MarkLogic 10 Product Documentation
admin.groupSetS3ServerSideEncryptionKmsKeyadmin.groupSetS3ServerSideEncryptionKmsKey(
config as element(configuration),
group-id as (Number|String),
key as String
) as element(configuration)
Summary
This function sets the KMS key that is used by server side encryption for
data at rest on the simple storage service. This key will only be used when
the server side encryption method is "aws:kms".
Parameters |
config |
A configuration specification, typically as returned from one of the Admin
module functions.
|
group-id |
The ID of the group.
Typically, this is the result
of an admin:group-get-id call.
|
key |
A string specifying the key that will be used by "aws:kms" server side
encryption. This key can be the ID or ARN of the encryption key you want
to use. You can set this parameter to empty to use the default encryption
key, typically named aws/ebs in the S3 bucket region. If the server side
encryption method is not "aws:kms", this key will be ignored.
|
Required Privileges
This operation requires at least one of the following privileges:
http://marklogic.com/xdmp/privileges/admin/group-security
http://marklogic.com/xdmp/privileges/admin/group-security/{id}
Usage Notes
An encryption key will not be transferred out of the region where it is
created. Therefore, you cannot use an encryption key that is in a different region
from the S3 bucket.
Example
const admin = require('/MarkLogic/admin.xqy');
const config = admin.getConfiguration()
const groupid = admin.groupGetId(config, "Default")
admin.groupSetS3ServerSideEncryptionKmsKey(config, groupid, "f4cefc8dF64d4fd18e93064db9c26968")
//returns the new configuration element -- use admin.saveConfiguration
//to save the changes to the configuration or pass the configuration
//to other Admin API functions to make other changes.
Copyright © 2024 MarkLogic Corporation. MARKLOGIC is a
registered trademark of MarkLogic Corporation.