Skip to main content

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

Encryption management methods

The management API includes storage component encryption methods.

Get encryption state

You can get the state of encryption for the HCP for cloud scale system.

HTTP request syntax (URI)
POST https://host_ip:9099/mapi/v1/s3_encryption/get
Request structure

Not applicable.

Response structure

The response body structure is:

{
  MAPIS3EncryptionSetting {
    "value": "{true|false}"
    }
  }

Parameter

Type

Description

MAPIS3EncryptionSettingBooleantrue if encryption is on, false otherwise.
Return codes

Status code

HTTP name

Description

200 OK The request was executed successfully.
401 Unauthorized Access was denied because credentials are not valid.
405 Method Not AllowedThe specified HTTP method is not allowed for a storage component. Resend using POST.
Example

Request example:

POST https://10.10.24.195:9099/mapi/v1/s3_encryption/get

JSON response:

{
  MAPIS3EncryptionSetting {
    "value": "true"
    }
  }

Set encryption state

You can start encryption globally for the HCP for cloud scale system. Starting encryption initializes, configures, and unseals the key management server and returns an initial root token and a set of unseal keys. Once encryption is started, it can't be removed. The best practice is to encrypt and securely store the initial root token and unseal keys separately.

HTTP request syntax (URI)
POST https://host_ip:9099/mapi/v1/s3_encryption/set
Request structure

Not applicable.

Response structure

The response body structure is:

{
  "value": {true|false},
  "rootToken":"root_token,
  "unsealKeys":["unseal_key_1","unseal_key_2","unseal_key_3","unseal_key_4","unseal_key_5"]
  }

Parameter

Type

Description

valueBooleantrue if encryption is on, false otherwise.
rootTokenHexThe initial root token, used to authenticate login to the key management server.
unsealKeysHexA set of unseal keys. A quorum of unseal keys is required to restart the key management server.
Return codes

Status code

HTTP name

Description

200 OK The request was executed successfully.
401 Unauthorized Access was denied because credentials are not valid.
405 Method Not AllowedThe specified HTTP method is not allowed for a storage component. Resend using POST.
503Service UnavailableThe key management system has not been set up.
Example

Request example:

POST https://10.10.24.195:9099/mapi/v1/s3_encryption/set

JSON response:

{
  "value":true,
  "rootToken":"s.FBZngLG9RcyjBzddCxTwoMkk",
  "unsealKeys":[
    "f7a0652cbe07d573a7eeab127ff102454c33adc9402e49622ffa5b5f43cec0794e",
    "4d7e620a694cb607dd1e503027f82880f376edfb1024548d0121572a3dc989c685",
    "6c6081054e26ec55824eb97481acd1f31d660d99e4ba158ca4248e39a8d4de1e16",
    "5dd42c8c60d60469d675dbaad15ff2a78d262cb42e2f9a798aa0b09f368b8caff4",
    "fdc2f29b4359a550916b43071501dab257b73f911960c7fc793f1a279f71091482"]
}

Unseal

You can unseal all the instances of the key management server for the HCP for cloud scale system.

HTTP request syntax (URI)
POST https://host_ip:9099/mapi/v1/s3_encryption/unseal
Request structure

The request body is:

{
  "unsealKey1": "string",
  "unsealKey2": "string",
  "unsealKey3": "string"
}
ParameterRequiredTypeDescription
unsealKey1, unsealKey2, unsealKey3YesStringAn unseal key. You must provide three unseal keys in the request.
Response structure

Not applicable.

Return codes

Status code

HTTP name

Description

200 OK The request was executed successfully.
400Bad RequestThe request is missing a valid unseal key.
401 Unauthorized Access was denied because credentials are not valid.
405 Method Not AllowedThe specified HTTP method is not allowed for a storage component. Resend using POST.
Example

Request example:

POST https://10.10.24.195:9099/mapi/v1/s3_encryption/unseal

JSON request:

{
  "unsealKey1": "f7a0652cbe07d573a7eeab127ff102454c33adc9402e49622ffa5b5f43cec0794e",
  "unsealKey2": "4d7e620a694cb607dd1e503027f82880f376edfb1024548d0121572a3dc989c685",
  "unsealKey3": "6c6081054e26ec55824eb97481acd1f31d660d99e4ba158ca4248e39a8d4de1e16"
}