The format of the posted data. Can be either
json (default) or xml. This value overrides the Accept header if
both are present.
Request Headers
Accept
The expected MIME type of the response. If the
format parameter is present, it takes precedence over the Accept header.
Allowed values: application/json, application/xml.
Content-type
The MIME type of the data in the request
body, either application/xml or application/json.
Response Headers
Content-type
The MIME type of the data in the response
body. Depending upon the value of the format parameter or Accept header, either
application/xml or application/json.
Response
Upon success, MarkLogic Server returns status code 200 (OK). If the payload is
malformed, a status code of 400 (Bad Request) is returned. A status code of 401
(Unauthorized) is returned if the user does not have the necessary privileges.
Required Privileges
This operation requires the security and
manage-admin roles.
Usage Notes
The properties that can be modified are listed here.
Note: The properties described here are for XML payloads. In general they are
the same for JSON, with the exception that, in JSON, roles is expressed in
singular form. For example, in JSON, roles is instead role
and the format is: "role":["rolename"].
When setting protected-paths, you must also set permissions.
The structure of the output returned from
this REST API is as follows:
keystore
The Key Management Server specification.
This is a complex structure with the following children:
keystore-id
An identifying the keystore
data-encryption
Enable encryption for user data.
config-encryption
Enable encryption for configuration files.
logs-encryption
Enable encryption for new log files.
kms-type
Type of KMS used to manage keys for newly encrypted files.
backup-option
The internal KMS is included in backups automatically. Set this field to exclude
to prevent inclusion of the internal KMS in backups.
host-name
The host name(s) of the external Key Management Server.
If multiple, separated by comma.
port
The external Key Management Server's socket port number(s),
If multiple, separated by comma.
data-encryption-key-id
The identifier of the user data encryption key at the KMS.
config-encryption-key-id
The identifier of the configuration file encryption key at the KMS.
logs-encryption-key-id
The identifier of the log file encryption key at the KMS.
kmip-certificate-path
A path to the Cluster's certificate PEM for securing SSL/TLS communications with the KMS.
Each host must have a copy at the same path.
kmip-key-path
A path to the Cluster's private key PEM for securing SSL/TLS communications with the KMS.
Each host must have a copy at the same path.
kmip-CA-path
A path to the certificate authority (CA) PEM for securing SSL/TLS communications with the KMS.
Each host must have a copy at the same path.
key-size
The minimum size of the encryption keys generated by MarkLogic
slot-id
The PKCS#11 token slot id to be used, default 0
p11-driver-path
Path to a shared library that supports PKCS#11 devices
p11-wallet-path
Path to the directory where the PKCS#11 wallet is located
kms-init-id
Passphrase used to secure the PKCS#11 wallet
logs-encryption-auxiliary-id
Secondary passphrase for encrypting log files
external-data-encryption-key-id
The identifier of the user data encryption key at the external KMS.
external-config-encryption-key-id
The identifier of the configuration file encryption key at the external KMS.
external-logs-encryption-key-id
The identifier of the log file encryption key at the external KMS.
internal-data-encryption-key-id
The identifier of the user data encryption key at the internal KMS.
internal-config-encryption-key-id
The identifier of the configuration file encryption key at the internal KMS.
internal-logs-encryption-key-id
The identifier of the log file encryption key at the internal KMS.
Example
#! /bin/bash
# update security properties
# you must add manageadmin user with manage-admin role
MANAGEADMIN="manageadmin"
MANAGEPASS="x"
# update security properties (requires security role)
curl -v -X PUT --anyauth --user $MANAGEADMIN:$MANAGEPASS \
--header "Content-Type:application/json" \
-d '{"keystore":{"data-encryption":"default-off"}}' \
http://127.0.0.1:8002/manage/v2/security/properties
Stack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.
Stack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.