Loading TOC...

PUT /manage/v2/security/properties

Summary

Update security properties.

URL Parameters
format The format of the posted data. Can be either json (default) or xml. This value overrides the Accept header if both are present.
Request Headers
Accept The expected MIME type of the response. If the format parameter is present, it takes precedence over the Accept header. Allowed values: application/json, application/xml.
Content-type The MIME type of the data in the request body, either application/xml or application/json.
Response Headers
Content-type The MIME type of the data in the response body. Depending upon the value of the format parameter or Accept header, either application/xml or application/json.

Response

Upon success, MarkLogic Server returns status code 200 (OK). If the payload is malformed, a status code of 400 (Bad Request) is returned. A status code of 401 (Unauthorized) is returned if the user does not have the necessary privileges.

Required Privileges

This operation requires the security and manage-admin roles.

Usage Notes

The properties that can be modified are listed below.

Note: The properties described here are for XML payloads. In general they are the same for JSON, with the exception that, in JSON, roles is expressed in singular form. For example, in JSON, roles is instead role and the format is: "role":["rolename"].

When setting protected-paths, you must also set permissions.

The structure of the output returned from this REST API is as follows:

keystore

The Key Management Server specification.

This is a complex structure with the following children:

keystore-id

An identifying the keystore

data-encryption

Enable encryption for user data.

config-encryption

Enable encryption for configuration files.

logs-encryption

Enable encryption for new log files.

kms-type

Type of KMS used to manage keys for newly encrypted files.

backup-option

The internal KMS is included in backups automatically. Set this field to exclude to prevent inclusion of the internal KMS in backups.

host-name

The host name(s) of the external Key Management Server. If multiple, separated by comma.

port

The external Key Management Server's socket port number(s), If multiple, separated by comma.

data-encryption-key-id

A UUID identifying the encryption key at the KMS that should be use to encrypt user data

config-encryption-key-id

A UUID identifying the encryption key at the KMS that should be use to encrypt configuration files

logs-encryption-key-id

A UUID identifying the encryption key at the KMS that should be use to encrypt log files

kmip-certificate-path

A path to the Cluster's certificate PEM for securing SSL/TLS communications with the KMS. Each host must have it's copy at the same path.

kmip-key-path

A path to the Cluster's private key PEM for securing SSL/TLS communications with the KMS. Each host must have it's copy at the same path.

kmip-CA-path

A path to the certificate authority (CA) PEM for securing SSL/TLS communications with the KMS. Each host must have it's copy at the same path.

key-size

The minimum size of the encryption keys generated by MarkLogic

slot-id

The PKCS#11 token slot id to be used, default 0

p11-driver-path

Path to a shared library that provides support for PKCS#11 devices

p11-wallet-path

Path to a directory where the PKCS#11 wallet is located

kms-init-id

logs-encryption-auxiliary-id

external-data-encryption-key-id

A UUID identifying the encryption key at the external KMS that should be used to encrypt data files

external-config-encryption-key-id

A UUID identifying the encryption key at the external KMS that should be used to encrypt configuration files

external-logs-encryption-key-id

A UUID identifying the encryption key at external KMS that should be used to encrypt log files

internal-data-encryption-key-id

A UUID identifying the encryption key at the internal KMS that should be used to encrypt data files

internal-config-encryption-key-id

A UUID identifying the encryption key at the internal KMS that should be used to encrypt configuration files

internal-logs-encryption-key-id

A UUID identifying the encryption key at internal KMS to be used to encrypt log files

Example


#! /bin/bash
# update security properties

# you must add manageadmin user with manage-admin role
MANAGEADMIN="manageadmin"
MANAGEPASS="x"

# update security properties (requires security role) 
curl -v -X PUT  --anyauth --user $MANAGEADMIN:$MANAGEPASS \
  --header "Content-Type:application/json" \
  -d '{"keystore":{"data-encryption":"default-off"}}' \
  http://127.0.0.1:8002/manage/v2/security/properties

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.

Comments

The commenting feature on this page is enabled by a third party. Comments posted to this page are publicly visible.