration encryption key:
curl --anyauth --user username:password -i -X POST --header "Content-Type:application/json" \
   -d '{"operation":"rotate-config-encryption-key"}' \
   https://localhost:8002/manage/v2/security
    

Example


# Import a wallet to MarkLogic
curl --anyauth --user username:password -i -X POST --header "Content-Type:application/json" \
   -d '{"operation":"import-wallet", "filename"="/your/file/here", "password": "yourpassword"}' \
   https://localhost:8002/manage/v2/security
    

Comments

    Powered by MarkLogic Server 7.0-4.1 and rundmc | Terms of Use | Privacy Policy