kmip.update¶
Update KMIP Server Configuration.
The system authenticates to the remote KMIP server with a TLS handshake and synchronizes ZFS/SED keys between the local database and the server according to the configuration.
This method is a job.
No Additional Items
Tuple Validation
Parameter 1: kmip_update
kmip_update
Type: objectKMIP configuration update arguments.
No Additional PropertiesEnabled
Type: booleanWhether to enable KMIP functionality. Cannot be set to disabled while there are keys pending sync, unless force_clear is also set.
Manage Sed Disks
Type: booleanWhether to use KMIP for managing SED (Self-Encrypting Drive) keys. When enabled, SED keys are synced from the local database to the remote KMIP server. When disabled, any SED keys still held on the KMIP server are synced back to the local database.
Manage Zfs Keys
Type: booleanWhether to use KMIP for managing ZFS encryption keys. When enabled, ZFS keys are synced from the local database to the remote KMIP server. When disabled, any ZFS keys still held on the KMIP server are synced back to the local database.
Certificate
ID of the client certificate used to initiate the TLS handshake with the KMIP server, or null.
Certificate Authority
ID of the certificate authority used to verify the KMIP server during the TLS handshake, or null.
Port
Type: integerTCP port number for the KMIP server connection.
Value must be greater or equal to 1 and lesser or equal to 65535
Server
Hostname or IP address of the KMIP server or null if not configured.
Must be at least 1 characters long
Ssl Version
Type: enum (of string)SSL/TLS protocol version to use for KMIP connections. Specify this to match the SSL configuration used by the KMIP server.
Must be one of:
- "PROTOCOL_TLSv1"
- "PROTOCOL_TLSv1_1"
- "PROTOCOL_TLSv1_2"
Force Clear
Type: booleanWhen enabled, removes all keys pending sync from the database. Use with extreme caution: ZFS dataset or SED disk keys may be lost, leaving them locked forever. Disabled by default.
Change Server
Type: booleanAllows migrating data between two KMIP servers. The system first migrates keys from the old server to the local database, then from the database to the new server. If it cannot retrieve all keys from the old server the operation fails, which can be bypassed with force_clear.
Validate
Type: booleanWhen enabled (the default), the system tests the connection to server to make sure it is reachable before saving.
KMIPEntry
Type: objectThe updated KMIP configuration.
No Additional PropertiesId
Type: integerUnique identifier for the KMIP configuration.
Enabled
Type: booleanWhether KMIP (Key Management Interoperability Protocol) is enabled.
Manage Sed Disks
Type: booleanWhether to use KMIP for managing SED (Self-Encrypting Drive) keys. When enabled, SED keys are synced from the local database to the remote KMIP server. When disabled, any SED keys still held on the KMIP server are synced back to the local database.
Manage Zfs Keys
Type: booleanWhether to use KMIP for managing ZFS encryption keys. When enabled, ZFS keys are synced from the local database to the remote KMIP server. When disabled, any ZFS keys still held on the KMIP server are synced back to the local database.
Certificate
ID of the client certificate used to initiate the TLS handshake with the KMIP server, or null.
Certificate Authority
ID of the certificate authority used to verify the KMIP server during the TLS handshake, or null.
Port
Type: integerTCP port number for the KMIP server connection.
Value must be greater or equal to 1 and lesser or equal to 65535
Server
Hostname or IP address of the KMIP server or null if not configured.
Must be at least 1 characters long
Ssl Version
Type: enum (of string)SSL/TLS protocol version to use for KMIP connections. Specify this to match the SSL configuration used by the KMIP server.
Must be one of:
- "PROTOCOL_TLSv1"
- "PROTOCOL_TLSv1_1"
- "PROTOCOL_TLSv1_2"
Required roles: KMIP_WRITE