Loading TOC...

MarkLogic 9 Product Documentation
admin.groupSetS3ServerSideEncryptionKmsKey

admin.groupSetS3ServerSideEncryptionKmsKey(
   config as element(configuration),
   group-id as (Number|String),
   key as String
) as element(configuration)

Summary

This function sets the KMS key that is used by server side encryption for data at rest on the simple storage service. This key will only be used when the server side encryption method is "aws:kms".

Parameters
config A configuration specification, typically as returned from one of the Admin module functions.
group-id The ID of the group. Typically, this is the result of an admin:group-get-id call.
key A string specifying the key that will be used by "aws:kms" server side encryption. This key can be the ID or ARN of the encryption key you want to use. You can set this parameter to empty to use the default encryption key, typically named aws/ebs in the S3 bucket region. If the server side encryption method is not "aws:kms", this key will be ignored.

Required Privileges

This operation requires at least one of the following privileges:

http://marklogic.com/xdmp/privileges/admin/group-security

http://marklogic.com/xdmp/privileges/admin/group-security/{id}

Usage Notes

An encryption key won't be transfered out of the region where it is created. So you cannot use a encryption key that is in a different region from the S3 bucket.

Example

  
  const admin = require('/MarkLogic/admin.xqy');
  var config = admin.getConfiguration()
  var groupid = admin.groupGetId(config, "Default")
  admin.groupSetS3ServerSideEncryptionKmsKey(config, groupid, "f4cefc8dF64d4fd18e93064db9c26968")

   //returns the new configuration element -- use admin.saveConfiguration
   //to save the changes to the configuration or pass the configuration
   //to other Admin API functions to make other changes.  
    

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.