Loading TOC...

POST /manage/v2/security

Summary

Perform a security operation such as rotating configuration, data, or log encryption keys.

URL Parameters
operation The operation to be performed. Allowed values: rotate-config-encryption-key, rotate-data-encryption-key, rotate-logs-encryption-key, import-wallet, export-wallet. You can only use this parameter when put the request parameters in request body and use application/x-www-form-url-encoded as the request content type. For other request content types, specify the operation in the JSON or XML payload.
filename When operation is import-wallet, the fully qualified path to an encrypted wallet file on the MarkLogic host. When operation is export-wallet, the fully qualified path to a file on the MarkLogic host where the encrypted wallet should be saved. You can only use this parameter when put the request parameters in request body and use application/x-www-form-url-encoded as the request content type. For other request content types, specify the filename in the JSON or XML payload.
password When operation is import-wallet, password with which to decrypt the wallet file. When operation is export-wallet, the password with which to encrypt the wallet file. You can only use this parameter when put the request parameters in request body and use application/x-www-form-url-encoded as the request content type. For other request content types, specify the password in the JSON or XML payload.
Request Headers
Content-type The MIME type of the data in the request body. Depending upon the value of the format parameter or Accept header, one of application/xml, application/json, or application/x-www-form-url-encoded.

Response

A successful call to the endpoint will return the HTTP code 201 Created. The request has been fulfilled, resulting in the creation of a new resource.

application/x-www-form-urlencoded Form Encoded
application/xml XML Content
application/json JSON Content

Required Privileges

This operation requires the manage-admin role, or the following privilege:

http://marklogic.com/xdmp/privileges/manage, http://marklogic.com/xdmp/privileges/manage-admin

Usage Notes

When importing or exporting a wallet file, the file name specified in the request must be reachable from the host that receives this request. The specified file must be readable by MarkLogic on import, and writable by MarkLogic on export.

Use the export-wallet and import-wallet operations to export or import a keystore wallet. Use the rotate-*-encryption-key operations to manually rotate your various encryption keys. For more details, see Key Management in the Security Guide.

Example


# Rotating the configuration encryption key:
curl --anyauth --user username:password -i -X POST --header "Content-Type:application/json" \
   -d '{"operation":"rotate-config-encryption-key"}' \
   https://localhost:8002/manage/v2/security

Example


# Import a wallet to MarkLogic
curl --anyauth --user username:password -i -X POST --header "Content-Type:application/json" \
   -d '{"operation":"import-wallet", "filename"="/your/file/here", "password": "yourpassword"}' \
   https://localhost:8002/manage/v2/security

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.