{"swagger":"2.0","info":{"version":"0.0.3","title":"CipherTrust Manager API","contact":{"name":"Thales Group","url":"http://www.thalesgroup.com"}},"basePath":"/api","schemes":["https"],"consumes":["application/json"],"produces":["application/json"],"x-tags":{"Users":{"description":"Users are unique individuals or systems using the API.\n\nUsers are authenticated against authentication systems, called\n\"connections\". A \"connection\" can be an identity provider, such as\nan OpenID endpoint, or a directory, such as LDAP or AD. CipherTrust Manager\nhas a built-in, internal user directory, whose connection name is\n\"local_account\".\n\nThe User's `connection` property refers to the authentication system in\nwhich the user's credentials and identity reside. When you create a User,\nyou must specify the `connection`: this tells CipherTrust Manager which\nauthentication system it should use to authenticate the User.\nSome connections may require additional, connection-specific\nproperties to create the User.\n\nCipherTrust Manager supports external authentication systems.\nOnce a user is authenticated against an external authentication system, a\nuser will be created with connection|unique ID. This unique ID will be\ntaken from an attribute associated with that user on the external authentication\nsystem. For more information, look at Connections.\n\nThe `user_id` identifies Users and it is in the form of:\n\n connection|unique ID in that connection\n\nThe internal user database uses UUIDs, so a user in the `local_account`\nconnection might have a `user_id` of:\n\n local_account|9cd4196b-b4b3-42d7-837f-d4fdeff36538\n\nUsers have two attributes, `user_metadata` and `app_metadata`, which\ncan be used to store application-specific information. The system\ndoes not use this information; it just stores it for the convenience\nof applications using the API. These properties are unstructured JSON\ndocuments: the caller can put any JSON-structured information in them.\n\n`user_metadata` is typically used to store application-specific data which\nthe end user is allowed to see and modify, such as user preferences.\n\n`app_metadata` is typically used to store application-specific data\nabout the user which the end user is *not* allowed to view or modify,\nsuch as the user's security roles.\n\n`certificate_subject_dn` is used to store Distinguished Name. To enable certificate-based authentication, add \"user_certificate\" authentication method in `allowed_auth_methods`.\nValue of Distinguished Name in the certificate and the value in the user object must match for successful authentication.\n\n`nickname` has been deprecated. It will be removed in a future release.\n\n`allowed_client_types` and `allowed_auth_methods` do not control login behavior for users in admin group.\n"},"Connections/Connections":{"description":"Connections defines how and where to authenticate CipherTrust Manager users.\n\nA \"connection\" can be an identity provider, such as a OpenID endpoint, or\na directory, such as LDAP or AD. CipherTrust Manager has a built-in,\ninternal user directory, whose connection name is \"local_account\".\n\nWhen you create a connection, you must specify the `name`, `strategy`, and\nseveral options which will be listed below in the POST command (create). `name` is\nthe friendly name that is associated with the connection that will be used\nby a user. `strategy` will be the type of connection. Currently, the allowed\nstrategies are 'ldap', 'oidc' and 'local_account'.\n\nFor an **LDAP** connection:\n\nIn order to create a connection, the following parameters must be provided:\n\n- `server_url`\n- `root_dn`\n- `uid_field`\n\nThe following parameters are optional:\n\n- `search_filter`\n- `guid_field`\n- `bind_dn`\n- `bind_pass`\n- `user_dn_field`\n- `group_base_dn`\n- `group_filter`\n- `group_id_field`\n- `group_member_field`\n- `insecure_skip_verify`\n- `root_cas`\n\nIf the `bind_dn` and `bind_pass` are not provided when the connection is\ncreated, the user's credentials will be used to run the LDAP search. If\nthe `guid_field` is not provided, it will default to whatever `uid_field`\nis.\n\nFor an **Active Directory** connection:\n\n- `user_dn_field` should be set to `distingushedName`.\n- `search_filter` should be set to `(objectClass=User)`\n\nDefault values for other optional parameters should suffice, but can be\nconfigured as required.\n\nGroup support:\n\nTo enable group support for a connection, `bind_dn`, `bind_password`, `group_base_dn`,\n`group_filter`, `group_id_field` and `group_member_field` are mandatory\nparameters. If any one of them is not specified, group support is\ndisabled for the connection.\n\nThese parameters are discussed more in-depth in the POST command (create)\n\nHere is an example of a successful creation of an LDAP connection:\n\n {\n 'name' : 'testServer',\n 'strategy' : 'ldap',\n 'options': {\n 'bind_dn': 'cn=admin,dc=example,dc=com',\n 'bind_pass' : 'admin',\n 'server_url' : 'ldap://ldap.example.com:389',\n 'root_dn' : 'dc=example,dc=com',\n 'uid_field' : 'uid'\n }\n }\n\nFor an **OpenID Connect** (OIDC) connection:\n\nIn order to create a connection, the following parameters must be provided:\n\n- `client_id`\n- `redirect_uris`\n- `discovery_uri`\n"},"LDAP Browse":{"description":"This section is for browsing LDAP users and groups. There are two endpoints which provides us with following capability:\n\n- `LDAP User Listing`\n- `LDAP Group Listing`\n\nThe LDAP connection needs to be created in **LDAP Connection Manager**.\n\nWhen browsing LDAP users, the POST parameters are optional and overwrites the values stored in the Connection Manager LDAP connection.\n\nTo browse more users and groups, use parameter \"server_maximum_page_size\". This parameter determines the count of users/groups to be fetched from the LDAP server.\nUse \"early_listing_stop\" for faster listing, when set to true, the value specified in \"server_maximum_page_size\" is used to display the users/groups. Total number of records will be equal to the number of records requested based on skip and limit values.\nIf pagination is disabled, it is recommended to use hard_limit parameter in the LDAP Browse APIs if there are large number of users/groups on the LDAP server.\n"},"Banners":{"description":"This service is used to get or set the banners of the CipherTrust Manager Server. There are two kind of banners,\nthe pre-authentication banner, which is shown to a user before the user is authenticated by the\nCipherTrust Manager server, and the post-authentication banner, which is shown to a user after the user is\nauthenticated by the CipherTrust Manager server.\n\nBanner text supports unicode and markdown.\n"},"Groups":{"description":"Users and Clients can be added to Groups. Users' and Clients' group\nmembership is available to the authorization system, so policies can\nuse users' and clients' group membership to assign permissions.\n\nGroups have an `app_metadata` property, which, like the User and Client property, can be\nused by applications to store application-specific data about the group.\n\nGroups are identified by their name, which must be unique.\n\nTo get a list of users in a group, use the `/users/` endpoint with\na `groups` query parameter to filter by group. Use `groups=nil` to\nlist users that are not in any group.\n\nTo get a list of groups a user is in, use the `/groups/` endpoint, with\nthe `users` query parameter to filter by user member.\n\nTo get a list of clients in a group, use the `/clients/` endpoint with\na `groups` query parameter to filter by group. Use `groups=nil` to\nlist clients that are not in any group.\n\nTo get a list of groups a client is in, use the `/groups/` endpoint, with\nthe `clients` query parameter to filter by client member.\n"},"Groupmaps":{"description":"The keys created by a CipherTrust Manager system can be configured to allow or disallow\ncertain operations based on the groups a user belongs to. Groupmaps extend configuration\nof key permissions to connection groups. For example, an LDAP group can be mapped to the\nsystem defined `KeyUsers` group; this allows all members of the LDAP group to be key users.\nAlternately, an LDAP group can be mapped to a non-system defined CipherTrust Manager group.\nThe mapped CipherTrust Manager group can then be used to configure group-based key permissions.\nGroupmaps also allows mapping a group from parent domain to a child domain group. This allows\nmembers of mapped parent domain group to be member of child domain group when they log-in\nto child domain.\n\nA groupmap maps a connection name, and a group associated\nwith that connection, to a CipherTrust Manager group. The `groupmaps` API\ncan be used to create, delete, get, list, and modify mappings. A mapping is\ncreated by passing the three parameters to the create API. This returns an\nID along with other information. The ID can be used to get, modify or delete\nthe mapping.\n\nThe list API supports searching for all mappings associated with\n(a) a connection, (b) a CipherTrust Manager group, and/or (c) a connection group. Wildcards\ncan be used in the list API.\n"},"Permissions":{"description":"Permissions are queries made to the platform to ascertain which functions the user can access.\n\nThe user creates an array of `operations`, each item containing an `action` with an optional `context`\n\nThe query follows the format below:\n\n {\n \"operations\": [\n {\"action\":\"\", \"context\":{...}},\n {\"action\":\"\", \"context\":{...}},\n {\"action\":\"\", \"context\":{...}}\n ]\n }\n\nTypical usage is either a large list to query or a more precise set of functions, i.e. `CRUD` access to keys.\n\nQuery for a large selection of functions:\n\n {\n \"operations\": [\n {\"action\": \"ReadUser\"},\n {\"action\": \"ReadGroup\"},\n {\"action\": \"ReadRecord\"},\n {\"action\": \"ReadKey\"},\n .....,\n {\"action\": \"ReadBackup\"}\n ]\n }\n\n Note that this order emulates the order of the CipherTrust Manager GUI\n\nQuery for specific key functions:\n\n {\n \"operations\": [\n {\"action\": \"CreateKey\", \"context\":{\"resource\":{\"meta\": { \"ownerId\": \"\"}}}},\n {\"action\": \"UpdateKey\", \"context\":{\"resource\":{\"meta\": { \"ownerId\": \"\"}}}},\n {\"action\": \"DeleteKey\", \"context\":{\"resource\":{\"meta\": { \"ownerId\": \"\"}}}} ]\n }\n\n USERID is the information retrieved from the platform after login, i.e. `local|99b0d0d3-8462-440a-bc6d-7ff0395a5536`\n\n The response to these queries will be an array of submitted 'function' names, a blank 'context' and an 'allowed' flag (`yes/no/maybe`)\n\n Response:\n\n [\n {\n \"action\": \"ReadUser\",\n \"context\": {},\n \"allowed\": \"no\"\n },\n {\n \"action\": \"ReadGroup\",\n \"context\": {},\n \"allowed\": \"no\"\n },\n {\n \"action\": \"ReadKey\",\n \"context\": {},\n \"allowed\": \"yes\"\n },\n .....\n {\n \"action\": \"ReadBackup\",\n \"context\": {},\n \"allowed\": \"no\"\n }\n ]\n"},"Tokens":{"description":"Access Token: API calls are authenticated with access tokens. An access token\nis a string representing an authorization issued to the client. It is referred\nas an API authentication token.\n\nRefresh Token: Refresh tokens are issued to the client by the authorization server\nand are used to obtain a new access token when the current access token becomes\ninvalid or expires, or to obtain additional access tokens.\n\nThe `/auth/tokens/` endpoint can be used to exchange a username and password for an\naccess token and long lived refresh token that can be used to get access token without\nusing the user's credential. You can obtain tokens for LDAP users by entering a username\nin the format | or by specifying a connection name in the connection field.\n\nTo make API calls against the rest of the API, the token value needs\nto be placed in the `Authorization` HTTP header, prepended with\n`Bearer `. For example:\n\n Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJkMzEzYzcwZS01NmYyLTQ5MTUtOGJkNy01ZmMyYmUyNzk2YzEiLCJzdWIiOiJsb2NhbHxiM2ZjOGZlNy1hN2ZlLTQ1YzEtOWU1OS0zYmUxNTRkMTZjYmQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsImN1c3QiOnsiZ3JvdXBzIjpbImFkbWluIl19LCJpYXQiOjE0ODEyMjg1NzgsImV4cCI6MTQ4MTIyODg3OH0.2ZCX8qzzU-a499Ef58tDnDcXqrOv8pw_AXD-z-WeEE0\n\nAccess tokens expire and so must be refreshed periodically. A new\naccess token can be created with the user's credentials, or with the refresh\ntoken that has not been revoked or expired.\n\nThe `/auth/revoke` endpoint can be used to revoke the refresh token.\n"},"Client-Management/Tokens":{"description":"These endpoints perform client registration token operations.\n\nIt provides methods for managing client registration tokens for\nregistering new CipherTrust Manager clients.\n"},"Client-Management/Clients":{"description":"These endpoints perform client management operations.\n\nIt provides methods for registering new CipherTrust Manager clients and their\nmanagement.\n\nTo ensure that the Subject DN of a client certificate is unique, use the `do_not_modify_subject_dn` and `subject_dn_field_to_modify` \nparameters while registering and renewing the client certificate.\nIf `do_not_modify_subject_dn` is set to true, the client does not allow the server to modify Subject DN in the CSR. \nIn this case, the client needs to provide a CSR with Subject DN that should be unique on the CipherTrust Manager.\nIt is highly recommended to set the value of `do_not_modify_subject_dn` parameter to false unless there are constraints preventing modifications in the CSR.\nTo maintain the uniqueness of the Subject DN of clients across domains, \nthe value provided for the `do_not_modify_subject_dn` and `subject_dn_field_to_modify` parameters should be the same for both client registration and renewal.\n\nIn case of renewing a client that is issued by an external CA, you need to provide\nthe new certificate signed by the external CA in the request.\nAfter the client renewal process, the newly issued certificate will have the client id\nset as the UID in the DN of the certificate. This is done to ensure that the DN of a client\ncertificate is unique to each client.\n"},"Client-Management/Profiles":{"description":"The profile APIs allow for managing client profiles. \n\nA client profile represents data that can be used to create/renew client certificates.\n\nThe following operations can be performed:\n- Create, Delete or Update profiles.\n- List profiles\n"},"Crypto":{"description":"These endpoints perform cryptographic operations.\n\nIt provides methods for format preserving encryption (FPE), symmetric and\nasymmetric key encryption, hashing and MAC, and digital signatures.\n\nAll crypto operations require a key. The hide/unhide operations (FPE)\nuse a default if no key is specified as a parameter. The hide operation will\nauto-create keys if a key name is specified that does not yet exist.\n\nHowever, all other operations require an existing key. Any of\nthe key's identifiers (the name, id, or URI) can be used in the\ncrypto-operation's parameters.\n"},"Keys":{"description":"Keys are the cryptographic material used in crypto operations.\n\nKeys can be symmetric or asymmetric, in various sizes and algorithms.\nThe crypto endpoints take key identifiers as parameters to specify\nwhich key to use. If the key is exportable, the key material can\nbe exported to the caller and used for local encryption.\n\nKeys have a `meta` attribute, which can be used to store\napplication-specific information. This is stored for the convenience of\napplications using the API. These properties are unstructured JSON\ndocuments: the caller can put any JSON-structured information in them.\n\nKeys have a `label` attribute which can be used to group keys using\nkey/value pairs. APIs that list keys can use labels to filter the set of\nmatching resources.\n\nKeys have three additional identifiers: uuid, muid, and keyId.\nThese identifiers support legacy DSM behaviours and can be used to filter\nkeys while listing the keys. The identifiers muid and keyid will be returned in\nthe response of key APIs only if set.\n\nThis is an example of a key resource:\n\n {\n \"id\": \"d22042eb-b527-48fe-b2d6-65fb0c7c3e04\",\n \"uri\": \"kylo:kylo:vault:keys:russ2-v0\",\n \"account\": \"kylo:kylo:admin:accounts:kylo\",\n \"application\": \"ncryptify:gemalto:admin:apps:kylo\",\n \"devAccount\": \"ncryptify:gemalto:admin:accounts:gemalto\",\n \"createdAt\": \"2016-12-01T19:57:04.884862Z\",\n \"name\": \"mykey\",\n \"updatedAt\": \"2016-12-01T19:57:04.884862Z\",\n \"usage\": \"any\",\n \"meta\": {\n \"ownerId\": \"local|81f34b79-e3c4-4391-a4c9-4bdd85b13f98\",\n \"permissions\": {\n \"UseKey\": [\n \"stars\"\n ],\n \"ReadKey\": [\n \"stars\"\n ],\n \"DecryptWithKey\": [\n \"stars\"\n ],\n \"EncryptWithKey\": [\n \"stars\"\n ],\n \"customAttributes\": [\n {\n \"name\": \"color\",\n \"value\": \"blue\"\n }\n ],\n }\n },\n \"version\": 0,\n \"algorithm\": \"AES\",\n \"size\": 256,\n \"format\": \"raw\",\n \"unexportable\": false,\n \"undeletable\": false,\n \"uuid\": \"64614b84-fd1e-4126-892b-f2a14f4bc025\",\n \"muid\": \"64614b84-fd1e-4126-892b-f2a14f4bc025cba2b073-bf22-43a6-8f52-6ccbe882bbe6\",\n \"labels\": { \"region\": \"noram\", \"team\": \"sales\" }\n }\n\nThis key was created via the\nNAE-XML interface (rather than the REST interface). The NAE-XML\ninterface has added its own properties to `meta`, to help support\nlegacy behaviors:\n\n`customAttributes`: This property holds name/value pairs set by NAE-XML\n requests. They map to the `CustomAttributes` element of NAE-XML\n keys.\n`permissions`: This property holds a map of actions to user groups.\n CipherTrust Manager's default Policies use this metadata to grant these\n permissions to members of the listed groups.\n If this property is deleted, it is equivalent to clearing all\n group permissions via the NAE-XML interface.\n`ownerId`: This property holds a `user_id`. CipherTrust Manager's default Policies\n grant that user most permissions to the key. If it is deleted,\n only admins (members of the \"admin\" group) will have permissions\n to the key.\n`global`: This property can be set to JSON `true` or `false`\n (e.g. `\"global\":true`). This property marks the key as a \"global\" key,\n which will allow unauthenticated NAE-XML users some permissions to\n the key. \"Global Users\" is a feature specific to the NAE-XML interface,\n and has no equivalent in the REST interface. In addition, support of \"global\" \n keys from the NAE/KMIP interfaces will be deprecated in the future releases.\n`versionedKey: This property marks the key as an NAE-XML \"Versioned Key\".\n This property is only used to emulate the behavior of NAE-XML keys.\n Keys are always versioned, but in NAE-XML, a key can either be\n \"versioned\" or \"non-versioned\", and versioned keys produce a\n different format of ciphertext. NAE-XML crypto commands using a\n versioned key produce ciphertext with a header which contains the key's version. The same NAE-XML\n crypto commands using a *non-versioned* produce ciphertext without\n the header. The NAE-XML interface layer uses this \"versionedKey\" property\n to track whether this key should produce the ciphertext headers. It is\n not recommended you change this, or you will not be able decrypt\n ciphertext created with the key before changing the field.\n\nThe REST interface also allows specification of key aliases. Key aliases are used by\nKMIP to specify one or more \"Name\" attributes associated with the key. A key alias\nhas an alias, an alias-type, and an index. The alias is an alternative name for the key,\nand is unique over an account. The allowed alias-types are \"string\" and \"uri\". The\nindex is generated internally, and is unique for each alias in a key. Key aliases\ncan be specified while creating a key. They can be added, deleted or modified after\ncreation using the HTTP patch interface. Key aliases can be used for finding keys.\nHere is an example of aliases associated with a key:\n\n \"aliases\": [\n {\n \"alias\": \"keyalias1\",\n \"type\": \"string\",\n \"index\": 0\n },\n {\n \"alias\": \"keyalias2:monk:gemalto:com\",\n \"type\": \"uri\",\n \"index\": 1\n }\n ]\n\nCipherTrust Manager's default authorization policies impose a requirement on newly\ncreated keys. Users in the \"admin\" group can create any kind of key, but\nother users will be required to include an \"ownerId\" attribute in the\nmetadata of the key, which must be set to the creating user's own\n`user_id`. This is because, in order to mimic legacy CipherTrust Manager, keys\nmust have owners. The `user_id` of the user is *not* the user's login\nname. It's unique identifier the system assigns to the user.\n\nUse the `/auth/principal` endpoint to fetch information about the\ncurrent user. Here's an example response:\n\n {\n \"sub\":\"local|95a4d02e-2371-422c-bb17-a218ba0375a5\",\n // more attributes, omitted here\n }\n\nThe `sub` property holds the current user's `user_id`. To create a\nKey which will pass the default authorization policies, include the\nfollowing in the body of the `POST /vault/keys` request:\n\n {\n \"meta\": {\n \"ownerId\":\"local|95a4d02e-2371-422c-bb17-a218ba0375a5\"\n },\n // other key create params, omitted here\n }\n\nIf the key create request doesn't contain that stanza, the request will\nbe denied by the system's policies.\n\nThe `key_format_type` property is server generated and is only applicable when the key format is `opaque`. \nAs shown below:\n\n {\n \"meta\": {\n \"key_format_type\":\"opaque\"\n },\n // other params, omitted here\n }\n\n**CTE Specific Keys**\n\nTo use a key in CTE policies, certain CTE-specific attributes should be specified in the key meta at the time of key creation.\nHere's an example request to create keys for CTE IDT policies:\n\n {\n \"name\": \"CTEXTSKey\",\n \"algorithm\": \"aes\",\n \"size\": 256,\n \"undeletable\": true,\n \"unexportable\": false,\n \"meta\": {\n \"ownerId\": \"local|59ba6797-e5a6-4427-b11c-a5534b5a975e\",\n \"permissions\": {\n \"ExportKey\": [\n \"CTE Clients\"\n ],\n \"ReadKey\": [\n \"CTE Clients\"\n ]\n },\n \"cte\": {\n \"persistent_on_client\": true,\n \"encryption_mode\": \"XTS\",\n \"cte_versioned\": false\n }\n },\n \"xts\": true,\n \"id\": \"95cc7868-89bf-492b-b868-bbb884a9b379\", \n } \n\nCTE-specific parameters that should be supplied in the meta field at the time of key creation are listed below.\n\nparent-parameter | parameter | description\n--- | --- | ---\nmeta | permissions | The \"ExportKey\" and \"ReadKey\" permissions are required for the \"CTE Clients\" group.\ncte (inside meta) | persistent_on_client | true or false. Set to `true` if the key is to be stored in persistent memory on the client, otherwise, set to `false`.\ncte (inside meta) | encryption_mode | Mode can be CBC, CBC_CS1, or XTS. CBC_CS1 and XTS can be supplied only when the \"xts\" parameter is set to `true`.\ncte (inside meta) | cte_versioned | true or false. Set to `true` for keys to be used in LDT policies. Set to `false` for all other types of policies.\n - | unexportable | false. Always keep it set to `false` for CTE policies.\n - | xts | true or false. For use cases such as IDT and device-level protection using Standard policies and for COS policies, set `xts` to `true`. \n\n**Wrapping/Unwrapping parameters** \nThe key material of a key can be wrapped using the export endpoint with the following parameters. For more information \nabout the parameters consult the schema for the wrappingMethod and other parameters. \n| wrappingMethod | encrypt | encrypt | encrypt | encrypt | encrypt | mac/sign | mac/sign | pbe |\n|--------------------------|----------------------------------------|---------------------------|---------------------------|----------------|-----------------|-----------------------|-----------------------|-----------------------------------|\n| Wrapping algorithm | AES Key Wrap with Padding/AES Key Wrap | AES Key Wrap with Padding | AES Key Wrap with Padding | RSA encryption | RSA AES KWP | MAC | SIGN | |\n| DEK | Symmetric DEK | Private DEK | Certificate | Symmetric DEK | RSA private DEK | Symmetric/Private DEK | Symmetric/Private DEK | Symmetric/Private DEK/Certificate |\n| macSignKeyIdentifier | | | | | | ☑ | ☑ | |\n| macSignKeyIdentifierType | | | | | | ☑ | ☑ | |\n| padded | ☑ | | ☑ | | | | | ☑ |\n| pemWrap | | ☑ | | | ☑ | | | ☑ |\n| signingAlgo | | | | | | | ☑ | |\n| wrapHKDF | ☑ | ☑ | ☑ | | | | | |\n| wrapKeyIDType | ☑ | ☑ | ☑ | ☑ | ☑ | | | |\n| wrapKeyName | ☑ | ☑ | ☑ | ☑ | ☑ | | | |\n| wrapPBE | | | | | | | | ☑ |\n| wrappingEncryptionAlgo | ☑ | ☑ | ☑ | | ☑ | | | |\n| wrappingHashAlgo | | | | | | | ☑ | |\n| wrapPublicKey | | | | ☑ | ☑ | | | |\n| wrapPublicKeyPadding | | | | ☑ | | | | |\n| wrapRSAAES | | | | | ☑ | | | | \n\nThe key material of a key can be unwrapped using the create endpoint with the following parameters. For more information \nabout the parameters consult the schema for the wrappingMethod and other parameters. \n| wrappingMethod | encrypt | encrypt | encrypt | encrypt | encrypt | mac/sign | mac/sign | pbe |\n|--------------------------|----------------------------------------|---------------------------|---------------------------|----------------|-----------------|-----------------------|-----------------------|-----------------------------------|\n| Wrapping algorithm | AES Key Wrap with Padding/AES Key Wrap | AES Key Wrap with Padding | AES Key Wrap with Padding | RSA encryption | RSA AES KWP | MAC | SIGN | |\n| DEK | Symmetric DEK | Private DEK | Certificate | Symmetric DEK | RSA private DEK | Symmetric/Private DEK | Symmetric/Private DEK | Symmetric/Private DEK/Certificate |\n| macSignBytes | | | | | | ☑ | ☑ | |\n| macSignKeyIdentifier | | | | | | ☑ | ☑ | |\n| macSignKeyIdentifierType | | | | | | ☑ | ☑ | |\n| material | ☑ | ☑ | ☑ | ☑ | ☑ | ☑ | ☑ | ☑ |\n| padded | ☑ | | ☑ | | | | | ☑ |\n| signingAlgo | | | | | | | ☑ | |\n| wrapHKDF | ☑ | ☑ | ☑ | | | | | |\n| wrapKeyIDType | ☑ | ☑ | ☑ | ☑ | ☑ | | | |\n| wrapKeyName | ☑ | ☑ | ☑ | ☑ | ☑ | | | |\n| wrapPBE | | | | | | | | ☑ |\n| wrappingEncryptionAlgo | ☑ | ☑ | ☑ | | ☑ | | | |\n| wrappingHashAlgo | | | | | | | ☑ | |\n| wrapPublicKey | | | | | | | | |\n| wrapPublicKeyPadding | | | | ☑ | | | | |\n| wrapRSAAES | | | | | ☑ | | | |\n \n**Creating Keys Using Templates**\n\nKeys can be created using templates by providing the template id in request. The key parameters which are present in template will be used to \ncreate key. The users can also provide request parameters along with template id.\n\nThe parameters from request or template takes priority based on access level. \n For privileged users like ( users in Key Users / Key Admins / Admins group), the precedence is for request parameters if same parameters are \n coming from templates as well. The different parameters will be merged .\n For Example:\n If template has been created for AES Key and request parameters has algorithm set to RSA key. The Priority will be given to request parameters. \n \n Template \n Request:\n\n {\n \"description\": \"test template create\",\n \"meta\": {\n \"color\": \"red\"\n },\n \"labels\": {\n \"team\": \"HR\"\n },\n \"key_attributes\": {\n \"algorithm\": \"AES\",\n \"objectType\": \"Symmetric Key\",\n \"state\": \"Pre-Active\",\n \"size\": 256,\n \"undeletable\": true,\n \"unexportable\": true,\n \"description\": \"Symmetric key template\"\n }\n }\n\n Response:\n\n {\n \"id\": \"c13fc663-47c0-40ea-9936-d7b2e94443d4\",\n \"uri\": \"kylo:kylo:vault:templates:c13fc663-47c0-40ea-9936-d7b2e94443d4\",\n \"account\": \"kylo:kylo:admin:accounts:kylo\",\n \"createdAt\": \"2024-05-01T04:40:00.642932Z\",\n \"updatedAt\": \"2024-05-01T04:40:00.642932Z\",\n \"name\": \"tp-c13fc663-47c0-40ea-9936-d7b2e94443d4\",\n \"description\": \"test template create\",\n \"meta\": {\n \"color\": \"red\"\n },\n \"labels\": {\n \"team\": \"HR\"\n },\n \"key_attributes\": {\n \"algorithm\": \"AES\",\n \"objectType\": \"Symmetric Key\", \n \"state\": \"Pre-Active\",\n \"size\": 256,\n \"undeletable\": true,\n \"unexportable\": true,\n \"description\": \"Symmetric key template\"\n }\n }\n \n Create Key Request: \n\n {\n \"name\": \"TemplatedKey\",\n \"algorithm\": \"RSA\",\n \"size\": 2048, \n \"templateId\": \"c13fc663-47c0-40ea-9936-d7b2e94443d4\", \n }\n Response:\n\n {\n \"id\": \"dee7c61362ca4245b64abcb202f6f8963de45b1566e74b57ae548e69f591f474\",\n \"uri\": \"kylo:kylo:vault:keys:testkey1-v0\",\n \"account\": \"kylo:kylo:admin:accounts:kylo\",\n \"application\": \"ncryptify:gemalto:admin:apps:kylo\",\n \"devAccount\": \"ncryptify:gemalto:admin:accounts:gemalto\",\n \"createdAt\": \"2024-04-29T10:06:41.676197Z\",\n \"name\": \"TemplatedKey\",\n \"updatedAt\": \"2024-04-29T10:06:41.676197Z\",\n \"usage\": \"sign\",\n \"usageMask\": 3,\n \"version\": 0,\n \"algorithm\": \"RSA\",\n \"size\": 2048,\n \"unexportable\": false,\n \"undeletable\": false,\n \"neverExported\": true,\n \"neverExportable\": false,\n \"emptyMaterial\": false,\n \"publickey\": \"-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFECij2mC2CaLcmPYQKi\\nQy/nao7hZm+KTQ0YrhAR3X2yeCk23H9OrFI6EXWNsGqbkDBW4uOOAWnxWgcsW7Df\\n6NFvXfgNq27/px4QVFP9uUARJjGx2M3aTrlNyTlb7dn7fLDDbWKzBJW1NmWURNus\\n7aHyPG4AKaJWNNN2pTiSG8/JQTxBPxCWrVhCuOBR/pwwbxTKM5b8sSrgKoR+02jG\\ndfX/4VCjGNTjlxI54tzgTL9SPGnUNYwjmRKfi+C63kathgC/EjTqJclvLIB613J7\\nqqs9BQb6N/8TcmcRBCdWjdjH5GBZycLLMbCSRUbS6fQiyV9vwzRlhfDNcfP2i6P8\\nswIDAQAB\\n-----END PUBLIC KEY-----\\n\",\n \"defaultIV\": \"13b8c4c193c4f8630badbeb173934392\",\n \"sha1Fingerprint\": \"c85ab32577b4559b\",\n \"sha256Fingerprint\": \"0be3c5618c5a639c713beb55ec0315d050d7fe03704372d8844f7892d184c0f8\",\n \"objectType\": \"Private Key\",\n \"activationDate\": \"2024-04-29T10:06:41.395561Z\",\n \"state\": \"Active\",\n \"aliases\": [\n {\n \"alias\": \"TemplatedKey\",\n \"type\": \"string\",\n \"index\": 0\n }\n ], \n \"uuid\": \"1847b2d1-d2fe-4b3f-a1a1-1afddc24e66f\",\n \"muid\": \"1847b2d1-d2fe-4b3f-a1a1-1afddc24e66fff78f19c-f60f-40c5-96c5-51156a6e0d87\"\n }\n \n Meta Merge: \n If request has meta and template key_attributes also have meta, then for the same fields request meta will take precedance and for different fields\n both meta will be merge \n\n Template Meta:\n\n {\n \"meta\": {\n \n \"cte\": {\n \"cte_versioned\": false,\n \"encryption_mode\": \"CBC\",\n \"unique_to_client\": true,\n \"persistent_on_client\": true\n },\n \"kmip\": {\n \"custom\": [\n {\n \"type\": \"TextString\",\n \"x-attr1\": \"test_12\"\n },\n {\n \"type\": \"TextString\",\n \"x-attr1\": \"test_13\"\n }\n ],\n \"alternative_names\": [],\n \"app_specific_info\": [\n {\n \"application_data\": \"thalesdocs_ew\",\n \"application_namespace\": \"namespace_1\"\n }\n ],\n \"contact_information\": \"Thales\"\n },\n \"versionedKey\": true,\n \"customAttributes\": [\n {\n \"name\": \"x-nae-attr\",\n \"value\": \"test\"\n }\n ]\n \n }\n }\n\n Request Meta:\n\n\n {\n\n \"meta\": {\n \"ownerId\": \"local|651c9169-6923-44cb-9745-fcb1a76eae50\",\n \"cte\": {\n \"cte_versioned\": true,\n \"encryption_mode\": \"CBC\",\n \"unique_to_client\": false,\n \"persistent_on_client\": true\n },\n \"kmip\": {\n \"custom\": [\n {\n \"type\": \"TextString\",\n \"x-attr1\": \"test_12\"\n }\n ], \n \"app_specific_info\": [\n {\n \"application_data\": \"thalesdocs\",\n \"application_namespace\": \"namespace\"\n }\n ],\n \"contact_information\": \"Thales\"\n },\n \"versionedKey\": true,\n \"customAttributes\": [\n {\n \"name\": \"x-nae-attr\",\n \"value\": \"test\"\n }\n ]\n }\n }\n \n Final Meta:\n\n {\n \n \"meta\": {\n\n \"cte\": {\n \"cte_versioned\": false,\n \"encryption_mode\": \"CBC\",\n \"persistent_on_client\": true,\n \"unique_to_client\": true,\n \"unique_to_client_format\": \"sha3\"\n },\n \"customAttributes\": [\n {\n \"name\": \"x-nae-attr\",\n \"value\": \"test\"\n }\n ],\n \"kmip\": {\n \"alternative_names\": [],\n \"app_specific_info\": [\n {\n \"application_data\": \"thalesdocs\",\n \"application_namespace\": \"namespace\"\n }\n ],\n \"contact_information\": \"Thales\",\n \"custom\": [\n {\n \"type\": \"TextString\",\n \"x-attr1\": \"test_12\"\n },\n {\n \"type\": \"TextString\",\n \"x-attr2\": \"test_13\"\n }\n ]\n },\n \"ownerId\": \"local|651c9169-6923-44cb-9745-fcb1a76eae50\",\n \"versionedKey\": true\n }\n }\n \n For Restricted users ( users in Restricted Key Users group), the precedence is for template parameters. The different parameters will be merged. \n There is allowed list of key parameters for restricted users which can be provided in request.\n \n - name\n - description\n - labels\n - aliases\n - material\n - password\n - meta ( only ownerId)\n \n For Restricted users, ownerId in key create request and ownerId in template key_attributes meta(if ownerId is present, it is not mandatory parameter) should match.\n Restricted Key User cannot create a key for other users.\n For Example: Name and Description are given in request parameters.\n \n Request: \n\n {\n \"name\": \"TemplatedKey\",\n \"description\": \"key created using template\"\n \"templateId\": \"c13fc663-47c0-40ea-9936-d7b2e94443d4\",\n \"meta\": {\n \"ownerId\": \"local|0802d984-59ee-4057-8809-e0bec0cbe99f\"\n }\n }\n Response:\n\n {\n \"id\": \"6e44ceec965c45b1b51872bcd12cda2954e91be13ac24cbb82d20d00e1dfc3a1\",\n \"uri\": \"kylo:kylo:vault:keys:ks-6e44ceec965c45b1b51872bcd12cda2954e91be13ac24cbb82d20d00e1dfc3a1-v0\",\n \"account\": \"kylo:kylo:admin:accounts:kylo\",\n \"application\": \"ncryptify:gemalto:admin:apps:kylo\",\n \"devAccount\": \"ncryptify:gemalto:admin:accounts:gemalto\",\n \"createdAt\": \"2024-04-29T10:32:56.193288Z\",\n \"name\": \"TemplatedKey\",\n \"updatedAt\": \"2024-04-29T10:32:56.193288Z\",\n \"activationDate\": \"2024-04-29T10:32:56.178618Z\",\n \"state\": \"Active\",\n \"usage\": \"blob\",\n \"usageMask\": 12,\n \"meta\": null,\n \"objectType\": \"Symmetric Key\",\n \"sha1Fingerprint\": \"d4f7121eb6997f6e\",\n \"sha256Fingerprint\": \"5c1a528f3e9de1d653b9fce16f231c0c82d5859f1405a819a0960b39ee6fc79e\",\n \"defaultIV\": \"b7a2b1e9474bcda2e3d2616d14bf3693\",\n \"version\": 0,\n \"algorithm\": \"AES\",\n \"size\": 256,\n \"unexportable\": false,\n \"undeletable\": false,\n \"neverExported\": true,\n \"neverExportable\": false,\n \"emptyMaterial\": false,\n \"uuid\": \"e50affab-fef3-429a-a098-5792e10cbada\",\n \"muid\": \"e50affab-fef3-429a-a098-5792e10cbada1302e34e-cf02-44ba-99fb-7c7e5e80fc82\",\n \"description\": \"key created using template\",\n \"keyCheckValue\": \"cbd8b5\"\n }\n Meta Merge:\n\n Restricted Key Users can only provide ownerId in Meta, Parameters other than onwerId shall be updated from template\n\n Final Meta:\n\n {\n \"meta\": {\n\n \"cte\": {\n \"cte_versioned\": false,\n \"encryption_mode\": \"CBC\",\n \"unique_to_client\": true,\n \"persistent_on_client\": true\n },\n \"kmip\": {\n \"custom\": [\n {\n \"type\": \"TextString\",\n \"x-attr1\": \"test_12\"\n },\n {\n \"type\": \"TextString\",\n \"x-attr1\": \"test_13\"\n }\n ],\n \"alternative_names\": [],\n \"app_specific_info\": [\n {\n \"application_data\": \"thalesdocs_ew\",\n \"application_namespace\": \"namespace_1\"\n }\n ],\n \"contact_information\": \"Thales\"\n },\n \"versionedKey\": true,\n \"customAttributes\": [\n {\n \"name\": \"x-nae-attr\",\n \"value\": \"test\"\n }\n ]\n \"ownerId\": \"local|0802d984-59ee-4057-8809-e0bec0cbe99f\"\n } \n }\n"},"Key Policies":{"description":"Key policy consists of all the permissions that is applied to a given label.\nIn simple terms, it is the mapping of label to their permissions.\nThese Permissions would be for clients, users and groups. It specifies which clients, users, or\ngroups have permission to use the key, read key, sign key, etc.\nSo, whenever an operation is performed on a key, all labels applied on this key are fetched.\nAfter that, all key policies related to these labels are computed which decides whether the client, user or a\ngroup is authorized to performed the operation or not.\nNAE/KMIP clients work on user based context i.e. they perform operations on behalf of a user. To grant\npermissions to NAE/KMIP client, permissions to NAE/KMIP client’s respective user has to be granted, instead of\nthe client itself.\n\n {\n \"clients\": {\n \"UseKey\": [],\n \"ReadKey\": [\"ClientID\"],\n \"SignWithKey\": [],\n \"DecryptWithKey\": [],\n \"EncryptWithKey\": [],\n \"SignVerifyWithKey\": [],\n \"MACWithKey\": [],\n \"MACVerifyWithKey\": [],\n \"ExportKey\": [],\n \"UploadKey\": []\n },\n \"groups\": {\n \"UseKey\": [],\n \"ReadKey\": [\"Application Data Protection Admins\"],\n \"SignWithKey\": [],\n \"DecryptWithKey\": [],\n \"EncryptWithKey\": [],\n \"SignVerifyWithKey\": [],\n \"MACWithKey\": [],\n \"MACVerifyWithKey\": [],\n \"ExportKey\": [],\n \"UploadKey\": []\n },\n \"users\": {\n \"UseKey\": [],\n \"ReadKey\": [\"UserID\"],\n \"SignWithKey\": [],\n \"DecryptWithKey\": [],\n \"EncryptWithKey\": [],\n \"SignVerifyWithKey\": [],\n \"MACWithKey\": [],\n \"MACVerifyWithKey\": [],\n \"ExportKey\": [],\n \"UploadKey\": []\n }\n }\n"},"Secrets":{"description":"Secrets are managed objects that can store user defined data. This data\ncan be a blob, a password, or a seed (see the `dataType` attribute).\nThere are two types of objects used to store secrets: a \"Secret Object\"\nand an \"Opaque Object\"\n\nA \"Secret Object\" is a password or seed data type. The seed may be used\nfor cryptographic operations in the future, which is why it is a separate\ntype. The password is a convenient way to store simple text strings.\n\nAn \"Opaque Object\" is a blob data type. It can be used to store\narbitrary data.\n\nSecrets support many of the same attributes that keys do. They can be\nmade un-deletable, support meta-data, etc. They also support most of the\nsame lifecycle states as keys.\n"},"Templates":{"description":"It is a named Managed Object containing the client-settable attributes of a Managed Cryptographic Object.\nA Template is used to specify the attributes of a new Managed Cryptographic Object. A template is applied \nto the created object based on the template reference \"id\" defined in the object \nThis is an example of a template resource \n\n {\n \"name\": \"template1\",\n \"description\": \"test template\",\n \"meta\": {\n \"color\":\"red\"\n },\n \"labels\": {\n \"team\": \"sales\"\n },\n \"key_attributes\": {\n \"activationDate\": \"2024-04-15T14:24:37.436073Z\",\n \"algorithm\": \"EC\",\n \"curveid\": \"prime256v1\",\n \"deactivationDate\": \"2024-04-16T14:24:37.436073Z\",\n \"meta\": {\n \"ownerId\": \"local|e5bd964d-47d2-4254-a561-55842863868a\"\n },\n \"processStartDate\": \"2024-04-15T14:24:37.436073Z\",\n \"protectStopDate\": \"2024-04-16T13:24:37.436073Z\",\n \"size\": 256,\n \"undeletable\": true,\n \"description\": \"KeyUndeletable\"\n }\n } \n\nOnly key_attributes defined in the template request will be applied to the object using that template.\n\nTemplate Update API \n This is an example of a template update API \n\n {\n \"description\": \"test template\",\n \"meta\": {\n \"color\":\"white\"\n },\n \"labels\": {\n \"newteam\": \"sales\"\n },\n \"key_attributes\": {\n \"activationDate\": \"2024-04-15T14:24:37.436073Z\",\n \"algorithm\": \"EC\",\n \"curveid\": \"prime256v1\",\n \"deactivationDate\": \"2024-04-16T14:24:37.436073Z\",\n \"meta\": {\n \"ownerId\": \"local|e5bd964d-47d2-4254-a561-55842863868a\"\n },\n \"processStartDate\": \"2024-04-15T14:24:37.436073Z\",\n \"protectStopDate\": \"2024-04-16T13:24:37.436073Z\",\n \"size\": 128,\n \"undeletable\": true,\n \"description\": \"KeyUndeletable\"\n }\n }\n\n\nFor labels in Update API - these are key value pairs so any Key which is not same\nas per existing key , will be merge. If same then value to corresponding key will be updated.\n\n\nFor Example\n\nScenario 1: \n existing resource request:\n `{ \"team\": \"sales\" }` \n update API request:\n `{ \"newteam\": \"sales\" }` \n In Update API, there is a new key-value pair. Therefore the response will be:\n `{ \"team\": \"sales\"; \"newteam\": \"sales\" }`\n\n\nScenario 2: \n If the key remains the same in the Update API, the value of the corresponding key will be updated. \n existing resource request:\n `{ \"team\": \"sales\" }` \n update API request:\n `{ \"team\": \"hr\" }` \n In Update API, there is a new value for \"team\". Therefore the response will be:\n `{ \"team\": \"hr\" }`\n\nAll valid fields such as Meta and key_attributes in the Update API will be updated with the newly defined field values\n\nTemplate List API Filters \n\nFor labels - The filter matches the selector expression \n `example: team=sales or team=sales,team!=HR`\n\n\nFor meta and key_attributes - The filter matches the valid jsom \n `example: meta {\"color\":\"red\"}` \n `example:key_attributes {\"algorithm\":\"AES\"}`\n"},"Services":{"description":"Services API can be used to reset a CipherTrust Manager instance, that is, wipe all data in\nthe CipherTrust Manager, restart CipherTrust Manager services and get their status.\n\nThe CipherTrust Manager services that can be restarted with this API are 'NAE' and 'KMIP'.\n"},"Interfaces":{"description":"Interfaces are the services the CipherTrust Manager is hosting. Most interfaces\nare listening on a particular port, but may also represent other input\nchannels, like local shell access or serial port access.\n\nCurrently, there are five default interfaces:\n\n- *web*: The HTTP server on port 80 and 443. This interface serves\nboth the GUI and the REST API.\n- *nae*: The NAE-XML server, on port 9000.\n- *kmip*: The KMIP server, on port 5696.\n- *ssh*: The SSH system service, on port 22.\n- *preboot*: The HTTP server on port 443 during preboot phase of CipherTrust Manager. During this phase,\nCipherTrust Manager is run with reduced set of services to facilitate disk encryption \nmanagement. This preboot interface serves REST API during preboot phase of CipherTrust Manager.\n\nSome interfaces can be added and removed, they are:\n- *snmp*: Only running and available when listed as an interface\n- *nae*: Additional ports can be allocated for NAE by adding additional\n interfaces\n\nCurrently, SSH service on host machines can be enabled or disabled via Enable/Disable Interface feature.\nOnce disabled, it will block ssh access on the host machine.\nThis setting will persist on subsequent system restarts.\n\nDefault connection:\nThe default connection may be \"local_account\" for local authentication or the LDAP domain\nfor LDAP authentication. This value is applied when the username does not embed the connection\nname (e.g. \"jdoe\" effectively becomes \"local_account|jdoe\"). This value only applies to NAE\nonly and is ignored if set for web and KMIP interfaces.\n\nThe *mode* Interface configuration parameter specifies the Interface mode, and\nmust be one of the following:\n- *no-tls-pw-opt*: No TLS, allow anonymous logins.\n- *no-tls-pw-req*: No TLS, user must supply password.\n- *unauth-tls-pw-opt*: TLS, allow anonymous logins, ignore client cert.\n- *unauth-tls-pw-req*: TLS, user must supply password, ignore client cert, deprecated and replaced with tls-cert-opt-pw-opt.\n- *tls-cert-opt-pw-opt*: TLS, user must supply client cert or password.\n- *tls-pw-opt*: TLS, allow anonymous logins, verify client cert.\n- *tls-pw-req*: TLS, user must supply password, verify client cert.\n- *tls-cert-pw-opt*: Verify client cert, user name taken from client cert, auth request is optional.\n- *tls-cert-and-pw*: Verify client cert, password is needed, user name in cert must match user name in authentication request.\n\nEach interface has the following restrictions on the mode:\n- *nae*: All modes are allowed except *tls-cert-opt-pw-opt*. Default is *unauth-tls-pw-req*.\n- *web*: The only allowed mode is *tls-cert-opt-pw-opt*.\n- *kmip*: The only allowed modes are *tls-pw-opt*, *tls-pw-req*, *tls-cert-pw-opt* and *tls-cert-and-pw*. Default is *tls-cert-pw-opt*.\n- *snmp*: N/A.\n- *ssh*: N/A.\n- *preboot*: N/A.\n\nThe *tls-pw-opt*, *tls-pw-req*, *tls-cert-req* and *tls-cert-and-pw-req* modes verify that the TLS client\ncertificate is signed by one of the trusted CAs.\n\nThe *tls-cert-req* and *tls-cert-and-pw-req* extract the user name from the certificate.\nThe *certUserField* Interface configuration parameter specifies how the user name is extracted\nfrom the client certificate. The default value is *CN*. It must be one of the following:\n- *CN*: common name\n- *OU*: organizational unit\n- *SN*: surname\n- *E*: email address\n- *UID*: user ID\n- *E_ND*: email without domain; the data to the left of the @ sign in the email address is taken as the user name.\n\nHard delete option for KMIP keys:\nkmip_enable_hard_delete option enables hard delete of keys on KMIP Destroy operation, that is, both meta-data and\nmaterial are removed from CipherTrust Manager for the key being deleted. By default, only key material is removed and meta-data\nis preserved with the updated key state. This setting applies only to KMIP interface. Should be set to 1 for enabling\nthe feature or 0 for returning to default behavior.\n\nTLS Ciphers contain the list of cipher suites available in the system for the respective interfaces (KMIP, NAE & WEB)\nfor TLS handshake. Every new interface will be created with the default set of cipher suites and can be updated using\nupdate interface API (/v1/configs/interfaces/{interface}).\nRemoval or addition of any cipher suite is not allowed; cipher suites can only be marked as enabled or disabled provided\nthey are configurable, and also, order can be changed to set preference order.\nTLS 1.3 ciphers suites are not configurable, however, you can disable the TLS protocol as a whole.\nDisabling all cipher suites for protocols up to TLSv1.2 is restricted unless respective protocols are disabled.\n\nThe CipherTrust Manager system might need to be restarted after any interface update for the new settings to take effect.\n"},"Records":{"description":"A record is an auditable event. Audit records are created for significant\nevents in CipherTrust Manager, such as logins, key creations, password changes,\nand other events of note. As well, client records from CipherTrust client events \nare uploaded to CipherTrust Manager.\n\nThe API provides an endpoint for searching records and for configuring\nconditions to create an alarm based on a matching record.\nThis is an example of a record resource:\n\n {\n \"id\":\"547617c3-bd1f-4d8f-89f8-98936a5480da\",\n \"uri\":\"kylo:kylo:audit:records:547617c3-bd1f-4d8f-89f8-98936a5480da\",\n \"account\":\"kylo:kylo:admin:accounts:kylo\",\n \"application\":\"ncryptify:gemalto:admin:apps:kylo\",\n \"devAccount\":\"ncryptify:gemalto:admin:accounts:gemalto\",\n \"createdAt\":\"2019-08-13T06:36:44.35942Z\",\n \"principal\":{\n \"acc\":\"kylo\",\n \"iss\":\"kylo\",\n \"sub\":\"local|34118030-ee80-4eb3-9289-5ed78af9eae1\",\n \"acct\":\"kylo:kylo:admin:accounts:kylo\"\n },\n \"details\":{\n \"id\":\"0ab0c77e2a549b49c8399c5139a233e3c0b50c1d73ab0861896df60d60cefb64\",\n \"uri\":\"kylo:kylo:vault:keys:key1-v0\",\n \"name\":\"key1\",\n \"size\":256,\n \"ownerId\":\"local|34118030-ee80-4eb3-9289-5ed78af9eae1\",\n \"algorithm\":\"AES\",\n \"usageMask\":12,\n \"objectType\":\"Symmetric Key\"\n },\n \"message\":\"Create Key\",\n \"service\":\"minerva\",\n \"requestId\":\"183004e4-fea3-4810-bfc0-840f24bdf145\",\n \"success\":true,\n \"username\":\"admin\",\n \"severity\":\"info\",\n \"client_ip\":\"\",\n \"source\":\"\"\n }\n"},"Policies":{"description":"Policies define access control rules.\n\nCipherTrust Manager uses an [Attribute-Based Access Control (ABAC)](https://en.wikipedia.org/wiki/Attribute-Based_Access_Control)\nsystem to authorize requests. ABAC essentially means authorization\ndecisions are based on the attributes and the entities involved with\nthe request. ABAC is a superset of many other authorization frameworks.\nFor example, RBAC, which makes decisions based on the roles of the\nuser, is also an ABAC system. RBAC uses one specific attribute of the\nuser (roles) to make authorization decisions.\n\nABAC systems, like CipherTrust Manager, can use any attribute of the request,\nthe requesting user, or the resources involved, to make the\nauthorization decision.\n\nCipherTrust Manager's ABAC policy language is based on XAMCL. The core concept\nof the language is the Policy resource. Policy resources describe the\nwho, what, where, and when of what is allowed and what is denied.\nCipherTrust Manager breaks each request down into a set of discrete *operations*\nrequired to fulfill the request. For each operation, CipherTrust Manager searches\nits database for Policies which match attributes of the operation, and\ncombines them into an authorization decision. The decisions for\neach operation are combined to issue a final authorization decision for\nthe overall request.\n\nWhen a request is received by the system, it translates the request into a\nset of *operations*. An *operation* is a JSON object describing the\nrequest. Here's an abridged example of an operation:\n\n {\n \"action\": \"ReadKey\", // the requested action\n \"resource\": \"a:b:vault:keys:signingkey\", // the target resource\n \"context\": {\n \"principal\": {\n // attributes of the requesting user\n },\n \"resource\": {\n // attributes of the target resource\n },\n \"environment\": {\n // other request attributes, like time of\n // day, network origin, or request params\n }\n }\n }\n\nThere are usually lots of attributes in the `principal`, `resource`, and\n`environment` sections. Here's an example of an actual, complete operation:\n\n {\n \"action\": \"CreateKey\",\n \"resource\": \"kylo:kylo:vault:keys:first-v0\",\n \"context\": {\n \"principal\": {\n \"aud\": \"4414d7ec-9b80-4bb4-b7a6-4c8ad5648333\",\n \"sub\": \"local|dc0d9fa0-a0d3-4b46-baee-cd9e07a3be77\",\n \"iss\": \"kylo\",\n \"acc\": \"kylo\",\n \"cust\": {\n \"groups\": [\n \"admin\"\n ]\n },\n \"acct\": \"kylo:kylo:admin:accounts:kylo\",\n \"user\": \"ncryptify:gemalto:admin:users:local-dc0d9fa0-a0d3-4b46-baee-cd9e07a3be77\",\n \"ident\": \"ncryptify:gemalto:admin:identities:local-dc0d9fa0-a0d3-4b46-baee-cd9e07a3be77-local-dc0d9fa0-a0d3-4b46-baee-cd9e07a3be77\",\n \"app\": \"ncryptify:gemalto:admin:apps:kylo\",\n \"dev_acct\": \"ncryptify:gemalto:admin:accounts:gemalto\",\n \"jti\": \"7478ba67-26b0-494e-9a9d-bf42c21a8629\",\n \"jwtid\": \"7478ba67-26b0-494e-9a9d-bf42c21a8629\",\n \"signer\": \"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0ODU0Nzc2OTUsImlhdCI6MTQ4NTM4NDA5NSwicHViayI6Ii0tLS0tQkVHSU4gUlNBIFBVQkxJQyBLRVktLS0tLVxuTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFvdnBlR3FwQkZidlFZQnpraDI1d1xuTkFEYnhMTGRJWHVpNzNCR0V4YXZzaXIvekMxeUtLem5nMnBqRWVkMklSL1VsbG5BTnRGaWRwMnFJL29PMkw1NVxuNlhvTlBSVk9NQkVRZ1pBK3I1bkpwR2JIcWtKRTFFVW8yNy9weVdXTUc3cndISjhqTWc4UTBwY3NUZXhGYi80MVxuUUxHaGp0c1RZcnVTMmpvU2FxSVVzSEhGT2Y0T1RNMlcrNUxTNGFUVzQ4aFFXL2lKbytnQnFtc0lWaFE3Y2JEc1xuMTNnNUhjTlVaN3FadUNobjFJZ1Jsb2Z6NjNFakN3UkVqNGlYVmQwdStwUklVTnFZZElzdGdmU0FGRlZLSkpyUVxuM1pjeVZTWUdqYjRGNFFQS3dBVUxhNi8rb1dLbGpsRDRDT0hNaC8vWjdDWGxkeHBJcVZnL04zYkRjQTJDbWlkbVxucVFJREFRQUJcbi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS1cbiJ9.u1HydcVRRciFvtzciv7f-46P4m8jCNFiJFQAMjkdc1niD9yT6cHBqVei86ETGyDOGXX3ztczqiImKd6say95WZxe7CrZTqC6HF_6ZF1rtlSSpPk34yr7HAOz78_4CLksAxfQnt9OX1rriZ_VTloDlMXufEIJzdP-ysKDVVnUeMo\",\n \"iat\": 1485384273,\n \"exp\": 1485384873\n },\n \"resource\": {\n \"account\": \"kylo:kylo:admin:accounts:kylo\",\n \"algorithm\": \"AES\",\n \"application\": \"ncryptify:gemalto:admin:apps:kylo\",\n \"createdAt\": \"0001-01-01T00:00:00Z\",\n \"devAccount\": \"ncryptify:gemalto:admin:accounts:gemalto\",\n \"format\": \"raw\",\n \"id\": \"\",\n \"meta\": null,\n \"name\": \"first\",\n \"size\": 256,\n \"undeletable\": false,\n \"unexportable\": false,\n \"updatedAt\": \"0001-01-01T00:00:00Z\",\n \"uri\": \"kylo:kylo:vault:keys:first-v0\",\n \"usage\": \"blob\",\n \"version\": 0\n },\n \"environment\": {\n \"time\": \"2017-01-25T22:44:33.914124104Z\"\n }\n }\n }\n\nA Policy consists of properties describing the attributes of matching\noperations, and a rule, which is the effect the Policy has on the\nfinal authorization decision: either allow or deny. This is an\nabbreviated example of a Policy resource which matches the operation\nabove:\n\n {\n \"allow\": true,\n \"actions\": [\"ReadKey\"],\n \"resources\": [\"a:b:vault:keys:signingkey\"],\n \"conditions\": []\n }\n\nThe system then selects the set of Policies where:\n\n1. the operation's `action` matches one of the Policy's `actions.`\n2. AND the operation's `resource` matches one of the Policy's `resources.`\n3. AND the operation meets all the Policy's `conditions` (if any).\n\nAn operation may match many Policies. The `allow` properties of the\nmatching Policies combine to form a final decision. CipherTrust Manager's\nstrategy for combining policies is that an operation must match at\nleast one \"allow\" policy, and cannot match any \"deny\" policies.\n\n> Policies by themselves are not immediately enforced, meaning the\n> authorization system will ignore them. Policies need to be assigned\n> to a set of users in order to be enforced. See [Policy Attachments](#Policy_Attachments).\n\nThe following sections describe the Policy's properties in more detail.\n\n**`actions`**\n\nThe `action` attribute of an operation is a string, in the form of\n\"VerbResource\" (e.g. \"CreateKey\"), or\n\"VerbWithResource\" (e.g. \"EncryptWithKey\"). Most of the resource types,\nlike \"Key\", \"Policy\", and \"Record\" share a common set of verbs: \"Read\",\n\"Create\", \"Update\", and \"Delete\". For example, the basic set of\nactions which target Key resources are:\n\n- CreateKey\n- ReadKey\n- UpdateKey\n- DeleteKey\n\nSome resources support additional verbs. For example, the following\nadditional actions apply to Keys:\n\n- ExportKey\n- UseKey\n- EncryptWithKey\n- DecryptWithKey\n- SignWithKey\n- SignVerifyWithKey\n- MACWithKey\n- MACVerifyWithKey\n\nThe `actions` attribute of Policies is an array of these values,\nand may contain wildcards (? or _). Examples:\n\n \"actions\": [\"CreateKey\"] // matches \"CreateKey\"\n \"actions\": [\"CreateKey\",\"DeleteKey\"] // matches \"CreateKey\" OR \"DeleteKey\"\n \"actions\": [\"*Key\"] // matches all actions ending with \"Key\"\n \"actions\": [\"*\"] // matches all actions\n\n**`resources`**\n\nThe `resource` attribute of an operation is in the form of a\nresource URI. Therefore, the `resources` attribute of Policies is an\narray of URIs, and can contain wildcards (? or *). Examples:\n\n \"resources\": [\"a:b:c:d:e\"] // single resource\n \"resources\": [\"a:b:c:d:e\",\"x:y:z:w:v\"] // multiple resources, matches either\n \"resources\": [\"a:b:*:d:e\"] // wildcard\n \"resources\": [\"*\"] // matches all resources\n\n**`conditions`**\n\nConditions are rules for matching the other attributes of the operation.\nRemember, an operation is a JSON object describing everything about the\nrequest: the who, what, to what, when, etc.\nConditions use an expression syntax that let you compose complex\nmatching rules against almost any attribute of the operation.\n\nIn the Policy structure, the `conditions` attribute is an array of condition objects.\nWhen evaluating whether a policy matches an operation, any conditions contained in the policy are\nalso evaluated against the operation. All conditions must be satisfied for the policy to match,\ni.e. the conditions are combined with a boolean AND.\n\nTo understand the syntax of a condition, let's look at an\nexample operation, and a policy which matches the operation.\n\nThis is the operation:\n\n {\n \"action\": \"CreateKey\",\n \"resource\": \"kylo:kylo:vault:keys:moms3-v0\",\n \"context\": {\n \"principal\": {}, // omitted...\n \"resource\": { // some properties omitted...\n \"alg\": \"aes\"\n },\n \"environment\": {}, // omitted...\n }\n }\n\nThis is a matching Policy, with a condition:\n\n {\n \"allow\": true,\n \"actions\": [\"*Key\"],\n \"resources\": [\"*\"],\n \"conditions\": [\n {\n \"path\": \"context.resource.alg\",\n \"op\": \"equals\",\n \"values\": [\"aes\"]\n }\n ]\n }\n\nThis Policy will grant the users to which it is assigned permission\nto perform actions matching \"*Key\", on any resource, with\none condition: the key must have a property named \"alg\" with the value\n\"aes\".\n\nThe condition's `path` is \"context.resource.alg\". That is\ninterpreted as a JSON path, evaluated against the operation object:\n`context` -> `resource` -> `alg`, which resolves to a\nvalue of \"aes\".\n\nThe `op` property of the condition is the comparison operator used to\ncompare the value in the operation with the conditions' values.\n\nThe `values` property of the condition can be a single value or an array of\nvalues. If `values` is an array, the values combine with a boolean\nOR. In other words, the operation value is compared\nwith *each* of the items in the `values` array, and if *any* match, the\ncondition is met. If `values` is not an array, it's treated like\nan array of one item.\n\n> To disambiguate an array of values from a single value *which\n> is an array*, you'll need to nest such values\n> inside another array. As an example, say I want\n> to match against users who are members of two, and only two, groups: \"hr\"\n> and \"eng\". That condition would look like:\n>\n> {\n> \"path\":\"context.principal.groups\",\n> \"op\":\"equals\",\n> \"values\":[[\"hr\",\"eng\"]]\n> }\n>\n> `values` is set to an array with a single item, which itself is an array\n> with the two groups in it. This translates to \"`groups`\n> must equal an array containing `hr` and `eng`\".\n> If the condition had been:\n>\n> {\n> \"path\":\"context.principal.groups\",\n> \"op\":\"equals\",\n> \"values\": [\"hr\",\"eng\"]\n> }\n>\n> ...that would translate to \"`groups` must equal either `hr`\n> or `eng`\".\n\nThe `op` property is the operator used to compare the operation value\nto the condition values. These are the supported operators:\n\nop | description\n--- | ---\nequals, == | values must match exactly. Values can be any JSON type (string, int, array, object, etc).\nequalsIgnoreCase | like `equals`, but only works with string values\nempty | the value must not be present in the operation, or must be equal to `null`, an empty string, an empty array, or an empty object. `values` is ignored.\nmatches, regex, =~ | `values` should be regex expressions, which are matched against the operation value. Only works with strings.\ncontains, @> | The operation value must \"contain\" the condition value. JSON containment is implemented like postgres' [JSONB containment](https://www.postgresql.org/docs/9.4/static/datatype-json.html#JSON-CONTAINMENT) operator. Briefly, for scalar values, like strings or ints, containment is the same as equality. For arrays, array A contains value B if either B is a scalar value and present in A, or B is also an array, and all of B's items are also in A. For objects, object A contains object B if all of B's properties are in A, and the A's values for those properties contain B's values for those properties (recursively).\n\nExamples:\n\n \"foo\" contains \"foo\" // scalars just use equality\n [\"foo\",\"bar\"] contains \"foo\" // array contains scalar\n [\"foo\",\"bar\"] contains [\"foo\"] // array contains array with matching items\n {\"color\":\"red\"} contains {\"color\":\"red\"} // objects: properties match\n {\"groups\":[\"hr\",\"eng\"]} contains {\"groups\":[\"hr\"]} // contains is recursive\n [[\"hr\",\"eng\"]] does not contain [\"hr\"] // left array does not contain\n // a single scalar value equal to\n // \"hr\". but...\n [[\"hr\",\"eng\"]] contains [[\"hr\"]] // and...\n [\"hr\",[\"it\",\"eng\"]] contains [\"hr\"]\n\n**Template Variables**\n\nConditions also support the use of \"template variables\", which are resolved at\nthe time of the authorization request. Variables are useful for conditions\nthat compare one attribute of the request to another attribute of\nthe request, e.g. to compare an attribute in the target resource to\nan attribute of the user making the request.\n\nThe `path` and `values` properties of conditions also support the use\nof template variables, which are resolved at the time of the\nauthorization request. To understand the syntax of template variables,\nlet's use an example. A user has made a request, which resulted in\nan authorization check on this operation:\n\n {\n \"action\": \"CreateKey\",\n \"resource\": \"kylo:kylo:vault:keys:moms3-v0\",\n \"context\": {\n \"principal\": { // Some properties omitted...\n \"groups\": [\"hr\",\"it\"]\n },\n \"resource\": { // Some properties omitted...\n \"permissions\": {\n \"CreateKey\": [\"it\"]\n }\n },\n \"environment\": {} // omitted\n }\n }\n\n\nHere's an example of a matching policy condition which\nuses template variables:\n\n {\n \"path\":\"context.resource.permissions.{{action}}\",\n \"op\":\"contains\",\n \"values\": \"{{context.principal.groups}}\"\n }\n\nThe `path` for this condition contains the template variable `{{action}}`.\nWhen the condition is evaluated, `{{action}}` will be replaced by the\naction in the operation, which in this example is \"CreateKey\". So\nthe resolved path will be \"context.resource.permissions.CreateKey\".\n\nSimiliarly, the `{{context.principal.groups}}` variable will be\nevaluated against the operation, and will resolve to\n`[\"hr\",\"it\"]` (the `groups` attribute of the principal).\n\nPut these together, and the condition could be described as\n\"The resource's permissions must grant the requested action to one of\nthe user's groups\".\n\nThe fully resolved condition would look like this:\n\n {\n \"path\":\"context.resource.permissions.CreateKey\",\n \"op\":\"contains\",\n \"values\": [\"hr\",\"it\"]\n }\n\nBecause `values` are combined with a boolean OR, this condition means\nthat the array of group names at `context.resource.permissions.CreateKey`\nmust contain one of the group names in the `values` array (any one).\n\nTemplate variables must be embedded inside string values, and are\nenclosed in double curly braces. The value inside the braces is\na JSON path evaluated against the operation at the time of the request.\n\n> Even though the template variable in `values` was embedded\n> in a string, since it resolved to an array, the system replaced the\n> string with an array. If the template variable is the entire value of\n> the string its embedded in, the string is replaced with\n> the resolved value. If the template variable is embedded in a string with\n> other characters, the overall value will still be a string.\n\nThe final, resolved condition is then evaluated against the operation.\nTemplate variables are useful in situations where the condition involves\ncomparing multiple attributes of the operation to each other.\n\n**Operation Attributes**\n\nThe `resource` of the operation will be the same\nJSON object that is returned if you GET that resource with the REST\nAPI. To see the attributes of a resource which can be referenced\nin policy conditions, GET that resource. Here is a complete example\nof a Key resource:\n\n {\n \"id\": \"2ad35187-e180-4339-a36c-a8de9ae6f64b\",\n \"uri\": \"kylo:kylo:vault:keys:moms3-v0\",\n \"account\": \"kylo:kylo:admin:accounts:kylo\",\n \"application\": \"ncryptify:gemalto:admin:apps:kylo\",\n \"devAccount\": \"ncryptify:gemalto:admin:accounts:gemalto\",\n \"createdAt\": \"2016-12-21T17:24:53.092358873Z\",\n \"name\": \"moms3\",\n \"updatedAt\": \"2016-12-21T17:24:53.092358873Z\",\n \"usage\": \"blob\",\n \"meta\": {\n \"ownerId\": \"local|95a4d02e-2371-422c-bb17-a218ba0375a5\"\n },\n \"version\": 0,\n \"algorithm\": \"AES\",\n \"size\": 256,\n \"format\": \"raw\",\n \"unexportable\": false,\n \"undeletable\": false\n }\n\nThe `principal` of the operation is an object containing\nthe attributes of the authenticated user. Use the `/admin/principal`\nendpoint to get the principal resource for the current user.\nHere's an example of a `principal` resource:\n\n {\n \"aud\": \"4414d7ec-9b80-4bb4-b7a6-4c8ad5648333\",\n \"sub\": \"local|95a4d02e-2371-422c-bb17-a218ba0375a5\",\n \"iss\": \"kylo\",\n \"acc\": \"kylo\",\n \"acct\": \"kylo:kylo:admin:accounts:kylo\",\n \"user\": \"ncryptify:gemalto:admin:users:local-95a4d02e-2371-422c-bb17-a218ba0375a5\",\n \"ident\": \"ncryptify:gemalto:admin:identities:local-95a4d02e-2371-422c-bb17-a218ba0375a5-local-95a4d02e-2371-422c-bb17-a218ba0375a5\",\n \"app\": \"ncryptify:gemalto:admin:apps:kylo\",\n \"dev_acct\": \"ncryptify:gemalto:admin:accounts:gemalto\",\n \"cust\": {\n \"groups\": [\n \"admin\"\n ]\n }\n }\n\nThe `sub` attribute is the user's `user_id`. `cust.groups` is an array\nof the groups of which the user is a member. `aud`,`iss`,`acc`,`acct`,`user`,\n`ident`, `app`, and `dev_acct` are reserved for future\nuse.\n"},"Policy Attachments":{"description":"Policies on their own are not enforced. Policies have to be assigned to a\nset of users first. This is done by creating Policy Attachment resources.\nHere's an abbreviated example of a Policy Attachment:\n\n {\n \"policy\": \"a:b:admin:policies:admins\",\n \"principalSelector\": {\n \"cust\": {\n \"groups\": [\"admin\"]\n }\n },\n\n // The following properties are copied from the attached\n // policy. They are read-only, and included here reduce\n // the number of roundtrips to the API\n \"actions\": ...,\n \"resources\": ...,\n \"allow\": ...,\n \"conditions\": ...\n }\n\nA Policy Attachment assigns, or \"attaches\", a single policy, identified\nby the `policy` attribute, to a set of\nusers whose attributes match a selector, known as the `principalSelector`.\nThis is very similar to the way Policies match the attributes of the\noperation. In fact, a Policy Attachment is virtually identical a policy\ncondition in the form:\n\n {\n \"path\": \"context.principal\",\n \"op\": \"contains\",\n \"values\": [ {} ] // the object nested is the principalSelector\n }\n\nThe effect of Policy Attachments and conditions overlap: it is possible\nto achieve identical effects by attaching a broad Policy to a narrowly\ndefined Policy Attachment, or attach a Policy with a narrowly defined\ncondition on the \"context.principal\" to a broadly defined Policy\nAttachment which matches all users. The redundancy is intentional:\n\n1. Policies are somewhat expensive to evaluate, so the fewer Policies that\nneed to be evaluated against a request, the better. Policy Attachments\nevaluate faster than Policy conditions, so they can quickly narrow the\nset of Policies to evaluate.\n2. On the other hand, Policy Attachments do not support template\nvariables, which are supported in Policy conditions. Template variables\nsometimes reduce the number of Policies required to express complex\nauthorization rules. Again, this reduces the number of policies to\nevaluate, which increases performance. Template variables can also\nexpress rules that cannot be expressed with Policy Attachments.\n3. Finally, Attachments promote Policy re-use.\n\nTo create a Policy Attachment, the request must include the `policy`\nand `principalSelector` properties. The `policy` property can be any\nof the policy's identifiers: the `id`, `uri`, or `name`. After creation,\nthe `policy` attribute will be the policies `uri`.\n\nThe `principalSelector` should include a set of attributes to match\nagainst the principal of an operation. The system evaluates whether\nthe principal \"contains\" the `principalSelector`. The semantics of the\n\"contains\" operator, and the attributes of principals, are described in\n[Policies](#Policies). To match *all* users, use an empty\n`principalSelector`.\n\nThe attributes of Policy Attributes which are copied from the\nreferenced policy do not need to be specified when creating Policy\nAttachments. They are read-only.\n\nFor convenience, repeating the same create Policy Attachment request is\nallowed, and indempotent. In other words, if I issue the same create\nrequest three times, containing the body:\n\n {\n \"policy\":\"admins\",\n \"principal\": {\n \"cust\": {\n \"groups\": [\"admin\"]\n }\n }\n }\n\n...the first request will succeed, creating the Attachment. The\nsubsequent requests will also succeed. They will be no-ops on the server,\nand will simply return the existing attachment.\n"},"Licensing":{"description":"Licenses can be installed to enable extended functionality for enterprise level\nfeatures such as clustering and external identity provider options, and for various\nconnectors such as KMIP clients.\n\nBy default the system ships with a trial for the enterprise level features, which can be\nactivated using the `licensing/trials` API.\n\nLicenses are locked to a particular Virtual CipherTrust Manager instance. Get the license lock code using the\n`licensing/lockdata` API and use the license lock code on Thales’\nVirtual CipherTrust License portal to get the license code. Install the\nlicense using the `licensing/licenses/` API. Installed licenses and\nlicensed features can be retrieved as well.\n\nThe API provides an endpoint for license management.\n"},"Syslog Connections":{"description":"Audit records can optionally be sent to one or more external syslog\nserver(s). By default audit records are stored in the local database and\nwill continue to do so even if syslog connections are configured. Each\naudit record will be sent to each configured syslog connection.\n\nA syslog connection can either use UDP, TCP or TCP + TLS as the transport\nprotocol. When TCP + TLS is used a trusted CA certificate in PEM format\nmust also be provided.\n\nAll syslog messages are generated with facility `local0`.\n\nAvailable log message format are:\n* `rfc5424` (default)\n* `plain_message`\n* `cef`\n* `leef`\n\nAn example entry looks as follows:\n\n**Plain Message:**\n```\n2019-08-12 06:25:12 ciphertrust CipherTrust: 2019-08-12 06:25:12 | 'Update Syslog Connection' succeeded ({\"createdAt\":\"2019-08-12T06:25:12.380743Z\",\"details\":{\"id\":\"e847e529-d331-45f9-a494-83ee7ce6ab69\"},\"message\":\"Update Syslog Connection\",\"service\":\"kylo\",\"success\":true,\"username\":\"admin\",\"severity\":\"info\",\"clientIP\":\"\",\"source\":\"\"})\n```\n\n**RFC5424:**\n```\n2019-08-12 06:22:16 ciphertrust CipherTrust: <134>1 2019-08-12 06:22:16 ciphertrust CipherTrust - b7999852-dd64-46e9-b924-c3999eca9fad [msg=\"Update Syslog Connection\" sev=\"6\" details=\"'Update Syslog Connection' succeeded ({\"createdAt\":\"2019-08-12T06:22:16.113081Z\",\"details\":{\"id\":\"e847e529-d331-45f9-a494-83ee7ce6ab69\"},\"message\":\"Update Syslog Connection\",\"service\":\"kylo\",\"success\":true,\"username\":\"admin\",\"severity\":\"info\",\"clientIP\":\"\",\"source\":\"\"})\"]\n```\n\n**CEF:**\n```\n2019-08-05 11:40:19 ciphertrust CipherTrust: 2019-08-05 11:40:19 ciphertrust CEF:0|Thales Group|CipherTrust|Development|34a71dbf-26d2-47ea-b66d-44e38d0f6c99|Update Syslog Connection|6|'Update Syslog Connection' succeeded ({\"createdAt\":\"2019-08-12T06:14:54.762963Z\",\"details\":{\"id\":\"e847e529-d331-45f9-a494-83ee7ce6ab69\"},\"message\":\"Update Syslog Connection\",\"service\":\"kylo\",\"success\":true,\"username\":\"admin\",\"severity\":\"info\",\"clientIP\":\"\",\"source\":\"\"})\n```\n\n**LEEF:**\n```\n2019-08-05 12:39:03 ciphertrust CipherTrust: 2019-08-05 12:39:03 ciphertrust LEEF:2|Thales Group|CipherTrust|Development|Update Syslog Connection|{\"name\":\"Update Syslog Connection\",\"sev\":\"6\",\"details\":\"'Update Syslog Connection' succeeded ({\"createdAt\":\"2019-08-12T06:20:06.926665Z\",\"details\":{\"id\":\"e847e529-d331-45f9-a494-83ee7ce6ab69\"},\"message\":\"Update Syslog Connection\",\"service\":\"kylo\",\"success\":true,\"username\":\"admin\",\"severity\":\"info\",\"clientIP\":\"\",\"source\":\"\"})\n```\n\nThe first time stamp is generated and added by syslog and the second time\nstamp is the time of the actual audit record.\n\nIn a multi-node clustered environment the syslog connections\nconfiguration will be automatically synchronized and each node will be\naware of all syslog servers. The syslog message will be sent from the\ncurrently active node. This means that if an event that results in an\naudit record is performed on node 1 the syslog message will originate\nfrom node 1, in a similar manner if an audit event is performed on node 2\nthe syslog message will in this case originate from node 2.\n\nPlease note that it can take up to 5 minutes before the syslog\nconnections configuration is applied to all nodes in the cluster.\n"},"Cluster":{"description":"A `cluster` is a group of one or more system `nodes` that syncronize their data. A `cluster` is\ninitially created on a single system, which becomes the first node in the cluster. Additional nodes\ncan then be added. The full sequence for creating a two node cluster is:\n\n1. POST `/cluster/new` on the initial node. This creates a one node cluster.\n2. POST `/cluster/csr` on the new node to get a CSR.\n3. POST `/nodes` with the CSR to the member node to get a cert and chain.\n4. POST `/cluster/join` on the new node with the cert and chain to join the node to the cluster.\n\nAdditional nodes can be joined in the same way by repeating steps 2,3 and 4. Note that on some calls a hostame is\nrequired. This must be a hostname or IP address that nodes in the cluster can use to contact each other.\n"},"Cluster Nodes":{"description":"The Cluster Nodes API is used for creating new nodes, getting information about existing nodes, and for deleting nodes. When\ndeleting a node, the DELETE must be send to a node other than the one being deleting. This will cause replication\nto stop to the deleted node, which should be destroyed.\n"},"Backups/Backup-Restore":{"description":"Backups are a snapshot of the data in a system at a point in time. They are created on the system,\nand after creation they can be used to restore the system to a previous state, or to transfer data\nfrom one system to another. When a backup is created, it starts an asynchronous backup operation. The status of\na backup can be checked with a GET request. Backups are encrypted with a `backup key`. They can then\nbe stored externally or transferred to another system. You must transfer the backup key to the target system before\nrestoring an encrypted backup.\n\nPartial domain backup supports different types of resources to be backed up. Resources supported are \"Keys\", \"cte_policies\"{{FF_BACKUP_RESTORE_CF|, \"customer_fragments\"}} and \"users_groups\".\n\nIn case of Partial domain backup of keys, it is recommended to always backup all versions of keys.\n\n**WARNING:** Taking backups of selective or only latest version of keys can lead to situation where data encrypted with non-backed up version is not possible to decrypt.\nTo backup all versions of specific keys, use names. Sample request: `\"resourceQuery\": {\"names\" : [\"key1\", \"key2\"]}`\n"},"Backups/SCP Backup":{"description":"The APIs in this section are used to copy backup to the external servers using Secure Copy Protocol (SCP)\nor Simple File Transfer Protocol (SFTP).\n\nThe following operations can be performed:\n- Get SCP/SFTP public key\n- Copy backup to remote host machine\n- Get backup SCP/SFTP status\n\nSupported auth methods for SCP/SFTP connections are key and password.\nFor the auth method key, the user must download the public key from scp/publickey API and append it to the destination host machine's authorized keys,\nAnd for the auth method password user can provide the destination host machine password.\n\nUser also need to provide host public key for verification, which can be located at \"/etc/ssh/\" at destination host machine.\n"},"Backup Keys":{"description":"A backup key encrypts a backup file. A backup key includes two keys: an AES 256 encryption key and a HMAC SHA-256 signing key.\nA default backup key is created for each system, and additional keys can be created as needed. To\nrestore a backup to a different system, download the backup key used to encrypt the backup,\nand then upload the key to the target system. A password is required to protect the backup key when it is downloaded\nfrom the system.\n"},"Certificate Authority":{"description":"A Certificate Authority (CA) issues and installs digital certificates and\ncertificate signing requests (CSR).\n\nA certificate generally acts as the identity of a server or client and\nthis API can be used to issue server and client certificates in order to\nsetup trusted communication channels to the system. A Certificate\nAuthority acts as the initially trusted shared entity between peers and\ncan issue signed certificates to make it possible for each party to trust\nthe other.\n\nThe system distinguishes between local CAs and external CAs with the\ndifference that a local CA can issue signed certificates as the private\nsigning key is stored inside the system. An external CA does not store\nthe private key and can instead be used as a trusted entity for various\ninterfaces and services inside the system when certificates are issued\nexternally. It is fine to have a mix of both.\n\nDuring initial bootstrapping of a new server a new local `CipherTrust Manager root\nCA` is automatically generated. This CA is later used to issue a server\ncertificate for the interfaces available in the system. An easy way to\ninspect the certificate chain is to view the certificates in your browser\nwhen you connect to the web interface. All interfaces and services will\nby default trust this CA which means that a client certificate issued\nfrom this initial `CipherTrust Manager root CA` will automatically be trusted by\nthe system. If preferred it is possible to create new local CAs and/or\nexternal CAs and instead used them for the internal interfaces and\nservices.\n\nCreating a local CA is a two step process:\n 1. Invoke `Create local CA` which creates a local CA in `pending` state\n and returns a CSR for signing.\n 2. A `pending` local CA can then be activated in two ways:\n - Invoke `Self-sign a local CA` to let the CA sign itself. This is\n typically done for Root CAs.\n - Invoke `Install a local CA` which requires a signed certificate\n based on the CSR from the `pending` CA. This certificate can be\n signed by any other entity such as an external CA or even an other\n local CA.\n\nOnce a local CA exists a signed certificate can be issued in two steps:\n1. Invoke `CSR` to create a CSR and private key. It is also possible to\n create the CSR and the private key using any other software as this API\n is stateless and doesn't store anything in the system.\n2. Invoke `Issue certificate` and provide the CSR, the purpose and the\n duration. A new signed certificate will be returned.\n\nCipherTrust Manager allows to revoke and resume certificates signed by local CA.\nUser can specify a reason to revoke a certificate according to RFC 5280.\nCertificates revoked with `certificateHold` reason will only allow resuming.\n\nCreating an external CA is a single step:\n1. Invoke `Upload external CA` and provide the signed external CA\n certificate.\n"},"Links":{"description":"Links are a way to associate key objects. This implementation is based on the KMIP standard,\nand so there are specific types of Links:\n\n- privateKey\n- publicKey\n- certificate\n- derivationBaseObject\n- derivedKey\n- replacementObject\n- replacedObject\n- parent\n- child\n- previous\n- next\n- pkcs12Password\n- pkcs12Certificate\n\nA link must have a type (one of the above), a source, and a target. For example, if a Link\nhas a source of key1, a target of key2, and a type of `publicKey`, it means that: key2 is the public\nkey associated with key1 (which is presumably a private key). Links are uni-directional, so in the previous\nexample there will be another link of type `privateKey`, with a source of key2, and target of key1.\nIn KMIP calls, links appear as attributes associated with the source object.\n\nFor convenience, links will also appear as a read-only array for objects returned from the Keys API.\n"},"NTP Servers":{"description":"NTP (Network Time Protocol) is used to synchronize time with an external time source.\n\nIf at least one NTP server is added CipherTrust Manager will internally start and run the NTP time daemon `ntpd` to set the\nsystem time. It is recommended to configure more than a single NTP server to ensure the time is correct at all\ntimes. Each time an NTP server is added or removed CipherTrust Manager will automatically referesh the internal NTP daemon to\nuse the new set of NTP servers.\n\nMore information about the recommended number of NTP servers can be found on [ntp.org.](http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers#Section_5.3.3.)\n\nNTP servers in CipherTrust Manager are uniquely identified by the `host`.\n\nPlease note that the NTP server configuration isn't synchronized between servers in a cluster. This means that\nany NTP servers must be added to each individual server in the cluster and it also means that it is possible to\nhave different set of NTP servers in each server.\n"},"Network":{"description":"Tools for testing communications from a CipherTrust Manager system to other\nmachines via tools that emulate ping, netcat (checkport), traceroute and nslookup.\n\nAPIs for managing and retrieving the network interfaces of a CipherTrust Manager\nnode. An interface supports two families: inet (IPv4) and inet6 (IPv6). A\nfamily may be disabled or configured to use either static values or\ndynamic values (e.g. via DHCP). All addresses returned in a response are\nlive values even if the network interface is configured dynamically.\n\nPlease note there is a risk that modifying a network interface remotely\nusing this API may make communication with the node impossible without\nconsole access.\n"},"MKek":{"description":"MKek is Master Key Encryption Key. The Key is common across multiple nodes\nin a cluster and is used as a master key to protect the secrets in a CipherTrust Manager.\nThe interface provides APIs to manage MKek. The following operation can be performed on MKek\n- List MKek : Lists the mkeks.\n- Get MKek : Gets the mkek by ID.\n- Rotate MKek : Rotates the default mkek which creates a new mkek across the nodes in a cluster\nas well as in a non-cluster node.\n"},"HSM Servers":{"description":"HSM (Hardware Security Module) is a physical device for more secure\nmanagement of sensitive data, such as keys, inside CipherTrust Manager. These set\nof APIs allows for dynamic configuration of the HSM servers used.\n\nSupported HSM types are `luna`, `lunatct`, `lunapci`, `protectserver`, `aws`, `dpod`, `gcp`, `nshield` and `ibmhpcs`.\n\nBefore you can integrate an HSM with CipherTrust Manager, some configuration\nis needed on the HSM to allow CipherTrust Manager to connect. The necessary values\nare described in the `connInfo` and `initialConfig` schemas. Consult documentation for the particular\nHSM product and version for more information on creating the needed passwords, certificates,\nand string values.\n\nDuring initial setup a `reset` operation is required to perform an\ninitial bootstrap of the CipherTrust Manager using the HSM. This means that all\nexisting data in the system will be wiped and CipherTrust Manager will be stared\nfrom a clean slate.\n\nAfter the initial HSM setup it is possible to add further HSMs for\nhigh-availability (HA). Adding further HSMs doesn't require a reset as\ndata will be synchronized from the other HSMs in the HA group. When the\nsecond HSM is added a HA group will automatically be created and will\nrequire a `restart` operation for all connections to start to use the HA\ngroup. Without the restart all existing connections will use the\ninitially configured HSM and the server won't fully utilize the HA\nfeature.\n\nPlease note that these APIs can have a big impact on the availability of\nCipherTrust Manager and the data inside it. It should be used with great care and\nclear intentions. It is always recommended to take a backup before using\nthese APIs.\n"},"Info":{"description":"These endpoints allow the user to query for some basic information from\nCipherTrust Manager - the name, version and model number, vendor of the platform.\n\nIt is also possible to update the platform name to something that is\nillustrative to the user.\n"},"Disk Encryption":{"description":"For added security, the disk of the CipherTrust Manager system can be fully encrypted.\n\nFollowing are APIs for management of the encryption status of hard disks. It supports\noperations to retrieve the status of the disk and to encrypt the disk at next boot.\n\nThese APIs are only accessible after first boot; if the user desires to encrypt\nthe disk before first boot the cloud-init methods must be used.\n"},"ProtectFile":{"description":"ProtectFile is a file-system level encryption solution that leverages\nthe cryptographic and key management features of the CipherTrust Manager platform\nto protect unstructured data. ProtectFile performs transparent\nencryption - authorized users and processes continue to have read and write access\nto the encrypted data; unauthorized users and processes cannot access the encrypted data.\nProtectFile provides data security with fully automated encryption of unstructured\ndata contained on file servers and network shares. Working together with a CipherTrust Manager\nsystem, ProtectFile combines encryption and access control policies to\nprotect the folders and files residing on servers, and network shares.\n\nWhile handling a file, ProtectFile does not encrypt, modify, or update most\nfile metadata, such as file name, creation time, type, size, ownership, or attributes. Exceptions are-\n- Time stamp. When ProtectFile migrates a folder, each file’s time stamp is updated\nwhen the migration is complete.\n- File size as seen by Backup users. Backup users see the actual size of the encrypted file.\nOther users see the pre-encryption size of the file.\nThe Security Officer administers the policies and ProtectFile keys on the CipherTrust Management\nConsole. CipherTrust Manager pushes the policies and ProtectFile keys to the file server.\nThe file server administrator deploys ProtectFile on\nfile servers and network shares. ProtectFile protects the specified local paths and\nmapped network shares. The file server sends the logs and notifications to CipherTrust Manager.\nThe file user accesses the files from the file server as per the applied access policies.\n"},"ProtectFile/Clients":{"description":"A client represents a ProtectFile client that can be a file server, database server, or any other application server.\nA client profile is required to create a client resource. The client has ipaddress/hostname field to identify a client machine.\nThe creation of a client generates a `sharedSecret` that is required by the client during the registration/bootstrap process.\n\nA client can be linked to multiple rules for encryption of defined paths. The linking of client and rule also requires\na key and an access policy group. The rule needs to be deployed to be effective.\nThe valid operations on a client-rule association are:\n- `Encrypt` : Performs data encryption according to the rule properties.\n- `KeyRotate` : Performs key rotation according to the rule properties and `keyRotationType`.\n- `Decrypt` : Performs data decryption for the specified rule and removes the client-rule association on successful decryption.\n"},"ProtectFile/ClientProfiles":{"description":"A client profile defines the CipherTrust Manager redundancy information, logging criteria for ProtectFile clients, and settings that can be used for several ProtectFile clients. At least one client profile must be defined before a ProtectFile client can be added to the CipherTrust Manager.\n\nA client profile can be configured to:\n- Enable redirection of access logs from a ProtectFile client to a configured Syslog server.\n- Protect sensitive data from a rogue “root” user.\n- Use failover for ProtectFile.\n"},"ProtectFile/AccessPolicies":{"description":"Access Policies define the access restrictions applied on an `encrypted` or `non-encrypted` path.\nThe accesspolicy can be created for the `user`, `group`, `process` or a combination of `user-process` and `group-process`.\n`user-group` is not a valid combination.\nFollowing are the valid access permissions:\n- `NoAccess`: No Access to user/group/process\n- `EncryptDecrypt`: Encrypt and Decrypt permission\n- `Decrypt`: only Decrypt permission\n- `Encrypt`: only Encrypt permission\n- `BackupRestore`: Read and Write permission, but in cipher text\n- `Backup`: Read permission, but in cipher text\n\nThe types defined for access policy are:\n- `user`\n- `group`\n- `process`\n- `user AND process`\n- `group AND process`\n"},"ProtectFile/AccessPolicyGroups":{"description":"Access Policy Group is a logical grouping of multiple access policies. The policy group can be applied to a client instead of\nindividual access policies. The policies can be of different types - `user`, `group`, `user AND process`, etc.\n"},"ProtectFile/Rules":{"description":"Rule defines the a path, properties, and configuration for encryption and access control. Two types of rules are:\n1. Rules with the `encryptData` flag set to true support encryption of data with access control.\n2. Rules with the `encryptData` flag set to false only support access control, not the encryption.\n\nThe fields for extensions can be used to include or exclude files of specific extension(s) to be encrypted and access controlled.\nA single rule can be associated with multiple clients.\n"},"ProtectFile/Shares":{"description":"A share represents a shared path of Network-attached storage. The type of share can be 'SMB/CIFS' or 'NFS'.\nThe share can be created using ip-address or hostname of NAS device.\nA bootstrapped client is required to perform encryption of existing data, this client is known as the `encryptorClient`.\n\nIf Distributed File System (DFS) is used to organize many distributed SMB file shares, it can be enabled using `dfs` flag\nand name can be provided using `dfsAlias`. This is applicable for SMB share with Windows as `encryptorClient`.\n\nThe `automount` flag can be used for Autofs feature of Linux to mount the encrypted share automatically on user’s demand.\nThis feature is applicable for `NFS` share type with Linux client as `encryptorClient`.\n\nA share can be linked to multiple rules for encryption of defined paths. The linking of share and rule also requires\na key and an access policy group. The rule needs to be deployed to be effective.\nThe valid operations on a share-rule association are:\n- `Encrypt` : Performs data encryption according to the rule properties.\n- `KeyRotate` : Performs key rotation according to the rule properties and `keyRotationType`.\n- `Decrypt` : Performs data decryption for the specified rule and removes the client-rule association on successful decryption.\n"},"ProtectFile/Clusters":{"description":"Cluster groups together multiple ProtectFile clients to enable application of same policies.\n"},"Migrations":{"description":"This API can be used for migrating backups taken on 'KeySecure Classic' or 'DSM' (Data Security Manager) devices onto the newer CipherTrust Manager devices.\nThe backup file should be uploaded before migration.\nThe uploaded backup files can be listed and deleted.\nThe migration is performed asynchronously. The state of the ongoing migration can be monitored.\nA 'KeySecure Classic' backup file is protected by a password, and the password is specified when migrating the backup file.\nA 'DSM' backup file is protected by a 'Migration Split Key'. The 'Migration Split Keys' API should be used\nfor uploading these keys. These keys must be uploaded before the backup is migrated.\n"},"Alarms":{"description":"The alarms API displays the state of CipherTrust Manager alarms. Each alarm has a unique name. Examples of alarm state\nare on, off, unknown, etc. Each alarm has a severity, which are listed below.\n"},"CDP":{"description":"The CDP APIs can be used for adding and updating database migration information for CipherTrust Database Protection(CDP) clients.\n"},"SNMP":{"description":"This API can be used for configuring SNMP management stations (notification receivers), Community names and\nSNMPv3 USM users for managing and monitoring the CipherTrust Manager using SNMP protocol.\nSNMP versions v1, v2c and v3 are supported.\n\nSNMP interface is not started by default. It can be started from 'Settings | Interfaces' GUI, API or CLI.\nIt must be started before using this API.\n"},"CTE":{"description":"CipherTrust Transparent Encryption (CTE) delivers data-at-rest encryption with centralized key management, privileged user access control, and detailed data access audit logging. This protects data wherever it resides—on-premises, across multiple clouds, and within big data.\n\nCTE:\n - Encrypts files and raw data\n - Controls which users can decrypt and access that data\n - Controls which processes and executables can decrypt and encrypt that data\n - Generates fine-grained audit trails on those processes, executables, and users\n"},"CTE/Clients":{"description":"A client is a computer system where the data needs to be protected. A compatible CTE Agent software is installed on the client. The CTE Agent can protect data on the client or devices connected to it. A client can be associated with multiple GuardPoints for encryption of various paths.\n\n*OPERATIONS* *On* *Client*:\n\n UnEnroll:\n\n - A CTE client with Active LDT GuardPoints cannot be unenrolled (unregistered).\n\n - After unenrolling, the client's GuardPoints will still be displayed on the CipherTrust Manager. However, their status will be displayed as Unknown.\n\n - The status of the client capabilities, for example, LDT will not change on the CipherTrust Manager. They will be displayed the same as they were before unenrolling the client.\n\n - The associated client under the Client-Management section is deleted after unenrolling. If the client is not deleted automatically, you can delete it manually.\n\n - The status of the unenrolled client will be displayed as Unregistered on the CipherTrust Manager.\n\n Delete:\n\n - Waits for the confirmation from the Agent before deleting anything on the CTE client.\n\n - Deletes all entries, capabilities, and GuardPoints associated with the client.\n\n - Deletes the associated client from the Client-Management section of the API playground.\n\n*STATES* *Of* *Client*:\n\n 1. Healthy: Client is registered with the CipherTrust Manager without any errors, that is, `init` is received from Agent without any issues. The client's status on the CipherTrust Manager is displayed as HEALTHY.\n\n 2. Warning: Client's communication is broken with the CipherTrust Manager or a GuardPoint is inactive due to any reasons. The client's status on the CipherTrust Manager is displayed as WARNING.\n\n 3. Error: Client's communication is broken with the CipherTrust Manager for more than five minutes. The client's status on the CipherTrust Manager is displayed as ERROR.\n\n 4. Unregistered: Client is unenrolled from the CipherTrust Manager. The client's status on the CipherTrust Manager is displayed as UNREGISTERED.\n\n 5. Expunged: Client's delete operation is triggered, but its confirmation is not yet received from the Agent. The client's status on the CipherTrust Manager is displayed as EXPUNGED.\n"},"CTE/Clients-GuardPoints":{"description":"A GuardPoint specifies the list of folders that contains paths to be protected. Access to files and encryption of files under the GuardPoint is controlled by security policies. GuardPoints created on a client group are applied to all clients in the group.\n\nA user can apply guardpoint on specific path on a selected file server. It can be either on a directory, or on a raw device, it can be a applied on a cloud storage, and all these options will be driven by the \"guard_point_type\" parameter.\n\nAfter creating a guardpoint user can perform various operations on it. One of them is **delete** operation, which removes the guardpoint configuration from client and server both. Another one is **disable**; which unlike the delete operation, only removes the configuration of guardpoint from agent, whereas its entry will still be available on server for future purposes.\n\nSpecific Guardpoints Details:\n\n Feature | Supported OS | Supported Policies\n --- | --- | ---\n Preserve Sparse Region | Windows, Linux | Live-Data Transformation (LDT)\n Secure Start | Windows | Standard policy and Live-Data Transformation (LDT)\n CIFS | Windows | Live-Data Transformation (LDT)\n\n\n\n\nSample for creating GP with *Preserve* *Sparse* *Region* Enabled:\n\n {\n \"guard_paths\": [\n \n ],\n \"guard_point_params\": {\n \"guard_point_type\": \"directory_auto/directory_manual\",\n \"policy_id\": ,\n \"preserve_sparse_regions\": true/false\n }\n }\n\n Note: \"preserve_sparse_region\" value cannot change to True once marked False for a Guardpoint.\n\n\nSample for creating GP with *Secure* *Start* Enabled:\n\n {\n \"guard_paths\": [\n \n ],\n \"guard_point_params\": {\n \"guard_point_type\": \"directory_auto/rawdevice_auto\",\n \"policy_id\": ,\n \"early_access\": true/false\n }\n }\n\n\nSample for creating GP with *CIFS* Enabled:\n\n {\n \"guard_paths\": [\n \n ],\n \"guard_point_params\": {\n \"guard_point_type\": \"directory_auto\",\n \"policy_id\": ,\n \"cifs_enabled\": True/False,\n \"network_share_credentials_id\": (Applicable if 'cifs_enabled' parameter is TRUE)\n }\n }\n"},"CTE/ClientGroups":{"description":"A client group is used to group one or more clients to simplify configuration and administration. GuardPoints created on a client group are applied to all members of the group. Additionally, you can apply client group configuration settings (except the password, Agent Lock, System Lock, and Communication Enabled settings) to all clients in a client group.\nCTE supports non-clustered client groups. A non-clustered client group contains members that are not members of a cluster. A client can be a member of multiple client groups.\n"},"CTE/ClientGroups-GuardPoints":{"description":"A GuardPoint specifies the list of folders that contains paths to be protected. Access to files and encryption of files under the GuardPoint is controlled by security policies. GuardPoints created on a client group are applied to all members of the group.\n"},"CTE/CloudObjectStorage":{"description":"CTE can encrypt data and apply access rules on the GuardPoints in the cloud. CTE supports Amazon S3 buckets.\n"},"CTE/Policies":{"description":"A policy is a collection of rules that govern data access and encryption. Think of a policy as an if-then statement. Policy rules are processed sequentially. If the criteria of rule one are not met, the policy enforcement engine moves on to the second rule and so on.\n\nPolicies specify:\n- Actors: Users, groups, and processes that are permitted/denied access to protected data.\n- Actions: What actions authorized actors are allowed to perform. For example create/delete, read/write, decrypt, modify permissions, and so on.\n- Files acted upon: Policy rules may apply to entire directories and mount points, or only to files named in a specific way (for example,.docx files may be encrypted and restricted to read‐only access by designated users, while other files may be stored clear and read and written by anyone).\n\n**Note:** All keys which are applicable to be used in CTE policies need to have certain CTE specific parameters under the Key meta section. Refer **Keys** section for complete details\n\n**Types** **of** **Policies**:\n\n STANDARD POLICY:\n A STANDARD policy should contain security rules and/or key rules. At least one of these rules must be added to the standard policy.The security rules define the access permissions based on the policy elements (user sets, resource set, and process sets). The key rules define what key is used for encryption and decryption of data.\n\n LIVE DATA TRANSFORMATION(LDT) POLICY:\n An LDT policy should contain at least one non-exclusion key rule. The security rules define the access permissions based on the policy elements (user sets, resource set, and process sets).An LDT policy has two sets of keys, one is the current key and the other is transformation key.\n\n - Current key: The key with which the data is encrypted before any transformation. If the data is in plaintext, then the current key should be set as \"clear_key\".\n\n - Transformation key: The key with which the data is to be encrypted. This key must be VERSIONED so that multiple key versions can be created as and when required.\n\n CLOUD OBJECT STORAGE(COS) POLICY:\n A COS policy should contain security rules and/or key rules. At least one of these rules must be added to the COS policy.The security rules define the access permissions based on the policy elements (user sets, resource set, and process sets). The key rules define what key is used for encryption and decryption of data.\n\n *NOTE*: COS policies support the \"CBC_CS1\" keys only.\n\n In-PLACE DATA TRANSFORMATION(IDT) POLICY:\n An IDT policy should contain security rules and/or key rules. At least one of these rules must be added to the standard policy.The security rules define the access permissions based on the policy elements (user sets, resource set, and process sets). The key rules define what key is used for encryption and decryption of data.\n\n *NOTE*: IDT policies support the \"XTS\" keys only.\n\n CONTAINER STORAGE INTERFACE(CSI) POLICY:\n A CSI policy applicable to GuardPolicies for CTE Kubernetes (K8s) clients. Access to data is blocked during initial encryption or rekeying of data. This policy is similar to the Standard policy with the following limitations:\n * Signature sets are not supported.\n\n *NOTE*: For Container Storage Interface (CSI) policies, select a CBC-CS1 key. CSI policies do not support XTS and CBC keys.\n"},"CTE/Policies-DataTxRules":{"description":"Data transformation (dataxform) rules define:\n- Resources to be protected\n- Symmetric encryption key to use for\n - Rekeying the specified resources from one encryption key to a different key or\n - Rekeying resources into a plaintext format (also referred to as clear, unencrypted, or decrypted)\n"},"CTE/Policies-KeyRules":{"description":"A key rule defines the encryption key to apply to a specific resource set or the encryption key to use as the\ndefault key, if no other key rule matches. The key rule defines the sequence in which the key rules are to be\nexecuted (Order), the location of the data to be encrypted (Resource), and the encryption key to be applied to\nthe resource set (Key).\n\nWhen defining a key rule for an LDT policy, you can select a key that is applied to the resource set (Current Key\nName) and the key to use to rekey that resource set (Transformation Key Name).\n"},"CTE/Policies-LDTRules":{"description":"Live data transformation rules define:\nResources to be protected.\n\nSymmetric encryption key to use for:\n - Rekeying the specified resources from one encryption key to a different key.\n - Rekeying resources into a plaintext format (also referred to as clear, unencrypted, or decrypted).\n"},"CTE/Policies-IDTRules":{"description":"In-Place data transformation rules define:\n\nSymmetric encryption key to use for:\n - Rekeying the specified resources on a raw device from one encryption key to a different key.\n"},"CTE/Policies-SecurityRules":{"description":"A security rule defines who can access the data (User or Group), what they can do with the data (Action), which\napplications or executables have access to the data (Process), where the data is located (Resource), how the\ndata can be accessed (Effect), and whether it can be viewed from the CipherTrust Manager (Browsing).\n"},"CTE/Profiles":{"description":"A profile contains the CipherTrust Manager logging criteria for CTE clients, Syslog server configuration, default logging level, LDT Quality of Service (QoS) settings, and other settings that can be used for several CTE clients. A default profile, DefaultClientProfile, is created automatically when either of the following happens:\n\n- On successful registration of the first client if no profile is specified during registration.\n- On creation of the first client group. A new client group is automatically linked to DefaultClientProfile.\n\nWhen registering a CTE client, the installer prompts to specify a profile for the client. If not specified, DefaultClientProfile is automatically linked to the client on successful registration. The linked profile can be modified later. It is recommended to not delete or modify DefaultClientProfile.\n"},"CTE/ProcessSets":{"description":"A process set is a collection of processes (executables) that you want to grant or deny access to GuardPoints. This provides a way to manage processes independent of the policy. Policies can be applied to process sets, not to individual processes.\nOptionally, file signing can be configured to check the authenticity and integrity of executables and applications before they are allowed to access GuardPoint data. A signature set must already exist before you can configure file signing in a policy for a process set.\n"},"CTE/ResourceSets":{"description":"A resource is a combination of a directory, a file, and patterns or special variables. A resource set is a named\ncollection of directories, files, or both, that a user or process will be permitted or denied access to.\n"},"CTE/SignatureSets":{"description":"A signature set is a collection of hashes of processes and executables that you want to grant or deny access to GuardPoints. A signature set can be configured in a policy as part of a process set to verify the integrity of a process before it is allowed access to guarded data. Policies are applied to signature sets, not to individual signatures.\n\n**Note:**\n- K8 resources supported are: Pods, Deployment, ReplicaSet, StatefulSets, DaemonSet\n- Following is the sample YAML file for testing /v1/transparent-encryption/signaturesets/{signatureSetId}/upload-yaml API:\n```\napiVersion: apps/v1\nkind: ReplicaSet\nmetadata:\n name: frontend\n labels:\n app: guestbook\n tier: frontend\nspec:\n replicas: 3\n selector:\n matchLabels:\n tier: frontend\n template:\n metadata:\n labels:\n tier: frontend\n spec:\n containers:\n - name: php-redis\n image: gcr.io/google_samples/gb-frontend:v3\n```\n"},"CTE/UserSets":{"description":"A user set is a collection of users and user groups that you want to grant or deny access to GuardPoints. User sets are configured in policies. Policies can be applied to user sets, not to individual users.\n"},"CTE/LDTGroupCommServices":{"description":"An LDT group communication service contains a group of LDT-enabled CTE clients that can communicate with each other. An LDT group communication service is mandatory when using a multi-node solution for LDT over NFS/CIFS. The CipherTrust Manager pushes the LDT group details to all clients in the group.\n\n**Note:**\n\n- The LDT group communication services are applicable to the LDT-enabled CTE clients.\n- A client can be added to only one LDT group communication service at a time.\n- For successful communication among clients in an LDT group communication service, make sure that clients are registered with the CipherTrust Manager using their hostnames or IP addresses.\n\n**WARNING:** All the clients guarding a common share must be part of the same LDT group communication service, otherwise, data may be corrupted. If you need to change the LDT group of a client, ensure that the client no longer guards the common share.\n\nFor example, if 10 clients will be guarding a common share, add all of them to the same LDT group communication service only. To change the LDT group communication service of one of these clients, ensure that the client no longer guards the share. However, to change the LDT group of all 10 clients, it is recommended to take the GuardPoint offline, change the LDT group, and reapply the GuardPoint.\n"},"CTE/CSIStorageGroups":{"description":"This section contains APIs for managing Storage Group resources related to Kubernetes Container Storage Interface (CSI).\n"},"CTE/Permissions":{"description":"This API is used to display the list of permissions for all the CTE resources, for example, Clients, Policies, Signatures and GuardPoints etc. Most of the resources require read, update, and delete permissions. Example of the permissions required by clients and policies resources are given below:\n\nResource Type | Actions | Description\n---------------- | ------------------| -----------\nclients | ReadClientCTE | Permission to read the CTE clients.\nclients | UpdateClientCTE | Permission to update the CTE clients.\nclients | DeleteClientCTE | Permission to delete the CTE clients.\npolicies | ReadPolicyCTE | Permission to read the CTE policies.\npolicies | UpdatePolicyCTE | Permission to update the CTE policies.\npolicies | DeletePolicyCTE | Permission to delete the CTE policies.\n"},"CTE/Reports":{"description":"This section contains APIs for fetching CTE reports. A report contains informaton related to association of CTE clients, policies, keys, guardpoints and profiles.\nReports can be fetched system wide or domain specific.\n\nFor fetching system wide reports user must be member of either `admin` or `CTE Admins` group and for domain specific report `domain_name` filter param is required.\n\nFor example assuming below as CipherTrust Manager domain hierarchy, fetching system wide report will return reports from `root, domain1 and domain1_child` domains.\n\nroot |\n--------------|\ndomain1 |\ndomain1_child |\n**Top to down domain hierarchy**\n\nSample output of client health system wide report:\n\n {\n \"skip\": 0,\n\t \"limit\": 10,\n\t \"total\": 3,\n\t \"resources\": [\n\t\t {\n\t\t\t \"domain_name\": \"domain1\",\n\t\t\t \"client_name\": \"client_domain1\",\n\t\t\t \"os_type\": \"UNKNOWN\",\n\t\t\t \"os_sub_type\": \"\",\n\t\t\t \"os_kernel\": \"\",\n\t\t\t \"client_version\": \"\",\n\t\t\t \"status\": \"UNREGISTERED\",\n\t\t\t \"total_gp\": 0,\n\t\t\t \"enabled_gp\": 0\n\t\t },\n\t\t {\n\t\t\t \"domain_name\": \"domain1_child\",\n\t\t\t \"client_name\": \"client_domain1_child\",\n\t\t\t \"os_type\": \"UNKNOWN\",\n\t\t\t \"os_sub_type\": \"\",\n\t\t\t \"os_kernel\": \"\",\n\t\t\t \"client_version\": \"\",\n\t\t\t \"status\": \"UNREGISTERED\",\n\t\t\t \"total_gp\": 0,\n\t\t\t \"enabled_gp\": 0\n\t\t },\n\t\t {\n\t\t\t \"domain_name\": \"root\",\n\t\t\t \"client_name\": \"client_root\",\n\t\t\t \"os_type\": \"UNKNOWN\",\n\t\t\t \"os_sub_type\": \"\",\n\t\t\t \"os_kernel\": \"\",\n\t\t\t \"client_version\": \"\",\n\t\t\t \"status\": \"UNREGISTERED\",\n\t\t\t \"total_gp\": 1,\n\t\t\t \"enabled_gp\": 1\n\t\t }\n\t ]\n }\n"},"CTE/File Activity Monitoring":{"description":"File Activity Monitoring(FAM) encompasses all the necessary information for managing data sources within the Data Security Framework (DSF) platform. \nThis information is crucial for ensuring effective oversight and protection of data access activities.\n"},"Scheduler":{"description":"Used for scheduling CCKM synchronization, key rotation{{FF_DATABASE_BACKUP|, database backup}} and AWS XKS credential rotation jobs.\n\n**Time Specification**\n\nThe time that a job runs is described in the run_at parameter using the cron expression format : \"* * * * *\". These five values indicate when the job should be executed. They are in order of minute, hour, day of month, month, and day of week.\n\nThe following table lists the accepted values:\n\nField Name | Mandatory? | Allowed Values | Allowed special characters\n ----------- | ------------ | ----------------- | ----------------------------\nMinute | Yes | 0-59 | * / , -\nHour | Yes | 0-23 | * / , -\nDay of month | Yes | 1-31 | * / , - ?\nMonth | Yes | 1-12 or JAN-DEC | * / , -\nDay of week | Yes | 0-6 or SUN-SAT | * / , - ?\n\n\n- Month and Day of week field values are case insensitive. For example, \"SUN\", \"Sun\", and \"sun\" are equally accepted.\n\n- Asterisk ( * ) The asterisk indicates that the cron expression will match for all values of the field; e.g., using an asterisk in the 5th field (month) would indicate every month.\n\n- Slash ( / ) Slashes are used to describe increments of ranges. For example 3-59/15 in the 1st field (minutes) would indicate the 3rd minute of the hour and every 15 minutes thereafter.\n\n- Comma ( , ) Commas are used to separate items of a list. For example, using \"MON,WED,FRI\" in the 5th field (day of week) would mean Mondays, Wednesdays and Fridays.\n\n- Hyphen ( - ) Hyphens are used to define ranges. For example, 9-17 would indicate every hour between 9am and 5pm inclusive, MON-WED would indicate Monday through Wednesday, JAN-JUN would indicate every month from January through June.\n\n- Question mark ( ? ) Question mark can be used instead of (\\*) for leaving either day-of-month or day-of-week blank. ( ? ) means no specific value. For example, to run the job every 10th day of the month and not limit the job to a particular day of the week: '\\* \\* 10 \\* ?'.\n"},"Notifications":{"description":"Notifications are sent whenever an alarm is triggered. For example, if an alarm is triggered because an audit record matches a record based alarm configuration then an email notification is sent to every registered email address.\n\nLimitation: only record based alarms send notifications. Built-in alarms, such as `Disk Full`, will not issue notifications.\n\nNote: notifications via email require configuring an SMTP server.\n"},"SMTP Servers":{"description":"An SMTP server must be configured in order to send notifications via email.\nNote: only a single SMTP server is supported.\n"},"Logs":{"description":"These endpoints perform system logs related operations. They provide APIs for downloading logs and changing logs level.\nThere are two types of logs, debug logs and activity logs (further divided into\nNAE activity logs, KMIP activity logs, and web activity logs).\n\nEach type of log file can be downloaded separately, or they can be all downloaded together. Both the current and rotated\nlogs are included. Download returns a gzipped tar file containing log files, certificate and digital signature. An optional\nparameter (ca_id) can be provided for signing the downloaded log files. If ca_id is not provided, the default local CA,\ni.e., CipherTrust Manager Root CA, signs the downloaded log files.\n\nDownloaded files are placed in a diretory, and the name of the directory is __logs.\n"},"BDT":{"x-feature":"FF_BDT_TILE","description":"The Batch Data Transformation utility (BDT) provides a policy-based data tranformation and re-key service.\n"},"BDT/Protection Profiles":{"x-feature":"FF_BDT_TILE","description":"A protection profile is an object that contains all the information needed\nto perform a cryptographic operation.\n"},"BDT/Character Sets":{"x-feature":"FF_BDT_TILE","description":"A character set is used with format preserving algorithms. For example when\nencrypting a credit card number a user will want the encrypted data to only\ncontain numbers. The default character sets are \"All Digits\" and \"Alphanumeric\"\nbut a user can choose to create a custom character set by specifying\nthe range of the characters used.\n"},"BDT/Containers":{"x-feature":"FF_BDT_TILE","description":"A container can be either a database or a CSV file. It has all the information\nneeded to access and connect to it (file path, database credentials).\n"},"BDT/Policies":{"x-feature":"FF_BDT_TILE","description":"A BDT policy contains all the information required to perform a batch operation.\nIt is composed of a source, a destination and the protection profiles\nassigned to each column.\n"},"Data Protection":{"description":"Data protection is a centralized place for all App and Database encryption\nconfiguration. The configuration contains elements such as the key or algorithm\nused for an encryption operation. It can be accessed by multiple products from\nthe CipherTrust Manager platform. This allows a user to use a one product to encrypt\ndata and another product to decrypt it using the same configuration.\n"},"Data Protection/Character Sets":{"x-feature":"FF_ADP_CENTRAL_POLICY","description":"A character set is used with format preserving algorithms. For example when\nencrypting a credit card number a user will want the encrypted data to only\ncontain numbers. The default character sets are \"All Digits\" and \"Alphanumeric\"\nbut a user can choose to create a custom character set by specifying\nthe range of the characters used.\n\nNote: The character sets are also used in the BDT API.\n"},"Data Protection/Protection Policies":{"x-feature":"FF_ADP_CENTRAL_POLICY","description":"A protection policy is an object that contains all the information needed\nto perform a cryptographic operation.\n"},"Data Protection/DPG Policies":{"x-feature":"FF_ADP_DPG_FOR_REST","description":"Data Protection Gateway (DPG) protects sensitive data which is transmitted over REST in a JSON\npayload based on the configuration defined in its configuration file.\n\nA DPG policy governs the behavior of DPG execution. It contains a set of URLs tied with encryption parameters.\n"},"Connection Manager":{"description":"The Connection Manager can be used to manage connections with third party servers and services such as AWS, Azure, Salesforce, Google CLoud Platform (GCP) Cloud or Luna SA HSM.\nThese connections allow CipherTrust Manager connectors to access resources needed for cryptographic, key management, or data discovery and classification tasks.\n\nNote that Connection Manager does not include external services which authenticate CipherTrust Manager users. Those services\nare managed through the usermgmt/connections endpoints on the Connections section.\n\nThe APIs in this section are common to all types of connections, and can be used to perform the following operations:\n- List/Search connections\n- Delete connections\n\nThe APIs for a specific connection type are not presented here. Check for them in the section associated with that specific connection type.\n"},"Connection Manager/Akeyless Connections":{"description":"The APIs in this section deal with connections to the Akeyless servers in the cloud. The following operations can be performed:\n- Create/Delete/Get/Update an Akeyless connection.\n- List all Akeyless connections.\n- Test an existing Akeyless connection.\n- Test a connection that hasn't been created yet by passing in the connection parameters.\n"},"Connection Manager/AWS Connections":{"description":"The APIs in this section deal with connections to the AWS cloud. The following operations can be performed:\n- Create/Delete/Get/Update an AWS connection.\n- List all AWS connections.\n- Test an existing AWS connection.\n- Test a connection that hasn't been created yet by passing in the connection parameters.\n"},"Connection Manager/Azure Connections":{"description":"The APIs in this section deal with connections to the Azure cloud. The following operations can be performed:\n- Create/Delete/Get/Update an Azure connection\n- List all Azure connections\n- Test an existing Azure connection\n- Test a connection that hasn't been created yet by passing in the connection parameters.\n"},"Connection Manager/Google Connections":{"description":"The APIs in this section deal with connections to the Google Cloud Platform (GCP) cloud. Currently only service account credentials type is supported.\nThe following operations can be performed:\n- Create/Delete/Get/Update a GCP connection\n- List all GCP connections\n- Test an existing GCP connection\n- Test a connection that hasn't been created yet by passing in the connection parameters.\n"},"Connection Manager/Hadoop Connections":{"description":"The APIs in this section deal with connections to the Hadoop servers. The type of Hadoop connections currently supported is Knox.\nThe following operations can be performed:\n- Create/Delete/Get/Update a Hadoop connection\n- List all Hadoop connections\n- Test an existing Hadoop connection\n- List all the nodes in an existing Hadoop connection\n- Add/Delete/Get/Update a node in an existing Hadoop connection\n- Test a connection that hasn't been created yet by passing in the connection parameters.\n"},"Connection Manager/Luna Network HSM Servers":{"description":"The APIs in this section deal with Luna Network HSM Servers. These servers will be used when creating a connection\nof a Luna Network HSM type. These APIs, currently, support CipherTrust Cloud Key Manager (CCKM) as a product.\nThe following operations can be performed:\n- Create/Delete/Get a Luna Network HSM Server\n- List all Luna Network HSM Servers\n"},"Connection Manager/Luna Network HSM Connections":{"description":"The APIs in this section deal with connections to the Luna Network HSM. A Luna Network HSM connection could be an\nHA or non-HA. HA stands for High Availability which means there will be more than one paritions to ensure\navailability and load balancing. A non-HA connection is a connection to a single partition of an HSM Server.\nAn HA connection is a connection to multiple partitions of one or more HSM Servers.\nThe following operations can be performed:\n- Create/Delete/Get/Update a Luna Network HSM connection\n- List all Luna Network HSM connections\n- Test an existing Luna Network HSM connection\n- Test a connection that hasn't been created yet by passing in the connection parameters.\n"},"Connection Manager/SMB Connections":{"description":"The APIs in this section deal with connections to file shares using the Server Message Block (SMB) protocol.\nThe share's path (share-name) is not stored as part of connection. The path needs to be passed as parameter\nto the test connection APIs.\n\nThe following operations can be performed:\n- Create/Delete/Get/Update a SMB connection\n- List all SMB connections\n- Test an existing SMB connection\n- Test a connection that hasn't been created yet by passing in the connection parameters.\n\nNote: Common Internet File Share (CIFS) is a dialect of Server Message Block (SMB).\n"},"Connection Manager/DSM Connections":{"description":"The APIs in this section deal with connections to the DSM Key Manager.\nThe following operations can be performed:\n- Create/Delete/Get/Update a DSM connection\n- List all DSM connections\n- Test an existing DSM connection\n- List all the nodes in an existing DSM connection\n- Add/Delete/Get/Update a node in an existing DSM connection\n- Test a connection that hasn't been created yet by passing in the connection parameters.\n"},"Connection Manager/External CM Server":{"description":"The APIs under this section are used for initial setup of external CM connections.\nThese APIs provide information about the Nodes and Root CAs needed for external CM connections.\nThe following operations can be performed:\n- Create/Delete/Get external CM \n- List all external CMs\n- Add/Delete/Get/Update a node in an existing external CM Server\n- Add/Delete a CA in an existing external CM Server\n"},"Connection Manager/CM Connections":{"description":"The APIs in this section deal with connections to the external CipherTrust Manager.\nThe following operations can be performed:\n- Create/Delete/Get/Update a CM connection\n- List all CM connections\n- Test an existing CM connection\n- Test the connection parameters before establishing the connection.\n"},"Connection Manager/SCP Connections":{"description":"The APIs in this section deal with connections used to copy files like system backup to the external servers using\nSecure Copy Protocol (SCP) {{FF_SFTP_PROTOCOL|or Simple File Transfer Protocol (SFTP)}}.\n\nThe following operations can be performed:\n- Create/Delete/Get/Update a SCP{{FF_SFTP_PROTOCOL|/SFTP}} connection\n- List all SCP{{FF_SFTP_PROTOCOL|/SFTP}} connections\n- Test an existing SCP{{FF_SFTP_PROTOCOL|/SFTP}} connection\n- Test a connection that hasn't been created yet by passing in the connection parameters\n\nSupported auth methods for SCP connections are key and password. For auth method key,\nthe user must download the public key from scp/publickey API and upload it to the destination host machine's authorized keys,\nAnd for auth method password user can provide the destination host machine password.\n\nUser also need to provide host public key for verification, which can be located at \"/etc/ssh/\" at destination host machine.\n"},"Connection Manager/Salesforce Connections":{"description":"The APIs in this section deal with connections to the Salesforce cloud. The following operations can be performed:\n- Create/Delete/Get/Update a Salesforce connection\n- List all Salesforce connections\n- Test an existing Salesforce connection\n- Test a connection that hasn't been created yet by passing in the connection parameters.\n\nThere are two authentication methods supported.\n- Client Credentials: This method uses client secret and password along with the username and client id\nto authenticate the user.\n- Server Certificate: This method uses certificate along with username and client id. On creating a connection\nwhich uses certificate auth, the CipherTrust Manager creates a certificate and returns it. The certificate needs to\nbe uploaded on the salesforce server, for the authentication to work.\n"},"Connection Manager/SAP Data Custodian Connections":{"description":"The APIs in this section deal with SAP Data Custodian connections. The following operations can be performed:\n- Create/Delete/Get/Update a SAP Data Custodian connection for standard or technical user\n- List all SAP Data Custodian connections\n- Test an existing SAP Data Custodian connection\n- Test a SAP Data Custodian connection that hasn't been created yet by passing in the connection parameters\n\nProvide Standard User Credentials, which includes tenant, user and secret, for the authentication.\n\nProvide Technical User Credentials, which includes api key and secret, for the authentication.\nFor technical user, create connection activates the technical user and stores the updated secret which will be used\nfor testing the connection further.\nFor testing the connection without creating a connection first for technical user, activated secret has to be provided.\nAs activation only happens while creating the sap data custodian connection.\n"},"Connection Manager/Oracle Connections":{"description":"The APIs in this section deal with Oracle Cloud Infrastructure connections. The following operations can be performed:\n- Create/Delete/Get/Update an OCI connection\n- List all OCI connections\n- Test an existing OCI connection\n- Test the OCI connection parameters before establishing the connection\n\nThe user_ocid, tenancy_ocid, fingerprint, region, key_file are the mandatory parameters for OCI connection. The pass_pharse parameter is optional.\n"},"Connection Manager/OIDC Connections":{"description":"The APIs in this section deal with Connections to an Identity Provider(IdP) which support OIDC specifications. The following operations can be performed:\n- Create/Get/Update an OIDC connection\n- List all OIDC connections\n- Delete API which prevents deletion of an in-use connection. In order to delete an in-use connection, the force flag has to be set.\n\nThe client_id, client_secret and url are the mandatory parameters for OIDC connection. A SHA256 checksum value will also be sent in create and update API response which will be generated using client_secret and url.\n"},"Connection Manager/LDAP Connections":{"description":"The APIs in this section deal with Connections to an Identity Provider(IdP) which support LDAP specifications. The following operations can be performed:\n- Create/Get/Update/Delete an LDAP connection\n- List all LDAP connections\n- Test an existing LDAP connection\n- Test the LDAP connection parameters before establishing the connection\n\nThe server_url, base_dn and user_login_attribute are the mandatory parameters for LDAP connection.\n"},"Connection Manager/Elasticsearch Connections":{"description":"The APIs in this section deal with Elasticsearch log forwarder. The following operations can be performed:\n- Create/Delete/Get/Update an Elasticsearch connection\n- List all Elasticsearch connections\n- Test an existing Elasticsearch connection\n- Test the Elasticsearch connection parameters before establishing the connection\n\nThe host and port are the mandatory parameters respective to Elasticsearch connection.\n"},"Connection Manager/Loki Connections":{"description":"The APIs in this section deal with Loki log forwarder. The following operations can be performed:\n- Create/Delete/Get/Update a Loki connection\n- List all Loki connections\n- Test an existing Loki connection\n- Test the Loki connection parameters before establishing the connection\n\nThe host and port are the mandatory parameters respective to Loki connection.\n"},"Connection Manager/Syslog Connections":{"description":"The APIs in this section deal with Syslog log forwarder. The following operations can be performed:\n- Create/Delete/Get/Update a Syslog connection\n- List all Syslog connections\n- Test an existing Syslog connection\n- Test the Syslog connection parameters before establishing the connection\n\nThe host, port, and transport are the mandatory parameters respective to Syslog connection.\n\nNote - Test connection for UDP protocol is not supported.\n"},"Connection Manager/CSR Creation":{"description":"The API in this section creates a Certificate Signing Request (CSR) that can be used in a connection (eg: Azure, Salesforce) in CipherTrust Manager.\n\nThe corresponding private key is stored securely on the CipherTrust Manager. The user can get the CSR signed using the external PKI. \nIf the private key remains unused by a connection after 24 hours of creation, it gets deleted automatically.\n"},"Connection Manager/CC Connections":{"x-feature":"FF_CC","description":"The APIs in this section deal with Connections to an attestation authority which support confidential computing (CC) specifications. The following operations can be performed:\n- Create/Get/Update an CC connection\n- List all CC connections\n- Delete API which prevents deletion of an in-use connection. In order to delete an in-use connection, the force flag has to be set.\n\nThe client_secret and url are the mandatory parameters for CC connection. A SHA256 checksum value will also be sent in create and update API response which will be generated using client_secret with url or all of them (including base URL).\n"},"CCKM":{"description":"CipherTrust Cloud Key Manager (CCKM) centralizes the management of key life cycle for various cloud services providers.\n\nCCKM complies with data security mandates in cloud storage environments while retaining the custodianship of the encryption keys.\nEnterprises can back up keys on-premise, destroy keys when no longer needed, and manage the entire life cycle of the cloud keys.\n"},"CCKM/AWS Custom Key Stores":{"description":"CCKM provides APIs for integrating Custom Key Stores proxy service for Amazon Web Services. \nCustom Key Stores include External Key Store (XKS) and CloudHSM Key Store.\n\nCustom Key Store of type `AWS_CLOUDHSM` would have keys backed by CloudHSM cluster in AWS.\nCustom Key Store of type `EXTERNAL_KEY_STORE` could have keys from Luna HSM or CipherTrust Manager.\n\nUse the APIs in this section to perform following operations:\n1. Operations common to both key store types: \n - Create, list, get, update and delete custom key stores.\n - Connect and disconnect to a custom key stores.\n - Synchronizes AWS custom key stores, get status of synchronization job, cancel a synchronization job.\n\n2. Operations exclusive to external key store: \n - Block and unblock access.\n - Rotate credential.\n - List and get credentials.\n - Link local external key store with AWS.\n\n3. Operations exclusive to CloudhSM key store: \n - Get list of unused CloudHSM clusters (that are not already associated with a CloudHSM key store).\n\n4. Operations exclusive to HYOK keys:\n - Create an AWS HYOK key in a external key store.\n - Create, list, and get virtual keys and their versions.\n - Link an unlinked HYOK key.\n - List versions of an AWS HYOK key.\n - Block and unblock HYOK key access.\n\n5. Operations exclusive to CloudHSM keys:\n - Create key in a CloudHSM key store.\n"},"CCKM/AWSKeys":{"description":"CCKM provides the key management and storage for Amazon Web Services.\n\nUse the APIs in this section to:\n- Perform tasks such as creating, deleting, and uploading keys on AWS.\n- Synchronize AWS keys.\n- Update key parameters such as add-alias, add-tags, and description.\n- Schedule key rotation.\n"},"CCKM/AzureKeys":{"description":"CCKM provides the key management and storage for Microsoft Azure.\n\nUse the APIs in this section to:\n- Perform tasks such as creating, deleting, uploading, and restoring keys on Azure.\n- Synchronize Azure keys.\n- Update key parameters such as attributes and key_ops.\n- Schedule key rotation.\n"},"CCKM/AWSKms":{"description":"AWS Key Management Service (AWS KMS) is used to create and manage keys.\n\nUse the APIs in this section to:\n- List and add the AWS accounts and regions based on the connections.\n- Get, delete, and update the AWS KMS account.\n- Grant permissions to CCKM users to perform specific actions on the AWS KMS.\n"},"CCKM/AzureVaults":{"description":"Azure Key Vault is a tool for securely storing and accessing keys.\n\nUse the APIs in this section to:\n- Get the list of Azure vaults based on Azure subscriptions.\n- Add, delete, and update Azure vaults from the CCKM.\n- Create a vault on Azure.\n- Grant permissions to CCKM users to perform specific actions on the Azure vaults.\n"},"CCKM/AzureSubscriptions":{"description":"A Microsoft Azure subscription grants you access to the Azure services.\n\nUse the APIs in this section to:\n- Fetch Azure subscriptions based on the connection.\n- Get, list, and delete subscriptions from the CCKM.\n"},"CCKM/AWSReports":{"description":"AWS reports deal with creating various types of reports based on:\n- The key activities in AWS\n- Which applications are using which keys in AWS\n- Reconcile Key activities between Cloud Key Manager and AWS\n\nUse the APIs in this section to:\n- Get, delete Report Jobs.\n- Generate Reports based on report_type.\n- Get, list, and check the status of the report.\n"},"CCKM/AzureReports":{"description":"Azure reports deal with creating various types of reports based on:\n- The key activities in Azure\n- Which applications are using which keys in Azure\n- Reconcile Key activities between Cloud Key Manager and Azure\n\nUse the APIs in this section to:\n- Get, delete Report Jobs.\n- Generate Reports based on report_type.\n- Get, list, and check the status of the report.\n"},"CCKM/Google Cloud EKM":{"description":"For managing EKM endpoints that do not reside in a cryptospace, a user must belong to CCKM Admin group and Key User group to perform any operation (create ekm, list ekm, get ekm, update ekm, delete ekm, get policy, update policy, rotate ekm, enable ekm, and disable ekm).\n"},"CCKM/Google Cloud EKM CryptoSpaces":{"description":"For managing EKM endpoints that reside in a cryptospace, ensure to configure appropriate ACLs within the Google Cloud project in CCKM after giving appropriate permissions to a user or custom group. Refer admin guide for permission details.\n"},"CCKM/HSMLunaPartitions":{"description":"This section manages the Luna HSM partitions which has its own data, access controls, security policies, and separate administration access for at least some roles, independent of other HSM Luna partitions (if your HSM supports more than one). It could be single partition or group of partition which form a HA group.\n\nUse the APIs in this section to:\n- Add, list, and update Luna HSM partitions\n- View details of Luna HSM partitions\n- Grant permissions to users or groups to perform specific actions on the Luna HSM partitions\n- Delete Luna HSM partitions\n"},"CCKM/HSMLunaKeys":{"description":"CCKM provides the key management and storage for Luna HSM Keys.\n\nUse the APIs in this section to:\n- Create Luna HSM keys based on different cryptographic algorithms\n- List, update, replicate, and delete Luna HSM keys on CCKM\n- View details of Luna HSM keys\n- Delete keys from Luna HSM\n- Refresh keys from Luna HSM partitions, view the status of key refresh from partitions, view the details of a key refresh process, and cancel a key refresh process\n- Synchronize Luna HSM keys from partitions in CCKM, view the status of key synchronizations, view the details of a synchronization process, and cancel a synchronization process\n"},"CCKM/SFDC Cache Only Key Endpoints":{"description":"CCKM provides keys on demand for Salesforce Shield Platform Encryption's Cache-Only Key Service.\n\nUse the APIs in this section to:\n- Create and list SFDC Cache-Only Key endpoints for Salesforce to fetch Cache-Only keys.\n- Return details for an SFDC Cache-Only Key endpoint\n- Update base hostname and password authentication details for n SFDC Cache-Only Key endpoint\n- Delete an SFDC Cache-Only Key endpoint\n"},"DNS Hosts":{"description":"The DNS Hosts API is used to add DNS entries to CipherTrust Manager. DNS names are unique.\nMultiple IP addresses can be assigned to a single hostname and vice versa. While specifying a hostname, it is required to define the \ncorresponding IP address(es). The CipherTrust Manager directly connects to this IP address whenever its hostname is specified for any outbound \nconnection such as SMTP and Syslog Server.\nThe **type** field has been added. Possible values are:\n- **address** (default):\n Supports domain redirection. For example, if a DNS entry for the domain `example.com` exists with an IP address, the subdomain `abc.example.com` \n will also be redirected to the same IP as defined for the `example.com`. For entries with multiple IPs, round-robin is not supported. \n For example, if a DNS record is created with multiple IPs and type address, only a specific IP will be returned every time at the domain \n name resolution process.\n\n- **host-record**:\n Supports round-robin over multiple IPs, but doesn't support domain redirection. \n Therefore, the resolution only takes place when there's an exact match for the specified hostname.\n\nEither of the values can be used at a time. Currently, local DNS-Host entries are not resolved while configuring SNMP and NTP server.\n"},"Migration Split Keys":{"description":"The DSM (Data Security Management) product uses these type of keys for protecting its exported backups.\nThe CipherTrust Manager uses these keys for decrypting backups uploaded from the DSM.\n\nThese keys are split keys. That is, a single key is split into many shares.\nA minimum number of shares is required to reassemble the key.\nThe APIs in this section can be used for CRUD operations on these keys.\nThe APIs also provide methods for adding, modifying and deleting shares associated with these keys.\n"},"Proxy":{"description":"The proxy API is used to set the proxy in the system. The API also provides an option to input a CA certificate to trust by the system.\nA system restart is required after adding new or changing proxy settings.The following operations can be performed:\n- Set Proxy(http_proxy, https_proxy, no_proxy, certificate)\n- Update Proxy\n- Get proxy\n- Delete proxy\n"},"Quorum":{"description":"Quorum is a functionality where an administrator can configure a system that requires a number of\napprovers to approve an operation before it can be successfully executed.\n\nA quorum or a quorum request can have one of these six states: pre-active, active, approved, denied, executed, expired.\n\nWhen user initiates an operation, which is configured by the administrator to require a quorum, it is denied\nand leads to a creation of a quorum request. In case a quorum already exists for the same operation, the status\nof the existing quorum is used to determine the outcome of the operation.\n\nA new quorum created is in a 'pre-active' state. The user or requester of this quorum must activate the quorum\nbefore any of the approvers can review the quorum request. The requestor can optionally add a reason or\nmotivation for initiating the request while activating it. Once activated, the quorum is set to an 'active'\nstate and is now available for other approvers to review it. A quorum in 'pre-active' state is prone to an\nexpedited expiry.\n\nAny approver can vote to approve or deny a quorum request. A note can be added for additional information.\n\n - When the required amount of approvals are met, the quorum is set to an 'approved' state\n and any user requesting the operation again would succeed.\n - A deny vote forces the quorum into a 'denied' state suggesting that the operation should not be performed\nand the quorum is terminated.\n\nA quorum request is set to an 'executed' state if the operation has been successfully completed with an approved quorum.\n\nEvery quorum after a defined time limit is expired and this leads to the termination of that quorum.\n\nThe APIs listed in this section can be used to perform the following operations:\n\n1. List/Search Quorums\n\n2. Activate Quorum\n\n3. Delete Quorum\n\n4. Approve Quorum\n\n5. Deny Quorum\n\n6. Revoke vote\n\n7. List Resources of the Quorum \n\nQuorum Configuration:\n\nA quorum configuration consists of two parts: a quorum profile and a quorum policy.\n\nA quorum profile consists of the following configurations:\n\n1. User groups that can vote\n\n2. Number of approvals required\n\n3. Expiration period of a quorum\n\nA quorum policy consists of actions/operations and a quorum profile.\nThe quorum created as a result of this quorum policy uses the configuration parameters mentioned\nin the profile attached to it.\n\nNote:\n\n1. Quorum profiles and quorum policies cannot be created. A predefined set of profiles are provided and\nconsequently a set of policies can be activated associated with the profiles.\n2. Default operations supported for quorum policies:\n\n 1. DeleteKey\n 2. AddUserToGroup\n 3. ManagePolicyAttachment\n 4. DeletePolicy\n 5. DeleteDomain\n 6. DownloadBackupKeyDomain\n 7. RestoreBackupDomain\n 8. DownloadBackupkey (Only Root Domain)\n 9. RestoreBackup (Only Root Domain)\n 10. DeleteEKMEndpoint for deleting EKM Endpoints\n 11. DeleteClientCTE for deleting CTE Client\n 12. DeleteClientGroupCTE for deleting CTE Client-Group\n 13. DeleteGuardPointCTE for deleting CTE Guard-Point\n 14. UpdatePolicyCTE for updating CTE Policies Operations including (key, LDT, IDT, DataTx and Security Rules)\n 15. UpdateClientGroupCTE for updating CTE Client-Group\n 16. DeleteGoogleWorkspaceCSEEndpoint for deleting Google Workspace CSE endpoint.\n 17. UpdateQuorumProfile for updating the quorom policies.\n\nIf a Quorum is enabled for DeletePolicy and ManagePolicyAttachment(together), the activation and deactivation of \nQuorum for any supported operation has to go through the Quorum's approval process. This also applies to any other \nuser policy in the CipherTrust Manager i.e. If a Quorum is enabled for DeletePolicy and ManagePolicyAttachment, no \naccess control policy can be activated without going through Quorum's approval process.\n"},"Identity Providers":{"description":"The CipherTrust Manager allows configuration of external identity\nproviders with the use of \"connections\" of certain strategy.\n\nAvailable external identity providers:\n\n- OpenID Connect (oidc)\n\nOther external identity providers may be added in the future.\n"},"Log Forwarders":{"description":"Audit records and activity logs can optionally be sent to one or more\nexternal log forwarder. By default these logs are stored in the local\ndatabase and/or local disk and will continue to do so even if log\nforwarders are configured. Each log record will be sent to each\nconfigured log forwarder.\n\nIn a multi-node clustered environment the log forwarders configuration\nwill be automatically synchronized and each node will be aware of all log\nforwarders. The log forwarder message will be sent from the currently\nactive node. This means that if an event that results in a log record is\nperformed on node 1 the log record will originate from node 1, in a\nsimilar manner if a log record is performed on node 2 the log record will\nin this case originate from node 2.\n"},"Prometheus Metrics":{"description":"The CipherTrust Manager (CM) exports metrics that can be collected and viewed by a\nPrometheus monitoring system (see https://prometheus.io/).\nThe CM provides API tokens for Prometheus metrics monitoring clients.\nThe API tokens can be created by an administrator and passed on to the\nPrometheus monitoring clients. The API tokens don't expire.\nAn API token is returned when Prometheus metrics are enabled, or when the status is obtained.\nThe API token can be renewed.\n"},"Root of Trust Keys":{"description":"Root of Trust (RoT) key is the root key for encrypting/decrypting secrets or Master Key Encryption Keys (MKEKs) which are then used to\nencrypt/decrypt secrets. These set of APIs can manage the life cycle and rotate root of trust keys.\n\nThe following operations can be performed on root of trust keys:\n- List RoT keys: Lists root of trust keys.\n- Get RoT key: Gets root of trust key (with given ID/name)\n- Rotate RoT key: Rotates the root of trust key to a new one (optionally with a given ID/name).\n- Delete RoT Key: Deletes the root of trust key (with given ID/name).\n"},"Loki Configuration":{"description":"CipherTrust Manager uses Loki (see https://grafana.com/oss/loki/) to aggregate information for records.\n"},"Akeyless Configuration":{"description":"The CipherTrust Manager (CM) uses the Akeyless cloud server for secrets management.\nThe CM communicates with the Akeyless cloud server via the Akeyless gateway.\nThe Akeyless configuration specifies an existing Akeyless connection whose access key-id and access key\nare used by the Akeyless gateway. \n{{FF_AKEYLESS_SINGLE_TENANT|CM also provides the option to use any other akeyless infrastructure apart from the default SAAS server. This functionality can be leveraged in cases where a dedicated akeyless single-tenant environment is in place.}}\n\n**Single Sign On (SSO)**\n\nThe CipherTrust Manager also allows its users to configure a single sign on (SSO) flow, \nwhich creates a session for a CM user on Akeyless console. The CM's JWT can be exchanged for an akeyless token and \nafter some basic configurations, a CM user can make use of the Secrets Management tile on UI and perform operations on CSM console. \n\n**Customer Fragment**\n\nThe CipherTrust Manager allows for the use of a customer fragment to encrypt Akeyless Vault Platform secrets. This fragment is a secret object\nwhich can be used to create a protection key which is used to encrypt and decrypt akeyless secrets. As Akeyless Vault Platform cannot access \nthe CM's customer fragment or construct the full encryption key, Akeyless has no access to any secrets material. The CipherTrust Manager \ncustomer fragment is protected by the same root of trust key hierarchy that protects all keys originating from CipherTrust Manager.\n{{FF_AKEYLESS_MULTIPLE_FRAGMENTS|The CM also allows a user to create multiple customer fragments, all being protected by the same ROT. These fragments can be used on akeyless console to create protection keys. Creating or Deleting a fragment automatically adds/removes it from the configs. This operation also restarts the akeyless gateway across all nodes.}}\n"},"Trusted CA Certificates":{"description":"The trusted CA Certificate API can be used to configure trusted CA certificates for a service. The following operations can be performed:\n- Add a trusted CA certificate\n- List trusted CA certificates\n- Delete a trusted CA certificate\n"},"Products":{"description":"The APIs provided in this section are meant to be used to enable or disable a product's functionality in CipherTrust manager.\n- Disabling a product stops the services ( except core services ) that support functionality of a product.\n- Enabling a product starts the services required to support the functionality of product.\n- NOTE : As of now we support this feature for CSM (CipherTrust Secrets Management) only.\n"}},"definitions":{"Permissions":{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}},"Tokens":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"account":{"type":"string","format":"ncryptify URI","description":"The account which owns this resource."},"labels":{"type":"string","format":"array","description":"Tags."},"userId":{"type":"string","description":"The user that owns the token"},"expiresIn":{"type":"integer","description":"Token expiry since the token created time."},"expired":{"type":"boolean","description":"Token expiry flag. This may not be accurate. Use createdAt and expiresIn to determine expiry."},"revokeNotRefreshedIn":{"type":"integer","description":"Revoke the token if it has not issued an access token within this duration."},"revoked":{"type":"boolean","description":"Token revocation flag."},"refreshedAt":{"type":"string","format":"date","description":"Date/time the last access token was issued"},"createdAt":{"type":"string","format":"date","description":"Date/time the token was created"},"updatedAt":{"type":"string","format":"date","description":"Date/time the token was updated"}}}}}}]},"User":{"description":"A User represents a unique, actual person or system.\n\nUsers and their credentials currently reside in an internal user database.\nSupport will be added in the future for users residing in external\nauthentication services as well.\n\nUsers must be created explicitly through the API.\n","type":"object","properties":{"user_id":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"password":{"type":"string","description":"The password used to secure the users account. There are currently\nno restrictions around the type or length of password that is required.\nThis attribute is required to create a user, but is not included\nin user resource responses.\n"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not included\nin user resource responses. Can be the name of a connection or\n\"local_account\" for a local user, defaults to \"local_account\".\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"logins_count":{"type":"integer","readOnly":true,"description":"Count for the number of logins"},"last_login":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last login"},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of when user was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last update of the user"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user."},"expires_at":{"type":"string","format":"timestamp","description":"The expires_at is applicable only for local user accounts. The admin or a user who is part of the admin group can add expiration to an existing local user account or modify the expiration date. Once the expires_at date is reached, the user account gets disabled and the user is not able to perform any actions."},"password_policy":{"type":"string","format":"string","description":"The password policy applies only to local user accounts and overrides the global password policy. By default, the global password policy is applied to the users."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types allowed to the user."}},"example":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"allowed_auth_methods":["password"]}},"GroupCommonParams":{"type":"object","properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}},"GroupCreateParams":{"description":"Create group params","type":"object","required":["name"],"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}}]},"GroupUpdateParams":{"description":"Update group params","type":"object","allOf":[{"type":"object","properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}}]},"Group":{"description":"A group object","type":"object","allOf":[{"type":"object","properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}},{"type":"object","properties":{"users_count":{"type":"integer","description":"It returns the total user count associated with the group"}}}],"properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"},"users_count":{"type":"integer","description":"It returns the total user count associated with the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}},"Token":{"description":"An authentication token.","type":"object","properties":{"jwt":{"type":"string","format":"jwt","description":"The authentication token. This is the value which needs to be\nplaced in the API request headers.\n"},"duration":{"type":"integer","description":"the expiration duration of the token"}},"example":{"jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY2MiOiJreWxvIiwiYXVkIjoiMDNlNGE5M2ItODZhMy00YTViLWIzZTgtOGM4OWFiZmQzMDg4IiwiY3VzdCI6eyJncm91cHMiOlsiYWRtaW4iXX0sImV4cCI6MTQ3NDY0NTg1MSwiaWF0IjoxNDc0NjQ1NTUxLCJpc3MiOiJreWxvIiwic3ViIjoiYWRtaW4ifQ.iD5FGSwzDvGv5leRzULMnEfqls1_4tiR067J9cbV_4Q","duration":300}},"TokenVerificationKey":{"description":"Information about the key used for validating an external JWT.","type":"object","properties":{"type":{"type":"string","description":"One of \"hmac\", \"rsa\" or \"ecdsa\""},"public_key_pem":{"type":"string","description":"If the Type parameter is \"rsa\" or \"ecdsa\", this parameter contains the PEM encoding of the public key \nthat is used for verifying the external JWT.\n"},"public_key_jwk":{"type":"string","description":"If the Type parameter is \"rsa\" or \"ecdsa\", this parameter contains the JWK encoding of the public key \nthat is used for verifying the external JWT. The JWK is JSON encoded.\n"},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},"AkeylessToken":{"x-feature":"FF_AKEYLESS","description":"Akeyless short token.","type":"object","properties":{"token":{"type":"string","description":"Short akeyless token."},"expiry":{"type":"integer","description":"Time at which token expires (epoch timestamp)."}}},"AkeylessTokenReq":{"x-feature":"FF_AKEYLESS_ENABLE_TOKEN_IN_COOKIES","type":"object","properties":{"set_cookies":{"type":"boolean","description":"If the value is set to true, the generated token is also set in the cookies along with the expiry information. (optional)"}}},"TrustedCAParams":{"x-feature":"FF_ENABLE_TRUSTED_CAS_ENDPOINTS","type":"object","properties":{"ca_id":{"type":"string","description":"ID of CA"},"ca_type":{"type":"string","description":"Type of CA, can be local or external"},"service":{"type":"string","description":"Name of service, should be secrets-manager or hsm-secrets"}}},"ConnectionUser":{"description":"A ConnectionUser is an abridged User. It is only used in the /connections/{id}/users/ routes.\n","type":"object","properties":{"userid":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user.\n\nThe user enters the username and the password to log in.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"email":{"type":"string","format":"email","description":"the email of the user"},"name":{"type":"string","description":"the users full name"}},"example":{"email":"frank@local","name":"frank","username":"frank","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538"}},"ConnectionLDAPOptions":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"ConnectionOIDCOptions":{"type":"object","description":"Options for connecting to an external OpenID Connect server","required":["client_id","redirect_uris"],"properties":{"flow_type":{"type":"string","default":"implicit","description":"OpenID Connect only, optional, default value is \"implicit\". \nCan be an one of \"implicit\" or \"authorization_code\".\n"},"client_secret":{"type":"string","description":"secret data stored securely in CipherTrust Manager"},"authorization_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the authorization endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."},"client_id":{"type":"string","description":"OpenID Connect only, required, the public identifier of CipherTrust Manager on the the external identity provider (authorization server). This value is typically generated by and retrieved from the external identity provider."},"redirect_uri":{"type":"string","description":"(Deprecated) Use redirect URIs instead.\n\nOpenID Connect only, required, URI to redirect to after finished authentication to the external identity provider (authorization server).\n\nThis URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n"},"redirect_uris":{"type":"array","items":{"type":"string"},"description":"OpenID Connect only, required, set of allowed URIs to redirect to after finished authentication to the external identity provider (authorization server).\n\nThese URIs should match the Redirection URIs values for the client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n\nTypically https://ciphertrust-manager-host/api/v1/auth/oidc-callback where 'ciphertrust-manager-host' should be updated to the hostname of your server.\n"},"discovery_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the well-known configuration endpoint of the external identity provider. External ID Provider settings such as authorization URI and public signing keys will be auto-downloaded from this URI."},"scope":{"x-feature":"FF_ENHANCED_OIDC_SCOPE","type":"array","items":{"type":"string"},"description":"The scope value should be less than 255 in length and must only contain printable ASCII characters except for spaces, double quotes, and backslashes.\nIf the scope does not include \"openid,\" the backend will add it to the scope values passed to the OpenID provider.\n"},"userinfo_endpoint":{"x-feature":"FF_ENHANCED_OIDC_SCOPE","type":"string","description":"OIDC server's userinfo_endpoint. It will be used to retrieve group information from OIDC server."},"jwks":{"type":"array","description":"OpenID Connect only, optional, array of JWKS containing the public keys for ID Token validation. Intended for test and not recommended for use in production, see discovery URI.","items":{"type":"object","properties":{"kid":{"type":"string","description":"Key identifier"},"alg":{"type":"string","description":"Key algorithm"},"kty":{"type":"string","description":"Key type"},"use":{"type":"string","description":"Key use"},"n":{"type":"string","description":"Key modulus"},"e":{"type":"string","description":"Key exponent"}}}},"groups_claim":{"type":"string","description":"The claim field name to extract group membership from in the OIDC ID Token. Works in conjunction with Group Maps. If unspecified it default to 'groups'."},"username_claim":{"x-feature":"FF_CUSTOM_OIDC_USERNAME","type":"string","description":"The claim field name to extract username from in the OIDC ID Token. If unspecified it defaults to 'sub'.\nThe claim field can also be a template to support the nested claims if any in OIDC ID Token.\nFor instance, for OIDC ID token: \n```\n{\n \"sub\": \"111730983950574648607\", \n \"email\": \"test@xyz.com\",\n \"custom\": { \n \"username\": \"xyz\" \n }\n}\n```\n\"email\" as string or \"{{.custom.username}}\" as template can be set as 'username_claim' to set the username of the user on CM after successful authentication on the external identity provider.\nIt is important that the 'username claim' provided is unique in the external identity provider and it is not modifiable.\n"},"token_endpoint":{"type":"string","description":"OpenID Connect only, optional, URI to the token endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."},"end_session_endpoint":{"type":"string","description":"OpenID Connect only, optional, URI to the end session endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."}}},"Credentials":{"title":"credentials","description":"User Credentials for testing a connection.","type":"object","required":["username","password"],"properties":{"username":{"type":"string","description":"Username to test the connection with."},"password":{"type":"string","description":"Password that authenticates the username"}}},"TestConnection":{"description":"Parameters required for creating a connection to an LDAP server.","type":"object","required":["connection","credentials"],"properties":{"connection":{"description":"Parameters required for testing a connection to an LDAP server.","type":"object","required":["strategy","options"],"properties":{"name":{"type":"string","description":"A friendly name for your connection which users will see when they login. It is ignored during a connection test."},"strategy":{"type":"string","description":"Strategy of connection (ldap)"},"options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}}}},"credentials":{"title":"credentials","description":"User Credentials for testing a connection.","type":"object","required":["username","password"],"properties":{"username":{"type":"string","description":"Username to test the connection with."},"password":{"type":"string","description":"Password that authenticates the username"}}}}},"ConnectionCreate":{"description":"Parameters required for creating a connection to an LDAP server.","type":"object","required":["name","strategy"],"properties":{"name":{"type":"string","description":"A friendly name for your connection which users will see when they login. It is ignored during a connection test."},"strategy":{"type":"string","description":"Strategy of connection (`ldap` or `oidc`)"},"disable_auto_create":{"type":"boolean","description":"Flag to disable automatic creation of a user when the user logs in via LDAP or OIDC.\nBy default, a CM user is created when a user logs in using LDAP or OIDC credentials.\nSetting this flag will not allow an unknown user to login,\nthe user will need to be created manually before being allowed to login.\n"},"options":{"description":"Deprecated, replaced by 'ldap_options'.","type":"object","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"ldap_options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"oidc_options":{"type":"object","description":"Options for connecting to an external OpenID Connect server","required":["client_id","redirect_uris"],"properties":{"flow_type":{"type":"string","default":"implicit","description":"OpenID Connect only, optional, default value is \"implicit\". \nCan be an one of \"implicit\" or \"authorization_code\".\n"},"client_secret":{"type":"string","description":"secret data stored securely in CipherTrust Manager"},"authorization_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the authorization endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."},"client_id":{"type":"string","description":"OpenID Connect only, required, the public identifier of CipherTrust Manager on the the external identity provider (authorization server). This value is typically generated by and retrieved from the external identity provider."},"redirect_uri":{"type":"string","description":"(Deprecated) Use redirect URIs instead.\n\nOpenID Connect only, required, URI to redirect to after finished authentication to the external identity provider (authorization server).\n\nThis URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n"},"redirect_uris":{"type":"array","items":{"type":"string"},"description":"OpenID Connect only, required, set of allowed URIs to redirect to after finished authentication to the external identity provider (authorization server).\n\nThese URIs should match the Redirection URIs values for the client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n\nTypically https://ciphertrust-manager-host/api/v1/auth/oidc-callback where 'ciphertrust-manager-host' should be updated to the hostname of your server.\n"},"discovery_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the well-known configuration endpoint of the external identity provider. External ID Provider settings such as authorization URI and public signing keys will be auto-downloaded from this URI."},"scope":{"x-feature":"FF_ENHANCED_OIDC_SCOPE","type":"array","items":{"type":"string"},"description":"The scope value should be less than 255 in length and must only contain printable ASCII characters except for spaces, double quotes, and backslashes.\nIf the scope does not include \"openid,\" the backend will add it to the scope values passed to the OpenID provider.\n"},"userinfo_endpoint":{"x-feature":"FF_ENHANCED_OIDC_SCOPE","type":"string","description":"OIDC server's userinfo_endpoint. It will be used to retrieve group information from OIDC server."},"jwks":{"type":"array","description":"OpenID Connect only, optional, array of JWKS containing the public keys for ID Token validation. Intended for test and not recommended for use in production, see discovery URI.","items":{"type":"object","properties":{"kid":{"type":"string","description":"Key identifier"},"alg":{"type":"string","description":"Key algorithm"},"kty":{"type":"string","description":"Key type"},"use":{"type":"string","description":"Key use"},"n":{"type":"string","description":"Key modulus"},"e":{"type":"string","description":"Key exponent"}}}},"groups_claim":{"type":"string","description":"The claim field name to extract group membership from in the OIDC ID Token. Works in conjunction with Group Maps. If unspecified it default to 'groups'."},"username_claim":{"x-feature":"FF_CUSTOM_OIDC_USERNAME","type":"string","description":"The claim field name to extract username from in the OIDC ID Token. If unspecified it defaults to 'sub'.\nThe claim field can also be a template to support the nested claims if any in OIDC ID Token.\nFor instance, for OIDC ID token: \n```\n{\n \"sub\": \"111730983950574648607\", \n \"email\": \"test@xyz.com\",\n \"custom\": { \n \"username\": \"xyz\" \n }\n}\n```\n\"email\" as string or \"{{.custom.username}}\" as template can be set as 'username_claim' to set the username of the user on CM after successful authentication on the external identity provider.\nIt is important that the 'username claim' provided is unique in the external identity provider and it is not modifiable.\n"},"token_endpoint":{"type":"string","description":"OpenID Connect only, optional, URI to the token endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."},"end_session_endpoint":{"type":"string","description":"OpenID Connect only, optional, URI to the end session endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."}}}}},"ConnectionUpdate":{"description":"Parameters required for updating a connection to an LDAP server.","type":"object","properties":{"strategy":{"type":"string","description":"Strategy of connection (ldap)"},"disable_auto_create":{"type":"boolean","description":"Flag to disable automatic creation of a user when the user logs in via LDAP or OIDC.\nBy default, a CM user is created when a user logs in using LDAP or OIDC credentials.\nSetting this flag will not allow an unknown user to login,\nthe user will need to be created manually before being allowed to login.\n"},"options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"ldap_options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"oidc_options":{"type":"object","description":"Options for connecting to an external OpenID Connect server","required":["client_id","redirect_uris"],"properties":{"flow_type":{"type":"string","default":"implicit","description":"OpenID Connect only, optional, default value is \"implicit\". \nCan be an one of \"implicit\" or \"authorization_code\".\n"},"client_secret":{"type":"string","description":"secret data stored securely in CipherTrust Manager"},"authorization_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the authorization endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."},"client_id":{"type":"string","description":"OpenID Connect only, required, the public identifier of CipherTrust Manager on the the external identity provider (authorization server). This value is typically generated by and retrieved from the external identity provider."},"redirect_uri":{"type":"string","description":"(Deprecated) Use redirect URIs instead.\n\nOpenID Connect only, required, URI to redirect to after finished authentication to the external identity provider (authorization server).\n\nThis URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n"},"redirect_uris":{"type":"array","items":{"type":"string"},"description":"OpenID Connect only, required, set of allowed URIs to redirect to after finished authentication to the external identity provider (authorization server).\n\nThese URIs should match the Redirection URIs values for the client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n\nTypically https://ciphertrust-manager-host/api/v1/auth/oidc-callback where 'ciphertrust-manager-host' should be updated to the hostname of your server.\n"},"discovery_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the well-known configuration endpoint of the external identity provider. External ID Provider settings such as authorization URI and public signing keys will be auto-downloaded from this URI."},"scope":{"x-feature":"FF_ENHANCED_OIDC_SCOPE","type":"array","items":{"type":"string"},"description":"The scope value should be less than 255 in length and must only contain printable ASCII characters except for spaces, double quotes, and backslashes.\nIf the scope does not include \"openid,\" the backend will add it to the scope values passed to the OpenID provider.\n"},"userinfo_endpoint":{"x-feature":"FF_ENHANCED_OIDC_SCOPE","type":"string","description":"OIDC server's userinfo_endpoint. It will be used to retrieve group information from OIDC server."},"jwks":{"type":"array","description":"OpenID Connect only, optional, array of JWKS containing the public keys for ID Token validation. Intended for test and not recommended for use in production, see discovery URI.","items":{"type":"object","properties":{"kid":{"type":"string","description":"Key identifier"},"alg":{"type":"string","description":"Key algorithm"},"kty":{"type":"string","description":"Key type"},"use":{"type":"string","description":"Key use"},"n":{"type":"string","description":"Key modulus"},"e":{"type":"string","description":"Key exponent"}}}},"groups_claim":{"type":"string","description":"The claim field name to extract group membership from in the OIDC ID Token. Works in conjunction with Group Maps. If unspecified it default to 'groups'."},"username_claim":{"x-feature":"FF_CUSTOM_OIDC_USERNAME","type":"string","description":"The claim field name to extract username from in the OIDC ID Token. If unspecified it defaults to 'sub'.\nThe claim field can also be a template to support the nested claims if any in OIDC ID Token.\nFor instance, for OIDC ID token: \n```\n{\n \"sub\": \"111730983950574648607\", \n \"email\": \"test@xyz.com\",\n \"custom\": { \n \"username\": \"xyz\" \n }\n}\n```\n\"email\" as string or \"{{.custom.username}}\" as template can be set as 'username_claim' to set the username of the user on CM after successful authentication on the external identity provider.\nIt is important that the 'username claim' provided is unique in the external identity provider and it is not modifiable.\n"},"token_endpoint":{"type":"string","description":"OpenID Connect only, optional, URI to the token endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."},"end_session_endpoint":{"type":"string","description":"OpenID Connect only, optional, URI to the end session endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."}}}}},"ConnectionDelete":{"x-feature":"FF_CC","description":"Parameters required for deleting an in-use connection.","type":"object","properties":{"force":{"type":"boolean","description":"If set to true, the in-use connection will be deleted forcefully."}}},"DisableAutoCreate":{"type":"boolean","description":"Flag to disable automatic creation of a user when the user logs in via LDAP or OIDC.\nBy default, a CM user is created when a user logs in using LDAP or OIDC credentials.\nSetting this flag will not allow an unknown user to login,\nthe user will need to be created manually before being allowed to login.\n"},"severity":{"properties":{"severity":{"type":"string","enum":["critical","error","warning","info"],"description":"Alarm severity level"}}},"Configuration":{"description":"Configuration is the set of editable options for how an interface operates.\n","type":"object","properties":{"mode":{"type":"string","description":"The interface mode can be one of the following: no-tls-pw-opt, no-tls-pw-req, unauth-tls-pw-opt, tls-cert-opt-pw-opt, tls-pw-opt, tls-pw-req, tls-cert-pw-opt, or tls-cert-and-pw. Default mode is no-tls-pw-opt. Refer to the top level discussion of the Interface section for further details.\n"},"cert_user_field":{"type":"string","description":"Specifies how the user name is extracted from the client certificate. Allowed values are: CN, SN, E, E_ND, UID and OU. Refer to the top level discussion of the Interfaces section for more details.\n"},"auto_gen_ca_id":{"type":"string","description":"Auto-generate a new server certificate on server startup using the identifier (URI) of a Local CA resource if the current server certificate is issued by a different Local CA. This is especially useful when a new node joins the cluster. In this case, the existing data of the joining node is overwritten by the data in the cluster. A new server certificate is generated on the joining node using the existing Local CA of the cluster. Auto-generation of the server certificate can be disabled by setting `auto_gen_ca_id` to an empty string (\"\") to allow full control over the server certificate.\n"},"trusted_cas":{"type":"object","title":"Trusted CAs","properties":{"local":{"type":"array","description":"A list of Local CA IDs","items":{"type":"string"}},"external":{"type":"array","description":"A list of External CA IDs","items":{"type":"string"}}},"description":"Collection of local and external CA IDs to trust for client authentication. See section \"Certificate Authority\" for more details.\n\nExample:\n{\n \"local\": [\"kylo:kylo:naboo:localca:634c90f4-808d-11e8-8711-77b786d179d5\", \"kylo:kylo:naboo:localca:67e6e8f8-808d-11e8-981b-f30fc34129ae\"],\n \"external\": [\"kylo:kylo:naboo:external_ca:747b27d2-808d-11e8-b9ba-bf6d65974e66\"]\n}\n"},"default_connection":{"type":"string","description":"The default connection may be \"local_account\" for local authentication or the LDAP domain for LDAP authentication. This value is applied when the username does not embed the connection name (e.g. \"jdoe\" effectively becomes \"local_account|jdoe\"). This value only applies to NAE only and is ignored if set for web and KMIP interfaces.\n"},"port":{"type":"integer","description":"The interface will listen on the specified port.\nThe port number should not be negative, 0 or the one already in-use.\n"},"kmip_enable_hard_delete":{"type":"integer","description":"Enables hard delete of keys on KMIP Destroy operation, that is both meta-data and material will be removed from CipherTrust Manager for the key being deleted. By default, only key material is removed and meta-data is preserved with the updated key state. This setting applies only to KMIP interface. Should be set to 1 for enabling the feature or 0 for returning to default behavior.\n"},"auto_registration":{"type":"boolean","description":"Set auto registration to allow auto registration of kmip and nae clients.\n"},"registration_token":{"type":"string","description":"Registration token in case auto registration is true.\n"},"minimum_tls_version":{"type":"string","description":"Minimum TLS version to be configured for NAE or KMIP interface, default is v1.2 (tls_1_2).\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"maximum_tls_version":{"type":"string","description":"Maximum TLS version to be configured for NAE or KMIP interface, default is latest maximum supported protocol.\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"custom_uid_size":{"type":"integer","description":"This flag is used to define the custom uid size of managed object over the KMIP interface.\n"},"custom_uid_v2":{"type":"boolean","description":"This flag specifies which version of custom uid feature is to be used for KMIP interface. If it is set to true, new implementation i.e. Custom uid version 2 will be used.\n"},"local_auto_gen_attributes":{"description":"Local CSR parameters for interface's certificate. These are for the local node itself, and they do not affect other nodes in the cluster. This gives user a convenient way to supply custom fields for automatic interface certification generation. Without them, the system defaults are used.\n","allOf":[{"type":"object","required":["cn"],"properties":{"cn":{"type":"string","description":"Common name"},"uid":{"type":"string","description":"User ID"},"ip_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) IP addresses"},"email_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) Email addresses"},"dns_names":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) DNS names"},"names":{"type":"array","items":{"type":"object","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"Accounting\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPL\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"}}}]},"meta":{"type":"object","title":"meta","description":"Meta information related to interface","properties":{"nae":{"type":"object","title":"nae","description":"Meta information related to NAE interface","properties":{"mask_system_groups":{"type":"boolean","description":"Flag for masking system groups in NAE requests"}}}}},"tls_ciphers":{"description":"TLS Ciphers contain the list of cipher suites available in the system for the respective interfaces (KMIP, NAE & WEB) for TLS handshake.\n","type":"array","items":{"type":"object","properties":{"cipher_suite":{"type":"string","description":"TLS cipher suite name."},"enabled":{"type":"boolean","description":"TLS cipher suite enabled flag.\nIf set to true, cipher suite will be available for TLS hanshake.\n"},"configurable":{"type":"boolean","description":"TLS cipher suite configurable flag. This is a non-editable field.\nIf it is true, only then the corresponding cipher_suite can be enabled/disabled.\n"}}}},"allow_unregistered":{"type":"boolean","description":"If true, this flag enables interfaces to allow unregistered clients.\nonly supported in NAE interface.\n"}}},"ConfigurationAdd":{"description":"Configuration is the set of editable options for how an interface operates.\n","type":"object","properties":{"name":{"type":"string","description":"The name of the interface. Not valid for `interface_type` `nae`.\n"},"mode":{"type":"string","description":"The interface mode can be one of the following: no-tls-pw-opt, no-tls-pw-req, unauth-tls-pw-opt, tls-cert-opt-pw-opt, tls-pw-opt, tls-pw-req, tls-cert-pw-opt, or tls-cert-and-pw. Default mode is no-tls-pw-opt. Refer to the top level discussion of the Interface section for further details.\n"},"cert_user_field":{"type":"string","description":"Specifies how the user name is extracted from the client certificate. Allowed values are: CN, SN, E, E_ND, UID and OU. Refer to the top level discussion of the Interfaces section for more details.\n"},"auto_gen_ca_id":{"type":"string","description":"Auto-generate a new server certificate on server startup using the identifier (URI) of a Local CA resource if the current server certificate is issued by a different Local CA. This is especially useful when a new node joins the cluster. In this case, the existing data of the joining node is overwritten by the data in the cluster. A new server certificate is generated on the joining node using the existing Local CA of the cluster. Auto-generation of the server certificate can be disabled by setting `auto_gen_ca_id` to an empty string (\"\") to allow full control over the server certificate.\n"},"auto_gen_days_before_expiry":{"type":"integer","description":"Number of days before the server certificate expiry. When specified number of days are left in the expiry of the server certificate, the server certificate gets auto-generated and is made available as Upcoming Server Certificate on the interface.\n"},"trusted_cas":{"type":"object","title":"Trusted CAs","properties":{"local":{"type":"array","description":"A list of Local CA IDs","items":{"type":"string"}},"external":{"type":"array","description":"A list of External CA IDs","items":{"type":"string"}}},"description":"Collection of local and external CA IDs to trust for client authentication. See section \"Certificate Authority\" for more details.\n\nExample:\n\n {\n \"local\": [\"kylo:kylo:naboo:localca:634c90f4-808d-11e8-8711-77b786d179d5\", \"kylo:kylo:naboo:localca:67e6e8f8-808d-11e8-981b-f30fc34129ae\"],\n \"external\": [\"kylo:kylo:naboo:external_ca:747b27d2-808d-11e8-b9ba-bf6d65974e66\"]\n }\n"},"default_connection":{"type":"string","description":"The default connection may be \"local_account\" for local\nauthentication or the LDAP domain for LDAP authentication. This value\nis applied when the username does not embed the connection name (e.g.\n\"jdoe\" effectively becomes \"local_account|jdoe\"). This value only\napplies to NAE only and is ignored if set for web and KMIP\ninterfaces.\n"},"port":{"type":"integer","description":"The new interface will listen on the specified port.\nThe port number should not be negative, 0 or the one already in-use.\n"},"network_interface":{"type":"string","description":"Defines what ethernet adapter the interface should listen to, use\n\"all\" for all.\n\nThe available ethernet adapters in the system can for example be retrieved from\nthe `GET /v1/system/network/interfaces` route.\n\nExamples:\n\nPort `9002` on `ens3`:\n\n {\n \"network_interface\": \"ens3\",\n \"port\": 9002\n }\n\nPort `9002` on all ethernet adapters:\n\n {\n \"network_interface\": \"all\",\n \"port\": 9002\n }\n\nTo open the same port on other ethernet adapters it is possible to\nuse the same port on other ethernet adapter.\n\nDefaults to `all` if not specified.\n"},"interface_type":{"type":"string","description":"This parameter is used to identify the type of interface, what\nservice to run on the interface.\n\nCurrently supported:\n- `web`\n- `kmip`\n- `nae`\n- `snmp`\n\nDefaults to `nae` if not specified.\n"},"kmip_enable_hard_delete":{"type":"integer","description":"Enables hard delete of keys on KMIP Destroy operation, that is both meta-data and material will be removed from CipherTrust Manager for the key being deleted. By default, only key material is removed and meta-data is preserved with the updated key state. This setting applies only to KMIP interface. Should be set to 1 for enabling the feature or 0 for returning to default behavior.\n"},"auto_registration":{"type":"boolean","description":"Set auto registration to allow auto registration of kmip and nae clients.\n"},"registration_token":{"type":"string","description":"Registration token in case auto registration is true.\n"},"custom_uid_size":{"type":"integer","description":"This flag is used to define the custom uid size of managed object over the KMIP interface.\n"},"custom_uid_v2":{"type":"boolean","description":"This flag specifies which version of custom uid feature is to be used for KMIP interface. If it is set to true, new implementation i.e. Custom uid version 2 will be used.\n"},"minimum_tls_version":{"type":"string","description":"Minimum TLS version to be configured for NAE or KMIP interface, default is v1.2 (tls_1_2).\n\nCurrently supported:\n- `tls_1_0`\n- `tls_1_1`\n- `tls_1_2`\n- `tls_1_3`\n"},"maximum_tls_version":{"type":"string","description":"Maximum TLS version to be configured for NAE or KMIP interface, default is latest maximum supported protocol.\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"meta":{"type":"object","title":"meta","description":"Meta information related to interface","properties":{"nae":{"type":"object","title":"nae","description":"Meta information related to NAE interface","properties":{"mask_system_groups":{"type":"boolean","description":"Flag for masking system groups in NAE requests"}}}}},"allow_unregistered":{"type":"boolean","description":"If true, this flag enables interfaces to allow unregistered clients.\nonly supported in NAE interface.\n"}}},"ConfigurationUpdate":{"description":"Configuration is the set of editable options for how an interface operates.\n","type":"object","properties":{"mode":{"type":"string","description":"The interface mode can be one of the following: no-tls-pw-opt, no-tls-pw-req, unauth-tls-pw-opt, tls-cert-opt-pw-opt, tls-pw-opt, tls-pw-req, tls-cert-pw-opt, or tls-cert-and-pw. Default mode is no-tls-pw-opt. Refer to the top level discussion of the Interface section for further details.\n"},"cert_user_field":{"type":"string","description":"Specifies how the user name is extracted from the client certificate. Allowed values are: CN, SN, E, E_ND, UID and OU. Refer to the top level discussion of the Interfaces section for more details.\n"},"auto_gen_ca_id":{"type":"string","description":"Auto-generate a new server certificate on server startup using the identifier (URI) of a Local CA resource if the current server certificate is issued by a different Local CA. This is especially useful when a new node joins the cluster. In this case, the existing data of the joining node is overwritten by the data in the cluster. A new server certificate is generated on the joining node using the existing Local CA of the cluster. Auto-generation of the server certificate can be disabled by setting `auto_gen_ca_id` to an empty string (\"\") to allow full control over the server certificate.\n"},"auto_gen_days_before_expiry":{"type":"integer","description":"Number of days before the server certificate expiry. When specified number of days are left in the expiry of the server certificate, the server certificate gets auto-generated and is made available as Upcoming Server Certificate on the interface.\n"},"trusted_cas":{"type":"object","title":"Trusted CAs","properties":{"local":{"type":"array","description":"A list of Local CA IDs","items":{"type":"string"}},"external":{"type":"array","description":"A list of External CA IDs","items":{"type":"string"}}},"description":"Collection of local and external CA IDs to trust for client authentication. See section \"Certificate Authority\" for more details.\n\nExample:\n{\n \"local\": [\"kylo:kylo:naboo:localca:634c90f4-808d-11e8-8711-77b786d179d5\", \"kylo:kylo:naboo:localca:67e6e8f8-808d-11e8-981b-f30fc34129ae\"],\n \"external\": [\"kylo:kylo:naboo:external_ca:747b27d2-808d-11e8-b9ba-bf6d65974e66\"]\n}\n"},"default_connection":{"type":"string","description":"The default connection may be \"local_account\" for local authentication or the LDAP domain for LDAP authentication. This value is applied when the username does not embed the connection name (e.g. \"jdoe\" effectively becomes \"local_account|jdoe\"). This value only applies to NAE only and is ignored if set for web and KMIP interfaces.\n"},"port":{"type":"integer","description":"The interface will listen on the specified port.\nThe port number should not be negative, 0 or the one already in-use.\n"},"kmip_enable_hard_delete":{"type":"integer","description":"Enables hard delete of keys on KMIP Destroy operation, that is both meta-data and material will be removed from CipherTrust Manager for the key being deleted. By default, only key material is removed and meta-data is preserved with the updated key state. This setting applies only to KMIP interface. Should be set to 1 for enabling the feature or 0 for returning to default behavior.\n"},"auto_registration":{"type":"boolean","description":"Set auto registration to allow auto registration of kmip and nae clients.\n"},"registration_token":{"type":"string","description":"Registration token in case auto registration is true.\n"},"minimum_tls_version":{"type":"string","description":"Minimum TLS version to be configured for NAE or KMIP interface, default is v1.2 (tls_1_2).\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"maximum_tls_version":{"type":"string","description":"Maximum TLS version to be configured for NAE or KMIP interface, default is latest maximum supported protocol.\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"custom_uid_size":{"type":"integer","description":"This flag is used to define the custom uid size of managed object over the KMIP interface.\n"},"custom_uid_v2":{"type":"boolean","description":"This flag specifies which version of custom uid feature is to be used for KMIP interface. If it is set to true, new implementation i.e. Custom uid version 2 will be used.\n"},"local_auto_gen_attributes":{"description":"Local CSR parameters for interface's certificate. These are for the local node itself, and they do not affect other nodes in the cluster. This gives user a convenient way to supply custom fields for automatic interface certification generation. Without them, the system defaults are used.\n","allOf":[{"type":"object","required":["cn"],"properties":{"cn":{"type":"string","description":"Common name"},"uid":{"type":"string","description":"User ID"},"ip_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) IP addresses"},"email_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) Email addresses"},"dns_names":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) DNS names"},"names":{"type":"array","items":{"type":"object","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"Accounting\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPL\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"}}}]},"meta":{"type":"object","title":"meta","description":"Meta information related to interface","properties":{"nae":{"type":"object","title":"nae","description":"Meta information related to NAE interface","properties":{"mask_system_groups":{"type":"boolean","description":"Flag for masking system groups in NAE requests"}}}}},"tls_ciphers":{"description":"TLS Ciphers contain the list of cipher suites available in the system for the respective interfaces (KMIP, NAE & WEB) for TLS handshake.\n","type":"array","items":{"type":"object","required":["cipher_suite","enabled"],"properties":{"cipher_suite":{"type":"string","description":"TLS cipher suite name."},"enabled":{"type":"boolean","description":"TLS cipher suite enabled flag.\nIf set to true, cipher suite will be available for TLS handshake.\n"}}}},"tls_groups":{"x-feature":"FF_CONFIG_WEB_TLS_GROUPS","description":"Tech Preview - TLS Groups contain the list of key exchange algorithms available in the system for the WEB interface for TLS handshake.\nBy default, classic key exchange algorithms 'x25519', 'secp256r1', 'x448', 'secp521r1', 'secp384r1', 'ffdhe2048', 'ffdhe3072', 'ffdhe4096', \n'ffdhe6144' and 'ffdhe8192' are enabled and Post Quantum key exchange algorithms 'X25519MLKEM768', 'SecP256r1MLKEM768', 'MLKEM768', 'MLKEM1024' and \n'MLKEM512' are disabled. The entire list of TLS groups is required to enable or disable any specific TLS group. \nBehavior of order of TLS Groups:\n * For TLS1.3, despite the server's configured preference order of the groups, currently server will automatically accept the very first key_share that client includes \n in its ClientHello message, that is also supported by the server.\n * For TLS v1.2, client cannot share its key_share upfront in ClientHello message, thus server will request the client \n to converge on the most preferred server's group which is also supported by the client. This behavior is aligned with OpenSSL.\n\nHowever, defining the order still matters. Even if server picks the less preferred (but supported) group, it sends a supported_groups back to the client in its \nServerHello, so that the client can remember and adjust to send the key_share as per the server's priority for the subsequent requests.\n","type":"array","items":{"type":"object","required":["group_name","enabled"],"properties":{"group_name":{"type":"string","description":"TLS group name."},"enabled":{"type":"boolean","description":"TLS group enabled flag.\nIf set to true, key exchange algorithm will be available for TLS handshake.\n"}}}},"network_interface":{"type":"string","description":"Defines what ethernet adapter the interface should listen to, use\n\"all\" for all.\n\nThe available ethernet adapters in the system can be retrieved from\nthe `GET /v1/system/network/interfaces` route.\n"},"allow_unregistered":{"type":"boolean","description":"If true, this flag enables interfaces to allow unregistered clients.\nonly supported in NAE interface.\n"}}},"SyslogConnection":{"description":"A syslog connection object","type":"object","properties":{"transport":{"type":"string","description":"`udp`, `tcp` or `tls`"},"host":{"type":"string","description":"The hostname or IP address of the syslog connection."},"port":{"type":"integer","description":"The port to use for the connection"},"caCert":{"type":"string","description":"The trusted CA cert in PEM format. Only used in TLS transport mode."},"messageFormat":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `plain_message`\n* `cef`\n* `leef`\n"}}},"LogForwarders":{"description":"A Log Forwarder resource","type":"object","properties":{"name":{"type":"string","description":"Name of the Log Forwarder."},"type":{"type":"string","description":"Type of the Log Forwarder.","enum":["elasticsearch","loki","syslog"]},"elasticsearch_params":{"type":"object","description":"The optional configuration fields for elasticsearch."},"loki_params":{"type":"object","description":"The optional configuration fields for loki."},"syslog_params":{"type":"object","description":"The optional configuration fields for syslog."}}},"Property":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"System property name."},"value":{"type":"string","description":"System property value."},"description":{"type":"string","description":"Description of the system property."}}}]},"CSRParams":{"type":"object","title":"Parameters for CSR creation","description":"Parameters to be used during creating CSR like the subject, x509 extensions and signature algorithm used.","properties":{"cn":{"type":"string","description":"Common Name"},"dnsNames":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) values"},"emailAddresses":{"type":"array","items":{"type":"string"},"description":"E-mail addresses"},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"IP addresses"},"names":{"type":"array","items":{"type":"object","title":"CSR Name","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"RnD\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nFields can be duplicated if present in different objects.\n\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPS\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"},"keyUsage":{"type":"array","items":{"type":"string"},"description":"List of names of the permitted key usages added as CSR extensions. Values:\n * digitalSignature\n * contentCommitment\n * keyEncipherment\n * dataEncipherment\n * keyAgreement\n * keyCertSign\n * crlSign\n * encipherOnly\n * decipherOnly\n\nThese keyUsage are allowed for CSR creation.\n"},"extendedKeyUsage":{"type":"array","items":{"type":"string"},"description":"List of names of the permitted extended key usages added as CSR extensions. Values:\n * any\n * serverAuth\n * clientAuth\n * codeSigning\n * emailProtection\n * ipsecEndSystem\n * ipsecTunnel\n * ipsecUser\n * timeStamping\n * ocspSigning\n * microsoftServerGatedCrypto\n * netscapeServerGatedCrypto\n * microsoftCommercialCodeSigning\n * microsoftKernelCodeSigning\n\nThese extendedKeyUsage are allowed for CSR creation.\n"},"signatureAlgorithm":{"type":"string","description":"Signature algorithm used for creating the CSR. sha512WithRSA, sha384WithRSA, sha256WithRSA, sha1WithRSA,\necdsaWithSHA512, ecdsaWithSHA384, ecdsaWithSHA256 and ecdsaWithSHA1 are the permitted values.\n"},"subjectKeyIdentifierHash":{"type":"boolean","description":"If set to true, the Subject Key Identifier extension is set to the hash specified by RFC5280, else\nunset\n"},"isCA":{"type":"boolean","description":"If set, the value of the basic constraints extension value for CA is set to that boolean value and unset\notherwise.\n"},"maxPathLen":{"type":"integer","description":"This parameter is valid only when is CA parameter is set to true and specifies the maximum number of CAs that\ncan appear below this one in a chain. If maxPathLen is -1, pathlen is unset.\n"}}},"DNSHosts":{"allOf":[{"type":"object","required":["name"],"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"name":{"type":"string","description":"Host Domain name."},"ip":{"type":"string","description":"(deprecated) Host IP. This field is deprecated, use `ips` instead.\n"},"ips":{"type":"array","items":{"type":"string"},"description":"Multiple Host IPs"},"type":{"type":"string","description":"Type of the DNS Host Record. Can be either of:\n* address (default)\n* host-record\n\nEither of the values can be used at a time.\n"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the host was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the host was last updated"}}}]},"IfaceMeta":{"type":"object","title":"meta","description":"Meta information related to interface","properties":{"nae":{"type":"object","title":"nae","description":"Meta information related to NAE interface","properties":{"mask_system_groups":{"type":"boolean","description":"Flag for masking system groups in NAE requests"}}}}},"proxy-config":{"properties":{"http_proxy":{"type":"string","description":"HTTP proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"https_proxy":{"type":"string","items":{"type":"string"},"description":"HTTPS proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"no_proxy":{"type":"array","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."}},"example":{"http_proxy":"username:password@my.proxy.server:8080","https_proxy":"username:password@my.proxy.server:8081","no_proxy":["localhost","127.0.0.1"],"certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}},"proxy-config-update":{"properties":{"http_proxy":{"type":"string","description":"HTTP proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"https_proxy":{"type":"string","items":{"type":"string"},"description":"HTTPS proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"no_proxy":{"type":"array","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."}},"example":{"https_proxy":"username:password@my.proxy.server:8081","no_proxy":["localhost"],"certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}},"test-proxy-config":{"properties":{"http_proxy":{"type":"string"},"https_proxy":{"type":"string","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."},"test_url":{"type":"string","description":"HTTPS URL to test with given proxy. By default it is https://www.thalesdocs.com."}},"example":{"https_proxy":"username:password@my.proxy.server:8081","test_url":"https://www.thalesdocs.com/","certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}},"proxy-response-params":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"http_proxy":{"type":"string","description":"HTTP proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"https_proxy":{"type":"string","items":{"type":"string"},"description":"HTTPS proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"no_proxy":{"type":"array","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."}},"example":{"http_proxy":"username:password@my.proxy.server:8080","https_proxy":"username:password@my.proxy.server:8081","no_proxy":["localhost","127.0.0.1"],"certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}}]},"TLSCiphers":{"type":"array","items":{"type":"object","properties":{"cipher_suite":{"type":"string","description":"TLS cipher suite name."},"enabled":{"type":"boolean","description":"TLS cipher suite enabled flag.\nIf set to true, cipher suite will be available for TLS hanshake.\n"},"configurable":{"type":"boolean","description":"TLS cipher suite configurable flag. This is a non-editable field.\nIf it is true, only then the corresponding cipher_suite can be enabled/disabled.\n"}}}},"TLSCiphersUpdate":{"type":"array","items":{"type":"object","required":["cipher_suite","enabled"],"properties":{"cipher_suite":{"type":"string","description":"TLS cipher suite name."},"enabled":{"type":"boolean","description":"TLS cipher suite enabled flag.\nIf set to true, cipher suite will be available for TLS handshake.\n"}}}},"TLSGroupsUpdate":{"type":"array","items":{"type":"object","required":["group_name","enabled"],"properties":{"group_name":{"type":"string","description":"TLS group name."},"enabled":{"type":"boolean","description":"TLS group enabled flag.\nIf set to true, key exchange algorithm will be available for TLS handshake.\n"}}}},"LokiConfiguration":{"description":"Loki configuration parameters","type":"object","properties":{"retention_time":{"type":"string","description":"The duration for which Loki logs are retained.\nThe retention period is a duration represented as a string that can be parsed using the Go library’s time.Duration, such as 24h, in multiple of 24h.\nDefault: 240h\n"}}},"LokiConfigurationUpdate":{"description":"Update Loki configuration parameters","type":"object","properties":{"retention_time":{"type":"string","description":"The duration for which Loki logs are retained.\nThe retention period is a duration represented as a string that can be parsed using Go’s time.Duration, such as 24h, in multiple of 24h.\nExample: 240h\n"}}},"AkeylessConfiguration":{"x-feature":"FF_AKEYLESS","type":"object","allOf":[{"type":"object","description":"ID, name or URI of an Akeyless connection associated with the Akeyless gateway.","properties":{"gateway_connection_id":{"type":"string","description":"ID, name or URI of an Akeyless connection associated with the Akeyless gateway."}}},{"type":"object","description":"The akeyless key ID to be used for Akeyless SSO.","properties":{"sso_access_id":{"type":"string","description":"The akeyless key ID to be used for Akeyless SSO."}}},{"x-feature":"FF_AKEYLESS_SINGLE_TENANT","type":"object","description":"URL of the akeyless infrastructure on which the account is created on signup.","properties":{"akeyless_url":{"type":"string","description":"URL of the akeyless infrastructure on which the account is created on signup."}}},{"type":"object","description":"Holds IDs of customer fragments which are accessible to the akeyless gateway. | The CipherTrust Customer Fragment is a secret object which could be used to protect akeyless secrets.","properties":{"customer_fragment_ids":{"type":"array","description":"Holds IDs of customer fragments which are accessible to the akeyless gateway. The CipherTrust Customer Fragment is a secret object which could be used to protect akeyless secrets."}}}]},"AkeylessConfigurationUpdate":{"x-feature":"FF_AKEYLESS","type":"object","properties":{"gateway_connection_id":{"type":"string","description":"ID, name or URI of an Akeyless connection associated with the Akeyless gateway."},"sso_access_id":{"type":"string","description":"The akeyless key ID to be used for Akeyless SSO."},"akeyless_signup_url":{"x-feature":"FF_AKEYLESS_SINGLE_TENANT","type":"string","description":"URL of the akeyless infrastructure on which the account is created on signup. This parameter can be used in scenarios where a dedicated single tenant akeyless infrastructure is deployed. If this field is left blank, the default 'https://vault.akeyless.io' endpoint is used for signups. This parameter is considered only when the gateway_connection_id is not set."}}},"AkeylessStatus":{"x-feature":"FF_AKEYLESS","type":"object","properties":{"status":{"type":"string","description":"Status of Akeyless if it is ready to use or not."}}},"akeyless_signup_url":{"x-feature":"FF_AKEYLESS_SINGLE_TENANT","type":"object","description":"URL of the akeyless infrastructure on which the account is created on signup.","properties":{"akeyless_url":{"type":"string","description":"URL of the akeyless infrastructure on which the account is created on signup."}}},"gateway_connection_id":{"type":"object","description":"ID, name or URI of an Akeyless connection associated with the Akeyless gateway.","properties":{"gateway_connection_id":{"type":"string","description":"ID, name or URI of an Akeyless connection associated with the Akeyless gateway."}}},"sso_access_id":{"type":"object","description":"The akeyless key ID to be used for Akeyless SSO.","properties":{"sso_access_id":{"type":"string","description":"The akeyless key ID to be used for Akeyless SSO."}}},"customer_fragment_ids":{"type":"object","description":"Holds IDs of customer fragments which are accessible to the akeyless gateway. | The CipherTrust Customer Fragment is a secret object which could be used to protect akeyless secrets.","properties":{"customer_fragment_ids":{"type":"array","description":"Holds IDs of customer fragments which are accessible to the akeyless gateway. The CipherTrust Customer Fragment is a secret object which could be used to protect akeyless secrets."}}},"version":{"x-feature":"FF_AKEYLESS_IN_PLACE_UPGRADE","type":"string","description":"Version of the Akeyless gateway to be used. Allowed versions are available through the get versions API."},"DomainLogRedirectionResponse":{"type":"object","properties":{"enable_log_forwarders_domain_redirection":{"type":"boolean"}}},"AkeylessVersion":{"type":"object","description":"The Akeyless Version enables the gateway to be upgraded to the enclosed version.","properties":{"version":{"type":"string","format":"string","readOnly":true,"description":"Holds the version number."},"release_date":{"type":"string","format":"string","readOnly":true,"description":"The release date of the specified version."},"default":{"type":"boolean","readOnly":true,"description":"Specifies if this akeyless version is the default version for current CipherTrust Manager version. True meaning this is the minimum supported version for this CM build."},"current":{"type":"boolean","readOnly":true,"description":"Specifies if this akeyless version is the active version. If true, this version is set as the akeyless version on CipherTrust Manager."}}},"AkeylessCustomerFragment":{"type":"object","description":"The CipherTrust Customer Fragment is a secret object which is used to protect akeyless secrets.","properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"description":{"type":"string","readOnly":true,"description":"The description of the resource."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}},"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}}]},"ImportCustomerFragmentReq":{"type":"object","description":"The Customer Fragment is a secret object which is used to protect akeyless secrets","required":["id","value"],"properties":{"id":{"type":"string","description":"The unique identifier of akeyless customer fragment"},"name":{"type":"string","description":"The name of the resource"},"value":{"type":"string","description":"The value of the resource"},"description":{"type":"string","description":"The description of the resource"},"fragment_type":{"type":"string","description":"Akeyless Customer Fragment type. Supported fragment types in CM - [\"standard\"]"}}},"ImportCustomerFragmentResp":{"type":"object","description":"The Customer Fragment is a secret object which is used to protect akeyless secrets","properties":{"id":{"type":"string","readOnly":true,"description":"The unique identifier of akeyless customer fragment"},"name":{"type":"string","readOnly":true,"description":"The name of the resource"},"description":{"type":"string","readOnly":true,"description":"The description of the resource"},"status":{"type":"string","readOnly":true,"description":"Gives the status for imported Customer Fragments. Can be either \"success\" or \"fail\""},"error":{"type":"string","readOnly":true,"description":"Error message for customer fragments with failed import status"}}},"ServiceLogLevel":{"type":"object","properties":{"service":{"type":"string","description":"Service Name.","enum":["kmip","nae"]},"level":{"type":"string","description":"Log level string.","enum":["ERR","INF","DBG"]}}},"Kmip-Profiles":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles. Properties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]},"token":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"token":{"type":"string","description":"Client registration token."},"lifetime":{"type":"string","description":"Duration in days for which this token can be used for registering CipherTrust Manager clients. No limit by default."},"cert_duration":{"type":"integer","format":"uint64","description":"Duration in days for which the CipherTrust Manager client's certificate is valid and this cannot be negative."},"max_clients":{"type":"integer","description":"Maximum number of clients that can be registered using this registration token. No limit by default."},"ca_id":{"type":"string","description":"ID of the trusted Certificate Authority that will be used to sign client certificate during registration process."},"labels":{"x-feature":"FF_ADD_LABELS_TO_CLIENT_REGISTRATION_TOKENS","type":"object","description":"Labels comprise of key/value pairs. Labels whose key's start with ncryptify-reserved are reserved for internal use."}}}]},"EncryptInput":{"description":"The input to an encrypt operation. It is a JSON object that contains the data to be encrypted. For AES-GCM, it also contains the data to be authenticated. Note that both these are byte arrays. JSON encodes byte arrays to base64 strings. Therefore, the JSON object that is input should contain valid base64 data for both the plaintext and AAD.","type":"object","title":"Encryption Input","required":["id"],"properties":{"id":{"type":"string","description":"The name, ID or URI of the key used by the crypto operation."},"name":{"type":"string","description":"The name, ID or URI of the key used by the crypto operation."},"type":{"type":"string","description":"Specify the type of the identifier specified by the 'name' field. Must be one of name, id, uri, or alias. If not specified, the type of the identifier is inferred."},"plaintext":{"type":"string","description":"Data to Encrypt. This is a byte array. JSON encodes byte arrays to base64 strings. Therefore, the string in the JSON object should be a valid base64 string."},"version":{"type":"integer","description":"Version of the key to use.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are\nActual version of the key, Latest Version (-1), Latest Active Version (-2). If no version is specified, the key's latest version (-1) is used by default.}}"},"mode":{"type":"string","description":"This string identifies the cryptographic mode to use for symmetric key operations (i.e algorithm is 'AES' or 'TDES'). Allowed values for AES are 'CBC', 'EBC', 'CTR', and 'GCM' (default is 'GCM'), and the only allowed value for TDES is 'CBC'."},"pad":{"type":"string","description":"This string identifies cryptographic padding algorithm to use. Allowed values depend on the algorithm used. For AES and TDES, allowed values are 'none', 'PKCS5' and 'PKCS7' (default is 'PKCS7'). For asymmetric algorithms the allowed values 'PKCS1', 'OAEP', 'OAEP256', 'OAEP384' and 'OAEP512', defaulting to 'OAEP'. Padding is not applicable for 'CTR' and 'GCM' mode."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."},"iv":{"type":"string","description":"The Initialization Vector (IV) is a byte array used with CBC and GCM cryptographic algorithm modes. It appears as a base64 encoded string in the JSON blob. We recommend to omit this field to let the server generate and return a secure IV using its random number generator. Otherwise follow the security guidelines in \"NIST SP800-38A\" and \"NIST SP800-38D\" publications to ensure your IV construction is secure."},"nae_key_version_header":{"type":"boolean","description":"This flag requests that the 3-byte NAE key-version header be prepended to the returned ciphertext."},"tag_len":{"type":"integer","description":"The byte length of the GCM tag. It can be between 4 and 16, defaults to 16."},"batch_request":{"type":"array","description":"Single or multiple data to encrypt.\n\n`\"iv\"`, `\"tag_len\"` and `\"aad\"` can be specified explicitly for each data within `\"batch_request\"` or\nfor all data in the batch request by making it part of the request body.\nIf specified at both the places, values inside `\"batch_request\"` takes precedence.\n\nResponse field `\"batch_response\"` will contain encrypted data. See `\"batch_response\"` description for more.\nResponse HTTP status code - 207 indicates failure in batch request.\n","items":{"type":"object","title":"EncryptData","description":"Data to encrypt and its associated values\n","properties":{"plaintext":{"type":"string","description":"Data to Encrypt. This is a byte array. JSON encodes byte arrays to base64 strings. Therefore, the string in the JSON object should be a valid base64 string."},"iv":{"type":"string","description":"The Initialization Vector (IV) is a byte array used with CBC and GCM cryptographic algorithm modes. It appears as a base64 encoded string in the JSON blob. We recommend to omit this field to let the server generate and return a secure IV using its random number generator. Otherwise follow the security guidelines in \"NIST SP800-38A\" and \"NIST SP800-38D\" publications to ensure your IV construction is secure."},"tag_len":{"type":"integer","description":"The byte length of the GCM tag. It can be between 4 and 16, defaults to 16."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."}}}}},"example":{"id":"mykey","plaintext":"ZW5jcnlwdA==","aad":"YXV0aGVudGljYXRl"}},"EncryptedBlob":{"description":"The output of an encrypt operation. It is a JSON object that contains the encrypted data, as well as parameters needed to decrypt the data.","type":"object","title":"Encrypted Blob","properties":{"ciphertext":{"type":"string","description":"The cipher text is a byte array, and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array, and appears as a base64 encoded string in the JSON blob."},"id":{"type":"string","description":"ID of the key used for encrypting the data, only either ID or name should be specified."},"type":{"type":"string","description":"Specify the type of the identifier specified by the 'name' field. Must be one of name, id, uri, or alias. If not specified, the type of the identifier is inferred."},"version":{"type":"integer","description":"Version of the key used for encrypting the data.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are\nActual version of the key, Latest Version (-1), Latest Active Version (-2). If no version is specified, the key's latest version (-1) is used by default.}}"},"mode":{"type":"string","description":"The crypto mode (e.g. cbc, ecb, ctr, gcm)."},"pad":{"type":"string","description":"The padding algorithm (e.g. none, pkcs7)."},"iv":{"type":"string","description":"The IV is a byte array, and appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"The AAD is a byte array, and appears as a base64 encoded string in the JSON blob."},"nae_key_version_header":{"type":"boolean","description":"This flag indicates that the 3-byte NAE key-version header is prepended to the input ciphertext."},"batch_response":{"type":"array","description":"Contains encrypted data.\nReturned only when `\"batch_request\"` is provided in request (i.e if data is sent in batch mode).\n\nIf error occurs while processing any data in the batch, HTTP status code will be 207 and error will be\nreturned only for the data that failed, with `\"batch_response\"` containing `\"error\"` for that\nindex; rest all indexes will be successfully encrypted.\n\n`\"iv\"` and `\"aad\"`, if specified explicitly for a data within `\"batch_request\"`, are returned with the data within `\"batch_response\"`.\n`\"iv\"` and `\"aad\"`, if specified in request body, are returned in response body.\n`\"tag\"` is always returned with the data within `\"batch_response\"`.\nIf `\"iv\"` is not specified anywhere and generated automatically while encrypting, it will be returned with the data in `\"batch_response\"`.\n","items":{"type":"object","title":"Encrypted Data","description":"Encrypted data and its associated values\n","properties":{"ciphertext":{"type":"string","description":"The cipher text is a byte array, and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array, and appears as a base64 encoded string in the JSON blob."},"iv":{"type":"string","description":"The IV is a byte array, and appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."},"error":{"type":"string","description":"Returned only for the index that failed.\nEither `\"error\"` or `\"ciphertext\"` will be returned.\n"}}}}},"example":{"ciphertext":"V7xlczQt5A==","tag":"BUClpmg4Lu9GvgRe7/MgrA==","id":"8a16ee3a43a8fda6d0d3d923f20dc46821db19ed17cfa18f4b2af36d090e9da8","version":0,"mode":"gcm","iv":"0/RM+V753YJGJERC","aad":"YXV0aGVudGljYXRl"}},"DecryptInput":{"description":"The input of an decrypt operation. It is a JSON object that contains the encrypted data, as well as parameters needed to decrypt the data.","type":"object","title":"DecryptInput","properties":{"ciphertext":{"type":"string","description":"The cipher text is a byte array, and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array, and appears as a base64 encoded string in the JSON blob."},"id":{"type":"string","description":"ID of the key used for encrypting the data, only either ID or name should be specified."},"type":{"type":"string","description":"Specify the type of the identifier specified by the 'name' field. Must be one of name, id, uri, or alias. If not specified, the type of the identifier is inferred."},"version":{"type":"integer","description":"Version of the key used for encrypting the data.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are\nActual version of the key, Latest Version (-1), Latest Active Version (-2). If no version is specified, the key's latest version (-1) is used by default.}}"},"mode":{"type":"string","description":"The crypto mode (e.g. cbc, ecb, ctr, gcm)."},"pad":{"type":"string","description":"The padding algorithm (e.g. none, pkcs7)."},"iv":{"type":"string","description":"The IV is a byte array, and appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"The AAD is a byte array, and appears as a base64 encoded string in the JSON blob."},"nae_key_version_header":{"type":"boolean","description":"This flag indicates that the 3-byte NAE key-version header is prepended to the input ciphertext."},"batch_request":{"type":"array","description":"Single or multiple data to decrypt.\n\n`\"iv\"`, `\"tag\"` and `\"aad\"` can be specified explicitly for each data within `\"batch_request\"` or for all\ndata in the batch request by making it part of the request body.\nIf specified at both the places, values inside `\"batch_request\"` takes precedence.\n\nResponse field `\"batch_response\"` will contain decrypted data. See `\"batch_response\"` description for more.\nResponse HTTP status code - 207 indicates failure in batch request.\n","items":{"type":"object","title":"DecryptData","description":"Data to decrypt and its associated values.\n","properties":{"ciphertext":{"type":"string","description":"The cipher text is a byte array, and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array, and appears as a base64 encoded string in the JSON blob."},"iv":{"type":"string","description":"The IV is a byte array, and appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."}}}}},"example":{"ciphertext":"V7xlczQt5A==","tag":"BUClpmg4Lu9GvgRe7/MgrA==","id":"8a16ee3a43a8fda6d0d3d923f20dc46821db19ed17cfa18f4b2af36d090e9da8","version":0,"mode":"gcm","iv":"0/RM+V753YJGJERC","aad":"YXV0aGVudGljYXRl"}},"DecryptedBlob":{"description":"The output of an decrypt operation. It is a JSON object that contains the plaintext.","type":"object","title":"Decrypted Blob","properties":{"plaintext":{"type":"string","description":"The plain text is a byte array, and appears as a base64 encoded string in the JSON blob."},"batch_response":{"type":"array","description":"Contains decrypted data.\nReturned only when `\"batch_request\"` is provided in request (i.e if data is sent in batch mode).\n\nIf error occurs while processing any data in a batch, Response HTTP status code will be 207 and error will be\nreturned only for the data that failed, with `\"batch_response\"` containing `\"error\"` for that\nindex; rest all indexes will be successfully decrypted.\n","items":{"type":"object","title":"Decrypted Data","description":"Decrypted Data.","properties":{"plaintext":{"type":"string","description":"The plain text is a byte array, and appears as a base64 encoded string in the JSON blob."},"error":{"type":"string","description":"Returned only for the index that failed.\nEither `\"error\"` or `\"plaintext\"` will be returned.\n"}}}}},"example":{"plaintext":"VY2D+Q9UyPRj2tIlHP/yVQ=="}},"ReencryptInput":{"description":"The input for a re-encrypt operation. It is a JSON object that contains encryption and decryption parameters.\nThe decryption parameters contain the encrypted data and the parameters required to decrypt the data.\nFor Encryption parameters, in case of AES-GCM, it contains the data to be authenticated. Note that this is byte array. JSON encodes byte arrays to base64 strings. Therefore, the JSON object should contain valid base64 data for AAD.\nNote: The Plaintext parameter is not required.\n","title":"ReencryptInput","properties":{"decrypt":{"type":"object","description":"The input for a decrypt operation. It is a JSON object that contains the encrypted data and the parameters required to decrypt the data.","properties":{"ciphertext":{"type":"string","description":"The ciphertext is a byte array and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array that appears as a base64 encoded string in the JSON blob."},"id":{"type":"string","description":"The ID of the key used for encrypting the data. Specify either ID or name."},"type":{"type":"string","description":"Type of the identifier specified in the 'name' parameter. The Type of the identifier is derived from name, ID, URI, or alias. If not specified, the type of the identifier is automatically inferred."},"version":{"type":"integer","description":"Version of the key used for encrypting the data.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are\nActual version of the key, Latest Version (-1), Latest Active Version (-2). If no version is specified, the key's latest version (-1) is used by default.}}"},"mode":{"type":"string","description":"The cryptographic mode (for example, cbc, ecb, ctr, and gcm)."},"pad":{"type":"string","description":"The padding algorithm (for example, none, pkcs7)."},"iv":{"type":"string","description":"The IV is a byte array that appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"The AAD is a byte array that appears as a base64 encoded string in the JSON blob."},"nae_key_version_header":{"type":"boolean","description":"This flag indicates that the 3-byte NAE key-version header is prepended to the input ciphertext."}}},"encrypt":{"type":"object","description":"The input of Encrypt operation, In case of AES-GCM, it contains the data to be authenticated. Note that this is byte array. JSON encodes byte arrays to base64 strings.","properties":{"id":{"type":"string","description":"The name, ID, or URI of the key used by the crypto operation."},"name":{"type":"string","description":"The name, ID or URI of the key used by the crypto operation."},"type":{"type":"string","description":"Type of the identifier specified in the 'name' parameter. The Type of the identifier is derived from name, ID, URI, or alias. If not specified, the type of the identifier is automatically inferred."},"version":{"type":"integer","description":"Version of the key to use.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are\nActual version of the key, Latest Version (-1), Latest Active Version (-2). If no version is specified, the key's latest version (-1) is used by default.}}"},"mode":{"type":"string","description":"Identifies the cryptographic mode to use for the symmetric key operations. The allowed values depend on the algorithm used. Allowed values for AES are 'CBC', 'EBC', 'CTR', and 'GCM' (default is 'GCM'). The only allowed value for TDES is 'CBC'."},"pad":{"type":"string","description":"This string identifies the cryptographic padding algorithm to use. The allowed values depend on the algorithm used. For AES and TDES, the allowed values are 'none', 'PKCS5', and 'PKCS7' (default is 'PKCS7'). For asymmetric algorithms, the allowed values are 'PKCS1', 'OAEP', 'OAEP256', 'OAEP384', and 'OAEP512' (default is 'OAEP')."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."},"iv":{"type":"string","description":"The Initialization Vector (IV) is a byte array used with CBC and GCM cryptographic algorithm modes. It appears as a base64 encoded string in the JSON blob. We recommend to omit this field to let the server generate and return a secure IV using its random number generator. Otherwise follow the security guidelines in \"NIST SP800-38A\" and \"NIST SP800-38D\" publications to ensure your IV construction is secure."},"nae_key_version_header":{"type":"boolean","description":"This flag requests that the 3-byte NAE key-version header be prepended to the returned ciphertext."},"tag_len":{"type":"integer","description":"The byte length of the GCM tag. It can be between 4 and 16, defaults to 16."}}}},"example":{"decrypt":{"ciphertext":"V7xlczQt5A==","tag":"BUClpmg4Lu9GvgRe7/MgrA==","id":"8a16ee3a43a8fda6d0d3d923f20dc46821db19ed17cfa18f4b2af36d090e9da8","version":0,"mode":"gcm","iv":"0/RM+V753YJGJERC","aad":"YXV0aGVudGljYXRl"},"encrypt":{"id":"mykey","aad":"YXV0aGVudGljYXRl"}}},"ReencryptedBlob":{"description":"The output of a re-encrypt operation. It is a JSON object that contains the encrypted data and the parameters required to decrypt the data.","type":"object","title":"Re-Encrypted Blob","properties":{"ciphertext":{"type":"string","description":"The ciphertext is a byte array that appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array that appears as a base64 encoded string in the JSON blob."},"id":{"type":"string","description":"The ID of the key used for encrypting the data. Specify either ID or name."},"type":{"type":"string","description":"Type of the identifier specified in the 'name' parameter. The Type of the identifier is derived from name, ID, URI, or alias. If not specified, the type of the identifier is automatically inferred."},"version":{"type":"integer","description":"Version of the key used for encrypting the data.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are\nActual version of the key, Latest Version (-1), Latest Active Version (-2). If no version is specified, the key's latest version (-1) is used by default.}}"},"mode":{"type":"string","description":"The cryptographic mode (for example, cbc, ecb, ctr, and gcm)."},"pad":{"type":"string","description":"The padding algorithm (for example, none, pkcs7)."},"iv":{"type":"string","description":"The IV is a byte array that appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"The AAD is a byte array that appears as a base64 encoded string in the JSON blob."},"nae_key_version_header":{"type":"boolean","description":"This flag indicates that the 3-byte NAE key-version header is prepended to the input ciphertext."}},"example":{"ciphertext":"V7xlczQt5A==","tag":"BUClpmg4Lu9GvgRe7/MgrA==","id":"8a16ee3a43a8fda6d0d3d923f20dc46821db19ed17cfa18f4b2af36d090e9da8","version":0,"mode":"gcm","iv":"0/RM+V753YJGJERC","aad":"YXV0aGVudGljYXRl"}},"PostKey":{"title":"Create Key","properties":{"domainId":{"type":"string","description":"Domain ID."},"name":{"type":"string","description":"Optional friendly name, The key name should not contain special characters such as angular brackets (<,>) and backslash (`\\`)."},"usageMask":{"type":"integer","description":"Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303.\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"},"algorithm":{"type":"string","description":"Cryptographic algorithm this key is used with. Defaults to 'aes'","enum":["aes","rsa","ec","hmac-sha1","hmac-sha256","hmac-sha384","hmac-sha512"]},"objectType":{"type":"string","description":"This specifies the type of object that is being created. Valid values are\n'Symmetric Key', 'Public Key', 'Private Key', 'Secret Data', 'Opaque Object',\nor 'Certificate'. The object type is inferred for many objects,\nbut must be supplied for the certificate object.\n"},"curveid":{"type":"string","description":"Cryptographic curve id for elliptic key. Key algorithm must be 'EC'. Values:\n * secp224k1\n * secp224r1\n * secp256k1\n * secp384r1\n * secp521r1\n * prime256v1\n * brainpoolP224r1\n * brainpoolP224t1\n * brainpoolP256r1\n * brainpoolP256t1\n * brainpoolP384r1\n * brainpoolP384t1\n * brainpoolP512r1\n * brainpoolP512t1\n"},"size":{"type":"integer","description":"Bit length for the key."},"undeletable":{"type":"boolean","description":"Key is not deletable. Defaults to false."},"labels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys. When labels are provided\nthey are merged with the key's existing labels.\n\nTo add a label, set the label's value as follows.\n```\n \"labels\": {\n \"key\": \"value\"\n }\n```\n"}}},"PatchKey":{"title":"Update Key","properties":{"meta":{"type":"object","description":"Optional end-user or service data stored with the key"},"unexportable":{"type":"boolean","description":"Key is not exportable.\n"},"undeletable":{"type":"boolean","description":"Key is not deletable."},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Object activation date."},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Object deactivation date."},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Object archive date."},"rotationFrequencyDays":{"type":"string","description":"Number of days from current date to rotate the key. It should be greater than or equal to 0. Default is an empty string.\nIf set to 0, rotationFrequencyDays set to an empty string and auto rotation of key will be disabled.\n"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"revocationReason":{"type":"string","description":"Revocation Reason Code for revoking the object. Required in conjunction with compromiseOccurrenceDate.\nIt is one of 'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message. Optionally used in conjunction with revocationReason."},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"aliases":{"type":"array","description":"Information needed for adding, modifying or deleting key aliases.\nTo delete a key, just specify its index. To add a key, do not specify the index.\nTo modify a key, specify its index, and the new values of the alias and type.\n","items":{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}},"muid":{"type":"string","description":"Optional additional identifier of the key.\nIt can be set if not set already.\n"},"keyId":{"type":"string","description":"Optional additional identifier of the key.\nIt can be set if not set already.\n"},"allVersions":{"type":"boolean","description":"To update the group permissions/custom attribute or both in metadata of all versions of the key.\nThis parameter also updates the usageMask, undeletable, and unexportable properties of all versions of a key at once.\nBy default it is set to false.\nSet to true, only when to update the group/custom attribute or both permissions of all versions of the key.\nIf this parameter is set to true, use the key name as the identifier.\n"},"usageMask":{"type":"integer","description":"Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303.\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"},"labels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys. When labels are provided\nthey are merged with the key's existing labels.\n\nTo remove a label, set the label's value to `null`.\n```\n \"labels\": {\n \"critical\": null\n }\n```\n\nTo remove all labels, set `labels` to `null`.\n```\n \"labels\": null\n```\n\nRefer to the schema under `/v1/vault/keys2 POST` for a full description\nof labels.\n","example":{"region":"noram","team":"sales"}},"description":{"type":"string","description":"It store information about the key"}},"example":{"meta":"Sample Metadata","activationDate":"2017-10-02T14:24:37.436073Z","deactivationDate":"2018-10-02T14:24:37.436073Z","processStartDate":"2017-10-02T14:24:37.436073Z","protectStopDate":"2018-10-02T14:24:37.436073Z","aliases":[{"alias":"modified-altname1","type":"string","index":0},{"alias":"newname3","type":"string"},{"index":1}],"allVersions":false,"usageMask":3}},"Key":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"state":{"type":"string","x-nullable":true,"description":"Current state of the key"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"rotationFrequencyDays":{"type":"string","x-nullable":true,"description":"Number of days from current date to rotate the key"},"scheduledRotationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the key will be rotated"},"usage":{"type":"string","x-nullable":true,"description":"Deprecated. Key usage"},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"meta":{"type":"object","format":"JSON","description":"Optional end-user or service data stored with the key"},"appMeta":{"type":"object","format":"JSON","description":"Optional app data stored with the key"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"aliases":{"type":"array","description":"Information associated with the KMIP Attribute called 'Name'","items":{"allOf":[{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}]}},"links":{"type":"array","description":"Information related to link from one Managed Cryptographic Object to another","items":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]}]}},"sha1Fingerprint":{"type":"string","x-nullable":true,"description":"This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha256Fingerprint":{"type":"string","x-nullable":true,"description":"SHA256 fingerprint of the key"},"sha384Fingerprint":{"x-feature":"FF_SHA384_IN_KEYS","type":"string","x-nullable":true,"description":"SHA384 fingerprint of the key"},"defaultIV":{"type":"string","x-nullable":true,"description":"Deprecated. This field was introduced to support specific legacy integrations and applications.\nNew applications are strongly recommended to use a unique IV for each encryption request\n"},"publickey":{"type":"string","x-nullable":true},"curveid":{"type":"string","x-nullable":true,"description":"elliptic key curve id"},"version":{"type":"integer","description":"key version"},"algorithm":{"type":"string","description":"key algorithm"},"size":{"type":"integer","x-nullable":true,"description":"Bit length for the key."},"unexportable":{"type":"boolean","description":"Key is not exportable if set to true."},"undeletable":{"type":"boolean","description":"Key is not deletable if set to true."},"neverExported":{"type":"boolean"},"neverExportable":{"type":"boolean"},"format":{"type":"string","x-nullable":true,"description":"format of the returned key material. It is one of 'pkcs1', 'pkcs8 (default)', 'pkcs12' for Asymmetric keys.\nAnd 'raw' or 'opaque' for Symmetric keys.\n"},"emptyMaterial":{"type":"boolean","description":"If set to true, the key material is not created and left empty."},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"splitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"pgpKeyVersion":{"type":"integer","x-nullable":true},"hkdfFields":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal lowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n"},"muid":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. This is optional and applicable for import key only.\n"},"keyId":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. The format of this value is of type long. This is optional and applicable for import key only.\n"},"idSize":{"type":"integer","x-nullable":true,"description":"Size of the ID for the key"},"labels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"permissions":{"type":"object","format":"JSON","x-nullable":true,"description":"This property holds a map of actions to user groups"},"description":{"type":"string","x-nullable":true,"description":"It store information about key"},"keyCheckValue":{"type":"string","x-nullable":true,"description":"KCV of the symmetric key"}}}]},"Keys":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"state":{"type":"string","x-nullable":true,"description":"Current state of the key"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"rotationFrequencyDays":{"type":"string","x-nullable":true,"description":"Number of days from current date to rotate the key"},"scheduledRotationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the key will be rotated"},"usage":{"type":"string","x-nullable":true,"description":"Deprecated. Key usage"},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"meta":{"type":"object","format":"JSON","description":"Optional end-user or service data stored with the key"},"appMeta":{"type":"object","format":"JSON","description":"Optional app data stored with the key"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"aliases":{"type":"array","description":"Information associated with the KMIP Attribute called 'Name'","items":{"allOf":[{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}]}},"links":{"type":"array","description":"Information related to link from one Managed Cryptographic Object to another","items":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]}]}},"sha1Fingerprint":{"type":"string","x-nullable":true,"description":"This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha256Fingerprint":{"type":"string","x-nullable":true,"description":"SHA256 fingerprint of the key"},"sha384Fingerprint":{"x-feature":"FF_SHA384_IN_KEYS","type":"string","x-nullable":true,"description":"SHA384 fingerprint of the key"},"defaultIV":{"type":"string","x-nullable":true,"description":"Deprecated. This field was introduced to support specific legacy integrations and applications.\nNew applications are strongly recommended to use a unique IV for each encryption request\n"},"publickey":{"type":"string","x-nullable":true},"curveid":{"type":"string","x-nullable":true,"description":"elliptic key curve id"},"version":{"type":"integer","description":"key version"},"algorithm":{"type":"string","description":"key algorithm"},"size":{"type":"integer","x-nullable":true,"description":"Bit length for the key."},"unexportable":{"type":"boolean","description":"Key is not exportable if set to true."},"undeletable":{"type":"boolean","description":"Key is not deletable if set to true."},"neverExported":{"type":"boolean"},"neverExportable":{"type":"boolean"},"format":{"type":"string","x-nullable":true,"description":"format of the returned key material. It is one of 'pkcs1', 'pkcs8 (default)', 'pkcs12' for Asymmetric keys.\nAnd 'raw' or 'opaque' for Symmetric keys.\n"},"emptyMaterial":{"type":"boolean","description":"If set to true, the key material is not created and left empty."},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"splitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"pgpKeyVersion":{"type":"integer","x-nullable":true},"hkdfFields":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal lowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n"},"muid":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. This is optional and applicable for import key only.\n"},"keyId":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. The format of this value is of type long. This is optional and applicable for import key only.\n"},"idSize":{"type":"integer","x-nullable":true,"description":"Size of the ID for the key"},"labels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"permissions":{"type":"object","format":"JSON","x-nullable":true,"description":"This property holds a map of actions to user groups"},"description":{"type":"string","x-nullable":true,"description":"It store information about key"},"keyCheckValue":{"type":"string","x-nullable":true,"description":"KCV of the symmetric key"}}}]}]}}}}]},"KeyExtended":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"state":{"type":"string","x-nullable":true,"description":"Current state of the key"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"rotationFrequencyDays":{"type":"string","x-nullable":true,"description":"Number of days from current date to rotate the key"},"scheduledRotationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the key will be rotated"},"usage":{"type":"string","x-nullable":true,"description":"Deprecated. Key usage"},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"meta":{"type":"object","format":"JSON","description":"Optional end-user or service data stored with the key"},"appMeta":{"type":"object","format":"JSON","description":"Optional app data stored with the key"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"aliases":{"type":"array","description":"Information associated with the KMIP Attribute called 'Name'","items":{"allOf":[{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}]}},"links":{"type":"array","description":"Information related to link from one Managed Cryptographic Object to another","items":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]}]}},"sha1Fingerprint":{"type":"string","x-nullable":true,"description":"This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha256Fingerprint":{"type":"string","x-nullable":true,"description":"SHA256 fingerprint of the key"},"sha384Fingerprint":{"x-feature":"FF_SHA384_IN_KEYS","type":"string","x-nullable":true,"description":"SHA384 fingerprint of the key"},"defaultIV":{"type":"string","x-nullable":true,"description":"Deprecated. This field was introduced to support specific legacy integrations and applications.\nNew applications are strongly recommended to use a unique IV for each encryption request\n"},"publickey":{"type":"string","x-nullable":true},"curveid":{"type":"string","x-nullable":true,"description":"elliptic key curve id"},"version":{"type":"integer","description":"key version"},"algorithm":{"type":"string","description":"key algorithm"},"size":{"type":"integer","x-nullable":true,"description":"Bit length for the key."},"unexportable":{"type":"boolean","description":"Key is not exportable if set to true."},"undeletable":{"type":"boolean","description":"Key is not deletable if set to true."},"neverExported":{"type":"boolean"},"neverExportable":{"type":"boolean"},"format":{"type":"string","x-nullable":true,"description":"format of the returned key material. It is one of 'pkcs1', 'pkcs8 (default)', 'pkcs12' for Asymmetric keys.\nAnd 'raw' or 'opaque' for Symmetric keys.\n"},"emptyMaterial":{"type":"boolean","description":"If set to true, the key material is not created and left empty."},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"splitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"pgpKeyVersion":{"type":"integer","x-nullable":true},"hkdfFields":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal lowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n"},"muid":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. This is optional and applicable for import key only.\n"},"keyId":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. The format of this value is of type long. This is optional and applicable for import key only.\n"},"idSize":{"type":"integer","x-nullable":true,"description":"Size of the ID for the key"},"labels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"permissions":{"type":"object","format":"JSON","x-nullable":true,"description":"This property holds a map of actions to user groups"},"description":{"type":"string","x-nullable":true,"description":"It store information about key"},"keyCheckValue":{"type":"string","x-nullable":true,"description":"KCV of the symmetric key"}}}]}]},"KeyExportable":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"state":{"type":"string","x-nullable":true,"description":"Current state of the key"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"rotationFrequencyDays":{"type":"string","x-nullable":true,"description":"Number of days from current date to rotate the key"},"scheduledRotationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the key will be rotated"},"usage":{"type":"string","x-nullable":true,"description":"Deprecated. Key usage"},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"meta":{"type":"object","format":"JSON","description":"Optional end-user or service data stored with the key"},"appMeta":{"type":"object","format":"JSON","description":"Optional app data stored with the key"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"aliases":{"type":"array","description":"Information associated with the KMIP Attribute called 'Name'","items":{"allOf":[{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}]}},"links":{"type":"array","description":"Information related to link from one Managed Cryptographic Object to another","items":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]}]}},"sha1Fingerprint":{"type":"string","x-nullable":true,"description":"This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha256Fingerprint":{"type":"string","x-nullable":true,"description":"SHA256 fingerprint of the key"},"sha384Fingerprint":{"x-feature":"FF_SHA384_IN_KEYS","type":"string","x-nullable":true,"description":"SHA384 fingerprint of the key"},"defaultIV":{"type":"string","x-nullable":true,"description":"Deprecated. This field was introduced to support specific legacy integrations and applications.\nNew applications are strongly recommended to use a unique IV for each encryption request\n"},"publickey":{"type":"string","x-nullable":true},"curveid":{"type":"string","x-nullable":true,"description":"elliptic key curve id"},"version":{"type":"integer","description":"key version"},"algorithm":{"type":"string","description":"key algorithm"},"size":{"type":"integer","x-nullable":true,"description":"Bit length for the key."},"unexportable":{"type":"boolean","description":"Key is not exportable if set to true."},"undeletable":{"type":"boolean","description":"Key is not deletable if set to true."},"neverExported":{"type":"boolean"},"neverExportable":{"type":"boolean"},"format":{"type":"string","x-nullable":true,"description":"format of the returned key material. It is one of 'pkcs1', 'pkcs8 (default)', 'pkcs12' for Asymmetric keys.\nAnd 'raw' or 'opaque' for Symmetric keys.\n"},"emptyMaterial":{"type":"boolean","description":"If set to true, the key material is not created and left empty."},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"splitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"pgpKeyVersion":{"type":"integer","x-nullable":true},"hkdfFields":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal lowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n"},"muid":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. This is optional and applicable for import key only.\n"},"keyId":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. The format of this value is of type long. This is optional and applicable for import key only.\n"},"idSize":{"type":"integer","x-nullable":true,"description":"Size of the ID for the key"},"labels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"permissions":{"type":"object","format":"JSON","x-nullable":true,"description":"This property holds a map of actions to user groups"},"description":{"type":"string","x-nullable":true,"description":"It store information about key"},"keyCheckValue":{"type":"string","x-nullable":true,"description":"KCV of the symmetric key"}}}]},{"type":"object","properties":{"material":{"type":"string","x-nullable":true,"description":"Encoded key"},"encoding":{"type":"string","x-nullable":true,"description":"encoding used for the 'material' field."},"macSignBytes":{"type":"string","x-nullable":true,"description":"MAC/Signature bytes to be used for verification while importing a key"},"pbeSalt":{"type":"string","x-nullable":true},"pbePurpose":{"type":"string","x-nullable":true}}}]},"Random":{"properties":{"material":{"type":"string","description":"Hex encoded random bytes"}}},"KeyAlias":{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}},"PublicKeyParameters":{"type":"object","title":"Public Key","description":"Information needed to create a public key.","properties":{"name":{"type":"string","description":"Friendly name of the corresponding public key"},"usageMask":{"type":"integer","description":"Defined in PostKey parameters"},"meta":{"type":"object","description":"Optional end-user or service data stored with the key"},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"state":{"type":"string","description":"Optional initial key state (Pre-Active) upon creation. If set,\nactivationDate and processStartDate can not be specified during key creation.\nDefaults to Active.\n"},"aliases":{"type":"array","description":"Aliases associated with the key. The alias and alias-type must be specified.\nThe alias index is assigned by this operation, and need not be specified.\n","items":{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}},"unexportable":{"type":"boolean","description":"Key is not exportable. Defaults to false.\n"},"undeletable":{"type":"boolean","description":"Key is not deletable. Defaults to false."}}},"QueryKeyParams":{"type":"object","title":"Search Parameters","description":"Information needed to search for a managed object.","properties":{"skip":{"description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},"limit":{"description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},"returnOnlyIDs":{"type":"boolean","description":"When this is not specified, or set to false, a list of keys is returned.\nWhen this is set to true, a list of key IDs is returned.\n"},"name":{"type":"string","description":"Filters results to those with matching names. The '?' and '*' wildcard characters may be used."},"names":{"x-feature":"FF_INDIVIDUAL_KEY_SELECTION_NAMES","type":"array","items":{"type":"string"},"description":"A set of names of keys that filters results to those with matching names."},"id":{"type":"string","format":"UUID","description":"Find the key with a matching ID.\n"},"ids":{"x-feature":"FF_INDIVIDUAL_KEY_SELECTION_IDS","type":"array","items":{"type":"string"},"description":"A set of Key IDs that find keys with matching IDs.\n"},"uri":{"type":"string","description":"Filters results to those with matching uris. The '?' and '*' wildcard characters may be used."},"version":{"type":"integer","description":"Deprecated: Use 'versions'. Filters results to those with matching version. If version is specified as -1, only\nlatest version of the keys is returned.{{FF_LATEST_ACTIVE_KEY_VERSION| If version is specified as -2, only nae latest active version of the keys will be returned.}}\nAll versions are returned when the version is not specified.\n"},"versions":{"type":"array","description":"Filters results to those with matching versions. If versions is specified as [-1], only latest version of the keys are returned.{{FF_LATEST_ACTIVE_KEY_VERSION|If versions is specified as [-2], only nae latest active version of the keys are returned.}} All versions are returned when the version is not specified.","items":{"type":"integer"}},"algorithm":{"type":"string","description":"Deprecated: Use 'algorithms'. Filters results to those with matching algorithms. The '?' and '*' wildcard characters may be used."},"algorithms":{"type":"array","description":"Filters results to those with matching algorithms. The '?' and '*' wildcard characters may be used if only specifying a single value.","items":{"type":"string"}},"size":{"type":"integer","description":"Deprecated: Use 'sizes'. Filters results to those with matching size.\n"},"sizes":{"type":"array","description":"Filters results to those with a matching size.","items":{"type":"integer"}},"curveIDs":{"type":"array","items":{"type":"string"},"description":"Filters results to those with matching elliptic key curve id. Results will match *any*\nof the values.\n"},"states":{"type":"array","items":{"type":"string"},"description":"Filters results to those with matching key state. Allowed values are\n\"Pre-Active\", \"Active\", \"Deactivated\", \"Destroyed\", \"Compromised\" and \"Destroyed Compromised\".\n"},"aliases":{"type":"array","items":{"type":"string"},"description":"Filters results to those with any of the matching aliases. The '?' and '*' wildcard characters\nmay be used when a single alias is specified.\n"},"linkTypes":{"type":"array","items":{"type":"string"},"description":"Filters results to those with any of the matching link types. The '?' and '*' wildcard characters\nmay be used when a single link type is specified. See the links documentation\nfor the various link types.\n"},"usageMask":{"type":"integer","description":"Deprecated: Use 'usageMasks'.\nFilters results to those with matching Cryptographic usage mask. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303 (all usage masks including Export).\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"},"usageMasks":{"type":"array","description":"Filters results to those with matching any of the Cryptographic usage masks. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303 (all usage masks including Export).\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n","items":{"type":"integer"}},"metaContains":{"type":"string","format":"JSON","description":"A valid JSON value. Only keys whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},"objectTypes":{"type":"array","items":{"type":"string"},"description":"Filters results to those with any of the matching KMIP object types. The '?' and '*' wildcard characters\nmay be used when a single object type is specified. Valid object types are:\n\"Certificate\", \"Symmetric Key\", \"Public Key\", \"Private Key\", \"Split Key\", \"Secret Data\", \"Opaque Object\".\n"},"sha1Fingerprint":{"type":"string","description":"Deprecated: Use 'sha1Fingerprints'.\nFilters results to those with matching SHA1 fingerprints. The '?' and '*' wildcard characters may be used.\nThis fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha1Fingerprints":{"type":"array","description":"Filters results to those with matching one of the SHA1 fingerprints. The '?' and '*' wildcard characters may be used\nfor singular values. This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n","items":{"type":"string"}},"sha256Fingerprint":{"type":"string","description":"Deprecated: Use 'sha256Fingerprints'\nFilters results to those with matching SHA256 fingerprints. The '?' and '*' wildcard characters may be used.\n"},"rotationFrequencyDaysBefore":{"type":"string","description":"Filters results to those with rotation frequencies less than what is specified (in days)."},"rotationFrequencyDays":{"type":"string","description":"Filters results to those with matching values of rotation frequencies (in days). The '?' and '*' wildcard characters may be used."},"rotationFrequencyDaysAfter":{"type":"string","description":"Filters results to those with rotation frequencies greater than what is specified (in days)."},"sha256Fingerprints":{"type":"array","description":"Filters results to those with matching SHA256 fingerprints. The '?' and '*' wildcard characters may be used\nfor a single value.\n","items":{"type":"string"}},"neverExported":{"type":"boolean","description":"Find keys with the specified value of the `neverExported` attribute."},"neverExportable":{"type":"boolean","description":"Find keys with the specified value of the `neverExportable` attribute (same as the KMIP `Never Extractable` attribute)."},"unexportable":{"type":"boolean","description":"Find keys with the specified value of the `unexportable` attribute (opposite of the KMIP `Extractable` attribute)."},"revocationReason":{"type":"string","description":"Deprecated: Use 'revocationReasons'. Find keys having the specified value of the `revocationReason` attribute."},"revocationReasons":{"type":"array","description":"Find keys having one of the specified values of the `revocationReason` attribute.","items":{"type":"string"}},"createdBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\" will find keys created\nbefore 1 year, 2 months and 5 days ago.\n"},"createdAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\" will find keys created after 1 year, 2 months\nand 5 days ago.\n"},"createdAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys created within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"updatedBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys updated at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\" will find keys updated\nbefore 1 year, 2 months and 5 days ago.\n"},"updatedAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys updated at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"updatedAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys updated within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"activationBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose activation date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"activationAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose activation date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"activationAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose activation date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"processStartBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose process start date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"processStartAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose process start date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"processStartAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose process start date is within 0.5 seconds before or after the specified timestamp. Timestamp\nshould be in RFC3339Nano format.\n"},"protectStopBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose protect stop date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"protectStopAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose protect stop date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"protectStopAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose protect stop date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano format.\n"},"scheduledRotationBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose scheduled rotation date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively.\n"},"scheduledRotationAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose scheduled rotation date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively.\n"},"scheduledRotationAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose scheduled rotation date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano format.\n"},"deactivationBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose deactivation date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"deactivationAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose deactivation date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"deactivationAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose deactivation date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"destroyBefore":{"type":"string","format":"date-time","description":"Find keys whose destroy date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"destroyAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose destroy date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"destroyAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose destroy date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"archiveBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose archive date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"archiveAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose archive date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"archiveAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose archive date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"compromiseOccurranceBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise occurrance date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"compromiseOccurranceAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise occurrance date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"compromiseOccurranceAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise occurrance date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"compromiseBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"compromiseAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"compromiseAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"rotationDateReached":{"type":"boolean","description":"- If `rotationDateReached` is set to true then it returns latest version of the keys with rotationDate of latest version <= currentTime.\n- If `rotationDateReached` is set to false then it returns latest version of the keys with rotationDate of latest version > currentTime\n"},"compareIDWithUUID":{"type":"string","description":"- If `compareIDWithUUID` is set to `equal`, then it returns keys whose IDs are equal to their UUIDs.\n- If `compareIDWithUUID` is set to `notequal`, then it returns keys whose IDs are not equal to their UUIDs.\n- The supported values are `equal` and `notequal`.\n"},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"labels":{"type":"object","additionalProperties":{"type":"array"},"items":{"type":"string"},"x-nullable":true,"description":"Find keys that match label selector expressions. Multiple values are\nlogically ANDed.\n\nLabel selector expressions:\n- Select keys that have the label `{\"region\": \"noram\"}`:\n ```\n [ \"region=noram\" ]\n ```\n OR with a double equals:\n ```\n [ \"region==noram\" ]\n ```\n- Select keys that do not have the label `{\"region\": \"noram\"}`:\n ```\n [ \"region!=noram\" ]\n ```\n- Select keys that have either `{\"region\": \"noram\"}` or `{\"region\": \"emea\"}`\n ```\n [ \"region in (noram,emea)\" ]\n ```\n- Select keys that do not have `{\"region\": \"noram\"}` nor `{\"region\": \"emea\"}`\n ```\n [ \"region notin (noram,emea)\" ]\n ```\n- Select keys that have the label key `region` (the value may be anything)\n ```\n [ \"region\" ]\n ```\n- Select keys that not have the label key `region`\n ```\n [ \"!region\" ]\n ```\n\nMultiple label selector expressions, logically ANDed:\n- Select keys that have the label `{\"region\": \"noram\"}` but do not have\n `{\"team\": \"sales\"}`\n ```\n [ \"region=noram\", \"team!=sales\" ]\n\n ```\n"},"undeletable":{"type":"boolean","description":"Find keys with the specified value of the `undeletable` attribute."},"permissions":{"type":"array","items":{"type":"string"},"description":"The filter returns only those keys on which the user performing the query has the same permissions as given\nin the query. The permissions are given to a group in the key meta and the group must have the `ReadKey`\npermission. The user performing the query must be a member of the group having those permissions.\nAllowed values are \"EncryptWithKey\", \"DecryptWithKey\", \"MACWithKey\", \"MACVerifyWithKey\", \"SignWithKey\",\n\"SignVerifyWithKey\", \"ReadKey\", \"UseKey\", and \"ExportKey\".\n"},"keyCheckValues":{"x-feature":"FF_KEY_CHECK_VALUE_ENABLED","type":"array","description":"Filters results based on the matching Key Check Values (KCVs).\nThe '?' and '*' wildcard characters may be used for a single value. You can use an empty value [\"\"] to search keys with no KCV.\n","items":{"type":"string"}},"sha384Fingerprints":{"x-feature":"FF_SHA384_IN_KEYS","type":"array","description":"Filters results to those with matching SHA384Fingerprints. The '?' and '*' wildcard characters may be used. You can use an empty value [\"\"] to search keys with no sha384Fingerprint.\n","items":{"type":"string"}},"cteKeyHashes":{"x-feature":"FF_CTE_KEY_HASH","type":"array","description":"Filters results to those with matching cteKeyHash. The '?' and '*' wildcard characters may be used. You can use an empty value [\"\"] to search keys with no cteKeyHash.\n","items":{"type":"string"}}},"example":{"name":"oldkeys*","usageMask":12,"metaContains":"{\"info\":{\"color\":\"red\"}}","aliases":["abc1","yellow"],"size":256,"createdAfter":"2018-11-28T15:19:10Z"}},"CertificateFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"DistinguishedNameFields":{"type":"object","title":"Distinguished Name Fields","description":"Information encapsulated by a distinguished name in a certificate.","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"AlternateNameFields":{"type":"object","title":"Alternate Name Fields","description":"Information encapsulated by an alternate name in a certificate.","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"HkdfCreateParameters":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"WrapHKDF":{"type":"object","title":"HKDF Wrap Parameters","description":"Information which is used to wrap a Key using HKDF.","properties":{"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF Wrapping.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"},"okmLen":{"type":"integer","description":"The desired output key material length in integer.\n"}}},"WrapJWE":{"type":"object","title":"JWE Parameters for generating jwe","description":"Information which is used to wrap a Key using JWE. (JWT ID (JTI) provides a unique identifier for the JWT. JTI will be automatically included in JWE if it is available in JWT identity token.)","properties":{"jwtIdentifier":{"type":"string","description":"JWT identifier (JTI) is unique identifier for the JWT used by SFDC for cache key replay detection.\n"},"contentEncryptionAlgorithm":{"type":"string","description":"Content Encryption Algorithm is symmetric encryption algorithm used to encrypt the data , default is AES_256_GCM.\n","enum":["AES_128_CBC_HMAC_SHA_256","AES_192_CBC_HMAC_SHA_384","AES_256_CBC_HMAC_SHA_512","AES_128_GCM","AES_192_GCM","AES_256_GCM"]},"keyEncryptionAlgorithm":{"type":"string","description":"Key Encryption Algorithm is used to encrypt the Content Encryption Key (CEK), default is RSA_OAEP_SHA1.\nAlgorithm should correspond to type of public key provided for wrapping.\n","enum":["RSA1_5","RSA_OAEP_SHA1","RSA_OAEP_SHA256","ECDH_ES","ECDH_ES_AES_128_KEY_WRAP","ECDH_ES_AES_192_KEY_WRAP","ECDH_ES_AES_256_KEY_WRAP"]},"keyIdentifier":{"type":"string","description":"Key identifier to be used as \"kid\" parameter in JWE material and JWE header.\nDefaults to key id.\n"}}},"WrapPBE":{"type":"object","title":"Password based encryption parameters for generating password based derived keys.","description":"WrapPBE derives the key from the password and other parameters such as salt, iteration count, hashing algorithm, and derived key-length. PBE currently supports wrapping of symmetric keys (AES), private keys, and certificates.\nWrapPBE is a two-step process to export a key as mentioned below. The key import is similar to the key export but it unwraps the target key in the second step.\nStep 1 Use PBKDF2 with the specified parameters (pwd, hash-function, salt, iterations, purpose (opt), KEK length) to derive the KEK. For more details, refer to RFC 2898.\nStep 2 Perform AES-KW/KWP to wrap the target key using the KEK derived from Step 1. The AES KEK size is calculated by the KEK length parameter as described in Step 1. For more details, refer to RFC 3394 and 5649.\n","properties":{"hashAlgorithm":{"type":"string","description":"Underlying hashing algorithm that acts as a pseudorandom function to generate derive keys.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512","hmac-sha512/224","hmac-sha512/256","hmac-sha3-224","hmac-sha3-256","hmac-sha3-384","hmac-sha3-512"]},"password":{"type":"string","description":"Base password to generate derive keys. It cannot be used in conjunction with passwordidentifier.\npassword must be in range of 8 bytes to 128 bytes.\n"},"passwordIdentifier":{"type":"string","description":"Secret password identifier for password. It cannot be used in conjunction with password.\n"},"passwordIdentifierType":{"type":"string","description":"Type of the Passwordidentifier. If not set then default value is name.\n","enum":["id","name","slug"]},"salt":{"type":"string","description":"A Hex encoded string.\npbeSalt must be in range of 16 bytes to 512 bytes.\n"},"purpose":{"type":"string","description":"User defined purpose. If specified will be prefixed to pbeSalt.\npbePurpose must not be greater than 128 bytes.\n"},"dklen":{"type":"integer","description":"Intended length in octets of the derived key.\ndklen must be in range of 14 bytes to 512 bytes.\n"},"iteration":{"type":"integer","description":"Iteration count increase the cost of producing keys from a password.\nIteration must be in range of 1 to 1,00,00,000.\n"}}},"WrapRSAAES":{"type":"object","title":"RSA AES KWP parameters","description":"Information which is used to wrap/unwrap asymmetric keys using RSA AES KWP method.\nThis method internally requires AES key size to generate a temporary AES key and RSA padding.\nTo use WrapRSAAES, algorithm \"RSA/RSAAESKEYWRAPPADDING\" must be specified in WrappingEncryptionAlgo.\n","properties":{"aesKeySize":{"type":"integer","description":"Size of AES key for RSA AES KWP. Accepted value are 128, 192, 256.\nDefault value is \"256\".\n"},"padding":{"type":"string","description":"Padding specifies the type of padding scheme that needs to be set when exporting\nthe Key using RSA AES wrap. Accepted values are \"oaep\", \"oaep256\", \"oaep384\", \"oaep512\",\nDefault value is \"oaep256\".\n","enum":["oaep","oaep256","oaep384","oaep512"]}}},"KeyParams":{"type":"object","title":"Parameters for generation of key required for CSR creation","description":"Parameters to be used for creating an asymmetric key to be used for CSR creation.","properties":{"keyName":{"type":"string","description":"Name of key to be generated for CSR creation"},"algorithm":{"type":"string","description":"Algorithm of key to be generated for CSR creation. Permitted values are 'RSA' or 'EC' and defaults to 'RSA'.\n"},"size":{"type":"string","description":"Size of key to be generated for CSR creation. Refer create key API for sizes for EC and RSA keys and their default values.\n"},"curveid":{"type":"string","description":"Cryptographic curve id for elliptic key. Values:\n * secp224r1\n * secp384r1\n * secp521r1\n * prime256v1\nThese curves are allowed for CSR creation.\n"}}},"BasicLabels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"AddLabels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys. APIs that list keys can use\nlabels to filter the set of matching resources.\n\nA label's key has an optional prefix up to 253 characters followed by a\nforward slash and a required name up to 63 characters. For example,\n`sales.widgets.com/region` is a label key with the prefix\n`sales.widgets.com` and the name `region`, while `region` is a label key\nwithout a prefix.\n\nA label's value may be empty and may be up to 63 characters.\n\nEach part of the label (i.e. the prefix, name, and value) must begin\nand end with an alphanumeric character (a-zA-Z0-9). Characters\ninbetween the beginning and end may contain alphanumeric characters,\ndots (.), dashes (-) and underscores (_).\n\nA Label can be a simple tag by specifying a key with no value\n(e.g. `{ \"critical\": \"\" }`).\n\nHere's a full example showing a name/value pair with prefix, a name/value pair, and a simple tag:\n```\n \"labels\": {\n \"sales.widgets.com/region\": \"noram\",\n \"team\": \"sales\",\n \"critical\": \"\"\n }\n```\n","example":{"region":"noram","team":"sales"}},"UpdateLabels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys. When labels are provided\nthey are merged with the key's existing labels.\n\nTo remove a label, set the label's value to `null`.\n```\n \"labels\": {\n \"critical\": null\n }\n```\n\nTo remove all labels, set `labels` to `null`.\n```\n \"labels\": null\n```\n\nRefer to the schema under `/v1/vault/keys2 POST` for a full description\nof labels.\n","example":{"region":"noram","team":"sales"}},"QueryLabels":{"type":"object","additionalProperties":{"type":"array"},"items":{"type":"string"},"x-nullable":true,"description":"Find keys that match label selector expressions. Multiple values are\nlogically ANDed.\n\nLabel selector expressions:\n- Select keys that have the label `{\"region\": \"noram\"}`:\n ```\n [ \"region=noram\" ]\n ```\n OR with a double equals:\n ```\n [ \"region==noram\" ]\n ```\n- Select keys that do not have the label `{\"region\": \"noram\"}`:\n ```\n [ \"region!=noram\" ]\n ```\n- Select keys that have either `{\"region\": \"noram\"}` or `{\"region\": \"emea\"}`\n ```\n [ \"region in (noram,emea)\" ]\n ```\n- Select keys that do not have `{\"region\": \"noram\"}` nor `{\"region\": \"emea\"}`\n ```\n [ \"region notin (noram,emea)\" ]\n ```\n- Select keys that have the label key `region` (the value may be anything)\n ```\n [ \"region\" ]\n ```\n- Select keys that not have the label key `region`\n ```\n [ \"!region\" ]\n ```\n\nMultiple label selector expressions, logically ANDed:\n- Select keys that have the label `{\"region\": \"noram\"}` but do not have\n `{\"team\": \"sales\"}`\n ```\n [ \"region=noram\", \"team!=sales\" ]\n\n ```\n"},"KeyPermissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"PatchKeyPolicy":{"type":"object","title":"Parameters for updating key policies.","description":"update parameters for key policies.","properties":{"description":{"type":"string","description":"Key policy description"},"permissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"label_selector":{"description":"label_selector on which key policies are applied"}}},"CreateKeyPolicy":{"type":"object","title":"Parameters for Creating key policies.","description":"Parameters to be used for creating key policies.","required":["name","label_selector","permissions"],"properties":{"name":{"type":"string","description":"Name of key policy"},"description":{"type":"string","description":"Key policy description"},"permissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"label_selector":{"type":"string","description":"labels on which key policy applied.'=' and 'in' operator supported only. Also multiple conditions can be combined using ',' example:- env in (test1,test2), test3=test4"}}},"KeyPolicy":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","title":"Parameters for Creating key policies.","description":"Parameters to be used for creating key policies.","required":["name","label_selector","permissions"],"properties":{"name":{"type":"string","description":"Name of key policy"},"description":{"type":"string","description":"Key policy description"},"permissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"label_selector":{"type":"string","description":"labels on which key policy applied.'=' and 'in' operator supported only. Also multiple conditions can be combined using ',' example:- env in (test1,test2), test3=test4"}}}]},"Link":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]},"LinkInfo":{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}},"SplitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"KeyLabels":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"description":"An optional list labels","type":"array","items":{"type":"object","additionalProperties":{"type":"string"}}}}}]},"ResourceBase":{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date","description":"Date/time the application was created"}}},"NamedResourceBase":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource"}}}]},"SecretExtended":{"type":"object","allOf":[{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource"}}}]},{"properties":{"updatedAt":{"type":"string","format":"date","description":"Date/time the application was updated"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Blob"}}}]},{"type":"object","properties":{"material":{"type":"string","description":"data of the secret"},"meta":{"type":"object","description":"Optional end-user or service data stored with the Secret"}}}]},"UpdateableBase":{"properties":{"updatedAt":{"type":"string","format":"date","description":"Date/time the application was updated"}}},"ResourceCollection":{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}}},"PasswordConfig":{"type":"object","title":"passwordConfig","description":"Complexity requirements for creating secret material.","properties":{"passwordLength":{"type":"integer","description":"The length of the secret string.\n"},"lowercaseCount":{"type":"integer","description":"Number of lower case count required in the secret string.\n"},"uppercaseCount":{"type":"integer","description":"Number of upper case required in the secret string.\n"},"symbolsCount":{"type":"integer","description":"Number of symbols count required in the secret string.\n"},"digitsCount":{"type":"integer","description":"Number of digits required in the secret string.\n"}}},"PostSecret":{"required":["dataType"],"properties":{"name":{"type":"string","description":"Friendly name"},"usageMask":{"type":"integer","description":"Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303.\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n\nDefaults to 12 (Encrypt, Decrypt).\n\nNot applicable to the following:\n * blob\n"},"dataType":{"type":"string","description":"The type of data the secret represents. Each data type corresponds to a KMIP type.\n * blob - KMIP opaque object\n * password - KMIP secret data password\n * seed - KMIP secret data seed\n"},"material":{"type":"string","description":"The data imported as the secret. The encoding of the data is not specified. If the data cannot be set as a JSON string, such as arbitrary binary data, then the caller should encode the data first (e.g. using base64). {{FF_NATIVE_SECRET_MANAGEMENT|This field is optional only for dataType \"password\" as material will be system generated for the authorized users.}}\n"},"unexportable":{"type":"boolean","description":"Material is not exportable. Defaults to false.\n"},"undeletable":{"type":"boolean","description":"Object is not deletable. Defaults to false."},"meta":{"type":"object","description":"End-user or service data stored with the secret."},"passwordConfig":{"x-feature":"FF_NATIVE_SECRET_MANAGEMENT","type":"object","title":"passwordConfig","description":"Complexity requirements for creating secret material.","properties":{"passwordLength":{"type":"integer","description":"The length of the secret string.\n"},"lowercaseCount":{"type":"integer","description":"Number of lower case count required in the secret string.\n"},"uppercaseCount":{"type":"integer","description":"Number of upper case required in the secret string.\n"},"symbolsCount":{"type":"integer","description":"Number of symbols count required in the secret string.\n"},"digitsCount":{"type":"integer","description":"Number of digits required in the secret string.\n"}}},"state":{"type":"string","description":"Initial Secret state (Pre-Active) upon creation. Defaults to Active. If set, activationDate can not be specified during state creation.\nNot applicable to the following:\n * blob\n"},"activationDate":{"type":"string","format":"date","description":"Date/time the Secret Data becomes active.\nNot applicable to the following:\n * blob\n"},"deactivationDate":{"type":"string","format":"date","description":"Date/time the Secret Data becomes inactive"},"idSize":{"type":"integer","description":"Size of the ID for the secret"}},"example":{"name":"My Secret","dataType":"seed","material":"DEADBEEF"}},"SecretMetadata":{"properties":{"meta":{"type":"object","description":"Optional end-user or service data stored with the Secret"},"unexportable":{"type":"boolean","description":"Material is not exportable.\n"},"undeletable":{"type":"boolean","description":"Object is not deletable."},"activationDate":{"type":"string","format":"date","description":"Secret Data activation date."},"deactivationDate":{"type":"string","format":"date","description":"Secret Data deactivation date."},"compromiseOccurrenceDate":{"type":"string","format":"date","description":"Date/time security compromise of the object was identified"},"revocationReason":{"type":"string","description":"Revocation Reason Code for revoking the object. Required in conjunction with compromiseOccurrenceDate.\nIt is one of 'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message. Optionally used in conjunction with revocationReason."}},"example":{"revocationReason":"Unspecified","revocationMessage":"My Reason"}},"Secret":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource"}}}]},{"properties":{"updatedAt":{"type":"string","format":"date","description":"Date/time the application was updated"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Blob"}}}]},"Secrets":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"name":{"type":"string","description":"The name of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"usage":{"type":"string","description":"Either FPE or Blob"},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date","description":"Date/time the application was updated"}}}}}}]},"Policy":{"description":"Policies are access control rules. They declare a set of\nactions, applied to a set of resources, under an optional set of\nconditions, which are either allowed or not allowed.\n\nPolicies, like other resources, share common properties like `id`,\n`uri`, `name`, etc.\n\n`actions` is a list of permissions.\n\nTBD: link to\ncanonical dictionary of permissions. Operations will require some\nset of the these permissions\n\n`resources` is a list of URI patterns.\n","type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"allow":{"type":"boolean"},"effect":{"type":"string","description":"The effect describes the effect of the policy. There are 4 possible values.\nWith effect, the allow flag gets deprecated. Please use one of the two and\nuse allow only if it is needed, instead use effect.\n","enum":["allow","deny","obligate_on_allow","obligate_on_deny"]},"conditions":{"type":"array","items":{"type":"object","properties":{"path":{"type":"string","format":"A JSON path, with template variables.","description":"A JSON path which resolves to a value in the operation\n"},"op":{"type":"string","format":"equals|==|equalsIgnoreCase|matches|regex|=~|empty|contains|@>\n","description":"The comparison operator used to compare the operation value\nto the conditions values.\n"},"values":{"description":"The value or values to compare with the operation value.\nCan be either a single value, or an array. If an\narray, each of the items in the array is compared to\nthe operation value, and if any match, the condition is\nmet. In other words, the items are logically OR'd.\n"}}}},"includeDescendantAccounts":{"type":"boolean","description":"When this is false, only the resources in the principal's account can be accessed if the policy allows it.\nWhen this is true, the resources the principal's account as well as all child accounts associated with the\nprincipal's account, can be accessed if the policy allows it.\nFor example, sub-domains will be included while listing domains when this parameter is true.\n"}}}]},"PolicyAttachment":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"policy":{"type":"string","format":"uri"},"principalSelector":{"type":"object","format":"an subset of the internal JWT body"},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"allow":{"type":"boolean"},"jurisdiction":{"type":"string","format":"account uri"}}}]},"AuthorizationRequest":{"type":"object","properties":{"operations":{"type":"array","items":{"type":"object","properties":{"action":{"type":"string","format":"string with wildcards"},"resource":{"type":"string","format":"URI or URI mask with wildcards"}}}}},"example":{"operations":[{"action":"*","resource":"ncryptify:gemalto:admin:apps:*"}]}},"AuthorizationResponse":{"type":"object","properties":{"allowed":{"type":"string","format":"yes, no, or maybe"},"operations":{"type":"array","items":{"type":"object","properties":{"action":{"type":"string"},"resource":{"type":"string"},"allowed":{"type":"string","format":"yes, no, or maybe"},"includeDescendantAccounts":{"type":"boolean","description":"When this is false, only the resources in the principal's account can be accessed if the policy allows it.\nWhen this is true, the resources the principal's account as well as all child accounts associated with the\nprincipal's account, can be accessed if the policy allows it.\nFor example, this parameter should be set to true in order to include sub-domains while listing domains.\n"},"details":{"type":"object","description":"A map. The keys are the jurisdictions (account URIs) involved in the request. The\nvalue is an object describing the details of the verdict in that jurisdiction.\n","additionalProperties":{"type":"object","properties":{"jurisdiction":{"type":"string","format":"account URI"},"allowed":{"type":"string","format":"yes, no, or maybe"},"allowingPolicies":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"policy":{"type":"string","format":"uri"},"principalSelector":{"type":"object","format":"an subset of the internal JWT body"},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"allow":{"type":"boolean"},"jurisdiction":{"type":"string","format":"account uri"}}}]}},"denyingPolicies":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"policy":{"type":"string","format":"uri"},"principalSelector":{"type":"object","format":"an subset of the internal JWT body"},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"allow":{"type":"boolean"},"jurisdiction":{"type":"string","format":"account uri"}}}]}}}}}}}}},"example":{"allowed":"maybe","operations":[{"action":"*","resource":"ncryptify:gemalto:admin:apps:ncryptify","allowed":"maybe","details":{"asdf-gxO:pers-apitestuser:admin:accounts:pers-apitestuser":{"jurisdiction":"asdf-gxO:pers-apitestuser:admin:accounts:pers-apitestuser","allowed":"maybe","allowingPolicies":{"id":"91b7a91f-ba22-45ce-985b-18fb9932f561","uri":"dev-portal:pers-testingsupport:admin:policy-attachments:91b7a91f-ba22-45ce-985b-18fb9932f561","account":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2015-09-23T02:45:43.980289Z","policy":"dev-portal:pers-testingsupport:admin:policies:mypolicy-yhg","jurisdiction":"dev-portal:pers-testingsupport:admin:accounts:pers-testingsupport","principalSelector":{"acct":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","user":"dev-portal:pers-github-107825:admin:users:apitestuser"},"name":"All","resources":["*"],"actions":["read"],"allow":true,"effect":"allow"},"denyingPolicies":{"id":"91b7a91f-ba22-45ce-985b-18fb9932f561","uri":"dev-portal:pers-testingsupport:admin:policy-attachments:91b7a91f-ba22-45ce-985b-18fb9932f561","account":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2015-09-23T02:45:43.980289Z","policy":"dev-portal:pers-testingsupport:admin:policies:mypolicy-yhg","jurisdiction":"dev-portal:pers-testingsupport:admin:accounts:pers-testingsupport","principalSelector":{"acct":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","user":"dev-portal:pers-github-107825:admin:users:apitestuser"},"name":"All","resources":["*"],"actions":["read"],"allow":false,"effect":"deny"}}}}]}},"PrivatePostRecord":{"properties":{"message":{"type":"string","description":"The audit message wished to be recorded."},"service":{"type":"string","description":"The service category for the record, typically `anon`, `keys`, ..."},"success":{"type":"boolean","description":"To indicate an event's outcome; true if the event completed or the action was permitted, false if the event errored or the action was denied. Optional, defaults to true."},"details":{"type":"object","description":"Any additional information to include the record. Optional."}},"example":{"message":"the quick fox","service":"admin","success":true,"username":"admin","severity":"info","clientIP":"10.164.76.56","source":"KS_SJ_node1","details":{"color":"red"}}},"Record":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"message":{"type":"string","description":"The audit message wished to be recorded."},"service":{"type":"string","description":"The service category for the record, typically `anon`, `keys`, ..."},"requestId":{"type":"string","description":"The unique identifier for tracing a request through the services."},"success":{"type":"boolean","description":"To indicate an event's outcome; true if the event completed or the action was permitted, false if the event errored or the action was denied."},"username":{"type":"string","description":"indicates the kylo user by who the operation/event is done , username is retrived from the JWT"},"severity":{"type":"string","description":"this severity field in records as per standard guidelines, critical,warning, error , info"},"clientIP":{"type":"string","description":"indicates the real clientIP which triggered the event"},"source":{"type":"string","description":"indicates the CipherTrust Manager server name"},"details":{"type":"object","description":"Additional data included in the record."},"principal":{"type":"object","description":"The claims in the authentication token related to the request."}}}]},"ClientRecord":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"event":{"type":"string","description":"The audit message wished to be recorded on the client."},"client_type":{"type":"string","description":"The type of client, typically `CTE`, ..."},"severity":{"type":"string","description":"the severity field in client records as per standard guidelines eg:critical, warning, error, info"},"client":{"type":"string","description":"indicates the real identifier of the client which triggered the event. It can be the Id, name or hostname of the client"},"details":{"type":"object","description":"Additional data included in the client record."},"time_stamp":{"type":"string","description":"the time stamp when the event occured on the client"}}}]},"AlarmConfigResource":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"allOf":[{"properties":{"severity":{"type":"string","enum":["critical","error","warning","info"],"description":"Alarm severity level"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of this config. This value will also be used as the name property of the generated alarms."},"source_type":{"type":"string","description":"The source type to trigger an alarm from. Defaults to \"server_record\"","enum":["server_record","client_record"]},"description":{"type":"string","description":"The description of this config which will also be used as the `description` property of the generated alarms when it is set.\nIf it not set, `message` property of the `records` will be used as alarms `description`.\n"},"condition":{"type":"string","description":"The condition is a set of assertions that must evaluate to true\nin order to generate an alarm. It is defined using\n[Open Policy Agent's query language Rego](https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/)\nwhich let's you compose complex rules to evaluate against an\naudit record.\n\nNote: all record properties must be prefixed with `input`\n(e.g. `input.success` or `input.details.size`) because a record\nis the input document in OPA's document model.\n\nExample: generate an alarm when a weak RSA key is created. (All double quotes and newlines must be escaped when inserted as a JSON string.)\n\n```\ninput.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024\n```\n"},"threshold":{"type":"integer","description":"The threshold is an integer value which defines the limit for raising alarm by observing the number of records fetched in given time interval.\nIf it is not set then the default value will be 0 and it will not be used for raising alarm.\n"},"interval":{"type":"integer","description":"The interval is an integer value which defines the time interval in seconds and it is used for raising alarms if a threshold hits within this time interval.\n"}}}]}]},"AlarmConfig":{"allOf":[{"properties":{"severity":{"type":"string","enum":["critical","error","warning","info"],"description":"Alarm severity level"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of this config. This value will also be used as the name property of the generated alarms."},"source_type":{"type":"string","description":"The source type to trigger an alarm from. Defaults to \"server_record\"","enum":["server_record","client_record"]},"description":{"type":"string","description":"The description of this config which will also be used as the `description` property of the generated alarms when it is set.\nIf it not set, `message` property of the `records` will be used as alarms `description`.\n"},"condition":{"type":"string","description":"The condition is a set of assertions that must evaluate to true\nin order to generate an alarm. It is defined using\n[Open Policy Agent's query language Rego](https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/)\nwhich let's you compose complex rules to evaluate against an\naudit record.\n\nNote: all record properties must be prefixed with `input`\n(e.g. `input.success` or `input.details.size`) because a record\nis the input document in OPA's document model.\n\nExample: generate an alarm when a weak RSA key is created. (All double quotes and newlines must be escaped when inserted as a JSON string.)\n\n```\ninput.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024\n```\n"},"threshold":{"type":"integer","description":"The threshold is an integer value which defines the limit for raising alarm by observing the number of records fetched in given time interval.\nIf it is not set then the default value will be 0 and it will not be used for raising alarm.\n"},"interval":{"type":"integer","description":"The interval is an integer value which defines the time interval in seconds and it is used for raising alarms if a threshold hits within this time interval.\n"}}}]},"GroupmapCreateInput":{"description":"Parameters needed to create a mapping between a connection group and a local CipherTrust Manager group","type":"object","title":"Create Groupmap","required":["connection_name","connection_group_name","group_name"],"properties":{"connection_name":{"type":"string","description":"Connection name. This must be an existing connection."},"connection_group_name":{"type":"string","description":"Group within the connection. This attribute replaces the deprecated `ldap_group_name` attribute."},"group_name":{"type":"string","description":"Local CipherTrust Manager group name. This must be an existing group."}}},"GroupmapUpdateInput":{"description":"Parameters needed to update a mapping between a connection group and a local CipherTrust Manager group","type":"object","title":"Update Groupmap","required":["group_name"],"properties":{"group_name":{"type":"string","description":"Local CipherTrust Manager group name. This must be an existing group."}}},"Groupmap":{"description":"A mapping between a connection group and a local CipherTrust Manager group","type":"object","title":"Groupmap","required":["connection_name","connection_group_name","group_name"],"properties":{"connection_name":{"type":"string","description":"Connection name. This must be an existing connection."},"connection_group_name":{"type":"string","description":"Group within the connection. This attribute replaces the deprecated `ldap_group_name` attribute."},"group_name":{"type":"string","description":"Local CipherTrust Manager group name. This must be an existing group."},"id":{"type":"string","description":"A unique ID associated with the mapping between the connection group and local CipherTrust Manager group."},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was last updated"}},"example":{"connection_name":"ldap_connection","connection_group_name":"ldap_group_name","group_name":"key_secure_group_name","id":"76fddd1e-7a44-417d-9d34-58254c5a96ed","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}},"Node":{"description":"A cluster node object. Represents a single node instance in the cluster.","type":"object","properties":{"nodeID":{"type":"string","description":"Unique identifier of the node.","readOnly":true},"status":{"type":"object","title":"Node status","description":"The status of the node in the cluster","properties":{"code":{"type":"string","description":"Status code of the node in the cluster","readOnly":true},"description":{"type":"string","description":"Descriptive status name of the node in the cluster","readOnly":true}}},"host":{"type":"string","description":"The hostname or IP of the node","readOnly":true},"port":{"type":"integer","description":"The port of the node, typically 5432.","readOnly":true},"isThisNode":{"type":"boolean","description":"When true, this objects represents the current node resource that was called.","readOnly":true},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or the public IP address of the node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"},"nodeName":{"type":"string","description":"Friendly name of a cluster node."},"nodeType":{"type":"string","description":"The type of node. Valid values are 'rw' and 'gateway'.","enum":["rw","gateway"]}},"example":{"nodeID":"f7f8706c-cd9c-4e7d-abe9-6c3a734d1e60","status":{"code":"r","description":"ready"},"host":"keysecure_node1","port":5432,"isThisNode":true,"publicAddress":"node1.example.com","nodeName":"NARegionServer"}},"ClusterError":{"description":"Returns a cluster errors of a node.","type":"object","properties":{"errorMessage":{"type":"string","description":"Returns error of the node.","readOnly":true},"errorTime":{"type":"string","format":"date-time","description":"Return the error time of the node.","readOnly":true}}},"Error":{"description":"Returns a list of all the cluster errors.","type":"object","properties":{"nodeID":{"type":"string","description":"Unique identifier of the node.","readOnly":true},"isThisNode":{"type":"boolean","description":"When true, this objects represents the current node resource that was called.","readOnly":true},"clusterErrors":{"type":"array","items":{"description":"Returns a cluster errors of a node.","type":"object","properties":{"errorMessage":{"type":"string","description":"Returns error of the node.","readOnly":true},"errorTime":{"type":"string","format":"date-time","description":"Return the error time of the node.","readOnly":true}}}}},"example":{"isThisNode":false,"nodeID":"553b2dfdee5a43a59c946e8b6301ee7d","clusterErrors":{"errorMessage":"could not connect to the postgresql server in replication mode: timeout expired\n","errorTime":"2023-11-23T06:57:09.068131Z"}}},"ClusterSummary":{"description":"Returns a list of all the cluster nodes summary with cluster errors.","type":"object","properties":{"node_id":{"type":"object","description":"Unique identifier of the node.","properties":{"summary":{"type":"string","description":"Human readable summary of the node.","readOnly":true},"nodeInfo":{"description":"A cluster node object. Represents a single node instance in the cluster.","type":"object","properties":{"nodeID":{"type":"string","description":"Unique identifier of the node.","readOnly":true},"status":{"type":"object","title":"Node status","description":"The status of the node in the cluster","properties":{"code":{"type":"string","description":"Status code of the node in the cluster","readOnly":true},"description":{"type":"string","description":"Descriptive status name of the node in the cluster","readOnly":true}}},"host":{"type":"string","description":"The hostname or IP of the node","readOnly":true},"port":{"type":"integer","description":"The port of the node, typically 5432.","readOnly":true},"isThisNode":{"type":"boolean","description":"When true, this objects represents the current node resource that was called.","readOnly":true},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or the public IP address of the node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"},"nodeName":{"type":"string","description":"Friendly name of a cluster node."},"nodeType":{"type":"string","description":"The type of node. Valid values are 'rw' and 'gateway'.","enum":["rw","gateway"]}},"example":{"nodeID":"f7f8706c-cd9c-4e7d-abe9-6c3a734d1e60","status":{"code":"r","description":"ready"},"host":"keysecure_node1","port":5432,"isThisNode":true,"publicAddress":"node1.example.com","nodeName":"NARegionServer"}},"clusterErrors":{"type":"array","items":{"description":"Returns a cluster errors of a node.","type":"object","properties":{"errorMessage":{"type":"string","description":"Returns error of the node.","readOnly":true},"errorTime":{"type":"string","format":"date-time","description":"Return the error time of the node.","readOnly":true}}}}}}}},"MigrationsPost":{"properties":{"password":{"type":"string","description":"This field is used only while migrating KeySecure Classic backup files, and is mandatory for those files.\nIt specifies the password needed to decrypt the KeySecure Classic backup file.\n"},"usersType":{"type":"string","description":"This field is used only while migrating KeySecure Classic backup files, and is mandatory for those files.\nIt specifies the type of user accounts being migrated - local or ldap.\n"},"ldapConnectionName":{"type":"string","description":"This optional field is used only while migrating KeySecure Classic backup files.\nIt specifies the name for the LDAP connection being migrated.\nIt is required only if usersType is set to 'ldap'.\n"},"privateKey":{"type":"string","description":"It specifies the name or id of the CM key.\nIt is required only for the cckm product.\n"},"domains":{"type":"array","items":{"type":"string"},"description":"This optional field is used only while migrating DSM backup files.\nIt can be used to specify an array of domains.\nAll the domains are migrated if this is left empty.\n"},"containers":{"type":"array","items":{"type":"string"},"description":"This optional field is used only while migrating DSM backup files.\nIt can be used to specify an array of containers.\n"},"groupName":{"type":"string","description":"This optional field is used only while migrating DSM backup files.\nIt can be used to specify the name of a key-sharing group.\nThis group is created in all the domains that are migrated.\nThe keys in the migrated domains will be accessible to all the members of this group.\n"},"autoCTEGroups":{"type":"boolean","description":"This optional parameter used only while migrating DSM backup files.\nIt can be used to control how CTE keys get migrated.\nOn the DSM, if a key has the \"Source\" field set to \"From DSM\" or an\nempty string, and this flag is set to true, the key is migrated so that\nit is fully accessible to members of the \"CTE Clients\" group.\n"},"migrateCCKMSourceKeys":{"type":"boolean","description":"This optional parameter used only while migrating CCKM Enterprise Keys.\nIf this flag is set to true, the key created in DSM from CCKM enterprise\nwill be migrated to CipherTrust Manager.\n"},"migrateOnlyCCKMSourceKeys":{"type":"boolean","description":"This optional parameter used only while migrating DSM source keys created in CCKM Enterprise.\nIf this flag is set to true, the key created in DSM from CCKM enterprise\nwill be migrated to CipherTrust Manager.\n"},"migrateCloudKeysWithExternalCm":{"type":"boolean","description":"This optional parameter used only while migrating cloud keys created in CCKM Enterprise.\nIf this flag is set to true, the cloud key created in CCKM enterprise\nwill be migrated to CipherTrust Manager if DSM source keys migration done.\n"},"migrateDsmKeysToExternalCmFromCm":{"x-feature":"FF_CCKM_DSM_EXTERNALCM_MIGRATION","type":"boolean","description":"This optional parameter used only while migrating source keys from DSM to External CipherTrust Manager when the cloud keys from CCKM Enterprise are already migrated to CipherTrust Manager.\nIf this flag is set to true, the source keys from DSM to External CipherTrust Manager will be migrated.\n"},"updateCloudKeysWithExternalCMKeys":{"x-feature":"FF_CCKM_DSM_EXTERNALCM_MIGRATION","type":"boolean","description":"This is an optional parameter. Use this flag to update linking of cloud keys with DSM as keysource to External CM.\nIf this flag is set to true, The source keys of the cloud keys will be updated with the corresponding migrated External CipherTrust Manager key.\n"},"externalCMDomainID":{"x-feature":"FF_CCKM_DKE_EXTERNALCM_MIGRATION","type":"string","description":"This is an optional parameter & is only used while migrating CCKM DKE Keys.\nIt is used to provide the domain which belongs the external CM, where the keys are to be migrated."},"externalCMConnection":{"x-feature":"FF_CCKM_DKE_EXTERNALCM_MIGRATION","type":"string","description":"This is an optional parameter & is only used while migrating CCKM DKE Keys.\nIt is used to provide the connection of the external CM from which the keys are to be migrated."},"migrateDKESourceKeys":{"x-feature":"FF_CCKM_DKE_EXTERNALCM_MIGRATION","type":"boolean","description":"This is an optional parameter & is only used while migrating CCKM DKE Keys.\nIt is used to execute CCKM DKE Keys migration."},"keyOwners":{"type":"object","description":"This optional parameter is a JSON object used only while migrating data from DSM to the CipherTrust Manager.\nThis parameter contains the key-value pairs. \nThe key corresponds to the domain in the DSM backup and the value is the user id of an existing user in the root domain of the CipherTrust Manager. \nAfter migration, this value (user id) will be assigned to the corresponding new domain and will be the owner of all keys in that domain.\nIf no key owner is provided during migration, then the default owner will be the migration user.\nFor example: {domain1 : local|f224bced-800b-4103-9d94-5e5a6034706f}\nHere domain1 is the domain name which will be migrated from the DSM and local|f224bced-800b-4103-9d94-5e5a6034706f\nis the id of the user created on the CipherTrust Manager.\n"}},"example":{"password":"a133cdfe","usersType":"ldap","privateKey":"12a9758f","ldapConnectionName":"someldapconnection","domains":["domain1","domain2"],"containers":["container1","container2"],"groupName":"key-sharing-group","autoCTEGroups":true,"migrateCCKMSourceKeys":true,"migrateOnlyCCKMSourceKeys":true,"migrateCloudKeysWithExternalCm":true,"migrateDsmKeysToExternalCmFromCm":true,"updateCloudKeysWithExternalCMKeys":true,"migrateMicrosoftDkeKeys":true,"externalCMDomainID":"f224bced-800b-4103-9d94-5e5a6034706f","externalCMConnection":"someexternalcm-connection","keyOwners":{"domain1":"local|f224bced-800b-4103-9d94-5e5a6034706f","domain2":"local|x524afec-500e-2568-9d58-5r7a6032586j"}}},"BackupFilter":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\"{{FF_BACKUP_RESTORE_CF|, \"customer_fragments\"}} and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nIf multiple parameters of 'vault/query-keys' are provided then the result will be AND of all.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": \"{\"info\":{\"color\":\"red\"}}}\"`.{{FF_INDIVIDUAL_KEY_SELECTION_NAMES| To backup specific keys using names, use {\"names\":[\"key1\", \"key2\"]}.}}\n{{FF_INDIVIDUAL_KEY_SELECTION_IDS| To backup specific keys using ids, use {\"ids\":[\"a0aac0a14dcc4651abd3dae6bb8e6f9496af0\", \"89aac2314dcc4651abd3dae6bb8e6f9496a96\"]}.}}\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n\n{{FF_BACKUP_RESTORE_CF|For Customer fragments, valid `resourceQuery` parameter values are 'ids' and 'names' of Customer fragments. To backup specific customer fragments using ids, use {\"ids\":[\"370c4373-2675-4aa1-8cc7-07a9f95a5861\", \"4e1b9dec-2e38-40d7-b4d6-244043200546\"]}. To backup specific customer fragments using names, use {\"names\":[\"customerFragment1\", \"customerFragment2\"]}.}}\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"BackupFilterKeys":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to browse/restore. Valid values are \"Keys\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nIf multiple parameters of 'vault/query-keys' are provided then the result will be AND of all.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": \"{\"info\":{\"color\":\"red\"}}}\"`.{{FF_INDIVIDUAL_KEY_SELECTION_NAMES| To backup specific keys using names, use {\"names\":[\"key1\", \"key2\"]}.}}\n{{FF_INDIVIDUAL_KEY_SELECTION_IDS| To backup specific keys using ids, use {\"ids\":[\"a0aac0a14dcc4651abd3dae6bb8e6f9496af0\", \"89aac2314dcc4651abd3dae6bb8e6f9496a96\"]}.}}\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"scp_backup_request_params":{"type":"object","allOf":[{"type":"object","required":["host","username","auth_method","path_to"],"properties":{"host":{"type":"string","description":"Hostname or FQDN of remote machine used for SCP/SFTP operation."},"port":{"type":"integer","description":"Port where SCP/SFTP service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP/SFTP server."},"auth_method":{"type":"string","description":"Authentication type for SCP/SFTP. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP/SFTP. Example \"/home/ubuntu/datafolder/\""},"protocol":{"type":"string","description":"Use 'sftp' or 'scp'. 'sftp' is the default value."}}},{"type":"object","description":"Sensitive parameters specific to a SCP/SFTP connection.","required":["public_key"],"properties":{"password":{"type":"string","description":"Password for SCP/SFTP server."},"public_key":{"type":"string","description":"Public key for SCP/SFTP. It will be used to verify the host's identity by verifying key fingerprint. It can be retrieved from \"/etc/ssh/\" of remote host machine."}}}]},"scp_backup_params":{"type":"object","required":["host","username","auth_method","path_to"],"properties":{"host":{"type":"string","description":"Hostname or FQDN of remote machine used for SCP/SFTP operation."},"port":{"type":"integer","description":"Port where SCP/SFTP service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP/SFTP server."},"auth_method":{"type":"string","description":"Authentication type for SCP/SFTP. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP/SFTP. Example \"/home/ubuntu/datafolder/\""},"protocol":{"type":"string","description":"Use 'sftp' or 'scp'. 'sftp' is the default value."}}},"scp_backup_credentials":{"type":"object","description":"Sensitive parameters specific to a SCP/SFTP connection.","required":["public_key"],"properties":{"password":{"type":"string","description":"Password for SCP/SFTP server."},"public_key":{"type":"string","description":"Public key for SCP/SFTP. It will be used to verify the host's identity by verifying key fingerprint. It can be retrieved from \"/etc/ssh/\" of remote host machine."}}},"MigrationsDownload":{"properties":{"userName":{"type":"string","description":"This specifies the userName for the cckm enterprise.\n"},"password":{"type":"string","description":"This specifies the password for the cckm enterprise.\n"},"ip":{"type":"string","description":"This is the IP of cckm enterprise.\n"},"certificate":{"type":"string","description":"This specifies the certificate for the cckm enterprise.\n"},"publicKey":{"type":"string","description":"ID of the CipherTrust Manager key to be used for encrypting migration data.\n"},"publicKeyMaterial":{"type":"string","description":"Public key generated from External CipherTrust Manager to encrypt migration data.\n"},"downloadDsmExternalCmMigrationData":{"type":"boolean","description":"Should be true when downloading migration data for the migration of source keys from DSM to External CipherTrust Manager when the cloud keys from CCKM Enterprise are already migrated to CipherTrust Manager.\n"}},"example":{"ip":"127.0.0.1","userName":"cckm-username","password":"cckm-password","certificate":"cckm-certificate","publicKey":"key-id","publicKeyMaterial":"-----BEGIN PUBLIC KEY-----MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDXrrAQO1aKDRY9-----END PUBLIC KEY-----","downloadDsmExternalCmMigrationData":true}},"MigrationsEmbeddedDownload":{"required":["publicKey"],"properties":{"publicKey":{"type":"string","description":"ID of the CipherTrust Manager key to be used for encrypting migration data.\n"},"KeySource":{"type":"string","description":"Specifies the key source. Default key source is `dsm`. \n","enum":["dsm","cm"]},"KeyType":{"type":"string","description":"Specifies the key type. For DKE KeyType, `cm` as a KeySource should be provided.\n","enum":["dke"]}},"example":{"publicKey":"key-id","keySource":"dsm"}},"backupkeys":{"properties":{"scope":{"type":"string","description":"Scope of the backup key - system or domain\n"},"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource\n"},"account":{"type":"string","format":"URI","description":"The account which owns this resource\n"},"version":{"type":"string","description":"The version of the key\n"},"createdAt":{"type":"string","format":"date-time","description":"Date/time the key was created\n"},"state":{"type":"string","description":"Usability of the key - active or inactive\n"},"isDefault":{"type":"boolean","description":"Is default key of the system; The default backup key cannot be deleted\n"}}},"PostLicense":{"type":"object","required":["license"],"properties":{"license":{"type":"string","description":"License string."},"bind_type":{"type":"string","description":"Binding type for this license. Can be either 'instance' or 'cluster'.\nIf omitted, then CM attempts to bind the license to the cluster. If this step fails with a lock code error,\nit will attempt to bind to the instance.\n"}},"example":{"license":"16 Virtual_KeySecure Ni LONG NORMAL STANDALONE EXCL 5_KEYS INFINITE_KEYS 16 JUN 2017 0 0 16 JUN 2017 19 0 NiL SLM_CODE CL_ND_LCK NiL *16QLW6DGSG8JSRX400 NiL NiL NiL 5_MINS NiL 0 JuuF6Bf5XnSmUEKsRB1D3SKZ:vwndBx1Bvj:EaN,Clf2G5moq,efLcwePrXzXd4tfDvYjtu4LTQwzvhHGwl:LvfV##AID=0d8b304a-435d-4436-82f2-db8994773438"}},"Licenses":{"description":"Licenses object","type":"object","properties":{"id":{"type":"string","description":"ID of the license"},"hash":{"type":"string","description":"Hash of the license"},"type":{"type":"string","description":"License type - Normal or Trial"},"state":{"type":"string","description":"State of the license - active or inactive"},"start":{"type":"string","format":"date","description":"Start date/time of the license"},"expiration":{"type":"string","format":"date","description":"End date/time of the license or \"no expiration\" if it never\nexpires. Please note that the expiration is different from trial\nseconds remaining. For trial licenses only trial seconds remaining\nshould be used and for other licenses expiration should be used.\n"},"feature":{"type":"string","description":"Feature name associated with this license"},"version":{"type":"string","description":"Version of the feature"},"license_count":{"type":"integer","description":"Number of licenses"},"trial_seconds_remaining":{"type":"string","description":"For trial licenses only, the number of seconds until the trial duration ends"},"bind_type":{"type":"string","description":"License bind type, 'instance' or 'cluster'"}}},"Features":{"description":"Features object","type":"object","properties":{"name":{"type":"string","description":"Feature name"},"version":{"type":"string","description":"Version of the feature"},"status":{"type":"string","description":"Status of the feature - active or inactive"},"details":{"type":"string","description":"Additional details provided when the feature is inactive (optional)"},"license_count":{"type":"integer","description":"Number of licenses"},"expiration":{"type":"string","format":"date","description":"End date/time of the license or \"no expiration\" if it never\nexpires. Please note that the expiration is different from trial\nseconds remaining. For trial licenses only trial seconds remaining\nshould be used and for other licenses expiration should be used.\n"},"trial_seconds_remaining":{"type":"string","description":"For trial licenses only, the number of seconds until the trial duration ends"},"bind_type":{"type":"string","description":"License bind type, 'instance' or 'cluster'"},"total_usage_count":{"type":"number","description":"Total count of used licenses"},"domains_usage":{"type":"array","description":"Array of domains for licenses usage","items":{"type":"object","properties":{"domain_id":{"type":"string","description":"Domain id"},"name":{"type":"string","description":"Domain name"},"parent_domain_id":{"type":"string","description":"Parent domain id"},"usage_count":{"type":"number","description":"Licenses usage"}}}}}},"AbbreviatedTrial":{"description":"Trial object","type":"object","properties":{"name":{"type":"string","description":"Trial name"},"id":{"type":"string","description":"Unique identifier for resource"},"description":{"type":"string","description":"Trial description"},"status":{"type":"string","description":"Current status of the trial, can be \"available\", \"activated\", or \"deactivated\"","enum":["available","activated","deactivated"]},"activated_at":{"type":"string","format":"date-time","description":"Time the trial was activated, omitted if it has never been activated"},"deactivated_at":{"type":"string","format":"date-time","description":"Time the trial was deactivated, omitted if it has never been deactivated"}}},"Trial":{"allOf":[{"description":"Trial object","type":"object","properties":{"name":{"type":"string","description":"Trial name"},"id":{"type":"string","description":"Unique identifier for resource"},"description":{"type":"string","description":"Trial description"},"status":{"type":"string","description":"Current status of the trial, can be \"available\", \"activated\", or \"deactivated\"","enum":["available","activated","deactivated"]},"activated_at":{"type":"string","format":"date-time","description":"Time the trial was activated, omitted if it has never been activated"},"deactivated_at":{"type":"string","format":"date-time","description":"Time the trial was deactivated, omitted if it has never been deactivated"}}},{"type":"object","properties":{"features":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"Sentinel RMS feature name"},"friendly_name":{"type":"string","description":"Display friendly name"},"product":{"type":"string","description":"Product name this feature belongs to"},"bind_type":{"type":"string","description":"License bind type, either 'instance' or 'cluster'"}}}}}}]},"PostLink":{"properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. Required for Create.","enum":["privateKey","publicKey","certificate","derivationBaseObject","derivedKey","replacementObject","replacedObject","parent","child","previous","next","pkcs12Password","pkcs12Certificate"]},"source":{"type":"string","description":"The source resource of a link. Provide ID, URI or Name of a cryptographic resource. Required for Create."},"target":{"type":"string","description":"The target resource of a link. Provide ID, URI or Name of a cryptographic resource. Required for Create."}},"example":{"type":"next","source":"key1","target":"key2"}},"ExternalCA":{"type":"object"},"ping":{"type":"object","title":"Test the reachability of a host","required":["destination"],"properties":{"destination":{"type":"string","description":"Hostname, domain name or IP Address"},"ipv4":{"type":"boolean","description":"use IPv4 only. Cannot be used with ipv6"},"ipv6":{"type":"boolean","description":"use IPv6 only. Cannot be used with ipv4"},"interface":{"type":"string","description":"Network interface to use. Refer List network interfaces api for available interfaces"},"count":{"type":"integer","description":"Number of packets to send"},"timeout_secs":{"type":"integer","description":"Number of seconds to wait for response"}},"example":{"destination":"www.google.com","count":1,"timeout_secs":2}},"traceroute":{"type":"object","title":"Trace the possible routes and measure delays that an IP packet takes to its destination","required":["destination"],"properties":{"destination":{"type":"string","description":"Hostname, domain name or IP Address"},"port":{"type":"integer","description":"The destination port to use"},"ipv4":{"type":"boolean","description":"use IPv4 only. Cannot be used with ipv6"},"ipv6":{"type":"boolean","description":"use IPv6 only. Cannot be used with ipv4"},"interface":{"type":"string","description":"Network interface to use. Refer List network interfaces api for available interfaces."},"tcp":{"type":"boolean","description":"Use TCP SYN for tracerouting"},"udp":{"type":"boolean","description":"Use UDP to particular port for tracerouting"},"sendwait":{"type":"integer","description":"Minimum time interval between probes"},"max_ttl":{"type":"integer","description":"The max number of hops"},"first_ttl":{"type":"integer","description":"Start from the first_ttl hop"},"nqueries":{"type":"integer","description":"The number of probes per each hop"}},"example":{"destination":"www.google.com","max_ttl":5}},"checkport":{"type":"object","title":"Connect if a specific TCP port is open or not on the specified remote host","required":["destination","port"],"properties":{"destination":{"type":"string","description":"Hostname, domain name or IP Address"},"interface":{"type":"string","description":"Network interface to use. Refer List network interfaces api for available interfaces."},"ipv4":{"type":"boolean","description":"use IPv4 only. Cannot be used with ipv6"},"ipv6":{"type":"boolean","description":"use IPv6 only. Cannot be used with ipv4"},"port":{"type":"integer","description":"Port number"},"timeout_secs":{"type":"integer","description":"Number of seconds to wait for the response"}},"example":{"destination":"www.google.com","port":80,"timeout_secs":2}},"interface":{"type":"object","title":"Interface","required":["name"],"properties":{"name":{"type":"string","description":"The network interface name, e.g. \"ens3\"."},"force_gateway":{"type":"boolean","description":"Force system default gateway update, i.e. overwrite system default gateway when this device is brought up. By default a network interface will only set the system default gateway if is not already set. This feature can be used to force a specific network interface to be used for outgoing traffic initiated from the machine itself.\n\ntrue to enable, false to disable, and absent to use the existing\nvalue.\n"},"inet":{"description":"IPv4 specific settings.","type":"object","title":"inet","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in dot-decimal notation (e.g. 255.255.255.0). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"inet6":{"description":"IPv6 specific settings.","type":"object","title":"inet6","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* auto - obtain all settings via stateless autoconfiguration\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in bits (e.g. 64). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"bond":{"description":"Bond specific settings.","type":"object","title":"bond","properties":{"options":{"type":"string","description":"Read only. Bond configuration's 'options' field. See https://developer.gnome.org/NetworkManager/stable/nmcli.html table 11. Only applies to the interface that bonded other interfaces."},"master":{"type":"string","description":"Read only. The name of the network interface that bonded this interface."}}}},"example":{"name":"ens3","inet":{"method":"static","ip":"192.168.1.2","netmask":"255.255.255.0","gateway":"192.168.1.0","dns":["8.8.8.8","8.8.4.4"]}}},"inet":{"type":"object","title":"inet","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in dot-decimal notation (e.g. 255.255.255.0). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"inet6":{"type":"object","title":"inet6","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* auto - obtain all settings via stateless autoconfiguration\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in bits (e.g. 64). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"bond":{"type":"object","title":"bond","properties":{"options":{"type":"string","description":"Read only. Bond configuration's 'options' field. See https://developer.gnome.org/NetworkManager/stable/nmcli.html table 11. Only applies to the interface that bonded other interfaces."},"master":{"type":"string","description":"Read only. The name of the network interface that bonded this interface."}}},"kek":{"type":"object","description":"Custom name of the Master KEK","properties":{"name":{"type":"string","description":"Custom name of the Master KEK."}}},"mkek_info":{"type":"object","properties":{"id":{"type":"string","description":"Mkek ID."},"name":{"type":"string","description":"Secret Name"},"is_default":{"type":"boolean","description":"If this is the default Mkek"},"created_at":{"type":"string","format":"date-time","description":"Creation time of the Master KEK"},"sealer_name":{"type":"string","description":"name of the sealer"},"kek_name":{"type":"string","description":"Name of the secret i.e. KEK."}}},"lookup_request":{"type":"object","title":"Query the mapping between domain name and IP address or other dns records","required":["target"],"properties":{"target":{"type":"string","description":"An IP address or host name to lookup.\nThe IP address can be an IPv4 or IPv6 address.\n"}},"example":{"target":"1.1.1.1"}},"lookup_response":{"type":"object","properties":{"hosts":{"type":"array","description":"List of host names mapping to the supplied IP address, or,\nlist of IP addresses mapping to the host name.\n","items":{"type":"string"}}}},"metrics_config":{"type":"object","description":"Status of metrics collection","properties":{"enabled":{"type":"boolean","description":"This determines whether Prometheus metrics collection is enabled (true) or disabled (false).\n"},"token":{"type":"string","description":"This token can be used by the Prometheus client to get metrics from the CM.\n"}}},"rotkey_info":{"type":"object","properties":{"id":{"type":"string","description":"Root of trust key ID."},"created_at":{"type":"string","format":"date-time","description":"Creation time of the root of trust key."},"is_active_key":{"type":"boolean","description":"Specifies whether this root of trust key is the active key."}}},"rotkey_id":{"type":"object","properties":{"id":{"type":"string","description":"Root of trust key ID."}}},"client":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on the CipherTrust Manager.","type":"string"},"client_certificate":{"description":"Client certificate issued by the CipherTrust Manager.","type":"string"}}}]},"unified-client-view":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"user friendly name of client"},"connector":{"type":"string","description":"the type of connector in use (CTE, KMIP, ProtectAppJCE)"},"connector_version":{"type":"string","description":"the version of connector in use by the client"},"os_version":{"type":"string","description":"the operating system used by the client"},"hostname":{"type":"string","description":"the hostname of client"},"status":{"type":"string","description":"indicates whether the client is registered with Ciphertrust Manager or not (Valid values are Registered or Unregistered)"}}}]},"clientprofile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name of the client profile."},"allowOffline":{"type":"boolean","description":"Enable/disable the offline mode. The default value is 'false'."},"offlineTimeout":{"type":"integer","description":"Duration of the offline mode in days. The default value is '7' days."},"logLevel":{"type":"string","description":"Log level configuration for the ProtectFile client logs.\nValues can be `ERROR`, `WARN`, `INFO`, `DEBUG`, `NONE`. ERROR will log only\nerrors, WARN will log errors and warnings and so on.\n`NONE` will disable logging. The default log level is `WARN`.\n"},"syslogEnabled":{"type":"boolean","description":"Enable/disable log upload to the Syslog server. The default value is 'false'."},"syslogServerIp":{"type":"string","description":"IP address of the Syslog server."},"syslogServerPort":{"type":"integer","description":"Port of the Syslog server."},"syslogProtocol":{"type":"string","description":"Protocol of the Syslog server."},"syslogFacility":{"type":"string","description":"Name of the Syslog server facility."},"allowSuAccess":{"type":"boolean","description":"Allow/disallow \"root\" to impersonate as other users. The default value is 'false'."},"clusterHostList":{"type":"string","description":"Semi-colon separated list of hostname or IP of the all the cluster nodes."},"clusterPort":{"type":"integer","description":"Port number on which all nodes in the cluster will run. The default value is '443'."},"allowSuException":{"type":"string","description":"Semi-colon separated list of users to be prevented from gaining access rights of a different user through su."},"clientPollingIntervalMin":{"type":"integer","description":"Minimum value in sec(s) for client poll interval. The lowest possible value is 60 sec(s) and default value is 180 secs(s)"},"clientPollingIntervalMax":{"type":"integer","description":"Maximum value in sec(s) for client poll interval. The default value is 360 secs(s)"},"fingerPrintCheck":{"type":"boolean","description":"Require a fingerprint check for all programs that are specified in an \"access policy\". The default value is 'false'."}}}]},"rule":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"path":{"description":"Path of the directory or file where to protect. Paths to encrypt or decrypt are referred to as \"encryption paths\" in this document.","type":"string"},"name":{"description":"Optional name for the rule. If name is not provided, a name of the form \"Rule-XXXX\" is automatically generated, where XXXX is a random string 27 characters.","type":"string"},"includeExtensions":{"description":"File extensions (Semi-colon separated list) on which the rule will be applied. This tag is applicable to \"encrypt data\" policies only.","type":"string"},"excludeExtensions":{"description":"File extensions (Semi-colon separated list) on which the rule will not be applied. This tag is applicable to \"encrypt data\" policies only.","type":"string"},"isDirectory":{"description":"Whether the path is a directory.","type":"boolean"},"isRecursive":{"description":"Whether the rule will be applied recursively if path is a directory.","type":"boolean"},"ignoreDirectory":{"description":"(Applicable to Linux clients) Comma-separated list of directories to ignore during encryption.","type":"string"},"encryptData":{"description":"Whether to encrypt data or perform access checks only (no encryption). \"true\" for encryption, \"false\" for no encryption.","type":"boolean"}}}]},"accesspolicy":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"access":{"type":"string","description":"Access type to be granted for user/group/process."},"name":{"type":"string","description":"Optional name for the access policy. If name is not provided, a name of the form \"AccessPolicy-XXXX\" is automatically generated, where XXXX is a random string 19 characters."},"username":{"type":"string","description":"Name of the user for which the policy will be created."},"groupname":{"type":"string","description":"Name of the group for which the policy will be created."},"processname":{"type":"string","description":"Name of the process for which the policy will be created."},"type":{"type":"string","description":"Entity type against which the access check will be performed."}}}]},"accesspolicygroup":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name for the access policy group."},"osType":{"type":"string","description":"Applicable operating system."},"encryptData":{"type":"boolean","description":"Whether the access policy group provides access control only (no encryption). \"false\" for access control only, \"true\" for encryption.\nIf set to \"false\" only access control will be enforced, data will not be encrypted.\n"},"defaultAccess":{"type":"string","description":"Default access permission for the access policy group. This access will be granted if an entity's access request does not match any access policy in the access policy group."}}}]},"accesspolicygroupassociation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"accessPolicyGroupId":{"type":"string","description":"Unique identifier of an access policy group."},"accessPolicyId":{"type":"string","description":"Unique identifier of an access policy."},"type":{"type":"string","description":"Type of the access policy."},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL. Access policy group association will provide additional record for default access.\n"}}}]},"clientruleassociation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"parentId":{"description":"Unique identifier of the ProtectFile client.","type":"string"},"ruleId":{"description":"Unique identifier of the rule.","type":"string"},"ruleSeqNumber":{"description":"Rule sequence number","type":"integer"},"ruleOperation":{"description":"Operation getting performed on the rule.","type":"string"},"ruleState":{"description":"Current state of the rule.","type":"string"},"ruleFailed":{"description":"Whether the operation on rule has failed.","type":"string"},"keyName":{"description":"Name of the key to encrypt data.","type":"string"},"keyVersion":{"description":"Version of keyName.","type":"integer"},"oldKeyName":{"description":"Name of the old key used for encryption. This key will be replaced by a new key to perform key rotation.","type":"string"},"oldKeyVersion":{"description":"Version of oldKeyName.","type":"integer"},"keyRotationType":{"description":"Type of key rotation - shallow or deep.","type":"string"},"accessPolicyGroup":{"description":"Name of the access policy group.","type":"string"},"ruleType":{"description":"Type of the rule - Local, Network, Cluster.","type":"string"},"driveGUID":{"description":"Drive GUID mapped to path on ProtectFile client.","type":"string"}}}]},"protectfileconfig":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"caid":{"description":"ID of the trusted Certificate Authority that will be used to sign client certificate during bootstrap process.","type":"string"}}}]},"share":{"type":"object","description":"A share asociated with the split key.","required":["material"],"properties":{"name":{"type":"string","description":"Unique name of share."},"material":{"type":"string","description":"Share's key material."}}},"clientshareassociation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"clientId":{"description":"Unique identifier of the ProtectFile client.","type":"string"},"shareId":{"description":"Unique identifier of the share.","type":"string"}}}]},"cluster":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name of ProtectFile Cluster.","type":"string"},"windowsClusterName":{"description":"Unique Name identifying the Windows cluster. This name is attached to service. For linux cluster, this value is empty.","type":"string"},"encryptorClient":{"description":"Name of the client responsible for migration. Valid only for Linux cluster. For Windows, this value is set to 'None'.","type":"string"},"clusterOsType":{"description":"Operating system type (`windows' or `linux`) of attached clients.","type":"string"}}}]},"clusterclientassociation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"clusterId":{"description":"Unique identifier of the ProtectFile cluster. This value is the yugo `ID`.","type":"string"},"clientId":{"description":"Unique identifier of the client. This value is the yugo `ID`.","type":"string"},"clusterName":{"description":"Name of cluster corresponding to clusterId.","type":"string"},"clientName":{"description":"Name of client corresponding to clientId.","type":"string"}}}]},"ProtectApp-Profiles":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"nae_iface_name":{"type":"string","description":"Nae interface mapped with profile."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles.\nproperties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]},"profiles":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of the profile resource.","type":"string"},"management_service_logger":{"description":"Logger configurations for the management service.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"policy_evaluation_logger":{"description":"Logger configurations for policy evaluation.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"security_admin_logger":{"description":"Logger configurations for security administrators.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"system_admin_logger":{"description":"Logger configurations for the System administrator.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"file_settings":{"description":"File settings for the profile.","type":"object","items":{"type":"object","properties":{"allow_purge":{"description":"Allow purge(true or false (boolean)). By default, it is enabled.","type":"boolean"},"max_old_files":{"description":"Maximum number of old files allowed. The valid range is from 1 to 100, with a default value of 25.","type":"integer"},"max_file_size":{"description":"Maximum file size(bytes) 1,000 - 1,000,000,000 (1KB to 1GB).","type":"integer"},"file_threshold":{"description":"Applicable file threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"syslog_settings":{"description":"Parameters to configure the Syslog server.","type":"object","items":{"type":"object","properties":{"local":{"description":"Whether the Syslog server is local.","type":"boolean"},"syslog_threshold":{"description":"Applicable threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"servers":{"description":"Configuration of the Syslog server.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the Syslog server.","type":"string"},"protocol":{"description":"Protocol of the Syslog server, TCP, UDP and TLS.","type":"string"},"message_format":{"description":"Format of the message on the Syslog server. Valid values are:\n-\tCEF\n-\tLEEF\n-\tRFC5424\n-\tPLAIN\n","type":"string"},"port":{"description":"Port for Syslog server. Valid values are 1 to 65535.\n","type":"integer"},"caCertificate":{"type":"string","description":"CA certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"}}}}}}}},"upload_settings":{"description":"Configure log upload settings.","type":"object","items":{"type":"object","properties":{"url":{"description":"URL value.","type":"string"},"min_interval":{"description":"Minimum interval value. Valid values are 1 to 30.","type":"integer"},"max_interval":{"description":"Maximum interval value. Valid values are 1 to 120.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. Valid values are 100 to 10000.","type":"integer"},"connection_timeout":{"description":"Connection timeout value. Valid value are from 1 to 60.","type":"integer"},"job_completion_timeout":{"description":"Job completion timeout value. Valid values are 1 to 900.","type":"integer"},"drop_if_busy":{"description":"Whether to drop the log upload if the server is busy.","type":"boolean"},"upload_threshold":{"description":"Threshold to upload logs to the URL. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"duplicate_settings":{"description":"Duplicate setting parameters.","type":"object","items":{"type":"object","properties":{"suppress_threshold":{"description":"Suppress threshold. Valid values are 1 to 100.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Valid values are 1 to 1000.","type":"integer"}}}},"cache_settings":{"description":"Cache settings for the server.","type":"object","items":{"type":"object","properties":{"max_space":{"description":"Max Space. Valid values are 1-100 MB.","type":"integer"},"max_files":{"description":"Maximum number of files. Valid values are 1-200.","type":"integer"}}}},"ldt_qos_rekey_option":{"description":"Rekey option and applicable options are RekeyRate and CPU.","type":"string"},"ldt_qos_rekey_rate":{"description":"Rekey rate in terms of MB/s. Valid values are 0 to 32767.","type":"integer"},"ldt_qos_cpu_percent":{"description":"CPU application percentage if ldt_qos_cap_cpu_allocation is true. Valid values are 0 to 100.","type":"integer"},"ldt_qos_cap_cpu_allocation":{"description":"Whether to allow CPU allocation for Quality of Service (QoS) capabilities.","type":"boolean"},"ldt_qos_status_check_rate":{"description":"Frequency to check and update the LDT status on the CipherTrust Manager. The valid value ranges from 600 to 86400 seconds. The default value is 3600 seconds.","type":"integer"},"concise_logging":{"description":"Wheather to allow concise logging.","type":"boolean"},"connect_timeout":{"description":"Connect timeout in seconds. Valid values are 5 to 150.","type":"integer"},"ldt_qos_schedule":{"description":"Type of QoS schedule. Valid values are:\n-\tCUSTOM\n-\tCUSTOM_WITH_OVERWRITE\n-\tANY_TIME\n-\tWEEKNIGHTS\n-\tWEEKENDS\n","type":"string"},"qos_schedules":{"description":"Schedule of QoS capabilities.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"start_weekday":{"description":"QoS start day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"start_time_hour":{"description":"QOS start hour. Valid values are 1 to 23.","type":"integer"},"start_time_min":{"description":"QOS start minute. Valid values are 0 to 59.","type":"integer"},"end_weekday":{"description":"QoS end day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"end_time_hour":{"description":"QoS end hour. Valid values are 0 to 23.","type":"integer"},"end_time_min":{"description":"QoS end minute. Valid values are 0 to 59.","type":"integer"}}}}},"server_settings":{"x-feature":"FF_CTE_CLUSTER_SERVER_SETTINGS","description":"Server configuration of all the Cluster nodes.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"hostName":{"description":"Host name of the cluster node.","type":"string"},"priority":{"description":"Priority of the cluster node. Valid values are 1 to 100.","type":"integer"}}}}},"oidc_connection_id":{"description":"ID of the OIDC connection.","type":"string"},"oidc_connection_name":{"description":"Name of the OIDC connection.","type":"string"},"mfa_exempt_user_set_id":{"description":"ID of the user set to be exempted from Multi-Factor Authentication (MFA). MFA will not be enforced on the users of this set.","type":"string"},"mfa_exempt_user_set_name":{"description":"Name of the user set to be exempted from MFA. MFA will not be enforced on the users of this set.","type":"string"},"attestation_frequency":{"description":"Frequency in hours to represents how often attestation needs to be performed. Valid values are 1 to 720. Default value of attestation frequency is 1 hour. Attestation frequency should be less than 24 hours or align to full-day intervals (e.g., 24 hours, 48 hours).","type":"integer"},"re_attestation_enable":{"description":"Whether to enable/disable reattestation of client","type":"boolean"},"reattestation_failure_retry_duration":{"description":"Duration in minutes to retry attestation after failed reattestation attempt. Default value of retry duration is 10 minutes. Retry interval should not be more than attestation frequency.","type":"integer"},"reattestation_failure_retries":{"description":"Number of retry attempts allowed after re-attestation failure. Valid values are 3 to 10. Default value of retry attempts is 3.","type":"integer"},"ransomware_alarm":{"description":"Enables CM to generate Alarms for ransomware activities on agents associated with client profile.","type":"boolean"},"csi_auto_cleanup_enable":{"x-feature":"FF_CTE_CSI_CLUSTER_ID_SUPPORT","description":"Enables CM to support automatic cleanup of nodes and release licenses during a Kubernetes Solution upgrade (Kubernetes version upgrade, Kubernetes node image upgrade, CTE-CSI solution upgrade).","type":"boolean"}}}]},"loggerparams":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}},"filesettings":{"type":"object","properties":{"allow_purge":{"description":"Allow purge(true or false (boolean)). By default, it is enabled.","type":"boolean"},"max_old_files":{"description":"Maximum number of old files allowed. The valid range is from 1 to 100, with a default value of 25.","type":"integer"},"max_file_size":{"description":"Maximum file size(bytes) 1,000 - 1,000,000,000 (1KB to 1GB).","type":"integer"},"file_threshold":{"description":"Applicable file threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}},"syslogsettings":{"type":"object","properties":{"local":{"description":"Whether the Syslog server is local.","type":"boolean"},"syslog_threshold":{"description":"Applicable threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"servers":{"description":"Configuration of the Syslog server.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the Syslog server.","type":"string"},"protocol":{"description":"Protocol of the Syslog server, TCP, UDP and TLS.","type":"string"},"message_format":{"description":"Format of the message on the Syslog server. Valid values are:\n-\tCEF\n-\tLEEF\n-\tRFC5424\n-\tPLAIN\n","type":"string"},"port":{"description":"Port for Syslog server. Valid values are 1 to 65535.\n","type":"integer"},"caCertificate":{"type":"string","description":"CA certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"}}}}}}},"servers":{"type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the Syslog server.","type":"string"},"protocol":{"description":"Protocol of the Syslog server, TCP, UDP and TLS.","type":"string"},"message_format":{"description":"Format of the message on the Syslog server. Valid values are:\n-\tCEF\n-\tLEEF\n-\tRFC5424\n-\tPLAIN\n","type":"string"},"port":{"description":"Port for Syslog server. Valid values are 1 to 65535.\n","type":"integer"},"caCertificate":{"type":"string","description":"CA certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"}}}},"uploadsettings":{"type":"object","properties":{"url":{"description":"URL value.","type":"string"},"min_interval":{"description":"Minimum interval value. Valid values are 1 to 30.","type":"integer"},"max_interval":{"description":"Maximum interval value. Valid values are 1 to 120.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. Valid values are 100 to 10000.","type":"integer"},"connection_timeout":{"description":"Connection timeout value. Valid value are from 1 to 60.","type":"integer"},"job_completion_timeout":{"description":"Job completion timeout value. Valid values are 1 to 900.","type":"integer"},"drop_if_busy":{"description":"Whether to drop the log upload if the server is busy.","type":"boolean"},"upload_threshold":{"description":"Threshold to upload logs to the URL. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}},"duplicatesettings":{"type":"object","properties":{"suppress_threshold":{"description":"Suppress threshold. Valid values are 1 to 100.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Valid values are 1 to 1000.","type":"integer"}}},"cachesettings":{"type":"object","properties":{"max_space":{"description":"Max Space. Valid values are 1-100 MB.","type":"integer"},"max_files":{"description":"Maximum number of files. Valid values are 1-200.","type":"integer"}}},"qosschedules":{"type":"array","items":{"type":"object","properties":{"start_weekday":{"description":"QoS start day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"start_time_hour":{"description":"QOS start hour. Valid values are 1 to 23.","type":"integer"},"start_time_min":{"description":"QOS start minute. Valid values are 0 to 59.","type":"integer"},"end_weekday":{"description":"QoS end day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"end_time_hour":{"description":"QoS end hour. Valid values are 0 to 23.","type":"integer"},"end_time_min":{"description":"QoS end minute. Valid values are 0 to 59.","type":"integer"}}}},"serversettings":{"type":"array","items":{"type":"object","properties":{"hostName":{"description":"Host name of the cluster node.","type":"string"},"priority":{"description":"Priority of the cluster node. Valid values are 1 to 100.","type":"integer"}}}},"endpointparams":{"type":"object","properties":{"name":{"description":"Name of the configuration.","type":"string"},"hostname":{"description":"Host name of the server. The valid values:\n-\tIP address\n-\tHostname\n-\tHostname_rfc1123\n-\tfqdn\n","type":"string"},"port":{"description":"Port of the server. Valid values are 0 to 65535.","type":"integer"},"schema":{"description":"Schema of the server, HTTP or HTTPS.","type":"string"},"path":{"description":"Path of the configuration.","type":"string"},"credentialsID":{"description":"ID of the server credentials.","type":"string"},"credentialsType":{"description":"Type of the server credentials, NO_AUTH, CERTIFICATE, and USER_PASSWORD.","type":"string"},"serverCertificate":{"description":"Certificate of the server.","type":"string"},"serverCertificateType":{"description":"Type of the server certificate. The valid values are:\n-\tKEYCERT\n-\tSPECIFIC_CA\n-\tSPECIFIC_CERT\n","type":"string"}}},"clientdeletemultistatus":{"allOf":[{"type":"object","properties":{"clients":{"description":"List of successfully deleted clients.","type":"array","items":{"type":"object","properties":{"client_id":{"description":"ID of deleted client.","type":"string"},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}},"failed_clients":{"description":"List of clients that failed to delete.","type":"array","items":{"type":"object","properties":{"client_id":{"description":"ID of deleted client.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}}}}]},"signatureset":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the signature set.","type":"string"},"type":{"description":"Type of the signature set.","type":"string"},"source_list":{"description":"Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.","type":"array","items":{"type":"string"}}}}]},"signature":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"signatureSet":{"description":"Signature set which owns the signatures.","type":"string"}}}]},"userset":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}}}}]},"usersetdeletemultistatus":{"allOf":[{"type":"object","properties":{"delete_success":{"description":"List of successfully deleted user.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted user.","type":"integer"},"status_code":{"description":"Status code for deleted user.","type":"integer"}}}},"delete_failed":{"description":"List of users which are failed to delete.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted user.","type":"integer"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code for deleted user.","type":"integer"}}}}}}]},"processset":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"signature":{"description":"Name of signature set.","type":"string"},"directory":{"description":"Name of directory of process","type":"string"},"file":{"description":"Name of process.","type":"string"}}}}}}}]},"processsetdeletemultistatus":{"allOf":[{"type":"object","properties":{"delete_success":{"description":"List of successfully deleted process.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted process.","type":"integer"},"status_code":{"description":"Status code for deleted process.","type":"integer"}}}},"delete_failed":{"description":"List of processes which are failed to delete.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted process.","type":"integer"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code for deleted process.","type":"integer"}}}}}}]},"processes":{"type":"array","items":{"type":"object","properties":{"signature":{"description":"Name of signature set.","type":"string"},"directory":{"description":"Name of directory of process","type":"string"},"file":{"description":"Name of process.","type":"string"}}}},"resourceset":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]},"resourcesetdeletemultistatus":{"allOf":[{"type":"object","properties":{"delete_success":{"description":"List of successfully deleted resource.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted resource.","type":"integer"},"status_code":{"description":"Status code for deleted resource.","type":"integer"}}}},"delete_failed":{"description":"List of resources which are failed to delete.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted resource.","type":"integer"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code for deleted resource.","type":"integer"}}}}}}]},"policy":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. The valid values are “Standard”, “LDT”, “Cloud_Object_Storage\"{{FF_CTE_CSI|, and \"CSI\"}}.","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"},"never_deny":{"description":"Flag to always permit operations in policy. By default it is disabled, enabled on learn mode activation","type":"boolean"},"policy_key_version":{"description":"Version of the policy key.","type":"string"},"never_deny_enabled_at":{"description":"Timestamp when learn mode was enabled.","type":"string"}}}]},"securityrule":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy","type":"string"},"effect":{"description":"Effects applicable to the rule. Separate multiple effects by commas. The valid values are:\n-\tpermit\n-\tdeny\n-\taudit\n-\tapplykey\n","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set aligned with this policy.","type":"string"},"exclude_user_set":{"description":"Flag to exclude the specified user set.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set aligned with this policy.","type":"string"},"exclude_resource_set":{"description":"Flag to exclude the specified resource set.","type":"boolean"},"process_set_id":{"description":"ID of the process set aligned with this policy.","type":"string"},"exclude_process_set":{"description":"Flag to exclude the specified process set.","type":"boolean"},"partial_match":{"description":"Flag to allow partial match operations. By default enabled.","type":"boolean"},"order_number":{"description":"Precedence order of this rule in the parent policy","type":"integer"}}}]},"signaturerulemultistatus":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"success_signature_rules":{"description":"List of successful signature sets added to the Signature rule","type":"array","items":{"type":"object","title":"Resource","properties":{"id":{"type":"string","description":"UUID of Signature Rule."},"uri":{"type":"string","description":"A human readable unique identifier of the resource."},"account":{"type":"string","description":"The account which owns this resource."},"createdAt":{"type":"string","description":"Date/time the application was created."},"updatedAt":{"type":"string","description":"Date/time the application was updated."},"policy_id":{"type":"string","description":"UUID of Policy."},"signature_set_id":{"type":"string","description":"UUID of Signature Set."},"signature_set_name":{"type":"string","description":"Name of Signature Set."}}}},"failed_signature_rules":{"type":"array","description":"Failed to create signature-rule with signature-set with the reason for failure provided in a Key-Value pair with signature-set-identifier, error and status code.\nIt shall be nil in case all clients get successfully associated\n","format":"JSON"}}}]},"signaturerule":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"id":{"type":"string","description":"UUID of Signature Rule."},"uri":{"type":"string","description":"A human readable unique identifier of the resource."},"account":{"type":"string","description":"The account which owns this resource."},"createdAt":{"type":"string","description":"Date/time the application was created."},"updatedAt":{"type":"string","description":"Date/time the application was updated."},"policy_id":{"type":"string","description":"UUID of Policy."},"signature_set_id":{"type":"string","description":"UUID of Signature Set."},"signature_set_name":{"type":"string","description":"Name of Signature Set."}}}]},"guardpoint":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE, or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"}}}]},"guardpointscreatemultistatus":{"allOf":[{"type":"object","properties":{"guardpoints":{"description":"List of successfully created GuardPoints.","type":"array","items":{"type":"object","properties":{"guardpoint":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]}},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}},"failed_guard_points":{"description":"List of guard_points which are failed to create.","type":"array","items":{"type":"object","properties":{"guard_path":{"description":"path of guard_point.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Failed status code for guard_point.","type":"integer"}}}}}}]},"guardpointsunguardmultistatus":{"allOf":[{"type":"object","properties":{"guardpoints":{"description":"List of successfully processed guard_points.","type":"array","items":{"type":"object","properties":{"guard_point_id":{"description":"ID of guard_point.","type":"string"},"guard_path":{"description":"Path of guard_point.","type":"string"},"status_code":{"description":"Status code for success.","type":"integer"}}}},"failed_guard_points":{"description":"List of failed guard_points","type":"array","items":{"type":"object","properties":{"guard_point_id":{"description":"ID of guard_point.","type":"string"},"guard_path":{"description":"Path of guard_point.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Failed status code for guard_point.","type":"integer"}}}}}}]},"keyrule":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"key_id":{"description":"ID of the key to link with the rule.","type":"string"},"new_key_rule":{"description":"Whether this rule uses the key for transformation purposes.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}]},"guardpointstatus":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client on which GuardPoint is applied.","type":"string"},"client_name":{"description":"Name of CTE client on which GuardPoint is applied.","type":"string"},"guard_point_id":{"description":"UUID for the Guard Point.","type":"string"},"policy_id":{"description":"UUID for the Policy","type":"string"},"policy_name":{"description":"Policy name.","type":"string"},"attrs":{"description":"Attributes of guard point status","type":"string","format":"JSON"}}}]},"policyauditrecords":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"ID of the policy.","type":"string"},"policy_version":{"description":"Version number of policy.","type":"string"},"performed_by":{"description":"User who has performed operation on policy.","type":"string"},"performed_on":{"description":"Identifier of resource on which action was performed e.g. if Security Rule as created `kylo:kylo:henry:securityrule:1ae9c191-3187-43bb-902d-b17a899bcbf5`.","type":"string"},"action":{"description":"This field will provide information of what action was performed e.g. `Security Rule Created`.","type":"string"}}}]},"ldtkeyrule":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"is_exclusion_rule":{"description":"Flag to specify if it is exclusion rule.","type":"boolean"},"current_key":{"description":"Properties of the current key.","type":"object","items":{"type":"object","title":"CurrentKey","properties":{"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"current_key":{"description":"Properties of the current key.","type":"object","title":"CurrentKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}},"transformation_key":{"description":"Properties of the transformation key.","type":"object","title":"TransformationKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}}}}}}}]},"longpollrequestatus":{"allOf":[{"type":"object","properties":{"status":{"description":"Initial status of LongPoll request.","type":"string"},"reference_id":{"description":"Reference ID where response will be posted.","type":"integer"},"reason":{"description":"Reason of failure.","type":"string"}}}]},"LDTGroupCommService":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of LDTGroupCommService`.","type":"string"}}}]},"LDTGroupCommServiceClientAssociationMultStatus":{"allOf":[{"type":"object","properties":{"association_response":{"description":"List of successful Client-LDTGroupCommService Association","type":"array","items":{"type":"object","title":"Resource","properties":{"ldt_group_comm_service_id":{"type":"string","description":"UUID of CTE LDTGroupCommService."},"client_id":{"type":"string","description":"UUID of CTE Client."},"ldt_group_comm_service_name":{"type":"string","description":"Name of CTE LDTGroupCommService."},"client_name":{"type":"string","description":"Name of CTE Client."}}}},"num_failed_association":{"type":"integer","description":"Number of clients failed to get associated. It shall be 0 in case all clients get successfully associated"},"failed_associations":{"type":"string","description":"Failed client with the reason for failure provided in a Key-Value pair where key is Client-Identifier and value is the failure reason along with return code.\nIt shall be nil in case all clients get successfully associated\n","format":"JSON"}}}]},"ctepermissions":{"allOf":[{"type":"object","properties":{"cte_permissions":{"description":"List of CTE Permissions.","type":"array","items":{"type":"object","properties":{"type":{"description":"CTE Resource type.","type":"string"},"permissions":{"description":"List of CTE Permissions avaialble for resource type.","type":"array"}}}}}}]},"dps":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"ldt_comm_group_service_id":{"description":"ID of the LDT communication group associated with the CTE clients using the Designated Primary Set.","type":"string"},"primary_client_id_list":{"description":"List of comma-separated IDs of primary clients.","type":"string"},"primary_client_name_list":{"description":"List of comma-separated names of primary clients.","type":"string"}}}]},"fampolicy":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"This indicates the type of policy, with FAM being the sole supported policy type.","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"}}}]},"famrule":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the FAM Policy","type":"string"},"effect":{"description":"Effects applicable to the rule is audit","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set aligned with this policy.","type":"string"},"exclude_user_set":{"description":"Flag to exclude the specified user set.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set aligned with this policy.","type":"string"},"exclude_resource_set":{"description":"Flag to exclude the specified resource set.","type":"boolean"},"process_set_id":{"description":"ID of the process set aligned with this policy.","type":"string"},"exclude_process_set":{"description":"Flag to exclude the specified process set.","type":"boolean"},"partial_match":{"description":"Flag to allow partial match operations. By default enabled.","type":"boolean"},"order_number":{"description":"Precedence order of this rule in the parent policy","type":"integer"}}}]},"clientfampolicyassociation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"type":"string","description":"UUID of CTE Client."},"client_name":{"type":"string","description":"Name of CTE Client."},"policy_id":{"type":"string","description":"UUID of FAM Policy."},"policy_name":{"type":"string","description":"Name of FAM Policy."},"order_number":{"type":"integer","description":"Precedence order of FAM policy association."}}}]},"clientfampolicyssociationmultstatus":{"allOf":[{"type":"object","properties":{"association_response":{"description":"List of successful Client-FAM Policy Association","type":"array","items":{"type":"object","title":"Resource","properties":{"client_id":{"type":"string","description":"UUID of CTE Client."},"client_name":{"type":"string","description":"Name of CTE Client."},"policy_id":{"type":"string","description":"UUID of FAM Policy."},"policy_name":{"type":"string","description":"Name of FAM Policy."},"order_number":{"type":"string","description":"Precedence order of FAM policy association."}}}},"num_failed_association":{"type":"integer","description":"Number of policies failed to get associated. It shall be 0 in case all policies get successfully associated."},"failed_associations":{"type":"string","description":"Failed policies with the reason for failure provided in a Key-Value pair where key is Policy-Identifier and value is the failure reason along with return code.\nIt shall be nil in case all policies get successfully associated.\n","format":"JSON"}}}]},"famdestination":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name of the FAM destination.","type":"string"},"description":{"description":"Description of the destination resource.","type":"string"},"type":{"description":"Type of destination. Valid values are single and group.","type":"string"},"destination_address":{"description":"Address of destination.","type":"string"},"fqdn_suffix":{"description":"A fully qualified domain name (FQDN) for destination.","type":"string"},"mode":{"description":"Mode of destination. Valid values are TCP and TLS.","type":"string"},"server_ca_chain":{"description":"A certificate chain for server.","type":"string"},"port":{"description":"Port for destination. Valid values are 1 to 65535.","type":"integer"},"tls_verify":{"description":"Whether to enable/disable tls verify to validate the certificate. It can only be provided with TLS mode","type":"boolean"},"compress":{"description":"Whether to enable/disable compressing data","type":"boolean"}}}]},"famattribute":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"fam_destination_id":{"description":"ID of the FAM destination.\nProvide default uuid '00000000-0000-0000-0000-000000000000' to reset destination from attributes.\n","type":"string"},"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, it should always be set to SUPPRESS.","type":"string"},"suppress_threshold":{"description":"Suppress threshold.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Default value is 500.","type":"integer"},"min_interval":{"description":"Minimum interval value in seconds. The default value is 1 second.","type":"integer"},"max_interval":{"description":"Maximum interval value in seconds. The default value is 60 seconds.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. The default value is 1000.","type":"integer"},"max_file_size":{"description":"Limits the size of file in MB. The default parameter value is 100 MB.","type":"integer"},"connection_timeout":{"description":"Interval after which the connection attempt to the key manager expires. The default value is 59 seconds.","type":"integer"},"job_completion_timeout":{"description":"Interval after which the log upload attempt expires. The default period is 600 seconds.","type":"integer"},"max_space":{"description":"Max space for cache settings. The default value is 1GB","type":"integer"},"drop_if_busy":{"description":"The valid values are true and false. By default, the parameter is set as true.","type":"boolean"}}}]},"removefampolicyassnmultistatus":{"allOf":[{"type":"object","properties":{"policies":{"description":"List of successfully removed policies.","type":"array","items":{"type":"object","properties":{"policy_id":{"description":"ID or name of removed policy.","type":"string"},"status_code":{"description":"Status code for removed policy.","type":"integer"}}}},"failed_policy":{"description":"List of policies that failed to be removed.","type":"array","items":{"type":"object","properties":{"policy":{"description":"ID of policy.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code.","type":"integer"}}}}}}]},"clientgroup":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"cluster_type":{"description":"Cluster Type (NON-CLUSTER).","type":"string"},"description":{"description":"Descriptive string for ClientGroup","type":"string"},"client_locked":{"description":"Is FS Agent locked ?","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.\nWhen enabled, patches to the operating system of the client will fail due to the protection of these files.\n","type":"boolean"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Currently only `RESIGN` for re-signing client settings is available.","type":"string"},"enabled_capabilities":{"description":"Comma-separated agent capabilities that are enabled. Currently, only RESIGN can be enabled for re-signing client settings.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]},"clientgroupclientassociation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_group_id":{"type":"string","description":"UUID of CTE ClientGroup."},"client_id":{"type":"string","description":"UUID of CTE Client."},"client_group_name":{"type":"string","description":"Name of CTE ClientGroup."},"client_name":{"type":"integer","description":"Name of CTE Client."}}}]},"clientgroupclientassociationmultstatus":{"allOf":[{"type":"object","properties":{"association_response":{"description":"List of successful Client-ClientGroup Association","type":"array","items":{"type":"object","title":"Resource","properties":{"client_group_id":{"type":"string","description":"UUID of CTE ClientGroup."},"client_id":{"type":"string","description":"UUID of CTE Client."},"client_group_name":{"type":"string","description":"Name of CTE ClientGroup."},"client_name":{"type":"string","description":"Name of CTE Client."}}}},"num_failed_association":{"type":"integer","description":"Number of clients failed to get associated. It shall be 0 in case all clients get successfully associated"},"failed_associations":{"type":"string","description":"Failed client with the reason for failure provided in a Key-Value pair where key is Client-Identifier and value is the failure reason along with return code.\nIt shall be nil in case all clients get successfully associated\n","format":"JSON"}}}]},"idtkeyrule":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"current_key":{"description":"ID of the key currently linked with the rule.","type":"string"},"transformation_key":{"description":"ID of the transformation key to link with the rule.","type":"string"}}}]},"clienthealthreport":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of Operation System. Ex. RHEL, Windows 7","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED or UNREGISTERED","type":"string"},"total_gp":{"description":"Number of GuardPoint on client.","type":"integer"},"enabled_gp":{"description":"Number of enabled GuardPoint on client.","type":"integer"},"client_group_name":{"x-feature":"FF_CTE_REPORT_CG_ASSN","description":"Name of the client group client is part of.","type":"string"}}}]},"clientkeysreport":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"keys_name":{"description":"Name of configured Key.","type":"string"}}}]},"clientprofilesreport":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]},"policieskeysreport":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"policy_name":{"description":"Name of CTE Policy.","type":"string"},"policy_type":{"description":"HostName or IP Address of Client.","type":"string"},"keys_name":{"description":"Name of configured Key.","type":"string"}}}]},"clientpoliciesreport":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"policy_name":{"description":"Name of CTE Policy.","type":"string"},"policy_type":{"description":"HostName or IP Address of Client.","type":"string"}}}]},"guardpointsreport":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"policy_name":{"description":"Name of CTE Policy.","type":"string"},"guard_point_type":{"description":"Type of the GuardPoint, that is, directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"}}}]},"clientguardstatusreport":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"policy_name":{"description":"Name of CTE Policy.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"guard_point_state":{"description":"Current state of GuardPoint e.g. UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"rekey_status":{"description":"Status of the rekey operation at CTE.","type":"string"},"est_rekey_time":{"description":"Estimated Rekey time in Day:Hour:Min.","type":"string"},"rekey_start_time":{"description":"Rekey start time.","type":"string"},"rekey_end_time":{"description":"Rekey end time.","type":"string"},"total_file":{"description":"Total files to be Transformed.","type":"integer"},"file_rekeyed":{"description":"Total files Transformed.","type":"integer"},"file_deleted":{"description":"Total Number of Files Deleted.","type":"integer"},"file_skipped":{"description":"Total files skipped.","type":"integer"},"total_size":{"description":"Total bytes to be Transformed.","type":"integer"},"byte_rekeyed":{"description":"Total bytes Transformed.","type":"integer"}}}]},"challengeresponse":{"allOf":[{"type":"object","properties":{"challenge_response":{"description":"When the CipherTrust Manager is unreachable from a protected client, the data stored in GuardPoints on the client cannot be accessed without the challenge-response.","type":"object","items":{"type":"object","properties":{"response_part1":{"description":"challenge response part 1.","type":"string"},"response_part2":{"description":"challenge response part 2.","type":"string"},"response_part3":{"description":"challenge response part 3.","type":"string"},"response_part4":{"description":"challenge response part 4.","type":"string"}}}}}}]},"csistoragegroup":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"k8s_namespace":{"description":"k8s_namespace name.","type":"string"},"k8s_storage_class":{"description":"k8s_storage_class name.","type":"string"},"description":{"description":"Description of CSI Storage Group.","type":"string"},"client_profile_id":{"description":"Client Profile ID of CSI Storage Group.","type":"string"},"client_profile_name":{"description":"Client Profile Name of CSI Storage Group.","type":"string"}}}]},"storagegroupclientassociation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"storage_group_id":{"type":"string","description":"UUID of CTE Storage Group."},"client_id":{"type":"string","description":"UUID of CTE Client."},"storage_group_name":{"type":"string","description":"Name of CTE Storage Group."},"client_name":{"type":"integer","description":"Name of CTE Client."}}}]},"Database":{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}},"CView":{"type":"object","title":"CreateView","required":["alias","table","viewSqlOnly"],"properties":{"alias":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"table":{"type":"string","description":"Name of the table on which views and trigger are to be created."},"schema":{"type":"string","description":"The owner/schema name who owns the table if its other then used in connection."},"newtable":{"type":"string","description":"Name of the new table that holds the encrypted data. The default value is tablename_new."},"view":{"type":"string","description":"User specified view name. It is recommnded to use the default value which is same as the name of the table."},"insTrigger":{"type":"string","description":"Name of the insert trigger. The default trigger is tablename_ins_trig."},"updTrigger":{"type":"string","description":"Name of the updated trigger. The default value is tablename_upd_trig."},"viewSqlOnly":{"type":"boolean","description":"Specify true if you just want to see the queries that will be performed."}},"example":{"alias":"mydbname","table":"myTable","schema":"","newtable":"","view":"","insTrigger":"","updTrigger":"","viewSqlOnly":true}},"CDomainIndex":{"type":"object","title":"CreateDomainIndex","required":["table","column","viewSqlOnly"],"properties":{"table":{"type":"string","description":"Name of the table on which domain Index is to be created."},"schema":{"type":"string","description":"Owner/schema of the table."},"column":{"type":"string","description":"Column name on which domain index is needed."},"indexName":{"type":"string","description":"Name of the index."},"dIXName":{"type":"string","description":"Name of the domain index."},"userspace":{"type":"string","description":"Userspace used for domain index."},"viewSqlOnly":{"type":"boolean","description":"Specify true if you just want to see the queries that will be performed."}},"example":{"table":"myTable","schema":"","column":"","indexName":"","dIXName":"","userspace":"","viewSqlOnly":true}},"Table":{"type":"object","title":"Table","properties":{"tableName":{"type":"string","description":"Name of the table."}},"example":{"tableName":"CUSTOMERS"}},"Column":{"type":"object","title":"Column","required":["encType","colName","key","algorithm","mode","ivType","errorType"],"properties":{"encType":{"type":"string","description":"Type of the encryption. Allowed types are Standard and FPE."},"colName":{"type":"string","description":"Name of the column to be encrypted."},"algorithm":{"type":"string","description":"Algorithm to encrypt column. Allowed algorithms are AES (128, 192 or 256) and FPE."},"key":{"type":"string","description":"Name of the key used to encrypt column."},"mode":{"type":"string","description":"The mode in which the encryption is to be peformed. Allowed modes are ECB and CBC.\nIt is recommended to use ECB mode for stronger encryption.\n"},"ivType":{"type":"string","description":"Initialization vector used for column encryption."},"fpeFormat":{"type":"string","description":"Select if encryption is to be performed on well formatted data without affecting its format post encryption.\nAllowed formats are:
— FIRST_SIX
— FIRST_SIX_LAST_FOUR
—FIRST_TWO_LAST_FOUR
—LAST_FOUR\n"},"tweakAlgo":{"type":"string","description":"(Optional)Tweak algotithm to be used. Possible values are:
— SHA1
— SHA256
— None(default)\n"},"tweakData":{"type":"string","description":"Required when tweak algorithm is used.\n"},"errorType":{"type":"string","description":"Replacement value type ,`None`,`ErrorReplacementValue`, `NullValue`, `EncryptedValue`."},"errorRepValue":{"type":"string","description":"Replacement value to be used as error."}}},"PatchUser":{"type":"object","title":"PatchUser","required":["dbUser"],"properties":{"dbUser":{"type":"string","description":"Database user to be mapped to NAE user."},"naeUser":{"type":"string","description":"NAE user with whom database user is to be mapped."},"naePassword":{"type":"string","description":"Password for NAE user."}}},"GetAuth":{"type":"object","title":"GetAuth","required":["database_user","database_password"],"properties":{"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."}},"example":{"database_user":"admin","database_password":"asdf1234"}},"Jobs":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"operation":{"type":"string","readOnly":true,"description":"Type of operation to configure. Possible values are \"Key Rotation\", \"Database Backup\", \"CCKM Synchronization\" and \"CCKM XKS Credential Rotation\"."},"job_config_id":{"type":"string","description":"Associated job configuration id."},"job_config_name":{"type":"string","description":"Associated job configuration name."},"start_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes active. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"end_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes inactive. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"status":{"type":"string","description":"Gives the status of job (scheduled, in_progress, failed, completed, aborted)\n","enum":["scheduled","in_progress","failed","completed","aborted"]},"key_rotation_params":{"type":"object","description":"Key rotation operation specific arguments. The\n\"key_rotation_params\" and \"database_backup_params\" fields are mutually exclusive (cannot be set simultaneously).\n","title":"Key Rotation Parameters","properties":{"deactivate_replaced_key":{"type":"integer","description":"**Deprecated**: It is recommended to use \"replaced_key_state\" and \"change_state_after_time\" fields.\nIt is an optional integer that can be used to deactivate the keys that are replaced by the key rotation procedure.\nWhen \"deactivate_replaced_key\" is not specified, the state of the replaced key remains the same.\nThis field represents the time ( number of seconds >= 0) after which the replaced key is deactivated.\n"},"replaced_key_state":{"type":"string","description":"An optional string to set the state of the previous key version to \"Deactivated\" or \"ProtectStop\" after key rotation. \nThis parameter should only be used with the \"change_state_after_time\" parameter. \nAlso, ensure not to use \"replaced_key_state\" parameter when \"deactivate_replaced_key\" is used.\n"},"change_state_after_time":{"type":"integer","description":"Optional integer to be used with \"replaced_key_state\". \nIt is the time (number of seconds >= 0) after which the replaced key will change its state to the value defined in \"replaced_key_state\".\n"},"offset":{"type":"integer","description":"Specifies the offset time in seconds and is used to indicate the difference between the Creation Date and the\nActivation Date of the replacement key.\n- If no Offset is specified, the Activation Date,\nProcess Start Date, Protect Stop Date and Deactivation Date values are copied from the\nexisting key. \n- If Offset is set and dates exist for the existing key, then the dates of the\nreplacement key are set based on the dates of the existing key by adding the offset such that:\n- Activation Date (RK) = Creation Date (RK) + Offset\n- Deactivation Date (RK) = Deactivation Date (EK) + (Difference of Activation Date of RK - Activation Date of EK),\nwhere RK represents the Replacement Key and EK is the Existing Key.\n\nFor example, if a key is created at 2024-01-11T14:28:00 with an Activation Date specified as 2024-01-11T14:27:27. Now, if a request to replace this \nkey is sent after five minutes i.e. at 2024-01-11T14:33:26 with an offset set to 600 secs (~10 mins.), then the\nReplacement Key's Activation Date will be:\n14:33:26 + 00:10:00 = 2024-01-11T14:43:26.\n"},"query":{"type":"object","description":"Use this object to specify the keys that need to be rotated.\nAll keys are rotated when this object is not specified.\nThis object is the same as the one used for POST request to the /v1/vault/query-keys endpoint.\nRefer to the documentation in that endpoint for further details on formulating the query.\n"},"meta":{"type":"object","description":"Use this object to modify the metadata on a key that is replaced by the key rotation procedure.\nThis object should be a JSON serialized object. The metadata on the replaced key (which is\nalso a JSON object) is merged with this JSON object.\n"}}},"database_backup_params":{"x-feature":"FF_DATABASE_BACKUP","type":"object","description":"Database backup operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\" and \"database_backup_params\" fields are mutually exclusive (cannot be set simultaneously).\n","title":"Database Backup Parameters","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain."},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the system backup can only be restored to instances that use the same HSM partition. Valid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\"{{FF_BACKUP_RESTORE_CF|, \"customer_fragments\"}} and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nIf multiple parameters of 'vault/query-keys' are provided then the result will be AND of all.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": \"{\"info\":{\"color\":\"red\"}}}\"`.{{FF_INDIVIDUAL_KEY_SELECTION_NAMES| To backup specific keys using names, use {\"names\":[\"key1\", \"key2\"]}.}}\n{{FF_INDIVIDUAL_KEY_SELECTION_IDS| To backup specific keys using ids, use {\"ids\":[\"a0aac0a14dcc4651abd3dae6bb8e6f9496af0\", \"89aac2314dcc4651abd3dae6bb8e6f9496a96\"]}.}}\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n\n{{FF_BACKUP_RESTORE_CF|For Customer fragments, valid `resourceQuery` parameter values are 'ids' and 'names' of Customer fragments. To backup specific customer fragments using ids, use {\"ids\":[\"370c4373-2675-4aa1-8cc7-07a9f95a5861\", \"4e1b9dec-2e38-40d7-b4d6-244043200546\"]}. To backup specific customer fragments using names, use {\"names\":[\"customerFragment1\", \"customerFragment2\"]}.}}\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"retentionCount":{"type":"integer","description":"Number of backups saved for this job config. Default is an unlimited quantity."},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup, and is returned while retrieving the backup information, or while listing backups. Users may find it useful to store various types of information here: a backup name or description, ID of the HSM the backup is tied to, etc.\n"},"do_scp":{"type":"boolean","description":"If true, the system backup will also be transferred to the external server via SCP.\n"},"connection":{"type":"string","description":"Name or ID of the SCP connection which stores the details for SCP server.\n"}}},"cckm_synchronization_params":{"type":"object","description":"CCKM Synchronization operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\",\"database_backup_params\" and \"cckm_synchronization_params\" fields are mutually exclusive (cannot be set simultaneously).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud in which the Synchronize operation will be triggered. The possible values are \"aws\", \"hsm-luna\", \"dsm\" , \"oci\", \"sfdc\", \"gcp\", \"sap\", \"external-cm\" and \"AzureCloud\"."},"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or name of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"sync_item":{"type":"array","items":{"type":"string"},"description":"Items which need to be synchronized. At least one of the values from below is required for azure synchronization operation.","enum":["key","secret","certificate","all"]},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"oci_vaults":{"type":"array","items":{"type":"string"},"description":"Vault ID from which oci key will be synchronized. Provide CCKM OCI vault ID. At least one vault ID is required for oci synchronization operation."},"external_cm_domains":{"type":"array","items":{"type":"string"},"description":"IDs of external cm domains from which keys will be synchronized. At least one external cm domain is required for external CM synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."},"take_cloud_key_backup":{"type":"boolean","description":"Set true to take cloud key backup of all keys of the vaults. Only applicable for Azure."}}},"cckm_key_rotation_params":{"type":"object","description":"CCKM KEY Rotation operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive (cannot be set simultaneously).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud in which the Rotation operation will be triggered. The possible values are \"aws\", \"gcp\", \"oci\" , \"sfdc\", \"sap\",{{FF_SAP_XKS| \"sap-ekm\",}} \"microsoft-dke\" and \"AzureCloud\"."},"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name `gcp`.\n","enum":["Xd for x days","Yh for y hours"]},"aws_param":{"type":"object","description":"AWS param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."},"rotate_material":{"x-feature":"FF_AWS_ROTATE_KEY_ON_DEMAND_BYOK","type":"boolean","description":"Whether to rotate material. When set to true, key material of the key will be rotated. Set to false, will create a new key and move the alias as part of rotation.\n"}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belongs."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have the following values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are `native`{{FF_LUNA_CONNECTION|, `hsm-luna`}}{{FF_DSM_CONNECTION|, `dsm`}}{{FF_EXTERNALCM_SOURCE|, 'external-cm`}} and `ciphertrust`."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"x-feature":"FF_DSM_CONNECTION","type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"x-feature":"FF_LUNA_CONNECTION","type":"string","description":"Partition ID where key will be created to upload on sfdc."},"external_cm_domain_id":{"x-feature":"FF_EXTERNALCM_SOURCE","type":"string","description":"External CM Domain ID where key will be created to upload on sfdc."}}},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date. For example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]}}},"cckm_xks_credential_rotation_params":{"type":"object","description":"CCKM XKS Credential Rotation operation specific arguments. The \"key_rotation_params\", \"database_backup_params\",\n\"cckm_synchronization_params\" and \"cckm_key_rotation\" fields are mutually exclusive (cannot be set simultaneously).\n","title":"CipherTrust Cloud Key Manager XKS Credential Rotation Parameters. This is for the rotation of the credential of an AWS External Key Store.","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud in which the Rotation operation will be triggered. The only supported value is \"aws\"."}}}}}]}}}}]},"View":{"type":"object","title":"Jobs","required":["table","schema"],"properties":{"table":{"type":"string","description":"Name of the table for which the job is to be listed.\n"},"schema":{"type":"string","description":"Name of the schema."}},"example":{"table":"mytable","schema":"owner"}},"PostMigrationServer":{"type":"object","title":"PostMigrationServer","required":["host","port","naeuser","naepassword"],"properties":{"host":{"type":"string","description":"Host IP of the migration server."},"port":{"type":"string","description":"Port of the migration server."},"naeuser":{"type":"string","description":"Nae user name to be used for encryption."},"naepassword":{"type":"string","description":"Nae user password"}}},"PatchMigrationServer":{"type":"object","title":"PostMigrationServer","properties":{"host":{"type":"string","description":"Host IP of the migration server."},"port":{"type":"string","description":"Port of the migration server."},"naeuser":{"type":"string","description":"Nae user name to be used for encryption."},"naepassword":{"type":"string","description":"Nae user password"}}},"Encryption":{"type":"object","title":"Perform Encryption","required":["table","viewSqlOnly"],"properties":{"table":{"type":"string","description":"Name of the table to be encrypted"},"schema":{"type":"string","description":"Name of owner/schema of the table."},"newtable":{"type":"string","description":"Name of the new table which will hold encrypted data (default is tablename_new)"},"viewname":{"type":"string","description":"User specified view Name"},"insTrigger":{"type":"string","description":"Name of the insert trigger default will be tablename_ins_trig"},"updTrigger":{"type":"string","description":"Name of the update trigger default will be \"tablename_upd_trig\""},"viewSqlOnly":{"type":"boolean","description":"Specify true if you just want to see the queries that will be performed."},"batchSize":{"type":"integer","description":"Specify the batch size in which encryption is to be deleted."}},"example":{"table":"myTable","newtable":"","viewname":"","insTrigger":"","updTrigger":"","viewSqlOnly":true,"batchsize":1000}},"Decryption":{"type":"object","title":"Perform Decryption","required":["table","columnNames"],"properties":{"table":{"type":"string","description":"Name of the table to be unmigrated."},"schema":{"type":"string","description":"Name of owner/schema of the table."},"viewSqlOnly":{"type":"boolean","description":"Specify true if you just want to see the queries that will be performed."},"batchSize":{"type":"integer","description":"Specify the batch size in which decryption is to be performed."},"columnNames":{"type":"array","items":{"type":"string"}}},"example":{"table":"myTable","batchsize":1000,"columnNames":["col1","col2"],"viewSqlOnly":true}},"Databases":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}}]},"ReportIdTemplate":{"type":"object","required":["reportId"],"properties":{"reportId":{"type":"string"}}},"SummaryReport":{"type":"object","properties":{"scansDataObjectCount":{"type":"integer","format":"int64"},"scansSensitiveDataObjectCount":{"type":"integer","format":"int64"},"scansSensitiveItemsCount":{"type":"integer","format":"int64"},"scansTotalInfotypesCount":{"type":"object","properties":{"detected":{"type":"integer","format":"int64"},"total":{"type":"integer","format":"int64"}}}}},"InfotypesCount":{"type":"object","properties":{"detected":{"type":"integer","format":"int64"},"total":{"type":"integer","format":"int64"}}},"InfotypesSummary":{"type":"object","properties":{"infotypesByCategory":{"type":"array","items":{"type":"object","properties":{"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}},"infotypesDistribution":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}}}},"InfotypeByCategory":{"type":"object","properties":{"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}},"Distribution":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}},"DataObjectsSummary":{"type":"object","properties":{"sensitiveDataObjectsByCategory":{"type":"array","items":{"type":"object","properties":{"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}},"sensitiveDataObjects":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}}}},"SensitiveDataObjectByCategory":{"type":"object","properties":{"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}},"ScansDetails":{"type":"object","properties":{"name":{"description":"Scan Name.","type":"string"},"execution":{"description":"Timestamp of the execution of the scan","type":"string","format":"date-time","x-nullable":true},"duration":{"description":"Duration of the execution of the scan","type":"integer"},"datastores":{"description":"Names of the datastores included in the scan.","type":"array","items":{"type":"string"}},"classificationProfiles":{"description":"Object classification profiles included in the scan.","type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the classification profile.","type":"string"},"deletedAt":{"description":"timestamp when classification profile was deleted.","type":"string","format":"date-time"}}}},"infotypes":{"description":"Infotypes included in the scan.","type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the infotype","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the infotype","type":"integer"},"name":{"description":"Name of the infotype","type":"string"},"riskWeight":{"description":"Weight for each match in the risk formula","type":"integer"},"family":{"description":"info type family","type":"object","properties":{"id":{"description":"family id","type":"string","format":"UUIDv4"},"name":{"description":"name of the family","type":"string"},"category":{"description":"info type category","type":"object","properties":{"id":{"description":"category id","type":"string","format":"UUIDv4"},"name":{"description":"name of the category","type":"string"}}}}}}}},"infotypesFound":{"description":"Number of found infotypes","type":"integer","format":"int64"},"totalDataObjects":{"description":"Total Data Objects included in the scan.","type":"integer"},"sensitiveDataObjects":{"description":"Sensitive Data Objects found in the scan.","type":"integer"},"filters":{"description":"Filters used in the scan","type":"array","items":{"type":"object","properties":{"filter":{"type":"string","description":"Type of filter to apply"},"expression":{"description":"Expression for the filter","type":"string"},"toDate":{"description":"Starting date for the include_date_range filter","type":"string","format":"date"},"fromDate":{"description":"Ending date for the include_date_range filter","type":"string","format":"date"},"days":{"description":"Days to include for the include_recent filter","type":"integer"},"size":{"description":"Max data object size for the exclude_max_size in MB","type":"integer"}}}}}},"DatastoresDetails":{"type":"object","properties":{"name":{"description":"Name of the datastore.","type":"string"},"risk":{"description":"Value of the risk detected in the datastore.","type":"integer","format":"int64"},"warning":{"description":"True if the risk in high.","type":"boolean"},"sensitivityLevel":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Sentivity Level.","type":"string"},"color":{"description":"Color associated to the Sentivity Level.","type":"string"},"level":{"description":"Level associated to the Sentivity Level.","type":"integer"},"internal":{"description":"Indicates if the Sensivity Level is used only internally by the backend.","type":"boolean"}}}]},"scanName":{"description":"Name of the scan wich includes the datastore.","type":"string"},"lastScan":{"description":"Date of the last scan using the datastore.","type":"integer","format":"date-time"},"branchLocation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"city":{"description":"City of Branch Location.","type":"string"},"countryId":{"description":"Country ID of Branch Location.","type":"string"},"stateId":{"description":"State ID of Branch Location.","type":"string"},"country":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"code":{"description":"Country Code.","type":"string"},"latitude":{"description":"Latitude.","type":"number"},"longitude":{"description":"Longitude.","type":"number"}}}]},"state":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"countryCode":{"description":"Country Code associated to the State.","type":"string"}}}]}}}]},"totalDataObject":{"description":"Total of dataobjects of the datastore.","type":"integer","format":"int64"},"sensitiveDataObject":{"description":"Number of sensitive data objects in the datastore.","type":"integer","format":"int64"},"infotypesTotal":{"description":"Names of the infotypes included in the datastore.","type":"array","items":{"type":"string"}},"infotypesTop5":{"description":"Array of the infotypes Top 5.","type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}},"extensionsTop5":{"description":"Array of the infotypes Top 5.","type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}},"classificationProfileTop5":{"description":"Array of the infotypes Top 5.","type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}}}},"InaccessibleDataObjectsDetails":{"type":"object","properties":{"scanExecutionId":{"description":"Id of the scan execution","type":"string"},"scanId":{"description":"ID of the scan","type":"string"},"datastoreId":{"description":"ID of the datastore","type":"string"},"datastoreName":{"description":"Name of the datastore","type":"string"},"datastoreDeleteAt":{"description":"Date when datastore was deleted.","type":"string","format":"date-time"},"name":{"description":"Name of the dataobject.","type":"string"},"Path":{"description":"Path of the dat object","type":"string"},"timestamp":{"description":"Data object timestamp.","type":"string","format":"date-time"},"inaccessibleDetails":{"description":"array of infotypes found in the data object.","type":"object","properties":{"description":{"description":"reason explaining the error","type":"string"},"severity":{"description":"severity level of the error","type":"string"}}}}},"DataObjectsDetails":{"type":"object","properties":{"scanExecutionId":{"description":"Id of the scan execution","type":"string"},"scanId":{"description":"ID of the scan","type":"string"},"datastoreId":{"description":"ID of the datastore","type":"string"},"name":{"description":"Name of the dataobject.","type":"string"},"risk":{"description":"Value of the risk detected in the data object.","type":"integer","format":"int64"},"path":{"description":"Localization of the data object.","type":"string"},"datastoreName":{"description":"Name of the datastore which includes the data object.","type":"string"},"owner":{"description":"Name of the owner.","type":"string"},"type":{"description":"Type of the data object. File or Table","type":"string"},"partialScanResults":{"description":"Indicates if there are partial scan results","type":"boolean"},"matches":{"description":"Number of sensitive items found.","type":"integer","format":"int64"},"modified":{"description":"Date of last modification.","type":"string","format":"date-time"},"infoTypesTotal":{"description":"Number of distinct infotypes found.","type":"integer","format":"int64"},"infotypesDistribution":{"description":"array of infotypes found in the data object.","type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"infotype name"},"category":{"type":"string","description":"infotype category"},"value":{"type":"integer","format":"int64","description":"number of matches"},"searchPrecision":{"type":"string","format":"string","description":"Search precission for the infotype","enum":["HIGH","LOW","N/A"]},"riskWeight":{"type":"integer","description":"weight of each match in the risk formula"}}}},"DatastoreDeletedAt":{"description":"Date of deletion","type":"string","format":"date-time"},"classificationProfiles":{"description":"Classification profiles","type":"array","items":{"type":"string"}},"Metadata":{"description":"object of metadata details for the data object.","type":"object","properties":{"catalog":{"description":"array that contains the value of catalogs.","type":"array","items":{"description":"value of catalog.","type":"string"}},"classificationStatus":{"description":"array that contains the value of classification status.","type":"array","items":{"description":"value of classification status.","type":"string"}},"clientModified":{"description":"array that contains the value of client modified date.","type":"array","items":{"description":"value of client modified date.","type":"string"}},"date":{"description":"array that contains the value of date.","type":"array","items":{"description":"value of date.","type":"string"}},"dateModified":{"description":"array that contains the value of modified date.","type":"array","items":{"description":"value of modified date.","type":"string"}},"documentCreated":{"description":"array that contains the value of document created date.","type":"array","items":{"description":"value of document created date.","type":"string"}},"documentCreator":{"description":"array that contains the value of document creators.","type":"array","items":{"description":"value of document creator.","type":"string"}},"documentModified":{"description":"array that contains the value of document modified date.","type":"array","items":{"description":"value of document modified date.","type":"string"}},"documentModifier":{"description":"array that contains the value of document modifiers.","type":"array","items":{"description":"value of document modifiers.","type":"string"}},"encoding":{"description":"array that contains the value of encoding.","type":"array","items":{"description":"value of encoding.","type":"string"}},"fileCreated":{"description":"array that contains the value of file created date.","type":"array","items":{"description":"value of file created date.","type":"string"}},"fileModified":{"description":"array that contains the value of file modified date.","type":"array","items":{"description":"value of file modified date.","type":"string"}},"fileOwner":{"description":"array that contains the value of file owners.","type":"array","items":{"description":"value of file owners.","type":"string"}},"filename":{"description":"array that contains the value of filename.","type":"array","items":{"description":"value of filename.","type":"string"}},"folder":{"description":"array that contains the value of folder name.","type":"array","items":{"description":"value of folder name.","type":"string"}},"instance":{"description":"array that contains the value of instance.","type":"array","items":{"description":"value of instance.","type":"string"}},"keyColumns":{"description":"array that contains the value of key columns.","type":"array","items":{"description":"value of key column.","type":"string"}},"keySource":{"description":"array that contains the value of key sources.","type":"array","items":{"description":"value of key source.","type":"string"}},"mipLabelDescription":{"description":"array that contains the value of mip label descriptions.","type":"array","items":{"description":"value of mip label descriptions.","type":"string"}},"mipLabelName":{"description":"array that contains the value of mip label names.","type":"array","items":{"description":"value of mip label names.","type":"string"}},"mipLabelUID":{"description":"array that contains the value of mip label UID.","type":"array","items":{"description":"value of mip label UID.","type":"string"}},"mipLabelSensitivity":{"description":"array that contains the value of mip label sensitivities.","type":"array","items":{"description":"value of mip label sensitivities.","type":"string"}},"objectCreated":{"description":"array that contains the value of object created date.","type":"array","items":{"description":"value of object created date.","type":"string"}},"objectModified":{"description":"array that contains the value of object modified date.","type":"array","items":{"description":"value of object modified date.","type":"string"}},"permissionExecute":{"description":"array that contains the value of execution permissions.","type":"array","items":{"description":"value of execution permissions.","type":"string"}},"permissionFull":{"description":"array that contains the value of full permissions.","type":"array","items":{"description":"value of full permissions.","type":"string"}},"permissionModify":{"description":"array that contains the value of modify permissions.","type":"array","items":{"description":"value of modify permissions.","type":"string"}},"permissionRead":{"description":"array that contains the value of read permissions.","type":"array","items":{"description":"value of read permissions.","type":"string"}},"permissionSpecial":{"description":"array that contains the value of special permissions.","type":"array","items":{"description":"value of special permissions.","type":"string"}},"permissionWrite":{"description":"array that contains the values of write permissions.","type":"array","items":{"description":"value of write permissions.","type":"string"}},"processedRows":{"description":"array that contains the value of processed rows.","type":"array","items":{"description":"value of processed rows.","type":"integer","format":"int64"}},"schema":{"description":"array that contains the value of schema.","type":"array","items":{"description":"value of schema.","type":"string"}},"serverModified":{"description":"array that contains the value of server modified date.","type":"array","items":{"description":"value of server modified date.","type":"string"}},"table":{"description":"array that contains the value of table.","type":"array","items":{"description":"value of table.","type":"string"}},"track1":{"description":"array that contains the value of track1.","type":"array","items":{"description":"value of track1.","type":"string"}},"track2":{"description":"array that contains the value of track2.","type":"array","items":{"description":"value of track2.","type":"string"}}}},"ExtraMetadata":{"description":"metadata referred to columns information for datastores whose kind is data base.","type":"array","items":{"description":"object that contains the information about column matches.","type":"object","properties":{"columnName":{"description":"name of column.","type":"string"},"MatchesInfo":{"description":"array with matches information.","type":"array","items":{"description":"object that contains the information per match.","type":"object","properties":{"count":{"description":"number of matches.","type":"integer"},"infoTypeID":{"description":"identifier of infotype.","type":"string"},"infoTypeVersion":{"description":"version of infotype.","type":"integer"}}}}}}}}},"ScanTrendDataObjectsDetails":{"type":"object","properties":{"scanId":{"description":"ID of the scan","type":"string"},"scanVersion":{"description":"Scan version","type":"integer","format":"int64"},"scanExecutionId":{"description":"Id of the scan execution","type":"string"},"name":{"description":"Name of the dataobject.","type":"string"},"risk":{"description":"Value od the risk detected in the data object.","type":"integer","format":"int64"},"path":{"description":"Localization of the data object.","type":"string"},"datastoreID":{"description":"ID of the datastore.","type":"string"},"datastoreName":{"description":"Name of the datastore","type":"string"},"profiles":{"description":"Profiles.","type":"integer","format":"int64"},"infoTypesTotal":{"description":"Infotypes.","type":"integer","format":"int64"},"matches":{"description":"Number of sensitive items found.","type":"integer","format":"int64"}}},"ScannedDataStoresCatalog":{"type":"object","properties":{"datastoreID":{"description":"ID of the datastore.","type":"string"},"datastoreName":{"description":"Name of the datastore.","type":"string"},"datastoreType":{"description":"Type of the datastore.","type":"string"},"scanID":{"description":"ID of the scan.","type":"string"},"scanExecutionID":{"description":"ID of the scan execution.","type":"string"},"scanVersion":{"description":"Version of the scan.","type":"integer","format":"int64"},"sensitivityLevelID":{"type":"string"},"sensitivityLevelName":{"type":"string"},"totalDataObjects":{"type":"integer","format":"int64"},"sensitiveDataObjects":{"type":"integer","format":"int64"},"risk":{"type":"integer","format":"int64"},"lastRunTimestamp":{"description":"Date of execution of the last scan where this datastore was included.","type":"string","format":"date-time"},"cmVersion":{"description":"Last version of DDC where this datastore was included.","type":"string"}}},"FindPathsDetailsCatalog":{"type":"object","properties":{"path":{"description":"Path.","type":"string"},"risk":{"description":"Risk score.","type":"number"},"datastoreID":{"description":"ID of the datastore which includes the data object.","type":"string"},"datastoreType":{"description":"Type of the datastore which includes the data object.","type":"string"},"dataStoreVersion":{"description":"Data store version.","type":"number"},"scanID":{"description":"ID of the scan","type":"string"},"scanExecutionID":{"description":"ID of the scan execution","type":"string"},"scanVersion":{"description":"Version of the scan.","type":"integer","format":"number"}}},"DataObjectsDetailsCatalog":{"type":"object","properties":{"name":{"description":"Name of the data object.","type":"string"},"path":{"description":"Localization of the data object.","type":"string"},"risk":{"description":"Value of the risk detected in the data object.","type":"integer","format":"int64"},"datastoreID":{"description":"ID of the datastore which includes the data object.","type":"string"},"datastoreName":{"description":"Name of the datastore which includes the data object.","type":"string"},"datastoreType":{"description":"Type of the datastore which includes the data object.","type":"string"},"scanID":{"description":"ID of the scan","type":"string"},"scanExecutionID":{"description":"ID of the scan execution","type":"string"},"scanVersion":{"description":"Version of the scan.","type":"integer","format":"int64"},"lastRunTimestamp":{"description":"Date of execution of the last scan where this data object was found.","type":"string","format":"date-time"},"cmVersion":{"description":"Last version of DDC where this data object was found.","type":"string"},"extension":{"description":"Extension of the data object.","type":"object","properties":{"id":{"description":"ID of the extension.","type":"string"},"name":{"description":"Name of the extension.","type":"string"},"familyID":{"description":"ID of the extension family.","type":"string"},"familyName":{"description":"Name of the extension family.","type":"string"},"categoryID":{"description":"ID of the extension category.","type":"string"},"categoryName":{"description":"Name of the extension category.","type":"string"}}},"sensitivityLevel":{"description":"Sensitivity level of the data object.","type":"object","properties":{"id":{"description":"ID of the sensitivity level.","type":"string"},"name":{"description":"Name of the sensitivity level.","type":"string"},"color":{"description":"Color of the sensitivity level.","type":"string"},"level":{"description":"Level of the sensitivity level.","type":"integer"}}},"classificationProfiles":{"description":"List of classification profiles found in the data object.","type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the classification profile.","type":"string"},"name":{"description":"Name of the classification profile.","type":"string"}}}},"infotypes":{"description":"List of infotypes found in the data object.","type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the infotype.","type":"string"},"name":{"description":"Name of the infotype.","type":"string"},"matches":{"description":"Number of sensitive items found.","type":"integer"},"modified":{"description":"Whether it was modified or not.","type":"boolean"},"scanExecutionID":{"description":"ID of the scan execution where this infotypes was found in the data object.","type":"string"}}}}}},"Agent":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"localStorageOnly":{"description":"If set to true the agent won't be used in automatic agent selection except for local storage datastores","type":"boolean"},"agentLabels":{"description":"Labels assigned to the agent","type":"array","items":{"type":"object","properties":{"id":{"description":"Label ID","type":"string","format":"UUIDv4"},"name":{"description":"Label name","type":"string"}}}},"platformCompatibility":{"description":"Platform family of the agent","type":"string"},"status":{"description":"Status of the agent - the possible values are 'CONNECTED' or 'NOT_CONNECTED'","type":"string","enum":["CONNECTED","NOT_CONNECTED"]},"connectedIp":{"description":"IP of the interface the agent used to connect to DDC","type":"string"},"timeDifference":{"description":"Difference between the agent and the server clocks in seconds.","type":"integer"},"version":{"description":"Version of the installed agent","type":"string"},"datastores":{"description":"Number of datastores associated with the agent","type":"integer"},"networkInterfaces":{"description":"List of network devices present on Agent system","type":"array","items":{"type":"object","properties":{"ip":{"description":"IP address of the connected network device","type":"string"}}}},"mountpoints":{"description":"List of mounted shares or devices on Agent host system","type":"array","items":{"type":"object","properties":{"path":{"description":"Path for the mount point / mount directory","type":"string"},"source":{"description":"Path for the source device","type":"string"},"network":{"description":"Returns true for network shares or network devices, returns false for local devices","type":"boolean"}}}}}}]},"MLAgent":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"localStorageOnly":{"description":"If set to true the agent won't be used in automatic agent selection except for local storage datastores","type":"boolean"},"agentLabels":{"description":"Labels assigned to the agent","type":"array","items":{"type":"object","properties":{"id":{"description":"Label ID","type":"string","format":"UUIDv4"},"name":{"description":"Label name","type":"string"}}}},"platformCompatibility":{"description":"Platform family of the agent","type":"string"},"status":{"description":"Status of the agent - the possible values are 'CONNECTED' or 'NOT_CONNECTED'","type":"string","enum":["CONNECTED","NOT_CONNECTED"]},"connectedIp":{"description":"IP of the interface the agent used to connect to DDC","type":"string"},"timeDifference":{"description":"Difference between the agent and the server clocks in seconds.","type":"integer"},"version":{"description":"Version of the installed agent","type":"string"},"datastores":{"description":"Number of datastores associated with the agent","type":"integer"},"mlAgentID":{"description":"Client ID of the agent","type":"string"},"configProfileID":{"description":"Config profile ID of the agent","type":"string"},"configProfileName":{"description":"Config profile name of the agent","type":"string"},"type":{"description":"Type of agent","type":"string"},"platform":{"description":"OS platform of the agent","type":"string"},"accessedAt":{"description":"Latest access time of the agent","type":"string"},"connectivity":{"description":"Various connectivity errors of the ml-agent in a string map. For example,\n```\n\"connectivity\": {\n \"apiError\": \"e30=\",\n \"streamError\": \"e30=\",\n \"systemError\": \"e30=\"\n}\n```\nRefer to ML Agent documentation for the list of available options.\n","type":"object"},"proxy":{"description":"Check if it is a proxy agent","type":"boolean"},"networks":{"description":"List of network devices present on Agent system","type":"array","items":{"type":"object","properties":{"ip":{"description":"IP address of the connected network device","type":"string"}}}},"publicKey":{"description":"Public key of the agent","type":"string"}}}]},"UpdateAgent":{"required":["localStorageOnly"],"properties":{"localStorageOnly":{"description":"If set to true the agent won't be used in automatic agent selection except for local storage datastores","type":"boolean"},"agentLabels":{"description":"Labels to assign to the agent","type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the label. If it doesn't exist it will be created.","type":"string"}}}}}},"Datastore":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},"DataObjectDetailsParams":{"allOf":[{"type":"object","required":["scanExecutionId","scanId","datastoreId","type","path","name"],"properties":{"scanExecutionId":{"description":"ScanExecutionID of the execution selected for the report.","type":"string"},"scanId":{"description":"scanID of the scan execution selected for the report.","type":"string"},"datastoreId":{"description":"datastoreID of the scan selected for the report.","type":"string"},"type":{"description":"Type of the data object.","type":"string"},"path":{"description":"Path of the data object.","type":"string"},"name":{"description":"name of the data object.","type":"string"}}}]},"ReportTemplate":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"meta":{"description":"Meta data of ReportTemplate.","type":"object"},"source":{"description":"Source of the Report Template.","type":"string"},"analysis":{"description":"Source of the Report Template.","type":"string"},"schedule":{"description":"Schedule Report Template.","type":"string"},"lastRun":{"description":"Last Run Report Template.","type":"string","format":"date-time"},"status":{"description":"Status od the Report Template.","type":"string"},"scans":{"type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the execution selected for the report.","type":"string"},"scanName":{"description":"scanName of the execution selected for the report.","type":"string"},"scanExecutionId":{"description":"scanExecutionId of the execution selected for the report.","type":"string"},"latest":{"description":"True for LastExecution.","type":"boolean"},"executionDate":{"description":"ExecutionDate selected by user.","type":"string","format":"date-time"}}}]}},"autoGenerateReport":{"x-feature":"FF_REPORT_REGENERATION","description":"Whether regenerate the report once new executions of associated scans are available.","type":"boolean"}}}]},"ScanTrendReport":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"type":"object","properties":{"reportTemplateId":{"description":"ID of the report template that generated the report","type":"string","format":"UUIDv4"},"reportTemplateVersion":{"description":"Version of the report template that generated the report","type":"integer"},"status":{"description":"Status of the report","type":"string","enum":["RUNNING","COMPLETED","FAILED"]},"new":{"description":"Marks if the report has been viewed or if it's new","type":"boolean"},"startTimestamp":{"description":"Timestamp when the report generation started","type":"string","format":"date-time"},"endTimestamp":{"description":"Timestamp when the report generation finished","type":"string","format":"date-time"},"error":{"description":"Error of the report generation if it failed","type":"string","format":"json"},"scans":{"description":"Scan executions contained in the report","type":"array","items":{"allOf":[{"type":"object","properties":{"id":{"description":"id of the scan","type":"string","format":"UUIDv4"},"executionDate":{"description":"timestamp for the scan execution","type":"string","format":"date-time"},"scanVersion":{"description":"version of the scan when it was executed","type":"integer"},"scanExecutionId":{"description":"id for the scan execution","type":"string","format":"UUIDv4"},"scanName":{"description":"name of the scan","type":"string"}}}]}}}}]},"DataObjectTrend":{"type":"array","items":{"type":"object","properties":{"date":{"description":"Date of scan launch.","type":"string","format":"date-time"},"scanID":{"description":"ID of the scan.","type":"string"},"scanVersion":{"description":"Version of the scan.","type":"integer"},"modified":{"description":"Whether or not the scan has been modified.","type":"boolean"},"dataObjectScanned":{"description":"Scanned data objects.","type":"integer"},"sensitiveDataObjects":{"description":"Sensitive data objects.","type":"integer"},"infoTypesFoundCount":{"description":"Count of the infotypes found.","type":"integer"}}}},"AverageRisk":{"type":"array","items":{"type":"object","properties":{"date":{"description":"Date of scan launch.","type":"string","format":"date-time"},"scanID":{"description":"ID of the scan.","type":"string"},"scanExecutionID":{"description":"Scan Execution ID.","type":"string"},"scanVersion":{"description":"Version of the scan.","type":"integer"},"modified":{"description":"Whether or not the scan has been modified.","type":"boolean"},"averageRisk":{"description":"Average risk.","type":"integer"}}}},"InfotypesTrend":{"type":"array","items":{"type":"object","properties":{"date":{"description":"Date of scan launch.","type":"string","format":"date-time"},"infoTypesCount":{"description":"Count of the infotypes found.","type":"integer"},"scanID":{"description":"ID of the scan.","type":"string"},"scanVersion":{"description":"Version of the scan.","type":"integer"},"modified":{"description":"Whether or not the scan has been modified.","type":"boolean"},"infoTypesFound":{"description":"Array of infotypes found.","type":"array","items":{"type":"object","properties":{"infoTypeFamily":{"description":"Family of the infotype.","type":"string"},"name":{"description":"Name of the infotype.","type":"string"},"count":{"description":"Count of occurencies of this infotype found.","type":"integer"}}}}}}},"Report":{"type":"object","properties":{"reportTemplateName":{"description":"Name of ReportTemplate.","type":"string"},"scans":{"description":"Array of scan names.","type":"array","items":{"type":"object","properties":{"executionDate":{"description":"Date of scan launch.","type":"string","format":"date-time"},"scanName":{"description":"Name of the scan.","type":"string"}}}},"report":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"reportTemplateId":{"description":"ID of ReportTemplate.","type":"string"},"reportTemplateVersion":{"description":"Version of ReportTemplate.","type":"integer"},"path":{"description":"Path of Report.","type":"string"},"status":{"description":"Status of the Report.","type":"string"},"new":{"description":"Schedule Report Template.","type":"boolean"},"startTimestamp":{"description":"Start of the process report.","type":"string","format":"date-time"},"endTimestamp":{"description":"End of the Report to be ready.","type":"string","format":"date-time"},"version":{"x-feature":"FF_REPORT_REGENERATION","description":"Report version.","type":"string","format":"date-time"},"error":{"description":"Error of the report.","type":"string"}}}]}}},"AggregatedReportExecution":{"x-feature":"FF_REPORT_REGENERATION","type":"object","properties":{"id":{"description":"Report ID.","type":"string"},"ddcVersion":{"description":"DDC version in which the report was executed.","type":"string"},"version":{"description":"Report version.","type":"string","format":"date-time"},"startTimestamp":{"description":"Start of the process report.","type":"string","format":"date-time"},"new":{"description":"Whether the reports is new or not.","type":"boolean"},"status":{"description":"Status of the Report.","type":"string"}}},"ReportTemplateScans":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the execution selected for the report.","type":"string"},"scanName":{"description":"scanName of the execution selected for the report.","type":"string"},"scanExecutionId":{"description":"scanExecutionId of the execution selected for the report.","type":"string"},"latest":{"description":"True for LastExecution.","type":"boolean"},"executionDate":{"description":"ExecutionDate selected by user.","type":"string","format":"date-time"}}}]},"CreateDynamicQueryParams":{"allOf":[{"type":"object","properties":{"id":{"description":"UUID of the dynamic query to create (optional)","type":"string","format":"uuid"},"filter":{"description":"Generic text filter to search in the name and path columns","type":"string"},"datastores":{"description":"Datastores to include in the query","type":"array","items":{"type":"string","format":"uuid"}},"types":{"description":"Types of data objects to include (File, Table, Attachment, Email, Record)","type":"array","items":{"type":"string"}},"sort":{"description":"Column to use for sorting (name, -name, risk, -risk, type, -type, path, -path)","type":"string"}}}]},"DynamicQueryDetails":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"type":"object","properties":{"reportId":{"description":"ID of the report for the dynamic query","type":"string","format":"uuid"},"startTimestamp":{"description":"timestamp when the query execution started","type":"string","format":"date-time"},"endTimestamp":{"description":"timestamp when the query execution finished","type":"string","format":"date-time"},"status":{"description":"status of the dynamic query (RUNNING, COMPLETED, FAILED)","type":"string"},"error":{"description":"Error of the dynamic query if it failed","type":"string","format":"json"}}}]},"DynamicQueryReportStatus":{"allOf":[{"type":"object","properties":{"startTimestamp":{"description":"timestamp when the query execution started","type":"string","format":"date-time"},"endTimestamp":{"description":"timestamp when the query execution finished","type":"string","format":"date-time"},"status":{"description":"status of the dynamic query (RUNNING, COMPLETED, FAILED)","type":"string"},"error":{"description":"Error of the dynamic query if it failed","type":"string","format":"json"}}}]},"ClassificationProfile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Classification Profile.","type":"string"},"template":{"description":"Indicates if the Classification Profile is a pre-loaded template.","type":"boolean"},"sensitivityLevel":{"description":"Sensitivity level of the Classification Profile.","type":"object","properties":{"id":{"type":"string","description":"Sensitivity level id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Sensitivity level version","format":"uint64"},"name":{"type":"string","description":"Sensitivity level name"},"color":{"type":"string","description":"Preferred color shown in the UI"},"level":{"type":"integer","description":"Level of sensitivity."}}},"tags":{"description":"Classification profile tags","type":"array","items":{"type":"object","properties":{"id":{"type":"string","description":"Tag id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Tag version","format":"uint64"},"name":{"type":"string","description":"Tag name"}}}},"infoTypes":{"description":"Classification profile info types","type":"array","items":{"type":"object","properties":{"min":{"type":"integer","description":"min attribute, default 1"},"infoTypeId":{"type":"string","description":"id of the info type","format":"UUIDv4"},"infoType":{"type":"object","description":"Info type details","properties":{"id":{"type":"string","description":"Info type ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type version","format":"uint64"},"name":{"type":"string","description":"Info type name"},"type":{"description":"System info type or user created","type":"string","enum":["BUILTIN","CUSTOM"]},"region":{"type":"string","description":"Info type region"},"family":{"type":"object","description":"Info type family","properties":{"id":{"type":"string","description":"Info type family ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type family version","format":"uint64"},"name":{"type":"string","description":"Info type family name"},"category":{"type":"object","description":"Info type category","properties":{"id":{"type":"string","description":"Info type category ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type category version","format":"uint64"},"name":{"type":"string","description":"Info type category name"}}}}}}}}}}}}]},"ClassificationProfileInfoType":{"allOf":[{"type":"object","required":["min","infoTypeId"],"properties":{"min":{"description":"TBD.","type":"integer"},"infoTypeId":{"description":"Info Type ID associated.","type":"string"},"infoType":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"type":{"description":"Info Type type, either BUILTIN or CUSTOM","type":"string"},"key":{"description":"Info Type Key.","type":"string"},"region":{"description":"Info type Region.","type":"string"},"family":{"description":"info type family","type":"object","properties":{"name":{"description":"name of the family","type":"string"},"category":{"description":"info type category","type":"object","properties":{"name":{"description":"name of the category","type":"string"}}}}},"riskWeight":{"description":"risk weight for the infotype matches","type":"integer"}}}]}}}]},"InfoType":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"type":{"description":"Info Type type, either BUILTIN or CUSTOM","type":"string"},"key":{"description":"Info Type Key.","type":"string"},"region":{"description":"Info type Region.","type":"string"},"family":{"description":"info type family","type":"object","properties":{"name":{"description":"name of the family","type":"string"},"category":{"description":"info type category","type":"object","properties":{"name":{"description":"name of the category","type":"string"}}}}},"riskWeight":{"description":"risk weight for the infotype matches","type":"integer"}}}]},"CreateCustomInfotype":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"required":["expression"],"properties":{"expression":{"description":"Custom info type expression. The expression is a combination of the following commands.\n- WORD '{FREE TEXT}'\n- RANGE {TYPE} TIMES {FROM}-{TO}\n- REFER '{PREFIX}_{KEYNAME}'\nThe different options for the {TYPE} are SPACE, HSPACE, VSPACE, BYTE, ALNUM, LETTER, DIGIT, PRINTABLE,\nPRINTABLEASCII, PRINTABLENONALPHA, PRINTABLENONALNUM, GRAPHIC, SAMELINE, NONALNUM, NONALPHA and NONDIGIT\nThe {PREFIX}_{KEYNAME} is the Key field of the Infotype. The chosen infotype needs to be a built-in info type.\nFor each {PREFIX} used in the REFER section we need to add a INCLUDE 'DEFINE_{PREFIX}' at the start of the expression.\nThe commands are combined using the THEN clause.\nExample:\n INCLUDE 'DEFINE_BANK'\n INCLUDE 'DEFINE_CHD'\n REFER 'CHD_AMERICANEXPRESS'\n THEN WORD 'Hello world'\n THEN RANGE ALNUM TIMES 0-1\n THEN REFER 'BANK_AUSTRALIA_ABN_STRICT'\n THEN REFER 'CHD_MASTERCARD'\n","type":"string"}}},{"type":"object","required":["region","family"],"properties":{"region":{"description":"Region of the info type. Possible values - Global, Africa, Americas, Asia, Europe, Oceania","type":"string"},"family":{"description":"Info type family. Possible values - Passport Number, License Number, Date Of Birth, Gender,\nTelephone Number, Phone Number, Card Number, Patient Health Data, Email addresses, Login credentials,\nIP Address, Ethnicity, Roll Number, Credit/Debit Cards, Bank Account Info, Personal Identification,\nMailing Address, Name, Religion, MAC Address\n","type":"string"},"riskWeight":{"description":"Defines the value each match of the info type adds to the risk score.\nThis particular section of the risk score works like this: \n(It1Matches * It1Weight + It2Matches * It2Weight + ...) * 0.1\n","type":"integer","default":1}}}]},"UpdateCustomInfotype":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"required":["expression"],"properties":{"expression":{"description":"Custom info type expression. The expression is a combination of the following commands.\n- WORD '{FREE TEXT}'\n- RANGE {TYPE} TIMES {FROM}-{TO}\n- REFER '{PREFIX}_{KEYNAME}'\nThe different options for the {TYPE} are SPACE, HSPACE, VSPACE, BYTE, ALNUM, LETTER, DIGIT, PRINTABLE,\nPRINTABLEASCII, PRINTABLENONALPHA, PRINTABLENONALNUM, GRAPHIC, SAMELINE, NONALNUM, NONALPHA and NONDIGIT\nThe {PREFIX}_{KEYNAME} is the Key field of the Infotype. The chosen infotype needs to be a built-in info type.\nFor each {PREFIX} used in the REFER section we need to add a INCLUDE 'DEFINE_{PREFIX}' at the start of the expression.\nThe commands are combined using the THEN clause.\nExample:\n INCLUDE 'DEFINE_BANK'\n INCLUDE 'DEFINE_CHD'\n REFER 'CHD_AMERICANEXPRESS'\n THEN WORD 'Hello world'\n THEN RANGE ALNUM TIMES 0-1\n THEN REFER 'BANK_AUSTRALIA_ABN_STRICT'\n THEN REFER 'CHD_MASTERCARD'\n","type":"string"}}},{"type":"object","required":["region","family"],"properties":{"region":{"description":"Region of the info type. Possible values - Global, Africa, Americas, Asia, Europe, Oceania","type":"string"},"family":{"description":"Info type family. Possible values - Passport Number, License Number, Date Of Birth, Gender,\nTelephone Number, Phone Number, Card Number, Patient Health Data, Email addresses, Login credentials,\nIP Address, Ethnicity, Roll Number, Credit/Debit Cards, Bank Account Info, Personal Identification,\nMailing Address, Name, Religion, MAC Address\n","type":"string"},"riskWeight":{"description":"Defines the value each match of the info type adds to the risk score.\nThis particular section of the risk score works like this: \n(It1Matches * It1Weight + It2Matches * It2Weight + ...) * 0.1\n","type":"integer","default":1}}}]},"UpdateSearchPrecisionInfotype":{"allOf":[{"type":"object","required":["operations"],"properties":{"operations":{"type":"array","items":{"type":"object","required":["id","searchPrecision"],"properties":{"id":{"description":"BuiltIn Infotype Id","type":"string"},"searchPrecision":{"description":"Search Precision for Infotype. Possible values - LOW, HIGH\n","type":"string"}}}}}}]},"InfotypeExpression":{"required":["expression"],"properties":{"expression":{"description":"Custom info type expression. The expression is a combination of the following commands.\n- WORD '{FREE TEXT}'\n- RANGE {TYPE} TIMES {FROM}-{TO}\n- REFER '{PREFIX}_{KEYNAME}'\nThe different options for the {TYPE} are SPACE, HSPACE, VSPACE, BYTE, ALNUM, LETTER, DIGIT, PRINTABLE,\nPRINTABLEASCII, PRINTABLENONALPHA, PRINTABLENONALNUM, GRAPHIC, SAMELINE, NONALNUM, NONALPHA and NONDIGIT\nThe {PREFIX}_{KEYNAME} is the Key field of the Infotype. The chosen infotype needs to be a built-in info type.\nFor each {PREFIX} used in the REFER section we need to add a INCLUDE 'DEFINE_{PREFIX}' at the start of the expression.\nThe commands are combined using the THEN clause.\nExample:\n INCLUDE 'DEFINE_BANK'\n INCLUDE 'DEFINE_CHD'\n REFER 'CHD_AMERICANEXPRESS'\n THEN WORD 'Hello world'\n THEN RANGE ALNUM TIMES 0-1\n THEN REFER 'BANK_AUSTRALIA_ABN_STRICT'\n THEN REFER 'CHD_MASTERCARD'\n","type":"string"}}},"Regulation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}}]},"SensitivityLevel":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Sentivity Level.","type":"string"},"color":{"description":"Color associated to the Sentivity Level.","type":"string"},"level":{"description":"Level associated to the Sentivity Level.","type":"integer"},"internal":{"description":"Indicates if the Sensivity Level is used only internally by the backend.","type":"boolean"}}}]},"BranchLocation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"city":{"description":"City of Branch Location.","type":"string"},"countryId":{"description":"Country ID of Branch Location.","type":"string"},"stateId":{"description":"State ID of Branch Location.","type":"string"},"country":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"code":{"description":"Country Code.","type":"string"},"latitude":{"description":"Latitude.","type":"number"},"longitude":{"description":"Longitude.","type":"number"}}}]},"state":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"countryCode":{"description":"Country Code associated to the State.","type":"string"}}}]}}}]},"CreateBranchLocation":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"city":{"description":"City of Branch Location.","type":"string"},"countryId":{"description":"Country ID of Branch Location.","type":"string"},"stateId":{"description":"State ID of Branch Location.","type":"string"}}}]},"HDFS":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"hadoopConnectionId":{"description":"ID to retrieve the connection info.","type":"string"},"hdfsUri":{"description":"Path to connect to HDFS.","type":"string"},"folder":{"description":"Folder to connect to HDFS","type":"string"}}}]},"UpdateHDFS":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["hdfsUri","folder"],"properties":{"hadoopConnectionId":{"description":"ID to retrieve the connection info.","type":"string"},"hdfsUri":{"description":"Path to connect to HDFS.","type":"string"},"folder":{"description":"Folder to connect to HDFS","type":"string"}}}]},"LIVY":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"hadoopConnectionId":{"description":"ID to retrieve the connection info.","type":"string"},"livyUri":{"description":"URI to connect to LIVY.","type":"string"}}}]},"UpdateLIVY":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["livyUri"],"properties":{"hadoopConnectionId":{"description":"ID of the conection in citrus.","type":"string"},"livyUri":{"description":"URI to connect to LIVY.","type":"string"}}}]},"DataEngine":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"hadoopConnectionId":{"description":"ID to retrieve the connection info.","type":"string"},"dataEngineUri":{"description":"URI to connect to Data-Engine.","type":"string"}}}]},"UpdateDataEngine":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["dataEngineUri"],"properties":{"hadoopConnectionId":{"description":"ID of the conection in citrus.","type":"string"},"dataEngineUri":{"description":"URI to connect to Data-Engine.","type":"string"}}}]},"ScanSettings":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","required":["agentMemoryMB","cpuPriority","networkThroughputMBPS"],"properties":{"agentMemoryMB":{"description":"Setting for the maximum memory usage that the scanner service can use on the Datastore host, in MB","type":"number","default":2048},"cpuPriority":{"description":"CPU priority set for the agent used in the scan. The possible values are 'low' and 'normal'","enum":["low","high"]},"networkThroughputMBPS":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps","type":"number","default":0}}}]},"UpdateScanSettings":{"allOf":[{"type":"object","properties":{"agentMemoryMB":{"description":"Setting for the maximum memory usage that the scanner service can use on the Datastore host, in MB","type":"number","example":2048},"cpuPriority":{"description":"CPU priority set for the agent used in the scan. The possible values are 'low' and 'normal'","enum":["low","high"]},"networkThroughputMBPS":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps. Set to 0 for unlimited.","type":"number","example":0}}}]},"TDPAAS":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"customerID":{"description":"ID of the customer with which TDPAAS components need to be provisioned.","type":"string"}}}]},"PostTDPAAS":{"allOf":[{"type":"object","required":["region"],"properties":{"region":{"description":"Region for TDPAAS resources.","type":"string"}}}]},"UpdateTDPAAS":{"allOf":[{"type":"object","required":["oidcConnectionDetails","cmID","region"],"properties":{"oidcConnectionDetails":{"description":"Credentials of the OIDC Connection.","allOf":[{"type":"object","required":["username","password","url"],"properties":{"citrusResourceID":{"description":"ID of the citrus resource used","type":"string"},"username":{"description":"IDP user email ID","type":"string"},"password":{"description":"password for IDP user email","type":"string"},"url":{"description":"dummy URL, any value would be acceptable","type":"string"}}}]},"cmID":{"description":"ID of the CM customer.","type":"string"},"region":{"type":"string"}}}]},"PutMLAAS":{"allOf":[{"type":"object","required":["region"],"properties":{"region":{"description":"Region for MLAAS resources.","type":"string"}}}]},"UpdateOIDCConnectionDetails":{"allOf":[{"type":"object","required":["username","password","url"],"properties":{"citrusResourceID":{"description":"ID of the citrus resource used","type":"string"},"username":{"description":"IDP user email ID","type":"string"},"password":{"description":"password for IDP user email","type":"string"},"url":{"description":"dummy URL, any value would be acceptable","type":"string"}}}]},"GetTDPAAS":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"oidcConnectionDetails":{"description":"Credentials of the OIDC Connection.","type":"object"},"oidcConnectionID":{"type":"string"},"cmID":{"description":"ID of the CM customer.","type":"string"},"region":{"type":"string"}}}]},"GetMLAAS":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"mlaasURL":{"type":"string"},"userOidcResourceID":{"type":"string"},"tenantIdpOidcResourceID":{"type":"string"},"cmID":{"description":"ID of the CM customer.","type":"string"},"region":{"type":"string"}}}]},"GetMLAASStatus":{"allOf":[{"type":"object","properties":{"status":{"description":"Current status for MLAAS onboarding.","type":"string"},"progress":{"description":"Progress percentage for MLAAS onboarding.","type":"integer"},"description":{"description":"Description of system property.","type":"object"}}}]},"GetTDPaaSRegions":{"allOf":[{"type":"object","properties":{"region":{"description":"supported regions for TDPAAS.","type":"array"}}}]},"GetTDPChoice":{"allOf":[{"type":"object","properties":{"tdpaas":{"description":"boolean value if TDPaaS settings are fixed"},"tdp_onprem":{"description":"boolean value if TDP on-onprem settings fixed"}}}]},"GetTDPConnectionStatus":{"allOf":[{"type":"object","properties":{"tdp_type":{"description":"selected TDP type"},"connection_status":{"description":"shows TDP connection status"},"error":{"description":"shows error when checking TDP connection status fails"}}}]},"GetDiskUsageStatistics":{"allOf":[{"type":"object","properties":{"diskUsage":{"description":"disk usage percentage of the server statistics","type":"number","multipleOf":0.000001},"degradedMode":{"description":"boolean value if the scanner service is in degraded mode","type":"boolean"},"error":{"description":"error message","type":"string"}}}]},"GetSystemProperty":{"allOf":[{"type":"object","properties":{"name":{"description":"System property name.","type":"string"},"value":{"description":"System property value.","type":"string"},"description":{"description":"Description of system property.","type":"string"}}}]},"UpdateSystemProperty":{"allOf":[{"type":"object","required":["value"],"properties":{"value":{"description":"Value to be updated.","type":"string"}}}]},"FAMSettings":{"allOf":[{"type":"object","required":["connectionID","connectionAttributes"],"properties":{"description":{"description":"Description for the FAM setting","type":"string","maxLength":256},"connectionID":{"description":"Connection resource id","type":"string","format":"uuid"},"connectionAttributes":{"description":"Additional connection parameters of FAM settings. Required attributes depends on the Connection Service type -\n- aws\n - bucket:\n - description: The aws bucket name to store scan results\n - type: string\n - minLength: 3\n - maxLength: 63\n - pattern: '^[a-z0-9.-]$' can contain only lower case letters, numbers, dot(.) and hyphen(-)\n","type":"object","format":"JSON"}}}]},"FAMSettingsConnectionAttributes":{"description":"Additional connection parameters of FAM settings. Required attributes depends on the Connection Service type -\n- aws\n - bucket:\n - description: The aws bucket name to store scan results\n - type: string\n - minLength: 3\n - maxLength: 63\n - pattern: '^[a-z0-9.-]$' can contain only lower case letters, numbers, dot(.) and hyphen(-)\n","type":"object","format":"JSON"},"FAMSettingsResponse":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description for the FAM setting","type":"string","format":"description must be a maximum of 256 characters in length"},"connectionID":{"description":"Connection resource id","type":"string","format":"uuid"},"service":{"description":"Service type of connection resource","type":"string","enum":["aws"]},"connectionAttributes":{"description":"Additional connection parameters of FAM settings. Required attributes depends on the Connection Service type -\n- aws\n - bucket:\n - description: The aws bucket name to store scan results\n - type: string\n - minLength: 3\n - maxLength: 63\n - pattern: '^[a-z0-9.-]$' can contain only lower case letters, numbers, dot(.) and hyphen(-)\n","type":"object","format":"JSON"}}}]},"ConnectionTestFAMSettingsResponse":{"allOf":[{"type":"object","properties":{"service":{"description":"Service type of connection resource","type":"string","enum":["aws"]},"connection_ok":{"description":"true if the test was successful, otherwise false","type":"boolean"},"connection_error":{"description":"Error message if the connection test failed","type":"string"}}}]},"TestConnectionFAMSettings":{"allOf":[{"type":"object","properties":{"connectionID":{"description":"Connection resource id","type":"string","format":"uuid"},"testFileSuffix":{"description":"Suffix for test file name","type":"string"},"connectionAttributes":{"description":"Additional connection parameters of FAM settings. Required attributes depends on the Connection Service type -\n- aws\n - bucket:\n - description: The aws bucket name to store scan results\n - type: string\n - minLength: 3\n - maxLength: 63\n - pattern: '^[a-z0-9.-]$' can contain only lower case letters, numbers, dot(.) and hyphen(-)\n","type":"object","format":"JSON"}}}]},"Tag":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"namespace":{"description":"Namespace of Tag.","type":"string"},"editable":{"description":"Indicates if the Tag can be edited or not.","type":"boolean"}}}]},"AgentLabel":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}}]},"TagParam":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["id"],"properties":{"id":{"description":"Id of the Tag.","type":"string","format":"uuid"}}}]},"Country":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"code":{"description":"Country Code.","type":"string"},"latitude":{"description":"Latitude.","type":"number"},"longitude":{"description":"Longitude.","type":"number"}}}]},"State":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"countryCode":{"description":"Country Code associated to the State.","type":"string"}}}]},"AvailableScan":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}}]},"ScanExecutionDetails":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"type":"object","properties":{"id":{"description":"ID of the execution","type":"string","format":"UUIDv4"},"scanId":{"description":"ID of the scan","type":"string","format":"UUIDv4"},"scanVersion":{"description":"Version of the scan","type":"integer"},"startTimestamp":{"description":"Timestamp when the scan started","type":"string","format":"date"},"endTimestamp":{"description":"Timestamp when the scan ended","type":"string","format":"date"},"duration":{"description":"Duration of the scan in seconds","type":"integer"},"status":{"description":"Current status of the scan execution. \n","type":"string","enum":["COMPLETED","RUNNING","PAUSED","AUTOPAUSED","FAILED","STOPPED","PENDING","PROCESSING","VALIDATING","INTERRUPTED","{{FF_DDC_PARTIAL_SCAN|PARTIALLYCOMPLETED}}"]},"error":{"description":"error of the scan, if it failed","type":"object","format":"JSON"},"totalObjects":{"description":"total data objects found in the execution","type":"integer"},"sensitiveObjects":{"description":"number of sensitive data objects found in the execution","type":"integer"},"ddcVersion":{"description":"ddc version when the scan was executed","type":"string"}}}]},"Scan":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"deletedAt":{"description":"The date when the scan was deleted","type":"string","format":"date-time"},"description":{"description":"Description for the scan","type":"string"},"cron":{"description":"Cron expression for the scan schedule","type":"string","example":"0 0 * * *"},"increment":{"description":"The type of increment for the scan schedule (DAILY, WEEKLY or MONTHLY)","type":"string","enum":["DAILY","WEEKLY","MONTHLY"]},"every":{"description":"Every how many increments (days, weeks, months) the scan schedule gets executed","type":"integer"},"startingDate":{"description":"The date when the scan schedule starts","type":"string","format":"date-time"},"endingDate":{"description":"The date when the scan schedule ends","type":"string","format":"date-time"},"scheduleEnabled":{"description":"Indicates if the scan schedule is enabled","type":"boolean"},"autoPauseEnabled":{"description":"Indicates if the auto pause feature is enabled","type":"boolean"},"autoPauseTimezone":{"description":"Time zone for the autopause. If the auto pause is enabled this field is required.","type":"string","example":"Etc/GMT"},"autoPauseDays":{"description":"Days the auto pause is active. If the auto pause is enabled this field is required.","type":"array","items":{"type":"string","enum":["Saturday","Friday","Thursday","Wednesday","Tuesday","Monday","Sunday"]}},"autoPauseFrom":{"description":"Time when the auto pause feature starts. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"autoPauseTo":{"description":"Time when the auto pause feature ends. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"scanPriority":{"description":"CPU priority set for the agent process used in the scan. The possible values are 'low' and 'normal'","type":"string","enum":["low","normal"],"default":"low"},"memoryUsageLimit":{"description":"Setting for the maximum memory usage that the scanner service can use on the datastore host, in MB","type":"integer","default":2048},"throughput":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps. Set to 0 for unlimited.","type":"integer","default":0},"matchDetail":{"description":"Set the amount of match details to be captured for the scan schedule (minimum, balanced, maximum)","type":"string","enum":["minimum","balanced","maximum"],"default":"minimum"},"trace":{"description":"Captures detailed scan trace messages when scanning a Target","type":"boolean","default":false},"ocr":{"description":"Scans images for sensitive data using Optical Character Recognition (OCR)","type":"boolean","default":false},"ebcdic":{"description":"Scan file systems that use IBM's EBCDIC encoding","type":"boolean","default":false},"rowLimit":{"description":"Rowlimit enables the facility to scan database datastores partially","type":"integer","example":10},"filters":{"description":"Filters to apply to the scan","type":"array","items":{"type":"object","properties":{"filter":{"type":"string","format":"string","enum":["exclude_prefix","exclude_suffix","exclude_expression","include_date_range","include_recent","exclude_max_size"],"description":"Type of filter to apply\nexclude_prefix - requires expression field\nexclude_suffix - requires expression field\nexclude_expression - requires expression field\ninclude_date_range - requires fromDate and toDate fields\ninclude_recent - requires days field\nexclude_max_size - requires size field\n"},"expression":{"description":"Expression for the filter","type":"string","example":"/dataset/ddcdatasetv1/*/Doc"},"toDate":{"description":"Starting date for the include_date_range filter","type":"string","format":"date","example":"2020-05-05T00:00:00.000Z"},"fromDate":{"description":"Ending date for the include_date_range filter","type":"string","format":"date","example":"2020-10-05T00:00:00.000Z"},"days":{"description":"Days to include for the include_recent filter","type":"integer","example":10},"size":{"description":"Max data object size for the exclude_max_size in MB","type":"integer","example":100}}}},"classificationProfiles":{"description":"Classification profiles included in the scan","type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the classification profile","type":"string","format":"UUIDv4"},"name":{"description":"Name of the classification profile","type":"string"},"chainedVersion":{"description":"Version of the classification profile","type":"integer"}}}},"dataStores":{"description":"Datastores included in the scan","type":"array","items":{"type":"object","properties":{"datastore":{"description":"Details of the datastore","type":"object","properties":{"id":{"description":"ID of the datastore","type":"string","format":"UUIDv4"},"name":{"description":"Name of the datastore","type":"string"},"type":{"description":"Type of the datastore","type":"string"},"chainedVersion":{"description":"Version of the datastore","type":"integer"}}},"targets":{"description":"Targets in the datastore to scan","type":"array","items":{"type":"object","properties":{"path":{"description":"Path for the target to scan","type":"string"}}}}}}},"lastExecutionId":{"description":"ID of the last execution of the scan","type":"string","format":"UUIDv4"},"lastExecution":{"description":"Status of the last scan execution","type":"object","properties":{"id":{"description":"ID of the execution","type":"string","format":"UUIDv4"},"scanId":{"description":"ID of the scan","type":"string","format":"UUIDv4"},"scanVersion":{"description":"Version of the scan","type":"integer"},"startTimestamp":{"description":"Timestamp when the scan started","type":"string","format":"date"},"endTimestamp":{"description":"Timestamp when the scan ended","type":"string","format":"date"},"duration":{"description":"Duration of the scan in seconds","type":"integer"},"status":{"description":"Current status of the scan execution. \n","type":"string","enum":["COMPLETED","RUNNING","PAUSED","AUTOPAUSED","FAILED","STOPPED","PENDING","PROCESSING","VALIDATING","INTERRUPTED","{{FF_DDC_PARTIAL_SCAN|PARTIALLYCOMPLETED}}"]},"error":{"description":"error of the scan, if it failed","type":"object","format":"JSON"},"totalObjects":{"description":"total data objects found in the execution","type":"integer"},"sensitiveObjects":{"description":"number of sensitive data objects found in the execution","type":"integer"},"ddcVersion":{"description":"ddc version when the scan was executed","type":"string"}}},"actions":{"description":"Actions available for the scan, given the configuration and the current status. \n","type":"array","items":{"type":"string","enum":["RUN_NOW","DISABLE","PAUSE","STOP","RESUME","ENABLE","EDIT","DELETE","DUPLICATE"]}},"status":{"description":"Current status of the scan. \n","type":"string","enum":["COMPLETED","RUNNING","PAUSED","AUTOPAUSED","FAILED","STOPPED","UNSCANNED","PENDING","PROCESSING","VALIDATING","INTERRUPTED","{{FF_DDC_PARTIAL_SCAN|PARTIALLYCOMPLETED}}"]},"indexEnabled":{"x-feature":"FF_DDC_ML","description":"Indicates if the datastores indexing feature is enabled. To be enabled, at least one datastore and one infotype supporting similarity searches must be part of the scan configuration.","type":"boolean","default":false},"subScanExecutionSummary":{"x-feature":"FF_DDC_PARTIAL_SCAN","description":"Details of the current scan targets and datastore","type":"array","items":{"type":"object","properties":{"datastore":{"description":"Details of the datastore","type":"object","properties":{"id":{"description":"ID of the datastore","type":"string","format":"UUIDv4"},"name":{"description":"Name of the datastore","type":"string"},"type":{"description":"Type of the datastore","type":"string"},"status":{"description":"status of the datastore","type":"string"},"error":{"description":"Error of the datastore","type":"object","format":"json"}}},"targets":{"description":"Targets in the datastore to scan","type":"array","items":{"type":"object","properties":{"path":{"description":"Path for the target to scan","type":"string"},"status":{"description":"Status of the target to scan","type":"string"},"error":{"description":"Error in the target to scan","type":"object","format":"json"}}}}}}}}}]},"ScanReport":{"type":"object","properties":{"partial":{"description":"Partial Data","type":"integer"},"total":{"description":"Total Data","type":"integer"}}},"ScanExecution":{"type":"object","properties":{"timestamp":{"description":"Execution timestamp","type":"string","format":"date-time"},"scanExecutionId":{"description":"Execution ID","type":"string"},"scanId":{"description":"Scan ID","type":"string"},"version":{"description":"Scan Version","type":"integer"}}},"ScanTraceLogs":{"type":"object","properties":{"timestamp":{"description":"Time stamp (Unix time format) for each action that happened on a path or location during a scan.","type":"integer"},"action":{"description":"Action performed on a path or location during a scan.","type":"string","enum":["source","opening","opened","parsing","decoding","decoded","completed","scanning","inaccess"]},"agent_name":{"description":"Name of the agent that performed the scan.","type":"string"},"path":{"description":"Full path where the action happened.","type":"string"}}},"CreateLocalStorageDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"local storage datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"}}}}}]},"UpdateLocalStorageDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"local storage datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"}}}}}]},"CreateIBMDB2DatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"IBM db2 datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]},"UpdateIBMDB2DatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"IBM db2 datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateOracleDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"IBM db2 datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]},"UpdateOracleDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"IBM db2 datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateMicrosoftSQLDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Microsoft SQL db datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]},"UpdateMicrosoftSQLDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Microsoft SQL db datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreatePostgresSQLDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Postgres SQL datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]},"UpdatePostgresSQLDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Postgres SQL datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateSapHanaDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"SAP Hana DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]},"UpdateSapHanaDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"SAP Hana DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateMySQLDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"MySQL datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]},"UpdateMySQLDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"MySQL datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateTeradataDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Teradata DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]},"UpdateTeradataDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Teradata DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateMongoDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Mongo DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"authDatabase":{"type":"string","description":"Authorization database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]},"UpdateMongoDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Mongo DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"authDatabase":{"type":"string","description":"Authorization database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateWindowsShareDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Windows Share datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."},"path":{"type":"string","description":"Shared folder name."}}}}}]},"UpdateWindowsShareDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Windows Share datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"},"path":{"type":"string","description":"Shared folder name."}}}}}]},"CreateUnixFileShareDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Unix File Share datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"path":{"type":"string","description":"Shared folder path."},"proxyHostname":{"type":"string","description":"hostname of the agent when the shared folder is mounted"},"proxyPath":{"type":"string","description":"mount point in the agent"}}}}}]},"UpdateUnixFileShareDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Unix File Share datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"path":{"type":"string","description":"Shared folder path."},"proxyHostname":{"type":"string","description":"hostname of the agent when the shared folder is mounted"},"proxyPath":{"type":"string","description":"mount point in the agent"}}}}}]},"CreateHadoopClusterDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Hadoop Cluster datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"hdfs port"}}}}}]},"UpdateHadoopClusterDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Hadoop Cluster datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"hdfs port"}}}}}]},"CreateAmazonS3DatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Amazon s3 datastore connection.","type":"object","properties":{"accessKeyId":{"type":"string","description":"access key ID"},"secretAccessKey":{"type":"string","description":"secret access key"}}}}}]},"UpdateAmazonS3DatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Amazon s3 datastore connection.","type":"object","properties":{"accessKeyId":{"type":"string","description":"access key ID"},"secretAccessKey":{"type":"string","description":"secret access key"},"editSecretAccessKey":{"type":"boolean","description":"set to true to edit the secret access key"}}}}}]},"CreateAzureBlobDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure blob datastore connection.","type":"object","properties":{"accountName":{"type":"string","description":"azure account name"},"username":{"type":"string","description":"azure username"},"password":{"type":"string","description":"password to access the datastore"}}}}}]},"UpdateAzureBlobDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure blob datastore connection.","type":"object","properties":{"accountName":{"type":"string","description":"azure account name"},"username":{"type":"string","description":"azure username"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateAzureTableDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure table datastore connection.","type":"object","properties":{"accountName":{"type":"string","description":"azure account name"},"username":{"type":"string","description":"azure username"},"password":{"type":"string","description":"password to access the datastore"}}}}}]},"UpdateAzureTableDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure table datastore connection.","type":"object","properties":{"accountName":{"type":"string","description":"azure account name"},"username":{"type":"string","description":"azure username"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateSharepointOnlineDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure Office365 Sharepoint Online datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"sharepoint domain"},"clientId":{"type":"string","description":"sharepoint client id"},"tenantId":{"type":"string","description":"sharepoint tenant id"},"clientSecretKey":{"type":"string","description":"client secret key."}}}}}]},"UpdateSharepointOnlineDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure Office365 Sharepoint Online datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"sharepoint domain"},"clientId":{"type":"string","description":"sharepoint client id"},"tenantId":{"type":"string","description":"sharepoint tenant id"},"clientSecretKey":{"type":"string","description":"client secret key. Only fill with editClientSecretKey=true"},"editClientSecretKey":{"type":"boolean","description":"set to true to edit the client secret key"}}}}}]},"CreateExchangeOnlineDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Office365 Exchange Online datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"exchange domain"},"clientId":{"type":"string","description":"exchange client id"},"tenantId":{"type":"string","description":"exchange tenant id"},"clientSecretKey":{"type":"string","description":"client secret key."}}}}}]},"UpdateExchangeOnlineDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Office365 Exchange Online datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"exchange domain"},"clientId":{"type":"string","description":"exchange client id"},"tenantId":{"type":"string","description":"exchange tenant id"},"clientSecretKey":{"type":"string","description":"client secret key. Only fill with editClientSecretKey=true"},"editClientSecretKey":{"type":"boolean","description":"set to true to edit the client secret key"}}}}}]},"CreateOneDriveBusinessDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Office365 OneDrive Business datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"OneDrive Business domain"},"clientId":{"type":"string","description":"OneDrive Business client id"},"tenantId":{"type":"string","description":"OneDrive Business tenant id"},"clientSecretKey":{"type":"string","description":"client secret key."}}}}}]},"UpdateOneDriveBusinessDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Office365 OneDrive Business datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"OneDrive Business domain"},"clientId":{"type":"string","description":"OneDrive Business client id"},"tenantId":{"type":"string","description":"OneDrive Business tenant id"},"clientSecretKey":{"type":"string","description":"client secret key. Only fill with editClientSecretKey=true"},"editClientSecretKey":{"type":"boolean","description":"set to true to edit the client secret key"}}}}}]},"CreateExchangeServerDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Exchange Server datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"Exchange Server domain"},"username":{"type":"string","description":"Exchange Server username"},"password":{"type":"string","description":"Exchange Server password."}}}}}]},"UpdateExchangeServerDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Exchange Server datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"Exchange Server domain"},"username":{"type":"string","description":"Exchange Server username"},"password":{"type":"string","description":"password for exchange server. Only fill with editPassword=true"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateGoogleMailDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Mail datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"google domain"},"username":{"type":"string","description":"google username"},"serviceAccountID":{"type":"string","description":"service account id."},"privateKey":{"type":"string","description":"private key."},"privateKeyFilename":{"type":"string","description":"private key file name."}}}}}]},"UpdateGoogleMailDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Mail datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"google domain"},"username":{"type":"string","description":"google username"},"serviceAccountID":{"type":"string","description":"service account id. Only set with editServiceAccountID=true"},"editServiceAccountID":{"type":"boolean","description":"set to true to edit the service account id"},"privateKey":{"type":"string","description":"private key. Only set with editPrivateKey=true"},"editPrivateKey":{"type":"boolean","description":"set to true to edit the private key"},"privateKeyFilename":{"type":"string","description":"private key file name."}}}}}]},"CreateGoogleDriveDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Drive datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"google domain"},"username":{"type":"string","description":"google username"},"serviceAccountID":{"type":"string","description":"service account id."},"privateKey":{"type":"string","description":"private key."},"privateKeyFilename":{"type":"string","description":"private key file name."}}}}}]},"UpdateGoogleDriveDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Drive datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"google domain"},"username":{"type":"string","description":"google username"},"serviceAccountID":{"type":"string","description":"service account id. Only set with editServiceAccountID=true"},"editServiceAccountID":{"type":"boolean","description":"set to true to edit the service account id"},"privateKey":{"type":"string","description":"private key. Only set with editPrivateKey=true"},"editPrivateKey":{"type":"boolean","description":"set to true to edit the private key"},"privateKeyFilename":{"type":"string","description":"private key file name."}}}}}]},"CreateSharepointServerDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Drive datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"share point server hostname"},"username":{"type":"string","description":"username"},"password":{"type":"string","description":"password"},"apiPassword":{"type":"string","description":"api password."},"apiPasswordsFilename":{"type":"string","description":"api password file name."}}}}}]},"UpdateSharepointServerDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Drive datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"share point server hostname"},"username":{"type":"string","description":"username"},"password":{"type":"string","description":"password. Only set with editPassword=true"},"editPassword":{"type":"boolean","description":"set to true to edit the password"},"apiPassword":{"type":"string","description":"api password. Only set with editAPIPasswords=true"},"editApiPassword":{"type":"boolean","description":"set to true to edit the api password"},"apiPasswordsFilename":{"type":"string","description":"api password file name."}}}}}]},"CreateSalesforceDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Salesforce datastore connection.","type":"object","required":["privateKeyFilename"],"properties":{"salesforceAccount":{"type":"string","description":"salesforce account"},"consumerKey":{"type":"string","description":"consumer key"},"privateKey":{"type":"string","description":"private key"},"privateKeyFilename":{"type":"string","description":"filename private key"}}}}}]},"UpdateSalesforceDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Salesforce datastore connection.","type":"object","required":["privateKeyFilename"],"properties":{"salesforceAccount":{"type":"string","description":"salesforce account"},"consumerKey":{"type":"string","description":"consumer key. Only set with editConsumerKey=true"},"editConsumerKey":{"type":"string","description":"set to true to edit the consumer key"},"privateKey":{"type":"string","description":"private key. Only set with editPrivateKey=true"},"editPrivateKey":{"type":"boolean","description":"set to true to edit the private key"},"privateKeyFilename":{"type":"string","description":"filename private key"}}}}}]},"CommonCreateDatastoreParams":{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},"LegacyCreateDatastoreParams":{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},"AgentsDatastoreParams":{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},"AgentLabelsDatastoreParams":{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},"CreateDatastore":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","properties":{"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"}}}]},"CommonUpdateDatastoreParams":{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object"},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},"UpdateDatastore":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object"},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","properties":{"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n - editSecretAccessKey:\n - type: boolean\n - description: set to true to edit the secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key. Only fill with editClientSecretKey=true\n - editClientSecretKey:\n - type: boolean\n - description: set to true to edit the client secret key\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key. Only fill with editClientSecretKey=true\n - editClientSecretKey:\n - type: boolean\n - description: set to true to edit the client secret key\n-EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password. Only fill with editPassword=true\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id. Only set with editServiceAccountID=true\n - editServiceAccountID:\n - type: boolean\n - description: set to true to edit the service account id\n - privateKey:\n - type: string\n - description: private key. Only set with editPrivateKey=true\n - editPrivateKey:\n - type: boolean\n - description: set to true to edit the private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id. Only set with editServiceAccountID=true\n - editServiceAccountID:\n - type: boolean\n - description: set to true to edit the service account id\n - privateKey:\n - type: string\n - description: private key. Only set with editPrivateKey=true\n - editPrivateKey:\n - type: boolean\n - description: set to true to edit the private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password. Only set with editPassword=true \n - editPassword:\n - type: string\n - description: set to true to edit the passowrd\n - apiPassword:\n - type: string\n - description: api password. Only set with editAPIPasswords=true\n - editAPIPasswords:\n - type: string\n - description: set to true to edit the api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"}}}]},"AgentLabelParam":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}},"UpdateStatusDatastore":{"type":"object","properties":{"status":{"description":"Status of Datastore.","type":"boolean"}}},"CreateReportTemplateAggregated":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["source","analysis","scans"],"properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"source":{"description":"Source of ReportTemplate.","type":"string"},"analysis":{"description":"Analysis of ReportTemplate.","type":"string"},"scans":{"description":"Array Scans of the reportTemplate","type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the scan selected for the report.","type":"string"},"scanExecutionId":{"description":"ScanExecutionID is the execution ID of the scan (Set to empty to use latest).","type":"string"},"scanName":{"description":"ScanName of the scan selected for the report.","type":"string"},"latest":{"description":"True for last execution.","type":"boolean"},"executionDate":{"description":"ExecutionDate of the scan selected for the report.","format":"date-time"}}}]}},"autoGenerateReport":{"x-feature":"FF_REPORT_REGENERATION","description":"Whether regenerate the report once new executions of associated scans are available.","type":"boolean"}}}]},"CreateReportTemplateTrend":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"scanId":{"description":"Scan Id of the desired scan","type":"string"},"scanExecutionId":{"description":"Scan Execution Id of the desired scan","type":"string"},"scanExecutions":{"description":"Number of scan executions desired for the report","type":"integer"}}}]},"CreateScanTemplateParams":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the scan selected for the report.","type":"string"},"scanExecutionId":{"description":"ScanExecutionID is the execution ID of the scan (Set to empty to use latest).","type":"string"},"scanName":{"description":"ScanName of the scan selected for the report.","type":"string"},"latest":{"description":"True for last execution.","type":"boolean"},"executionDate":{"description":"ExecutionDate of the scan selected for the report.","format":"date-time"}}}]},"CreateClassificationProfile":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["sensitivityLevel","infoTypes"],"properties":{"id":{"description":"ID of the new classification profile. If not supplied a random UUID will be used","type":"string","format":"UUIDv4"},"description":{"description":"Description of Classification Profile.","type":"string"},"sensitivityLevel":{"description":"Sensitivity Level ID of Classification Profile.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}},"infoTypes":{"type":"array","items":{"type":"object","properties":{"infoTypeId":{"description":"ID of the info type","type":"string","format":"UUIDv4"},"infoTypeMin":{"description":"Min matches of the infotype","type":"integer"}}}}}}]},"UpdateClassificationProfile":{"allOf":[{"type":"object","required":["name","sensitivityLevel","infoTypes"],"properties":{"name":{"description":"name of Classification Profile.","type":"string"},"description":{"description":"Description of Classification Profile.","type":"string"},"sensitivityLevel":{"description":"Sensitivity Level ID of Classification Profile.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}},"infoTypes":{"type":"array","items":{"type":"object","properties":{"infoTypeId":{"description":"ID of the info type","type":"string","format":"UUIDv4"},"infoTypeMin":{"description":"Min matches of the infotype","type":"integer"}}}}}}]},"DatastoreType":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"DatastoreGroup":{"type":"object","properties":{"type":{"description":"Datastores group type.","type":"string"},"dataStores":{"description":"datastores of previous type.","type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}}}},"ScannedDatastores":{"type":"object","properties":{"totalDatastores":{"description":"Total number of datastores.","type":"integer"},"scannedDatastores":{"description":"Total number of scanned datastores.","type":"integer"},"sensitiveDatastores":{"description":"number of datastores with sensitive data.","type":"integer"}}},"ScanFilter":{"type":"object","required":["filter"],"properties":{"filter":{"description":"type of the filter","type":"string","enum":["exclude_prefix","exclude_suffix","exclude_expression","include_date_range","include_recent","exclude_max_size"]},"expression":{"description":"expression for exlcude_prefix, exclude_suffix or exclude_expresion filters.","type":"string"},"toDate":{"description":"include locations modified in a given range of the date","type":"string"},"fromDate":{"description":"include locations modified in a given range of the date","type":"string"},"days":{"description":"include locations modified recently within a given number of days from the current day","type":"integer"},"size":{"description":"exclude locations greater than file size (MB)","type":"integer"}}},"CreateScan":{"allOf":[{"type":"object","required":["name","classificationProfiles","dataStores"],"properties":{"id":{"description":"id to use when creating the scan","type":"string","format":"UUIDv4","default":"random UUID"},"name":{"description":"name of the scan","type":"string"},"description":{"description":"Description for the scan","type":"string"},"cron":{"description":"Cron expression for the scan schedule","type":"string","example":"0 0 * * *","default":null},"increment":{"description":"The type of increment for the scan schedule (DAILY, WEEKLY or MONTHLY)","type":"string","enum":["DAILY","WEEKLY","MONTHLY"]},"every":{"description":"Every how many increments (days, weeks, months) the scan schedule gets executed","type":"integer"},"startingDate":{"description":"The date when the scan schedule starts","type":"string","format":"date-time"},"endingDate":{"description":"The date when the scan schedule ends","type":"string","format":"date-time"},"autoPauseEnabled":{"description":"Indicates if the auto pause feature is enabled","type":"boolean","default":false},"autoPauseTimezone":{"description":"Time zone for the autopause. If the auto pause is enabled this field is required.","type":"string","example":"Etc/GMT"},"autoPauseDays":{"description":"Days the auto pause is active. If the auto pause is enabled this field is required.","type":"array","items":{"type":"string","enum":["Saturday","Friday","Thursday","Wednesday","Tuesday","Monday","Sunday"]}},"autoPauseFrom":{"description":"Time when the auto pause feature starts. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"autoPauseTo":{"description":"Time when the auto pause feature ends. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"scanPriority":{"description":"CPU priority set for the agent process used in the scan. The possible values are 'low' and 'normal'","type":"string","enum":["low","normal"],"default":"low"},"memoryUsageLimit":{"description":"Setting for the maximum memory usage that the scanner service can use on the datastore host, in MB","type":"integer","default":2048},"throughput":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps. Set to 0 for unlimited.","type":"integer","default":0},"matchDetail":{"description":"Set the amount of match details to be captured for the scan schedule (minimum, balanced, maximum)","type":"string","enum":["minimum","balanced","maximum"],"default":"minimum"},"trace":{"description":"Captures detailed scan trace messages when scanning a Target","type":"boolean","default":false},"ocr":{"description":"Scans images for sensitive data using Optical Character Recognition (OCR)","type":"boolean","default":false},"ebcdic":{"description":"Scan file systems that use IBM's EBCDIC encoding","type":"boolean","default":false},"rowLimit":{"description":"Rowlimit enables the facility to scan database datastores partially","type":"integer","example":10},"classificationProfiles":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the classification profile","type":"string","format":"UUIDv4"}}}},"dataStores":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the datastore","type":"string","format":"UUIDv4"},"targets":{"description":"targets to scan inside the datastore","type":"array","items":{"type":"object","properties":{"path":{"description":"Target path to scan in the datastore","type":"string"}}}}}}},"filters":{"description":"Filters to apply to the scan","type":"array","items":{"type":"object","properties":{"filter":{"type":"string","format":"string","enum":["exclude_prefix","exclude_suffix","exclude_expression","include_date_range","include_recent","exclude_max_size"],"description":"Type of filter to apply\nexclude_prefix - requires expression field\nexclude_suffix - requires expression field\nexclude_expression - requires expression field\ninclude_date_range - requires fromDate and toDate fields\ninclude_recent - requires days field\nexclude_max_size - requires size field\n"},"expression":{"description":"Expression for the filter","type":"string","example":"/dataset/ddcdatasetv1/*/Doc"},"toDate":{"description":"Starting date for the include_date_range filter","type":"string","format":"date","example":"2020-05-05T00:00:00.000Z"},"fromDate":{"description":"Ending date for the include_date_range filter","type":"string","format":"date","example":"2020-10-05T00:00:00.000Z"},"days":{"description":"Days to include for the include_recent filter","type":"integer","example":10},"size":{"description":"Max data object size for the exclude_max_size in MB","type":"integer","example":100}}}},"indexEnabled":{"x-feature":"FF_DDC_ML","description":"Indicates if the datastores indexing feature is enabled. To be enabled, at least one datastore and one infotype supporting similarity searches must be part of the scan configuration.","type":"boolean","default":false}}}]},"UpdateScan":{"allOf":[{"type":"object","required":["name","classificationProfiles","dataStores"],"properties":{"id":{"description":"id of the scan to update","type":"string","format":"UUIDv4"},"name":{"description":"name of the scan","type":"string"},"description":{"description":"Description for the scan","type":"string"},"cron":{"description":"Cron expression for the scan schedule","type":"string","example":"0 0 * * *","default":null},"increment":{"description":"The type of increment for the scan schedule (DAILY, WEEKLY or MONTHLY)","type":"string","enum":["DAILY","WEEKLY","MONTHLY"]},"every":{"description":"Every how many increments (days, weeks, months) the scan schedule gets executed","type":"integer"},"startingDate":{"description":"The date when the scan schedule starts","type":"string","format":"date-time"},"endingDate":{"description":"The date when the scan schedule ends","type":"string","format":"date-time"},"autoPauseEnabled":{"description":"Indicates if the auto pause feature is enabled","type":"boolean","default":false},"autoPauseTimezone":{"description":"Time zone for the autopause. If the auto pause is enabled this field is required.","type":"string","example":"Etc/GMT"},"autoPauseDays":{"description":"Days the auto pause is active. If the auto pause is enabled this field is required.","type":"array","items":{"type":"string","enum":["Saturday","Friday","Thursday","Wednesday","Tuesday","Monday","Sunday"]}},"autoPauseFrom":{"description":"Time when the auto pause feature starts. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"autoPauseTo":{"description":"Time when the auto pause feature ends. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"scanPriority":{"description":"CPU priority set for the agent process used in the scan. The possible values are 'low' and 'normal'","type":"string","enum":["low","normal"],"default":"low"},"memoryUsageLimit":{"description":"Setting for the maximum memory usage that the scanner service can use on the datastore host, in MB","type":"integer","default":2048},"throughput":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps. Set to 0 for unlimited.","type":"integer","default":0},"matchDetail":{"description":"Set the amount of match details to be captured for the scan schedule (minimum, balanced, maximum)","type":"string","enum":["minimum","balanced","maximum"],"default":"minimum"},"trace":{"description":"Captures detailed scan trace messages when scanning a Target","type":"boolean","default":false},"ocr":{"description":"Scans images for sensitive data using Optical Character Recognition (OCR)","type":"boolean","default":false},"ebcdic":{"description":"Scan file systems that use IBM's EBCDIC encoding","type":"boolean","default":false},"rowLimit":{"description":"Rowlimit enables the facility to scan database datastores partially","type":"integer","example":10},"classificationProfiles":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the classification profile","type":"string","format":"UUIDv4"}}}},"dataStores":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the datastore","type":"string","format":"UUIDv4"},"targets":{"description":"targets to scan inside the datastore","type":"array","items":{"type":"object","properties":{"path":{"description":"Target path to scan in the datastore","type":"string"}}}}}}},"filters":{"description":"Filters to apply to the scan","type":"array","items":{"type":"object","properties":{"filter":{"type":"string","format":"string","enum":["exclude_prefix","exclude_suffix","exclude_expression","include_date_range","include_recent","exclude_max_size"],"description":"Type of filter to apply\nexclude_prefix - requires expression field\nexclude_suffix - requires expression field\nexclude_expression - requires expression field\ninclude_date_range - requires fromDate and toDate fields\ninclude_recent - requires days field\nexclude_max_size - requires size field\n"},"expression":{"description":"Expression for the filter","type":"string","example":"/dataset/ddcdatasetv1/*/Doc"},"toDate":{"description":"Starting date for the include_date_range filter","type":"string","format":"date","example":"2020-05-05T00:00:00.000Z"},"fromDate":{"description":"Ending date for the include_date_range filter","type":"string","format":"date","example":"2020-10-05T00:00:00.000Z"},"days":{"description":"Days to include for the include_recent filter","type":"integer","example":10},"size":{"description":"Max data object size for the exclude_max_size in MB","type":"integer","example":100}}}},"indexEnabled":{"x-feature":"FF_DDC_ML","description":"Indicates if the datastores indexing feature is enabled. To be enabled, at least one datastore and one infotype supporting similarity searches must be part of the scan configuration.","type":"boolean","default":false}}}]},"RegisterActiveNode":{"allOf":[{"type":"object","properties":{"id":{"description":"ID of the node to register as active","type":"string"}}}]},"ResourceIDParam":{"type":"object","properties":{"id":{"description":"Id of the Tag.","type":"string","format":"uuid"}}},"ConnectivityResponse":{"type":"object","properties":{"status":{"description":"Connection status.","type":"string","enum":["RUNNING","COMPLETED"]},"processID":{"description":"Process ID","type":"string","format":"uuid"}}},"BrowseTargetResponse":{"type":"object","properties":{"path":{"description":"found object path","type":"string"},"type":{"description":"object path type","type":"string","enum":["file","folder","bucket"]}}},"NodeInfo":{"type":"object","properties":{"publicAddress":{"description":"Public Address of the node","type":"string"},"host":{"description":"Private Address of the node","type":"string"}}},"RecommendedRam":{"type":"object","properties":{"recommendedRam":{"description":"Recommended RAM to deploy DDC","type":"integer","format":"int64"}}},"AvailableRam":{"type":"object","properties":{"totalRam":{"description":"Available RAM in the system","type":"integer","format":"int64"}}},"DataAllowance":{"type":"object","properties":{"dataUsage":{"description":"Data allowance consumed","type":"integer","format":"int"},"totalDataAllowance":{"description":"Total data allowance available","type":"integer","format":"int"}}},"DDCResource":{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},"Versioned":{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},"UpdateDatastoreConnection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n - editSecretAccessKey:\n - type: boolean\n - description: set to true to edit the secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key. Only fill with editClientSecretKey=true\n - editClientSecretKey:\n - type: boolean\n - description: set to true to edit the client secret key\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key. Only fill with editClientSecretKey=true\n - editClientSecretKey:\n - type: boolean\n - description: set to true to edit the client secret key\n-EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password. Only fill with editPassword=true\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id. Only set with editServiceAccountID=true\n - editServiceAccountID:\n - type: boolean\n - description: set to true to edit the service account id\n - privateKey:\n - type: string\n - description: private key. Only set with editPrivateKey=true\n - editPrivateKey:\n - type: boolean\n - description: set to true to edit the private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id. Only set with editServiceAccountID=true\n - editServiceAccountID:\n - type: boolean\n - description: set to true to edit the service account id\n - privateKey:\n - type: string\n - description: private key. Only set with editPrivateKey=true\n - editPrivateKey:\n - type: boolean\n - description: set to true to edit the private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password. Only set with editPassword=true \n - editPassword:\n - type: string\n - description: set to true to edit the passowrd\n - apiPassword:\n - type: string\n - description: api password. Only set with editAPIPasswords=true\n - editAPIPasswords:\n - type: string\n - description: set to true to edit the api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"DatastoreConnection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"DatastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"AgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"ConfigProfile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of the Config Profile.","type":"string"},"dataEngineConfig":{"description":"Data Engine configuration of the Config Profile.","type":"object","properties":{"serverURI":{"description":"URI for the Data Engine server in Hadoop service.","type":"string"}}},"knoxConfig":{"description":"Knox configuration of the Config Profile.","type":"object","properties":{"name":{"description":"Name of the Hadoop connection as in Connection Manager.","type":"string"},"service":{"description":"Name of the Hadoop connection service as in Connection Manager.","type":"string"},"username":{"description":"Username of the HDFS account","type":"string"},"topology":{"description":"Topology for the Hadoop connection.","type":"string","example":"default"},"nodes":{"description":"List of Knox nodes for the Hadoop connection service.","type":"array","items":{"type":"object","properties":{"hostname":{"description":"Hostname of the Knox node.","type":"string"},"port":{"description":"Port of the Knox node.","type":"integer"},"protocol":{"description":"Communication protocol of the Knox node.","type":"string","example":"https"},"serverCertificate":{"description":"Certificate for the Knox node.","type":"string"}}}}}},"metaConfig":{"description":"All other configurations of a Config Profile in a string map. For example,\n```\n{\n \"ddc_prediction_report_threshold\": \"5\",\n \"ddc_prediction_batch_number\": \"4\"\n}\n```\n\nRefer to ML Agent documentation for the list of available options.\n","type":"object"}}}]},"CreateConfigProfileParams":{"allOf":[{"type":"object","required":["name","kafkaConfig","dataEngineConfig"],"properties":{"name":{"description":"Name of the Config Profile.","type":"string"},"description":{"description":"Description of Config Profile.","type":"string"},"dataEngineConfig":{"description":"Data Engine configuration of the Config Profile.","type":"object","properties":{"serverURI":{"description":"URI for the Data Engine server in Hadoop service.","type":"string"}}},"metaConfig":{"description":"All other configurations of a Config Profile in a string map. For example,\n```\n{ \n \"ddc_prediction_report_threshold\": \"5\",\n \"ddc_prediction_batch_number\": \"4\"\n}\n```\n\nRefer to ML Agent documentation for the list of available options.\n","type":"object"}}}]},"CreateConfigProfile":{"allOf":[{"allOf":[{"type":"object","required":["name","kafkaConfig","dataEngineConfig"],"properties":{"name":{"description":"Name of the Config Profile.","type":"string"},"description":{"description":"Description of Config Profile.","type":"string"},"dataEngineConfig":{"description":"Data Engine configuration of the Config Profile.","type":"object","properties":{"serverURI":{"description":"URI for the Data Engine server in Hadoop service.","type":"string"}}},"metaConfig":{"description":"All other configurations of a Config Profile in a string map. For example,\n```\n{ \n \"ddc_prediction_report_threshold\": \"5\",\n \"ddc_prediction_batch_number\": \"4\"\n}\n```\n\nRefer to ML Agent documentation for the list of available options.\n","type":"object"}}}]}]},"UpdateConfigProfileParams":{"allOf":[{"type":"object","properties":{"name":{"description":"Name of the Config Profile.","type":"string"},"description":{"description":"Description of Config Profile.","type":"string"},"dataEngineConfig":{"description":"Data Engine configuration of the Config Profile.","type":"object","properties":{"serverURI":{"description":"URI for the Data Engine server in Hadoop service.","type":"string"}}},"metaConfig":{"description":"All other configurations of a Config Profile in a string map. For example, \n```\n{\n \"ddc_prediction_report_threshold\": \"5\",\n \"ddc_prediction_batch_number\": \"4\"\n}\n```\n\nRefer to ML Agent documentation for the list of available options.\n","type":"object"}}}]},"UpdateConfigProfile":{"allOf":[{"allOf":[{"type":"object","properties":{"name":{"description":"Name of the Config Profile.","type":"string"},"description":{"description":"Description of Config Profile.","type":"string"},"dataEngineConfig":{"description":"Data Engine configuration of the Config Profile.","type":"object","properties":{"serverURI":{"description":"URI for the Data Engine server in Hadoop service.","type":"string"}}},"metaConfig":{"description":"All other configurations of a Config Profile in a string map. For example, \n```\n{\n \"ddc_prediction_report_threshold\": \"5\",\n \"ddc_prediction_batch_number\": \"4\"\n}\n```\n\nRefer to ML Agent documentation for the list of available options.\n","type":"object"}}}]}]},"CreateSimilaritySearch":{"x-feature":"FF_DDC_ML","allOf":[{"type":"object","required":["name","subjectSearchType","datastores","infotypes","meta"],"properties":{"id":{"description":"id to use when creating the similarity search.","type":"string","format":"UUIDv4","default":"random UUID"},"name":{"description":"Name of the similarity search.","type":"string"},"subjectSearchType":{"description":"Subject type (Name/EMAIL) to use in search.","type":"string"},"datastores":{"description":"Datastores where the search is done.","type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the datastore","type":"string","format":"UUIDv4"}}}},"infotypes":{"description":"Infotypes to be searched.","type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the infotype.","type":"string","format":"UUIDv4"},"valueToSearch":{"description":"Value of the infotype to search.","type":"string"},"required":{"description":"Indicates whether the search result data-object must contain the infotype. Defaults to `false`.","type":"boolean"},"threshold":{"description":"Minimum similarity threshold between [0-1] for inclusion of a search result. Defaults to `0`.","type":"number","format":"float"}}}},"meta":{"description":"Meta data of the similarity search.","type":"object"}}}]},"UpdateSimilaritySearch":{"x-feature":"FF_DDC_ML","allOf":[{"type":"object","required":["name","subjectSearchType","datastores","infotypes","meta"],"properties":{"id":{"description":"id to use when creating the similarity search.","type":"string","format":"UUIDv4","default":"random UUID"},"name":{"description":"Name of the similarity search.","type":"string"},"subjectSearchType":{"description":"Subject type (Name/EMAIL) to use in search.","type":"string"},"datastores":{"description":"Datastores where the search is done.","type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the datastore","type":"string","format":"UUIDv4"}}}},"infotypes":{"description":"Infotypes to be searched.","type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the infotype.","type":"string","format":"UUIDv4"},"valueToSearch":{"description":"Value of the infotype to search.","type":"string"},"required":{"description":"Indicates whether the search result data-object must contain the infotype. Defaults to `false`.","type":"boolean"},"threshold":{"description":"Minimum similarity threshold between [0-1] for inclusion of a search result. Defaults to `0`.","type":"number","format":"float"}}}},"meta":{"description":"Meta data of the similarity search.","type":"object"}}}]},"SimilaritySearch":{"x-feature":"FF_DDC_ML","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"subjectSearchType":{"description":"Subject type (Name/EMAIL) to use in search.","type":"string"},"datastores":{"description":"Datastores where the search is done.","type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the datastore","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the datastore","type":"integer"},"name":{"description":"Name of the datastore","type":"string"},"type":{"description":"Type of the datastore","type":"string"}}}},"infotypes":{"description":"Infotypes to be searched.","type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the infotype.","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the infotype.","type":"integer"},"name":{"description":"Name of the infotype.","type":"string"},"type":{"description":"Type of the infotype.","type":"string"},"key":{"description":"Key of the infotype.","type":"string"},"valueToSearch":{"description":"Value of the infotype to search.","type":"string"},"required":{"description":"Indicates whether the search result data-object must contain the infotype. Defaults to `false`.","type":"boolean"},"threshold":{"description":"Minimum similarity threshold between [0-1] for inclusion of a search result. Defaults to `0`.","type":"number","format":"float"}}}},"meta":{"description":"Meta data of the similarity search.","type":"object"},"status":{"description":"Status of the Similarity Search.","enum":["PENDING","IN_PROGRESS","COMPLETED","FAILED"]},"lastExecutionTimestamp":{"description":"Timestamp of last time the similarity search was launched.","type":"string","format":"date"},"error":{"description":"Last error of the similarity search, if it failed.","type":"object","format":"JSON"}}}]},"SimilaritySearchDataObject":{"x-feature":"FF_DDC_ML","type":"object","properties":{"dataObjectName":{"description":"Name of the data object.","type":"string"},"dataObjectType":{"description":"Type of the data object.","type":"string"},"datastoreName":{"description":"Name of the datastore.","type":"string"},"dataObjectPath":{"description":"Path of the data object.","type":"string"},"dataObjectMatches":{"description":"Total sum of matches in the data object of the infotypes found by the search.","type":"integer","format":"int64"},"totalMatchesInfoTypes":{"description":"Number of distinct infotypes found in the search of those used in the search.","type":"integer","format":"int64"},"infoTypes":{"description":"array of infotypes found in the data object.","type":"array","items":{"type":"object","properties":{"infoTypeName":{"type":"string","description":"Name of the infotype."},"infoTypeMatches":{"description":"Matches of the infotype for the given data object.","type":"integer","format":"int64"},"medianInfoType":{"description":"Median score. Value between 0 and 1 representing the confidence of the result found.","type":"number","format":"double"}}}}}},"LaunchDownloadTroubleshooting":{"x-feature":"FF_TROUBLESHOOTING_LOGS","type":"object","properties":{"processID":{"description":"processID.","type":"string"},"status":{"description":"status of the process.","type":"string","enum":["RUNNING","COMPLETED","FAILED"]},"error":{"description":"error of the process.","type":"string","format":"json"}}},"DeleteResources":{"x-feature":"FF_USER_TRIGGERED_ER2_RESOURCES_CLEAN_UP","type":"object","properties":{"processID":{"description":"processID.","type":"string"},"status":{"description":"status of the process.","type":"string","enum":["RUNNING","DELETED","FAILED"]},"error":{"description":"error of the process.","type":"string","format":"json"}}},"ScanDatastoreDetail":{"x-feature":"FF_EXTRA_ER2_DETAILS","type":"object","properties":{"datastoreID":{"description":"Datastore id.","type":"string","format":"UUIDv4"},"datastoreName":{"description":"Datastore name.","type":"string"},"datastoreVersion":{"description":"Datastore version.","type":"integer"},"agents":{"description":"status of the agents.","type":"array","items":{"type":"object","properties":{"agentName":{"description":"agent name","type":"string"},"agentConnectedStatus":{"description":"agent status","type":"string"},"datastoreConnectedStatus":{"description":"datastore connected status","type":"boolean"},"status":{"description":"status scan execution","type":"string"},"timestamp":{"description":"latest timestamp of successful agent connectivity","type":"string","format":"date"},"version":{"description":"version","type":"string"},"IPAddress":{"description":"ip address","type":"string"},"error":{"description":"error of the process.","type":"string","format":"json"}}}}}},"ExecutedScrubJob":{"allOf":[{"type":"object","properties":{"id":{"type":"string","description":"Unique identifier of the scrub job execution"},"startedAt":{"type":"string","description":"Start time of the scrub job execution"},"duration":{"type":"string","description":"Duration of the scrub job execution in milliseconds"},"status":{"type":"string","description":"Status of the scrub job execution"},"spaceCleaned":{"type":"number","format":"float","description":"Amount of space cleaned by the scrub job execution in MB"},"retentionPeriod":{"type":"integer","description":"Retention period for the scrub job execution in months"}}}]},"SimilaritySearchDouments":{"allOf":[{"type":"object","properties":{"id":{"type":"string","description":"Unique identifier of the resource"},"documents":{"type":"array","items":{"type":"object","properties":{"path":{"type":"string","description":"Path of the document uploaded to the storage."},"signedURL":{"type":"string","format":"uri","description":"Signed URL for accessing or uploading the document in storage."}}}}}}]},"pollResponse":{"type":"object","properties":{"message":{"description":"Message","type":"string"},"result":{"description":"Result Code","type":"string"},"data":{"description":"Actual Data","type":"object","properties":{"directory":{"description":"Directory Listing","type":"array","items":{"type":"string"}},"signing_status":{"description":"Signing Status","type":"string"}}}}},"remediationStatusResponse":{"type":"object","properties":{"process_id":{"description":"Process Id.","type":"string"},"data_store_status_request":{"type":"array","items":{"type":"object","properties":{"host_name":{"type":"string","description":"Hostname."},"data_store_type":{"type":"string","description":"Data store type."},"share_path":{"type":"string","description":"Network share path."},"data_store_path":{"type":"array","items":{"type":"object","properties":{"path":{"type":"string","description":"Path name."},"remediation_progress":{"type":"integer","description":"Data store type."},"remediation_status":{"type":"string","description":"Network share path."}}}}}}}}},"remediationStatusResetResponse":{"type":"object","properties":{"process_id":{"description":"Name of the Process Id.","type":"string"},"data_store_status_reset_request":{"type":"array","items":{"type":"object","properties":{"host_name":{"type":"string","description":"name of the host."},"data_store_type":{"type":"string","description":"Data store type."},"share_path":{"type":"string","description":"Network share path."},"data_store_elem_path":{"type":"array","items":{"type":"object","properties":{"path":{"type":"string","description":"Path name"}}}}}}}}},"k8sNodesCountResponse":{"type":"object","properties":{"k8s_nodes_count":{"description":"K8s nodes count","type":"integer"}}},"Domain":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"deletedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the domain was deleted"},"meta":{"type":"object","description":"Optional end-user or service data stored with the domain"},"parent_domain_id":{"type":"string","readOnly":true,"description":"ID of the parent domain"},"allow_user_management":{"type":"boolean","description":"To allow user creation and management in the domain"},"hsm_connection_id":{"type":"string","description":"The ID of the HSM connection. Required for HSM-anchored domains."},"hsm_domain_kek_label":{"type":"string","description":"Optional name field for the domain KEK for an HSM-anchored domain. If not provided, a random UUID is assigned for KEK label."}}}]},"Domains":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"deletedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the domain was deleted"},"meta":{"type":"object","description":"Optional end-user or service data stored with the domain"},"parent_domain_id":{"type":"string","readOnly":true,"description":"ID of the parent domain"},"allow_user_management":{"type":"boolean","description":"To allow user creation and management in the domain"},"hsm_connection_id":{"type":"string","description":"The ID of the HSM connection. Required for HSM-anchored domains."},"hsm_domain_kek_label":{"type":"string","description":"Optional name field for the domain KEK for an HSM-anchored domain. If not provided, a random UUID is assigned for KEK label."}}}]}}}}]},"SyslogRedirectionResponse":{"type":"object","properties":{"enable_syslog_redirection":{"type":"boolean"}}},"DomainKEKRotationStatus":{"type":"object","properties":{"ID":{"type":"string","description":"ID of rotation job"},"startedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the KEK rotation was started"},"finishedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the KEK rotation was completed"},"status":{"type":"string","readOnly":true,"description":"Status of KEK rotation"},"meta":{"type":"object","description":"Additional status information associated with the KEK rotation"}}},"DomainKEK":{"type":"object","properties":{"ID":{"type":"string","description":"ID of domain KEK"},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the domain KEK was created"},"hsm_connection_id":{"type":"string","description":"The ID of the HSM connection."},"hsm_kek_label":{"type":"string","description":"Label of the domain KEK on the HSM."},"is_current":{"type":"boolean","readOnly":true,"description":"Flag to indicate if this is the current domain KEK"},"rotation_jobs":{"type":"array","items":{"type":"object","properties":{"ID":{"type":"string","description":"ID of rotation job"},"startedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the KEK rotation was started"},"finishedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the KEK rotation was completed"},"status":{"type":"string","readOnly":true,"description":"Status of KEK rotation"},"meta":{"type":"object","description":"Additional status information associated with the KEK rotation"}}},"description":"Rotation jobs of the domain KEK"}}},"DomainKEKs":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"ID":{"type":"string","description":"ID of domain KEK"},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the domain KEK was created"},"hsm_connection_id":{"type":"string","description":"The ID of the HSM connection."},"hsm_kek_label":{"type":"string","description":"Label of the domain KEK on the HSM."},"is_current":{"type":"boolean","readOnly":true,"description":"Flag to indicate if this is the current domain KEK"},"rotation_jobs":{"type":"array","items":{"type":"object","properties":{"ID":{"type":"string","description":"ID of rotation job"},"startedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the KEK rotation was started"},"finishedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the KEK rotation was completed"},"status":{"type":"string","readOnly":true,"description":"Status of KEK rotation"},"meta":{"type":"object","description":"Additional status information associated with the KEK rotation"}}},"description":"Rotation jobs of the domain KEK"}}}}}}]},"requestMetadata":{"allOf":[{"type":"object","properties":{"awsPrincipalArn":{"description":"AWS Principal ARN","type":"string"},"awsSourceVpc":{"description":"AWS Source VPC","type":"string"},"awsSourceVpce":{"description":"AWS Source VPCE","type":"string"},"kmsKeyArn":{"description":"KMS Key ARN","type":"string"},"kmsOperation":{"description":"KMS Operation","type":"string"},"kmsRequestId":{"description":"KMS Request ID","type":"string"},"kmsViaService":{"description":"KMS via Service","type":"string"}},"required":["kmsRequestId"]}]},"auth":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a cloud","type":"string"},"user":{"description":"User","type":"string"},"secret":{"description":"Secret","type":"string"},"tenant":{"description":"Tenant","type":"string"}}}]},"EkmEndpoint":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"name":{"description":"EKM Endpoint name.","type":"string"},"kekURI":{"description":"URI of KEK created by EKM Endpoint.","type":"string"},"kekURIHostname":{"description":"URI Hostname of KEK created by EKM Endpoint.","type":"string"},"kekName":{"description":"Name of KEK created by EKM Endpoint.","type":"string"},"kekID":{"description":"ID of KEK created by EKM Endpoint.","type":"string"},"meta":{"description":"Additional information associated with EKM Endpoint.","type":"object"},"enabled":{"description":"Status to allow wrap or unwrap operation using this EKM Endpoint.","type":"boolean"}}}]},"ServiceNowEndpoint":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"name":{"description":"ServiceNow endpoint name.","type":"string"},"instanceID":{"description":"Instance ID of the ServiceNow endpoint (must be unique across domains).","type":"string"},"blocked":{"description":"Blocked status of endpoint.","type":"boolean"},"description":{"description":"Description of the ServiceNow endpoint.","type":"string"},"sourceKeyID":{"description":"ID of the endpoint source key.","type":"object"}}}]},"ServiceNowRootCertificate":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"certificate":{"type":"string","description":"ServiceNow root certificate"}}}]},"endpoint":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"name":{"description":"Endpoint name.","type":"string"},"endpoint_url_hostname":{"description":"KACLS baseURL hostname for endpoint Url.","type":"string"},"endpoint_url":{"description":"KACLS endpoint Url.","type":"string"},"kekName":{"description":"Name of KEK created by endpoint.","type":"string"},"kekID":{"description":"ID of KEK created by endpoint.","type":"string"},"kekVersion":{"description":"Version of KEK created by endpoint.","type":"string"},"status":{"description":"An endpoint can have any one of the three possible status {\"active\", \"disabled\", \"archived\"}.","type":"string"},"issuer":{"description":"List of valid issuers for endpoint.","type":"array","items":{"type":"string"}},"cors":{"description":"List of Cross-Origin Resource Sharing.","type":"array","items":{"type":"string"}},"authorizationAud":{"description":"List of audience valid for authorization jwt.","type":"array","items":{"type":"string"}},"authenticationAud":{"description":"List of audience valid for authentication jwt.","type":"array","items":{"type":"string"}},"meta":{"description":"Additional information associated with endpoint.","type":"object"}}}]},"issuer":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created."},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated."},"name":{"description":"Issuer name.","type":"string"},"iss":{"description":"Issuer claim in IDP JWT.","type":"string"},"openidConfigurationURL":{"description":"Open Id configuration URL.","type":"string"},"jwksURL":{"description":"Open Id JWKS URL.","type":"string"},"meta":{"description":"Additional information associated with issuer.","type":"object"}}}]},"ExternalKeyAlgorithm":{"type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_SIGN_PSS_2048_SHA256","ALGORITHM_RSA_SIGN_PSS_3072_SHA256","ALGORITHM_RSA_SIGN_PSS_4096_SHA256","ALGORITHM_RSA_SIGN_PSS_4096_SHA512","ALGORITHM_RSA_SIGN_PKCS1_2048_SHA256","ALGORITHM_RSA_SIGN_PKCS1_3072_SHA256","ALGORITHM_RSA_SIGN_PKCS1_4096_SHA256","ALGORITHM_RSA_SIGN_PKCS1_4096_SHA512","ALGORITHM_EC_SIGN_P256_SHA256","ALGORITHM_EC_SIGN_P384_SHA384"],"default":"ALGORITHM_UNSPECIFIED"},"v0ExternalKeyAlgorithm":{"type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_SIGN_PSS_2048_SHA256","ALGORITHM_RSA_SIGN_PSS_3072_SHA256","ALGORITHM_RSA_SIGN_PSS_4096_SHA256","ALGORITHM_RSA_SIGN_PSS_4096_SHA512","ALGORITHM_RSA_SIGN_PKCS1_2048_SHA256","ALGORITHM_RSA_SIGN_PKCS1_3072_SHA256","ALGORITHM_RSA_SIGN_PKCS1_4096_SHA256","ALGORITHM_RSA_SIGN_PKCS1_4096_SHA512","ALGORITHM_EC_SIGN_P256_SHA256","ALGORITHM_EC_SIGN_P384_SHA384"],"default":"ALGORITHM_UNSPECIFIED"}}},"AccessReasonContextReason":{"type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION","CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING"],"default":"REASON_UNSPECIFIED"},"v0AccessReasonContext":{"type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION","CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING"],"default":"REASON_UNSPECIFIED"}}},"v0EKMRequestContext":{"type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION","CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}},"description":"More context provided during EKM operation.\nRequired if Key Access Justification is enabled for GCP project."},"v0RequestMetadata":{"type":"object","properties":{"keyPath":{"type":"string"},"additionalContext":{"description":"Skip the wrapped_blob field, maintaining compatibility with the [Un]wrap\nrequest buffers for encoding/decoding.","type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION","CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}}}},"description":"Identical to the fields in [Un]wrapRequest, minus the payload itself."},"v0BeginSessionRequest":{"type":"object","properties":{"tlsRecords":{"type":"string","format":"byte","description":"TLS records containing the initial handshake message from client to server. Required."}}},"v0BeginSessionResponse":{"type":"object","properties":{"sessionContext":{"type":"string","format":"byte","description":"Opaque context that identifies a client/server session. Required."},"tlsRecords":{"type":"string","format":"byte","description":"TLS records containing the initial handshake response from server to client. Required."}}},"v0HandshakeRequest":{"type":"object","properties":{"sessionContext":{"type":"string","format":"byte","description":"Opaque context that identifies a client/server session. Required."},"tlsRecords":{"type":"string","format":"byte","description":"TLS records containing the initial handshake response from server to client. Required."}}},"v0HandshakeResponse":{"type":"object","properties":{"tlsRecords":{"type":"string","format":"byte","description":"TLS records containing the handshake response from server to client. Required."}}},"v0NegotiateAttestationRequest":{"type":"object","properties":{"sessionContext":{"type":"string","format":"byte","description":"Opaque context that identifies a client/server session. Required."},"offered_evidence_types_records":{"type":"string","format":"byte","description":"TLS records containing the offered attestation types. Required."}}},"v0NegotiateAttestationResponse":{"type":"object","properties":{"required_evidence_types_records":{"type":"string","format":"byte","description":"TLS records containing the required attestation types. Required."}}},"v0FinalizeRequest":{"type":"object","properties":{"sessionContext":{"type":"string","format":"byte","description":"Opaque context that identifies a client/server session. Required."},"attestation_evidence_records":{"type":"string","format":"byte","description":"TLS records containing the offered attestation evidence. Required."}}},"v0FinalizeResponse":{"type":"object","properties":{}},"v0EndSessionRequest":{"type":"object","properties":{"sessionContext":{"type":"string","format":"byte","description":"Opaque context that identifies a client/server session. Required."},"tls_records":{"type":"string","format":"byte","description":"TLS records containing the fixed termination string. Required."}}},"v0EndSessionResponse":{"type":"object","properties":{}},"v0ConfidentialWrapRequest":{"type":"object","properties":{"sessionContext":{"type":"string","format":"byte","description":"Previously-negotiated session context, defined by the EKM and opaque to Google. Required."},"tlsRecords":{"type":"string","format":"byte","description":"A serialized and TLS session-encrypted (via |session_context|) WrapRequest. Required."},"requestMetadata":{"description":"Relevant subset of metadata from the serialized |records|. Optional.","type":"object","properties":{"keyPath":{"type":"string"},"additionalContext":{"description":"Skip the wrapped_blob field, maintaining compatibility with the [Un]wrap\nrequest buffers for encoding/decoding.","type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION","CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}}}}}}},"v0ConfidentialWrapResponse":{"type":"object","properties":{"tls_records":{"type":"string","format":"byte","description":"A serialized and TLS session-encrypted WrapResponse. Required."}}},"v0ConfidentialUnwrapRequest":{"type":"object","properties":{"sessionContext":{"type":"string","format":"byte","description":"Previously-negotiated session context, defined by the EKM and opaque to Google. Required."},"tlsRecords":{"type":"string","format":"byte","description":"A serialized and TLS session-encrypted (via |session_context|) UnwrapRequest. Required."},"requestMetadata":{"description":"Relevant subset of metadata from the serialized |records|. Optional.","type":"object","properties":{"keyPath":{"type":"string"},"additionalContext":{"description":"Skip the wrapped_blob field, maintaining compatibility with the [Un]wrap\nrequest buffers for encoding/decoding.","type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION","CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}}}}}}},"v0ConfidentialUnwrapResponse":{"type":"object","properties":{"tls_records":{"type":"string","format":"byte","description":"A serialized and TLS session-encrypted UnwrapResponse. Required."}}},"v0EKMUnwrapRequest":{"type":"object","properties":{"wrappedBlob":{"type":"string","format":"byte","description":"Required. The wrapped data originally returned in\n[WrapResponse.wrapped_blob][]."},"additionalContext":{"description":"More context provided during Unwrap operation.\nRequired if Key Access Justification is enabled for GCP project.","type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION","CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}}},"additionalAuthenticatedData":{"type":"string","format":"byte","description":"Optional data that must match the data originally supplied in\n[WrapRequest.additional_authenticated_data][]."}},"description":"Unwrap a blob that was previously returned in the WrapResponse."},"v0EKMUnwrapResponse":{"type":"object","required":["plaintext"],"properties":{"plaintext":{"type":"string","format":"byte","description":"The decrypted data originally supplied in [WrapRequest.plaintext][]."},"allowedCacheDuration":{"type":"string","description":"A maximum duration the unwrapped key is allowed to be cached by the\nA maximum duration the unwrapped key is allowed to be cached by the\ncaller.\nMust be positive."}},"description":"Response message for [GCPExternalKeyManagementService.Unwrap][]."},"v0EKMWrapRequest":{"type":"object","required":["plaintext"],"properties":{"plaintext":{"type":"string","format":"byte","description":"Required. The data to be wrapped (base64 encoded). Must be no larger than 64KiB."},"additionalContext":{"type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION","CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}},"description":"More context provided during EKM operation.\nRequired if Key Access Justification is enabled for GCP project."},"additionalAuthenticatedData":{"type":"string","format":"byte","description":"Optional data that, if specified, must also be provided during\ndecryption through [UnwrapRequest.additional_authenticated_data][].\nThe AAD must be no larger than 64KiB."}},"description":"Wrap a key with an External-KMS-defined AEAD scheme."},"v0EKMWrapResponse":{"type":"object","properties":{"wrappedBlob":{"type":"string","format":"byte","description":"The wrapped blob."}},"description":"Response message for [GCPExternalKeyManagementService.Wrap][]."},"v0EKMAsymmetricSignRequest":{"type":"object","required":["data"],"properties":{"data":{"type":"string","format":"byte","description":"Required. The data to be signed (base64 encoded). Must be no larger than 64KiB."},"additionalContext":{"type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION","CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}},"description":"More context provided during EKM operation.\nRequired if Key Access Justification is enabled for GCP project."},"key_uri_prefix":{"type":"string","description":"Optional data that, if specified, defines the full key URI."}},"description":"Signs data with the asymmetric key named in the Request."},"v0EKMAsymmetricSignResponse":{"type":"object","properties":{"signature":{"type":"string","format":"byte","description":"The signed data."}},"description":"Response message for [GCPExternalKeyManagementService.AsymmetricSign][]."},"v0EKMGetInfoResponse":{"type":"object","properties":{"ekm_software_id":{"type":"string","description":"EKM Software ID."}},"description":"Response message for [GCPExternalKeyManagementService.GetInfo][]."},"v0EKMGetPublicKeyRequest":{"type":"object","properties":{"additionalContext":{"type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION","CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}},"description":"More context provided during EKM operation.\nRequired if Key Access Justification is enabled for GCP project."},"key_uri_prefix":{"type":"string","description":"Optional data that, if specified, defines the full key URI."}},"description":"Gets the public key of the asymmetric key named in the Request.."},"v0EKMGetPublicKeyResponse":{"type":"object","properties":{"pem":{"type":"string","description":"The public key, SubjectPublicKeyInfo encoded in PEM format."},"key_algorithm":{"description":"The key algorithm associated with the Asymmetric Key.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_SIGN_PSS_2048_SHA256","ALGORITHM_RSA_SIGN_PSS_3072_SHA256","ALGORITHM_RSA_SIGN_PSS_4096_SHA256","ALGORITHM_RSA_SIGN_PSS_4096_SHA512","ALGORITHM_RSA_SIGN_PKCS1_2048_SHA256","ALGORITHM_RSA_SIGN_PKCS1_3072_SHA256","ALGORITHM_RSA_SIGN_PKCS1_4096_SHA256","ALGORITHM_RSA_SIGN_PKCS1_4096_SHA512","ALGORITHM_EC_SIGN_P256_SHA256","ALGORITHM_EC_SIGN_P384_SHA384"],"default":"ALGORITHM_UNSPECIFIED"}}}},"description":"Response message for [GCPExternalKeyManagementService.GetPublicKey][]."},"v0EKMAsymmetricVerifyRequest":{"type":"object","required":["data","signature"],"properties":{"data":{"type":"string","format":"byte","description":"Required. The data to be signed (base64 encoded). Must be no larger than 64KiB."},"signature":{"type":"string","format":"byte","description":"Required. The data signature (base64 encoded)."},"additionalContext":{"type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION","CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}},"description":"More context provided during EKM operation.\nRequired if Key Access Justification is enabled for GCP project."},"key_uri_prefix":{"type":"string","description":"Optional data that, if specified, defines the full key URI."}},"description":"Verify data with the asymmetric key named in the Request."},"v0EKMAsymmetricVerifyResponse":{"type":"object","properties":{"status":{"type":"boolean","format":"boolean","description":"Verification status."}},"description":"Response message for [GCPExternalKeyManagementService.AsymmetricVerify][]."},"protobufAny":{"type":"object","properties":{"type_url":{"type":"string","description":"A URL/resource name that uniquely identifies the type of the serialized potocol buffer message. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][]\n value in binary format, or produce an error.\n* Applications are allowed to cache lookup results based on the\n URL, or have them precompiled into a binary to avoid any\n lookup. Therefore, binary compatibility needs to be preserved\n on changes to types. (Use versioned type names to manage\n breaking changes.)\nNote: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics."},"value":{"type":"string","format":"byte","description":"Must be a valid serialized protocol buffer of the above specified type."}},"description":"`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++.\n Foo foo = ...;\n Any any;\n any.PackFrom(foo);\n ...\n if (any.UnpackTo(&foo)) {\n ...\n }\nExample 2: Pack and unpack a message in Java.\n Foo foo = ...;\n Any any = Any.pack(foo);\n ...\n if (any.is(Foo.class)) {\n foo = any.unpack(Foo.class);\n }\n Example 3: Pack and unpack a message in Python.\n foo = Foo(...)\n any = Any()\n any.Pack(foo)\n ...\n if any.Is(Foo.DESCRIPTOR):\n any.Unpack(foo)\n ...\n Example 4: Pack and unpack a message in Go\n foo := &pb.Foo{...}\n any, err := ptypes.MarshalAny(foo)\n ...\n foo := &pb.Foo{}\n if err := ptypes.UnmarshalAny(any, foo); err != nil {\n ...\n }\nThe pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON ==== The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example:\n package google.profile;\n message Person {\n string first_name = 1;\n string last_name = 2;\n }\n {\n \"@type\": \"type.googleapis.com/google.profile.Person\",\n \"firstName\": ,\n \"lastName\": \n }\nIf the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]):\n {\n \"@type\": \"type.googleapis.com/google.protobuf.Duration\",\n \"value\": \"1.212s\"\n }"},"runtimeEKMError":{"type":"object","properties":{"error":{"type":"string"},"code":{"type":"integer","format":"int32"},"message":{"type":"string"},"details":{"type":"array","items":{"type":"object","properties":{"type_url":{"type":"string","description":"A URL/resource name that uniquely identifies the type of the serialized potocol buffer message. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][]\n value in binary format, or produce an error.\n* Applications are allowed to cache lookup results based on the\n URL, or have them precompiled into a binary to avoid any\n lookup. Therefore, binary compatibility needs to be preserved\n on changes to types. (Use versioned type names to manage\n breaking changes.)\nNote: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics."},"value":{"type":"string","format":"byte","description":"Must be a valid serialized protocol buffer of the above specified type."}},"description":"`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++.\n Foo foo = ...;\n Any any;\n any.PackFrom(foo);\n ...\n if (any.UnpackTo(&foo)) {\n ...\n }\nExample 2: Pack and unpack a message in Java.\n Foo foo = ...;\n Any any = Any.pack(foo);\n ...\n if (any.is(Foo.class)) {\n foo = any.unpack(Foo.class);\n }\n Example 3: Pack and unpack a message in Python.\n foo = Foo(...)\n any = Any()\n any.Pack(foo)\n ...\n if any.Is(Foo.DESCRIPTOR):\n any.Unpack(foo)\n ...\n Example 4: Pack and unpack a message in Go\n foo := &pb.Foo{...}\n any, err := ptypes.MarshalAny(foo)\n ...\n foo := &pb.Foo{}\n if err := ptypes.UnmarshalAny(any, foo); err != nil {\n ...\n }\nThe pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON ==== The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example:\n package google.profile;\n message Person {\n string first_name = 1;\n string last_name = 2;\n }\n {\n \"@type\": \"type.googleapis.com/google.profile.Person\",\n \"firstName\": ,\n \"lastName\": \n }\nIf the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]):\n {\n \"@type\": \"type.googleapis.com/google.protobuf.Duration\",\n \"value\": \"1.212s\"\n }"}}}},"xksPolicyAttributes":{"allOf":[{"type":"object","description":"Policy parameters (applicable only to encrypt and decrypt data plane API's for AWS XKS Key).\nXKS Key usage would be allowed only if attribute values specifed in policy here would match the \nrequest data received in encrypt/decrypt API request against value specified here).\n","required":["aws_principal_arn","kms_key_arn","kms_operation"],"properties":{"aws_principal_arn":{"type":"string","description":"ARN of the principal that invoked KMS Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlainText \nor ReEncrypt API. Default value is '*' where all values of aws_principal_arn would be allowed.\n"},"aws_source_vpc":{"type":"string","description":"AWS Source VPC indicates the VPC where request originated from. \nIt is present only if the KMS API request was made against a VPC endpoint.\n"},"aws_source_vpce":{"type":"string","description":"AWS Source VPC indicates the VPC endpoint where request originated from. \nIt is present only if the KMS API request was made against a VPC endpoint.\n"},"kms_key_arn":{"type":"string","description":"ARN of the KMS Key on which the Encrypt, ReEncrypt, GenerateDataKey or \nGenerateDataKeyWithoutPlainText API was invoked. Default value is '*' where all values of kms_key_arn\nwould be allowed.\n"},"kms_operation":{"type":"string","description":"Indicates KMS API call that resulted in the XKS Proxy API request, \neg any one of the four KMS API's (Encrypt, ReEncrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext) \ncan result in Encrypt call. Default value is '*' where all values of kms_operation would be allowed.\n","enum":["Encrypt (applicable only for Encrypt API requests)","ReEncrypt (applicable for Encrypt as well as Decrypt API requests)","GenerateDataKey (applicable only for Encrypt API requests)","GenerateDataKeyWithoutPlaintext (applicable only for Encrypt API requests)","Decrypt (applicable only for Decrypt API requests)"]},"kms_via_service":{"type":"string","description":"Indicates the AWS service that called the KMS API on behalf of a customer."}}}]},"NamedCredential":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"name":{"description":"Named credential name.","type":"string"},"url_hostname":{"type":"string","description":"Base hostname of url"},"password_authentication":{"type":"object","description":"named credential password Authentication details.","properties":{"username":{"type":"string","description":"Username for named credential."},"password":{"type":"string","description":"Password for named credential."}}},"organization_id":{"type":"string","description":"Organization ID to which this named credential should belong to."},"sfdc_name_credential_id":{"type":"string","description":"sfdc Name credential ID."},"synced_at":{"type":"string","format":"date-time","description":"Date/time when named credential was last synced"}}}]},"sfdcCertificate":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application to which this resource belongs."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created."},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated."},"name":{"description":"Certificate name.","type":"string"},"organization_id":{"type":"string","description":"Organization ID to which this named credential should belong to."},"ca_signed":{"description":"Flag to denote if self-signed.","type":"boolean"},"key_size":{"description":"Size","type":"integer"},"version":{"description":"version","type":"integer"},"signature_algorithm_name":{"description":"Subject","type":"string"},"serial_number":{"description":"Subject","type":"string"},"subject_key_identifier":{"description":"Subject","type":"string"},"authority_key_identifier":{"description":"Subject","type":"string"},"path_len_constraint":{"description":"Subject","type":"string"},"valid_to":{"description":"Subject","type":"string","format":"date-time"},"valid_from":{"description":"Subject","type":"string","format":"date-time"},"issuer":{"description":"Subject","type":"string"},"public_key_name":{"description":"Subject","type":"string"},"signature":{"description":"Subject","type":"string"},"public_key":{"description":"Subject","type":"string"}}}]},"sfdcKey":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"name":{"description":"Tenant secret name.","type":"string"},"sfdcOrganizationId":{"type":"string","description":"SFDC Organization ID this resource should belong to."},"cloudName":{"description":"Cloud Name","type":"string"},"organizationId":{"type":"string","description":"Organization ID this resource should belong to."},"certificateId":{"type":"string","description":"Certificate ID whose public key to be used to encrypt tenant secret."},"keyType":{"description":"Type of Tenant Secret. Options are byok and cache-only. Default is byok.","type":"string"},"source_key_tier":{"description":"Source key tier. Options are local and dsm. Default is local. The only value supported by the service is local.","type":"string"},"errorMsg":{"description":"Error Message.","type":"string"},"sfdcParams":{"description":"SFDC related params","type":"object","properties":{"createdById":{"description":"ID of the created User","type":"string"},"lastModifiedDate":{"description":"Last Modified Date","type":"string","format":"date-time"},"systemModStamp":{"description":"System Modified TIme stamp","type":"string","format":"date-time"},"version":{"description":"version","type":"integer"},"status":{"description":"Status of the Tenant secret","type":"string"},"source":{"description":"Source of the Tenant secret","type":"string"},"type":{"description":"Data Type of Tenant secret","type":"string"},"remoteKeyCertificate":{"description":"Certificate whose public key to be used to encrypt tenant secret","type":"string"},"remoteKeyServiceId":{"description":"SFDC Named credential ID for this tenant secret","type":"string"},"remoteKeyIdentifier":{"description":"cache-only key identifier.","type":"string"}}},"tenantSecretBackup":{"description":"Backup params details","type":"object","properties":{"backupKeyName":{"description":"Backup Key Name.","type":"string"},"backupKeyTier":{"description":"Backup Key Source.","type":"string"}}},"keyUploadParams":{"description":"Upload params details","type":"object","properties":{"sourceKeyTier":{"description":"Source key tier. Options are local and dsm. Default is local.","type":"string"},"sourceKeyId":{"description":"Source key ID.","type":"string"},"sourceKeyName":{"description":"Source Key Name.","type":"string"}}}}}]},"Email":{"description":"Email ID object","type":"object","properties":{"email_id":{"type":"string","description":"The email address to be notified."},"meta":{"type":"object","description":"Additional data included for the email address for information purposes only, e.g., notes/descriptions about the email address, to help manage email notification."}}},"SMTPServer":{"description":"SMTP Server object","type":"object","properties":{"server":{"type":"string","description":"SMTP server address"},"port":{"type":"integer","description":"SMTP server port"},"username":{"type":"string","description":"SMTP server username"},"email_from":{"type":"string","description":"address to put in the email's \"from\" field"},"password":{"type":"string","description":"SMTP server password"},"meta":{"type":"object","description":"Additional data included for the SMTP server."}}},"passwordcredentials":{"properties":{"name":{"description":"Name to identify the credentails.","type":"string"},"username":{"description":"Name of username.","type":"string"},"password":{"description":"Password of user.","type":"string"}}},"certificatecredentials":{"properties":{"name":{"description":"Name to identify the credentails.","type":"string"},"certificate":{"description":"Client certificate.","type":"string"},"ca-certificate":{"description":"CA certificate of server for verification.","type":"string"}}},"externalservers":{"properties":{"name":{"description":"Name to identify the credentails.","type":"string"},"ipaddress":{"description":"Name of username.","type":"string"},"port":{"description":"Password of user.","type":"string"},"purpose":{"description":"Purpose of the server","type":"string"},"credentail-id":{"description":"The identifier of credentail used for authorization on server.","type":"string"}}},"KeyRotationParams":{"title":"Key Rotation Parameters","properties":{"deactivate_replaced_key":{"type":"integer","description":"**Deprecated**: It is recommended to use \"replaced_key_state\" and \"change_state_after_time\" fields.\nIt is an optional integer that can be used to deactivate the keys that are replaced by the key rotation procedure.\nWhen \"deactivate_replaced_key\" is not specified, the state of the replaced key remains the same.\nThis field represents the time ( number of seconds >= 0) after which the replaced key is deactivated.\n"},"replaced_key_state":{"type":"string","description":"An optional string to set the state of the previous key version to \"Deactivated\" or \"ProtectStop\" after key rotation. \nThis parameter should only be used with the \"change_state_after_time\" parameter. \nAlso, ensure not to use \"replaced_key_state\" parameter when \"deactivate_replaced_key\" is used.\n"},"change_state_after_time":{"type":"integer","description":"Optional integer to be used with \"replaced_key_state\". \nIt is the time (number of seconds >= 0) after which the replaced key will change its state to the value defined in \"replaced_key_state\".\n"},"offset":{"type":"integer","description":"Specifies the offset time in seconds and is used to indicate the difference between the Creation Date and the\nActivation Date of the replacement key.\n- If no Offset is specified, the Activation Date,\nProcess Start Date, Protect Stop Date and Deactivation Date values are copied from the\nexisting key. \n- If Offset is set and dates exist for the existing key, then the dates of the\nreplacement key are set based on the dates of the existing key by adding the offset such that:\n- Activation Date (RK) = Creation Date (RK) + Offset\n- Deactivation Date (RK) = Deactivation Date (EK) + (Difference of Activation Date of RK - Activation Date of EK),\nwhere RK represents the Replacement Key and EK is the Existing Key.\n\nFor example, if a key is created at 2024-01-11T14:28:00 with an Activation Date specified as 2024-01-11T14:27:27. Now, if a request to replace this \nkey is sent after five minutes i.e. at 2024-01-11T14:33:26 with an offset set to 600 secs (~10 mins.), then the\nReplacement Key's Activation Date will be:\n14:33:26 + 00:10:00 = 2024-01-11T14:43:26.\n"},"query":{"type":"object","description":"Use this object to specify the keys that need to be rotated.\nAll keys are rotated when this object is not specified.\nThis object is the same as the one used for POST request to the /v1/vault/query-keys endpoint.\nRefer to the documentation in that endpoint for further details on formulating the query.\n"},"meta":{"type":"object","description":"Use this object to modify the metadata on a key that is replaced by the key rotation procedure.\nThis object should be a JSON serialized object. The metadata on the replaced key (which is\nalso a JSON object) is merged with this JSON object.\n"}}},"DatabaseBackupParams":{"title":"Database Backup Parameters","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain."},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the system backup can only be restored to instances that use the same HSM partition. Valid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\"{{FF_BACKUP_RESTORE_CF|, \"customer_fragments\"}} and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nIf multiple parameters of 'vault/query-keys' are provided then the result will be AND of all.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": \"{\"info\":{\"color\":\"red\"}}}\"`.{{FF_INDIVIDUAL_KEY_SELECTION_NAMES| To backup specific keys using names, use {\"names\":[\"key1\", \"key2\"]}.}}\n{{FF_INDIVIDUAL_KEY_SELECTION_IDS| To backup specific keys using ids, use {\"ids\":[\"a0aac0a14dcc4651abd3dae6bb8e6f9496af0\", \"89aac2314dcc4651abd3dae6bb8e6f9496a96\"]}.}}\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n\n{{FF_BACKUP_RESTORE_CF|For Customer fragments, valid `resourceQuery` parameter values are 'ids' and 'names' of Customer fragments. To backup specific customer fragments using ids, use {\"ids\":[\"370c4373-2675-4aa1-8cc7-07a9f95a5861\", \"4e1b9dec-2e38-40d7-b4d6-244043200546\"]}. To backup specific customer fragments using names, use {\"names\":[\"customerFragment1\", \"customerFragment2\"]}.}}\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"retentionCount":{"type":"integer","description":"Number of backups saved for this job config. Default is an unlimited quantity."},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup, and is returned while retrieving the backup information, or while listing backups. Users may find it useful to store various types of information here: a backup name or description, ID of the HSM the backup is tied to, etc.\n"},"do_scp":{"type":"boolean","description":"If true, the system backup will also be transferred to the external server via SCP.\n"},"connection":{"type":"string","description":"Name or ID of the SCP connection which stores the details for SCP server.\n"}}},"UserPasswordExpiryNotificationParams":{"x-feature":"FF_ENABLE_USER_NOTIFICATION_ON_PASSWORD_EXPIRY","title":"User Password Expiry Notification Parameters","properties":{"meta":{"type":"object","description":"Use this object to specify metadata for user notification job.\nThis object should be a JSON serialized object. \n"}}},"CCKMConnectionParams":{"title":"CipherTrust Cloud Key Manager Synchronization connection Parameters","properties":{"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or names of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."}}},"CCKMSyncParams":{"title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud in which the Synchronize operation will be triggered. The possible values are \"aws\", \"hsm-luna\", \"dsm\" , \"oci\", \"sfdc\", \"gcp\", \"sap\", \"external-cm\" and \"AzureCloud\"."},"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or name of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"sync_item":{"type":"array","items":{"type":"string"},"description":"Items which need to be synchronized. At least one of the values from below is required for azure synchronization operation.","enum":["key","secret","certificate","all"]},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"oci_vaults":{"type":"array","items":{"type":"string"},"description":"Vault ID from which oci key will be synchronized. Provide CCKM OCI vault ID. At least one vault ID is required for oci synchronization operation."},"external_cm_domains":{"type":"array","items":{"type":"string"},"description":"IDs of external cm domains from which keys will be synchronized. At least one external cm domain is required for external CM synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."},"take_cloud_key_backup":{"type":"boolean","description":"Set true to take cloud key backup of all keys of the vaults. Only applicable for Azure."}}},"CCKMKeyRotationParams":{"title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud in which the Rotation operation will be triggered. The possible values are \"aws\", \"gcp\", \"oci\" , \"sfdc\", \"sap\",{{FF_SAP_XKS| \"sap-ekm\",}} \"microsoft-dke\" and \"AzureCloud\"."},"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name `gcp`.\n","enum":["Xd for x days","Yh for y hours"]},"aws_param":{"type":"object","description":"AWS param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."},"rotate_material":{"x-feature":"FF_AWS_ROTATE_KEY_ON_DEMAND_BYOK","type":"boolean","description":"Whether to rotate material. When set to true, key material of the key will be rotated. Set to false, will create a new key and move the alias as part of rotation.\n"}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belongs."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have the following values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are `native`{{FF_LUNA_CONNECTION|, `hsm-luna`}}{{FF_DSM_CONNECTION|, `dsm`}}{{FF_EXTERNALCM_SOURCE|, 'external-cm`}} and `ciphertrust`."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"x-feature":"FF_DSM_CONNECTION","type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"x-feature":"FF_LUNA_CONNECTION","type":"string","description":"Partition ID where key will be created to upload on sfdc."},"external_cm_domain_id":{"x-feature":"FF_EXTERNALCM_SOURCE","type":"string","description":"External CM Domain ID where key will be created to upload on sfdc."}}},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date. For example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]}}},"CCKMKeyRotationAwsParams":{"title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."},"rotate_material":{"x-feature":"FF_AWS_ROTATE_KEY_ON_DEMAND_BYOK","type":"boolean","description":"Whether to rotate material. When set to true, key material of the key will be rotated. Set to false, will create a new key and move the alias as part of rotation.\n"}}},"CCKMAddContainerAwsParams":{"title":"CipherTrust Cloud Key Manager Add Container AWS Parameters","required":["role"],"properties":{"role":{"type":"string","description":"Specify Role to be assumed."},"role_external_id":{"type":"string","description":"Specify AWS Role external ID."},"auto_archive":{"x-feature":"FF_AWS_KMS_ARCHIVE_RECOVER","type":"boolean","description":"Whether to set not-found KMSes, as ARCHIVED."},"filter":{"type":"string","description":"Filter to be applied on discovered accounts, before adding to CCKM. Each filter will be of key-value pair type and multiple filters can be specified in the string, separated by the ampersand (&) operator. \nFilters will also support wildcard matching using '?' and '\\*' to allow customers to filter based on sub-string, starts with or ends with. Filtering will be supported based on 'Root'{Arn, Id, Name, Tag}, 'OrganizationalUnit'{Arn, Id, Name, Tag} and 'Account'{Arn, Email, Id, Name, Tag} resource attributes.\nExample : Account.Name=Demo&Account.Id=1243545\nAccount.Name=Demo&OrganizationalUnit.Name=DemoOrg\\*\nOrganizationalUnit.Tag=department:eng?neering&Root.Id=r-cuc9\n \n"},"regions":{"type":"array","items":{"type":"string"},"description":"AWS regions to be added to the CCKM."}}},"CCKMKeyRotationSFDCParams":{"title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belongs."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have the following values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are `native`{{FF_LUNA_CONNECTION|, `hsm-luna`}}{{FF_DSM_CONNECTION|, `dsm`}}{{FF_EXTERNALCM_SOURCE|, 'external-cm`}} and `ciphertrust`."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"x-feature":"FF_DSM_CONNECTION","type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"x-feature":"FF_LUNA_CONNECTION","type":"string","description":"Partition ID where key will be created to upload on sfdc."},"external_cm_domain_id":{"x-feature":"FF_EXTERNALCM_SOURCE","type":"string","description":"External CM Domain ID where key will be created to upload on sfdc."}}},"CCKMKeyRotationUpdateParams":{"title":"CipherTrust Cloud Key Manager Key Rotation Parameters","properties":{"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name \"gcp\".\n","enum":["Xd for x days","Yh for y hours"]},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date.\nFor example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]},"aws_param":{"type":"object","description":"Aws param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."},"rotate_material":{"x-feature":"FF_AWS_ROTATE_KEY_ON_DEMAND_BYOK","type":"boolean","description":"Whether to rotate material. When set to true, key material of the key will be rotated. Set to false, will create a new key and move the alias as part of rotation.\n"}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belongs."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have the following values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are `native`{{FF_LUNA_CONNECTION|, `hsm-luna`}}{{FF_DSM_CONNECTION|, `dsm`}}{{FF_EXTERNALCM_SOURCE|, 'external-cm`}} and `ciphertrust`."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"x-feature":"FF_DSM_CONNECTION","type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"x-feature":"FF_LUNA_CONNECTION","type":"string","description":"Partition ID where key will be created to upload on sfdc."},"external_cm_domain_id":{"x-feature":"FF_EXTERNALCM_SOURCE","type":"string","description":"External CM Domain ID where key will be created to upload on sfdc."}}}}},"CCKMXksCredentialRotationParams":{"title":"CipherTrust Cloud Key Manager XKS Credential Rotation Parameters. This is for the rotation of the credential of an AWS External Key Store.","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud in which the Rotation operation will be triggered. The only supported value is \"aws\"."}}},"CCKMKeyBackupParams":{"title":"CipherTrust Cloud Key Manager Key Backup Parameters. This is to create full backup of the key.","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud in which the key backup operation will be triggered. The only supported value is \"AzureCloud\"."}}},"CCKMAddContainersParams":{"title":"CipherTrust Cloud Key Manager Add Container(s) Parameters. This is for setting up a job to auto-add missing containers for the specified cloud.","required":["cloud_name","connection"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud for which the operation will be triggered. Supported values are \"gcp\" {{FF_ADD_CONTAINER_AWS|, \"aws\"}} & \"AzureCloud\"."},"connection":{"type":"string","description":"Resource ID of the connection for which the containers need to be fetched."},"acls":{"type":"array","items":{"type":"object","required":["actions"],"properties":{"user_id":{"type":"string","description":"ID of the user to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"group":{"type":"string","description":"Name of the user group to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"permit":{"type":"boolean","description":"Whether to permit users to perform specific operations. Set true to permit or false to deny."},"actions":{"type":"array","items":{"type":"string"},"description":"Permitted actions.","enum":["keycreate","keyupdate","keysynchronize","view","keydestroy","keycanceldestroy","keyupload","reportcreate","reportdelete","reportview","reportdownload"]}}}},"enable_success_audit_event":{"type":"boolean","description":"Enable or disable audit recording of successful operations within an external key store. Default value is false.\nRecommended value is false as enabling it can affect performance. Applicable for 'gcp' cloud only.\n"},"discover_only":{"type":"boolean","description":"Whether to only discover the KMS containers. Set to `false` to discover the containers and add them to CCKM. \nThe default setting is `true`, that is, the containers will be discovered but not added to CCKM. \n"},"aws_params":{"x-feature":"FF_ADD_CONTAINER_AWS","type":"object","description":"AWS specific add container parameter","title":"CipherTrust Cloud Key Manager Add Container AWS Parameters","required":["role"],"properties":{"role":{"type":"string","description":"Specify Role to be assumed."},"role_external_id":{"type":"string","description":"Specify AWS Role external ID."},"auto_archive":{"x-feature":"FF_AWS_KMS_ARCHIVE_RECOVER","type":"boolean","description":"Whether to set not-found KMSes, as ARCHIVED."},"filter":{"type":"string","description":"Filter to be applied on discovered accounts, before adding to CCKM. Each filter will be of key-value pair type and multiple filters can be specified in the string, separated by the ampersand (&) operator. \nFilters will also support wildcard matching using '?' and '\\*' to allow customers to filter based on sub-string, starts with or ends with. Filtering will be supported based on 'Root'{Arn, Id, Name, Tag}, 'OrganizationalUnit'{Arn, Id, Name, Tag} and 'Account'{Arn, Email, Id, Name, Tag} resource attributes.\nExample : Account.Name=Demo&Account.Id=1243545\nAccount.Name=Demo&OrganizationalUnit.Name=DemoOrg\\*\nOrganizationalUnit.Tag=department:eng?neering&Root.Id=r-cuc9\n \n"},"regions":{"type":"array","items":{"type":"string"},"description":"AWS regions to be added to the CCKM."}}}}},"CCKMAddContainersUpdateParams":{"title":"CipherTrust Cloud Key Manager Key Rotation Parameters","properties":{"connection":{"type":"string","description":"Resource ID of the connection for which the containers need to be fetched."},"acls":{"type":"array","items":{"type":"object","required":["actions"],"properties":{"user_id":{"type":"string","description":"ID of the user to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"group":{"type":"string","description":"Name of the user group to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"permit":{"type":"boolean","description":"Whether to permit users to perform specific operations. Set true to permit or false to deny."},"actions":{"type":"array","items":{"type":"string"},"description":"Permitted actions.","enum":["keycreate","keyupdate","keysynchronize","view","keydestroy","keycanceldestroy","keyupload","reportcreate","reportdelete","reportview","reportdownload"]}}}},"enable_success_audit_event":{"type":"boolean","description":"Enable or disable audit recording of successful operations within an external key store. Default value is false.\nRecommended value is false as enabling it can affect performance. Applicable for 'gcp' cloud only.\n"},"discover_only":{"type":"boolean","description":"It is used to specify whether to just discover the container details or add to CCKM as well.\n"},"aws_params":{"type":"object","description":"AWS specific add container parameter","title":"CipherTrust Cloud Key Manager Add Container AWS Parameters","required":["role"],"properties":{"role":{"type":"string","description":"Specify Role to be assumed."},"role_external_id":{"type":"string","description":"Specify AWS Role external ID."},"auto_archive":{"x-feature":"FF_AWS_KMS_ARCHIVE_RECOVER","type":"boolean","description":"Whether to set not-found KMSes, as ARCHIVED."},"filter":{"type":"string","description":"Filter to be applied on discovered accounts, before adding to CCKM. Each filter will be of key-value pair type and multiple filters can be specified in the string, separated by the ampersand (&) operator. \nFilters will also support wildcard matching using '?' and '\\*' to allow customers to filter based on sub-string, starts with or ends with. Filtering will be supported based on 'Root'{Arn, Id, Name, Tag}, 'OrganizationalUnit'{Arn, Id, Name, Tag} and 'Account'{Arn, Email, Id, Name, Tag} resource attributes.\nExample : Account.Name=Demo&Account.Id=1243545\nAccount.Name=Demo&OrganizationalUnit.Name=DemoOrg\\*\nOrganizationalUnit.Tag=department:eng?neering&Root.Id=r-cuc9\n \n"},"regions":{"type":"array","items":{"type":"string"},"description":"AWS regions to be added to the CCKM."}}}}},"JobConfig":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"description":{"type":"string","description":"Description for the job configuration."},"operation":{"type":"string","readOnly":true,"description":"Type of operation to configure. Possible values are \"Key Rotation\", \"Database Backup\", {{FF_SYNC_CRL|\"Sync CRL\"}}, \"CCKM Synchronization\" and \"CCKM XKS Credential Rotation\".","enum":["key_rotation","{{FF_DATABASE_BACKUP|database_backup}}","cckm_synchronization","cckm_key_rotation","cckm_xks_credential_rotation","{{FF_ENABLE_USER_NOTIFICATION_ON_PASSWORD_EXPIRY|user_password_expiry_notifications}}","{{FF_SYNC_CRL|sync_crl}}"]},"run_at":{"type":"string","description":"Described using the cron expression format : \"* * * * *\"\nThese five values indicate when the job should be executed. They are in order of minute, hour, day of month, month, and day of week.\nValid values are 0-59 (minutes), 0-23 (hours), 1-31 (day of month), 1-12 or jan-dec (month), and 0-6 or sun-sat (day of week). Names are case insensitive. For use of special characters, consult the Time Specification description at the top of this page.\n\nFor example:\n* To run every min: \"* * * * *\"\n* To run on Saturday at 23:45(11:45 PM): \"45 23 * * 6\"\n* To run on Monday at 09:00: \"0 9 * * 1\"\n"},"run_on":{"x-feature":"FF_SCHEDULER_JOB_CONFIG_RUN_ON","type":"string","description":"Optional flag. Default is 'any'.\n* Use 'any' to run the config on any node in the cluster.\n* Use '' to run the config on that node.\n"},"disabled":{"type":"boolean","description":"By default, the job configuration starts in an active state. True disables the job configuration."},"start_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes active. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"end_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes inactive. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"key_rotation_params":{"type":"object","description":"Key rotation operation specific arguments. The \"key_rotation_params\",\"database_backup_params\",\n\"cckm_synchronization_params\" and \"cckm_xks_credential_params\" fields are mutually exclusive (cannot be set simultaneously).\n","title":"Key Rotation Parameters","properties":{"deactivate_replaced_key":{"type":"integer","description":"**Deprecated**: It is recommended to use \"replaced_key_state\" and \"change_state_after_time\" fields.\nIt is an optional integer that can be used to deactivate the keys that are replaced by the key rotation procedure.\nWhen \"deactivate_replaced_key\" is not specified, the state of the replaced key remains the same.\nThis field represents the time ( number of seconds >= 0) after which the replaced key is deactivated.\n"},"replaced_key_state":{"type":"string","description":"An optional string to set the state of the previous key version to \"Deactivated\" or \"ProtectStop\" after key rotation. \nThis parameter should only be used with the \"change_state_after_time\" parameter. \nAlso, ensure not to use \"replaced_key_state\" parameter when \"deactivate_replaced_key\" is used.\n"},"change_state_after_time":{"type":"integer","description":"Optional integer to be used with \"replaced_key_state\". \nIt is the time (number of seconds >= 0) after which the replaced key will change its state to the value defined in \"replaced_key_state\".\n"},"offset":{"type":"integer","description":"Specifies the offset time in seconds and is used to indicate the difference between the Creation Date and the\nActivation Date of the replacement key.\n- If no Offset is specified, the Activation Date,\nProcess Start Date, Protect Stop Date and Deactivation Date values are copied from the\nexisting key. \n- If Offset is set and dates exist for the existing key, then the dates of the\nreplacement key are set based on the dates of the existing key by adding the offset such that:\n- Activation Date (RK) = Creation Date (RK) + Offset\n- Deactivation Date (RK) = Deactivation Date (EK) + (Difference of Activation Date of RK - Activation Date of EK),\nwhere RK represents the Replacement Key and EK is the Existing Key.\n\nFor example, if a key is created at 2024-01-11T14:28:00 with an Activation Date specified as 2024-01-11T14:27:27. Now, if a request to replace this \nkey is sent after five minutes i.e. at 2024-01-11T14:33:26 with an offset set to 600 secs (~10 mins.), then the\nReplacement Key's Activation Date will be:\n14:33:26 + 00:10:00 = 2024-01-11T14:43:26.\n"},"query":{"type":"object","description":"Use this object to specify the keys that need to be rotated.\nAll keys are rotated when this object is not specified.\nThis object is the same as the one used for POST request to the /v1/vault/query-keys endpoint.\nRefer to the documentation in that endpoint for further details on formulating the query.\n"},"meta":{"type":"object","description":"Use this object to modify the metadata on a key that is replaced by the key rotation procedure.\nThis object should be a JSON serialized object. The metadata on the replaced key (which is\nalso a JSON object) is merged with this JSON object.\n"}}},"database_backup_params":{"x-feature":"FF_DATABASE_BACKUP","type":"object","description":"Database backup operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\", \"cckm_synchronization_params\", \"cckm_key_rotation_params\" and \"cckm_xks_credential_rotation_params\" fields are mutually\nexclusive (cannot be set simultaneously).\n","title":"Database Backup Parameters","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain."},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the system backup can only be restored to instances that use the same HSM partition. Valid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\"{{FF_BACKUP_RESTORE_CF|, \"customer_fragments\"}} and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nIf multiple parameters of 'vault/query-keys' are provided then the result will be AND of all.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": \"{\"info\":{\"color\":\"red\"}}}\"`.{{FF_INDIVIDUAL_KEY_SELECTION_NAMES| To backup specific keys using names, use {\"names\":[\"key1\", \"key2\"]}.}}\n{{FF_INDIVIDUAL_KEY_SELECTION_IDS| To backup specific keys using ids, use {\"ids\":[\"a0aac0a14dcc4651abd3dae6bb8e6f9496af0\", \"89aac2314dcc4651abd3dae6bb8e6f9496a96\"]}.}}\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n\n{{FF_BACKUP_RESTORE_CF|For Customer fragments, valid `resourceQuery` parameter values are 'ids' and 'names' of Customer fragments. To backup specific customer fragments using ids, use {\"ids\":[\"370c4373-2675-4aa1-8cc7-07a9f95a5861\", \"4e1b9dec-2e38-40d7-b4d6-244043200546\"]}. To backup specific customer fragments using names, use {\"names\":[\"customerFragment1\", \"customerFragment2\"]}.}}\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"retentionCount":{"type":"integer","description":"Number of backups saved for this job config. Default is an unlimited quantity."},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup, and is returned while retrieving the backup information, or while listing backups. Users may find it useful to store various types of information here: a backup name or description, ID of the HSM the backup is tied to, etc.\n"},"do_scp":{"type":"boolean","description":"If true, the system backup will also be transferred to the external server via SCP.\n"},"connection":{"type":"string","description":"Name or ID of the SCP connection which stores the details for SCP server.\n"}}},"cckm_synchronization_params":{"type":"object","description":"CCKM Synchronization operation specific arguments. The \"key_rotation_params\",\"database_backup_params\", \n\"cckm_key_params\" and \"cckm_xks_credential_params\" fields are mutually exclusive (cannot be set simultaneously).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud in which the Synchronize operation will be triggered. The possible values are \"aws\", \"hsm-luna\", \"dsm\" , \"oci\", \"sfdc\", \"gcp\", \"sap\", \"external-cm\" and \"AzureCloud\"."},"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or name of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"sync_item":{"type":"array","items":{"type":"string"},"description":"Items which need to be synchronized. At least one of the values from below is required for azure synchronization operation.","enum":["key","secret","certificate","all"]},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"oci_vaults":{"type":"array","items":{"type":"string"},"description":"Vault ID from which oci key will be synchronized. Provide CCKM OCI vault ID. At least one vault ID is required for oci synchronization operation."},"external_cm_domains":{"type":"array","items":{"type":"string"},"description":"IDs of external cm domains from which keys will be synchronized. At least one external cm domain is required for external CM synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."},"take_cloud_key_backup":{"type":"boolean","description":"Set true to take cloud key backup of all keys of the vaults. Only applicable for Azure."}}},"cckm_key_rotation_params":{"type":"object","description":"CCKM Key Rotation operation specific arguments. The \"key_rotation_params\",\"database_backup_params\",\n\"cckm_synchronization_params\" and \"cckm_xks_credential_params\" fields are mutually exclusive (cannot be set simultaneously).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud in which the Rotation operation will be triggered. The possible values are \"aws\", \"gcp\", \"oci\" , \"sfdc\", \"sap\",{{FF_SAP_XKS| \"sap-ekm\",}} \"microsoft-dke\" and \"AzureCloud\"."},"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name `gcp`.\n","enum":["Xd for x days","Yh for y hours"]},"aws_param":{"type":"object","description":"AWS param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."},"rotate_material":{"x-feature":"FF_AWS_ROTATE_KEY_ON_DEMAND_BYOK","type":"boolean","description":"Whether to rotate material. When set to true, key material of the key will be rotated. Set to false, will create a new key and move the alias as part of rotation.\n"}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belongs."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have the following values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are `native`{{FF_LUNA_CONNECTION|, `hsm-luna`}}{{FF_DSM_CONNECTION|, `dsm`}}{{FF_EXTERNALCM_SOURCE|, 'external-cm`}} and `ciphertrust`."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"x-feature":"FF_DSM_CONNECTION","type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"x-feature":"FF_LUNA_CONNECTION","type":"string","description":"Partition ID where key will be created to upload on sfdc."},"external_cm_domain_id":{"x-feature":"FF_EXTERNALCM_SOURCE","type":"string","description":"External CM Domain ID where key will be created to upload on sfdc."}}},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date. For example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]}}},"cckm_xks_credential_rotation_params":{"type":"object","description":"CCKM XKS Credential Rotation operation specific arguments. The \"key_rotation_params\", \"database_backup_params\",\n\"cckm_synchronization_params\" and \"cckm_key_rotation_params\" fields are mutually exclusive (cannot be set simultaneously).\n","title":"CipherTrust Cloud Key Manager XKS Credential Rotation Parameters. This is for the rotation of the credential of an AWS External Key Store.","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud in which the Rotation operation will be triggered. The only supported value is \"aws\"."}}},"user_password_expiry_notification_params":{"x-feature":"FF_ENABLE_USER_NOTIFICATION_ON_PASSWORD_EXPIRY","type":"object","description":"User password expiry notification operation specific arguments. \nThis operation is applicable only for password based auth users whose notification is enabled in policy. \nThere is default job created by system to check and send email notification for all users whose \npassword is about to expire as defined in password policy (if email is configured).\n*NOTE*: This job can only be in root domain and there can be only one such job in CM.\n","title":"User Password Expiry Notification Parameters","properties":{"meta":{"type":"object","description":"Use this object to specify metadata for user notification job.\nThis object should be a JSON serialized object. \n"}}}}}]},"JobConfigs":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"description":{"type":"string","description":"Description for the job configuration."},"operation":{"type":"string","readOnly":true,"description":"Type of operation to configure. Possible values are \"Key Rotation\", \"Database Backup\", {{FF_SYNC_CRL|\"Sync CRL\"}}, \"CCKM Synchronization\" and \"CCKM XKS Credential Rotation\".","enum":["key_rotation","{{FF_DATABASE_BACKUP|database_backup}}","cckm_synchronization","cckm_key_rotation","cckm_xks_credential_rotation","{{FF_ENABLE_USER_NOTIFICATION_ON_PASSWORD_EXPIRY|user_password_expiry_notifications}}","{{FF_SYNC_CRL|sync_crl}}"]},"run_at":{"type":"string","description":"Described using the cron expression format : \"* * * * *\"\nThese five values indicate when the job should be executed. They are in order of minute, hour, day of month, month, and day of week.\nValid values are 0-59 (minutes), 0-23 (hours), 1-31 (day of month), 1-12 or jan-dec (month), and 0-6 or sun-sat (day of week). Names are case insensitive. For use of special characters, consult the Time Specification description at the top of this page.\n\nFor example:\n* To run every min: \"* * * * *\"\n* To run on Saturday at 23:45(11:45 PM): \"45 23 * * 6\"\n* To run on Monday at 09:00: \"0 9 * * 1\"\n"},"run_on":{"x-feature":"FF_SCHEDULER_JOB_CONFIG_RUN_ON","type":"string","description":"Optional flag. Default is 'any'.\n* Use 'any' to run the config on any node in the cluster.\n* Use '' to run the config on that node.\n"},"disabled":{"type":"boolean","description":"By default, the job configuration starts in an active state. True disables the job configuration."},"start_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes active. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"end_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes inactive. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"key_rotation_params":{"type":"object","description":"Key rotation operation specific arguments. The \"key_rotation_params\",\"database_backup_params\",\n\"cckm_synchronization_params\" and \"cckm_xks_credential_params\" fields are mutually exclusive (cannot be set simultaneously).\n","title":"Key Rotation Parameters","properties":{"deactivate_replaced_key":{"type":"integer","description":"**Deprecated**: It is recommended to use \"replaced_key_state\" and \"change_state_after_time\" fields.\nIt is an optional integer that can be used to deactivate the keys that are replaced by the key rotation procedure.\nWhen \"deactivate_replaced_key\" is not specified, the state of the replaced key remains the same.\nThis field represents the time ( number of seconds >= 0) after which the replaced key is deactivated.\n"},"replaced_key_state":{"type":"string","description":"An optional string to set the state of the previous key version to \"Deactivated\" or \"ProtectStop\" after key rotation. \nThis parameter should only be used with the \"change_state_after_time\" parameter. \nAlso, ensure not to use \"replaced_key_state\" parameter when \"deactivate_replaced_key\" is used.\n"},"change_state_after_time":{"type":"integer","description":"Optional integer to be used with \"replaced_key_state\". \nIt is the time (number of seconds >= 0) after which the replaced key will change its state to the value defined in \"replaced_key_state\".\n"},"offset":{"type":"integer","description":"Specifies the offset time in seconds and is used to indicate the difference between the Creation Date and the\nActivation Date of the replacement key.\n- If no Offset is specified, the Activation Date,\nProcess Start Date, Protect Stop Date and Deactivation Date values are copied from the\nexisting key. \n- If Offset is set and dates exist for the existing key, then the dates of the\nreplacement key are set based on the dates of the existing key by adding the offset such that:\n- Activation Date (RK) = Creation Date (RK) + Offset\n- Deactivation Date (RK) = Deactivation Date (EK) + (Difference of Activation Date of RK - Activation Date of EK),\nwhere RK represents the Replacement Key and EK is the Existing Key.\n\nFor example, if a key is created at 2024-01-11T14:28:00 with an Activation Date specified as 2024-01-11T14:27:27. Now, if a request to replace this \nkey is sent after five minutes i.e. at 2024-01-11T14:33:26 with an offset set to 600 secs (~10 mins.), then the\nReplacement Key's Activation Date will be:\n14:33:26 + 00:10:00 = 2024-01-11T14:43:26.\n"},"query":{"type":"object","description":"Use this object to specify the keys that need to be rotated.\nAll keys are rotated when this object is not specified.\nThis object is the same as the one used for POST request to the /v1/vault/query-keys endpoint.\nRefer to the documentation in that endpoint for further details on formulating the query.\n"},"meta":{"type":"object","description":"Use this object to modify the metadata on a key that is replaced by the key rotation procedure.\nThis object should be a JSON serialized object. The metadata on the replaced key (which is\nalso a JSON object) is merged with this JSON object.\n"}}},"database_backup_params":{"x-feature":"FF_DATABASE_BACKUP","type":"object","description":"Database backup operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\", \"cckm_synchronization_params\", \"cckm_key_rotation_params\" and \"cckm_xks_credential_rotation_params\" fields are mutually\nexclusive (cannot be set simultaneously).\n","title":"Database Backup Parameters","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain."},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the system backup can only be restored to instances that use the same HSM partition. Valid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\"{{FF_BACKUP_RESTORE_CF|, \"customer_fragments\"}} and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nIf multiple parameters of 'vault/query-keys' are provided then the result will be AND of all.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": \"{\"info\":{\"color\":\"red\"}}}\"`.{{FF_INDIVIDUAL_KEY_SELECTION_NAMES| To backup specific keys using names, use {\"names\":[\"key1\", \"key2\"]}.}}\n{{FF_INDIVIDUAL_KEY_SELECTION_IDS| To backup specific keys using ids, use {\"ids\":[\"a0aac0a14dcc4651abd3dae6bb8e6f9496af0\", \"89aac2314dcc4651abd3dae6bb8e6f9496a96\"]}.}}\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n\n{{FF_BACKUP_RESTORE_CF|For Customer fragments, valid `resourceQuery` parameter values are 'ids' and 'names' of Customer fragments. To backup specific customer fragments using ids, use {\"ids\":[\"370c4373-2675-4aa1-8cc7-07a9f95a5861\", \"4e1b9dec-2e38-40d7-b4d6-244043200546\"]}. To backup specific customer fragments using names, use {\"names\":[\"customerFragment1\", \"customerFragment2\"]}.}}\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"retentionCount":{"type":"integer","description":"Number of backups saved for this job config. Default is an unlimited quantity."},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup, and is returned while retrieving the backup information, or while listing backups. Users may find it useful to store various types of information here: a backup name or description, ID of the HSM the backup is tied to, etc.\n"},"do_scp":{"type":"boolean","description":"If true, the system backup will also be transferred to the external server via SCP.\n"},"connection":{"type":"string","description":"Name or ID of the SCP connection which stores the details for SCP server.\n"}}},"cckm_synchronization_params":{"type":"object","description":"CCKM Synchronization operation specific arguments. The \"key_rotation_params\",\"database_backup_params\", \n\"cckm_key_params\" and \"cckm_xks_credential_params\" fields are mutually exclusive (cannot be set simultaneously).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud in which the Synchronize operation will be triggered. The possible values are \"aws\", \"hsm-luna\", \"dsm\" , \"oci\", \"sfdc\", \"gcp\", \"sap\", \"external-cm\" and \"AzureCloud\"."},"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or name of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"sync_item":{"type":"array","items":{"type":"string"},"description":"Items which need to be synchronized. At least one of the values from below is required for azure synchronization operation.","enum":["key","secret","certificate","all"]},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"oci_vaults":{"type":"array","items":{"type":"string"},"description":"Vault ID from which oci key will be synchronized. Provide CCKM OCI vault ID. At least one vault ID is required for oci synchronization operation."},"external_cm_domains":{"type":"array","items":{"type":"string"},"description":"IDs of external cm domains from which keys will be synchronized. At least one external cm domain is required for external CM synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."},"take_cloud_key_backup":{"type":"boolean","description":"Set true to take cloud key backup of all keys of the vaults. Only applicable for Azure."}}},"cckm_key_rotation_params":{"type":"object","description":"CCKM Key Rotation operation specific arguments. The \"key_rotation_params\",\"database_backup_params\",\n\"cckm_synchronization_params\" and \"cckm_xks_credential_params\" fields are mutually exclusive (cannot be set simultaneously).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud in which the Rotation operation will be triggered. The possible values are \"aws\", \"gcp\", \"oci\" , \"sfdc\", \"sap\",{{FF_SAP_XKS| \"sap-ekm\",}} \"microsoft-dke\" and \"AzureCloud\"."},"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name `gcp`.\n","enum":["Xd for x days","Yh for y hours"]},"aws_param":{"type":"object","description":"AWS param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."},"rotate_material":{"x-feature":"FF_AWS_ROTATE_KEY_ON_DEMAND_BYOK","type":"boolean","description":"Whether to rotate material. When set to true, key material of the key will be rotated. Set to false, will create a new key and move the alias as part of rotation.\n"}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belongs."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have the following values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are `native`{{FF_LUNA_CONNECTION|, `hsm-luna`}}{{FF_DSM_CONNECTION|, `dsm`}}{{FF_EXTERNALCM_SOURCE|, 'external-cm`}} and `ciphertrust`."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"x-feature":"FF_DSM_CONNECTION","type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"x-feature":"FF_LUNA_CONNECTION","type":"string","description":"Partition ID where key will be created to upload on sfdc."},"external_cm_domain_id":{"x-feature":"FF_EXTERNALCM_SOURCE","type":"string","description":"External CM Domain ID where key will be created to upload on sfdc."}}},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date. For example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]}}},"cckm_xks_credential_rotation_params":{"type":"object","description":"CCKM XKS Credential Rotation operation specific arguments. The \"key_rotation_params\", \"database_backup_params\",\n\"cckm_synchronization_params\" and \"cckm_key_rotation_params\" fields are mutually exclusive (cannot be set simultaneously).\n","title":"CipherTrust Cloud Key Manager XKS Credential Rotation Parameters. This is for the rotation of the credential of an AWS External Key Store.","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud in which the Rotation operation will be triggered. The only supported value is \"aws\"."}}},"user_password_expiry_notification_params":{"x-feature":"FF_ENABLE_USER_NOTIFICATION_ON_PASSWORD_EXPIRY","type":"object","description":"User password expiry notification operation specific arguments. \nThis operation is applicable only for password based auth users whose notification is enabled in policy. \nThere is default job created by system to check and send email notification for all users whose \npassword is about to expire as defined in password policy (if email is configured).\n*NOTE*: This job can only be in root domain and there can be only one such job in CM.\n","title":"User Password Expiry Notification Parameters","properties":{"meta":{"type":"object","description":"Use this object to specify metadata for user notification job.\nThis object should be a JSON serialized object. \n"}}}}}]}}}}]},"Job":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"operation":{"type":"string","readOnly":true,"description":"Type of operation to configure. Possible values are \"Key Rotation\", \"Database Backup\", \"CCKM Synchronization\" and \"CCKM XKS Credential Rotation\"."},"job_config_id":{"type":"string","description":"Associated job configuration id."},"job_config_name":{"type":"string","description":"Associated job configuration name."},"start_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes active. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"end_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes inactive. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"status":{"type":"string","description":"Gives the status of job (scheduled, in_progress, failed, completed, aborted)\n","enum":["scheduled","in_progress","failed","completed","aborted"]},"key_rotation_params":{"type":"object","description":"Key rotation operation specific arguments. The\n\"key_rotation_params\" and \"database_backup_params\" fields are mutually exclusive (cannot be set simultaneously).\n","title":"Key Rotation Parameters","properties":{"deactivate_replaced_key":{"type":"integer","description":"**Deprecated**: It is recommended to use \"replaced_key_state\" and \"change_state_after_time\" fields.\nIt is an optional integer that can be used to deactivate the keys that are replaced by the key rotation procedure.\nWhen \"deactivate_replaced_key\" is not specified, the state of the replaced key remains the same.\nThis field represents the time ( number of seconds >= 0) after which the replaced key is deactivated.\n"},"replaced_key_state":{"type":"string","description":"An optional string to set the state of the previous key version to \"Deactivated\" or \"ProtectStop\" after key rotation. \nThis parameter should only be used with the \"change_state_after_time\" parameter. \nAlso, ensure not to use \"replaced_key_state\" parameter when \"deactivate_replaced_key\" is used.\n"},"change_state_after_time":{"type":"integer","description":"Optional integer to be used with \"replaced_key_state\". \nIt is the time (number of seconds >= 0) after which the replaced key will change its state to the value defined in \"replaced_key_state\".\n"},"offset":{"type":"integer","description":"Specifies the offset time in seconds and is used to indicate the difference between the Creation Date and the\nActivation Date of the replacement key.\n- If no Offset is specified, the Activation Date,\nProcess Start Date, Protect Stop Date and Deactivation Date values are copied from the\nexisting key. \n- If Offset is set and dates exist for the existing key, then the dates of the\nreplacement key are set based on the dates of the existing key by adding the offset such that:\n- Activation Date (RK) = Creation Date (RK) + Offset\n- Deactivation Date (RK) = Deactivation Date (EK) + (Difference of Activation Date of RK - Activation Date of EK),\nwhere RK represents the Replacement Key and EK is the Existing Key.\n\nFor example, if a key is created at 2024-01-11T14:28:00 with an Activation Date specified as 2024-01-11T14:27:27. Now, if a request to replace this \nkey is sent after five minutes i.e. at 2024-01-11T14:33:26 with an offset set to 600 secs (~10 mins.), then the\nReplacement Key's Activation Date will be:\n14:33:26 + 00:10:00 = 2024-01-11T14:43:26.\n"},"query":{"type":"object","description":"Use this object to specify the keys that need to be rotated.\nAll keys are rotated when this object is not specified.\nThis object is the same as the one used for POST request to the /v1/vault/query-keys endpoint.\nRefer to the documentation in that endpoint for further details on formulating the query.\n"},"meta":{"type":"object","description":"Use this object to modify the metadata on a key that is replaced by the key rotation procedure.\nThis object should be a JSON serialized object. The metadata on the replaced key (which is\nalso a JSON object) is merged with this JSON object.\n"}}},"database_backup_params":{"x-feature":"FF_DATABASE_BACKUP","type":"object","description":"Database backup operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\" and \"database_backup_params\" fields are mutually exclusive (cannot be set simultaneously).\n","title":"Database Backup Parameters","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain."},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the system backup can only be restored to instances that use the same HSM partition. Valid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\"{{FF_BACKUP_RESTORE_CF|, \"customer_fragments\"}} and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nIf multiple parameters of 'vault/query-keys' are provided then the result will be AND of all.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": \"{\"info\":{\"color\":\"red\"}}}\"`.{{FF_INDIVIDUAL_KEY_SELECTION_NAMES| To backup specific keys using names, use {\"names\":[\"key1\", \"key2\"]}.}}\n{{FF_INDIVIDUAL_KEY_SELECTION_IDS| To backup specific keys using ids, use {\"ids\":[\"a0aac0a14dcc4651abd3dae6bb8e6f9496af0\", \"89aac2314dcc4651abd3dae6bb8e6f9496a96\"]}.}}\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n\n{{FF_BACKUP_RESTORE_CF|For Customer fragments, valid `resourceQuery` parameter values are 'ids' and 'names' of Customer fragments. To backup specific customer fragments using ids, use {\"ids\":[\"370c4373-2675-4aa1-8cc7-07a9f95a5861\", \"4e1b9dec-2e38-40d7-b4d6-244043200546\"]}. To backup specific customer fragments using names, use {\"names\":[\"customerFragment1\", \"customerFragment2\"]}.}}\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"retentionCount":{"type":"integer","description":"Number of backups saved for this job config. Default is an unlimited quantity."},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup, and is returned while retrieving the backup information, or while listing backups. Users may find it useful to store various types of information here: a backup name or description, ID of the HSM the backup is tied to, etc.\n"},"do_scp":{"type":"boolean","description":"If true, the system backup will also be transferred to the external server via SCP.\n"},"connection":{"type":"string","description":"Name or ID of the SCP connection which stores the details for SCP server.\n"}}},"cckm_synchronization_params":{"type":"object","description":"CCKM Synchronization operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\",\"database_backup_params\" and \"cckm_synchronization_params\" fields are mutually exclusive (cannot be set simultaneously).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud in which the Synchronize operation will be triggered. The possible values are \"aws\", \"hsm-luna\", \"dsm\" , \"oci\", \"sfdc\", \"gcp\", \"sap\", \"external-cm\" and \"AzureCloud\"."},"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or name of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"sync_item":{"type":"array","items":{"type":"string"},"description":"Items which need to be synchronized. At least one of the values from below is required for azure synchronization operation.","enum":["key","secret","certificate","all"]},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"oci_vaults":{"type":"array","items":{"type":"string"},"description":"Vault ID from which oci key will be synchronized. Provide CCKM OCI vault ID. At least one vault ID is required for oci synchronization operation."},"external_cm_domains":{"type":"array","items":{"type":"string"},"description":"IDs of external cm domains from which keys will be synchronized. At least one external cm domain is required for external CM synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."},"take_cloud_key_backup":{"type":"boolean","description":"Set true to take cloud key backup of all keys of the vaults. Only applicable for Azure."}}},"cckm_key_rotation_params":{"type":"object","description":"CCKM KEY Rotation operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive (cannot be set simultaneously).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud in which the Rotation operation will be triggered. The possible values are \"aws\", \"gcp\", \"oci\" , \"sfdc\", \"sap\",{{FF_SAP_XKS| \"sap-ekm\",}} \"microsoft-dke\" and \"AzureCloud\"."},"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name `gcp`.\n","enum":["Xd for x days","Yh for y hours"]},"aws_param":{"type":"object","description":"AWS param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."},"rotate_material":{"x-feature":"FF_AWS_ROTATE_KEY_ON_DEMAND_BYOK","type":"boolean","description":"Whether to rotate material. When set to true, key material of the key will be rotated. Set to false, will create a new key and move the alias as part of rotation.\n"}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belongs."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have the following values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are `native`{{FF_LUNA_CONNECTION|, `hsm-luna`}}{{FF_DSM_CONNECTION|, `dsm`}}{{FF_EXTERNALCM_SOURCE|, 'external-cm`}} and `ciphertrust`."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"x-feature":"FF_DSM_CONNECTION","type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"x-feature":"FF_LUNA_CONNECTION","type":"string","description":"Partition ID where key will be created to upload on sfdc."},"external_cm_domain_id":{"x-feature":"FF_EXTERNALCM_SOURCE","type":"string","description":"External CM Domain ID where key will be created to upload on sfdc."}}},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date. For example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]}}},"cckm_xks_credential_rotation_params":{"type":"object","description":"CCKM XKS Credential Rotation operation specific arguments. The \"key_rotation_params\", \"database_backup_params\",\n\"cckm_synchronization_params\" and \"cckm_key_rotation\" fields are mutually exclusive (cannot be set simultaneously).\n","title":"CipherTrust Cloud Key Manager XKS Credential Rotation Parameters. This is for the rotation of the credential of an AWS External Key Store.","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud in which the Rotation operation will be triggered. The only supported value is \"aws\"."}}}}}]},"JobConfigRunNowResponse":{"title":"Run Job Config Response","properties":{"job_config_id":{"type":"string","description":"ID of the job configuration whose job was placed on the run queue."},"job_id":{"type":"string","description":"ID of the job that was placed on the run queue."}}},"DPGPolicy":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name of the DPG policy."},"description":{"type":"string","description":"Description of the DPG policy."},"proxy_config":{"type":"array","description":"List of API urls to be added to the proxy configuration.","items":{"type":"object","properties":{"api_url":{"type":"string","description":"URL of the application server from which the request will received."},"destination_url":{"type":"string","description":"URL of the application server where the request will be served."},"json_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}}}}}}}]},"DPGPolicyCreate":{"type":"object","properties":{"name":{"type":"string","description":"Name of the DPG policy."},"description":{"type":"string","description":"Description of the DPG policy."},"proxy_config":{"type":"array","description":"List of API urls to be added to the proxy configuration.","items":{"type":"object","properties":{"api_url":{"type":"string","description":"URL of the application server from which the request will received."},"destination_url":{"type":"string","description":"URL of the application server where the request will be served."},"json_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}}}}}}},"DPGPolicyUpdate":{"type":"object","properties":{"description":{"type":"string","description":"Unique name for DPG policy."},"proxy_config":{"type":"array","description":"List of API urls to be added to the proxy configuration.","items":{"type":"object","properties":{"api_url":{"type":"string","description":"URL of the application server from which the request will received."},"destination_url":{"type":"string","description":"URL of the application server where the request will be served."},"json_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}}}}}}},"ProxyConfig":{"type":"array","description":"List of API urls to be added to the proxy configuration.","items":{"type":"object","properties":{"api_url":{"type":"string","description":"URL of the application server from which the request will received."},"destination_url":{"type":"string","description":"URL of the application server where the request will be served."},"json_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}}}}},"ApiUrl":{"type":"object","properties":{"api_url":{"type":"string","description":"URL of the application server from which the request will received."},"destination_url":{"type":"string","description":"URL of the application server where the request will be served."},"json_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}}}},"TokenConfig":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"ClientProfile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Client profile name."},"nae_iface_port":{"type":"integer","description":"nae interface port."},"app_connector_type":{"type":"string","description":"App connector type.\nOptions:\n- DPG\n- CADP For Java\n- CRDP\n etc.\n"},"policy_id":{"type":"string","description":"Policy identifier."},"generic_client_profile_id":{"type":"string","description":"Generic client profile identifier."},"client_configuration_id":{"type":"string","description":"Client configuration identifier."},"reg_token":{"type":"string","description":"Registration token."},"ca_id":{"type":"string","description":"Local CA."},"configurations":{"type":"object","description":"Configurations to be used by the client"},"csr_configurations":{"type":"object","description":"CSR parameters to be used to created the signed certificate."},"meta":{"type":"object","description":"Meta information of the client profile."},"jwt_verification_key":{"type":"string","description":"PEM encoded PKCS#1 or PKCS#8 Public ket used to validate a JWT.\nFor example:\n-----BEGIN PUBLIC KEY-----\\n\\n-----END PUBLIC KEY-----\"\n"},"enable_client_autorenewal":{"type":"boolean","description":"Flag used to check whether client auto-renewal is enabled. The default value is false."},"groups":{"type":"array","items":{"type":"string","description":"Name of the group to which the clients will be automatically assigned during registration."}}}}]},"ClientProfileCreate":{"title":"Create","type":"object","required":["name","app_connector_type"],"properties":{"name":{"type":"string","description":"Unique name for the client profile."},"nae_iface_port":{"type":"integer","description":"Nae interface mapped with client profile."},"policy_id":{"type":"string","description":"Policy mapped with client profile."},"groups":{"type":"array","items":{"type":"string"},"description":"List of the groups in which client will be added during registration"},"ca_id":{"type":"string","description":"Local CA mapped with client profile."},"app_connector_type":{"type":"string","description":"App connector type for which the client profile is created. Option:\n- DPG\n- CADP For Java\n- CRDP\n"},"csr_parameters":{"type":"object","description":"Client certificate parameters to be updated.\n- csr_cn: common name\n- csr_country: country name\n- csr_state: state name\n- csr_city: city name\n- csr_org_name: organization name\n- csr_org_unit: organizational unit\n- csr_email: email\n"},"configurations":{"type":"object","description":"Parameters required to initialize connector.\n- symmetric_key_cache_enabled: Whether the symmetric key cache is enabled.\n Options.\n - true (Default)\n - false\n- symmetric_key_cache_expiry: Time after which the symmetric key cache will expire. Default: 43200\n- size_of_connection_pool: The maximum number of connections that can persist in connection pool. Default: 300\n- load_balancing_algorithm: Determines how the client selects a Key Manager from a load balancing group.\n Options.\n - round-robin (Default)\n - random\n- connection_idle_timeout: The time a connection is allowed to be idle in the connection pool before it gets automatically closed. Default: 600000\n- connection_retry_interval: The amount of time to wait before trying to reconnect to a disabled server. Default: 600000\n- log_level: The level of logging to determine verbosity of clients logs.\n Options.\n - ERROR\n - WARN (Default)\n - INFO\n - DEBUG\n- log_rotation: Specifies how frequently the log file is rotated.\n Options.\n - None\n - Daily (Default)\n - Weekly\n - Monthly\n - Size\n- log_size_limit: The maximum size of log file. Default: 100K\n- log_gmt: This value specifies if timestamp in logs should be formatted in GMT or not. Default disabled\n- log_type: Type of the log.\n Options.\n - Console (Default)\n - File\n - Multi\n- log_file_path: This value specifies the path where log file will be created\n- connection_timeout: Connection timeout value for clients. Default: 60000\n- connection_read_timeout: Read timeout value for clients. Default: 7000\n- heartbeat_interval: Frequency interval for sending heartbeat by connectors. Default: 300\n- heartbeat_timeout_count: heartbeat timeout missed communication counts with CM for connectors to decide on cleanup profile cache. Default: -1\n- tls_to_appserver\n- dial_timeout: Specifies the maximum duration (in seconds) the DPG server will wait for a connection with the Application Server to succeed.\n- dial_keep_alive: Specifies the interval (in seconds) between keep-alive probes for an active network connection.\n- auth_method_used the parameter is used to define how and from where to validate the application user\n - scheme_name: the type of authentication scheme to be used to fetch the suer\n Options.\n - Basic (Default)\n - Bearer\n - token_field: the json field which have the user information. Required when scheme_name is Bearer.\n- jwt_details: Information about the the JWT validation\n - issuer: String that identifies the principal that issued the JWT. If empty, the iss (issuer) field in the JWT won't be checked.\n - jwks_url: A string that provides the JWKs URL, through which JWKs are fetched to validate JWT.\n - jwks_refresh_duration: The duration (in days) after which the JWKs will be refreshed. The value must be specified as integer.\n - jwt_username_field: Specifies the location of the username in the JWT. Access policy will be applied based on the username present in this location. The value must be a string.\n - enable_dpop: Flag to enable dpop verification.\n- enable_performance_metrics: Flag used to enable performance metrics.\n Options.\n - true (Default)\n - false\n"},"cert_duration":{"type":"integer","description":"Duration for which client credentials are valid."},"jwt_verification_key":{"type":"string","description":"PEM encoded PKCS#1 or PKCS#8 Public key used to validate a JWT.\nFor example:\n-----BEGIN PUBLIC KEY-----\\n\\n-----END PUBLIC KEY-----\"\n"},"enable_client_autorenewal":{"type":"boolean","description":"Flag used to check client autorenewal is enabled or not. Default value is false."}}},"ClientProfileUpdate":{"title":"Update","type":"object","properties":{"name":{"type":"string","description":"Name to be updated."},"nae_iface_port":{"type":"integer","description":"Nae interface to be updated. To unset nae_iface_port set it to zero."},"app_connector_type":{"type":"string","description":"App connector type to be updated. Options:\n- DPG\n- CADP For Java\n- CRDP\n"},"ca_id":{"type":"string","description":"Local CA to be updated."},"policy_id":{"type":"string","description":"Policy to be updated."},"groups":{"type":"array","items":{"type":"string"},"description":"List of the groups in which client will be added during registration"},"csr_parameters":{"type":"object","description":"Client certificate parameters to be updated.\n- csr_cn: common name\n- csr_country: country name\n- csr_state: state name\n- csr_city: city name\n- csr_org_name: organization name\n- csr_org_unit: organizational unit\n- csr_email: email\n"},"configurations":{"type":"object","description":"Parameters required to initialize connector.\n- symmetric_key_cache_enabled: Whether the symmetric key cache is enabled.\n Options.\n - true (Default)\n - false\n- symmetric_key_cache_expiry: Time after which the symmetric key cache will expire. Default: 43200\n- size_of_connection_pool: The maximum number of connections that can persist in connection pool. Default: 300\n- load_balancing_algorithm: Determines how the client selects a Key Manager from a load balancing group.\n Options.\n - round-robin (Default)\n - random\n- connection_idle_timeout: The time a connection is allowed to be idle in the connection pool before it gets automatically closed. Default: 600000\n- connection_retry_interval: The amount of time to wait before trying to reconnect to a disabled server. Default: 600000\n- log_level: The level of logging to determine verbosity of clients logs.\n Options.\n - ERROR\n - WARN (Default)\n - INFO\n - DEBUG\n- log_rotation: Specifies how frequently the log file is rotated.\n Options.\n - None\n - Daily (Default)\n - Weekly\n - Monthly\n - Size\n- log_size_limit: The maximum size of log file. Default: 100K\n- log_gmt: This value specifies if timestamp in logs should be formatted in GMT or not. Default disabled\n- log_type: Type of the log.\n Options.\n - Console (Default)\n - File\n - Multi\n- log_file_path: This value specifies the path where log file will be created\n- connection_timeout: Connection timeout value for clients. Default: 60000\n- connection_read_timeout: Read timeout value for clients. Default: 7000\n- heartbeat_interval: Frequency interval for sending heartbeat by connectors. Default: 300\n- heartbeat_timeout_count: heartbeat timeout missed communication counts with CM for connectors to decide on cleanup profile cache. Default: -1\n- tls_to_appserver\n- dial_timeout: Specifies the maximum duration (in seconds) the DPG server will wait for a connection with the Application Server to succeed.\n- dial_keep_alive: Specifies the interval (in seconds) between keep-alive probes for an active network connection.\n- auth_method_used the parameter is used to define how and from where to validate the application user\n - scheme_name: the type of authentication scheme to be used to fetch the suer\n Options.\n - Basic (Default)\n - Bearer\n - token_field: the json field which have the user information. Required when scheme_name is Bearer.\n- jwt_details: Information about the the JWT validation\n - issuer: String that identifies the principal that issued the JWT. If empty, the iss (issuer) field in the JWT won't be checked.\n - jwks_url: A string that provides the JWKs URL, through which JWKs are fetched to validate JWT.\n - jwks_refresh_duration: The duration (in days) after which the JWKs will be refreshed. The value must be specified as integer.\n - jwt_username_field: Specifies the location of the username in the JWT. Access policy will be applied based on the username present in this location. The value must be a string.\n - enable_dpop: Flag to enable dpop verification.\n- enable_performance_metrics: Flag used to enable performance metrics.\n Options.\n - true (default) \n - false\n"},"cert_duration":{"type":"integer","description":"Duration for which client credentials are valid."},"jwt_verification_key":{"type":"string","description":"PEM encoded PKCS#1 or PKCS#8 Public ket used to validate a JWT.\nFor example:\n-----BEGIN PUBLIC KEY-----\\n\\n-----END PUBLIC KEY-----\"\n"},"enable_client_autorenewal":{"type":"boolean","description":"Flag used to check client autorenewal is enabled or not."}}},"ClientProfileTemplate":{"allOf":[{"type":"object","properties":{"app_connector_type":{"type":"string","description":"App connector type.\nOptions:\n- DPG\n- CADP For Java\n- CRDP\n"},"configurations":{"type":"object","description":"Configurations to be used by the client"}}}]},"UserSet":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"User set name."},"description":{"type":"string","description":"Description of the User Set"},"users":{"type":"array","items":{"type":"string"},"description":"List of users"}}}]},"MaskingFormat":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Masking format name."},"starting_characters":{"type":"integer","description":"Number of starting characters."},"ending_characters":{"type":"integer","description":"Number of ending characters."},"mask_char":{"type":"string","description":"Masking character"},"show":{"type":"boolean","description":"Flag for show/hide type dynamic masking format."},"static":{"type":"boolean","description":"Flag for static/dynamic masking format."},"predefined":{"type":"boolean","description":"Whether it is a predefined masking format."},"description":{"type":"string","description":"The description of masking-format."}}}]},"AccessPolicy":{"type":"object","properties":{"name":{"type":"string","description":"Access Policy name."},"default_reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"default_error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'."},"default_masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."},"description":{"type":"string","description":"Description of the Access Policy"},"user_set_policy":{"type":"array","description":"List of policies to be added to the access policy.","items":{"type":"object","properties":{"user_set_id":{"type":"string","description":"User set to which the policy is applied."},"reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'.\n"},"masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."}}}}}},"UserSetPolicy":{"type":"array","description":"List of policies to be added to the access policy.","items":{"type":"object","properties":{"user_set_id":{"type":"string","description":"User set to which the policy is applied."},"reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'.\n"},"masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."}}}},"CreateUserSetPolicyObject":{"type":"object","properties":{"user_set_id":{"type":"string","description":"User set to which the policy is applied."},"reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'.\n"},"masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."}}},"UpdateUserSetPolicyObject":{"type":"object","properties":{"reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'.\n"},"masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."}}},"ClientConfiguration":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"type":"string","description":"Policy identifier."},"configurations":{"type":"string","description":"Configurations to be used by the client."},"ip":{"type":"string","description":"IP of all the nodes in cluster."},"nae_iface_port":{"type":"integer","description":"Port of the nae_iface configured in the client profile."},"nae_iface_mode":{"type":"string","description":"Mode of the nae_iface configured in the client profile."},"enable_client_autorenewal":{"type":"boolean","description":"Flag used to check client autorenewal is enabled or not. Default value is false."}}}]},"BDTPolicy":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"BDT policy name."},"description":{"type":"string","description":"BDT policy description."},"in_place_update":{"type":"string","description":"True, if the transformation is done in the same container."},"create_bad_record_file":{"type":"boolean"},"fpemode":{"type":"string"},"case_sensitive":{"type":"boolean","description":"True, if the database name is case sensitive"},"source":{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}},"destination":{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}},"tables":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"source_table":{"type":"string","description":"Source table name."},"source_schema":{"type":"string","description":"Source table schema."},"destination_table":{"type":"string","description":"Destination table name."},"destination_schema":{"type":"string","description":"destination table schema."},"create_destination_table":{"type":"boolean","description":"Create table on the destination if it doesn't exist."},"subset":{"type":"object","properties":{"offset":{"type":"integer"},"limit":{"type":"integer"},"recurrency":{"type":"integer"},"orderBy":{"type":"string"},"order":{"type":"string"},"filters":{"type":"array","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using tokenization)."},"token_group":{"type":"string","description":"Token group name (when using tokenization)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}]}}}}]}}}}]},"BDTPolicyResponse":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"BDT policy name."},"description":{"type":"string","description":"BDT policy description."},"in_place_update":{"type":"string","description":"True, if the transformation is done in the same container."},"create_bad_record_file":{"type":"boolean"},"fpemode":{"type":"string"},"case_sensitive":{"type":"boolean","description":"True, if the database name is case sensitive"},"source":{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}},"destination":{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}},"tables":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"source_table":{"type":"string","description":"Source table name."},"source_schema":{"type":"string","description":"Source table schema."},"destination_table":{"type":"string","description":"Destination table name."},"destination_schema":{"type":"string","description":"destination table schema."},"create_destination_table":{"type":"boolean","description":"Create table on the destination if it doesn't exist."},"subset":{"type":"object","properties":{"offset":{"type":"integer"},"limit":{"type":"integer"},"recurrency":{"type":"integer"},"orderBy":{"type":"string"},"order":{"type":"string"},"filters":{"type":"array","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using tokenization)."},"token_group":{"type":"string","description":"Token group name (when using tokenization)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}]}}}}]}}}}]},"BDTTable":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"source_table":{"type":"string","description":"Source table name."},"source_schema":{"type":"string","description":"Source table schema."},"destination_table":{"type":"string","description":"Destination table name."},"destination_schema":{"type":"string","description":"destination table schema."},"create_destination_table":{"type":"boolean","description":"Create table on the destination if it doesn't exist."},"subset":{"type":"object","properties":{"offset":{"type":"integer"},"limit":{"type":"integer"},"recurrency":{"type":"integer"},"orderBy":{"type":"string"},"order":{"type":"string"},"filters":{"type":"array","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using tokenization)."},"token_group":{"type":"string","description":"Token group name (when using tokenization)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}]}}}}]},"BDTColumn":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using tokenization)."},"token_group":{"type":"string","description":"Token group name (when using tokenization)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}]},"ProtectionProfile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"ProtectionPolicy":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection policy name."},"description":{"type":"string","description":"The description of protection policy."},"version":{"type":"integer","description":"The version of the protection policy."},"latest_version":{"type":"boolean"},"key":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection policy IV."},"tweak":{"type":"string","description":"Protection policy tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection policy algorithm."},"tag_length":{"x-feature":"FF_ADP_GCM_PROTECTION_POLICY","type":"integer","description":"Tag length required for AES/GCM algorithm. Valid values are 32 - 128 in multiples of 8, i.e 32,40,48,56, ... 128"},"aad":{"x-feature":"FF_ADP_GCM_PROTECTION_POLICY","type":"string","description":"Additional authenticated data for AES/GCM algorithm. This is an optional field"},"random_nonce":{"x-feature":"FF_ADP_RANDOM_NONCE_PROTECTION_POLICY","type":"string","description":"parameter to enable the random nonce. The random nonce parameter can be: internal or external\nFor AES algorithms (AES/CBC, AES/GCM), an IV is not required as it will be generated randomly. \n{{FF_ADP_FPE_RANDOM_NONCE_PROTECTION_POLICY| For FPE algorithms (FPE/AES, FPE/FF1v2, FPE/FF3, FPE/FF3-1), a tweak is not required as it will be generated randomly.}}\n{{FF_ADP_IRREVERSIBLE_PROTECTION_POLICY| Irreversible Token can not be set to true if Random Nonce is selected.}}\n"},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"id":{"type":"string","description":"The unique identifier of the resource"},"name":{"type":"string","description":"Character Set name."},"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string","description":"Character Set encoding."}}}]}}},"masking_format_id":{"type":"string"},"masking_format":{"type":"object","properties":{"schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Masking format name."},"starting_characters":{"type":"integer","description":"Number of starting characters."},"ending_characters":{"type":"integer","description":"Number of ending characters."},"mask_char":{"type":"string","description":"Masking character"},"show":{"type":"boolean","description":"Flag for show/hide type dynamic masking format."},"static":{"type":"boolean","description":"Flag for static/dynamic masking format."},"predefined":{"type":"boolean","description":"Whether it is a predefined masking format."},"description":{"type":"string","description":"The description of masking-format."}}}]}}},"use_external_versioning":{"type":"boolean","description":"If set to true, external versioning is enabled for the protection policy. The version details are stored in a separate external parameter. The default value is false."},"disable_versioning":{"type":"boolean","description":"If set to true, versioning is not maintained for the protection policies. The default value is false."},"access_policy_name":{"type":"string","description":"Access Policy associated with the protection policy."},"prefix":{"type":"string","description":"A static string to be added to the tokens. Maximum value of prefix can be 7."},"data_format":{"type":"string","description":"The format in which the data to be protected will be provided.\nOptions:\n- luhn\n"},"allow_small_input":{"x-feature":"FF_ADP_ALLOW_SMALL_INPUT","type":"boolean","description":"Allow small input in protection policy. This parameter is only supported for FPE and RANDOM2 algorithms. By default, its value is true."},"irreversible_token":{"x-feature":"FF_ADP_IRREVERSIBLE_PROTECTION_POLICY","type":"boolean","description":"This parameter generates ciphertext that cannot be reversed. By default, its value is set to false. IV is not supported with AES algorithms, Tweak is not supported with FPE algorithms and Random Nonce can not be set to true when Irreversible Token is set to true."}}}]},"CharacterSet":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"id":{"type":"string","description":"The unique identifier of the resource"},"name":{"type":"string","description":"Character Set name."},"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string","description":"Character Set encoding."}}}]},"Container":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}}]},"ContainerResponse":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}}]},"BDTJobConfigurations":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"version":{"type":"integer"},"name":{"type":"string","description":"BDT policy name."},"description":{"type":"string","description":"BDT policy description."},"case_sensitive":{"type":"boolean"},"in_place_update":{"type":"boolean"},"unprocessed_record_file":{"type":"string"},"source_id":{"type":"string"},"source":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","required":["name","type"],"properties":{"name":{"type":"string","description":"Name of BDT data source."},"description":{"type":"string","description":"Description of BDT data source."},"type":{"type":"string","description":"Specify the destination type. \n- While working with files options are:\n - CSV File\n - Fixed Length File\n- While working with database options are:\n - IBM Db2\n - Oracle\n - MySQL\n - Microsoft SQL Server\n - SAP HANA\n - PostgreSQL\n"},"database_properties":{"type":"object","properties":{"connection_url":{"type":"string","description":"Database connection URL."},"username":{"type":"string","description":"Database username."},"password":{"type":"string","description":"Database password."},"jdbc_driver_url":{"type":"string","description":"The url from where JDBC driver jar will be downloaded."},"database_server_certificate":{"type":"string","description":"The database server certificate required to establish a secure JDBC connection."}}},"file_properties":{"type":"object","properties":{"file_path":{"type":"string","description":"It specifies the file path relative to the inputDir/outputDir path in the config file."},"delimiter":{"type":"string","description":"Name of the character that is used to divide one column from the next in the input/output file."},"qualifier":{"type":"string","description":"It specifies a character to enclose fields that contain a delimiter character. Any printable ASCII character except for backslash can be used as a qualifier.\n"},"column_count":{"type":"integer","description":"Specify number of column in file."},"encoding":{"type":"string","description":"It is used to set character encoding."},"record_length":{"type":"integer","description":"Specifies record length of input/output file."},"line_separator":{"type":"boolean","description":"The record is separated with line separator, if enabled."},"column_position_info":{"type":"array","description":"It specifies column positioning.","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}}}}}}]},"destination_id":{"type":"string"},"destination":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","required":["name","type"],"properties":{"name":{"type":"string","description":"Name of BDT data source."},"description":{"type":"string","description":"Description of BDT data source."},"type":{"type":"string","description":"Specify the destination type. \n- While working with files options are:\n - CSV File\n - Fixed Length File\n- While working with database options are:\n - IBM Db2\n - Oracle\n - MySQL\n - Microsoft SQL Server\n - SAP HANA\n - PostgreSQL\n"},"database_properties":{"type":"object","properties":{"connection_url":{"type":"string","description":"Database connection URL."},"username":{"type":"string","description":"Database username."},"password":{"type":"string","description":"Database password."},"jdbc_driver_url":{"type":"string","description":"The url from where JDBC driver jar will be downloaded."},"database_server_certificate":{"type":"string","description":"The database server certificate required to establish a secure JDBC connection."}}},"file_properties":{"type":"object","properties":{"file_path":{"type":"string","description":"It specifies the file path relative to the inputDir/outputDir path in the config file."},"delimiter":{"type":"string","description":"Name of the character that is used to divide one column from the next in the input/output file."},"qualifier":{"type":"string","description":"It specifies a character to enclose fields that contain a delimiter character. Any printable ASCII character except for backslash can be used as a qualifier.\n"},"column_count":{"type":"integer","description":"Specify number of column in file."},"encoding":{"type":"string","description":"It is used to set character encoding."},"record_length":{"type":"integer","description":"Specifies record length of input/output file."},"line_separator":{"type":"boolean","description":"The record is separated with line separator, if enabled."},"column_position_info":{"type":"array","description":"It specifies column positioning.","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}}}}}}]},"tables":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"source_table":{"type":"string","description":"Source table name."},"source_schema":{"type":"string","description":"Source table schema."},"destination_table":{"type":"string","description":"Destination table name."},"destination_schema":{"type":"string","description":"Destination table schema."},"create_destination_table":{"type":"boolean","description":"Create table on the destination if it doesn't exist."},"subset":{"type":"object","properties":{"offset":{"type":"integer"},"limit":{"type":"integer"},"recurrency":{"type":"integer"},"order_by":{"type":"string"},"order":{"type":"string"},"filters":{"type":"array","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"source_column_name":{"type":"string","description":"Name of the column on which transformation would be performed."},"operation":{"type":"string","description":"Action to be performed on a column. Supported operations are protect, reveal, reprotect."},"protection_policy":{"type":"string","description":"Protection policy used for transformation."},"version_header_column":{"type":"string","description":"Name of the column field that will hold the version header bytes.This property will only be applicable if the protection policy is configured with external versioning."},"target_column_name":{"type":"string","description":"Name of the column where output of the transformed column will be stored."},"source_column_action":{"type":"string","description":"Allows user to choose the following action on source_column_name when target_column_name is specified. Supported actions are preserve, empty and remove."},"target_column_length":{"type":"integer","description":"Length of the target_Column_name. This parameter is only required when destination type is FIXED_LENGTH_FILE."},"nonce_column_name":{"x-feature":"FF_ADP_RANDOM_NONCE_PROTECTION_POLICY","type":"string","description":"Name of the column field that will hold the random nonce value.This property will only be applicable if the protection policy is configured with external random nonce."}}}]}}}}]}},"meta":{"type":"object","description":"Contains meta information for the job configuration.","properties":{"job_running":{"type":"boolean","description":"Specifies whether the job configuration is associated with a job."}}}}}]},"BDTJobConfigurationsCreate":{"type":"object","properties":{"name":{"type":"string","description":"Name of BDT policy."},"description":{"type":"string","description":"Description of BDT policy."},"case_sensitive":{"type":"boolean","description":"Options:\n- true: If set to true, all the database objects mentioned in the policy file will be processed in the same case as input.\n- false: If set to false, all the database objects mentioned in the policy file will be automatically converted to CAPITAL case.\n"},"in_place_update":{"type":"boolean","description":"If enabled, BDT transform data in-place within the database, rather than the default behavior that creates a new destination table containing the transformed data."},"unprocessed_record_file":{"type":"string","description":"The file path where all the failed files would be saved (having .failed extension)"},"source_id":{"type":"string","description":"The id of the data_source"},"destination_id":{"type":"string","description":"The id of the data_source"},"tables":{"type":"array","items":{"type":"object","properties":{"source_table":{"type":"string","description":"Name of the source table. It is applicable only for DB-to-DB Transformation."},"source_schema":{"type":"string","description":"Name of the source table schema. It is applicable only for DB-to-DB Transformation."},"destination_table":{"type":"string","description":"Name of the destination table. It is applicable only for DB-to-DB Transformation."},"destination_schema":{"type":"string","description":"Name of the destination table schema. It is applicable only for DB-to-DB Transformation."},"create_destination_table":{"type":"boolean","description":"If set to true, a table will be created in the destination database. It is applicable only for DB-to-DB Transformation."},"subset":{"type":"object","description":"Table-specific data filter criteria. Filter input data based on these criteria. Not supported for file transformation.","properties":{"offset":{"type":"integer","description":"It indicated start of record index."},"limit":{"type":"integer","description":"Maximum number of records/rows to transform, starting from offset."},"recurrency":{"type":"integer","description":"Select every Nth record. By default, select every record."},"order_by":{"type":"string","description":"Sort input data based on the column specified. By default, first column will be used."},"order":{"type":"string","description":"Order in which output data will be sorted. ASC (ascending) or DESC (descending) record order is supported."},"filters":{"type":"array","description":"It filters the input data with specific criteria using selector, operator and expresion.","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"type":"object","properties":{"source_column_name":{"type":"string","description":"Name of the column on which transformation would be performed."},"operation":{"type":"string","description":"Action to be performed on a column. Supported operations are protect, reveal, reprotect."},"protection_policy":{"type":"string","description":"Protection policy used for transformation."},"version_header_column":{"type":"string","description":"Name of the column field that will hold the version header bytes.This property will only be applicable if the protection policy is configured with external versioning."},"target_column_name":{"type":"string","description":"Name of the column where output of the transformed column will be stored."},"source_column_action":{"type":"string","description":"Allows user to choose the following action on source_column_name when target_column_name is specified. Supported actions are preserve, empty and remove."},"target_column_length":{"type":"integer","description":"Length of the target_Column_name. This parameter is only required when destination type is FIXED_LENGTH_FILE."},"nonce_column_name":{"x-feature":"FF_ADP_RANDOM_NONCE_PROTECTION_POLICY","type":"string","description":"Name of the column field that will hold the random nonce value.This property will only be applicable if the protection policy is configured with external random nonce."}}}}}}}}},"BDTJobConfigurationsUpdate":{"type":"object","properties":{"name":{"type":"string","description":"Name of BDT policy"},"description":{"type":"string","description":"Description of the bdt policy."},"case_sensitive":{"type":"boolean","description":"Options:\n- true: If set to true, all the database objects mentioned in the policy file will be processed in the same case as input.\n- false: If set to false, all the database objects mentioned in the policy file will be automatically converted to CAPITAL case.\n"},"in_place_update":{"type":"boolean","description":"If enabled, BDT transform data in-place within the database, rather than the default behavior that creates a new destination table containing the transformed data."},"unprocessed_record_file":{"type":"string","description":"The file path where all the failed files would be saved (having .failed extension)"},"source_id":{"type":"string","description":"The id of the data_source"},"destination_id":{"type":"string","description":"The id of the data_source"},"tables":{"type":"array","items":{"type":"object","properties":{"source_table":{"type":"string","description":"Name of the source table. It is applicable only for DB-to-DB Transformation."},"source_schema":{"type":"string","description":"Name of the source table schema. It is applicable only for DB-to-DB Transformation."},"destination_table":{"type":"string","description":"Name of the destination table. It is applicable only for DB-to-DB Transformation."},"destination_schema":{"type":"string","description":"Name of the destination table schema. It is applicable only for DB-to-DB Transformation."},"create_destination_table":{"type":"boolean","description":"If set to true, a table will be created in the destination database. It is applicable only for DB-to-DB Transformation."},"subset":{"type":"object","description":"Table-specific data filter criteria. Filter input data based on these criteria. Not supported for file transformation.","properties":{"offset":{"type":"integer","description":"It indicated start of record index."},"limit":{"type":"integer","description":"Maximum number of records/rows to transform, starting from offset."},"recurrency":{"type":"integer","description":"Select every Nth record. By default, select every record."},"order_by":{"type":"string","description":"Sort input data based on the column specified. By default, first column will be used."},"order":{"type":"string","description":"Order in which output data will be sorted. ASC (ascending) or DESC (descending) record order is supported."},"filters":{"type":"array","description":"It filters the input data with specific criteria using selector, operator and expresion.","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"type":"object","properties":{"source_column_name":{"type":"string","description":"Name of the column on which transformation would be performed."},"operation":{"type":"string","description":"Action to be performed on a column. Supported operations are protect, reveal, reprotect."},"protection_policy":{"type":"string","description":"Protection policy used for transformation."},"version_header_column":{"type":"string","description":"Name of the column field that will hold the version header bytes.This property will only be applicable if the protection policy is configured with external versioning."},"target_column_name":{"type":"string","description":"Name of the column where output of the transformed column will be stored."},"source_column_action":{"type":"string","description":"Allows user to choose the following action on source_column_name when target_column_name is specified. Supported actions are preserve, empty and remove."},"target_column_length":{"type":"integer","description":"Length of the target_Column_name. This parameter is only required when destination type is FIXED_LENGTH_FILE."},"nonce_column_name":{"x-feature":"FF_ADP_RANDOM_NONCE_PROTECTION_POLICY","type":"string","description":"Name of the column field that will hold the random nonce value.This property will only be applicable if the protection policy is configured with external random nonce."}}}}}}}}},"DataSource":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","required":["name","type"],"properties":{"name":{"type":"string","description":"Name of BDT data source."},"description":{"type":"string","description":"Description of BDT data source."},"type":{"type":"string","description":"Specify the destination type. \n- While working with files options are:\n - CSV File\n - Fixed Length File\n- While working with database options are:\n - IBM Db2\n - Oracle\n - MySQL\n - Microsoft SQL Server\n - SAP HANA\n - PostgreSQL\n"},"database_properties":{"type":"object","properties":{"connection_url":{"type":"string","description":"Database connection URL."},"username":{"type":"string","description":"Database username."},"password":{"type":"string","description":"Database password."},"jdbc_driver_url":{"type":"string","description":"The url from where JDBC driver jar will be downloaded."},"database_server_certificate":{"type":"string","description":"The database server certificate required to establish a secure JDBC connection."}}},"file_properties":{"type":"object","properties":{"file_path":{"type":"string","description":"It specifies the file path relative to the inputDir/outputDir path in the config file."},"delimiter":{"type":"string","description":"Name of the character that is used to divide one column from the next in the input/output file."},"qualifier":{"type":"string","description":"It specifies a character to enclose fields that contain a delimiter character. Any printable ASCII character except for backslash can be used as a qualifier.\n"},"column_count":{"type":"integer","description":"Specify number of column in file."},"encoding":{"type":"string","description":"It is used to set character encoding."},"record_length":{"type":"integer","description":"Specifies record length of input/output file."},"line_separator":{"type":"boolean","description":"The record is separated with line separator, if enabled."},"column_position_info":{"type":"array","description":"It specifies column positioning.","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}}}}}}]},"BdtDataSource":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name of data source."},"description":{"type":"string","description":"Description of data source."},"type":{"type":"string","description":"Specify the destination type. \n- While working with files options are:\n - CSV File\n - Fixed Length File\n- While working with database options are:\n - IBM Db2\n - Oracle\n - MySQL\n - Microsoft SQL Server\n - SAP HANA\n - PostgreSQL\n"},"database_properties":{"type":"object","properties":{"connection_url":{"type":"string","description":"Database connection URL."},"username":{"type":"string","description":"Database username."},"password":{"type":"string","description":"Database password."},"jdbc_driver_url":{"type":"string","description":"The url from where JDBC driver jar will be downloaded."},"database_server_certificate":{"type":"string","description":"The database server certificate required to establish a secure JDBC connection."}}},"file_properties":{"type":"object","properties":{"file_path":{"type":"string","description":"It specifies the file path relative to the inputDir/outputDir path in the config file."},"delimiter":{"type":"string","description":"Name of the character that is used to divide one column from the next in the input/output file."},"qualifier":{"type":"string","description":"It specifies a character to enclose fields that contain a delimiter character. Any printable ASCII character except for backslash can be used as a qualifier.\n"},"column_count":{"type":"integer","description":"Specify number of column in file."},"encoding":{"type":"string","description":"It is used to set character encoding."},"record_length":{"type":"integer","description":"Specifies record length of input/output file."},"line_separator":{"type":"boolean","description":"The record is separated with line separator, if enabled."},"column_position_info":{"type":"array","description":"It specifies column positioning.","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}}}}}}]},"BdtDataSourceCreate":{"type":"object","required":["name","type"],"properties":{"name":{"type":"string","description":"Name of BDT data source."},"description":{"type":"string","description":"Description of BDT data source."},"type":{"type":"string","description":"Specify the destination type. \n- While working with files options are:\n - CSV File\n - Fixed Length File\n- While working with database options are:\n - IBM Db2\n - Oracle\n - MySQL\n - Microsoft SQL Server\n - SAP HANA\n - PostgreSQL\n"},"database_properties":{"type":"object","properties":{"connection_url":{"type":"string","description":"Database connection URL."},"username":{"type":"string","description":"Database username."},"password":{"type":"string","description":"Database password."},"jdbc_driver_url":{"type":"string","description":"The url from where JDBC driver jar will be downloaded."},"database_server_certificate":{"type":"string","description":"The database server certificate required to establish a secure JDBC connection."}}},"file_properties":{"type":"object","properties":{"file_path":{"type":"string","description":"It specifies the file path relative to the inputDir/outputDir path in the config file."},"delimiter":{"type":"string","description":"Name of the character that is used to divide one column from the next in the input/output file."},"qualifier":{"type":"string","description":"It specifies a character to enclose fields that contain a delimiter character. Any printable ASCII character except for backslash can be used as a qualifier.\n"},"column_count":{"type":"integer","description":"Specify number of column in file."},"encoding":{"type":"string","description":"It is used to set character encoding."},"record_length":{"type":"integer","description":"Specifies record length of input/output file."},"line_separator":{"type":"boolean","description":"The record is separated with line separator, if enabled."},"column_position_info":{"type":"array","description":"It specifies column positioning.","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}}}}}},"BdtDataSourceUpdate":{"type":"object","properties":{"name":{"type":"string","description":"Name of BDT data source."},"description":{"type":"string","description":"Description of BDT data source."},"type":{"type":"string","description":"Specify the destination type. \n- While working with files options are:\n - CSV File\n - Fixed Length File\n- While working with database options are:\n - IBM Db2\n - Oracle\n - MySQL\n - Microsoft SQL Server\n - SAP HANA\n - PostgreSQL\n"},"database_properties":{"type":"object","properties":{"connection_url":{"type":"string","description":"Database connection URL."},"username":{"type":"string","description":"Database username."},"password":{"type":"string","description":"Database password."},"jdbc_driver_url":{"type":"string","description":"The url from where JDBC driver jar will be downloaded."},"database_server_certificate":{"type":"string","description":"The database server certificate required to establish a secure JDBC connection."}}},"file_properties":{"type":"object","properties":{"file_path":{"type":"string","description":"It specifies the file path relative to the inputDir/outputDir path in the config file."},"delimiter":{"type":"string","description":"Name of the character that is used to divide one column from the next in the input/output file."},"qualifier":{"type":"string","description":"It specifies a character to enclose fields that contain a delimiter character. Any printable ASCII character except for backslash can be used as a qualifier.\n"},"column_count":{"type":"integer","description":"Specify number of column in file."},"encoding":{"type":"string","description":"It is used to set character encoding."},"record_length":{"type":"integer","description":"Specifies record length of input/output file."},"line_separator":{"type":"boolean","description":"The record is separated with line separator, if enabled."},"column_position_info":{"type":"array","description":"It specifies column positioning.","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}}}}}},"BDTTableConfigurations":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"source_table":{"type":"string","description":"Source table name."},"source_schema":{"type":"string","description":"Source table schema."},"destination_table":{"type":"string","description":"Destination table name."},"destination_schema":{"type":"string","description":"Destination table schema."},"create_destination_table":{"type":"boolean","description":"Create table on the destination if it doesn't exist."},"subset":{"type":"object","properties":{"offset":{"type":"integer"},"limit":{"type":"integer"},"recurrency":{"type":"integer"},"order_by":{"type":"string"},"order":{"type":"string"},"filters":{"type":"array","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"source_column_name":{"type":"string","description":"Name of the column on which transformation would be performed."},"operation":{"type":"string","description":"Action to be performed on a column. Supported operations are protect, reveal, reprotect."},"protection_policy":{"type":"string","description":"Protection policy used for transformation."},"version_header_column":{"type":"string","description":"Name of the column field that will hold the version header bytes.This property will only be applicable if the protection policy is configured with external versioning."},"target_column_name":{"type":"string","description":"Name of the column where output of the transformed column will be stored."},"source_column_action":{"type":"string","description":"Allows user to choose the following action on source_column_name when target_column_name is specified. Supported actions are preserve, empty and remove."},"target_column_length":{"type":"integer","description":"Length of the target_Column_name. This parameter is only required when destination type is FIXED_LENGTH_FILE."},"nonce_column_name":{"x-feature":"FF_ADP_RANDOM_NONCE_PROTECTION_POLICY","type":"string","description":"Name of the column field that will hold the random nonce value.This property will only be applicable if the protection policy is configured with external random nonce."}}}]}}}}]},"BDTTableConfigurationsCreate":{"type":"object","properties":{"source_table":{"type":"string","description":"Name of the source table. It is applicable only for DB-to-DB Transformation."},"source_schema":{"type":"string","description":"Name of the source table schema. It is applicable only for DB-to-DB Transformation."},"destination_table":{"type":"string","description":"Name of the destination table. It is applicable only for DB-to-DB Transformation."},"destination_schema":{"type":"string","description":"Name of the destination table schema. It is applicable only for DB-to-DB Transformation."},"create_destination_table":{"type":"boolean","description":"If set to true, a table will be created in the destination database. It is applicable only for DB-to-DB Transformation."},"subset":{"type":"object","description":"Table-specific data filter criteria. Filter input data based on these criteria. Not supported for file transformation.","properties":{"offset":{"type":"integer","description":"It indicated start of record index."},"limit":{"type":"integer","description":"Maximum number of records/rows to transform, starting from offset."},"recurrency":{"type":"integer","description":"Select every Nth record. By default, select every record."},"order_by":{"type":"string","description":"Sort input data based on the column specified. By default, first column will be used."},"order":{"type":"string","description":"Order in which output data will be sorted. ASC (ascending) or DESC (descending) record order is supported."},"filters":{"type":"array","description":"It filters the input data with specific criteria using selector, operator and expresion.","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"type":"object","properties":{"source_column_name":{"type":"string","description":"Name of the column on which transformation would be performed."},"operation":{"type":"string","description":"Action to be performed on a column. Supported operations are protect, reveal, reprotect."},"protection_policy":{"type":"string","description":"Protection policy used for transformation."},"version_header_column":{"type":"string","description":"Name of the column field that will hold the version header bytes.This property will only be applicable if the protection policy is configured with external versioning."},"target_column_name":{"type":"string","description":"Name of the column where output of the transformed column will be stored."},"source_column_action":{"type":"string","description":"Allows user to choose the following action on source_column_name when target_column_name is specified. Supported actions are preserve, empty and remove."},"target_column_length":{"type":"integer","description":"Length of the target_Column_name. This parameter is only required when destination type is FIXED_LENGTH_FILE."},"nonce_column_name":{"x-feature":"FF_ADP_RANDOM_NONCE_PROTECTION_POLICY","type":"string","description":"Name of the column field that will hold the random nonce value.This property will only be applicable if the protection policy is configured with external random nonce."}}}}}},"BDTColumnConfigurations":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"source_column_name":{"type":"string","description":"Name of the column on which transformation would be performed."},"operation":{"type":"string","description":"Action to be performed on a column. Supported operations are protect, reveal, reprotect."},"protection_policy":{"type":"string","description":"Protection policy used for transformation."},"version_header_column":{"type":"string","description":"Name of the column field that will hold the version header bytes.This property will only be applicable if the protection policy is configured with external versioning."},"target_column_name":{"type":"string","description":"Name of the column where output of the transformed column will be stored."},"source_column_action":{"type":"string","description":"Allows user to choose the following action on source_column_name when target_column_name is specified. Supported actions are preserve, empty and remove."},"target_column_length":{"type":"integer","description":"Length of the target_Column_name. This parameter is only required when destination type is FIXED_LENGTH_FILE."},"nonce_column_name":{"x-feature":"FF_ADP_RANDOM_NONCE_PROTECTION_POLICY","type":"string","description":"Name of the column field that will hold the random nonce value.This property will only be applicable if the protection policy is configured with external random nonce."}}}]},"BDTColumnConfigurationsCreate":{"type":"object","properties":{"source_column_name":{"type":"string","description":"Name of the column on which transformation would be performed."},"operation":{"type":"string","description":"Action to be performed on a column. Supported operations are protect, reveal, reprotect."},"protection_policy":{"type":"string","description":"Protection policy used for transformation."},"version_header_column":{"type":"string","description":"Name of the column field that will hold the version header bytes.This property will only be applicable if the protection policy is configured with external versioning."},"target_column_name":{"type":"string","description":"Name of the column where output of the transformed column will be stored."},"source_column_action":{"type":"string","description":"Allows user to choose the following action on source_column_name when target_column_name is specified. Supported actions are preserve, empty and remove."},"target_column_length":{"type":"integer","description":"Length of the target_Column_name. This parameter is only required when destination type is FIXED_LENGTH_FILE."},"nonce_column_name":{"x-feature":"FF_ADP_RANDOM_NONCE_PROTECTION_POLICY","type":"string","description":"Name of the column field that will hold the random nonce value.This property will only be applicable if the protection policy is configured with external random nonce."}}},"RunJobRequest":{"type":"object","required":["client_profile_id"],"properties":{"client_profile_id":{"type":"string","description":"The ID of the client profile whose client will be used to run the Job."}}},"RunJobResponse":{"allOf":[{"type":"object","properties":{"job_status_id":{"type":"string","description":"Job Status ID."}}}]},"UpdateJobRequest":{"allOf":[{"type":"object","properties":{"operation":{"type":"string","description":"Specify operation to perform on job. Valid values - Stop."}}}]},"JobStatus":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"job_configuration_id":{"type":"string","description":"Specify the ID of Job Configuration to run."},"client_profile_id":{"type":"string","description":"Specify the ID of the client profile whose client will be used to execute the Job."},"client_id":{"type":"string","description":"Specify the ID of the client which is executing the job."},"operation":{"type":"string","description":"Specify the operation to be performed by the client."},"status":{"type":"string","description":"Status of the running job."},"type":{"type":"string","description":"Type of the Job."},"meta":{"type":"object","description":"Meta information of the Job."}}}]},"Resource2":{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},"DpgXdbcPolicy":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"version":{"type":"integer"},"name":{"type":"string","description":"DPG for xDBC policy name."},"description":{"type":"string","description":"DPG for xDBC policy description."},"database_details":{"type":"object","allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Name of the database."},"type":{"type":"string","description":"Type of the database."},"connection_url":{"type":"string","description":"The connection_url consists of the database IP and port."},"driver_class":{"type":"string","description":"The driver_class to be used for connecting to the database."},"case_sensitive":{"type":"boolean","description":"Determines whether the table name is case_sensitive."}}}]},"tables":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"name of the table."},"schema":{"type":"string","description":"schema name of the table."},"columns":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name of the column."},"protection_policy":{"type":"string","description":"Name of the protection policy."},"version_header_column":{"type":"string","description":"Name of the column that holds version header details."}}}]}}}}]}}}}]},"DpgXdbcDatabaseDetails":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Name of the database."},"type":{"type":"string","description":"Type of the database."},"connection_url":{"type":"string","description":"The connection_url consists of the database IP and port."},"driver_class":{"type":"string","description":"The driver_class to be used for connecting to the database."},"case_sensitive":{"type":"boolean","description":"Determines whether the table name is case_sensitive."}}}]},"DpgXdbcTable":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"name of the table."},"schema":{"type":"string","description":"schema name of the table."},"columns":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name of the column."},"protection_policy":{"type":"string","description":"Name of the protection policy."},"version_header_column":{"type":"string","description":"Name of the column that holds version header details."}}}]}}}}]},"DpgXdbcColumn":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name of the column."},"protection_policy":{"type":"string","description":"Name of the protection policy."},"version_header_column":{"type":"string","description":"Name of the column that holds version header details."}}}]},"DpgXdbcPolicyCreate":{"title":"Create","type":"object","required":["name","database_details"],"properties":{"name":{"type":"string","description":"Name of DPG for xDBC policy."},"description":{"type":"string","description":"Description of DPG for xDBC policy."},"database_details":{"type":"object","required":["name","type","connection_url","driver_class"],"properties":{"name":{"type":"string","description":"Name of the database."},"type":{"type":"string","description":"Type of the database.\nOptions.\n- Oracle\n- MySql\n- MsSql\n- Db2\n- Postgres\n"},"connection_url":{"type":"string","description":"The connection_url consists of the database IP and port."},"driver_class":{"type":"string","description":"The driver_class to be used for connecting to the database."},"case_sensitive":{"type":"boolean","description":"Determines whether the table name is case_sensitive."}}},"tables":{"type":"array","items":{"type":"object","required":["name","schema"],"properties":{"name":{"type":"string","description":"Name of the table."},"schema":{"type":"string","description":"Name of the schema."},"columns":{"type":"array","items":{"type":"object","required":["name","protection_policy"],"properties":{"name":{"type":"string","description":"Name of the column."},"protection_policy":{"type":"string","description":"Name of the protection policy."},"version_header_column":{"type":"string","description":"Name of the column that holds version header details."}}}}}}}}},"DpgXdbcPolicyUpdate":{"type":"object","properties":{"name":{"type":"string","description":"Name of DPG for xDBC policy."},"description":{"type":"string","description":"Description of DPG for xDBC policy."},"database_details":{"type":"object","required":["name","type","connection_url","driver_class"],"properties":{"name":{"type":"string","description":"Name of the database."},"type":{"type":"string","description":"Type of the database.\nOptions.\n- Oracle\n- MySql\n- MsSql\n- Db2\n- Postgres\n"},"connection_url":{"type":"string","description":"The connection_url consists of the database IP and port."},"driver_class":{"type":"string","description":"The driver_class to be used for connecting to the database."},"case_sensitive":{"type":"boolean","description":"Determines whether the table name is case_sensitive."}}},"tables":{"type":"array","items":{"type":"object","required":["name","schema"],"properties":{"name":{"type":"string","description":"Name of the table."},"schema":{"type":"string","description":"Name of the schema."},"columns":{"type":"array","items":{"type":"object","required":["name","protection_policy"],"properties":{"name":{"type":"string","description":"Name of the column."},"protection_policy":{"type":"string","description":"Name of the protection policy."},"version_header_column":{"type":"string","description":"Name of the column that holds version header details."}}}}}}}}},"DpgXdbcDatabaseDetailsCreate":{"type":"object","required":["name","type","connection_url","driver_class"],"properties":{"name":{"type":"string","description":"Name of the database."},"type":{"type":"string","description":"Type of the database.\nOptions.\n- Oracle\n- MySql\n- MsSql\n- Db2\n- Postgres\n"},"connection_url":{"type":"string","description":"The connection_url consists of the database IP and port."},"driver_class":{"type":"string","description":"The driver_class to be used for connecting to the database."},"case_sensitive":{"type":"boolean","description":"Determines whether the table name is case_sensitive."}}},"DpgXdbcTableCreate":{"type":"object","required":["name","schema"],"properties":{"name":{"type":"string","description":"Name of the table."},"schema":{"type":"string","description":"Name of the schema."},"columns":{"type":"array","items":{"type":"object","required":["name","protection_policy"],"properties":{"name":{"type":"string","description":"Name of the column."},"protection_policy":{"type":"string","description":"Name of the protection policy."},"version_header_column":{"type":"string","description":"Name of the column that holds version header details."}}}}}},"DpgXdbcColumnCreate":{"type":"object","required":["name","protection_policy"],"properties":{"name":{"type":"string","description":"Name of the column."},"protection_policy":{"type":"string","description":"Name of the protection policy."},"version_header_column":{"type":"string","description":"Name of the column that holds version header details."}}},"ClientsCount":{"properties":{"total":{"type":"integer"},"healthy":{"type":"integer"},"warning":{"type":"integer"},"error":{"type":"integer"},"revoked":{"type":"integer"}}},"ClientProfilesCount":{"properties":{"total":{"type":"integer"},"healthy":{"type":"integer"},"warning":{"type":"integer"},"error":{"type":"integer"}}},"GetUpdates":{"properties":{"protection_policies_details":{"type":"object","properties":{"protection_policies":{"type":"array","items":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection policy name."},"description":{"type":"string","description":"The description of protection policy."},"version":{"type":"integer","description":"The version of the protection policy."},"latest_version":{"type":"boolean"},"key":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection policy IV."},"tweak":{"type":"string","description":"Protection policy tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection policy algorithm."},"tag_length":{"x-feature":"FF_ADP_GCM_PROTECTION_POLICY","type":"integer","description":"Tag length required for AES/GCM algorithm. Valid values are 32 - 128 in multiples of 8, i.e 32,40,48,56, ... 128"},"aad":{"x-feature":"FF_ADP_GCM_PROTECTION_POLICY","type":"string","description":"Additional authenticated data for AES/GCM algorithm. This is an optional field"},"random_nonce":{"x-feature":"FF_ADP_RANDOM_NONCE_PROTECTION_POLICY","type":"string","description":"parameter to enable the random nonce. The random nonce parameter can be: internal or external\nFor AES algorithms (AES/CBC, AES/GCM), an IV is not required as it will be generated randomly. \n{{FF_ADP_FPE_RANDOM_NONCE_PROTECTION_POLICY| For FPE algorithms (FPE/AES, FPE/FF1v2, FPE/FF3, FPE/FF3-1), a tweak is not required as it will be generated randomly.}}\n{{FF_ADP_IRREVERSIBLE_PROTECTION_POLICY| Irreversible Token can not be set to true if Random Nonce is selected.}}\n"},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"id":{"type":"string","description":"The unique identifier of the resource"},"name":{"type":"string","description":"Character Set name."},"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string","description":"Character Set encoding."}}}]}}},"masking_format_id":{"type":"string"},"masking_format":{"type":"object","properties":{"schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Masking format name."},"starting_characters":{"type":"integer","description":"Number of starting characters."},"ending_characters":{"type":"integer","description":"Number of ending characters."},"mask_char":{"type":"string","description":"Masking character"},"show":{"type":"boolean","description":"Flag for show/hide type dynamic masking format."},"static":{"type":"boolean","description":"Flag for static/dynamic masking format."},"predefined":{"type":"boolean","description":"Whether it is a predefined masking format."},"description":{"type":"string","description":"The description of masking-format."}}}]}}},"use_external_versioning":{"type":"boolean","description":"If set to true, external versioning is enabled for the protection policy. The version details are stored in a separate external parameter. The default value is false."},"disable_versioning":{"type":"boolean","description":"If set to true, versioning is not maintained for the protection policies. The default value is false."},"access_policy_name":{"type":"string","description":"Access Policy associated with the protection policy."},"prefix":{"type":"string","description":"A static string to be added to the tokens. Maximum value of prefix can be 7."},"data_format":{"type":"string","description":"The format in which the data to be protected will be provided.\nOptions:\n- luhn\n"},"allow_small_input":{"x-feature":"FF_ADP_ALLOW_SMALL_INPUT","type":"boolean","description":"Allow small input in protection policy. This parameter is only supported for FPE and RANDOM2 algorithms. By default, its value is true."},"irreversible_token":{"x-feature":"FF_ADP_IRREVERSIBLE_PROTECTION_POLICY","type":"boolean","description":"This parameter generates ciphertext that cannot be reversed. By default, its value is set to false. IV is not supported with AES algorithms, Tweak is not supported with FPE algorithms and Random Nonce can not be set to true when Irreversible Token is set to true."}}}]}},"count_mismatch":{"type":"boolean"}}},"access_policies_details":{"type":"object","properties":{"access_policies":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"Access Policy name."},"default_reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"default_error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'."},"default_masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."},"description":{"type":"string","description":"Description of the Access Policy"},"user_set_policy":{"type":"array","description":"List of policies to be added to the access policy.","items":{"type":"object","properties":{"user_set_id":{"type":"string","description":"User set to which the policy is applied."},"reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'.\n"},"masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."}}}}}}},"count_mismatch":{"type":"boolean"}}},"user_sets_details":{"type":"object","properties":{"user_sets":{"type":"array","items":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"User set name."},"description":{"type":"string","description":"Description of the User Set"},"users":{"type":"array","items":{"type":"string"},"description":"List of users"}}}]}},"count_mismatch":{"type":"boolean"}}}}},"connection_name":{"x-feature":"FF_CC","type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},"cloud_name":{"type":"object","description":"Name of cloud.","properties":{"cloud_name":{"type":"string","description":"Name of the cloud. The cloud name depends on the cloud provider.\n"}}},"service_name":{"type":"object","description":"Name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network).","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},"category":{"x-feature":"FF_CC","type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},"connection_url":{"x-feature":"FF_CC","type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},"labels":{"type":"object","properties":{"labels":{"x-feature":"FF_CM_CONNECTIONS_FAM","type":"object","description":"Labels are key/value pairs used to group resources. They are based on Kubernetes Labels, see https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/.\n\nTo add a label, set the label's value as follows.\n```\n \"labels\": {\n \"key1\": \"value1\",\n \"key2\": \"value2\"\n }\n```\nTo remove a key/value pair, pass value null to the particular key\n```\n \"labels\": {\n \"key1\": null\n }\n```\n"}}},"create_connection_request_common":{"x-feature":"FF_CC","type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cte\" for:\n - CC\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},"update_connection_request_common":{"x-feature":"FF_CC","type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cte\" for:\n - CC\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},"connection_response_common":{"x-feature":"FF_CC","type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"x-feature":"FF_CC","type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"x-feature":"FF_CC","type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"x-feature":"FF_CC","type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"x-feature":"FF_CC","type":"object","description":"This is the full path to the base URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the base URL associated with the connection."}}},{"x-feature":"FF_CC","type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cte\" for:\n - CC\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"x-feature":"FF_CC","type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"x-feature":"FF_CC","type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"x-feature":"FF_CC","type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},"connection_test_common":{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}},"last_connection_ok":{"x-feature":"FF_CC","type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},"last_connection_error":{"x-feature":"FF_CC","type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},"last_connection_at":{"x-feature":"FF_CC","type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"},"aws_is_role_anywhere_param":{"type":"object","description":"Parameter required to set is_role_anywhere.","properties":{"is_role_anywhere":{"type":"boolean","description":"Set the parameter to true to create connections of type AWS IAM Anywhere with temporary credentials."}}},"aws_connection_credentials":{"type":"object","description":"Sensitive parameters specific to an AWS connection.","properties":{"secret_access_key":{"type":"string","description":"Secret associated with the access key ID of the AWS user."}}},"aws_connection_params":{"type":"object","description":"Non-sensitive parameters specific to an AWS connection.","properties":{"access_key_id":{"type":"string","description":"Key ID of the AWS user."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["aws (default)","aws-us-gov","aws-cn"]},"assume_role_arn":{"type":"string","description":"AWS IAM role ARN"},"assume_role_external_id":{"type":"string","description":"Specify AWS Role external ID."}}},"aws_anywhere_connection_params":{"type":"object","description":"Parameters required for AWS Anywhere connections.","properties":{"iam_role_anywhere":{"type":"object","required":["trust_anchor_arn","profile_arn","certificate","anywhere_role_arn"],"properties":{"trust_anchor_arn":{"type":"string","description":"Specify AWS IAM Anywhere Trust Anchor ARN."},"profile_arn":{"type":"string","description":"Specify AWS IAM Anywhere Profile ARN."},"anywhere_role_arn":{"type":"string","description":"Specify AWS IAM Anywhere Role ARN."},"certificate":{"type":"string","description":"Upload the external certificate for AWS IAM Anywhere Cloud connections. This option is used when \"role_anywhere\" is set to \"true\".\n"},"private_key":{"type":"string","description":"The private key associated with the certificate.\n"}}}}},"aws_sts_endpoints_params":{"type":"object","description":"information regarding AWS STS Endpoints","properties":{"aws_sts_regional_endpoints":{"type":"string","description":"By default, AWS Security Token Service (AWS STS) is available as a global service, and all AWS STS requests\ngo to a single endpoint at https://sts.amazonaws.com. Global requests map to the US East (N. Virginia) Region.\nAWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency,\nbuild in redundancy, and increase session token validity.\nvalid values are:\n- legacy (default): Uses the global AWS STS endpoint, sts.amazonaws.com\n- regional: The SDK or tool always uses the AWS STS endpoint for the currently configured Region.\n\nTo know more about AWS STS please go through the following link \nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html\n"},"aws_region":{"type":"string","description":"AWS region. only used when aws_sts_regional_endpoints is equal to regional otherwise, it takes default values\naccording to Cloud Name given. Default values are:\n- for aws, default region will be \"us-east-1\"\n- for aws-us-gov, default region will be \"us-gov-east-1\"\n- for aws-cn, default region will be \"cn-north-1\" \n"}}},"aws_create_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an AWS connection.","properties":{"secret_access_key":{"type":"string","description":"Secret associated with the access key ID of the AWS user."}}},{"type":"object","description":"Non-sensitive parameters specific to an AWS connection.","properties":{"access_key_id":{"type":"string","description":"Key ID of the AWS user."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["aws (default)","aws-us-gov","aws-cn"]},"assume_role_arn":{"type":"string","description":"AWS IAM role ARN"},"assume_role_external_id":{"type":"string","description":"Specify AWS Role external ID."}}},{"type":"object","description":"information regarding AWS STS Endpoints","properties":{"aws_sts_regional_endpoints":{"type":"string","description":"By default, AWS Security Token Service (AWS STS) is available as a global service, and all AWS STS requests\ngo to a single endpoint at https://sts.amazonaws.com. Global requests map to the US East (N. Virginia) Region.\nAWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency,\nbuild in redundancy, and increase session token validity.\nvalid values are:\n- legacy (default): Uses the global AWS STS endpoint, sts.amazonaws.com\n- regional: The SDK or tool always uses the AWS STS endpoint for the currently configured Region.\n\nTo know more about AWS STS please go through the following link \nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html\n"},"aws_region":{"type":"string","description":"AWS region. only used when aws_sts_regional_endpoints is equal to regional otherwise, it takes default values\naccording to Cloud Name given. Default values are:\n- for aws, default region will be \"us-east-1\"\n- for aws-us-gov, default region will be \"us-gov-east-1\"\n- for aws-cn, default region will be \"cn-north-1\" \n"}}},{"type":"object","description":"Parameters required for AWS Anywhere connections.","properties":{"iam_role_anywhere":{"type":"object","required":["trust_anchor_arn","profile_arn","certificate","anywhere_role_arn"],"properties":{"trust_anchor_arn":{"type":"string","description":"Specify AWS IAM Anywhere Trust Anchor ARN."},"profile_arn":{"type":"string","description":"Specify AWS IAM Anywhere Profile ARN."},"anywhere_role_arn":{"type":"string","description":"Specify AWS IAM Anywhere Role ARN."},"certificate":{"type":"string","description":"Upload the external certificate for AWS IAM Anywhere Cloud connections. This option is used when \"role_anywhere\" is set to \"true\".\n"},"private_key":{"type":"string","description":"The private key associated with the certificate.\n"}}}}},{"type":"object","description":"Parameter required to set is_role_anywhere.","properties":{"is_role_anywhere":{"type":"boolean","description":"Set the parameter to true to create connections of type AWS IAM Anywhere with temporary credentials."}}}]},"aws_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an AWS connection.","properties":{"secret_access_key":{"type":"string","description":"Secret associated with the access key ID of the AWS user."}}},{"type":"object","description":"Non-sensitive parameters specific to an AWS connection.","properties":{"access_key_id":{"type":"string","description":"Key ID of the AWS user."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["aws (default)","aws-us-gov","aws-cn"]},"assume_role_arn":{"type":"string","description":"AWS IAM role ARN"},"assume_role_external_id":{"type":"string","description":"Specify AWS Role external ID."}}},{"type":"object","description":"information regarding AWS STS Endpoints","properties":{"aws_sts_regional_endpoints":{"type":"string","description":"By default, AWS Security Token Service (AWS STS) is available as a global service, and all AWS STS requests\ngo to a single endpoint at https://sts.amazonaws.com. Global requests map to the US East (N. Virginia) Region.\nAWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency,\nbuild in redundancy, and increase session token validity.\nvalid values are:\n- legacy (default): Uses the global AWS STS endpoint, sts.amazonaws.com\n- regional: The SDK or tool always uses the AWS STS endpoint for the currently configured Region.\n\nTo know more about AWS STS please go through the following link \nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html\n"},"aws_region":{"type":"string","description":"AWS region. only used when aws_sts_regional_endpoints is equal to regional otherwise, it takes default values\naccording to Cloud Name given. Default values are:\n- for aws, default region will be \"us-east-1\"\n- for aws-us-gov, default region will be \"us-gov-east-1\"\n- for aws-cn, default region will be \"cn-north-1\" \n"}}},{"type":"object","description":"Parameters required for AWS Anywhere connections.","properties":{"iam_role_anywhere":{"type":"object","required":["trust_anchor_arn","profile_arn","certificate","anywhere_role_arn"],"properties":{"trust_anchor_arn":{"type":"string","description":"Specify AWS IAM Anywhere Trust Anchor ARN."},"profile_arn":{"type":"string","description":"Specify AWS IAM Anywhere Profile ARN."},"anywhere_role_arn":{"type":"string","description":"Specify AWS IAM Anywhere Role ARN."},"certificate":{"type":"string","description":"Upload the external certificate for AWS IAM Anywhere Cloud connections. This option is used when \"role_anywhere\" is set to \"true\".\n"},"private_key":{"type":"string","description":"The private key associated with the certificate.\n"}}}}}]},"azure_connection_credentials":{"type":"object","description":"Sensitive parameters specific to an Azure connection.","properties":{"client_secret":{"type":"string","description":"Secret key for the Azure application. Required in Azure Stack connection.\n"}}},"azure_connection_non_test_params":{"properties":{"is_certificate_used":{"type":"boolean","description":"User has the option to choose the Certificate Authentication method instead of Client Secret for Azure Cloud connection. In order to use the Certificate, set it to true. Once the connection is created, in the response user will get a certificate.\nBy default, the certificate is valid for 2 Years. User can update the certificate in the existing connection by setting it to true in Update (PATCH) API call.\n"},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret.User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours. \n"},"cert_duration":{"type":"integer","description":"Duration in days for which the azure certificate is valid, default (730 i.e. 2 Years)."},"external_certificate_used":{"type":"boolean","description":"true if the certificate associated with the connection is generated externally, false otherwise."},"vault_resource_url":{"type":"string","description":"Azure stack vault service resource URL"},"key_vault_dns_suffix":{"type":"string","description":"Azure stack key vault dns suffix"},"resource_manager_url":{"type":"string","description":"Azure stack resource manager URL."}}},"azure_connection_params":{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID) for the Azure application."},"tenant_id":{"type":"string","description":"Tenant ID of the Azure application."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["AzureCloud","AzureChinaCloud","AzureUSGovernment","AzureStack"]},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096.\t\n"},"active_directory_endpoint":{"type":"string","description":"Azure stack active directory authority URL"},"management_url":{"type":"string","description":"Azure stack management URL"},"azure_stack_server_cert":{"type":"string","description":"Azure stack server certificate"},"azure_stack_connection_type":{"type":"string","description":"Azure stack connection type","enum":["AAD","ADFS"]}}},"azure_create_connection_params":{"type":"object","required":["client_id","tenant_id"],"allOf":[{"type":"object","description":"Sensitive parameters specific to an Azure connection.","properties":{"client_secret":{"type":"string","description":"Secret key for the Azure application. Required in Azure Stack connection.\n"}}},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID) for the Azure application."},"tenant_id":{"type":"string","description":"Tenant ID of the Azure application."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["AzureCloud","AzureChinaCloud","AzureUSGovernment","AzureStack"]},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096.\t\n"},"active_directory_endpoint":{"type":"string","description":"Azure stack active directory authority URL"},"management_url":{"type":"string","description":"Azure stack management URL"},"azure_stack_server_cert":{"type":"string","description":"Azure stack server certificate"},"azure_stack_connection_type":{"type":"string","description":"Azure stack connection type","enum":["AAD","ADFS"]}}},{"properties":{"is_certificate_used":{"type":"boolean","description":"User has the option to choose the Certificate Authentication method instead of Client Secret for Azure Cloud connection. In order to use the Certificate, set it to true. Once the connection is created, in the response user will get a certificate.\nBy default, the certificate is valid for 2 Years. User can update the certificate in the existing connection by setting it to true in Update (PATCH) API call.\n"},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret.User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours. \n"},"cert_duration":{"type":"integer","description":"Duration in days for which the azure certificate is valid, default (730 i.e. 2 Years)."},"external_certificate_used":{"type":"boolean","description":"true if the certificate associated with the connection is generated externally, false otherwise."},"vault_resource_url":{"type":"string","description":"Azure stack vault service resource URL"},"key_vault_dns_suffix":{"type":"string","description":"Azure stack key vault dns suffix"},"resource_manager_url":{"type":"string","description":"Azure stack resource manager URL."}}}]},"azure_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an Azure connection.","properties":{"client_secret":{"type":"string","description":"Secret key for the Azure application. Required in Azure Stack connection.\n"}}},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID) for the Azure application."},"tenant_id":{"type":"string","description":"Tenant ID of the Azure application."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["AzureCloud","AzureChinaCloud","AzureUSGovernment","AzureStack"]},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096.\t\n"},"active_directory_endpoint":{"type":"string","description":"Azure stack active directory authority URL"},"management_url":{"type":"string","description":"Azure stack management URL"},"azure_stack_server_cert":{"type":"string","description":"Azure stack server certificate"},"azure_stack_connection_type":{"type":"string","description":"Azure stack connection type","enum":["AAD","ADFS"]}}},{"properties":{"is_certificate_used":{"type":"boolean","description":"User has the option to choose the Certificate Authentication method instead of Client Secret for Azure Cloud connection. In order to use the Certificate, set it to true. Once the connection is created, in the response user will get a certificate.\nBy default, the certificate is valid for 2 Years. User can update the certificate in the existing connection by setting it to true in Update (PATCH) API call.\n"},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret.User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours. \n"},"cert_duration":{"type":"integer","description":"Duration in days for which the azure certificate is valid, default (730 i.e. 2 Years)."},"external_certificate_used":{"type":"boolean","description":"true if the certificate associated with the connection is generated externally, false otherwise."},"vault_resource_url":{"type":"string","description":"Azure stack vault service resource URL"},"key_vault_dns_suffix":{"type":"string","description":"Azure stack key vault dns suffix"},"resource_manager_url":{"type":"string","description":"Azure stack resource manager URL."}}}]},"gcp_connection_params":{"type":"object","description":"Non-sensitive parameters specific to an GCP connection.","properties":{"cloud_name":{"type":"string","description":"Name of the cloud. Default value is gcp.\n","enum":["gcp"]}}},"gcp_connection_key_params":{"type":"object","description":"Parameters to uniquely identify private key and user email.","properties":{"client_email":{"type":"string","description":"Client email ID."},"private_key_id":{"type":"string","description":"Private key ID is a unique ID corresponding to a private key."}}},"gcp_connection_response_params":{"type":"object","allOf":[{"type":"object","description":"Non-sensitive parameters specific to an GCP connection.","properties":{"cloud_name":{"type":"string","description":"Name of the cloud. Default value is gcp.\n","enum":["gcp"]}}},{"type":"object","description":"Parameters to uniquely identify private key and user email.","properties":{"client_email":{"type":"string","description":"Client email ID."},"private_key_id":{"type":"string","description":"Private key ID is a unique ID corresponding to a private key."}}}]},"gcp_connection_credentials":{"type":"object","description":"Sensitive parameters specific to a GCP connection.","properties":{"key_file":{"type":"string","description":"The contents of private key file of a GCP service account."}}},"gcp_create_connection_params":{"type":"object","required":["key_file"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a GCP connection.","properties":{"key_file":{"type":"string","description":"The contents of private key file of a GCP service account."}}},{"type":"object","description":"Non-sensitive parameters specific to an GCP connection.","properties":{"cloud_name":{"type":"string","description":"Name of the cloud. Default value is gcp.\n","enum":["gcp"]}}}]},"gcp_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a GCP connection.","properties":{"key_file":{"type":"string","description":"The contents of private key file of a GCP service account."}}},{"type":"object","description":"Non-sensitive parameters specific to an GCP connection.","properties":{"cloud_name":{"type":"string","description":"Name of the cloud. Default value is gcp.\n","enum":["gcp"]}}}]},"salesforce_mtls_params":{"type":"object","description":"Sensitive parameters specific to a Salesforce connection.","properties":{"enable_mutual_tls":{"type":"boolean","description":"Setting it to true will enforce SSL or TLS mutual authentication for Salesforce API calls. \nDefault is false.\n"},"tls_client_certificate_with_private_key":{"type":"string","description":"TLS client certificate along with private key to be used as client side certificate\nto support Salesforce Mutual Authentication Certificate option. Provide certificate chain as a single \nPEM-encoded CA-signed certificate representing the concatenated chain of certificates. \nThe uploaded certificate chain must include the intermediate certificates and private key.\nCertificate order should be client certificate and then add its signing certificate, intermediate certificates\nif any followed by private key of Client certificate. If Private key is encrypted then specify \npassword/passphrase used to encrypt Private key in tls_client_private_key_password param.\n"},"tls_client_private_key_password":{"type":"string","description":"Password/passphrase for TLS Client Private key. Provide value if private key is encrypted with\npassword/passphrase.\n"}}},"salesforce_connection_credentials":{"type":"object","description":"Sensitive parameters specific to a Salesforce connection.","properties":{"password":{"type":"string","description":"Password for the Salesforce account. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication or when using domain name.\n“Allow OAuth Username-Password Flows” must be enabled under \nSetup -> Settings -> Identity -> OAuth and OpenID Connect Settings \nin your salesforce account to use password for authentication.\n"},"client_secret":{"type":"string","description":"Consumer Secret for the Salesforce application. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication.\n"},"tls_client_private_key_password":{"type":"string","description":"Password/passphrase for TLS Client Private key. Provide value if private key is encrypted with\npassword/passphrase.\n"}}},"salesforce_common_connection_params":{"type":"object","properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID/consumer key) for the Salesforce Application."},"username":{"type":"string","description":"Username of the Salesforce account. Not required when using domain name."},"cloud_name":{"type":"string","description":"Name or Type of the Salesforce cloud. Supported cloud options are listed below:\n","enum":["Salesforce Sandbox Cloud","Salesforce Cloud"]},"domain_name":{"type":"string","description":"The domain_name represents My Domain that could be found in your salesforce account. This My Domain acts\nas a subdomain in framing URL https://MyDomain.my.salesforce.com which is eventually used to establish a \nconnection to salesforce account. The client_credentials grant uses this URL to make a request when \nusernmame and password are not provided.\nYou can refer to Salesforce documentation in order to learn more about My Domain.\n{{FF_SALESFORCE_HOSTNAME_ENABLED|This parameter cannot be used if hostname is specified.}}\n"},"hostname":{"x-feature":"FF_SALESFORCE_HOSTNAME_ENABLED","type":"string","description":"The hostname of the salesforce instance to connect to. Example: test-site-aesf24.sf-onp-dc-test-02.ml. \nWhen hostname is specified, domain name parameter cannot be used.\n"},"audience":{"x-feature":"FF_SALESFORCE_AUDIENCE_ENABLED","type":"string","description":"The audience identifies the authorization server as an intended audience.\nUse the authorization server’s URL for the audience value for salesforce.com cloud: \nhttps://login.salesforce.com, https://test.salesforce.com\nThis variable is supported with certificate authentication only.\n"}}},"salesforce_connection_certificate_params":{"properties":{"certificate":{"type":"string","description":"Salesforce server certificate."},"certificate_subject":{"type":"string","description":"Subject field of the certificate."},"external_certificate_used":{"type":"boolean","description":"true if the certificate associated with the connection is generated externally, false otherwise."}}},"salesforce_create_certificate_params":{"properties":{"is_certificate_used":{"type":"boolean","description":"User has the option to choose the Certificate Authentication method instead of Client Credentials (password and client_secret)\nAuthentication for Salesforce Cloud connection. In order to use the Certificate, set this field to true.\nOnce the connection is created, in the response user will get a certificate.\n"},"cert_duration":{"type":"integer","description":"Duration in days for which the salesforce server certificate is valid, default (730 i.e. 2 Years)."},"certificate":{"type":"string","description":"User has the option to upload external certificate for Salesforce Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 1024, 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours.\n"}}},"salesforce_update_certificate_params":{"type":"object","description":".","properties":{"regenerate_certificate":{"type":"boolean","description":"To update the certificate, set the regenerate_certificate to true. This will update the certificate, corresponding private key and certificate subject.\n"},"cert_duration":{"type":"integer","description":"Duration in days for which the salesforce server certificate is valid, default (730 i.e. 2 Years)."},"certificate":{"type":"string","description":"User has the option to upload external certificate for Salesforce Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 1024, 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours.\n"}}},"salesforce_create_connection_params":{"type":"object","required":["client_id","cloud_name"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a Salesforce connection.","properties":{"password":{"type":"string","description":"Password for the Salesforce account. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication or when using domain name.\n“Allow OAuth Username-Password Flows” must be enabled under \nSetup -> Settings -> Identity -> OAuth and OpenID Connect Settings \nin your salesforce account to use password for authentication.\n"},"client_secret":{"type":"string","description":"Consumer Secret for the Salesforce application. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication.\n"},"tls_client_private_key_password":{"type":"string","description":"Password/passphrase for TLS Client Private key. Provide value if private key is encrypted with\npassword/passphrase.\n"}}},{"type":"object","properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID/consumer key) for the Salesforce Application."},"username":{"type":"string","description":"Username of the Salesforce account. Not required when using domain name."},"cloud_name":{"type":"string","description":"Name or Type of the Salesforce cloud. Supported cloud options are listed below:\n","enum":["Salesforce Sandbox Cloud","Salesforce Cloud"]},"domain_name":{"type":"string","description":"The domain_name represents My Domain that could be found in your salesforce account. This My Domain acts\nas a subdomain in framing URL https://MyDomain.my.salesforce.com which is eventually used to establish a \nconnection to salesforce account. The client_credentials grant uses this URL to make a request when \nusernmame and password are not provided.\nYou can refer to Salesforce documentation in order to learn more about My Domain.\n{{FF_SALESFORCE_HOSTNAME_ENABLED|This parameter cannot be used if hostname is specified.}}\n"},"hostname":{"x-feature":"FF_SALESFORCE_HOSTNAME_ENABLED","type":"string","description":"The hostname of the salesforce instance to connect to. Example: test-site-aesf24.sf-onp-dc-test-02.ml. \nWhen hostname is specified, domain name parameter cannot be used.\n"},"audience":{"x-feature":"FF_SALESFORCE_AUDIENCE_ENABLED","type":"string","description":"The audience identifies the authorization server as an intended audience.\nUse the authorization server’s URL for the audience value for salesforce.com cloud: \nhttps://login.salesforce.com, https://test.salesforce.com\nThis variable is supported with certificate authentication only.\n"}}},{"type":"object","description":"Sensitive parameters specific to a Salesforce connection.","properties":{"enable_mutual_tls":{"type":"boolean","description":"Setting it to true will enforce SSL or TLS mutual authentication for Salesforce API calls. \nDefault is false.\n"},"tls_client_certificate_with_private_key":{"type":"string","description":"TLS client certificate along with private key to be used as client side certificate\nto support Salesforce Mutual Authentication Certificate option. Provide certificate chain as a single \nPEM-encoded CA-signed certificate representing the concatenated chain of certificates. \nThe uploaded certificate chain must include the intermediate certificates and private key.\nCertificate order should be client certificate and then add its signing certificate, intermediate certificates\nif any followed by private key of Client certificate. If Private key is encrypted then specify \npassword/passphrase used to encrypt Private key in tls_client_private_key_password param.\n"},"tls_client_private_key_password":{"type":"string","description":"Password/passphrase for TLS Client Private key. Provide value if private key is encrypted with\npassword/passphrase.\n"}}}]},"salesforce_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a Salesforce connection.","properties":{"password":{"type":"string","description":"Password for the Salesforce account. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication or when using domain name.\n“Allow OAuth Username-Password Flows” must be enabled under \nSetup -> Settings -> Identity -> OAuth and OpenID Connect Settings \nin your salesforce account to use password for authentication.\n"},"client_secret":{"type":"string","description":"Consumer Secret for the Salesforce application. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication.\n"},"tls_client_private_key_password":{"type":"string","description":"Password/passphrase for TLS Client Private key. Provide value if private key is encrypted with\npassword/passphrase.\n"}}},{"type":"object","properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID/consumer key) for the Salesforce Application."},"username":{"type":"string","description":"Username of the Salesforce account. Not required when using domain name."},"cloud_name":{"type":"string","description":"Name or Type of the Salesforce cloud. Supported cloud options are listed below:\n","enum":["Salesforce Sandbox Cloud","Salesforce Cloud"]},"domain_name":{"type":"string","description":"The domain_name represents My Domain that could be found in your salesforce account. This My Domain acts\nas a subdomain in framing URL https://MyDomain.my.salesforce.com which is eventually used to establish a \nconnection to salesforce account. The client_credentials grant uses this URL to make a request when \nusernmame and password are not provided.\nYou can refer to Salesforce documentation in order to learn more about My Domain.\n{{FF_SALESFORCE_HOSTNAME_ENABLED|This parameter cannot be used if hostname is specified.}}\n"},"hostname":{"x-feature":"FF_SALESFORCE_HOSTNAME_ENABLED","type":"string","description":"The hostname of the salesforce instance to connect to. Example: test-site-aesf24.sf-onp-dc-test-02.ml. \nWhen hostname is specified, domain name parameter cannot be used.\n"},"audience":{"x-feature":"FF_SALESFORCE_AUDIENCE_ENABLED","type":"string","description":"The audience identifies the authorization server as an intended audience.\nUse the authorization server’s URL for the audience value for salesforce.com cloud: \nhttps://login.salesforce.com, https://test.salesforce.com\nThis variable is supported with certificate authentication only.\n"}}},{"type":"object","description":".","properties":{"regenerate_certificate":{"type":"boolean","description":"To update the certificate, set the regenerate_certificate to true. This will update the certificate, corresponding private key and certificate subject.\n"},"cert_duration":{"type":"integer","description":"Duration in days for which the salesforce server certificate is valid, default (730 i.e. 2 Years)."},"certificate":{"type":"string","description":"User has the option to upload external certificate for Salesforce Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 1024, 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours.\n"}}},{"type":"object","description":"Sensitive parameters specific to a Salesforce connection.","properties":{"enable_mutual_tls":{"type":"boolean","description":"Setting it to true will enforce SSL or TLS mutual authentication for Salesforce API calls. \nDefault is false.\n"},"tls_client_certificate_with_private_key":{"type":"string","description":"TLS client certificate along with private key to be used as client side certificate\nto support Salesforce Mutual Authentication Certificate option. Provide certificate chain as a single \nPEM-encoded CA-signed certificate representing the concatenated chain of certificates. \nThe uploaded certificate chain must include the intermediate certificates and private key.\nCertificate order should be client certificate and then add its signing certificate, intermediate certificates\nif any followed by private key of Client certificate. If Private key is encrypted then specify \npassword/passphrase used to encrypt Private key in tls_client_private_key_password param.\n"},"tls_client_private_key_password":{"type":"string","description":"Password/passphrase for TLS Client Private key. Provide value if private key is encrypted with\npassword/passphrase.\n"}}}]},"salesforce_test_connection_params":{"type":"object","required":["client_id","cloud_name"],"properties":{"certificate":{"type":"string","description":"User has the option to upload external certificate for Salesforce Cloud connection.This option cannot be used with option client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 1024, 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours.\n"}},"allOf":[{"type":"object","description":"Sensitive parameters specific to a Salesforce connection.","properties":{"password":{"type":"string","description":"Password for the Salesforce account. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication or when using domain name.\n“Allow OAuth Username-Password Flows” must be enabled under \nSetup -> Settings -> Identity -> OAuth and OpenID Connect Settings \nin your salesforce account to use password for authentication.\n"},"client_secret":{"type":"string","description":"Consumer Secret for the Salesforce application. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication.\n"},"tls_client_private_key_password":{"type":"string","description":"Password/passphrase for TLS Client Private key. Provide value if private key is encrypted with\npassword/passphrase.\n"}}},{"type":"object","properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID/consumer key) for the Salesforce Application."},"username":{"type":"string","description":"Username of the Salesforce account. Not required when using domain name."},"cloud_name":{"type":"string","description":"Name or Type of the Salesforce cloud. Supported cloud options are listed below:\n","enum":["Salesforce Sandbox Cloud","Salesforce Cloud"]},"domain_name":{"type":"string","description":"The domain_name represents My Domain that could be found in your salesforce account. This My Domain acts\nas a subdomain in framing URL https://MyDomain.my.salesforce.com which is eventually used to establish a \nconnection to salesforce account. The client_credentials grant uses this URL to make a request when \nusernmame and password are not provided.\nYou can refer to Salesforce documentation in order to learn more about My Domain.\n{{FF_SALESFORCE_HOSTNAME_ENABLED|This parameter cannot be used if hostname is specified.}}\n"},"hostname":{"x-feature":"FF_SALESFORCE_HOSTNAME_ENABLED","type":"string","description":"The hostname of the salesforce instance to connect to. Example: test-site-aesf24.sf-onp-dc-test-02.ml. \nWhen hostname is specified, domain name parameter cannot be used.\n"},"audience":{"x-feature":"FF_SALESFORCE_AUDIENCE_ENABLED","type":"string","description":"The audience identifies the authorization server as an intended audience.\nUse the authorization server’s URL for the audience value for salesforce.com cloud: \nhttps://login.salesforce.com, https://test.salesforce.com\nThis variable is supported with certificate authentication only.\n"}}}]},"sap_data_custodian_connection_credentials":{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","required":["tenant","user","secret"],"description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"},"secret":{"type":"string","description":"Secret/Password of the user."}}}}},"sap_data_custodian_connection_technical_user_credentials":{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian technical user connection.","properties":{"technical_user_credentials":{"type":"object","required":["api_key","secret"],"description":"Technical User Credentials for SAP Data Custodian connection.","properties":{"api_key":{"type":"string","description":"API key of the technical user."},"secret":{"type":"string","description":"Secret/Password of the technical user."}}}}},"sap_data_custodian_connection_trimmed_credentials":{"type":"object","description":"Non-sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"}}}}},"sap_data_custodian_connection_technical_user_trimmed_credentials":{"type":"object","description":"Non-sensitive parameters specific to a SAP Data Custodian connection.","properties":{"technical_user_credentials":{"type":"object","description":"Technical User Credentials for SAP Data Custodian connection.","properties":{"api_key":{"type":"string","description":"API key of the technical user."}}}}},"sap_data_custodian_connection_update_credentials":{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"},"secret":{"type":"string","description":"Secret/Password of the user."}}}}},"sap_data_custodian_connection_technical_user_update_credentials":{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian Technical User connection.","properties":{"technical_user_credentials":{"type":"object","description":"Technical User Credentials for SAP Data Custodian connection.","properties":{"api_key":{"type":"string","description":"API Key of the technical user."},"secret":{"type":"string","description":"Secret/Password of the technical user."}}}}},"sap_data_custodian_common_connection_params":{"type":"object","properties":{"api_endpoint":{"type":"string","description":"KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it.\nOnly `v2` version of KMS API is supported.\nExample - `https://kms-api-demo.datacustodian.cloud.sap/kms/v2`.\n"}}},"sap_data_custodian_create_connection_params":{"type":"object","required":["api_endpoint"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","required":["tenant","user","secret"],"description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"},"secret":{"type":"string","description":"Secret/Password of the user."}}}}},{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian technical user connection.","properties":{"technical_user_credentials":{"type":"object","required":["api_key","secret"],"description":"Technical User Credentials for SAP Data Custodian connection.","properties":{"api_key":{"type":"string","description":"API key of the technical user."},"secret":{"type":"string","description":"Secret/Password of the technical user."}}}}},{"type":"object","properties":{"api_endpoint":{"type":"string","description":"KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it.\nOnly `v2` version of KMS API is supported.\nExample - `https://kms-api-demo.datacustodian.cloud.sap/kms/v2`.\n"}}}]},"sap_data_custodian_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"},"secret":{"type":"string","description":"Secret/Password of the user."}}}}},{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian Technical User connection.","properties":{"technical_user_credentials":{"type":"object","description":"Technical User Credentials for SAP Data Custodian connection.","properties":{"api_key":{"type":"string","description":"API Key of the technical user."},"secret":{"type":"string","description":"Secret/Password of the technical user."}}}}},{"type":"object","properties":{"api_endpoint":{"type":"string","description":"KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it.\nOnly `v2` version of KMS API is supported.\nExample - `https://kms-api-demo.datacustodian.cloud.sap/kms/v2`.\n"}}}]},"sap_data_custodian_test_connection_params":{"type":"object","required":["api_endpoint"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","required":["tenant","user","secret"],"description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"},"secret":{"type":"string","description":"Secret/Password of the user."}}}}},{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian technical user connection.","properties":{"technical_user_credentials":{"type":"object","required":["api_key","secret"],"description":"Technical User Credentials for SAP Data Custodian connection.","properties":{"api_key":{"type":"string","description":"API key of the technical user."},"secret":{"type":"string","description":"Secret/Password of the technical user."}}}}},{"type":"object","properties":{"api_endpoint":{"type":"string","description":"KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it.\nOnly `v2` version of KMS API is supported.\nExample - `https://kms-api-demo.datacustodian.cloud.sap/kms/v2`.\n"}}}]},"oci_connection_credentials":{"type":"object","description":"Sensitive parameters specific to an OCI connection.","required":["credentials"],"properties":{"credentials":{"type":"object","description":"Credentials of the OCI connection.","required":["key_file"],"properties":{"key_file":{"type":"string","description":"Private key file for OCI connection (PEM format)."},"pass_phrase":{"type":"string","description":"Passphrase of the encrypted key file."}}}}},"oci_connection_trimmed_credentials":{"type":"object","description":"Non-sensitive parameters specific to an OCI connection.","required":["user_ocid","tenancy_ocid","fingerprint","region"],"properties":{"user_ocid":{"type":"string","description":"OCID of the user."},"tenancy_ocid":{"type":"string","description":"OCID of the tenancy."},"fingerprint":{"type":"string","description":"Fingerprint of the public key added to this user."},"region":{"type":"string","description":"An Oracle Cloud Infrastructure region."}}},"oci_connection_update_credentials":{"type":"object","description":"parameters specific to an OCI connection.","properties":{"user_ocid":{"type":"string","description":"OCID of the user."},"tenancy_ocid":{"type":"string","description":"OCID of the tenancy."},"fingerprint":{"type":"string","description":"Fingerprint for the public key that was added to this user."},"region":{"type":"string","description":"An Oracle Cloud Infrastructure region."},"credentials":{"type":"object","description":"Sensitive parameters specific to an OCI connection. Cannot update individual field.","properties":{"key_file":{"type":"string","description":"Private key file for OCI connection(PEM format)."},"pass_phrase":{"type":"string","description":"Passphrase used for the key, if it is encrypted."}}}}},"oci_create_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an OCI connection.","required":["credentials"],"properties":{"credentials":{"type":"object","description":"Credentials of the OCI connection.","required":["key_file"],"properties":{"key_file":{"type":"string","description":"Private key file for OCI connection (PEM format)."},"pass_phrase":{"type":"string","description":"Passphrase of the encrypted key file."}}}}},{"type":"object","description":"Non-sensitive parameters specific to an OCI connection.","required":["user_ocid","tenancy_ocid","fingerprint","region"],"properties":{"user_ocid":{"type":"string","description":"OCID of the user."},"tenancy_ocid":{"type":"string","description":"OCID of the tenancy."},"fingerprint":{"type":"string","description":"Fingerprint of the public key added to this user."},"region":{"type":"string","description":"An Oracle Cloud Infrastructure region."}}}]},"oci_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"parameters specific to an OCI connection.","properties":{"user_ocid":{"type":"string","description":"OCID of the user."},"tenancy_ocid":{"type":"string","description":"OCID of the tenancy."},"fingerprint":{"type":"string","description":"Fingerprint for the public key that was added to this user."},"region":{"type":"string","description":"An Oracle Cloud Infrastructure region."},"credentials":{"type":"object","description":"Sensitive parameters specific to an OCI connection. Cannot update individual field.","properties":{"key_file":{"type":"string","description":"Private key file for OCI connection(PEM format)."},"pass_phrase":{"type":"string","description":"Passphrase used for the key, if it is encrypted."}}}}}]},"oci_test_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an OCI connection.","required":["credentials"],"properties":{"credentials":{"type":"object","description":"Credentials of the OCI connection.","required":["key_file"],"properties":{"key_file":{"type":"string","description":"Private key file for OCI connection (PEM format)."},"pass_phrase":{"type":"string","description":"Passphrase of the encrypted key file."}}}}},{"type":"object","description":"Non-sensitive parameters specific to an OCI connection.","required":["user_ocid","tenancy_ocid","fingerprint","region"],"properties":{"user_ocid":{"type":"string","description":"OCID of the user."},"tenancy_ocid":{"type":"string","description":"OCID of the tenancy."},"fingerprint":{"type":"string","description":"Fingerprint of the public key added to this user."},"region":{"type":"string","description":"An Oracle Cloud Infrastructure region."}}}]},"akeyless_access_key_id":{"x-feature":"FF_AKEYLESS","type":"object","description":"The ID of a key used for accessing the Akeyless server.","properties":{"access_key_id":{"type":"string","description":"The ID of a key used for accessing the Akeyless server."}}},"akeyless_access_key":{"x-feature":"FF_AKEYLESS","type":"object","description":"The key used for accessing the Akeyless server.","properties":{"access_key":{"type":"string","description":"The key used for accessing the Akeyless server."}}},"akeyless_url":{"x-feature":"FF_AKEYLESS_SINGLE_TENANT","type":"object","description":"The URL of the Akeyless server which will be used by the gateway to perform all its cloud operations. This parameter can be used in scenarios where a dedicated single tenant akeyless infrastructure is deployed. If this field is left blank, the default 'https://vault.akeyless.io' endpoint will be used internally by the gateway.","properties":{"akeyless_url":{"type":"string","description":"The URL of the Akeyless server which will be used by the gateway to perform all its cloud operations. This parameter can be used in scenarios where a dedicated single tenant akeyless infrastructure is deployed. If this field is left blank, the default 'https://vault.akeyless.io' endpoint will be used internally by the gateway."}}},"akeyless_connection_params":{"x-feature":"FF_AKEYLESS","type":"object","allOf":[{"x-feature":"FF_AKEYLESS","type":"object","description":"The ID of a key used for accessing the Akeyless server.","properties":{"access_key_id":{"type":"string","description":"The ID of a key used for accessing the Akeyless server."}}},{"x-feature":"FF_AKEYLESS_SINGLE_TENANT","type":"object","description":"The URL of the Akeyless server which will be used by the gateway to perform all its cloud operations. This parameter can be used in scenarios where a dedicated single tenant akeyless infrastructure is deployed. If this field is left blank, the default 'https://vault.akeyless.io' endpoint will be used internally by the gateway.","properties":{"akeyless_url":{"type":"string","description":"The URL of the Akeyless server which will be used by the gateway to perform all its cloud operations. This parameter can be used in scenarios where a dedicated single tenant akeyless infrastructure is deployed. If this field is left blank, the default 'https://vault.akeyless.io' endpoint will be used internally by the gateway."}}}]},"serverDelete":{"description":"Parameters required for deleting an in-use server.","type":"object","properties":{"force":{"type":"boolean","description":"If set to true, the in-use server will be deleted forcefully."}}},"luna_network_hsm_client_info_response":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","required":["hostname","certificate"],"description":"Sensitive parameters specific to a Luna Network HSM Client.","properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Client."},"certificate":{"type":"string","description":"Luna Network HSM Client certificate."}}}]},"luna_network_hsm_server_params":{"type":"object","description":"Sensitive parameters specific to a Luna Network HSM Server.","properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Server. The length of hostname must be less than 50 characters."},"hsm_certificate":{"type":"string","description":"Luna Network HSM Server Certificate."}}},"luna_network_add_hsm_server_params":{"type":"object","required":["hostname","hsm_certificate"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a Luna Network HSM Server.","properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Server. The length of hostname must be less than 50 characters."},"hsm_certificate":{"type":"string","description":"Luna Network HSM Server Certificate."}}}]},"luna_network_hsm_stc_partition_params":{"type":"object","description":"Parameters specific to a Luna Network HSM STC Partition.","properties":{"label":{"type":"string","description":"Label of the Luna Network HSM STC Partition."},"name":{"type":"string","description":"Name of the Luna Network HSM STC Partition."},"serial_number":{"type":"string","description":"Serial Number of Luna Network HSM STC Partition."},"partition_identity":{"type":"string","description":"Contents of Luna Network HSM STC Partition Identity(pid) file in base64 form."}}},"luna_network_add_hsm_stc_partition_params":{"type":"object","required":["name","label","serial_number","partition_identity"],"allOf":[{"type":"object","description":"Parameters specific to a Luna Network HSM STC Partition.","properties":{"label":{"type":"string","description":"Label of the Luna Network HSM STC Partition."},"name":{"type":"string","description":"Name of the Luna Network HSM STC Partition."},"serial_number":{"type":"string","description":"Serial Number of Luna Network HSM STC Partition."},"partition_identity":{"type":"string","description":"Contents of Luna Network HSM STC Partition Identity(pid) file in base64 form."}}}]},"luna_network_hsm_client_params":{"type":"object","required":["hostname","certificate"],"description":"Sensitive parameters specific to a Luna Network HSM Client.","properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Client."},"certificate":{"type":"string","description":"Luna Network HSM Client certificate."}}},"luna_network_connection_credentials":{"properties":{"password":{"type":"string","description":"Password associated with the Partition of the Luna Network HSM."}}},"luna_network_partition_params":{"type":"object","required":["hostname","partition_label","serial_number"],"properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Server."},"partition_label":{"type":"string","description":"Label of the partition on the Luna Network HSM Server."},"serial_number":{"type":"string","description":"Serial number of the partition."}}},"luna_network_connection_params":{"type":"object","required":["partitions"],"properties":{"partitions":{"type":"array","description":"One partition for a Non HA connection or a list for an HA group.","items":{"type":"object","required":["hostname","partition_label","serial_number"],"properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Server."},"partition_label":{"type":"string","description":"Label of the partition on the Luna Network HSM Server."},"serial_number":{"type":"string","description":"Serial number of the partition."}}}}}},"luna_network_connection_ha_param":{"type":"object","properties":{"is_ha_enabled":{"type":"boolean","description":"This flag signifies if it is HighAvailability(HA) Group or not. The default is false."},"key_mgmt_mode":{"x-feature":"FF_LUNA_CONNECTION_KEY_MGMT_MODE","type":"string","description":"The mode is only valid for product CCKM. For handling private keys, individual partition can be configured by using one of the supported modes. \nIt is required that all the partitions should be in the same mode.The key_mgmt_mode parameter is applicable only when is_ha_enabled is set to true.\nIf no value or empty string (\"\") is provided, then a connection will be created without any key_mgmt_mode.\nFor creating partition and handling keys in a specific mode in HSM, please refer HSM Docs as the valid values correspond to key export and clone mode mentioned in HSM Docs.\nValid values are:\n- keyExport:\n - CCKM supports the replication of private asymmetric keys within the partition's HA group\n- clone:\n - all keys/objects in CCKM are replicated automatically within the partition's HA group\n"}}},"luna_network_create_connection_params":{"type":"object","required":["password"],"allOf":[{"type":"object","required":["partitions"],"properties":{"partitions":{"type":"array","description":"One partition for a Non HA connection or a list for an HA group.","items":{"type":"object","required":["hostname","partition_label","serial_number"],"properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Server."},"partition_label":{"type":"string","description":"Label of the partition on the Luna Network HSM Server."},"serial_number":{"type":"string","description":"Serial number of the partition."}}}}}},{"type":"object","properties":{"is_ha_enabled":{"type":"boolean","description":"This flag signifies if it is HighAvailability(HA) Group or not. The default is false."},"key_mgmt_mode":{"x-feature":"FF_LUNA_CONNECTION_KEY_MGMT_MODE","type":"string","description":"The mode is only valid for product CCKM. For handling private keys, individual partition can be configured by using one of the supported modes. \nIt is required that all the partitions should be in the same mode.The key_mgmt_mode parameter is applicable only when is_ha_enabled is set to true.\nIf no value or empty string (\"\") is provided, then a connection will be created without any key_mgmt_mode.\nFor creating partition and handling keys in a specific mode in HSM, please refer HSM Docs as the valid values correspond to key export and clone mode mentioned in HSM Docs.\nValid values are:\n- keyExport:\n - CCKM supports the replication of private asymmetric keys within the partition's HA group\n- clone:\n - all keys/objects in CCKM are replicated automatically within the partition's HA group\n"}}},{"properties":{"password":{"type":"string","description":"Password associated with the Partition of the Luna Network HSM."}}}]},"luna_network_update_connection_params":{"type":"object","allOf":[{"type":"object","properties":{"is_ha_enabled":{"type":"boolean","description":"This flag signifies if it is HighAvailability(HA) Group or not. The default is false."},"key_mgmt_mode":{"x-feature":"FF_LUNA_CONNECTION_KEY_MGMT_MODE","type":"string","description":"The mode is only valid for product CCKM. For handling private keys, individual partition can be configured by using one of the supported modes. \nIt is required that all the partitions should be in the same mode.The key_mgmt_mode parameter is applicable only when is_ha_enabled is set to true.\nIf no value or empty string (\"\") is provided, then a connection will be created without any key_mgmt_mode.\nFor creating partition and handling keys in a specific mode in HSM, please refer HSM Docs as the valid values correspond to key export and clone mode mentioned in HSM Docs.\nValid values are:\n- keyExport:\n - CCKM supports the replication of private asymmetric keys within the partition's HA group\n- clone:\n - all keys/objects in CCKM are replicated automatically within the partition's HA group\n"}}},{"properties":{"password":{"type":"string","description":"Password associated with the Partition of the Luna Network HSM."}}}]},"luna_network_hsm_partitions_info_response":{"type":"object","description":"HSM Partitions specific information","properties":{"operation_status":{"type":"string","description":"Operation status of the Partition"},"operation_error":{"type":"string","description":"Operation error of the Partition"},"label":{"type":"string","description":"Label of the Partition"},"manufacturer_id":{"type":"string","description":"Manufacturer ID of the Partition"},"models":{"type":"string","description":"Model of the Partition"},"flags":{"type":"integer","description":"Flags of the Partition"},"max_session_count":{"type":"integer","description":"Maximum session count of the Partition"},"session_count":{"type":"integer","description":"Session count of the Partition"},"max_rw_session_count":{"type":"integer","description":"Maximum read-write session count of the Partition"},"rw_session_count":{"type":"integer","description":"Read-Write session count of the Partition"},"max_pin_len":{"type":"integer","description":"Maximum pin length of the partition"},"min_pin_len":{"type":"integer","description":"Minimum pin length of the Partition"},"total_public_memory":{"type":"integer","description":"Total public memory of the Partition"},"free_public_memory":{"type":"integer","description":"Available free memory of the Partition"},"total_private_memory":{"type":"integer","description":"Total private memory of the Partition"},"free_private_memory":{"type":"integer","description":"Free private memory of the Partition"},"hardware_version":{"type":"string","description":"Hardware version of the Partition"},"firmware_version":{"type":"string","description":"Firmware version of the Partition"},"ha_enabled":{"type":"boolean","description":"Is partition HA enabled"}}},"dsm_connection_credentials":{"type":"object","description":"Sensitive parameters specific to a DSM connection.","properties":{"password":{"type":"string","description":"Password of DSM server\n"}}},"dsm_connection_params":{"properties":{"username":{"type":"string","description":"Username for accessing DSM server"},"domain_id":{"type":"string","description":"If DSM user is restricted to a domain, provide domain id."}}},"dsm_update_node_params":{"type":"object","description":"Update parameters specific to a DSM node.","allOf":[{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}}]},"dsm_create_node_params":{"type":"object","required":["hostname","server_certificate"],"description":"Create parameters specific to a DSM node.","allOf":[{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}}]},"dsm_node_params":{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}},"dsm_create_nodes_params":{"properties":{"nodes":{"type":"array","items":{"type":"object","required":["hostname","server_certificate"],"description":"Create parameters specific to a DSM node.","allOf":[{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}}]}}}},"dsm_create_connection_params":{"type":"object","required":["username","password","nodes"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a DSM connection.","properties":{"password":{"type":"string","description":"Password of DSM server\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing DSM server"},"domain_id":{"type":"string","description":"If DSM user is restricted to a domain, provide domain id."}}},{"properties":{"nodes":{"type":"array","items":{"type":"object","required":["hostname","server_certificate"],"description":"Create parameters specific to a DSM node.","allOf":[{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}}]}}}}]},"dsm_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a DSM connection.","properties":{"password":{"type":"string","description":"Password of DSM server\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing DSM server"},"domain_id":{"type":"string","description":"If DSM user is restricted to a domain, provide domain id."}}}]},"log_forwarder_common_params":{"type":"object","required":["host","port"],"properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},"log_forwarder_update_common_params":{"type":"object","properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},"elasticsearch_create_connection_params":{"type":"object","properties":{"elasticsearch_params":{"type":"object","properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\nDefault is \"tcp\".\n","enum":["tcp","tls"]}}}}},"elasticsearch_test_connection_params":{"type":"object","required":["elasticsearch_params"],"properties":{"elasticsearch_params":{"type":"object","required":["transport"],"properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\n","enum":["tcp (default)","tls"]}}}}},"loki_create_connection_params":{"type":"object","properties":{"loki_params":{"type":"object","properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\n","enum":["tcp (default)","tls"]}}}}},"loki_test_connection_params":{"type":"object","required":["loki_params"],"properties":{"loki_params":{"type":"object","required":["transport"],"properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\nDefault is \"tcp\".\n","enum":["tcp","tls"]}}}}},"syslog_update_connection_params":{"type":"object","properties":{"syslog_params":{"type":"object","properties":{"message_format":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `rfc3164`\n* `cef`\n* `leef`\n"},"transport":{"type":"string","description":"Transport mode for sending data, supports \"udp\", \"tls\" and \"tcp\".","enum":["tcp","udp","tls"]},"ca_cert":{"type":"string","description":"The trusted CA certificate in the PEM format. Only used in the TLS transport mode."}}}}},"syslog_create_connection_params":{"type":"object","properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"The port to use for the connection. Defaults to 514 for udp, 601 for tcp and 6514 for tls"},"syslog_params":{"type":"object","required":["transport"],"properties":{"message_format":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `rfc3164`\n* `cef`\n* `leef`\n"},"transport":{"type":"string","description":"Transport mode for sending data, supports \"udp\", \"tls\" and \"tcp\".","enum":["tcp","udp","tls"]},"ca_cert":{"type":"string","description":"The trusted CA certificate in the PEM format. Only used in the TLS transport mode."}}}}},"syslog_test_connection_params":{"type":"object","required":["syslog_params"],"properties":{"syslog_params":{"type":"object","required":["transport"],"properties":{"transport":{"type":"string","description":"Test connection for UDP protocol is not supported. Valid values are tcp and tls only","enum":["tcp","tls"]},"ca_cert":{"type":"string","description":"The trusted CA certificate in the PEM format. Only used in the TLS transport mode."}}}}},"smb_connection_credentials":{"type":"object","description":"Sensitive parameters specific to a SMB connection.","properties":{"password":{"type":"string","description":"Password for SMB share.\n"}}},"smb_connection_params":{"properties":{"username":{"type":"string","description":"Username for accessing SMB share."},"domain":{"type":"string","description":"Domain for SMB share."},"host":{"type":"string","description":"Hostname or FQDN of SMB share."},"port":{"type":"string","description":"Port where SMB service runs on host (usually 445)."}}},"smb_share_path":{"type":"object","description":"Path of the SMB share against whom the credentials to test","properties":{"path":{"type":"string","description":"Path of SMB share on the host\n"}}},"smb_create_connection_params":{"type":"object","required":["username","password"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a SMB connection.","properties":{"password":{"type":"string","description":"Password for SMB share.\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing SMB share."},"domain":{"type":"string","description":"Domain for SMB share."},"host":{"type":"string","description":"Hostname or FQDN of SMB share."},"port":{"type":"string","description":"Port where SMB service runs on host (usually 445)."}}}]},"smb_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a SMB connection.","properties":{"password":{"type":"string","description":"Password for SMB share.\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing SMB share."},"domain":{"type":"string","description":"Domain for SMB share."},"host":{"type":"string","description":"Hostname or FQDN of SMB share."},"port":{"type":"string","description":"Port where SMB service runs on host (usually 445)."}}}]},"scp_connection_credentials":{"type":"object","description":"Sensitive parameters specific to a SCP{{FF_SFTP_PROTOCOL|/SFTP}} connection.","properties":{"password":{"type":"string","description":"Password for SCP{{FF_SFTP_PROTOCOL|/SFTP}} server.\n"},"public_key":{"type":"string","description":"Public key of destination host machine. It will be used to verify the host's identity by verifying key fingerprint. You can find it in /etc/ssh/ at host machine.\n"}}},"scp_connection_params":{"properties":{"host":{"type":"string","description":"Hostname or FQDN of SCP{{FF_SFTP_PROTOCOL|/SFTP}} remote machine."},"port":{"type":"integer","description":"Port where SCP{{FF_SFTP_PROTOCOL|/SFTP}} service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP{{FF_SFTP_PROTOCOL|/SFTP server}}."},"auth_method":{"type":"string","description":"Authentication type for SCP{{FF_SFTP_PROTOCOL|/SFTP server}}. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP{{FF_SFTP_PROTOCOL|/SFTP}}. Example \"/home/ubuntu/datafolder/\""},"protocol":{"x-feature":"FF_SFTP_PROTOCOL","type":"string","description":"Use 'sftp' or 'scp'. 'sftp' is the default value"}}},"scp_create_connection_params":{"type":"object","required":["host","username","auth_method","path_to","public_key"],"allOf":[{"properties":{"host":{"type":"string","description":"Hostname or FQDN of SCP{{FF_SFTP_PROTOCOL|/SFTP}} remote machine."},"port":{"type":"integer","description":"Port where SCP{{FF_SFTP_PROTOCOL|/SFTP}} service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP{{FF_SFTP_PROTOCOL|/SFTP server}}."},"auth_method":{"type":"string","description":"Authentication type for SCP{{FF_SFTP_PROTOCOL|/SFTP server}}. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP{{FF_SFTP_PROTOCOL|/SFTP}}. Example \"/home/ubuntu/datafolder/\""},"protocol":{"x-feature":"FF_SFTP_PROTOCOL","type":"string","description":"Use 'sftp' or 'scp'. 'sftp' is the default value"}}},{"type":"object","description":"Sensitive parameters specific to a SCP{{FF_SFTP_PROTOCOL|/SFTP}} connection.","properties":{"password":{"type":"string","description":"Password for SCP{{FF_SFTP_PROTOCOL|/SFTP}} server.\n"},"public_key":{"type":"string","description":"Public key of destination host machine. It will be used to verify the host's identity by verifying key fingerprint. You can find it in /etc/ssh/ at host machine.\n"}}}]},"scp_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a SCP{{FF_SFTP_PROTOCOL|/SFTP}} connection.","properties":{"password":{"type":"string","description":"Password for SCP{{FF_SFTP_PROTOCOL|/SFTP}} server.\n"},"public_key":{"type":"string","description":"Public key of destination host machine. It will be used to verify the host's identity by verifying key fingerprint. You can find it in /etc/ssh/ at host machine.\n"}}},{"properties":{"host":{"type":"string","description":"Hostname or FQDN of SCP{{FF_SFTP_PROTOCOL|/SFTP}} remote machine."},"port":{"type":"integer","description":"Port where SCP{{FF_SFTP_PROTOCOL|/SFTP}} service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP{{FF_SFTP_PROTOCOL|/SFTP server}}."},"auth_method":{"type":"string","description":"Authentication type for SCP{{FF_SFTP_PROTOCOL|/SFTP server}}. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP{{FF_SFTP_PROTOCOL|/SFTP}}. Example \"/home/ubuntu/datafolder/\""},"protocol":{"x-feature":"FF_SFTP_PROTOCOL","type":"string","description":"Use 'sftp' or 'scp'. 'sftp' is the default value"}}}]},"oidc_connection_credentials":{"type":"object","description":"Sensitive parameters specific to an OIDC connection.","required":["client_secret"],"properties":{"client_secret":{"type":"string","description":"Client Secret of the OIDC connection."}}},"oidc_connection_trimmed_credentials":{"type":"object","description":"Non-sensitive parameters specific to an OIDC connection.","required":["client_id","url"],"properties":{"client_id":{"type":"string","description":"clientID for the connection."},"url":{"type":"string","description":"url for the connection."}}},"oidc_connection_update_credentials":{"type":"object","description":"parameters specific to an OIDC connection.","properties":{"url":{"type":"string","description":"url for the connection."},"client_secret":{"type":"string","description":"client secret for the connection."}}},"oidc_connection_response":{"type":"object","description":"Checksum generated from OIDC credentials.","allOf":[{"type":"object","description":"Non-sensitive parameters specific to an OIDC connection.","required":["client_id","url"],"properties":{"client_id":{"type":"string","description":"clientID for the connection."},"url":{"type":"string","description":"url for the connection."}}}],"properties":{"checksum":{"type":"string","description":"A SHA256 checksum value generated from clientSecret and URL. Will get updated if any of these two values change."}}},"oidc_create_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an OIDC connection.","required":["client_secret"],"properties":{"client_secret":{"type":"string","description":"Client Secret of the OIDC connection."}}},{"type":"object","description":"Non-sensitive parameters specific to an OIDC connection.","required":["client_id","url"],"properties":{"client_id":{"type":"string","description":"clientID for the connection."},"url":{"type":"string","description":"url for the connection."}}}]},"oidc_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"parameters specific to an OIDC connection.","properties":{"url":{"type":"string","description":"url for the connection."},"client_secret":{"type":"string","description":"client secret for the connection."}}}]},"ldap_connection_credentials":{"type":"object","description":"Sensitive parameters specific to an LDAP connection.","properties":{"bind_password":{"type":"string","description":"Password for the Bind DN object of the LDAP connection."}}},"ldap_connection_trimmed_credentials":{"type":"object","description":"Non-sensitive parameters specific to an LDAP connection.","required":["server_url"],"properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. Example: uid, dn\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. Example: member, memberUid\nThis value can be left empty to disable group membership support for this connection.\n"},"user_member_field":{"type":"string","description":"Attribute inside user object which contains user membership information, this gives details about group which user is member of. Example: memberOf, gidNumber.\nIn case, when both user_member_field and group_member_field are provided in the LDAP configuration then by default user_member_field will be chosen.\n"},"group_dn_attribute":{"type":"string","description":"Attribute inside the group object which contains the group's distinguished name.\nWhen this property is set, it uses the specified attribute to test for group equality. Example: dn, gidNumber\n\nFor example:\n- if a groups's LDAP entry has \"`cn=ship_crew,ou=people,dc=planetexpress,dc=com`\" and the LDAP configuration has \"`group_dn_attribute`\" set to \"`dn`\", then LDAP user entry must have membership attribute exactly \"`cn=ship_crew,ou=people,dc=planetexpress,dc=com`\", in order for the user to be considered part of group. \n"},"server_maximum_page_size":{"x-feature":"FF_LDAP_MAX_PAGE_AND_EARLY_STOP","type":"integer","description":"This parameter sets the page size which determines the number of users/groups to be fetched from the LDAP server using pagination.\nBy default 'server_maximum_page_size' is set to 1000, and therefore entries are retrieved from LDAP server through pagination. We recommend to ensure that server_maximum_page_size value is equal to LDAP server page size.\nTo unset 'server_maximum_page_size', set its value to 0. Unsetting this parameter will disable the pagination. On disabling the pagination, it is recommended to use hard_limit parameter in the LDAP Browse APIs if there are large number of users/groups on the LDAP server.\n"},"early_listing_stop":{"x-feature":"FF_LDAP_MAX_PAGE_AND_EARLY_STOP","type":"boolean","description":"This parameter helps in enhancing performance of ldap users/groups browsing. When set to false, the entire list of users/groups that are present on the LDAP server is fetched. When the value is set to true, only limited number of users/groups are fetched from the LDAP server considering the \"limit\" specified by the user. To indicate that there are more number of users/groups present on the LDAP server to be fetched by the CM, \"total\" is shown as \"-1\". The default value of \"early_listing_stop\" is false.\nFor example: If an LDAP server has 5000 users in total; and on CipherTrust Manager these params are set, \"server_maximum_page_size\" as 100, skip as 0 and limit as 1000 then number of entries in response will be returned as 1000 and total will be -1. When 'early_listing_stop' is set to false, CM will return correct total number of records which is 5000.\n"}}},"ldap_connection_update_credentials":{"type":"object","description":"parameters specific to an LDAP connection.","properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"bind_password":{"type":"string","description":"Password for the Bind DN object."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. Example: uid, dn\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. Example: member, memberUid\nThis value can be left empty to disable group membership support for this connection.\n"},"user_member_field":{"type":"string","description":"Attribute inside user object which contains user membership information, this gives details about group which user is member of. Example: memberOf, gidNumber.\nIn case, when both user_member_field and group_member_field are provided in the LDAP configuration then by default user_member_field will be chosen.\n"},"group_dn_attribute":{"type":"string","description":"Attribute inside the group object which contains the group's distinguished name.\nWhen this property is set, it uses the specified attribute to test for group equality. Example: dn, gidNumber\n\nFor example:\n- if a groups's LDAP entry has \"`cn=ship_crew,ou=people,dc=planetexpress,dc=com`\" and the LDAP configuration has \"`group_dn_attribute`\" set to \"`dn`\", then LDAP user entry must have membership attribute exactly \"`cn=ship_crew,ou=people,dc=planetexpress,dc=com`\", in order for the user to be considered part of group.\n"},"server_maximum_page_size":{"x-feature":"FF_LDAP_MAX_PAGE_AND_EARLY_STOP","type":"integer","description":"This parameter sets the page size which determines the number of users/groups to be fetched from the LDAP server using pagination.\nWe recommend to ensure that server_maximum_page_size value is equal to LDAP server page size. To unset 'server_maximum_page_size', set its value to 0. \nUnsetting this parameter will disable the pagination. On disabling the pagination, it is recommended to use hard_limit parameter in the LDAP Browse APIs if there are large number of users/groups on the LDAP server.\n"},"early_listing_stop":{"x-feature":"FF_LDAP_MAX_PAGE_AND_EARLY_STOP","type":"boolean","description":"This parameter helps in enhancing performance of ldap users/groups browsing. When set to false, the entire list of users/groups that are present on the LDAP server is fetched. When the value is set to true, only limited number of users/groups are fetched from the LDAP server considering the \"limit\" specified by the user. To indicate that there are more number of users/groups present on the LDAP server to be fetched by the CM, \"total\" is shown as \"-1\". The default value of \"early_listing_stop\" is false.\nFor example: If an LDAP server has 5000 users in total; and on CipherTrust Manager these params are set, \"server_maximum_page_size\" as 100, skip as 0 and limit as 1000 then number of entries in response will be returned as 1000 and total will be -1. When 'early_listing_stop' is set to false, CM will return correct total number of records which is 5000.\n"}}},"ldap_test_connection_credentials":{"type":"object","description":"Sensitive parameters specific to a LDAP test connection.","required":["credentials"],"properties":{"credentials":{"type":"object","description":"User Credentials for testing a LDAP connection.","required":["username","password"],"properties":{"username":{"type":"string","description":"Username to test the connection with."},"password":{"type":"string","description":"Password that authenticates the username."}}}}},"ldap_create_connection_params":{"type":"object","required":["bind_dn","bind_password"],"allOf":[{"type":"object","description":"Sensitive parameters specific to an LDAP connection.","properties":{"bind_password":{"type":"string","description":"Password for the Bind DN object of the LDAP connection."}}},{"type":"object","description":"Non-sensitive parameters specific to an LDAP connection.","required":["server_url"],"properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. Example: uid, dn\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. Example: member, memberUid\nThis value can be left empty to disable group membership support for this connection.\n"},"user_member_field":{"type":"string","description":"Attribute inside user object which contains user membership information, this gives details about group which user is member of. Example: memberOf, gidNumber.\nIn case, when both user_member_field and group_member_field are provided in the LDAP configuration then by default user_member_field will be chosen.\n"},"group_dn_attribute":{"type":"string","description":"Attribute inside the group object which contains the group's distinguished name.\nWhen this property is set, it uses the specified attribute to test for group equality. Example: dn, gidNumber\n\nFor example:\n- if a groups's LDAP entry has \"`cn=ship_crew,ou=people,dc=planetexpress,dc=com`\" and the LDAP configuration has \"`group_dn_attribute`\" set to \"`dn`\", then LDAP user entry must have membership attribute exactly \"`cn=ship_crew,ou=people,dc=planetexpress,dc=com`\", in order for the user to be considered part of group. \n"},"server_maximum_page_size":{"x-feature":"FF_LDAP_MAX_PAGE_AND_EARLY_STOP","type":"integer","description":"This parameter sets the page size which determines the number of users/groups to be fetched from the LDAP server using pagination.\nBy default 'server_maximum_page_size' is set to 1000, and therefore entries are retrieved from LDAP server through pagination. We recommend to ensure that server_maximum_page_size value is equal to LDAP server page size.\nTo unset 'server_maximum_page_size', set its value to 0. Unsetting this parameter will disable the pagination. On disabling the pagination, it is recommended to use hard_limit parameter in the LDAP Browse APIs if there are large number of users/groups on the LDAP server.\n"},"early_listing_stop":{"x-feature":"FF_LDAP_MAX_PAGE_AND_EARLY_STOP","type":"boolean","description":"This parameter helps in enhancing performance of ldap users/groups browsing. When set to false, the entire list of users/groups that are present on the LDAP server is fetched. When the value is set to true, only limited number of users/groups are fetched from the LDAP server considering the \"limit\" specified by the user. To indicate that there are more number of users/groups present on the LDAP server to be fetched by the CM, \"total\" is shown as \"-1\". The default value of \"early_listing_stop\" is false.\nFor example: If an LDAP server has 5000 users in total; and on CipherTrust Manager these params are set, \"server_maximum_page_size\" as 100, skip as 0 and limit as 1000 then number of entries in response will be returned as 1000 and total will be -1. When 'early_listing_stop' is set to false, CM will return correct total number of records which is 5000.\n"}}}]},"ldap_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"parameters specific to an LDAP connection.","properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"bind_password":{"type":"string","description":"Password for the Bind DN object."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. Example: uid, dn\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. Example: member, memberUid\nThis value can be left empty to disable group membership support for this connection.\n"},"user_member_field":{"type":"string","description":"Attribute inside user object which contains user membership information, this gives details about group which user is member of. Example: memberOf, gidNumber.\nIn case, when both user_member_field and group_member_field are provided in the LDAP configuration then by default user_member_field will be chosen.\n"},"group_dn_attribute":{"type":"string","description":"Attribute inside the group object which contains the group's distinguished name.\nWhen this property is set, it uses the specified attribute to test for group equality. Example: dn, gidNumber\n\nFor example:\n- if a groups's LDAP entry has \"`cn=ship_crew,ou=people,dc=planetexpress,dc=com`\" and the LDAP configuration has \"`group_dn_attribute`\" set to \"`dn`\", then LDAP user entry must have membership attribute exactly \"`cn=ship_crew,ou=people,dc=planetexpress,dc=com`\", in order for the user to be considered part of group.\n"},"server_maximum_page_size":{"x-feature":"FF_LDAP_MAX_PAGE_AND_EARLY_STOP","type":"integer","description":"This parameter sets the page size which determines the number of users/groups to be fetched from the LDAP server using pagination.\nWe recommend to ensure that server_maximum_page_size value is equal to LDAP server page size. To unset 'server_maximum_page_size', set its value to 0. \nUnsetting this parameter will disable the pagination. On disabling the pagination, it is recommended to use hard_limit parameter in the LDAP Browse APIs if there are large number of users/groups on the LDAP server.\n"},"early_listing_stop":{"x-feature":"FF_LDAP_MAX_PAGE_AND_EARLY_STOP","type":"boolean","description":"This parameter helps in enhancing performance of ldap users/groups browsing. When set to false, the entire list of users/groups that are present on the LDAP server is fetched. When the value is set to true, only limited number of users/groups are fetched from the LDAP server considering the \"limit\" specified by the user. To indicate that there are more number of users/groups present on the LDAP server to be fetched by the CM, \"total\" is shown as \"-1\". The default value of \"early_listing_stop\" is false.\nFor example: If an LDAP server has 5000 users in total; and on CipherTrust Manager these params are set, \"server_maximum_page_size\" as 100, skip as 0 and limit as 1000 then number of entries in response will be returned as 1000 and total will be -1. When 'early_listing_stop' is set to false, CM will return correct total number of records which is 5000.\n"}}}]},"ldap_connection_response":{"type":"object","allOf":[{"type":"object","description":"Non-sensitive parameters specific to an LDAP connection.","required":["server_url"],"properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. Example: uid, dn\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. Example: member, memberUid\nThis value can be left empty to disable group membership support for this connection.\n"},"user_member_field":{"type":"string","description":"Attribute inside user object which contains user membership information, this gives details about group which user is member of. Example: memberOf, gidNumber.\nIn case, when both user_member_field and group_member_field are provided in the LDAP configuration then by default user_member_field will be chosen.\n"},"group_dn_attribute":{"type":"string","description":"Attribute inside the group object which contains the group's distinguished name.\nWhen this property is set, it uses the specified attribute to test for group equality. Example: dn, gidNumber\n\nFor example:\n- if a groups's LDAP entry has \"`cn=ship_crew,ou=people,dc=planetexpress,dc=com`\" and the LDAP configuration has \"`group_dn_attribute`\" set to \"`dn`\", then LDAP user entry must have membership attribute exactly \"`cn=ship_crew,ou=people,dc=planetexpress,dc=com`\", in order for the user to be considered part of group. \n"},"server_maximum_page_size":{"x-feature":"FF_LDAP_MAX_PAGE_AND_EARLY_STOP","type":"integer","description":"This parameter sets the page size which determines the number of users/groups to be fetched from the LDAP server using pagination.\nBy default 'server_maximum_page_size' is set to 1000, and therefore entries are retrieved from LDAP server through pagination. We recommend to ensure that server_maximum_page_size value is equal to LDAP server page size.\nTo unset 'server_maximum_page_size', set its value to 0. Unsetting this parameter will disable the pagination. On disabling the pagination, it is recommended to use hard_limit parameter in the LDAP Browse APIs if there are large number of users/groups on the LDAP server.\n"},"early_listing_stop":{"x-feature":"FF_LDAP_MAX_PAGE_AND_EARLY_STOP","type":"boolean","description":"This parameter helps in enhancing performance of ldap users/groups browsing. When set to false, the entire list of users/groups that are present on the LDAP server is fetched. When the value is set to true, only limited number of users/groups are fetched from the LDAP server considering the \"limit\" specified by the user. To indicate that there are more number of users/groups present on the LDAP server to be fetched by the CM, \"total\" is shown as \"-1\". The default value of \"early_listing_stop\" is false.\nFor example: If an LDAP server has 5000 users in total; and on CipherTrust Manager these params are set, \"server_maximum_page_size\" as 100, skip as 0 and limit as 1000 then number of entries in response will be returned as 1000 and total will be -1. When 'early_listing_stop' is set to false, CM will return correct total number of records which is 5000.\n"}}}]},"ldap_test_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an LDAP connection.","properties":{"bind_password":{"type":"string","description":"Password for the Bind DN object of the LDAP connection."}}},{"type":"object","description":"Non-sensitive parameters specific to an LDAP connection.","required":["server_url"],"properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. Example: uid, dn\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. Example: member, memberUid\nThis value can be left empty to disable group membership support for this connection.\n"},"user_member_field":{"type":"string","description":"Attribute inside user object which contains user membership information, this gives details about group which user is member of. Example: memberOf, gidNumber.\nIn case, when both user_member_field and group_member_field are provided in the LDAP configuration then by default user_member_field will be chosen.\n"},"group_dn_attribute":{"type":"string","description":"Attribute inside the group object which contains the group's distinguished name.\nWhen this property is set, it uses the specified attribute to test for group equality. Example: dn, gidNumber\n\nFor example:\n- if a groups's LDAP entry has \"`cn=ship_crew,ou=people,dc=planetexpress,dc=com`\" and the LDAP configuration has \"`group_dn_attribute`\" set to \"`dn`\", then LDAP user entry must have membership attribute exactly \"`cn=ship_crew,ou=people,dc=planetexpress,dc=com`\", in order for the user to be considered part of group. \n"},"server_maximum_page_size":{"x-feature":"FF_LDAP_MAX_PAGE_AND_EARLY_STOP","type":"integer","description":"This parameter sets the page size which determines the number of users/groups to be fetched from the LDAP server using pagination.\nBy default 'server_maximum_page_size' is set to 1000, and therefore entries are retrieved from LDAP server through pagination. We recommend to ensure that server_maximum_page_size value is equal to LDAP server page size.\nTo unset 'server_maximum_page_size', set its value to 0. Unsetting this parameter will disable the pagination. On disabling the pagination, it is recommended to use hard_limit parameter in the LDAP Browse APIs if there are large number of users/groups on the LDAP server.\n"},"early_listing_stop":{"x-feature":"FF_LDAP_MAX_PAGE_AND_EARLY_STOP","type":"boolean","description":"This parameter helps in enhancing performance of ldap users/groups browsing. When set to false, the entire list of users/groups that are present on the LDAP server is fetched. When the value is set to true, only limited number of users/groups are fetched from the LDAP server considering the \"limit\" specified by the user. To indicate that there are more number of users/groups present on the LDAP server to be fetched by the CM, \"total\" is shown as \"-1\". The default value of \"early_listing_stop\" is false.\nFor example: If an LDAP server has 5000 users in total; and on CipherTrust Manager these params are set, \"server_maximum_page_size\" as 100, skip as 0 and limit as 1000 then number of entries in response will be returned as 1000 and total will be -1. When 'early_listing_stop' is set to false, CM will return correct total number of records which is 5000.\n"}}},{"type":"object","description":"Sensitive parameters specific to a LDAP test connection.","required":["credentials"],"properties":{"credentials":{"type":"object","description":"User Credentials for testing a LDAP connection.","required":["username","password"],"properties":{"username":{"type":"string","description":"Username to test the connection with."},"password":{"type":"string","description":"Password that authenticates the username."}}}}}]},"hadoop_connection_credentials":{"type":"object","description":"Sensitive parameters specific to a Hadoop connection.","properties":{"password":{"type":"string","description":"Password for Hadoop server (required for Knox)\n"}}},"hadoop_connection_params":{"properties":{"username":{"type":"string","description":"Username for accessing Hadoop server (required for Knox)."},"topology":{"type":"string","description":"Topology deployment of the Knox gateway."}}},"hadoop_node_params":{"required":["hostname","port","protocol"],"properties":{"hostname":{"type":"string","description":"hostname for Hadoop Server"},"port":{"type":"integer","description":"port for Hadoop Server. Possible values 1-65535."},"server_certificate":{"type":"string","description":"SSL certificate for Hadoop Server TLS communication"},"path":{"type":"string","description":"path for Hadoop Server"},"protocol":{"type":"string","description":"http or https protocol to be used for communication with the Hadoop node (https required for hadoop-knox)"}}},"hadoop_nodes_params":{"properties":{"nodes":{"type":"array","items":{"type":"object","required":["hostname","port","protocol"],"properties":{"hostname":{"type":"string","description":"hostname for Hadoop Server"},"port":{"type":"integer","description":"port for Hadoop Server. Possible values 1-65535."},"server_certificate":{"type":"string","description":"SSL certificate for Hadoop Server TLS communication"},"path":{"type":"string","description":"path for Hadoop Server"},"protocol":{"type":"string","description":"http or https protocol to be used for communication with the Hadoop node (https required for hadoop-knox)"}}}}}},"hadoop_create_connection_params":{"type":"object","required":["service","username","password","nodes"],"allOf":[{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"Sensitive parameters specific to a Hadoop connection.","properties":{"password":{"type":"string","description":"Password for Hadoop server (required for Knox)\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing Hadoop server (required for Knox)."},"topology":{"type":"string","description":"Topology deployment of the Knox gateway."}}},{"properties":{"nodes":{"type":"array","items":{"type":"object","required":["hostname","port","protocol"],"properties":{"hostname":{"type":"string","description":"hostname for Hadoop Server"},"port":{"type":"integer","description":"port for Hadoop Server. Possible values 1-65535."},"server_certificate":{"type":"string","description":"SSL certificate for Hadoop Server TLS communication"},"path":{"type":"string","description":"path for Hadoop Server"},"protocol":{"type":"string","description":"http or https protocol to be used for communication with the Hadoop node (https required for hadoop-knox)"}}}}}}]},"hadoop_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a Hadoop connection.","properties":{"password":{"type":"string","description":"Password for Hadoop server (required for Knox)\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing Hadoop server (required for Knox)."},"topology":{"type":"string","description":"Topology deployment of the Knox gateway."}}}]},"name":{"type":"object","description":"Unique name of a Migration Split Key.","required":["name"],"properties":{"name":{"type":"string","description":"Unique name of a Migration Split Key."}}},"threshold":{"type":"object","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10).","required":["threshold"],"properties":{"threshold":{"type":"integer","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10)."}}},"digest":{"type":"object","description":"A digest associated with the migration split key.","required":["digest"],"properties":{"digest":{"type":"string","description":"A digest associated with the migration split key.\nThe digest is calculated on the DSM, and should be passed in while creating the split key.\nWhen the key is reassembled, the CM checks if the key matched.\n"}}},"usable":{"type":"object","description":"A boolean that can be used to determine whether the key is usable.","required":["usable"],"properties":{"usable":{"type":"boolean","description":"A boolean that can be used to determine whether the key is usable.\nIt is set to false when the split key is created.\nIt is set to true after enough shares have been added, and the digest of the reconstructed key matches.\n"}}},"material":{"type":"object","description":"A key material asociated with the split key share.","required":["material"],"properties":{"material":{"type":"string","description":"Share's key material."}}},"shares":{"type":"object","description":"Array of shares asociated with the split key.","properties":{"shares":{"type":"array","description":"Array of shares asociated with the split key.","items":{"type":"object","allOf":[{"type":"object","description":"A share asociated with the split key.","required":["material"],"properties":{"name":{"type":"string","description":"Unique name of share."},"material":{"type":"string","description":"Share's key material."}}}]}}}},"share_response":{"type":"object","description":"The split key share parameters present in the API response.","properties":{"name":{"type":"string","description":"Split key share unique name."}}},"shares_response":{"type":"object","description":"Array of split key share parameters present in the API response.","properties":{"shares":{"type":"array","description":"Array of split key share parameters present in the API response.","items":{"type":"object","allOf":[{"type":"object","description":"The split key share parameters present in the API response.","properties":{"name":{"type":"string","description":"Split key share unique name."}}}]}}}},"migration_split_key_response":{"type":"object","allOf":[{"type":"object","description":"Unique name of a Migration Split Key.","required":["name"],"properties":{"name":{"type":"string","description":"Unique name of a Migration Split Key."}}},{"type":"object","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10).","required":["threshold"],"properties":{"threshold":{"type":"integer","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10)."}}},{"type":"object","description":"A digest associated with the migration split key.","required":["digest"],"properties":{"digest":{"type":"string","description":"A digest associated with the migration split key.\nThe digest is calculated on the DSM, and should be passed in while creating the split key.\nWhen the key is reassembled, the CM checks if the key matched.\n"}}},{"type":"object","description":"A boolean that can be used to determine whether the key is usable.","required":["usable"],"properties":{"usable":{"type":"boolean","description":"A boolean that can be used to determine whether the key is usable.\nIt is set to false when the split key is created.\nIt is set to true after enough shares have been added, and the digest of the reconstructed key matches.\n"}}},{"type":"object","description":"Array of split key share parameters present in the API response.","properties":{"shares":{"type":"array","description":"Array of split key share parameters present in the API response.","items":{"type":"object","allOf":[{"type":"object","description":"The split key share parameters present in the API response.","properties":{"name":{"type":"string","description":"Split key share unique name."}}}]}}}}]},"migration_split_key_list_response":{"type":"object","allOf":[{"type":"object","description":"Unique name of a Migration Split Key.","required":["name"],"properties":{"name":{"type":"string","description":"Unique name of a Migration Split Key."}}},{"type":"object","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10).","required":["threshold"],"properties":{"threshold":{"type":"integer","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10)."}}},{"type":"object","description":"A digest associated with the migration split key.","required":["digest"],"properties":{"digest":{"type":"string","description":"A digest associated with the migration split key.\nThe digest is calculated on the DSM, and should be passed in while creating the split key.\nWhen the key is reassembled, the CM checks if the key matched.\n"}}},{"type":"object","description":"A boolean that can be used to determine whether the key is usable.","required":["usable"],"properties":{"usable":{"type":"boolean","description":"A boolean that can be used to determine whether the key is usable.\nIt is set to false when the split key is created.\nIt is set to true after enough shares have been added, and the digest of the reconstructed key matches.\n"}}}]},"QuorumVotes":{"description":"Quorum votes tracks the votes of a quorum.\n","type":"object","allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the vote was cast."},"approver_id":{"type":"string","description":"The identity of the user who voted."},"note":{"type":"string","description":"Any description of vote."},"vote":{"type":"string","description":"Vote can be either deny or approve."}}}]},"Quorum":{"description":"Quorum model represents a quorum.\n","type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"requester_id":{"type":"string","description":"The user ID of the requester of the quorum."},"operation_fingerprint":{"type":"string","readOnly":true,"description":"Fingerprint of the operation."},"resource_uri":{"type":"string","format":"uri","description":"URI of the resource on which the operation is being performed."},"state":{"type":"string","description":"State of the quorum [pre-active, active, denied, expired, executed]."},"description":{"type":"string","description":"Description of the quorum."},"votes":{"type":"array","description":"Votes of the quorum.","items":[{"description":"Quorum votes tracks the votes of a quorum.\n","type":"object","allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the vote was cast."},"approver_id":{"type":"string","description":"The identity of the user who voted."},"note":{"type":"string","description":"Any description of vote."},"vote":{"type":"string","description":"Vote can be either deny or approve."}}}]}]}}}]},"QuorumProfile":{"description":"Represents a quorum profile.\n","type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"Name":{"type":"string","description":"Name of the profile."},"voter-groups":{"type":"array","description":"Voters allowed to vote for this profile.","items":{"type":"string"}},"ExpirationPeriod":{"type":"string","format":"date-time","description":"Expiration of Quorum after it is activated (in minutes)."},"RequiredApprovals":{"type":"integer","description":"Required number of approvals for a quorum."},"Description":{"type":"string","description":"Description of the profile."}}}]},"QuorumPolicyStatus":{"description":"Represents status of a quorum policy\n","type":"object","properties":{"operation":{"type":"string","description":"Operation for the policy."},"active":{"type":"boolean","description":"Status of the policy."},"profile":{"type":"boolean","description":"Quorum profile used by this policy."}}},"PostTemplate":{"title":"Create Template","properties":{"name":{"type":"string","description":"Optional friendly name. The template name should not contain special characters such as angular brackets (<,>) and backslash (\\)."},"description":{"type":"string"},"labels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group templates. \nTo add a label, set the label's value as follows.\n```\n \"labels\": {\n \"key\": \"value\"\n }\n```\n"},"meta":{"type":"object","description":"Optional end-user or service data stored with the template."},"key_attributes":{"type":"object","description":"Optional key attributes stored with the template.","required":["algorithm"],"properties":{"meta":{"type":"object","description":"Optional end-user or service data stored with the template.","properties":{"ownerId":{"type":"string","description":"Optional owner information for the template, required for non-admin. The value should be the user_id."}}},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active."},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive."},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived."},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Template Object may begin to be used to process\ncryptographically protected information (for example, decryption or unwrapping).\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Template Object will not be used for\napplying cryptographic protection (for example, encryption or wrapping).\n"},"usageMask":{"type":"integer","description":"Filters results based on matching Cryptographic usage mask. Add the usage mask values to allow the usages. \nThe associated values are - Sign (1), Verify (2), Encrypt (4), Decrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512), \nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384), Validate Cryptogram (32768), Translate Encrypt (65536), \nTranslate Decrypt (131072), Translate Wrap (262144), Translate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). To set all usage mask bits, \nuse 4194303 (all usage masks including Export). Equivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728), 'blob' (Encrypt + Decrypt = 12), \n'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12), 'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"},"algorithm":{"type":"string","description":"The Cryptographic algorithm of the template that is used to create the specific key.","enum":["aes","tdes","rsa","ec","hmac-sha1","hmac-sha256","hmac-sha384","hmac-sha512","seed","aria"]},"curveid":{"type":"string","description":"The Cryptographic curve id of a template is used for the elliptic key. This is a mandatory parameter for 'EC' algorithm. Values:\n * secp224k1\n * secp224r1\n * secp256k1\n * secp384r1\n * secp521r1\n * prime256v1\n * brainpoolP224r1\n * brainpoolP224t1\n * brainpoolP256r1\n * brainpoolP256t1\n * brainpoolP384r1\n * brainpoolP384t1\n * brainpoolP512r1\n * brainpoolP512t1\n * curve25519\n"},"size":{"type":"integer","description":"The Bit length of the key using this template.The Size is mandatory for all supported algorithms except for algorithm 'EC'."},"unexportable":{"type":"boolean","description":"The key created using this template will not be exportable. The default value is false."},"undeletable":{"type":"boolean","description":"The key created using this template will not be deleted. The default value is false."},"format":{"type":"string","description":"This parameter is used when returning the key material after the key is created ('includeMaterial' is true).\nFor Asymmetric Keys the valid options are \n-pkcs1\n-pkcs8\n-pkcs12\n\nFor Symmetric Keys the valid options are\n-raw \n-opaque\n"},"state":{"type":"string","description":"This specified the valid key state for creation of Key using Template \nOptions:\n- Pre-Active\n- Active\n For Active State activation Date is required. Activation Date must not be a future Date.\n- Deactived\n For Deactived State deactivationDate is required. Deactivation Date must not be before Activation Date or ProtectStopDate.\n"},"xts":{"type":"boolean","description":"If set to true, then key created will be XTS/CBC-CS1 Key. Defaults to false. Key algorithm must be 'AES."},"objectType":{"type":"string","description":"This specifies the type of object that needs to be created. Valid values are 'Symmetric Key', 'Public Key', 'Private Key' or 'Certificate'. The object type is inferred for many objects, but must be supplied for the certificate object.\nFor algorithm RSA or EC to create a certificate objectType shall be specified as Certificate.\nObjectType Symmetric Key is supported for algorithms\n - AES\n - ARIA\n - TDES\n - SEED\n - HMAC\n\nObjectType Public Key, Private Key, Certificate is supported for algorithms\n - RSA\n - EC\n\nObjectType Split Key is supported for algorithm\n - AES\n"},"description":{"type":"string","description":"Optional friendly description. The template name should not contain special characters such as angular brackets (<,>) and backslash (\\)."}}}},"example":{"description":"test template create","meta":{"color":"red"},"labels":{"team":"HR"},"key_attributes":{"algorithm":"AES","objectType":"Symmetric Key","meta":{"ownerId":"local|123.....09"},"state":"Pre-Active","size":256,"undeletable":true,"unexportable":true,"description":"Symmetric key template"}}},"Templates":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"name":{"type":"string","description":"The name of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the application was created."},"updatedAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the application was updated."},"meta":{"type":"object","description":"End-user or service data stored with the template."},"labels":{"type":"object","description":"key-value pairs stored."},"key_attributes":{"type":"object","description":"key_attributes stored in key-value pairs."}}}}}}]},"PatchTemplate":{"title":"Update Template","properties":{"description":{"type":"string","description":"Optional friendly description. The template name should not contain special characters such as angular brackets (<,>) and backslash (\\)."},"labels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group templates. \nTo add a label, set the label's value as follows.\n```\n \"labels\": {\n \"key\": \"value\"\n }\n```\n"},"meta":{"type":"object","description":"Optional end-user or service data stored with the template."},"key_attributes":{"type":"object","description":"Optional key attributes stored with the template.","properties":{"meta":{"type":"object","description":"Optional end-user or service data stored with the template.","properties":{"ownerId":{"type":"string","description":"Optional owner information for the template, required for non-admin. The value should be the user_id."}}},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active."},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive."},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived."},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Template Object may begin to be used to process\ncryptographically protected information (for example, decryption or unwrapping).\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Template Object will not be used for\napplying cryptographic protection (for example, encryption or wrapping).\n"},"usageMask":{"type":"integer","description":"Filters results based on matching Cryptographic usage mask. Add the usage mask values to allow the usages. \nThe associated values are - Sign (1), Verify (2), Encrypt (4), Decrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512), \nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384), Validate Cryptogram (32768), Translate Encrypt (65536), \nTranslate Decrypt (131072), Translate Wrap (262144), Translate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). To set all usage mask bits, \nuse 4194303 (all usage masks including Export). Equivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728), 'blob' (Encrypt + Decrypt = 12), \n'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12), 'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"},"algorithm":{"type":"string","description":"The Cryptographic algorithm of the template that is used to create the specific key.","enum":["aes","tdes","rsa","ec","hmac-sha1","hmac-sha256","hmac-sha384","hmac-sha512","seed","aria"]},"curveid":{"type":"string","description":"The Cryptographic curve id of a template used for the elliptic key. The template algorithm must be 'EC'. Values:\n * secp224k1\n * secp224r1\n * secp256k1\n * secp384r1\n * secp521r1\n * prime256v1\n * brainpoolP224r1\n * brainpoolP224t1\n * brainpoolP256r1\n * brainpoolP256t1\n * brainpoolP384r1\n * brainpoolP384t1\n * brainpoolP512r1\n * brainpoolP512t1\n * curve25519\n"},"size":{"type":"integer","description":"The Bit length of the key using this template."},"unexportable":{"type":"boolean","description":"The key created using this template will not be exportable. The default value is false."},"undeletable":{"type":"boolean","description":"The key created using this template will not be deleted. The default value is false."},"format":{"type":"string","description":"This parameter is used when returning the key material after the key is created ('includeMaterial' is true).\nFor Asymmetric Keys the valid options are: \n-pkcs1\n-pkcs8\n-pkcs12\n\nFor Symmetric Keys the valid options are:\n-raw\n-opaque\n"},"state":{"type":"string","description":"state:\n type: string\n description: |\n This specified the valid key state for creation of Key using Template \n Options:\n - Pre-Active\n - Active\n For Active State activation Date is required.\n - Deactivated\n For Deactivated State deactivationDate is required. Deactivation Date must not be before Activation Date ,ProtectStartDate and ProtectStopDate if activationDate, ProtectStopDate and ProtectStopDate is given.\n"},"xts":{"type":"boolean","description":"If set to true, then key created will be XTS/CBC-CS1 Key. Defaults to false. Key algorithm must be 'AES."},"objectType":{"type":"string","description":"This specifies the type of object that needs to be created. Valid values are 'Symmetric Key', 'Public Key', 'Private Key' or 'Certificate'. The object type is inferred for many objects, but must be supplied for the certificate object.\nFor algorithm RSA or EC to create a certificate objectType shall be specified as Certificate.\nObjectType Symmetric Key is supported for algorithms\n - AES\n - ARIA\n - TDES\n - SEED\n - HMAC\n\nObjectType Public Key, Private Key, Certificate is supported for algorithms\n - RSA\n - EC\n\nObjectType Split Key is supported for algorithm\n - AES\n"},"description":{"type":"string","description":"Optional friendly description. The template name should not contain special characters such as angular brackets (<,>) and backslash (\\)."}}}},"example":{"description":"test template update","meta":{"color":"red"},"labels":{"team":"HR"},"key_attributes":{"algorithm":"AES","objectType":"Symmetric Key","meta":{"ownerId":"local|123.....09"},"state":"Pre-Active","size":256,"undeletable":true,"unexportable":true,"description":"Symmetric key template"}}},"external_CM_name":{"type":"object","description":"Unique external CM name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique external CM name"}}},"external_cm_nodes":{"required":["nodes"],"properties":{"nodes":{"type":"array","items":{"type":"object","description":"List of nodes","required":["hostname"],"properties":{"hostname":{"type":"string","description":"Hostname of the external CM."}}}}}},"external_CM_node":{"type":"object","description":"List of nodes","required":["hostname"],"properties":{"hostname":{"type":"string","description":"Hostname of the external CM."}}},"external_cm_trusted_ca_params":{"required":["trusted_ca"],"properties":{"trusted_ca":{"type":"array","items":{"type":"object","description":"List of Trusted CAs.","required":["certificate"],"properties":{"certificate":{"type":"string","description":"Trusted CA of the external CM."}}}}}},"external_cm_trusted_ca":{"type":"object","description":"List of Trusted CAs.","required":["certificate"],"properties":{"certificate":{"type":"string","description":"Trusted CA of the external CM."}}},"external_CM_node_params":{"properties":{"hostname":{"type":"string","description":"Hostname of external CM."},"external_cm_id":{"type":"string","description":"ID of external CM"}}},"external_CM_trustedCA_params":{"properties":{"certificate":{"type":"string","description":"Trusted CA of external CM"},"external_cm_id":{"type":"string","description":"ID of external CM"},"subject_dn":{"type":"string","description":"Subject DN of trusted CA."},"expires_at":{"type":"string","format":"date-time","description":"Expiry date of trusted CA."}}},"external_create_CM_node_params":{"type":"object","required":["hostname","external_cm_id"],"description":"Creates parameters specific to an external CM.","allOf":[{"properties":{"hostname":{"type":"string","description":"Hostname of external CM."},"external_cm_id":{"type":"string","description":"ID of external CM"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"An account that owns the resource."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account that owns the resource's application."}}}]},"external_create_CM_TrustedCA_params":{"type":"object","required":["certificate","external_cm_id","subject_dn","expires_at"],"description":"Creates CM trusted CA parameters specific to an external CM.","allOf":[{"properties":{"certificate":{"type":"string","description":"Trusted CA of external CM"},"external_cm_id":{"type":"string","description":"ID of external CM"},"subject_dn":{"type":"string","description":"Subject DN of trusted CA."},"expires_at":{"type":"string","format":"date-time","description":"Expiry date of trusted CA."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"An account that owns the resource."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account that owns the resource's application."}}}]},"external_CM_nodes_params_response":{"properties":{"nodes":{"type":"array","items":{"type":"object","required":["hostname","external_cm_id"],"description":"Creates parameters specific to an external CM.","allOf":[{"properties":{"hostname":{"type":"string","description":"Hostname of external CM."},"external_cm_id":{"type":"string","description":"ID of external CM"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"An account that owns the resource."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account that owns the resource's application."}}}]}}}},"external_CM_Trusted_CA_param_response":{"properties":{"trusted_ca":{"type":"array","items":{"type":"object","required":["certificate","external_cm_id","subject_dn","expires_at"],"description":"Creates CM trusted CA parameters specific to an external CM.","allOf":[{"properties":{"certificate":{"type":"string","description":"Trusted CA of external CM"},"external_cm_id":{"type":"string","description":"ID of external CM"},"subject_dn":{"type":"string","description":"Subject DN of trusted CA."},"expires_at":{"type":"string","format":"date-time","description":"Expiry date of trusted CA."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"An account that owns the resource."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account that owns the resource's application."}}}]}}}},"Resource":{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"An account that owns the resource."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account that owns the resource's application."}}},"external_CM_common_response":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"An account that owns the resource."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account that owns the resource's application."}}},{"properties":{"nodes":{"type":"array","items":{"type":"object","required":["hostname","external_cm_id"],"description":"Creates parameters specific to an external CM.","allOf":[{"properties":{"hostname":{"type":"string","description":"Hostname of external CM."},"external_cm_id":{"type":"string","description":"ID of external CM"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"An account that owns the resource."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account that owns the resource's application."}}}]}}}}]},"cm_connection_params":{"properties":{"client_certificate":{"type":"string","description":"Certificate of the client registered at the external CM"},"client_id":{"type":"string","description":"ID of the client registered at the external CM"},"external_cm_id":{"type":"string","description":"ID of the external CM resource that contains the Hostname and Root CA of the external CM."}}},"cm_create_connection_params":{"type":"object","required":["client_certificate","client_id","external_cm_id"],"allOf":[{"properties":{"client_certificate":{"type":"string","description":"Certificate of the client registered at the external CM"},"client_id":{"type":"string","description":"ID of the client registered at the external CM"},"external_cm_id":{"type":"string","description":"ID of the external CM resource that contains the Hostname and Root CA of the external CM."}}}]},"cm_update_connection_params":{"type":"object","allOf":[{"properties":{"client_certificate":{"type":"string","description":"Certificate of the client registered at the external CM"},"client_id":{"type":"string","description":"ID of the client registered at the external CM"},"external_cm_id":{"type":"string","description":"ID of the external CM resource that contains the Hostname and Root CA of the external CM."}}}]},"DKEEndpoint":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account that owns this resource."},"application":{"type":"string","format":"URI","description":"The application to which this resource belongs."},"devAccount":{"type":"string","format":"URI","description":"The developer account that owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the DKE endpoint was created."},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the DKE endpoint was updated."},"name":{"description":"DKE endpoint name.","type":"string"},"kek_uri":{"description":"URI of KEK created by the DKE endpoint.","type":"string"},"kek_uri_hostname":{"description":"URI hostname of KEK created by the DKE endpoint.","type":"string"},"kek_name":{"description":"Name of the KEK created by the DKE endpoint.","type":"string"},"kek_uuid":{"description":"UUID of KEK created by the DKE endpoint.","type":"string"},"meta":{"description":"Additional information associated with the DKE endpoint.","type":"object"},"enabled":{"description":"Status to allow getkey or decrypt operation using this DKE endpoint.","type":"boolean"},"kek_version":{"description":"Version of KEK created by the DKE endpoint.","type":"string"},"key_type":{"description":"Type of key created by the DKE endpoint. Only the key type of asymmetric is currently supported.","type":"string"},"algorithm":{"description":"Algorithm of the key created by the DKE endpoint. Only the RSA_DECRYPT_OAEP_2048_SHA256 algorithm is currently supported, which is the default value.","type":"string"},"auth_tenants":{"description":"List of IDs of auth_tenants for the DKE endpoint.","type":"array","items":{"type":"string"}},"source_key_tier":{"description":"Source key tier. Options are local and external-cm. Default is local.","type":"string"}}}]},"connection_base_url":{"x-feature":"FF_CC","type":"object","description":"This is the full path to the base URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the base URL associated with the connection."}}},"cc_connection_credentials":{"x-feature":"FF_CC","type":"object","description":"Sensitive parameters specific to an confidential computing (CC) connection.","required":["client_secret"],"properties":{"client_secret":{"type":"string","description":"Client Secret of the confidential computing (CC) connection."}}},"cc_connection_trimmed_credentials":{"x-feature":"FF_CC","type":"object","description":"Non-sensitive parameters specific to an confidential computing (CC) connection.","required":["url"],"properties":{"url":{"type":"string","description":"url for the connection."},"base_url":{"type":"string","description":"base url for the connection."}}},"cc_connection_update_credentials":{"x-feature":"FF_CC","type":"object","description":"parameters specific to an CC connection.","properties":{"url":{"type":"string","description":"url for the connection."},"base_url":{"type":"string","description":"base url for the connection."},"client_secret":{"type":"string","description":"client secret for the connection."}}},"cc_connection_response":{"x-feature":"FF_CC","type":"object","description":"Checksum generated from CC credentials.","allOf":[{"x-feature":"FF_CC","type":"object","description":"Non-sensitive parameters specific to an confidential computing (CC) connection.","required":["url"],"properties":{"url":{"type":"string","description":"url for the connection."},"base_url":{"type":"string","description":"base url for the connection."}}}],"properties":{"checksum":{"type":"string","description":"A SHA256 checksum value generated from clientSecret, URL and base URL. Will get updated if it passed clientSecret with URL or all of them (including base URL)."}}},"cc_create_connection_params":{"x-feature":"FF_CC","type":"object","allOf":[{"x-feature":"FF_CC","type":"object","description":"Sensitive parameters specific to an confidential computing (CC) connection.","required":["client_secret"],"properties":{"client_secret":{"type":"string","description":"Client Secret of the confidential computing (CC) connection."}}},{"x-feature":"FF_CC","type":"object","description":"Non-sensitive parameters specific to an confidential computing (CC) connection.","required":["url"],"properties":{"url":{"type":"string","description":"url for the connection."},"base_url":{"type":"string","description":"base url for the connection."}}}]},"cc_update_connection_params":{"x-feature":"FF_CC","type":"object","allOf":[{"x-feature":"FF_CC","type":"object","description":"parameters specific to an CC connection.","properties":{"url":{"type":"string","description":"url for the connection."},"base_url":{"type":"string","description":"base url for the connection."},"client_secret":{"type":"string","description":"client secret for the connection."}}}]}},"parameters":{"user_id":{"name":"user_id","in":"path","required":true,"description":"the user_id of the user","type":"string"},"client_id":{"name":"client_id","in":"path","required":true,"description":"the client_id of the client","type":"string"},"name":{"name":"name","in":"query","type":"string","description":"Filters results to those with matching names. The '?' and '*' wildcard characters may be used."},"keyNameOptional":{"name":"keyName","in":"query","required":false,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. An empty string is assumed if this parameter is absent. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},"keyNameRequired":{"name":"keyName","in":"query","required":true,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},"macAlgorithm":{"name":"algorithm","in":"query","required":false,"type":"string","description":"This string specifies the MAC Algorithm used for MAC/MACV operations. The supported values for this are hmac and cmac."},"version":{"name":"version","in":"query","required":false,"type":"string","description":"This string is used for identifying the version of the cryptographic key that is used for encryption/hmac. The newest version is used if this parameter is omitted. This string is used only when the keyName parameter is also specified.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are actual version of the key, Latest version (-1), Latest active version (-2).}}"},"keyVersion":{"name":"keyVersion","in":"query","required":false,"type":"string","description":"This string is used for identifying the version of the cryptographic key that is used for encryption. The newest version is used if this parameter is omitted. This string is used only when the keyName parameter is also specified."},"hint":{"name":"hint","in":"query","required":true,"type":"string","enum":["digit","alphabet","alphanumeric","printable","unicode"],"description":"This string identifies the type of input. It can be one of following printable strings - 'digit', 'alphabet', 'alphanumeric', 'printable' and 'unicode'. This hint needs to be passed."},"charset":{"name":"charset","in":"query","required":false,"type":"string","description":"This string identifies the charset name or id. It is required when hint is 'unicode'."},"tweakAlg":{"name":"tweakAlg","in":"query","required":false,"type":"string","description":"This string specifies the algorithm used for converting the tweak string into the tweak used by the FPE algorithm. Allowed values are \"sha1\", \"sha256\", \"sha512\" and \"none\". Defaults to \"none\"."},"tweak":{"name":"tweak","in":"query","required":false,"type":"string","description":"This string identifies the tweak to be used along with the cryptographic key for hiding/unhiding the data. If tweakAlg is \"none\", this should be a 8-byte array encoded in hex. Length of encoded string is 16 bytes. It can be any arbitrary string if the tweakAlg is not \"none\". If provided, it must be the same for both hide and unhide operations for a given data. Tweak is not allowed if tweakAlg is empty."},"iv":{"name":"iv","in":"query","required":false,"type":"string","description":"This string identifies the IV to be used along with the cryptographic key for hiding/unhiding data. It is required only if the input data length is larger than the FPE block length. The block length depends on the hint (digit-56, alphabet,alphanumeric-32, printable-28 bytes). The IV should not be supplied if the data length does not exceed the FPE block length. The characters in the IV should lie in the alphabet specified via the hint. The length of the IV should equal the FPE block size."},"defaultiv":{"name":"defaultiv","in":"query","required":false,"type":"string","description":"This boolean identifies if the user wants to use the default IV along with the cryptographic key for encrypting/decrypting data. False is 0 and True is 1. This field was introduced to support specific legacy integrations and applications. New applications are strongly recommended to use a unique IV for each encryption request."},"hash":{"name":"hash","in":"query","required":true,"type":"string","description":"This string identifies the hex encoded mac to be verified for the given data."},"hashAlgo":{"name":"hashAlgo","in":"query","required":true,"type":"string","description":"This string specifies the hash algorithm used for generating signature. For ECDSA the allowed values are \"SHA1\", \"SHA-256\", \"SHA-384\", \"SHA-512\", \"SHA3-224\", \"SHA3-256\", \"SHA3-384\", \"SHA3-512\" and \"none\". For RSA, the allowed values are \"SHA1\", \"SHA-256\", \"SHA-384\", \"SHA-512\" and \"none\"."},"signAlgo":{"name":"signAlgo","in":"query","required":false,"type":"string","description":"This string specifies the signing algorithm used for generating signature. Allowed values are \"RSA\" and \"ECDSA\"."},"signature":{"name":"signature","in":"query","required":true,"type":"string","description":"This string identifies the hex encoded signature to be verified for the given data."},"mode":{"name":"mode","in":"query","required":false,"type":"string","description":"This string identifies the cryptographic mode to use for symmetric operations (i.e algorithm is 'AES' or 'TDES'). Allowed values for AES are 'CBC', 'EBC', and 'GCM', and the only allowed value for TDES is 'CBC'. Defaults to 'cbc'."},"pad":{"name":"pad","in":"query","required":false,"type":"string","description":"This string identifies cryptographic padding algorithm to use. Allowed values depend on the algorithm used. For AES, allowed values are 'none', 'PKCS5', and 'PKCS7'. The default is 'PKCS7'. For asymmetric algorithms the allowed values 'PKCS1', and 'OAEP' defaulting to 'PKCS1'. Padding is not applicable for 'CTR' and 'GCM' mode."},"authData":{"name":"AAD","in":"formData","required":false,"type":"string","description":"The authentication data for AES-GCM cipher operations. It is included in the multipart/form-data of the body under the label 'AAD'."},"data":{"name":"Data","in":"formData","required":false,"type":"string","description":"The data to encrypt or decrypt. If the content type is multipart/form-data then it is included in the multipart under the label 'Data'."},"tag":{"name":"tag","in":"query","required":false,"type":"string","description":"This string is a hex encoded AES-GCM authentication tag for decryption operations."},"tagLen":{"name":"taglen","in":"query","required":false,"type":"integer","description":"This integer is the requested length of the authentication tag. This parameter is only used for AES-GCM, must be between 4 and 16 inclusive and defaults to 16."},"encryptiv":{"name":"iv","in":"query","required":false,"type":"string","description":"This is the Initialization Vector (IV). It is used while encrypting and decrypting data using a symmetric key (AES or TDES). An IV is generated if it is not provided. If an IV is supplied, it should be in hexadecimal format. It should be 16 bytes long (hex string is 32 characters long) for AES-CBC, 8 bytes for TDES-CBC, and between 1 and 16 bytes for AES-GCM."},"cryptomode":{"name":"mode","in":"query","required":false,"type":"string","description":"This string identifies the cryptographic mode to use for symmetric key operations (i.e algorithm is 'AES' or 'TDES'). Allowed values for AES are 'CBC', 'EBC', and 'GCM' (default is 'GCM'), and the only allowed value for TDES is 'CBC'."},"cryptopad":{"name":"pad","in":"query","required":false,"type":"string","description":"This string identifies cryptographic padding algorithm to use. Allowed values depend on the algorithm used. For AES and TDES, allowed values are 'none', 'PKCS5' and 'PKCS7' (default is 'PKCS7'). For asymmetric algorithms the allowed values 'PKCS1', 'OAEP', 'OAEP256', 'OAEP384' and 'OAEP512', defaulting to 'OAEP'."},"signPad":{"name":"pad","in":"query","required":false,"type":"string","description":"This string specifies the padding used for generating signature and is only applicable for the RSA signing algorithm. Allowed values are 'PKCS1', 'PSS', and 'PSSWithPrecomputedHash'. Default value is 'PKCS1'."},"saltLength":{"name":"saltLength","in":"query","required":false,"type":"integer","description":"This integer specifies the saltLength for PSS padding. This is only applicable for the RSA signing algorithm. The SaltLength varies from -2 to a positive integer upto the maximum length supported by the algorithm.\n-1 is for HASH-EQUAL-LENGTH,\n0 is for MAX-LENGTH and\n-2 is for deterministic output.\nMaximum supported value of salt length = (Key length in bytes - HASH length in byte - 2)\n"},"KeyIdentifier":{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},"KeyIdentifierType":{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},"KeyVersion":{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. Only valid if the identifier is a key\nname, otherwise version is ignored.","type":"number"},"LatestActiveKeyVersion":{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. {{FF_LATEST_ACTIVE_KEY_VERSION| If -2 is specified then nae latest active version of key will be returned.}} \nOnly valid if the identifier is a key name or id , otherwise version is ignored.","type":"number"},"applicationSearch":{"name":"application","in":"query","description":"Search by application. Supports * and ? wildcards.","type":"string","format":"URI"},"Authorization":{"name":"Authorization","in":"header","description":"A JWT of the form `Bearer `.","required":true,"type":"string"},"ResourceIdentifier":{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},"skip":{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":10},"limit":{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":0},"sourceType":{"name":"source_type","in":"query","type":"string","description":"Filter on alarm configuration source type. Valid values are 'server_record' and 'client_record'"},"allowlist_filter":{"name":"allowlist","in":"query","type":"string","description":"Filter the results based on an IP in allowlist. It gives the list of nodes which have the given IP in their allowlist. \nTo filter results wherein IP is not a part of the allowlist, precede the field value with a minus sign (\"-\").\nFor example:\n -192.168.3.4\n"},"scpIdentifierParam":{"name":"scp_id","in":"path","description":"SCP id is used to determine the status of\nasynchronous SCP process.\n","required":true,"type":"string"},"scpConnectionParam":{"name":"connection_id","in":"path","description":"Name or ID of the SCP connection which stores the details for SCP server.\n","required":true,"type":"string"},"scope_query":{"name":"scope","required":false,"in":"query","type":"string","description":"Scope of the backup or backup key - system (default) or domain. Scope must be specified for a domain scoped backup.\n"},"upload_chunked":{"name":"chunked","required":false,"in":"query","description":"When set to `true`, indicates that the file is uploaded in multiple chunks.\n","type":"boolean","default":false},"upload_start":{"name":"start","required":false,"in":"query","description":"Set to `true` for the first chunk request, when the file is uploaded in multiple chunks.\n","type":"boolean","default":false},"upload_done":{"name":"done","required":false,"in":"query","description":"Set to `true` for the last chunk request, when the file is uploaded in multiple chunks.\n","type":"boolean","default":false},"upload_id":{"name":"uploadID","required":false,"in":"query","description":"This parameter is used when the file is uploaded in multiple chunks.\nFor the first chunk request, when upload_start is `true`, you can set an upload ID via this parameter.\nIf an upload ID is not set in the first chunk request, an upload ID is assigned and returned in the response.\nThe upload ID is required as a query parameter for the remaining chunk requests.\n","type":"string"},"IncludeFields":{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, the supported fields are \"auth_password\" and \"priv_password\". These fields are not \nincluded in response by default and so this query parameter is necessary if those fields are needed.\n"},"client_group_id":{"name":"client_group_id","in":"query","required":false,"type":"string","description":"Filter the results by clientgroup id of GuardPoint. MUST be a UUID value."},"client_group_name":{"name":"client_group_name","in":"query","required":false,"type":"string","description":"Filter the results by clientgroup name of GuardPoint."},"policy_id":{"name":"policy_id","in":"query","required":false,"type":"string","description":"Filter the results by policy id of GuardPoint. MUST be a UUID value."},"policy_name":{"name":"policy_name","in":"path","required":true,"description":"the name of the policy","type":"string"},"pending_operation":{"name":"pending_operation","in":"query","required":false,"type":"string","description":"Filter the results by pending operation of GuardPoint. Valid value is DELETE."},"guard_enabled":{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guard enabled values of GuardPoint. Valid values are Yes/No and True/False."},"guard_path":{"name":"guard_path","in":"query","required":false,"type":"string","description":"Filter the results by GuardPath of GuardPoint."},"type":{"name":"type","in":"query","required":false,"type":"string","description":"Filter the results by type of GuardPoint. Valid values are CLIENT and CLIENTGROUP."},"guard_point_state":{"name":"guard_point_state","in":"query","required":false,"type":"string","description":"Filter the results by state of GuardPoint. Valid values are UNKNOWN, ACTIVE, INACTIVE or DISABLED."},"native_domain":{"name":"native_domain","in":"query","required":false,"type":"string","description":"Filter result based on the native domain, that is, the domain where the resource is created. \nIt will be relevant when some resources are shared across multiple domains.\nUse a comma-separated list to pass names of multiple domains in one go.\n"},"enable_domain_sharing":{"name":"enable_domain_sharing","description":"Filter resources based on whether cross-domain sharing is enabled.","in":"query","required":false,"type":"boolean"},"fetch_current_domain_resources_only":{"name":"fetch_current_domain_resources_only","description":"Filter resources belonging to the current domain only.","in":"query","required":false,"type":"boolean"},"mfa_enabled":{"name":"mfa_enabled","description":"Filter GuardPoints based on MFA status - enabled or not.","in":"query","required":false,"type":"boolean"},"gp_network_path":{"name":"gp_network_path","in":"query","required":false,"type":"string","description":"Filter the results by network path for NFS and CIFS."},"uri_list":{"name":"uri_list","in":"query","required":false,"type":"string","description":"Filter the results by uri. To fetch multiple resources provide comma-delimited list of uri."},"guard_point_type":{"name":"guard_point_type","in":"query","required":false,"type":"string","description":"Filter clients based on guard point type. Valid values are directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, and ransomware_protection."},"dps_id":{"name":"dps_id","in":"query","required":false,"type":"string","description":"Filter the results by DPS ID of the GuardPoint."},"dps_name":{"name":"dps_name","in":"query","required":false,"type":"string","description":"Filter the results by DPS name of the GuardPoint. Value can be any string."},"id":{"name":"id","in":"path","required":true,"description":"The ID of the object.","type":"string"},"sort":{"name":"sort","in":"query","default":"name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nCurrently, sorting on a name field is only supported. \nFor example:\n -name\n\n...will sort the results first by `name`, descending.\n"},"kekID":{"name":"kekID","in":"path","required":true,"description":"the ID of the domain KEK","type":"string"},"IdentifierType":{"name":"type","in":"query","description":"The identifier type used in the URL. This can be either id, name, uri.","type":"string"},"Version":{"name":"version","in":"query","description":"The version of the object to be returned. If no version is specified, the latest version is returned.","type":"number"},"Name":{"name":"name","in":"path","description":"The name of the resource.","type":"string","required":true},"AppConnectorType":{"name":"app_connector_type","in":"path","description":"app_connector_type.","type":"string","required":true},"idParam":{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},"nameParam":{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},"serviceParam":{"name":"service","in":"query","type":"string","description":"Filters the result based on the external services associated with the connections. (e.g. aws, azure, gcp, hadoop-knox, luna network).","enum":["aws","azure","gcp","luna network","hadoop-knox"]},"categoryParam":{"name":"category","in":"query","type":"string","description":"Filter the result based on category.","enum":["cloud","hsm"]},"productParam":{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cte\" for Azure\n"},"cloudNameParam":{"name":"cloud_name","in":"query","type":"string","description":"Filter the result based on cloud name."},"hostnameParam":{"name":"hostname","in":"query","x-feature":"FF_SALESFORCE_HOSTNAME_ENABLED","type":"string","description":"Filter the result based on hostname\n"},"audienceParam":{"name":"audience","in":"query","x-feature":"FF_SALESFORCE_AUDIENCE_ENABLED","type":"string","description":"Filter the result based on jwt audience\n"},"iamRolesAnywhereConnections":{"name":"is_role_anywhere","in":"query","type":"boolean","description":"Filter IAM Roles Anywhere connections."},"fieldsParam":{"name":"fields","in":"query","type":"string","description":"Filters the result based on fields associated with the connections and return the field attribute in the response.\nCurrently, only \"meta\" is supported.\n"},"lastConnectionOKParam":{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},"externalCertificateUsed":{"name":"external_certificate_used","in":"query","type":"string","description":"Filter the result based on if external certificate is used for connection.\n"},"metaContainsParam":{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},"lastConnectionBeforeParam":{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"lastConnectionAfterParam":{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"connectionIdentifierParam":{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"},"connectionIdentifierTypeParam":{"name":"type","in":"query","description":"The type of the identifier specified in the {id} path parameter.\nMust be one of: name, id, or uri.\nIf type is not specified, it is inferred.\n","type":"string","enum":["name","id","uri"]},"labelsContainsParam":{"x-feature":"FF_CM_CONNECTIONS_FAM","name":"labels","in":"query","type":"string","format":"JSON","description":"Filters results that match label selector expressions. Multiple\nvalues are logically ANDed. \n\nFor example, to select resources that have the label `{\"region\": \"noram\"}` but do not \nhave `{\"team\": \"sales\"}` use `region=noram,team!=sales`.\n\nTo select resources whose labels contain the key called region, use `region`.\n\nTo select resources whose labels do not contain the key called region, use `!region`.\n\nTo select resources in the sales and engineering teams, use `team in (sales,engineering)`.\n\nTo select resources that are not in the sales and engineering teams, or do not have a key called `team`, use `team notin (sales,engineering)`.\n\nTo select resources that are not in the sales and engineering teams, and have a key called `team`, use `team,team notin (sales,engineering)`. \n"},"operationStatusParam":{"name":"operation_status","in":"query","type":"string","description":"Filter the result based on operation_status result.\n"},"connectionPartitionIdentifierParam":{"name":"partition_id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"},"channel":{"name":"channel","in":"query","type":"string","description":"Filter the result based on channel of communication."},"labelParam":{"name":"label","in":"query","type":"string","description":"Filter the result based on label."},"serialNumberParam":{"name":"serial_number","in":"query","type":"string","description":"Filter the result based on serial number."},"hostParam":{"name":"host","in":"query","type":"string","description":"Filter the result based on hostname."},"connectionNodeIdentifierParam":{"name":"node_id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"},"protocol":{"x-feature":"FF_SFTP_PROTOCOL","name":"protocol","in":"query","description":"Filter the result based on protocol. Valid values are 'sftp' or 'scp'.\nFilter the result based on protocol. Valid values are 'sftp' or 'scp'.\n","type":"string"},"serverURL":{"name":"server_url","in":"query","type":"string","description":"Filter the result based on server URL."},"baseDN":{"name":"base_dn","in":"query","type":"string","description":"Filter the result based on base DN."},"userLoginAttribute":{"name":"user_login_attribute","in":"query","type":"string","description":"Filter the result based on user login attribute."},"groupBaseDN":{"name":"group_base_dn","in":"query","type":"string","description":"Filter the result based on group base DN."},"digestParam":{"name":"digest","in":"query","type":"string","description":"Filter the result based on split key digest."},"splitKeyNamePathIdentifier":{"name":"name","in":"path","description":"The split key's name.\n","required":true,"type":"string"},"splitKeyShareNamePathIdentifier":{"name":"share_name","in":"path","description":"The split key share's name.\n","required":true,"type":"string"},"identifierParam":{"name":"id","in":"path","description":"The external CM's name, ID, or URI. If the \"type\" flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"},"nodeIdentifierParam":{"name":"node_id","in":"path","description":"The node's name, ID, or URI.\n","required":true,"type":"string"},"caIdentifierParam":{"name":"ca_id","in":"path","description":"The ca's name, ID, or URI.\n","required":true,"type":"string"}},"paths":{"/v1/auth/self/permissions":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Query","tags":["Permissions"],"parameters":[{"name":"body","in":"body","description":"Query for user functional permissions","schema":{"type":"object","title":"Permissions Request","required":["operations"],"properties":{"operations":{"type":"array","description":"all of the operations to query","items":{"type":"object","required":["action"],"properties":{"action":{"type":"string","description":"A predefined action (e.g. `ReadKey` or `StatusBackup`)."},"resource":{"type":"string","description":"A resource URI. It only applies when a policy relies on the resource URI value to grant permission."},"context":{"type":"object","description":"optional properties","properties":{"resource":{"type":"object","description":"Optional JSON object specifying a resource or a subset of a resource. Supplying a value may may help to give an absolute answer instead of \"maybe\". It only applies when a policy relies on a resource or any of its parts to grant permission.\n\nFor example, the \"Key owners\" policy is granted for an applicable action when a key resource has the property meta.ownerId equal to that of the user. This is a sample of the JSON object to supply for the ReadKey action:\n```\n{\n \"meta\": {\n \"ownerId\": \"local|f11157c8-9040-4793-9a1b-f2d410f4877b\"\n }\n}\n```\n"}}}}}}},"example":{"application/json":{"operations":[{"action":"CreateKey","context":{"resource":{"meta":{"ownerId":"local|f11157c8-9040-4793-9a1b-f2d410f4877b"}}}},{"action":"ReadKey"}]}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","properties":{"action":{"type":"string","description":"The action whose permission was requested"},"context":{"type":"string","description":"Always blank"},"allowed":{"type":"string","description":"Is the action allowed? (yes, no, maybe)"}}}}}}]},"examples":{"application/json":[{"action":"CreateKey","context":{},"allowed":"maybe"},{"action":"ReadKey","context":{},"allowed":"yes"}]}}}}},"/v1/usermgmt/users/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of all user resources. The results can be\nfiltered, using the query parameters.\n\nResults are returned in pages.\nEach page of results includes the total results found, and\ninformation for requesting the next page of results, using\nthe `skip` and `limit` query parameters.\n\n{{FF_CM_KEYS_AND_USERS_REPORTS| Specify \"Accept\" header with value \"application/pdf\" or \"text/csv\" to download report in PDF or CSV format using external clients.}}\n","tags":["Users"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter by the user's name"},{"name":"username","in":"query","required":false,"type":"string","description":"Filter by the user's username"},{"name":"email","in":"query","required":false,"type":"string","description":"Filter by the user's email"},{"name":"groups","in":"query","type":"string","required":false,"description":"Filter by users in the given group name. Provide multiple groups seperated by comma(\",\")\nto get users in all of those groups.\nUsing 'nil' as the group name will return users that are not part of any group.\n"},{"name":"exclude_groups","in":"query","required":false,"type":"string","description":"Users associated with given group will be excluded from the result. Provide multiple groups seperated by comma(\",\") to exclude multiple groups in the result."},{"name":"auth_domain_name","in":"query","required":false,"type":"string","description":"Filter by the user's auth domain"},{"name":"account_expired","in":"query","required":false,"type":"boolean","description":"Filters the list of users whose expiration time has passed."},{"name":"allowed_auth_methods","in":"query","required":false,"type":"array","description":"Filter by the login authentication method allowed to the users. \nIt is a comma seperated list of values. \nA special value `empty` can be specified to get users to whom no authentication method is allowed.\n","items":{"type":"string"}},{"name":"allowed_client_types","in":"query","required":false,"type":"array","description":"Filter by the client types that can authenticate the user.\nIt is a comma separated list of values.\n","items":{"type":"string"}},{"name":"password_policy","in":"query","required":false,"type":"string","description":"Filter the list of users based on assigned password policy."},{"name":"return_groups","in":"query","required":false,"type":"boolean","description":"If set to 'True', it returns the group's name in which user is associated along with all users information."},{"name":"is_admin","in":"query","required":false,"type":"boolean","x-feature":"FF_CM_KEYS_AND_USERS_REPORTS","description":"If set to true, return users that are part of any of the system admin groups, such as Key Admins, CTE Admins, etc. \nWhen true, this will override the groups filter.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nCurrently, sorting on following fields are supported : name,email,user_id,created_at,updated_at,logins_count,last_login,last_failed_login_at. \nFor example:\n -name\n\n...will sort the results first by `name`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"A User represents a unique, actual person or system.\n\nUsers and their credentials currently reside in an internal user database.\nSupport will be added in the future for users residing in external\nauthentication services as well.\n\nUsers must be created explicitly through the API.\n","type":"object","properties":{"user_id":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"password":{"type":"string","description":"The password used to secure the users account. There are currently\nno restrictions around the type or length of password that is required.\nThis attribute is required to create a user, but is not included\nin user resource responses.\n"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not included\nin user resource responses. Can be the name of a connection or\n\"local_account\" for a local user, defaults to \"local_account\".\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"logins_count":{"type":"integer","readOnly":true,"description":"Count for the number of logins"},"last_login":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last login"},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of when user was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last update of the user"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user."},"expires_at":{"type":"string","format":"timestamp","description":"The expires_at is applicable only for local user accounts. The admin or a user who is part of the admin group can add expiration to an existing local user account or modify the expiration date. Once the expires_at date is reached, the user account gets disabled and the user is not able to perform any actions."},"password_policy":{"type":"string","format":"string","description":"The password policy applies only to local user accounts and overrides the global password policy. By default, the global password policy is applied to the users."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types allowed to the user."}},"example":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"allowed_auth_methods":["password"]}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","nickname":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","password_policy":"policy_name","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"last_failed_login_at":null,"failed_logins_count":0,"failed_logins_initial_attempt_at":null,"account_lockout_at":null,"allowed_auth_methods":["password"],"allowed_client_types":["unregistered","public","confidential"]}]}}},"400":{"description":"Bad Request | User already exists.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"post":{"summary":"Create","description":"Create a new user in a domain(including root), or add an existing domain user to a sub-domain.\nUsers are always created in the local, internal user database, but might\nhave references to external identity providers.\n\nThe `connection` property is optional. If this property is specified\nwhen creating new users, it can be the name of a connection or\n`local_account` for a local user.\n\nThe `connection` property is only used in the body of the create-user\nrequest. It is not present in either request or response bodies of\nthe other user endpoints.\n\nTo create a user -\n`username` is mandatory. And\n`password` is required in most cases except when certificate authentication is used and certificate subject dn \nis provided.\n\nTo enable certificate based authentication for a user, it is required to set\n`certificate_subject_dn` and add \"user_certificate\" authentication method in `allowed_auth_methods`.\nThis functionality is available only for local users.\n\nTo assign a root domain user to a sub-domain -\nthe users are added to the domain of the user who is logging in, and the `connection`\nproperty should be left empty. The `user_id` or `username` fields are\nthe only ones that are used while adding existing users to sub-domains;\nall other fields are ignored.\n\nTo enable the two-factor authentication based on username-password and user certificate for a user, it is required to set\n\"certificate_subject_dn\" and add \"password_with_user_certificate\" authentication method in \"allowed_auth_methods\". \nFor authentication, the user will require both username-password and user certificate. This functionality applies only to local users.\n","tags":["Users"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Create User","properties":{"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n\nThis attribute may also be used (instead of the user_id) when\nadding an existing root domain user to a different domain.\n"},"password":{"type":"string","description":"The password used to secure the users account. Allowed\npasswords are defined by the password policy.\n\nPassword is optional when \"certificate_subject_dn\" is set and \"user_certificate\" is in \nallowed_auth_methods.In all other cases, password is required\n\nIt is not included in user resource responses.\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not\nincluded in user resource responses. Can be the name of a\nconnection or \"local_account\" for a local user, defaults to\n\"local_account\".\n"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"is_domain_user":{"type":"boolean","description":"This flag can be used to create the user in a non-root domain where user management is allowed.\n"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nIf both `enable_cert_auth` and `allowed_auth_methods` are provided in the request, `enable_cert_auth` is ignored. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"password_change_required":{"type":"boolean","description":"Password change required flag.\nIf set to true, user will be required to change their password on next successful login.\n"},"user_id":{"type":"string","description":"The user_id is the ID of an existing root domain user.\nThis field is used only when adding an existing root domain user to a different domain.\n"},"login_flags":{"type":"object","description":"Flags for controlling user's login behavior.","properties":{"prevent_ui_login":{"type":"boolean","description":"If true, user is not allowed to login from Web UI. Default - false"}}},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user. \nDefault value - [\"password\"] i.e. Password Authentication is allowed by default. \nSetting it to empty, i.e `[]`, means no authentication method is allowed to the user. \nIf both `enable_cert_auth` and `allowed_auth_methods` are provided in the request, `enable_cert_auth` is ignored. \nSetting it to [\"password_with_user_certificate\"], means two-factor authentication is enabled for the user. The\nuser will require both username-password and user_certificate for authentication.\n\nValid values in the array are:\n- password\n- user_certificate\n- password_with_user_certificate\n\nThis property does not control login behavior for users in admin group.\n"},"expires_at":{"type":"string","format":"timestamp","description":"The \"expires_at\" field is applicable only for local user account. Only members of the 'admin' and 'User Admins' groups can add expiration to an existing local user account or modify the expiration date.\nOnce the \"expires_at\" date is reached, the user account gets disabled and the user is not able to perform any actions.\nSetting the \"expires_at\" field to empty, removes the expiration date of the user account.\n\nThe supported date-time format is\n2025-03-02T06:13:27.71402Z\n"},"password_policy":{"type":"string","format":"string","description":"The password policy applies only to local user accounts and overrides the global password policy. By default, the global password policy is applied to the users."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types that can authenticate using the user's credentials. \nDefault value - [\"unregistered\", \"public\", \"confidential\"] i.e. all clients can authenticate the user using user's credentials. \nSetting it to empty, i.e `[]`, means no client can authenticate this user, which effectively means no one can login into this user. \n\nValid values in the array are:\n- unregistered\n- public\n- confidential\n\nThis property does not control login behavior for users in admin group.\n"}},"example":{"application/json":{"app_metadata":{},"email":"frank@local","name":"frank","username":"frank","password":"password","user_metadata":{}}}}}],"responses":{"201":{"description":"Successful user creation.","schema":{"description":"A User represents a unique, actual person or system.\n\nUsers and their credentials currently reside in an internal user database.\nSupport will be added in the future for users residing in external\nauthentication services as well.\n\nUsers must be created explicitly through the API.\n","type":"object","properties":{"user_id":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"password":{"type":"string","description":"The password used to secure the users account. There are currently\nno restrictions around the type or length of password that is required.\nThis attribute is required to create a user, but is not included\nin user resource responses.\n"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not included\nin user resource responses. Can be the name of a connection or\n\"local_account\" for a local user, defaults to \"local_account\".\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"logins_count":{"type":"integer","readOnly":true,"description":"Count for the number of logins"},"last_login":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last login"},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of when user was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last update of the user"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user."},"expires_at":{"type":"string","format":"timestamp","description":"The expires_at is applicable only for local user accounts. The admin or a user who is part of the admin group can add expiration to an existing local user account or modify the expiration date. Once the expires_at date is reached, the user account gets disabled and the user is not able to perform any actions."},"password_policy":{"type":"string","format":"string","description":"The password policy applies only to local user accounts and overrides the global password policy. By default, the global password policy is applied to the users."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types allowed to the user."}},"example":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"allowed_auth_methods":["password"]}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","nickname":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"failed_logins_count":0,"allowed_auth_methods":["password"],"allowed_client_types":["unregistered","public","confidential"]}}}}}},"/v1/usermgmt/users/{user_id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"user_id","in":"path","required":true,"description":"the user_id of the user","type":"string"}],"get":{"summary":"Get","description":"Returns a single user resource. If the user_id \"self\" is provided, it will return the current user's information.\n","tags":["Users"],"responses":{"200":{"description":"OK","schema":{"description":"A User represents a unique, actual person or system.\n\nUsers and their credentials currently reside in an internal user database.\nSupport will be added in the future for users residing in external\nauthentication services as well.\n\nUsers must be created explicitly through the API.\n","type":"object","properties":{"user_id":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"password":{"type":"string","description":"The password used to secure the users account. There are currently\nno restrictions around the type or length of password that is required.\nThis attribute is required to create a user, but is not included\nin user resource responses.\n"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not included\nin user resource responses. Can be the name of a connection or\n\"local_account\" for a local user, defaults to \"local_account\".\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"logins_count":{"type":"integer","readOnly":true,"description":"Count for the number of logins"},"last_login":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last login"},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of when user was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last update of the user"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user."},"expires_at":{"type":"string","format":"timestamp","description":"The expires_at is applicable only for local user accounts. The admin or a user who is part of the admin group can add expiration to an existing local user account or modify the expiration date. Once the expires_at date is reached, the user account gets disabled and the user is not able to perform any actions."},"password_policy":{"type":"string","format":"string","description":"The password policy applies only to local user accounts and overrides the global password policy. By default, the global password policy is applied to the users."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types allowed to the user."}},"example":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"allowed_auth_methods":["password"]}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-10-26T21:48:45.516264+00:00","email":"john@local","last_login":"2016-10-27T16:40:41.753756+00:00","logins_count":6,"name":"john","username":"john","nickname":"john","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-10-27T16:40:41.730918+00:00","user_id":"local|e732ef3b-8edb-4394-90a3-262980eac55c","user_metadata":{"connection":"local_account"},"last_failed_login_at":null,"failed_logins_count":0,"failed_logins_initial_attempt_at":null,"account_lockout_at":null,"allowed_auth_methods":["password"],"allowed_client_types":["unregistered","public","confidential"],"auth_domain":"00000000-0000-0000-0000-000000000000","auth_domain_name":"root","password_policy":"custom_policy_n1","password_change_required":false,"password_changed_at":"2016-10-26T21:48:45.516234+00:00","days_remaining_to_password_expiry":15,"password_about_to_expire":false,"password_expires_at":"2016-11-04T04:35:04.548741Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a user given the user's user-id.\nIf the current user is logged into a sub-domain, the user is deleted from that sub-domain.\nIf the current user is logged into the root domain, the user is deleted from all domains it belongs to.\n","tags":["Users"],"responses":{"204":{"description":"No Content | Successful deletion of user."},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Change the properties of a user. For instance the name, the password, or metadata. Permissions would normally\nrestrict this route to users with admin privileges. Non admin users wishing to change their own passwords\nshould use the change password route. The user will not be able to change their password to the same password.\n","tags":["Users"],"parameters":[{"name":"body","in":"body","description":"The user properties to change. The properties will be merged\ninto the user resource. The `app_metadata` and `user_metadata`\nproperties will be recursively merged. To remove a property\ninside the metadata objects, set it to nil.\n","schema":{"type":"object","title":"Update User","properties":{"password":{"type":"string","description":"The password used to secure the users account."},"email":{"type":"string","format":"email","description":"The email of the user"},"name":{"type":"string","description":"The user's full name"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate.\ne.g.OU=organization unit,O=organization,L=location,ST=state,C=country\n"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nIf both `enable_cert_auth` and `allowed_auth_methods` are provided in the request, `enable_cert_auth` is ignored. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"failed_logins_count":{"type":"integer","description":"Set it to 0 to unlock a locked user account."},"password_change_required":{"type":"boolean","description":"Password change required flag.\nIf set to true, user will be required to change their password on next successful login.\n"},"login_flags":{"type":"object","description":"Flags for controlling user's login behavior.","properties":{"prevent_ui_login":{"type":"boolean","description":"If true, user is not allowed to login from Web UI. Set it to true or false."}}},"expires_at":{"type":"string","format":"timestamp","description":"The \"expires_at\" field is applicable only for local user account. Only members of the 'admin' and 'User Admins' groups can add expiration to an existing local user account or modify the expiration date.\nOnce the \"expires_at\" date is reached, the user account gets disabled and the user is not able to perform any actions.\nSetting the \"expires_at\" field to empty, removes the expiration date of the user account.\n\nThe supported date-time format is\n2025-03-02T06:13:27.71402Z\n"},"password_policy":{"type":"string","format":"string","description":"The password policy applies only to local user accounts and overrides the global password policy. By default, the global password policy is applied to the users."},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user. \nSetting it to empty, i.e `[]`, means no authentication method is allowed to the user. \nIf both `enable_cert_auth` and `allowed_auth_methods` are provided in the request, `enable_cert_auth` is ignored. \nSetting it to [\"password_with_user_certificate\"], means two-factor authentication is enabled for the user. The\nuser will require both username-password and user_certificate for authentication. \nUser cannot have \"password\" or \"user_certificate\" with \"password_with_user_certificate\" in allowed_auth_methods. \n\nValid values in the array are:\n- password\n- user_certificate\n- password_with_user_certificate\n\nThis property does not control login behavior for users in admin group.\n"},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types that can authenticate using the user's credentials. \nSetting it to empty, i.e `[]`, means no client can authenticate this user, which effectively means no one can login into this user. \n\nValid values in the array are:\n- unregistered\n- public\n- confidential\n\nThis property does not control login behavior for users in admin group.\n"}},"example":{"email":"john@local","name":"john","password":"password","user_metadata":{},"password_change_required":true,"certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":true}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"A User represents a unique, actual person or system.\n\nUsers and their credentials currently reside in an internal user database.\nSupport will be added in the future for users residing in external\nauthentication services as well.\n\nUsers must be created explicitly through the API.\n","type":"object","properties":{"user_id":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"password":{"type":"string","description":"The password used to secure the users account. There are currently\nno restrictions around the type or length of password that is required.\nThis attribute is required to create a user, but is not included\nin user resource responses.\n"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not included\nin user resource responses. Can be the name of a connection or\n\"local_account\" for a local user, defaults to \"local_account\".\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"logins_count":{"type":"integer","readOnly":true,"description":"Count for the number of logins"},"last_login":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last login"},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of when user was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last update of the user"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user."},"expires_at":{"type":"string","format":"timestamp","description":"The expires_at is applicable only for local user accounts. The admin or a user who is part of the admin group can add expiration to an existing local user account or modify the expiration date. Once the expires_at date is reached, the user account gets disabled and the user is not able to perform any actions."},"password_policy":{"type":"string","format":"string","description":"The password policy applies only to local user accounts and overrides the global password policy. By default, the global password policy is applied to the users."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types allowed to the user."}},"example":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"allowed_auth_methods":["password"]}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-10-26T21:48:45.516264+00:00","email":"john@local","last_login":"2016-10-27T16:40:41.753756+00:00","logins_count":6,"name":"john","username":"john","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":true,"updated_at":"2016-10-27T16:40:41.730918+00:00","user_id":"local|e732ef3b-8edb-4394-90a3-262980eac55c","user_metadata":{},"failed_logins_count":0,"failed_logins_initial_attempt_at":null,"account_lockout_at":null,"allowed_auth_methods":["password"],"allowed_client_types":["unregistered","public","confidential"]}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/auth/self/user":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns a single user resource. It will return the current user's information.\n","tags":["Users"],"responses":{"200":{"description":"OK","schema":{"description":"A User represents a unique, actual person or system.\n\nUsers and their credentials currently reside in an internal user database.\nSupport will be added in the future for users residing in external\nauthentication services as well.\n\nUsers must be created explicitly through the API.\n","type":"object","properties":{"user_id":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"password":{"type":"string","description":"The password used to secure the users account. There are currently\nno restrictions around the type or length of password that is required.\nThis attribute is required to create a user, but is not included\nin user resource responses.\n"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not included\nin user resource responses. Can be the name of a connection or\n\"local_account\" for a local user, defaults to \"local_account\".\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"logins_count":{"type":"integer","readOnly":true,"description":"Count for the number of logins"},"last_login":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last login"},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of when user was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last update of the user"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user."},"expires_at":{"type":"string","format":"timestamp","description":"The expires_at is applicable only for local user accounts. The admin or a user who is part of the admin group can add expiration to an existing local user account or modify the expiration date. Once the expires_at date is reached, the user account gets disabled and the user is not able to perform any actions."},"password_policy":{"type":"string","format":"string","description":"The password policy applies only to local user accounts and overrides the global password policy. By default, the global password policy is applied to the users."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types allowed to the user."}},"example":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"allowed_auth_methods":["password"]}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-10-26T21:48:45.516264+00:00","email":"john@local","last_login":"2016-10-27T16:40:41.753756+00:00","logins_count":6,"name":"john","username":"john","nickname":"john","updated_at":"2016-10-27T16:40:41.730918+00:00","user_id":"local|e732ef3b-8edb-4394-90a3-262980eac55c","user_metadata":{},"last_failed_login_at":null,"failed_logins_count":0,"failed_logins_initial_attempt_at":null,"account_lockout_at":null,"allowed_auth_methods":["password"],"allowed_client_types":["unregistered","public","confidential"],"auth_domain":"00000000-0000-0000-0000-000000000000","auth_domain_name":"root","enable_cert_auth":false,"password_policy":"custom_policy_n1","password_change_required":false,"password_changed_at":"2016-10-26T21:48:45.516234+00:00","days_remaining_to_password_expiry":15,"password_about_to_expire":false,"password_expires_at":"2016-11-04T04:35:04.548741Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Change the properties of a user. For instance the email, or metadata.\n","tags":["Users"],"parameters":[{"name":"body","in":"body","description":"The user properties to change. The properties will be merged\ninto the user resource. The `app_metadata` and `user_metadata`\nproperties will be recursively merged. To remove a property\ninside the metadata objects, set it to nil.\n","schema":{"type":"object","title":"Update User(Self)","properties":{"name":{"type":"string","description":"Name can be full name or a user friendly name."},"email":{"type":"string","format":"email","description":"The email of the user"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"}},"example":{"name":"john","email":"john@local","user_metadata":{}}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"A User represents a unique, actual person or system.\n\nUsers and their credentials currently reside in an internal user database.\nSupport will be added in the future for users residing in external\nauthentication services as well.\n\nUsers must be created explicitly through the API.\n","type":"object","properties":{"user_id":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"password":{"type":"string","description":"The password used to secure the users account. There are currently\nno restrictions around the type or length of password that is required.\nThis attribute is required to create a user, but is not included\nin user resource responses.\n"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not included\nin user resource responses. Can be the name of a connection or\n\"local_account\" for a local user, defaults to \"local_account\".\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"logins_count":{"type":"integer","readOnly":true,"description":"Count for the number of logins"},"last_login":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last login"},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of when user was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last update of the user"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user."},"expires_at":{"type":"string","format":"timestamp","description":"The expires_at is applicable only for local user accounts. The admin or a user who is part of the admin group can add expiration to an existing local user account or modify the expiration date. Once the expires_at date is reached, the user account gets disabled and the user is not able to perform any actions."},"password_policy":{"type":"string","format":"string","description":"The password policy applies only to local user accounts and overrides the global password policy. By default, the global password policy is applied to the users."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types allowed to the user."}},"example":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"allowed_auth_methods":["password"]}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-10-26T21:48:45.516264+00:00","email":"john@local","last_login":"2016-10-27T16:40:41.753756+00:00","logins_count":6,"name":"john","username":"john","updated_at":"2016-10-27T16:40:41.730918+00:00","user_id":"local|e732ef3b-8edb-4394-90a3-262980eac55c","user_metadata":{},"failed_logins_count":0,"failed_logins_initial_attempt_at":null,"account_lockout_at":null,"allowed_client_types":["unregistered","public","confidential"]}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/auth/changepw":{"patch":{"summary":"Change password","description":"Change the current user's password. Can only be used to change the password\nof the currently authenticated user. The user will not be able to change their password to the same password.\n","tags":["Users"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Change Password","required":["username","password","new_password"],"properties":{"username":{"type":"string","description":"The login name of the current user."},"password":{"type":"string","description":"The own user's current password"},"new_password":{"type":"string","description":"The new password"},"auth_domain":{"type":"string","description":"The domain where user needs to be authenticated. This is the domain where user is created. Defaults to the root domain.\n"},"auth_domain_path":{"type":"string","description":"The auth_domain_path is the fully qualified domain where the user is authenticated (i.e. the domain where the user was created{{FF_SKY_ENV|, a.k.a the tenant name}}).\n\nParts are separated by a forward slash, e.g. {{FF_SKY_ENV|`/`, }} `/thales`, or `/thales/noram/eng`.\n\nThis value supersedes `auth_domain`.\n","x-feature":"FF_DOMAINS_PATH"}},"example":{"username":"john","password":"currentpassword","new_password":"newpassword"}}}],"responses":{"204":{"description":"No Content | Successful password change."}}}},"/v1/usermgmt/pwdpolicies/global":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"patch":{"summary":"Change global password policy","description":"Change the current password policy for all users. Can only be used to by a member of the admin group. Currently, a single policy named 'global' is applied to all users.","tags":["Users"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Change Password Policy","properties":{"inclusive_min_upper_case":{"type":"integer","description":"The minimum number of upper cases"},"inclusive_min_lower_case":{"type":"integer","description":"The minimum number of lower cases"},"inclusive_min_digits":{"type":"integer","description":"The minimum number of digits"},"inclusive_min_other":{"type":"integer","description":"The minimum number of other characters"},"inclusive_min_total_length":{"type":"integer","description":"The minimum length of the password. Value 0 is ignored."},"inclusive_max_total_length":{"type":"integer","description":"Specifies the maximum length of the password. Setting the value to 0 indicates that the property isn't enforced, therefore the password can be of any length."},"password_history_threshold":{"type":"integer","description":"Determines the number of past passwords a user cannot reuse. Even with value 0, the user will not be able to change their password to the same password."},"password_lifetime":{"type":"integer","description":"The maximum lifetime of the password in days. Value 0 is ignored."},"password_change_min_days":{"type":"integer","description":"The minimum period in days between password changes. Value 0 is ignored."},"failed_logins_lockout_thresholds":{"type":"array","items":{"type":"integer"},"description":"List of lockout durations in minutes for failed login attempts.\nFor example, with input of [0, 5, 30], the first failed login attempt with duration of zero will not lockout the user account,\nthe second failed login attempt will lockout the account for 5 minutes,\nthe third and subsequent failed login attempts will lockout for 30 minutes.\nSet an empty array '[]' to disable the user account lockout.\n"},"password_expiry_notification_days":{"type":"integer","description":"Determines number of days before password expiry when notification(s) would be sent to user. \n\nLogin banner would be shown to user on UI if password expiry duration is less than \n`password_expiry_notification_days`. \n\nIf SMTP server is configured, email notification would be sent daily to users notifying need to \nchange their password soon. \n\nValue should be less than password_lifetime. \nValid values are between 0 and 30. Value of 0 would disable notification. Default value is 14. \n\nExample: \nIf password_lifetime is set to 20 and password_expiry_notification_days is set to 10, \nthen user will observe banner on UI about password expiry and receive an email (if configured) \ndaily from 10 days before their password expires. \n"}},"example":{"inclusive_min_upper_case":1,"inclusive_min_lower_case":1,"inclusive_min_digits":1,"inclusive_min_other":0,"inclusive_min_total_length":8,"inclusive_max_total_length":30,"password_history_threshold":0,"failed_logins_lockout_thresholds":[0,0,30],"password_lifetime":30,"password_change_min_days":1,"password_expiry_notification_days":20}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"A User represents a unique, actual person or system.\n\nUsers and their credentials currently reside in an internal user database.\nSupport will be added in the future for users residing in external\nauthentication services as well.\n\nUsers must be created explicitly through the API.\n","type":"object","properties":{"user_id":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"password":{"type":"string","description":"The password used to secure the users account. There are currently\nno restrictions around the type or length of password that is required.\nThis attribute is required to create a user, but is not included\nin user resource responses.\n"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not included\nin user resource responses. Can be the name of a connection or\n\"local_account\" for a local user, defaults to \"local_account\".\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"logins_count":{"type":"integer","readOnly":true,"description":"Count for the number of logins"},"last_login":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last login"},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of when user was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last update of the user"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user."},"expires_at":{"type":"string","format":"timestamp","description":"The expires_at is applicable only for local user accounts. The admin or a user who is part of the admin group can add expiration to an existing local user account or modify the expiration date. Once the expires_at date is reached, the user account gets disabled and the user is not able to perform any actions."},"password_policy":{"type":"string","format":"string","description":"The password policy applies only to local user accounts and overrides the global password policy. By default, the global password policy is applied to the users."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types allowed to the user."}},"example":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"allowed_auth_methods":["password"]}},"examples":{"application/json":{"inclusive_min_upper_case":1,"inclusive_min_lower_case":1,"inclusive_min_digits":1,"inclusive_min_other":1,"inclusive_min_total_length":5,"inclusive_max_total_length":10,"password_history_threshold":0,"failed_logins_lockout_thresholds":[0,0,30],"password_lifetime":30,"password_change_min_days":1,"password_expiry_notification_days":20}}}}},"get":{"summary":"Get global password policy","description":"Get the current password policy for all users.","tags":["Users"],"responses":{"200":{"description":"OK","schema":{"description":"A User represents a unique, actual person or system.\n\nUsers and their credentials currently reside in an internal user database.\nSupport will be added in the future for users residing in external\nauthentication services as well.\n\nUsers must be created explicitly through the API.\n","type":"object","properties":{"user_id":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"password":{"type":"string","description":"The password used to secure the users account. There are currently\nno restrictions around the type or length of password that is required.\nThis attribute is required to create a user, but is not included\nin user resource responses.\n"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not included\nin user resource responses. Can be the name of a connection or\n\"local_account\" for a local user, defaults to \"local_account\".\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"logins_count":{"type":"integer","readOnly":true,"description":"Count for the number of logins"},"last_login":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last login"},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of when user was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last update of the user"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user."},"expires_at":{"type":"string","format":"timestamp","description":"The expires_at is applicable only for local user accounts. The admin or a user who is part of the admin group can add expiration to an existing local user account or modify the expiration date. Once the expires_at date is reached, the user account gets disabled and the user is not able to perform any actions."},"password_policy":{"type":"string","format":"string","description":"The password policy applies only to local user accounts and overrides the global password policy. By default, the global password policy is applied to the users."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types allowed to the user."}},"example":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"allowed_auth_methods":["password"]}}}}}},"/v1/usermgmt/groups/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of group resources. Query parameters can be\nused to filter the results. Results are returned in pages.\nEach page of results includes the total results found, and\ninformation for requesting the next page of results, using\nthe `skip` and `limit` query parameters.\nGroups can be filtered for user or client membership. Connection\nfilter applies only to user group membership and NOT to clients.\n","tags":["Groups"],"parameters":[{"name":"name","in":"query","description":"Filter by group name.\n","required":false,"type":"string"},{"name":"users","in":"query","description":"Filter by user membership. Using 'nil' will return\ngroups with no members. Accepts only user id. Using '-' at the beginning of \nuser_id will return groups that the user is not part of.\n","required":false,"type":"string"},{"name":"connection","in":"query","description":"Filter by connection name or ID.\n","required":false,"type":"string"},{"name":"clients","in":"query","description":"Filter by client membership. Using the client name 'nil' will return\ngroups with no members.Using '-' at the beginning of client id will \nreturn groups that the client is not part of.\n","required":false,"type":"string"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"A group object","type":"object","allOf":[{"type":"object","properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}},{"type":"object","properties":{"users_count":{"type":"integer","description":"It returns the total user count associated with the group"}}}],"properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"},"users_count":{"type":"integer","description":"It returns the total user count associated with the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"app_metadata":{},"created_at":"2016-12-05T15:13:49.543Z","name":"drivers","updated_at":"2016-12-05T15:13:49.543Z","user_metadata":{},"client_metadata":{}}]}}}}},"post":{"summary":"Create","tags":["Groups"],"parameters":[{"name":"body","in":"body","schema":{"title":"Create Group","description":"Create group params","type":"object","required":["name"],"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}}]}}],"responses":{"201":{"description":"Successful group creation.","schema":{"description":"A group object","type":"object","allOf":[{"type":"object","properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}},{"type":"object","properties":{"users_count":{"type":"integer","description":"It returns the total user count associated with the group"}}}],"properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"},"users_count":{"type":"integer","description":"It returns the total user count associated with the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-12-05T15:13:49.543Z","name":"drivers","updated_at":"2016-12-05T15:13:49.543Z","user_metadata":{},"client_metadata":{}}}}}}},"/v1/usermgmt/groups/{name}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","type":"string","required":true,"description":"the name of the group"}],"get":{"summary":"Get","tags":["Groups"],"responses":{"200":{"description":"Success resource retrieval.","schema":{"description":"A group object","type":"object","allOf":[{"type":"object","properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}},{"type":"object","properties":{"users_count":{"type":"integer","description":"It returns the total user count associated with the group"}}}],"properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"},"users_count":{"type":"integer","description":"It returns the total user count associated with the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-12-05T15:13:49.543Z","name":"drivers","updated_at":"2016-12-05T15:13:49.543Z","user_metadata":{},"client_metadata":{}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","tags":["Groups"],"parameters":[{"name":"body","in":"body","description":"Delete group parameters","schema":{"type":"object","title":"Delete group Request","properties":{"force":{"type":"boolean","description":"When set to true, groupmaps within this group will be deleted\n"}},"example":{"force":false}}}],"responses":{"204":{"description":"No Content | Successful deletion of group."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"The only things you can update on a group are the name, and the\n`app_metadata`.\n","tags":["Groups"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"title":"Update Group","description":"Update group params","type":"object","allOf":[{"type":"object","properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}}]}}],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"A group object","type":"object","allOf":[{"type":"object","properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}},{"type":"object","properties":{"users_count":{"type":"integer","description":"It returns the total user count associated with the group"}}}],"properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"},"users_count":{"type":"integer","description":"It returns the total user count associated with the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-12-05T15:13:49.543Z","name":"drivers","updated_at":"2016-12-05T15:13:49.543Z","user_metadata":{},"client_metadata":{}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/usermgmt/groups/{name}/users/{user_id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"user_id","in":"path","required":true,"description":"the user_id of the user","type":"string"},{"name":"name","in":"path","type":"string","required":true,"description":"the name of the group"}],"post":{"summary":"Add user","description":"Add a user to a group. This call is idempotent: calls to add a user\nto a group in which they already belong with return an identical, OK\nresponse.\n","tags":["Groups"],"responses":{"200":{"description":"Successful resource addition.","schema":{"description":"A group object","type":"object","allOf":[{"type":"object","properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}},{"type":"object","properties":{"users_count":{"type":"integer","description":"It returns the total user count associated with the group"}}}],"properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"},"users_count":{"type":"integer","description":"It returns the total user count associated with the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-12-05T15:13:49.543Z","name":"drivers","updated_at":"2016-12-05T15:13:49.543Z","user_metadata":{},"client_metadata":{}}}},"400":{"description":"Bad Request | User not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Remove user","description":"Removes a user from a group from a group. Will return a 404 if the\ngroup is not found, and a 400 if the user is not a member of the\ngroup.\n","tags":["Groups"],"responses":{"204":{"description":"No Content | Successful deletion of user."},"400":{"description":"Bad Request | User is not a member of the group","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/client-management/groups/{name}/clients/{client_id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"client_id","in":"path","required":true,"description":"the client_id of the client","type":"string"},{"name":"name","in":"path","type":"string","required":true,"description":"the name of the group"}],"post":{"summary":"Add client","description":"Add a client to a group. This call is idempotent: calls to add a client\nto a group in which they already belong with return an identical, OK\nresponse.\n","tags":["Groups"],"responses":{"200":{"description":"Successful resource addition.","schema":{"description":"A group object","type":"object","allOf":[{"type":"object","properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}},{"type":"object","properties":{"users_count":{"type":"integer","description":"It returns the total user count associated with the group"}}}],"properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"},"description":{"type":"string","description":"description of the group"},"users_count":{"type":"integer","description":"It returns the total user count associated with the group"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{},"description":""}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-12-05T15:13:49.543Z","name":"drivers","updated_at":"2016-12-05T15:13:49.543Z","user_metadata":{},"client_metadata":{}}}},"400":{"description":"Bad Request | Client not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Remove client","description":"Removes a client from a group from a group. Will return a 404 if the\ngroup is not found, and a 400 if the client is not a member of the\ngroup.\n","tags":["Groups"],"responses":{"204":{"description":"No Content | Successful deletion of client."},"400":{"description":"Bad Request | Client is not a member of the group.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/auth/tokens/":{"get":{"summary":"List","description":"Returns a list of refresh tokens.\n","tags":["Tokens"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"user_id","in":"query","type":"string","description":"the id of the user"},{"name":"labels","in":"query","type":"string","description":"the label(s) tagged with the refresh token. Use query format labels=label1,label2 or labels=label1&labels=label2.\n"},{"name":"expired","in":"query","type":"boolean","description":"Token expiry flag. If set to false or not specified, expired tokens will not be returned.\n"},{"name":"revoked","in":"query","type":"boolean","description":"Token revocation flag. If set to false or not specified, revoked tokens will not be returned.\n"},{"name":"refreshed_before","in":"query","type":"boolean","description":"Filters tokens to those refreshed at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"description":"An authentication token.","type":"object","properties":{"jwt":{"type":"string","format":"jwt","description":"The authentication token. This is the value which needs to be\nplaced in the API request headers.\n"},"duration":{"type":"integer","description":"the expiration duration of the token"}},"example":{"jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY2MiOiJreWxvIiwiYXVkIjoiMDNlNGE5M2ItODZhMy00YTViLWIzZTgtOGM4OWFiZmQzMDg4IiwiY3VzdCI6eyJncm91cHMiOlsiYWRtaW4iXX0sImV4cCI6MTQ3NDY0NTg1MSwiaWF0IjoxNDc0NjQ1NTUxLCJpc3MiOiJreWxvIiwic3ViIjoiYWRtaW4ifQ.iD5FGSwzDvGv5leRzULMnEfqls1_4tiR067J9cbV_4Q","duration":300}},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","account":"kylo:kylo:admin:accounts:kylo","client_id":"837c840d-75dd-4b4f-a318-79cb16ca248d","labels":["web"],"userId":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","username":"admin","expiresIn":0,"expired":false,"revokeNotRefreshedIn":0,"revoked":false,"refreshedAt":"2017-05-03T05:32:57.617418-04:00","createdAt":"2017-05-02T05:32:57.61742-04:00","updatedAt":"2017-05-03T05:32:57.656492-04:00"}]}}}}},"post":{"summary":"Create","description":"This route is for exchanging a credential for\nan API authentication token (access token), which can be used to make API calls.\nThe credential can be a username/password, a refresh token, or a certificate\n\nThe username and password or refresh token is passed in the body of the request, and \nthe certificate must be presented during SSL negotion, and issued by a CA trusted by the \nweb interface.\n\nThe response contains the `jwt`, which is the API authentication token (access token),\n`duration`, which is the length of time until the token expires, refresh token\nthat can be used to get a new or additional API authentication token, and the\nclient id of the refresh token.\n","tags":["Tokens"],"parameters":[{"name":"Time","in":"header","description":"Current date and time of the client in UTC. ex) 2006-01-02T15:04:05.000Z","type":"string"},{"name":"body","in":"body","description":"The body of the request should contain the username and password\nof the user acquiring the token and optionally grant type or the refresh token\nwith grant type.\n","schema":{"type":"object","title":"Create Token","properties":{"grant_type":{"type":"string","description":"The authorization grant type. It is optional and valid values are `password`,\n`refresh_token`, `user_certificate`, and `client_credential`. \n\n* Returns only a JWT and not Refresh Token when this parameter is empty or not specified.\n* `password`: Authenticates using a password (which is the default), but returns both a JWT and a refresh token.\nIf two-factor authentication is enabled for the user, then authenticates using username-password and user certificate. \nThe DN of the certificate is matched to the \"certificate_subject_dn\" of the user and returns both a JWT and a refresh token.\n* `refresh_token`: Authenticates using a refresh token. Returns a JWT, and a refresh token if `renew_refresh_token` is set to true.\n* `user_certificate`: Authenticate using a client certificate presented during SSL negotiaion. The DN of the certificate\nwill be matched to a user's `certificate_subject_dn`. Returns both a JWT and a refresh token.\n* `client_credential`: Authenticates using a client certificate presented during SSL negotiation. The certifcate will be used to\nidentify a client and an appropriate token returned. Returns only a JWT.\n"},"username":{"type":"string","description":"The user's username. Required when the grant_type is not specified or `password`.\nYou can specify an LDAP user with the format |.\nConnection names specified this way override the value specified in the connection field.\nNot valid with `refresh_token` grant type.\n"},"password":{"type":"string","description":"The user's password. Required when the grant_type is not specified or `password`.\nNot valid with `refresh_token` grant type.\n"},"labels":{"type":"array","items":{"type":"string"},"description":"The labels are for tagging. Valid with `password` grant type and optional."},"refresh_token":{"type":"string","description":"The refresh token used to obtain an API authentication token without the user credential.\nThis refresh token will be revoked if token is requested for a different domain the user belongs to.\nValid with `refresh_token` grant type.\n"},"refresh_token_lifetime":{"type":"integer","description":"Lifetime of a refresh token in minutes. By default, refresh tokens have no expiry.\nValid with `password` grant type.\n"},"refresh_token_revoke_unused_in":{"type":"integer","description":"Refresh token inactivity timeout period in minutes. The refresh token will be revoked if not used\nwithin the specified time to refresh an access token. Each usage resets refresh token lease.\nValid with `password` grant type.\n"},"renew_refresh_token":{"type":"boolean","description":"Get a new refresh token along with the API authentication token and invalidate the current\nrefresh token. Valid with `refresh_token` grant type.\n"},"connection":{"type":"string","description":"The friendly name of the server you want to authenticate against. If nothing is provided,\nit will default to local_account.\n"},"domain":{"type":"string","description":"The domain name or ID to issue the token for. For grant type of 'password' it defaults to the root domain.\nWith 'refresh_token' grant type, refresh token used will be revoked if it was not issued for this domain.\nNot currently supported for 'client_credential' grant type.\n"},"auth_domain":{"type":"string","description":"The domain where user needs to be authenticated. This is the domain where user is created. Defaults to the root domain.\n"},"client_id":{"type":"string","default":"837c840d-75dd-4b4f-a318-79cb16ca248d","description":"Client id of the pre-registered clients (nae: c5890024-a6d4-408d-a592-5d4d5807c722, web-ui: 17771cf2-f80b-4eb5-a19b-a2d0032179c3, ksctl: 5ffb6fac-2cb5-4b91-8183-e20ad3b62577, api-playground: 837c840d-75dd-4b4f-a318-79cb16ca248d) and confidential clients.\n"},"cookies":{"type":"boolean","description":"Any JWT and refresh token will be returned as cookies rather than in the response body.\n"},"auth_domain_path":{"type":"string","description":"The auth_domain_path is the fully qualified domain where the user is authenticated (i.e. the domain where the user was created{{FF_SKY_ENV|, a.k.a the tenant name}}).\n\nParts are separated by a forward slash, e.g. {{FF_SKY_ENV|`/`, }} `/thales`, or `/thales/noram/eng`.\n\nThis value supersedes `auth_domain`.\n","x-feature":"FF_DOMAINS_PATH"}},"example":{"grant_type":"password","username":"steve","password":"mysecretword","client_id":"837c840d-75dd-4b4f-a318-79cb16ca248d","labels":["myapp","cli"]}}}],"responses":{"200":{"description":"Successful refresh token creation.","schema":{"description":"An authentication token.","type":"object","properties":{"jwt":{"type":"string","format":"jwt","description":"The authentication token. This is the value which needs to be\nplaced in the API request headers.\n"},"duration":{"type":"integer","description":"the expiration duration of the token"}},"example":{"jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY2MiOiJreWxvIiwiYXVkIjoiMDNlNGE5M2ItODZhMy00YTViLWIzZTgtOGM4OWFiZmQzMDg4IiwiY3VzdCI6eyJncm91cHMiOlsiYWRtaW4iXX0sImV4cCI6MTQ3NDY0NTg1MSwiaWF0IjoxNDc0NjQ1NTUxLCJpc3MiOiJreWxvIiwic3ViIjoiYWRtaW4ifQ.iD5FGSwzDvGv5leRzULMnEfqls1_4tiR067J9cbV_4Q","duration":300}},"examples":{"application/json":{"jwt":"mF_9.B5f-4.1JqM","duration":300,"token_type":"Bearer","client_id":"1-2-3-4","refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA"}}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/auth/tokens/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Return information about the refresh token. Does not return the token.\n","tags":["Tokens"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"description":"An authentication token.","type":"object","properties":{"jwt":{"type":"string","format":"jwt","description":"The authentication token. This is the value which needs to be\nplaced in the API request headers.\n"},"duration":{"type":"integer","description":"the expiration duration of the token"}},"example":{"jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY2MiOiJreWxvIiwiYXVkIjoiMDNlNGE5M2ItODZhMy00YTViLWIzZTgtOGM4OWFiZmQzMDg4IiwiY3VzdCI6eyJncm91cHMiOlsiYWRtaW4iXX0sImV4cCI6MTQ3NDY0NTg1MSwiaWF0IjoxNDc0NjQ1NTUxLCJpc3MiOiJreWxvIiwic3ViIjoiYWRtaW4ifQ.iD5FGSwzDvGv5leRzULMnEfqls1_4tiR067J9cbV_4Q","duration":300}},"examples":{"application/json":{"id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","account":"kylo:kylo:admin:accounts:kylo","labels":["web"],"userId":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","expiresIn":0,"expired":false,"revokeNotRefreshedIn":0,"revoked":false,"refreshedAt":"2017-05-03T05:32:57.617418-04:00","createdAt":"2017-05-02T05:32:57.61742-04:00","updatedAt":"2017-05-03T05:32:57.656492-04:00"}}}}},"delete":{"summary":"Delete","description":"Delete a refresh token.","tags":["Tokens"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successful deletion of refresh token."}}}},"/v1/auth/revoke":{"post":{"summary":"Revoke","description":"Revoke a refresh token.\n","tags":["Tokens"],"parameters":[{"name":"body","in":"body","description":"The body of the request should contain the username and password\nof the token's owner or client id and the refresh token to be revoked.\n","schema":{"type":"object","title":"Revoke Token","required":["token"],"properties":{"username":{"type":"string","description":"The user's username. Not required if client id is specified.\nYou can specify an LDAP user with the format |.\nConnection names specified this way override the value specified in the connection field.\n"},"password":{"type":"string","description":"The user's password. Not required if client id is specified."},"connection":{"type":"string","description":"The active directory the user is a part of. Defaults to local_account if not provided."},"client_id":{"type":"string","description":"The client id of the refresh token. Not required if username and password\nis specified.\n"},"token":{"type":"string","description":"The refresh token to be revoked."}},"example":{"client_id":"1-2-3-4","token":"tGzv3JOkF0XG5Qx2TlKWIA"}}}],"responses":{"204":{"description":"No Content | Successful revocation of refresh token."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/auth/logout":{"x-feature":"FF_LOGOUT_API","post":{"summary":"Post","description":"This API can be used to revoke a refresh token.\nIf the refresh token is associated with an identity provider,\nit will log the client out of the identity provider.\n\nA landing page can be supplied. The caller of this API is redirected back\nto the landing page.\n\nThe host_url is the URL of the CipherTrust Manager. It is needed for OIDC identity providers only.\nThe must be supplied when (a) the OIDC provider supports the end_session_endpoint,\nand (b) the landing page is supplied.\n","tags":["Tokens"],"parameters":[{"name":"body","in":"body","description":"The body of the request should contain the username and password\nof the token's owner or client id and the refresh token to be revoked.\n","schema":{"type":"object","title":"Revoke Token","required":["token"],"properties":{"username":{"type":"string","description":"The user's username. Not required if client id is specified.\nYou can specify an LDAP user with the format |.\nConnection names specified this way override the value specified in the connection field.\n"},"password":{"type":"string","description":"The user's password. Not required if client id is specified."},"connection":{"type":"string","description":"The active directory the user is a part of. Defaults to local_account if not provided."},"client_id":{"type":"string","description":"The client id of the refresh token. Not required if username and password\nis specified.\n"},"token":{"type":"string","description":"The refresh token to be revoked.\nIt can be passed in as a cookie.\nIf it is not passed in via a cookie, it should be passed in via the request body as a parameter.\nIf it is passed in via a cookie, the cookie is cleared after the token is revoked.\n"},"landing_page":{"type":"string","description":"Landing page URL. Caller of this API is redirected to the landing page.\n"},"host_url":{"type":"string","description":"This is the URL of the CipherTrust Manager. It is required only for OIDC providers, and only when\nthe provider supports the end_session_endpoint, and the landing page is also specified.\n"}},"example":{"client_id":"00000000-0000-0000-0000-000000000000","token":"IBAJ4VPMx2APZcinUA9t272kloPUWbBJdqlLjrYwFkCmenMCqeknrd9XpM6gGXlZ","connection":"sta-localhost","landing_page":"http://localhost","host_url":"http://localhost"}}}],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"text/html":{"html":{"summary":"HTML meta refresh redirect","value":""}}}}}}},"/v1/auth/self/domains":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns a list of domains that the current user is member of. The result can be filtered using the query parameters.\n","tags":["Tokens"],"parameters":[{"in":"query","type":"string","name":"name","description":"Filter the result based on domain names. The '?' and '*' wildcard characters may be used."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name\n\n...will sort the results first by `name`.\n"}],"responses":{"200":{"description":"OK","examples":{"application/json":{"skip":0,"limit":10,"total":2,"current_domain":{"id":"00000000-0000-0000-0000-000000000000","name":"root"},"resources":[{"id":"00000000-0000-0000-0000-000000000000","name":"root"},{"id":"2c9785a7-4bac-46ae-a67c-74141766c85d","name":"domain2"}]}}},"404":{"description":"Resource not found."}}}},"/v1/auth/rotate-auth-key":{"x-feature":"FF_TOKENS_AUTH_KEY","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Rotate","description":"Rotate the token auth key, new key is effective after restart of CM services.","tags":["Tokens"],"parameters":[{"name":"body","in":"body","description":"The body of the request may contain type and curve when ECDSA signing key is desired.\nOtherwise, HMAC (HS256) will be used.\n","schema":{"type":"object","title":"Rotate Token","properties":{"type":{"type":"string","description":"Signing key type, hmac or ecdsa. (optional)"},"curve":{"type":"string","description":"ECDSA curve, p256. Defaults to p256. Ignored for hmac. (optional)"}},"example":{"type":"ecdsa","curve":"p256"}}}],"responses":{"204":{"description":"No Content | Successful rotating token auth key."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/auth/auth-key":{"x-feature":"FF_TOKENS_AUTH_KEY","get":{"summary":"List","description":"This command lists the keys used for verifying external JWTs.\nThe type of the public key is returned, among other parameters.\nThe type parameter must be either \"hmac\" or \"ecdsa\".\nIf the Type parameter is \"ecdsa\", the output contains the\npublic key that is used for verifying the external JWT.\nThe public key is returned in PEM and JWK formats.\n","tags":["Tokens"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"Information about the key used for validating an external JWT.","type":"object","properties":{"type":{"type":"string","description":"One of \"hmac\", \"rsa\" or \"ecdsa\""},"public_key_pem":{"type":"string","description":"If the Type parameter is \"rsa\" or \"ecdsa\", this parameter contains the PEM encoding of the public key \nthat is used for verifying the external JWT.\n"},"public_key_jwk":{"type":"string","description":"If the Type parameter is \"rsa\" or \"ecdsa\", this parameter contains the JWK encoding of the public key \nthat is used for verifying the external JWT. The JWK is JSON encoded.\n"},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"d8389871-ee8a-4158-9aa4-f3a936e0f91c","type":"ecdsa","public_key_pem":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEww5z3X9JIKl9i8hOBjNJOGIEXBto\ngGuT7LNc/cdWNJIPgfZSGeSoNF2JPzLI08nMfJTVFAj9ZZqNlYsREYhaew==\n-----END PUBLIC KEY-----\n","public_key_jwk":{"crv":"P-256","kty":"EC","x":"ww5z3X9JIKl9i8hOBjNJOGIEXBtogGuT7LNc_cdWNJI","y":"D4H2UhnkqDRdiT8yyNPJzHyU1RQI_WWajZWLERGIWns"},"createdAt":"2023-05-03T18:17:48.743495Z","updatedAt":"2023-05-03T18:22:45.30651Z"}]}}}}}},"/v1/auth/jwks.json":{"x-feature":"FF_ENABLE_JWKS_ENDPOINT","get":{"summary":"List","description":"Lists the keys used for verifying external JWTs in JWKS format (RFC 7517).\n","tags":["Tokens"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"keys":{"type":"array"}}},"examples":{"application/json":{"keys":[{"crv":"P-256","kty":"EC","x":"ww5z3X9JIKl9i8hOBjNJOGIEXBtogGuT7LNc_cdWNJI","y":"D4H2UhnkqDRdiT8yyNPJzHyU1RQI_WWajZWLERGIWns","use":"sig"}]}}}}}},"/v1/auth/akeyless/tokens":{"x-feature":"FF_AKEYLESS","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create Akeyless Token","description":"Create an akeyless token using the configured akeyless SSO credentials.{{FF_AKEYLESS_ENABLE_TOKEN_IN_COOKIES| If the set_cookies parameter is true, the token is also set in the browser cookies.}}","tags":["Tokens"],"parameters":[{"name":"body","in":"body","schema":{"allOf":[{"x-feature":"FF_AKEYLESS_ENABLE_TOKEN_IN_COOKIES","type":"object","properties":{"set_cookies":{"type":"boolean","description":"If the value is set to true, the generated token is also set in the cookies along with the expiry information. (optional)"}}}]}}],"responses":{"201":{"description":"success","schema":{"x-feature":"FF_AKEYLESS","description":"Akeyless short token.","type":"object","properties":{"token":{"type":"string","description":"Short akeyless token."},"expiry":{"type":"integer","description":"Time at which token expires (epoch timestamp)."}}},"examples":{"application/json":{"token":"t-1a43daae16fdf6f58970fe08b49b2d5f","expiry":1683811984}}}}}},"/v1/trusted-cas/":{"x-feature":"FF_ENABLE_TRUSTED_CAS_ENDPOINTS","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add","description":"Add a trusted CA Certificate to a service","tags":["Trusted CA Certificates"],"consumes":["application/json"],"parameters":[{"name":"trustedCACert","in":"body","schema":{"allOf":[{"x-feature":"FF_ENABLE_TRUSTED_CAS_ENDPOINTS","type":"object","properties":{"ca_id":{"type":"string","description":"ID of CA"},"ca_type":{"type":"string","description":"Type of CA, can be local or external"},"service":{"type":"string","description":"Name of service, should be secrets-manager or hsm-secrets"}}}],"required":["ca_id","service"],"example":{"application/json":{"ca_id":"sample ID","ca_type":"local","service":"sample service"}}}}],"responses":{"201":{"description":"Added CA Certificate successfully into trusted CA Certificates","schema":{"allOf":[{"x-feature":"FF_ENABLE_TRUSTED_CAS_ENDPOINTS","type":"object","properties":{"ca_id":{"type":"string","description":"ID of CA"},"ca_type":{"type":"string","description":"Type of CA, can be local or external"},"service":{"type":"string","description":"Name of service, should be secrets-manager or hsm-secrets"}}}]}},"422":{"description":"Validation error."}}},"get":{"summary":"List","description":"List all trusted CA Certificates","tags":["Trusted CA Certificates"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"ca_uri","in":"query","type":"string","description":"URI (uri) of the CA resource\n"},{"name":"service","in":"query","type":"string","description":"service field of the trusted CA resource\n"},{"name":"id","in":"query","type":"string","description":"ID (id) of the trusted CA resource\n"}],"responses":{"200":{"description":"OK","schema":{"x-feature":"FF_ENABLE_TRUSTED_CAS_ENDPOINTS","type":"object","properties":{"ca_id":{"type":"string","description":"ID of CA"},"ca_type":{"type":"string","description":"Type of CA, can be local or external"},"service":{"type":"string","description":"Name of service, should be secrets-manager or hsm-secrets"}}}}}}},"/v1/trusted-cas/{id}":{"x-feature":"FF_ENABLE_TRUSTED_CAS_ENDPOINTS","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"delete":{"summary":"Delete","description":"Delete trusted CA Certificate by its ID","tags":["Trusted CA Certificates"],"responses":{"204":{"description":"No content | Successful deletion of CA Certificate"},"404":{"description":"Resource not found."}}}},"/v1/usermgmt/connection-test/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test","description":"Tests an LDAP server connection.\n","tags":["Connections/Connections"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"title":"Test Connection","example":{"connection":{"name":"usspe","strategy":"ldap","options":{"server_url":"ldap://172.27.0.6:389","root_dn":"dc=planetexpress,dc=com","uid_field":"uid","user_dn_field":"dn","bind_dn":"cn=admin,dc=planetexpress,dc=com","bind_password":"GoodNewsEveryone","group_base_dn":"ou=people, dc=planetexpress, dc=com","group_member_field":"member","group_id_field":"cn","group_filter":"(objectclass=Group)"}},"credentials":{"username":"fry","password":"fry"}},"description":"Parameters required for creating a connection to an LDAP server.","type":"object","required":["connection","credentials"],"properties":{"connection":{"description":"Parameters required for testing a connection to an LDAP server.","type":"object","required":["strategy","options"],"properties":{"name":{"type":"string","description":"A friendly name for your connection which users will see when they login. It is ignored during a connection test."},"strategy":{"type":"string","description":"Strategy of connection (ldap)"},"options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}}}},"credentials":{"title":"credentials","description":"User Credentials for testing a connection.","type":"object","required":["username","password"],"properties":{"username":{"type":"string","description":"Username to test the connection with."},"password":{"type":"string","description":"Password that authenticates the username"}}}}}}],"responses":{"200":{"description":"Successful LDAP server test."}}}},"/v1/usermgmt/connections/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of connection resources. Query parameters can be\nused to filter the results. Results are returned in pages.\nEach page of results includes the total results found, and\ninformation for requesting the next page of results, using\nthe `skip` and `limit` query parameters.\n","tags":["Connections/Connections"],"parameters":[{"name":"strategy","in":"query","required":false,"type":"string","description":"Filter by strategy"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\n\nSupported fields to sort by: name\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"Parameters required for creating a connection to an LDAP server.","type":"object","required":["name","strategy"],"properties":{"name":{"type":"string","description":"A friendly name for your connection which users will see when they login. It is ignored during a connection test."},"strategy":{"type":"string","description":"Strategy of connection (`ldap` or `oidc`)"},"disable_auto_create":{"type":"boolean","description":"Flag to disable automatic creation of a user when the user logs in via LDAP or OIDC.\nBy default, a CM user is created when a user logs in using LDAP or OIDC credentials.\nSetting this flag will not allow an unknown user to login,\nthe user will need to be created manually before being allowed to login.\n"},"options":{"description":"Deprecated, replaced by 'ldap_options'.","type":"object","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"ldap_options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"oidc_options":{"type":"object","description":"Options for connecting to an external OpenID Connect server","required":["client_id","redirect_uris"],"properties":{"flow_type":{"type":"string","default":"implicit","description":"OpenID Connect only, optional, default value is \"implicit\". \nCan be an one of \"implicit\" or \"authorization_code\".\n"},"client_secret":{"type":"string","description":"secret data stored securely in CipherTrust Manager"},"authorization_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the authorization endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."},"client_id":{"type":"string","description":"OpenID Connect only, required, the public identifier of CipherTrust Manager on the the external identity provider (authorization server). This value is typically generated by and retrieved from the external identity provider."},"redirect_uri":{"type":"string","description":"(Deprecated) Use redirect URIs instead.\n\nOpenID Connect only, required, URI to redirect to after finished authentication to the external identity provider (authorization server).\n\nThis URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n"},"redirect_uris":{"type":"array","items":{"type":"string"},"description":"OpenID Connect only, required, set of allowed URIs to redirect to after finished authentication to the external identity provider (authorization server).\n\nThese URIs should match the Redirection URIs values for the client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n\nTypically https://ciphertrust-manager-host/api/v1/auth/oidc-callback where 'ciphertrust-manager-host' should be updated to the hostname of your server.\n"},"discovery_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the well-known configuration endpoint of the external identity provider. External ID Provider settings such as authorization URI and public signing keys will be auto-downloaded from this URI."},"scope":{"x-feature":"FF_ENHANCED_OIDC_SCOPE","type":"array","items":{"type":"string"},"description":"The scope value should be less than 255 in length and must only contain printable ASCII characters except for spaces, double quotes, and backslashes.\nIf the scope does not include \"openid,\" the backend will add it to the scope values passed to the OpenID provider.\n"},"userinfo_endpoint":{"x-feature":"FF_ENHANCED_OIDC_SCOPE","type":"string","description":"OIDC server's userinfo_endpoint. It will be used to retrieve group information from OIDC server."},"jwks":{"type":"array","description":"OpenID Connect only, optional, array of JWKS containing the public keys for ID Token validation. Intended for test and not recommended for use in production, see discovery URI.","items":{"type":"object","properties":{"kid":{"type":"string","description":"Key identifier"},"alg":{"type":"string","description":"Key algorithm"},"kty":{"type":"string","description":"Key type"},"use":{"type":"string","description":"Key use"},"n":{"type":"string","description":"Key modulus"},"e":{"type":"string","description":"Key exponent"}}}},"groups_claim":{"type":"string","description":"The claim field name to extract group membership from in the OIDC ID Token. Works in conjunction with Group Maps. If unspecified it default to 'groups'."},"username_claim":{"x-feature":"FF_CUSTOM_OIDC_USERNAME","type":"string","description":"The claim field name to extract username from in the OIDC ID Token. If unspecified it defaults to 'sub'.\nThe claim field can also be a template to support the nested claims if any in OIDC ID Token.\nFor instance, for OIDC ID token: \n```\n{\n \"sub\": \"111730983950574648607\", \n \"email\": \"test@xyz.com\",\n \"custom\": { \n \"username\": \"xyz\" \n }\n}\n```\n\"email\" as string or \"{{.custom.username}}\" as template can be set as 'username_claim' to set the username of the user on CM after successful authentication on the external identity provider.\nIt is important that the 'username claim' provided is unique in the external identity provider and it is not modifiable.\n"},"token_endpoint":{"type":"string","description":"OpenID Connect only, optional, URI to the token endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."},"end_session_endpoint":{"type":"string","description":"OpenID Connect only, optional, URI to the end session endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."}}}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"usspe","strategy":"ldap","options":{"server_url":"ldap://172.27.0.6:389","root_dn":"dc=planetexpress,dc=com","uid_field":"uid","user_dn_field":"dn","bind_dn":"cn=admin,dc=planetexpress,dc=com","bind_password":"GoodNewsEveryone","group_base_dn":"ou=people, dc=planetexpress, dc=com","group_member_field":"member","group_id_field":"cn","group_filter":"(objectclass=Group)"},"id":"c42f3816-eb95-4ddb-95ec-b516aa32cb38","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}]}}}}},"post":{"summary":"Create","description":"Creates a new connection, such as an LDAP server used for authentication.\n\nFor LDAP, If `bind_dn` and `bind_pass` aren't provided, the LDAP search\nwill be performed using the 'end user provided' user id and password.\n\nStrategies have their own specific \"options\" attributes, such as\n`ldap_options` and `oidc_options` during creation and update.\nConnection objects still returns the generic `option` attribute in\nreponses, for example from create or during list.\n\nLDAP connections also accepts `options` for backwards compatibility but\nthis attribute is deprecated.\n","tags":["Connections/Connections","Enterprise"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"title":"Create Connection","example":{"name":"usspe","strategy":"ldap","disable_auto_create":true,"options":{"server_url":"ldap://172.27.0.6:389","root_dn":"dc=planetexpress,dc=com","uid_field":"uid","user_dn_field":"dn","bind_dn":"cn=admin,dc=planetexpress,dc=com","bind_password":"GoodNewsEveryone","group_base_dn":"ou=people, dc=planetexpress, dc=com","group_member_field":"member","group_id_field":"cn","group_filter":"(objectclass=Group)"}},"description":"Parameters required for creating a connection to an LDAP server.","type":"object","required":["name","strategy"],"properties":{"name":{"type":"string","description":"A friendly name for your connection which users will see when they login. It is ignored during a connection test."},"strategy":{"type":"string","description":"Strategy of connection (`ldap` or `oidc`)"},"disable_auto_create":{"type":"boolean","description":"Flag to disable automatic creation of a user when the user logs in via LDAP or OIDC.\nBy default, a CM user is created when a user logs in using LDAP or OIDC credentials.\nSetting this flag will not allow an unknown user to login,\nthe user will need to be created manually before being allowed to login.\n"},"options":{"description":"Deprecated, replaced by 'ldap_options'.","type":"object","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"ldap_options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"oidc_options":{"type":"object","description":"Options for connecting to an external OpenID Connect server","required":["client_id","redirect_uris"],"properties":{"flow_type":{"type":"string","default":"implicit","description":"OpenID Connect only, optional, default value is \"implicit\". \nCan be an one of \"implicit\" or \"authorization_code\".\n"},"client_secret":{"type":"string","description":"secret data stored securely in CipherTrust Manager"},"authorization_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the authorization endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."},"client_id":{"type":"string","description":"OpenID Connect only, required, the public identifier of CipherTrust Manager on the the external identity provider (authorization server). This value is typically generated by and retrieved from the external identity provider."},"redirect_uri":{"type":"string","description":"(Deprecated) Use redirect URIs instead.\n\nOpenID Connect only, required, URI to redirect to after finished authentication to the external identity provider (authorization server).\n\nThis URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n"},"redirect_uris":{"type":"array","items":{"type":"string"},"description":"OpenID Connect only, required, set of allowed URIs to redirect to after finished authentication to the external identity provider (authorization server).\n\nThese URIs should match the Redirection URIs values for the client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n\nTypically https://ciphertrust-manager-host/api/v1/auth/oidc-callback where 'ciphertrust-manager-host' should be updated to the hostname of your server.\n"},"discovery_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the well-known configuration endpoint of the external identity provider. External ID Provider settings such as authorization URI and public signing keys will be auto-downloaded from this URI."},"scope":{"x-feature":"FF_ENHANCED_OIDC_SCOPE","type":"array","items":{"type":"string"},"description":"The scope value should be less than 255 in length and must only contain printable ASCII characters except for spaces, double quotes, and backslashes.\nIf the scope does not include \"openid,\" the backend will add it to the scope values passed to the OpenID provider.\n"},"userinfo_endpoint":{"x-feature":"FF_ENHANCED_OIDC_SCOPE","type":"string","description":"OIDC server's userinfo_endpoint. It will be used to retrieve group information from OIDC server."},"jwks":{"type":"array","description":"OpenID Connect only, optional, array of JWKS containing the public keys for ID Token validation. Intended for test and not recommended for use in production, see discovery URI.","items":{"type":"object","properties":{"kid":{"type":"string","description":"Key identifier"},"alg":{"type":"string","description":"Key algorithm"},"kty":{"type":"string","description":"Key type"},"use":{"type":"string","description":"Key use"},"n":{"type":"string","description":"Key modulus"},"e":{"type":"string","description":"Key exponent"}}}},"groups_claim":{"type":"string","description":"The claim field name to extract group membership from in the OIDC ID Token. Works in conjunction with Group Maps. If unspecified it default to 'groups'."},"username_claim":{"x-feature":"FF_CUSTOM_OIDC_USERNAME","type":"string","description":"The claim field name to extract username from in the OIDC ID Token. If unspecified it defaults to 'sub'.\nThe claim field can also be a template to support the nested claims if any in OIDC ID Token.\nFor instance, for OIDC ID token: \n```\n{\n \"sub\": \"111730983950574648607\", \n \"email\": \"test@xyz.com\",\n \"custom\": { \n \"username\": \"xyz\" \n }\n}\n```\n\"email\" as string or \"{{.custom.username}}\" as template can be set as 'username_claim' to set the username of the user on CM after successful authentication on the external identity provider.\nIt is important that the 'username claim' provided is unique in the external identity provider and it is not modifiable.\n"},"token_endpoint":{"type":"string","description":"OpenID Connect only, optional, URI to the token endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."},"end_session_endpoint":{"type":"string","description":"OpenID Connect only, optional, URI to the end session endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."}}}}}}],"responses":{"201":{"description":"Successful LDAP server creation","schema":{"type":"object"},"examples":{"application/json":{"name":"usspe","strategy":"ldap","options":{"server_url":"ldap://172.27.0.6:389","root_dn":"dc=planetexpress,dc=com","uid_field":"uid","user_dn_field":"dn","bind_dn":"cn=admin,dc=planetexpress,dc=com","bind_password":"GoodNewsEveryone","group_base_dn":"ou=people, dc=planetexpress, dc=com","group_member_field":"member","group_id_field":"cn","group_filter":"(objectclass=Group)"},"id":"c42f3816-eb95-4ddb-95ec-b516aa32cb38","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}}}}}},"/v1/usermgmt/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","type":"string","required":true,"description":"the id of the connection"}],"get":{"summary":"Get","description":"Gets information about the specified bound connection.\n","tags":["Connections/Connections"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"name":"usspe","strategy":"ldap","options":{"server_url":"ldap://172.27.0.6:389","root_dn":"dc=planetexpress,dc=com","uid_field":"uid","user_dn_field":"dn","bind_dn":"cn=admin,dc=planetexpress,dc=com","bind_password":"GoodNewsEveryone","group_base_dn":"ou=people, dc=planetexpress, dc=com","group_member_field":"member","group_id_field":"cn","group_filter":"(objectclass=Group)"},"id":"c42f3816-eb95-4ddb-95ec-b516aa32cb38","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}}}}},"delete":{"summary":"Delete","description":"Deletes the specified connection to a bound LDAP server.\n","tags":["Connections/Connections"],"responses":{"204":{"description":"No Content | Successful deletion of LDAP connection."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a connection's properties.\n\n* These properties are only updated when their value is non-empty:\n * `server_url`\n * `root_dn`\n * `uid_field`\n\n* If `guid_field` is specified as the empty string, then it is set to the value of `uid_field.\n\nStrategies have their own specific \"options\" attributes, such as\n`ldap_options` and `oidc_options` during creation and update.\nConnection objects still returns the generic `option` attribute in\nreponses, for example from create or during list.\n\nLDAP connections also accepts `options` for backwards compatibility but\nthis attribute is deprecated.\n","tags":["Connections/Connections"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"title":"Update Connection","example":{"strategy":"ldap","disable_auto_create":true,"options":{"server_url":"ldap://172.27.0.6:389","root_dn":"dc=example,dc=com","uid_field":"uid","bind_dn":"cn=admin,dc=planetexpress,dc=com"}},"description":"Parameters required for updating a connection to an LDAP server.","type":"object","properties":{"strategy":{"type":"string","description":"Strategy of connection (ldap)"},"disable_auto_create":{"type":"boolean","description":"Flag to disable automatic creation of a user when the user logs in via LDAP or OIDC.\nBy default, a CM user is created when a user logs in using LDAP or OIDC credentials.\nSetting this flag will not allow an unknown user to login,\nthe user will need to be created manually before being allowed to login.\n"},"options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"ldap_options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"oidc_options":{"type":"object","description":"Options for connecting to an external OpenID Connect server","required":["client_id","redirect_uris"],"properties":{"flow_type":{"type":"string","default":"implicit","description":"OpenID Connect only, optional, default value is \"implicit\". \nCan be an one of \"implicit\" or \"authorization_code\".\n"},"client_secret":{"type":"string","description":"secret data stored securely in CipherTrust Manager"},"authorization_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the authorization endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."},"client_id":{"type":"string","description":"OpenID Connect only, required, the public identifier of CipherTrust Manager on the the external identity provider (authorization server). This value is typically generated by and retrieved from the external identity provider."},"redirect_uri":{"type":"string","description":"(Deprecated) Use redirect URIs instead.\n\nOpenID Connect only, required, URI to redirect to after finished authentication to the external identity provider (authorization server).\n\nThis URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n"},"redirect_uris":{"type":"array","items":{"type":"string"},"description":"OpenID Connect only, required, set of allowed URIs to redirect to after finished authentication to the external identity provider (authorization server).\n\nThese URIs should match the Redirection URIs values for the client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n\nTypically https://ciphertrust-manager-host/api/v1/auth/oidc-callback where 'ciphertrust-manager-host' should be updated to the hostname of your server.\n"},"discovery_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the well-known configuration endpoint of the external identity provider. External ID Provider settings such as authorization URI and public signing keys will be auto-downloaded from this URI."},"scope":{"x-feature":"FF_ENHANCED_OIDC_SCOPE","type":"array","items":{"type":"string"},"description":"The scope value should be less than 255 in length and must only contain printable ASCII characters except for spaces, double quotes, and backslashes.\nIf the scope does not include \"openid,\" the backend will add it to the scope values passed to the OpenID provider.\n"},"userinfo_endpoint":{"x-feature":"FF_ENHANCED_OIDC_SCOPE","type":"string","description":"OIDC server's userinfo_endpoint. It will be used to retrieve group information from OIDC server."},"jwks":{"type":"array","description":"OpenID Connect only, optional, array of JWKS containing the public keys for ID Token validation. Intended for test and not recommended for use in production, see discovery URI.","items":{"type":"object","properties":{"kid":{"type":"string","description":"Key identifier"},"alg":{"type":"string","description":"Key algorithm"},"kty":{"type":"string","description":"Key type"},"use":{"type":"string","description":"Key use"},"n":{"type":"string","description":"Key modulus"},"e":{"type":"string","description":"Key exponent"}}}},"groups_claim":{"type":"string","description":"The claim field name to extract group membership from in the OIDC ID Token. Works in conjunction with Group Maps. If unspecified it default to 'groups'."},"username_claim":{"x-feature":"FF_CUSTOM_OIDC_USERNAME","type":"string","description":"The claim field name to extract username from in the OIDC ID Token. If unspecified it defaults to 'sub'.\nThe claim field can also be a template to support the nested claims if any in OIDC ID Token.\nFor instance, for OIDC ID token: \n```\n{\n \"sub\": \"111730983950574648607\", \n \"email\": \"test@xyz.com\",\n \"custom\": { \n \"username\": \"xyz\" \n }\n}\n```\n\"email\" as string or \"{{.custom.username}}\" as template can be set as 'username_claim' to set the username of the user on CM after successful authentication on the external identity provider.\nIt is important that the 'username claim' provided is unique in the external identity provider and it is not modifiable.\n"},"token_endpoint":{"type":"string","description":"OpenID Connect only, optional, URI to the token endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."},"end_session_endpoint":{"type":"string","description":"OpenID Connect only, optional, URI to the end session endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."}}}}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"type":"object"},"examples":{"application/json":{"name":"usspe","strategy":"ldap","options":{"server_url":"ldap://172.27.0.6:389","root_dn":"dc=example,dc=com","uid_field":"uid","user_dn_field":"dn","bind_dn":"cn=admin,dc=planetexpress,dc=com","bind_password":"GoodNewsEveryone","group_base_dn":"ou=people, dc=planetexpress, dc=com","group_member_field":"member","group_id_field":"cn","group_filter":"(objectclass=Group)"},"id":"c42f3816-eb95-4ddb-95ec-b516aa32cb38","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}}}}}},"/v1/usermgmt/connections/{id}/delete":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","type":"string","required":true,"description":"the id of the connection"}],"post":{"summary":"Delete connection with optional parameters","description":"Deletes the specified connection to a bound LDAP server.\nIf the force flag is specified, delete sub-domain groupmaps and users associated with the LDAP connection.\n","tags":["Connections/Connections"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"title":"Delete Connection Parameters","example":{"force":true},"description":"Parameters required for deleting a connection to an LDAP server.","type":"object","properties":{"force":{"type":"boolean","description":"If true, sub-domain groupmaps and users associated with the LDAP connection are silently deleted."}}}}],"responses":{"204":{"description":"No Content | Successful deletion of LDAP connection."},"404":{"description":"Resource not found."}}}},"/v1/usermgmt/connections/{id}/refresh":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","type":"string","required":true,"description":"the id of the connection"}],"post":{"summary":"Refresh OIDC connection","description":"Update authorization_uri and jwks from issuer's well-known configuration\n","tags":["Connections/Connections"],"responses":{"200":{"description":"Successful refreshing connection from OIDC well-known configuration.","schema":{"type":"object"},"examples":{"application/json":{"name":"oidc","strategy":"odic","options":{"authorization_uri":"https://spedemo-sasidp.stademo.com/auth/realms/IHA6N4NUDA-STA/protocol/openid-connect/auth","client_id":"575df82d-5edd-4808-a2ce-2c0df415a014","redirect_uris":["https://localhost/api/v1/auth/oidc-callback"],"jwks":[{"kid":"7pFWILCTgJ1wYDzRtQE0ErOczk_EHg7JLjNTG5-Lh80","alg":"RS256","kty":"RSA","use":"sig","n":"iblPgNtlVOE521J1zOjmOgijCSPmj1IgfXMaoUH4G5ceCswOyjjaiKOJhT1e8b8JQzsddoTZK-fdE_QOSxfTHKQTiCOKcASc3ztBqi_nQNUZtjSeIwzrEtLLSKORgq_x0juF9sm6tLTJg9RmbhalBfudC9bvkqbgaZZxkC1-Yya_aMMUWnmXvPh8MmkRGKeiHB76NYWtgWL5K_5yeuBb6gdr5-BFR9ol7JHlGDS8BmIP7j60SoQIsDlONABTrPf3cSmnBbYJKrg6nH-C-2qh3woebyaEG4RzwAkeFawiIAllg-ssJZRhRaizWsyUPi4fM8_KaKQVf8HsFG9gKer5kw","e":"AQAB"}],"discovery_uri":"https://spedemo-sasidp.stademo.com/auth/realms/IHA6N4NUDA-STA/.well-known/openid-configuration","token_endpoint":"https://spedemo-sasidp.stademo.com/auth/realms/IHA6N4NUDA-STA/protocol/openid-connect/token","end_session_endpoint":"https://spedemo-sasidp.stademo.com/auth/realms/IHA6N4NUDA-STA/protocol/openid-connect/end_session"},"inherited_from":{},"id":"d1394903-4472-475e-8d6b-6a61b0c0cf88","created_at":"2021-08-16T00:50:35.489277+00:00","updated_at":"2021-08-16T01:58:07.599628+00:00"}}},"404":{"description":"Resource not found."}}}},"/v1/usermgmt/connections/{id}/users/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","type":"string","required":true,"description":"the id of the connection"}],"get":{"summary":"List","description":"Returns a list of users belonging to the connection.\nResults are returned in pages.\nEach page of results includes the total results found, and\ninformation for requesting the next page of results, using\nthe `skip` and `limit` query parameters.\n","tags":["Connections/Connections"],"parameters":[{"name":"username","in":"query","required":false,"type":"string","description":"Filter by the user's username"},{"name":"email","in":"query","required":false,"type":"string","description":"Filter by the user's email"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"A ConnectionUser is an abridged User. It is only used in the /connections/{id}/users/ routes.\n","type":"object","properties":{"userid":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user.\n\nThe user enters the username and the password to log in.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"email":{"type":"string","format":"email","description":"the email of the user"},"name":{"type":"string","description":"the users full name"}},"example":{"email":"frank@local","name":"frank","username":"frank","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538"}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"email":"frank@local","name":"frank","username":"frank"}]}}}}}},"/v1/usermgmt/connections/{id}/users/{user_id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","type":"string","required":true,"description":"the id of the connection"},{"name":"user_id","in":"path","type":"string","required":true,"description":"the id of the user"}],"get":{"summary":"Get","description":"Retrieves a specific user belonging to the connection.\n _Currently only supporting 'zone' connections._\n","tags":["Connections/Connections"],"responses":{"200":{"description":"OK","schema":{"description":"A ConnectionUser is an abridged User. It is only used in the /connections/{id}/users/ routes.\n","type":"object","properties":{"userid":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user.\n\nThe user enters the username and the password to log in.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"email":{"type":"string","format":"email","description":"the email of the user"},"name":{"type":"string","description":"the users full name"}},"example":{"email":"frank@local","name":"frank","username":"frank","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538"}},"examples":{"application/json":{"email":"john@local","username":"john","user_id":"local|e732ef3b-8edb-4394-90a3-262980eac55c"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/auth/id-providers":{"get":{"summary":"Get","description":"Return the list of Identity Providers associated with this CipherTrust Manager server.\nThis is an unauthenticated route.\n","tags":["Identity Providers"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"auth_domain_path","x-feature":"FF_DOMAINS_PATH","in":"query","required":false,"type":"string","description":"The auth_domain_path is the fully qualified domain where the user is authenticated (i.e. the domain where the user was created{{FF_SKY_ENV|, a.k.a the tenant name}}).\n\nParts are separated by a forward slash, e.g. {{FF_SKY_ENV|`/`, }} `/thales`, or `/thales/noram/eng`.\n\nThis value supersedes `auth_domain`.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"Parameters required for creating a connection to an LDAP server.","type":"object","required":["name","strategy"],"properties":{"name":{"type":"string","description":"A friendly name for your connection which users will see when they login. It is ignored during a connection test."},"strategy":{"type":"string","description":"Strategy of connection (`ldap` or `oidc`)"},"disable_auto_create":{"type":"boolean","description":"Flag to disable automatic creation of a user when the user logs in via LDAP or OIDC.\nBy default, a CM user is created when a user logs in using LDAP or OIDC credentials.\nSetting this flag will not allow an unknown user to login,\nthe user will need to be created manually before being allowed to login.\n"},"options":{"description":"Deprecated, replaced by 'ldap_options'.","type":"object","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"ldap_options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"oidc_options":{"type":"object","description":"Options for connecting to an external OpenID Connect server","required":["client_id","redirect_uris"],"properties":{"flow_type":{"type":"string","default":"implicit","description":"OpenID Connect only, optional, default value is \"implicit\". \nCan be an one of \"implicit\" or \"authorization_code\".\n"},"client_secret":{"type":"string","description":"secret data stored securely in CipherTrust Manager"},"authorization_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the authorization endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."},"client_id":{"type":"string","description":"OpenID Connect only, required, the public identifier of CipherTrust Manager on the the external identity provider (authorization server). This value is typically generated by and retrieved from the external identity provider."},"redirect_uri":{"type":"string","description":"(Deprecated) Use redirect URIs instead.\n\nOpenID Connect only, required, URI to redirect to after finished authentication to the external identity provider (authorization server).\n\nThis URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n"},"redirect_uris":{"type":"array","items":{"type":"string"},"description":"OpenID Connect only, required, set of allowed URIs to redirect to after finished authentication to the external identity provider (authorization server).\n\nThese URIs should match the Redirection URIs values for the client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n\nTypically https://ciphertrust-manager-host/api/v1/auth/oidc-callback where 'ciphertrust-manager-host' should be updated to the hostname of your server.\n"},"discovery_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the well-known configuration endpoint of the external identity provider. External ID Provider settings such as authorization URI and public signing keys will be auto-downloaded from this URI."},"scope":{"x-feature":"FF_ENHANCED_OIDC_SCOPE","type":"array","items":{"type":"string"},"description":"The scope value should be less than 255 in length and must only contain printable ASCII characters except for spaces, double quotes, and backslashes.\nIf the scope does not include \"openid,\" the backend will add it to the scope values passed to the OpenID provider.\n"},"userinfo_endpoint":{"x-feature":"FF_ENHANCED_OIDC_SCOPE","type":"string","description":"OIDC server's userinfo_endpoint. It will be used to retrieve group information from OIDC server."},"jwks":{"type":"array","description":"OpenID Connect only, optional, array of JWKS containing the public keys for ID Token validation. Intended for test and not recommended for use in production, see discovery URI.","items":{"type":"object","properties":{"kid":{"type":"string","description":"Key identifier"},"alg":{"type":"string","description":"Key algorithm"},"kty":{"type":"string","description":"Key type"},"use":{"type":"string","description":"Key use"},"n":{"type":"string","description":"Key modulus"},"e":{"type":"string","description":"Key exponent"}}}},"groups_claim":{"type":"string","description":"The claim field name to extract group membership from in the OIDC ID Token. Works in conjunction with Group Maps. If unspecified it default to 'groups'."},"username_claim":{"x-feature":"FF_CUSTOM_OIDC_USERNAME","type":"string","description":"The claim field name to extract username from in the OIDC ID Token. If unspecified it defaults to 'sub'.\nThe claim field can also be a template to support the nested claims if any in OIDC ID Token.\nFor instance, for OIDC ID token: \n```\n{\n \"sub\": \"111730983950574648607\", \n \"email\": \"test@xyz.com\",\n \"custom\": { \n \"username\": \"xyz\" \n }\n}\n```\n\"email\" as string or \"{{.custom.username}}\" as template can be set as 'username_claim' to set the username of the user on CM after successful authentication on the external identity provider.\nIt is important that the 'username claim' provided is unique in the external identity provider and it is not modifiable.\n"},"token_endpoint":{"type":"string","description":"OpenID Connect only, optional, URI to the token endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."},"end_session_endpoint":{"type":"string","description":"OpenID Connect only, optional, URI to the end session endpoint of the external identity provider. Intended for test and not recommended for use in production, see discovery URI."}}}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"usspe","strategy":"ldap","options":{"server_url":"ldap://172.27.0.6:389","root_dn":"dc=planetexpress,dc=com","uid_field":"uid","user_dn_field":"dn","bind_dn":"cn=admin,dc=planetexpress,dc=com","bind_password":"GoodNewsEveryone","group_base_dn":"ou=people, dc=planetexpress, dc=com","group_member_field":"member","group_id_field":"cn","group_filter":"(objectclass=Group)"},"id":"c42f3816-eb95-4ddb-95ec-b516aa32cb38","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}]}}}}}},"/v1/auth/id-providers/{id}/login":{"post":{"summary":"Login","description":"Login initiates an ID Provider login flow. It basically returns a\n\"login URI\" to where the user should perform the login to the external\nID Provider. The connection should contain a redirect URI and the user\nshould be redirected back after successful login to finish the login\nflow and get local credentials, typically an access token and a refresh\ntoken.\n\nCurrently it supports OpenID Connect (OIDC) connections using the\nimplicit flow with form post.\n\nThe OpenID Connect implementation is currently limited to:\n\n- `scope=openid email profile`\n- `response_type=id_token`\n- `response_mode=form_post`\n\nThe following standard claims are required to be returned by the external identity provider:\n\n- `sub`: used as the user ID\n\nThe following standard claims are optional and will be used if returned by the external identity provider:\n\n- `name`: used as the \"name\" property of a user, if missing it will fall back to user ID (which effectively means `sub`)\n- `email`: used as the \"email\" property of a user, if missing it will be empty\n\nTo read more about standard scopes:\n\n[https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims](https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims)\n\nTo read more about standard claims:\n\n[https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims](https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims)\n\nThis API supports both HTML form POST data payload with\n\"Content-Type: application/x-www-form-urlencoded\" and JSON data payload\nwith \"Content-Type: application/json\".\n\nThis is an unauthenticated route.\n","tags":["Identity Providers"],"parameters":[{"name":"id","in":"path","description":"The ID of the connection to login via.\n","required":true,"type":"string"},{"name":"body","in":"body","description":"Landing page URI","schema":{"type":"object","title":"Landing page URI","required":["landing_page"],"properties":{"landing_page":{"type":"string","description":"Landing page URI where the user will redirect back to after successful authentication"}},"example":{"landing_page":"https://localhost"}}}],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"text/html":{"html":{"summary":"HTML meta refresh redirect","value":""}}}}}},"get":{"summary":"Login","description":"Login initiates an ID Provider login flow. It basically returns a\n\"login URI\" to where the user should perform the login to the external\nID Provider. The connection should contain a redirect URI and the user\nshould be redirected back after successful login to finish the login\nflow and get local credentials, typically an access token and a refresh\ntoken.\n\nCurrently it supports OpenID Connect (oidc) connections using the\nimplicit flow with form post.\n\nThe OpenID Connect implementation is currently limited to:\n\n- `scope=openid email profile`\n- `response_type=id_token`\n- `response_mode=form_post`\n\nThis is an unauthenticated route.\n","tags":["Identity Providers"],"parameters":[{"name":"id","in":"path","description":"The ID of the connection to login via.\n","required":true,"type":"string"},{"name":"landing_page","in":"query","type":"string","description":"Landing page URI where the user will redirect back to after successful authentication","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"text/html":{"html":{"summary":"HTML meta refresh redirect","value":""}}}}}}},"/v1/auth/oidc-callback":{"post":{"summary":"Post","description":"Supporting callback for implementing OpenID Connect. Designed to be\ncalled from external Identity Providers and not from users.\n\nIn OpenID Connect this is referred to as the \"redirect URI\". This API\nis meant to be used as the target redirect URI for an OpenID Connect\n(oidc) Connection using a form POST.\n\nIt currently assumes the following OpenID Connect configuration:\n\n- `scope=openid email profile`\n- `response_type=id_token`\n- `response_mode=form_post`\n\nThis API supports both HTML form POST data payload with\n\"Content-Type: application/x-www-form-urlencoded\" and JSON data payload\nwith \"Content-Type: application/json\".\n","tags":["Identity Providers"],"parameters":[{"name":"body","in":"body","description":"Body","schema":{"type":"object","title":"Body","required":["id_token"],"properties":{"id_token":{"type":"string","description":"A signed ID Token from the external identity provider\ncontaining user information\n"},"state":{"type":"string","description":"State which generally is used after successful authentication\nto retain information from before the external authenticaton\n"},"session_state":{"type":"string","description":"Session state from the external identity provider"}},"example":{"id_token":"ey...","state":"connection%3D98a08549-173c-4caf-b21d-3c66fbe1e49a%26landing_page%3Dhttps%3A%2F%2Flocalhost","session_state":"38c53f48-4209-4efa-9dd6-f1e1b6f9ab8a"}}}],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"text/html":{"html":{"summary":"HTML meta refresh redirect","value":""}}}}}}},"/v1/usermgmt/ldap-browse/{id}/users":{"x-feature":"FF_USERMGMT_LDAP_CONNECTION","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","type":"string","required":true,"description":"the id of the ldap connection"}],"post":{"summary":"List","description":"Returns a list of users that belong to the LDAP connection based on the query filters set.\n","tags":["LDAP Browse"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"username","in":"query","type":"string","description":"Username of ldap user, with wildcards such as \"joe*\""},{"name":"groupname","in":"query","type":"string","description":"Groupname of ldap group, with wildcards such as \"admin*\""},{"name":"ignore_attribute_mapping","in":"query","type":"boolean","description":"This attribute is used to handle response. The default value is false.\nOnly when the \"ignore_attribute_mapping\" value is set to `false`, the following attributes are displayed:\n\"uname\", \"uid\", \"gname\", \"gid\", \"osDomain\".\nIn the case of Open LDAP:\n\"uname\" is mapped to \"uid\" in User Object, \"uid\" is mapped to \"uidNumber\" in User Object, \"gid\" is mappped to \"gidNumber\" in User Object, \"gname\" is mapped to \"cn\" of a group in the Group Object\nAnd in case of AD:\n\"uname\" is mapped to \"UserPrincipalName\" by default. But if \"UserPrincipalName\" is not found then to \"sAMAccountName\". \"osDomain\" is mapped to domain provided in UserPrincipalName or sAMAccountName.\nWhereas, when the \"ignore_attribute_mapping\" value is set to `true`, then only \"dn\" of the User Object is displayed.\n"},{"name":"hard_limit","in":"query","type":"integer","description":"We recommend to use server_max_page_size if ldap server support pagination. This attribute is used to handle the maximum number of entries that can be returned from LDAP in the response. When server_max_page_size is set, then the hard_limit parameter is ignored\nValid value for this field, can be between 0 and 10000. When set to 0, all the users/groups are returned from LDAP server.\n"},{"name":"body","in":"body","description":"All POST body parameter are optional in this API and will be taken from the Connection Manager LDAP connection by default.\n","schema":{"type":"object","title":"Browse LDAP Users","properties":{"server_url":{"type":"string","description":"LDAP URL for your server."},"insecure_skip_verify":{"type":"boolean","description":"Used to disable the verification of the server's certificate."},"root_cas":{"type":"array","items":{"type":"string"},"description":"List of certificates that are used to determine if the server is trusted. Only applicable if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts PEM encoded certificates. Here's an example showing an abbreviated (see [...]) list of root CAs.\n\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n"},"bind_dn":{"type":"string","description":"An object that has permission to search under the root DN for users."},"bind_password":{"type":"string","description":"Password for the Bind DN object of the LDAP connection."},"base_dn":{"type":"string","description":"Starting point an LDAP server uses when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter that can further restrict the set of users."},"group_base_dn":{"type":"string","description":"Starting point an LDAP server uses when searching for groups."},"group_filter":{"type":"string","description":"Group Filter is only used when Groupname filter is provided. LDAP search filter to list objects of type group."},"group_name_attribute":{"type":"string","description":"Attribute of the group object which contains the friendly name of the group."},"group_id_attribute":{"type":"string","description":"Attribute of the group object that contains the group identifier (name). This value should be unique."},"user_member_field":{"type":"string","description":"Attribute inside user object which contains user membership information, this gives details about group which user is member of. Example: memberOf, gidNumber.\nIn case, when both user_member_field and group_member_field are provided in the LDAP configuration then by default user_member_field will be chosen.\n"},"group_dn_attribute":{"type":"string","description":"Attribute inside the group object which contains the group's distinguished name.\nWhen this property is set, it uses the specified attribute to test for group equality. Example: dn, gidNumber\n\nFor example:\n- if a groups's LDAP entry has \"`cn=ship_crew,ou=people,dc=planetexpress,dc=com`\" and the LDAP configuration has \"`group_dn_attribute`\" set to \"`dn`\", then LDAP user entry must have membership attribute exactly \"`cn=ship_crew,ou=people,dc=planetexpress,dc=com`\", in order for the user to be considered part of group.\n"},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. Example: member, memberUid\nThis value can be left empty to disable group membership support for this connection.\n"},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. Example: uid, dn\n"},"server_maximum_page_size":{"x-feature":"FF_LDAP_MAX_PAGE_AND_EARLY_STOP","type":"integer","description":"This parameter sets the page size which determines the number of users/groups to be fetched from the LDAP server using pagination.\nWe recommend to ensure that server_maximum_page_size value is equal to LDAP server page size. To unset 'server_maximum_page_size', set its value to 0. \nUnsetting this parameter will disable the pagination. On disabling the pagination, it is recommended to use hard_limit parameter in the LDAP Browse APIs if there are large number of users/groups on the LDAP server.\n"},"early_listing_stop":{"x-feature":"FF_LDAP_MAX_PAGE_AND_EARLY_STOP","type":"boolean","description":"This parameter helps in enhancing performance of ldap users/groups browsing. When set to false, the entire list of users/groups that are present on the LDAP server is fetched. When the value is set to true, only limited number of users/groups are fetched from the LDAP server considering the \"limit\" specified by the user. To indicate that there are more number of users/groups present on the LDAP server to be fetched by the CM, \"total\" is shown as \"-1\". The default value of \"early_listing_stop\" is false.\nFor example: If an LDAP server has 5000 users in total; and on CipherTrust Manager these params are set, \"server_maximum_page_size\" as 100, skip as 0 and limit as 1000 then number of entries in response will be returned as 1000 and total will be -1. When 'early_listing_stop' is set to false, CM will return correct total number of records which is 5000.\n"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"users":{"type":"array","items":{"type":"object","properties":{"DN":{"type":"string"},"attributes":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"values":{"type":"array","items":{"type":"string"}}}}}}}}}},"examples":{"application/json":{"users":[{"DN":"cn=admin,dc=planetexpress,dc=com","attributes":[{"name":"cn","values":["admin"]}]},{"DN":"cn=Amy Wong+sn=Kroker,ou=people,dc=planetexpress,dc=com","attributes":[{"name":"cn","values":["Amy Wong"]}]},{"DN":"cn=ship_crew,ou=people,dc=planetexpress,dc=com","attributes":[{"name":"cn","values":["ship_crew"]}]}]}}},"400":{"description":"Bad request."}}}},"/v1/usermgmt/ldap-browse/{id}/groups":{"x-feature":"FF_USERMGMT_LDAP_CONNECTION","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","type":"string","required":true,"description":"the id of the ldap connection"}],"post":{"summary":"List","description":"Returns a list of groups that belong to the LDAP connection based on query filters set.\n","tags":["LDAP Browse"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"groupname","in":"query","type":"string","description":"groupname of ldap group, with wildcards such as \"admin*\""},{"name":"user_id","in":"query","type":"string","description":"User id to filter the groups wherein the given user is a member of the group."},{"name":"ignore_attribute_mapping","in":"query","type":"boolean","description":"This attribute is used to handle response. The default value is false. \nOnly when ignore_attribute_mapping value is set to false, then attribute \"gname\" will be displayed in the response.\nThe \"gname\" is mapped to \"cn\" of group in group Object.\nWhereas when ignore_attribute_mapping value is set to true, then it will only display \"dn\" of group.\n"},{"name":"hard_limit","in":"query","type":"integer","description":"We recommend to use server_max_page_size if ldap server support pagination. This attribute is used to handle the maximum number of entries that can be returned from LDAP in the response. When server_max_page_size is set, then the hard_limit parameter is ignored.\nValid value for this field, can be between 0 and 10000. When set to 0, all the users/groups are returned from LDAP server.\n"},{"name":"body","in":"body","description":"All POST body parameter are optional in this API and will be taken from the Connection Manager LDAP connection by default.\n","schema":{"type":"object","title":"Browse LDAP Groups","properties":{"server_url":{"type":"string","description":"LDAP URL for your server."},"insecure_skip_verify":{"type":"boolean","description":"Used to disable the verification of the server's certificate."},"root_cas":{"type":"array","items":{"type":"string"},"description":"List of certificates that are used to determine if the server is trusted. Only applicable if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts PEM encoded certificates. Here's an example showing an abbreviated (see [...]) list of root CAs.\n\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the group base DN for the groups."},"bind_password":{"type":"string","description":"Password for the Bind DN object of the LDAP connection."},"base_dn":{"type":"string","description":"Starting point an LDAP server uses when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter that can further restrict the set of users."},"group_base_dn":{"type":"string","description":"Starting point an LDAP server uses when searching for groups."},"group_filter":{"type":"string","description":"Group Filter is only used when Groupname filter is provided. LDAP search filter to list objects of type group."},"group_name_attribute":{"type":"string","description":"Attribute of the group object which contains the friendly name of the group."},"group_id_attribute":{"type":"string","description":"Attribute of the group object that contains the group identifier (name). This value should be unique."},"user_dn_attribute":{"type":"string","description":"Attribute of the user object that contains the user distinguished name."},"group_member_field":{"type":"string","description":"Attribute of the group object which contains group membership information, basically which users are members of the group."},"server_maximum_page_size":{"x-feature":"FF_LDAP_MAX_PAGE_AND_EARLY_STOP","type":"integer","description":"This parameter sets the page size which determines the number of users/groups to be fetched from the LDAP server using pagination.\nWe recommend to ensure that server_maximum_page_size value is equal to LDAP server page size. To unset 'server_maximum_page_size', set its value to 0. \nUnsetting this parameter will disable the pagination. On disabling the pagination, it is recommended to use hard_limit parameter in the LDAP Browse APIs if there are large number of users/groups on the LDAP server.\n"},"early_listing_stop":{"x-feature":"FF_LDAP_MAX_PAGE_AND_EARLY_STOP","type":"boolean","description":"This parameter helps in enhancing performance of ldap users/groups browsing. When set to false, the entire list of users/groups that are present on the LDAP server is fetched. When the value is set to true, only limited number of users/groups are fetched from the LDAP server considering the \"limit\" specified by the user. To indicate that there are more number of users/groups present on the LDAP server to be fetched by the CM, \"total\" is shown as \"-1\". The default value of \"early_listing_stop\" is false.\nFor example: If an LDAP server has 5000 users in total; and on CipherTrust Manager these params are set, \"server_maximum_page_size\" as 100, skip as 0 and limit as 1000 then number of entries in response will be returned as 1000 and total will be -1. When 'early_listing_stop' is set to false, CM will return correct total number of records which is 5000.\n"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"users":{"type":"array","items":{"type":"object","properties":{"DN":{"type":"string"},"attributes":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"values":{"type":"array","items":{"type":"string"}}}}}}}}}},"examples":{"application/json":{"skip":0,"limit":10,"total":2,"groups":["admin_staff","ship_crew"]}}},"400":{"description":"Bad request."}}}},"/v1/auth/banners/pre-auth":{"get":{"summary":"Get","description":"Return the pre-authentication banner of this CipherTrust Manager server.\n","tags":["Banners"],"responses":{"200":{"description":"OK","schema":{"properties":{"value":{"type":"string"}}},"examples":{"application/json":{"value":"Welcome to **CipherTrust Manager k170v Server**. You must have explicit, authorized permission to access or configure this device. Unauthorized attempts and actions to access or use this system may result in civil and/or criminal penalties. All activities performed on this device are logged and monitored."}}}}},"patch":{"summary":"Set","description":"Set the pre-authentication banner of this CipherTrust Manager server.\n","tags":["Banners"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"body","in":"body","description":"Set pre-authentication banner","schema":{"type":"object","title":"Set Pre-authentication Banner Request","required":["value"],"properties":{"value":{"type":"string","description":"New user friendly banner for this CipherTrust Manager server. Banner text supports unicode and markdown. Will be returned by subsequent calls to GET."}}}}],"responses":{"200":{"description":"OK","schema":{"properties":{"value":{"type":"string"}}},"examples":{"application/json":{"value":"Welcome to **CipherTrust Manager k170v Server**. You must have explicit, authorized permission to access or configure this device. Unauthorized attempts and actions to access or use this system may result in civil and/or criminal penalties. All activities performed on this device are logged and monitored."}}},"401":{"description":"Login failed."}}}},"/v1/auth/banners/post-auth":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Return the post-authentication banner of this CipherTrust Manager server.\n","tags":["Banners"],"responses":{"200":{"description":"OK","schema":{"properties":{"value":{"type":"string"}}},"examples":{"application/json":{"value":"Welcome to **CipherTrust Manager k170v Server**. You must have explicit, authorized permission to access or configure this device. Unauthorized attempts and actions to access or use this system may result in civil and/or criminal penalties. All activities performed on this device are logged and monitored."}}},"401":{"description":"Login failed."}}},"patch":{"summary":"Set","description":"Set the post-authentication banner of this CipherTrust Manager server.\n","tags":["Banners"],"parameters":[{"name":"body","in":"body","description":"Set post-authentication banner","schema":{"type":"object","title":"Set Post-authentication Banner Request","required":["value"],"properties":{"value":{"type":"string","description":"New user friendly banner for this CipherTrust Manager server. Banner text supports unicode and markdown. Will be returned by subsequent calls to GET."}}}}],"responses":{"200":{"description":"OK","schema":{"properties":{"value":{"type":"string"}}},"examples":{"application/json":{"value":"Welcome to **CipherTrust Manager k170v Server**. You must have explicit, authorized permission to access or configure this device. Unauthorized attempts and actions to access or use this system may result in civil and/or criminal penalties. All activities performed on this device are logged and monitored."}}},"401":{"description":"Login failed."}}}},"/v1/system/alarms":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Alarms","description":"Lists alarms. Results can be refined with query params.","tags":["Alarms"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"state","in":"query","type":"string","description":"Returns alarms whose state matches the supplied state (e.g. on, off).\n"},{"name":"name","in":"query","type":"string","description":"Returns the alarm having the supplied name.\n"},{"name":"severity","in":"query","type":"string","description":"Returns alarms having the supplied severity (emergency, alert, critical, error, warning, notice, info).\n"},{"name":"source","in":"query","type":"string","description":"Clustered node system name or host name set in the alarm"},{"name":"source_type","in":"query","type":"string","description":"Filter on alarm configuration source type. Valid values are 'server_record' and 'client_record'"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":{"id":"70d667b4-7284-4a56-ba7e-75e4bdea2b46","uri":"kylo:kylo:audit:alarms:70d667b4-7284-4a56-ba7e-75e4bdea2b46","account":"kylo:kylo:admin:accounts:kylo","application":"system:system:admin:applications:system","devAccount":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-08-29T08:42:58.988847Z","clearedBy":{},"acknowledgedBy":{},"name":"NAE TLS Disabled","triggeredAt":"2019-08-29T08:42:58.988846Z","state":"off","description":"TLS is disabled on the NAE interface","severity":"critical","service":"NAE","details":{},"source_type":"server_record"}}}}}}},"/v1/system/alarms/{id}/clear":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Clear alarm","description":"Clears an alarm by setting `clearedAt` to the current date,\n`clearedBy` to this user and alarm state to `off`. The intention\nbehind clear is that when a user clears an alarm it means that the\nalarm is no longer applicable, was determined not be an issue, etc.\n","tags":["Alarms"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"0d3c6f62-206a-4745-afe5-6112dfe2d4b2","uri":"kylo:kylo:audit:alarms:0d3c6f62-206a-4745-afe5-6112dfe2d4b2","account":"kylo:kylo:admin:accounts:kylo","application":"system:system:admin:applications:system","devAccount":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-08-23T19:15:27.484578Z","clearedAt":"2019-08-23T19:45:52.985088185Z","clearedBy":{"username":"admin","user_id":"local|2162e9b2-90c1-4a13-95ad-68a9dda726a4"},"acknowledgedAt":"0001-01-01T00:00:00Z","acknowledgedBy":{"username":"admin","user_id":"local|2162e9b2-90c1-4a13-95ad-68a9dda726a4"},"name":"Weak RSA Key","triggeredAt":"2019-08-23T19:15:27.484553Z","state":"off","description":"Size must be >= 2048","severity":"critical","service":"kylo","source":"tmeyers-ubuntu","details":{"id":"e2df5244-1be2-49cd-be4b-b42b6a20ed44","uri":"kylo:kylo:audit:records:e2df5244-1be2-49cd-be4b-b42b6a20ed44","source":"tmeyers-ubuntu","account":"kylo:kylo:admin:accounts:kylo","details":{"domain":"","user_id":"local|2162e9b2-90c1-4a13-95ad-68a9dda726a4","username":"admin","client_id":"eb533cb3-3606-4365-ad01-dd261ae629af","connection":"local_account","grant_type":"password","refresh_token_id":"75c29b9c-18a0-424a-b639-eed150993e02"},"lineage":"","message":"Create Token","service":"kylo","success":true,"severity":"info","username":"","createdAt":"2019-08-23T19:15:27.474841Z","principal":{"acct":"kylo:kylo:admin:accounts:kylo"},"requestId":"e46a19c1-f3cd-40a6-849f-5b2e532fb8a7","devAccount":"kylo:kylo:admin:accounts:kylo","application":"system:system:admin:applications:system"},"source_type":"server_record"}}}}}},"/v1/system/alarms/{id}/acknowledge":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Acknowledge alarm","description":"Acknowledges an alarm by setting `acknowledgedAt` to the current date\nand `acknowledgedBy` to this user. The intention behind acknowledge\nis that when a user acknowledges an alarm it means that they are\ninvestigating the root cause.\n","tags":["Alarms"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"0d3c6f62-206a-4745-afe5-6112dfe2d4b2","uri":"kylo:kylo:audit:alarms:0d3c6f62-206a-4745-afe5-6112dfe2d4b2","account":"kylo:kylo:admin:accounts:kylo","application":"system:system:admin:applications:system","devAccount":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-08-23T19:15:27.484578Z","acknowledgedAt":"2019-08-23T19:35:52.985088185Z","acknowledgedBy":{"username":"admin","user_id":"local|2162e9b2-90c1-4a13-95ad-68a9dda726a4"},"name":"Weak RSA Key","triggeredAt":"2019-08-23T19:15:27.484553Z","state":"off","description":"Size must be >= 2048","severity":"critical","service":"kylo","source":"tmeyers-ubuntu","details":{"id":"e2df5244-1be2-49cd-be4b-b42b6a20ed44","uri":"kylo:kylo:audit:records:e2df5244-1be2-49cd-be4b-b42b6a20ed44","source":"tmeyers-ubuntu","account":"kylo:kylo:admin:accounts:kylo","details":{"domain":"","user_id":"local|2162e9b2-90c1-4a13-95ad-68a9dda726a4","username":"admin","client_id":"eb533cb3-3606-4365-ad01-dd261ae629af","connection":"local_account","grant_type":"password","refresh_token_id":"75c29b9c-18a0-424a-b639-eed150993e02"},"lineage":"","message":"Create Token","service":"kylo","success":true,"severity":"info","username":"","createdAt":"2019-08-23T19:15:27.474841Z","principal":{"acct":"kylo:kylo:admin:accounts:kylo"},"requestId":"e46a19c1-f3cd-40a6-849f-5b2e532fb8a7","devAccount":"kylo:kylo:admin:accounts:kylo","application":"system:system:admin:applications:system"},"source_type":"server_record"}}}}}},"/v1/configs/interfaces/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a string list of all the interface names.{{FF_CM_REPORTS| Specify \"Accept\" header with value \"application/pdf\" or \"text/csv\" to download report in PDF or CSV format using external clients.}}\n","tags":["Interfaces"],"parameters":[{"name":"interface_type","in":"query","required":false,"type":"string","description":"Filter by interface type."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nCurrently, sorting on following field are supported : interface_type.\nFor example:\n -interface_type\n\n...will sort the results on `interface_type` in descending order.\n"}],"responses":{"200":{"description":"OK","schema":{"properties":{"interfaces":{"type":"array","items":{"type":"string"}}}},"examples":{"application/json":{"skip":0,"limit":10,"total":3,"resources":[{"id":"358be9d6-a5e9-4ccf-97d7-40bb14c5da9b","name":"kmip","mode":"tls-cert-pw-opt","cert_user_field":"CN","auto_gen_ca_id":"kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e","trusted_cas":{"local":["kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e"],"external":[],"kmip_enable_hard_delete":1,"auto_registration":true,"Registration_token":"876577896978787698"},"createdAt":"2018-07-05T20:22:10.292152Z","updatedAt":"2018-07-05T20:22:14.883529Z"},{"id":"38ab7856-c7f3-44d5-9e99-e2c29951427f","name":"nae","mode":"unauth-tls-pw-opt","cert_user_field":"CN","auto_gen_ca_id":"kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e","trusted_cas":{"local":["kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e"],"external":[]},"createdAt":"2018-07-05T20:22:10.285426Z","updatedAt":"2018-07-05T20:22:14.880588Z"},{"id":"173af49e-8748-4245-95a9-80bf147e108c","name":"web","mode":"tls-cert-opt-pw-opt","cert_user_field":"CN","auto_gen_ca_id":"kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e","trusted_cas":{"local":["kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e"],"external":[]},"createdAt":"2018-07-05T20:22:10.289546Z","updatedAt":"2018-07-05T20:22:16.98482Z"}]}}}}},"post":{"summary":"Add","description":"Adds a new interface.\n\nAn interface is an externally exposed service. This API basically opens\na new port in the system and starts a service to listen on that port.\n\nCurrently supported interface types are:\n- NAE - \"nae\"\n- KMIP- \"kmip\"\n- SNMP - \"snmp\"\n\nNAE by default listens to port 9000 and kmip by default listens to port 5696. This route offers the capability\nto make `nae` and `kmip` listen on additional ports on specific network interfaces\nand with different settings.\n","parameters":[{"name":"body","in":"body","required":true,"description":"The interface properties to be added\n","schema":{"title":"Add NAE Interface","required":["port"],"description":"Configuration is the set of editable options for how an interface operates.\n","type":"object","properties":{"name":{"type":"string","description":"The name of the interface. Not valid for `interface_type` `nae`.\n"},"mode":{"type":"string","description":"The interface mode can be one of the following: no-tls-pw-opt, no-tls-pw-req, unauth-tls-pw-opt, tls-cert-opt-pw-opt, tls-pw-opt, tls-pw-req, tls-cert-pw-opt, or tls-cert-and-pw. Default mode is no-tls-pw-opt. Refer to the top level discussion of the Interface section for further details.\n"},"cert_user_field":{"type":"string","description":"Specifies how the user name is extracted from the client certificate. Allowed values are: CN, SN, E, E_ND, UID and OU. Refer to the top level discussion of the Interfaces section for more details.\n"},"auto_gen_ca_id":{"type":"string","description":"Auto-generate a new server certificate on server startup using the identifier (URI) of a Local CA resource if the current server certificate is issued by a different Local CA. This is especially useful when a new node joins the cluster. In this case, the existing data of the joining node is overwritten by the data in the cluster. A new server certificate is generated on the joining node using the existing Local CA of the cluster. Auto-generation of the server certificate can be disabled by setting `auto_gen_ca_id` to an empty string (\"\") to allow full control over the server certificate.\n"},"auto_gen_days_before_expiry":{"type":"integer","description":"Number of days before the server certificate expiry. When specified number of days are left in the expiry of the server certificate, the server certificate gets auto-generated and is made available as Upcoming Server Certificate on the interface.\n"},"trusted_cas":{"type":"object","title":"Trusted CAs","properties":{"local":{"type":"array","description":"A list of Local CA IDs","items":{"type":"string"}},"external":{"type":"array","description":"A list of External CA IDs","items":{"type":"string"}}},"description":"Collection of local and external CA IDs to trust for client authentication. See section \"Certificate Authority\" for more details.\n\nExample:\n\n {\n \"local\": [\"kylo:kylo:naboo:localca:634c90f4-808d-11e8-8711-77b786d179d5\", \"kylo:kylo:naboo:localca:67e6e8f8-808d-11e8-981b-f30fc34129ae\"],\n \"external\": [\"kylo:kylo:naboo:external_ca:747b27d2-808d-11e8-b9ba-bf6d65974e66\"]\n }\n"},"default_connection":{"type":"string","description":"The default connection may be \"local_account\" for local\nauthentication or the LDAP domain for LDAP authentication. This value\nis applied when the username does not embed the connection name (e.g.\n\"jdoe\" effectively becomes \"local_account|jdoe\"). This value only\napplies to NAE only and is ignored if set for web and KMIP\ninterfaces.\n"},"port":{"type":"integer","description":"The new interface will listen on the specified port.\nThe port number should not be negative, 0 or the one already in-use.\n"},"network_interface":{"type":"string","description":"Defines what ethernet adapter the interface should listen to, use\n\"all\" for all.\n\nThe available ethernet adapters in the system can for example be retrieved from\nthe `GET /v1/system/network/interfaces` route.\n\nExamples:\n\nPort `9002` on `ens3`:\n\n {\n \"network_interface\": \"ens3\",\n \"port\": 9002\n }\n\nPort `9002` on all ethernet adapters:\n\n {\n \"network_interface\": \"all\",\n \"port\": 9002\n }\n\nTo open the same port on other ethernet adapters it is possible to\nuse the same port on other ethernet adapter.\n\nDefaults to `all` if not specified.\n"},"interface_type":{"type":"string","description":"This parameter is used to identify the type of interface, what\nservice to run on the interface.\n\nCurrently supported:\n- `web`\n- `kmip`\n- `nae`\n- `snmp`\n\nDefaults to `nae` if not specified.\n"},"kmip_enable_hard_delete":{"type":"integer","description":"Enables hard delete of keys on KMIP Destroy operation, that is both meta-data and material will be removed from CipherTrust Manager for the key being deleted. By default, only key material is removed and meta-data is preserved with the updated key state. This setting applies only to KMIP interface. Should be set to 1 for enabling the feature or 0 for returning to default behavior.\n"},"auto_registration":{"type":"boolean","description":"Set auto registration to allow auto registration of kmip and nae clients.\n"},"registration_token":{"type":"string","description":"Registration token in case auto registration is true.\n"},"custom_uid_size":{"type":"integer","description":"This flag is used to define the custom uid size of managed object over the KMIP interface.\n"},"custom_uid_v2":{"type":"boolean","description":"This flag specifies which version of custom uid feature is to be used for KMIP interface. If it is set to true, new implementation i.e. Custom uid version 2 will be used.\n"},"minimum_tls_version":{"type":"string","description":"Minimum TLS version to be configured for NAE or KMIP interface, default is v1.2 (tls_1_2).\n\nCurrently supported:\n- `tls_1_0`\n- `tls_1_1`\n- `tls_1_2`\n- `tls_1_3`\n"},"maximum_tls_version":{"type":"string","description":"Maximum TLS version to be configured for NAE or KMIP interface, default is latest maximum supported protocol.\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"meta":{"type":"object","title":"meta","description":"Meta information related to interface","properties":{"nae":{"type":"object","title":"nae","description":"Meta information related to NAE interface","properties":{"mask_system_groups":{"type":"boolean","description":"Flag for masking system groups in NAE requests"}}}}},"allow_unregistered":{"type":"boolean","description":"If true, this flag enables interfaces to allow unregistered clients.\nonly supported in NAE interface.\n"}}}}],"tags":["Interfaces"],"responses":{"200":{"description":"Successful interface addition.","schema":{"description":"Configuration is the set of editable options for how an interface operates.\n","type":"object","properties":{"name":{"type":"string","description":"The name of the interface. Not valid for `interface_type` `nae`.\n"},"mode":{"type":"string","description":"The interface mode can be one of the following: no-tls-pw-opt, no-tls-pw-req, unauth-tls-pw-opt, tls-cert-opt-pw-opt, tls-pw-opt, tls-pw-req, tls-cert-pw-opt, or tls-cert-and-pw. Default mode is no-tls-pw-opt. Refer to the top level discussion of the Interface section for further details.\n"},"cert_user_field":{"type":"string","description":"Specifies how the user name is extracted from the client certificate. Allowed values are: CN, SN, E, E_ND, UID and OU. Refer to the top level discussion of the Interfaces section for more details.\n"},"auto_gen_ca_id":{"type":"string","description":"Auto-generate a new server certificate on server startup using the identifier (URI) of a Local CA resource if the current server certificate is issued by a different Local CA. This is especially useful when a new node joins the cluster. In this case, the existing data of the joining node is overwritten by the data in the cluster. A new server certificate is generated on the joining node using the existing Local CA of the cluster. Auto-generation of the server certificate can be disabled by setting `auto_gen_ca_id` to an empty string (\"\") to allow full control over the server certificate.\n"},"auto_gen_days_before_expiry":{"type":"integer","description":"Number of days before the server certificate expiry. When specified number of days are left in the expiry of the server certificate, the server certificate gets auto-generated and is made available as Upcoming Server Certificate on the interface.\n"},"trusted_cas":{"type":"object","title":"Trusted CAs","properties":{"local":{"type":"array","description":"A list of Local CA IDs","items":{"type":"string"}},"external":{"type":"array","description":"A list of External CA IDs","items":{"type":"string"}}},"description":"Collection of local and external CA IDs to trust for client authentication. See section \"Certificate Authority\" for more details.\n\nExample:\n\n {\n \"local\": [\"kylo:kylo:naboo:localca:634c90f4-808d-11e8-8711-77b786d179d5\", \"kylo:kylo:naboo:localca:67e6e8f8-808d-11e8-981b-f30fc34129ae\"],\n \"external\": [\"kylo:kylo:naboo:external_ca:747b27d2-808d-11e8-b9ba-bf6d65974e66\"]\n }\n"},"default_connection":{"type":"string","description":"The default connection may be \"local_account\" for local\nauthentication or the LDAP domain for LDAP authentication. This value\nis applied when the username does not embed the connection name (e.g.\n\"jdoe\" effectively becomes \"local_account|jdoe\"). This value only\napplies to NAE only and is ignored if set for web and KMIP\ninterfaces.\n"},"port":{"type":"integer","description":"The new interface will listen on the specified port.\nThe port number should not be negative, 0 or the one already in-use.\n"},"network_interface":{"type":"string","description":"Defines what ethernet adapter the interface should listen to, use\n\"all\" for all.\n\nThe available ethernet adapters in the system can for example be retrieved from\nthe `GET /v1/system/network/interfaces` route.\n\nExamples:\n\nPort `9002` on `ens3`:\n\n {\n \"network_interface\": \"ens3\",\n \"port\": 9002\n }\n\nPort `9002` on all ethernet adapters:\n\n {\n \"network_interface\": \"all\",\n \"port\": 9002\n }\n\nTo open the same port on other ethernet adapters it is possible to\nuse the same port on other ethernet adapter.\n\nDefaults to `all` if not specified.\n"},"interface_type":{"type":"string","description":"This parameter is used to identify the type of interface, what\nservice to run on the interface.\n\nCurrently supported:\n- `web`\n- `kmip`\n- `nae`\n- `snmp`\n\nDefaults to `nae` if not specified.\n"},"kmip_enable_hard_delete":{"type":"integer","description":"Enables hard delete of keys on KMIP Destroy operation, that is both meta-data and material will be removed from CipherTrust Manager for the key being deleted. By default, only key material is removed and meta-data is preserved with the updated key state. This setting applies only to KMIP interface. Should be set to 1 for enabling the feature or 0 for returning to default behavior.\n"},"auto_registration":{"type":"boolean","description":"Set auto registration to allow auto registration of kmip and nae clients.\n"},"registration_token":{"type":"string","description":"Registration token in case auto registration is true.\n"},"custom_uid_size":{"type":"integer","description":"This flag is used to define the custom uid size of managed object over the KMIP interface.\n"},"custom_uid_v2":{"type":"boolean","description":"This flag specifies which version of custom uid feature is to be used for KMIP interface. If it is set to true, new implementation i.e. Custom uid version 2 will be used.\n"},"minimum_tls_version":{"type":"string","description":"Minimum TLS version to be configured for NAE or KMIP interface, default is v1.2 (tls_1_2).\n\nCurrently supported:\n- `tls_1_0`\n- `tls_1_1`\n- `tls_1_2`\n- `tls_1_3`\n"},"maximum_tls_version":{"type":"string","description":"Maximum TLS version to be configured for NAE or KMIP interface, default is latest maximum supported protocol.\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"meta":{"type":"object","title":"meta","description":"Meta information related to interface","properties":{"nae":{"type":"object","title":"nae","description":"Meta information related to NAE interface","properties":{"mask_system_groups":{"type":"boolean","description":"Flag for masking system groups in NAE requests"}}}}},"allow_unregistered":{"type":"boolean","description":"If true, this flag enables interfaces to allow unregistered clients.\nonly supported in NAE interface.\n"}}},"examples":{"application/json":{"id":"173af49e-8748-4245-95a9-80bf147e108c","name":"nae-9001","mode":"tls-cert-opt-pw-opt","cert_user_field":"CN","auto_gen_ca_id":"kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e","trusted_cas":{"local":["kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e"],"external":[]},"port":9001,"network_interface":"all","createdAt":"2018-07-05T20:22:10.289546Z","updatedAt":"2018-07-05T20:22:16.98482Z","meta":{}}}}}}},"/v1/configs/interfaces/{interface}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","description":"The name of the interface","required":true,"type":"string"}],"get":{"summary":"Get","description":"Return the configuration details of the given interface.\n","tags":["Interfaces"],"responses":{"200":{"description":"OK","schema":{"description":"Configuration is the set of editable options for how an interface operates.\n","type":"object","properties":{"mode":{"type":"string","description":"The interface mode can be one of the following: no-tls-pw-opt, no-tls-pw-req, unauth-tls-pw-opt, tls-cert-opt-pw-opt, tls-pw-opt, tls-pw-req, tls-cert-pw-opt, or tls-cert-and-pw. Default mode is no-tls-pw-opt. Refer to the top level discussion of the Interface section for further details.\n"},"cert_user_field":{"type":"string","description":"Specifies how the user name is extracted from the client certificate. Allowed values are: CN, SN, E, E_ND, UID and OU. Refer to the top level discussion of the Interfaces section for more details.\n"},"auto_gen_ca_id":{"type":"string","description":"Auto-generate a new server certificate on server startup using the identifier (URI) of a Local CA resource if the current server certificate is issued by a different Local CA. This is especially useful when a new node joins the cluster. In this case, the existing data of the joining node is overwritten by the data in the cluster. A new server certificate is generated on the joining node using the existing Local CA of the cluster. Auto-generation of the server certificate can be disabled by setting `auto_gen_ca_id` to an empty string (\"\") to allow full control over the server certificate.\n"},"trusted_cas":{"type":"object","title":"Trusted CAs","properties":{"local":{"type":"array","description":"A list of Local CA IDs","items":{"type":"string"}},"external":{"type":"array","description":"A list of External CA IDs","items":{"type":"string"}}},"description":"Collection of local and external CA IDs to trust for client authentication. See section \"Certificate Authority\" for more details.\n\nExample:\n{\n \"local\": [\"kylo:kylo:naboo:localca:634c90f4-808d-11e8-8711-77b786d179d5\", \"kylo:kylo:naboo:localca:67e6e8f8-808d-11e8-981b-f30fc34129ae\"],\n \"external\": [\"kylo:kylo:naboo:external_ca:747b27d2-808d-11e8-b9ba-bf6d65974e66\"]\n}\n"},"default_connection":{"type":"string","description":"The default connection may be \"local_account\" for local authentication or the LDAP domain for LDAP authentication. This value is applied when the username does not embed the connection name (e.g. \"jdoe\" effectively becomes \"local_account|jdoe\"). This value only applies to NAE only and is ignored if set for web and KMIP interfaces.\n"},"port":{"type":"integer","description":"The interface will listen on the specified port.\nThe port number should not be negative, 0 or the one already in-use.\n"},"kmip_enable_hard_delete":{"type":"integer","description":"Enables hard delete of keys on KMIP Destroy operation, that is both meta-data and material will be removed from CipherTrust Manager for the key being deleted. By default, only key material is removed and meta-data is preserved with the updated key state. This setting applies only to KMIP interface. Should be set to 1 for enabling the feature or 0 for returning to default behavior.\n"},"auto_registration":{"type":"boolean","description":"Set auto registration to allow auto registration of kmip and nae clients.\n"},"registration_token":{"type":"string","description":"Registration token in case auto registration is true.\n"},"minimum_tls_version":{"type":"string","description":"Minimum TLS version to be configured for NAE or KMIP interface, default is v1.2 (tls_1_2).\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"maximum_tls_version":{"type":"string","description":"Maximum TLS version to be configured for NAE or KMIP interface, default is latest maximum supported protocol.\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"custom_uid_size":{"type":"integer","description":"This flag is used to define the custom uid size of managed object over the KMIP interface.\n"},"custom_uid_v2":{"type":"boolean","description":"This flag specifies which version of custom uid feature is to be used for KMIP interface. If it is set to true, new implementation i.e. Custom uid version 2 will be used.\n"},"local_auto_gen_attributes":{"description":"Local CSR parameters for interface's certificate. These are for the local node itself, and they do not affect other nodes in the cluster. This gives user a convenient way to supply custom fields for automatic interface certification generation. Without them, the system defaults are used.\n","allOf":[{"type":"object","required":["cn"],"properties":{"cn":{"type":"string","description":"Common name"},"uid":{"type":"string","description":"User ID"},"ip_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) IP addresses"},"email_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) Email addresses"},"dns_names":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) DNS names"},"names":{"type":"array","items":{"type":"object","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"Accounting\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPL\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"}}}]},"meta":{"type":"object","title":"meta","description":"Meta information related to interface","properties":{"nae":{"type":"object","title":"nae","description":"Meta information related to NAE interface","properties":{"mask_system_groups":{"type":"boolean","description":"Flag for masking system groups in NAE requests"}}}}},"tls_ciphers":{"description":"TLS Ciphers contain the list of cipher suites available in the system for the respective interfaces (KMIP, NAE & WEB) for TLS handshake.\n","type":"array","items":{"type":"object","properties":{"cipher_suite":{"type":"string","description":"TLS cipher suite name."},"enabled":{"type":"boolean","description":"TLS cipher suite enabled flag.\nIf set to true, cipher suite will be available for TLS hanshake.\n"},"configurable":{"type":"boolean","description":"TLS cipher suite configurable flag. This is a non-editable field.\nIf it is true, only then the corresponding cipher_suite can be enabled/disabled.\n"}}}},"allow_unregistered":{"type":"boolean","description":"If true, this flag enables interfaces to allow unregistered clients.\nonly supported in NAE interface.\n"}}},"examples":{"application/json":{"id":"173af49e-8748-4245-95a9-80bf147e108c","name":"web","mode":"tls-cert-opt-pw-opt","cert_user_field":"CN","auto_gen_ca_id":"kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e","trusted_cas":{"local":["kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e"],"external":[]},"createdAt":"2018-07-05T20:22:10.289546Z","updatedAt":"2018-07-05T20:22:16.98482Z","meta":{},"tls_ciphers":[{"cipher_suite":"TLS_AES_256_GCM_SHA384","enabled":true,"configurable":false},{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","enabled":true,"configurable":false},{"cipher_suite":"TLS_AES_128_GCM_SHA256","enabled":true,"configurable":false},{"cipher_suite":"ECDHE-RSA-AES128-SHA256","enabled":true,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES256-GCM-SHA384","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES128-GCM-SHA256","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES128-SHA256","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES256-GCM-SHA384","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES128-GCM-SHA256","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES256-SHA","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES128-SHA","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES256-SHA384","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES256-SHA384","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES128-SHA","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES256-SHA","enabled":false,"configurable":true}]}}}}},"patch":{"summary":"Update","description":"Change the properties of an interface.\n\nInterface types supporting port update are:\n- NAE - \"nae\"\n- KMIP- \"kmip\"\n- WEB - \"web\"\n\nIf you are changing the port of a default interface (web, nae, kmip),\nall CM services will be restarted in order to make that port change.\nPort change remains persistent even after restarting the system\nand will get replicated if the device is part of a cluster.\nIf CM is deployed in cluster mode, this will restart services on all the nodes\nand therefore port change should be a planned activity.\n","parameters":[{"name":"body","in":"body","required":true,"description":"The interface properties to be updated.\n","schema":{"title":"Update Interface","description":"Configuration is the set of editable options for how an interface operates.\n","type":"object","properties":{"mode":{"type":"string","description":"The interface mode can be one of the following: no-tls-pw-opt, no-tls-pw-req, unauth-tls-pw-opt, tls-cert-opt-pw-opt, tls-pw-opt, tls-pw-req, tls-cert-pw-opt, or tls-cert-and-pw. Default mode is no-tls-pw-opt. Refer to the top level discussion of the Interface section for further details.\n"},"cert_user_field":{"type":"string","description":"Specifies how the user name is extracted from the client certificate. Allowed values are: CN, SN, E, E_ND, UID and OU. Refer to the top level discussion of the Interfaces section for more details.\n"},"auto_gen_ca_id":{"type":"string","description":"Auto-generate a new server certificate on server startup using the identifier (URI) of a Local CA resource if the current server certificate is issued by a different Local CA. This is especially useful when a new node joins the cluster. In this case, the existing data of the joining node is overwritten by the data in the cluster. A new server certificate is generated on the joining node using the existing Local CA of the cluster. Auto-generation of the server certificate can be disabled by setting `auto_gen_ca_id` to an empty string (\"\") to allow full control over the server certificate.\n"},"auto_gen_days_before_expiry":{"type":"integer","description":"Number of days before the server certificate expiry. When specified number of days are left in the expiry of the server certificate, the server certificate gets auto-generated and is made available as Upcoming Server Certificate on the interface.\n"},"trusted_cas":{"type":"object","title":"Trusted CAs","properties":{"local":{"type":"array","description":"A list of Local CA IDs","items":{"type":"string"}},"external":{"type":"array","description":"A list of External CA IDs","items":{"type":"string"}}},"description":"Collection of local and external CA IDs to trust for client authentication. See section \"Certificate Authority\" for more details.\n\nExample:\n{\n \"local\": [\"kylo:kylo:naboo:localca:634c90f4-808d-11e8-8711-77b786d179d5\", \"kylo:kylo:naboo:localca:67e6e8f8-808d-11e8-981b-f30fc34129ae\"],\n \"external\": [\"kylo:kylo:naboo:external_ca:747b27d2-808d-11e8-b9ba-bf6d65974e66\"]\n}\n"},"default_connection":{"type":"string","description":"The default connection may be \"local_account\" for local authentication or the LDAP domain for LDAP authentication. This value is applied when the username does not embed the connection name (e.g. \"jdoe\" effectively becomes \"local_account|jdoe\"). This value only applies to NAE only and is ignored if set for web and KMIP interfaces.\n"},"port":{"type":"integer","description":"The interface will listen on the specified port.\nThe port number should not be negative, 0 or the one already in-use.\n"},"kmip_enable_hard_delete":{"type":"integer","description":"Enables hard delete of keys on KMIP Destroy operation, that is both meta-data and material will be removed from CipherTrust Manager for the key being deleted. By default, only key material is removed and meta-data is preserved with the updated key state. This setting applies only to KMIP interface. Should be set to 1 for enabling the feature or 0 for returning to default behavior.\n"},"auto_registration":{"type":"boolean","description":"Set auto registration to allow auto registration of kmip and nae clients.\n"},"registration_token":{"type":"string","description":"Registration token in case auto registration is true.\n"},"minimum_tls_version":{"type":"string","description":"Minimum TLS version to be configured for NAE or KMIP interface, default is v1.2 (tls_1_2).\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"maximum_tls_version":{"type":"string","description":"Maximum TLS version to be configured for NAE or KMIP interface, default is latest maximum supported protocol.\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"custom_uid_size":{"type":"integer","description":"This flag is used to define the custom uid size of managed object over the KMIP interface.\n"},"custom_uid_v2":{"type":"boolean","description":"This flag specifies which version of custom uid feature is to be used for KMIP interface. If it is set to true, new implementation i.e. Custom uid version 2 will be used.\n"},"local_auto_gen_attributes":{"description":"Local CSR parameters for interface's certificate. These are for the local node itself, and they do not affect other nodes in the cluster. This gives user a convenient way to supply custom fields for automatic interface certification generation. Without them, the system defaults are used.\n","allOf":[{"type":"object","required":["cn"],"properties":{"cn":{"type":"string","description":"Common name"},"uid":{"type":"string","description":"User ID"},"ip_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) IP addresses"},"email_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) Email addresses"},"dns_names":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) DNS names"},"names":{"type":"array","items":{"type":"object","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"Accounting\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPL\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"}}}]},"meta":{"type":"object","title":"meta","description":"Meta information related to interface","properties":{"nae":{"type":"object","title":"nae","description":"Meta information related to NAE interface","properties":{"mask_system_groups":{"type":"boolean","description":"Flag for masking system groups in NAE requests"}}}}},"tls_ciphers":{"description":"TLS Ciphers contain the list of cipher suites available in the system for the respective interfaces (KMIP, NAE & WEB) for TLS handshake.\n","type":"array","items":{"type":"object","required":["cipher_suite","enabled"],"properties":{"cipher_suite":{"type":"string","description":"TLS cipher suite name."},"enabled":{"type":"boolean","description":"TLS cipher suite enabled flag.\nIf set to true, cipher suite will be available for TLS handshake.\n"}}}},"tls_groups":{"x-feature":"FF_CONFIG_WEB_TLS_GROUPS","description":"Tech Preview - TLS Groups contain the list of key exchange algorithms available in the system for the WEB interface for TLS handshake.\nBy default, classic key exchange algorithms 'x25519', 'secp256r1', 'x448', 'secp521r1', 'secp384r1', 'ffdhe2048', 'ffdhe3072', 'ffdhe4096', \n'ffdhe6144' and 'ffdhe8192' are enabled and Post Quantum key exchange algorithms 'X25519MLKEM768', 'SecP256r1MLKEM768', 'MLKEM768', 'MLKEM1024' and \n'MLKEM512' are disabled. The entire list of TLS groups is required to enable or disable any specific TLS group. \nBehavior of order of TLS Groups:\n * For TLS1.3, despite the server's configured preference order of the groups, currently server will automatically accept the very first key_share that client includes \n in its ClientHello message, that is also supported by the server.\n * For TLS v1.2, client cannot share its key_share upfront in ClientHello message, thus server will request the client \n to converge on the most preferred server's group which is also supported by the client. This behavior is aligned with OpenSSL.\n\nHowever, defining the order still matters. Even if server picks the less preferred (but supported) group, it sends a supported_groups back to the client in its \nServerHello, so that the client can remember and adjust to send the key_share as per the server's priority for the subsequent requests.\n","type":"array","items":{"type":"object","required":["group_name","enabled"],"properties":{"group_name":{"type":"string","description":"TLS group name."},"enabled":{"type":"boolean","description":"TLS group enabled flag.\nIf set to true, key exchange algorithm will be available for TLS handshake.\n"}}}},"network_interface":{"type":"string","description":"Defines what ethernet adapter the interface should listen to, use\n\"all\" for all.\n\nThe available ethernet adapters in the system can be retrieved from\nthe `GET /v1/system/network/interfaces` route.\n"},"allow_unregistered":{"type":"boolean","description":"If true, this flag enables interfaces to allow unregistered clients.\nonly supported in NAE interface.\n"}}}}],"tags":["Interfaces"],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"Configuration is the set of editable options for how an interface operates.\n","type":"object","properties":{"mode":{"type":"string","description":"The interface mode can be one of the following: no-tls-pw-opt, no-tls-pw-req, unauth-tls-pw-opt, tls-cert-opt-pw-opt, tls-pw-opt, tls-pw-req, tls-cert-pw-opt, or tls-cert-and-pw. Default mode is no-tls-pw-opt. Refer to the top level discussion of the Interface section for further details.\n"},"cert_user_field":{"type":"string","description":"Specifies how the user name is extracted from the client certificate. Allowed values are: CN, SN, E, E_ND, UID and OU. Refer to the top level discussion of the Interfaces section for more details.\n"},"auto_gen_ca_id":{"type":"string","description":"Auto-generate a new server certificate on server startup using the identifier (URI) of a Local CA resource if the current server certificate is issued by a different Local CA. This is especially useful when a new node joins the cluster. In this case, the existing data of the joining node is overwritten by the data in the cluster. A new server certificate is generated on the joining node using the existing Local CA of the cluster. Auto-generation of the server certificate can be disabled by setting `auto_gen_ca_id` to an empty string (\"\") to allow full control over the server certificate.\n"},"trusted_cas":{"type":"object","title":"Trusted CAs","properties":{"local":{"type":"array","description":"A list of Local CA IDs","items":{"type":"string"}},"external":{"type":"array","description":"A list of External CA IDs","items":{"type":"string"}}},"description":"Collection of local and external CA IDs to trust for client authentication. See section \"Certificate Authority\" for more details.\n\nExample:\n{\n \"local\": [\"kylo:kylo:naboo:localca:634c90f4-808d-11e8-8711-77b786d179d5\", \"kylo:kylo:naboo:localca:67e6e8f8-808d-11e8-981b-f30fc34129ae\"],\n \"external\": [\"kylo:kylo:naboo:external_ca:747b27d2-808d-11e8-b9ba-bf6d65974e66\"]\n}\n"},"default_connection":{"type":"string","description":"The default connection may be \"local_account\" for local authentication or the LDAP domain for LDAP authentication. This value is applied when the username does not embed the connection name (e.g. \"jdoe\" effectively becomes \"local_account|jdoe\"). This value only applies to NAE only and is ignored if set for web and KMIP interfaces.\n"},"port":{"type":"integer","description":"The interface will listen on the specified port.\nThe port number should not be negative, 0 or the one already in-use.\n"},"kmip_enable_hard_delete":{"type":"integer","description":"Enables hard delete of keys on KMIP Destroy operation, that is both meta-data and material will be removed from CipherTrust Manager for the key being deleted. By default, only key material is removed and meta-data is preserved with the updated key state. This setting applies only to KMIP interface. Should be set to 1 for enabling the feature or 0 for returning to default behavior.\n"},"auto_registration":{"type":"boolean","description":"Set auto registration to allow auto registration of kmip and nae clients.\n"},"registration_token":{"type":"string","description":"Registration token in case auto registration is true.\n"},"minimum_tls_version":{"type":"string","description":"Minimum TLS version to be configured for NAE or KMIP interface, default is v1.2 (tls_1_2).\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"maximum_tls_version":{"type":"string","description":"Maximum TLS version to be configured for NAE or KMIP interface, default is latest maximum supported protocol.\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"custom_uid_size":{"type":"integer","description":"This flag is used to define the custom uid size of managed object over the KMIP interface.\n"},"custom_uid_v2":{"type":"boolean","description":"This flag specifies which version of custom uid feature is to be used for KMIP interface. If it is set to true, new implementation i.e. Custom uid version 2 will be used.\n"},"local_auto_gen_attributes":{"description":"Local CSR parameters for interface's certificate. These are for the local node itself, and they do not affect other nodes in the cluster. This gives user a convenient way to supply custom fields for automatic interface certification generation. Without them, the system defaults are used.\n","allOf":[{"type":"object","required":["cn"],"properties":{"cn":{"type":"string","description":"Common name"},"uid":{"type":"string","description":"User ID"},"ip_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) IP addresses"},"email_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) Email addresses"},"dns_names":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) DNS names"},"names":{"type":"array","items":{"type":"object","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"Accounting\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPL\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"}}}]},"meta":{"type":"object","title":"meta","description":"Meta information related to interface","properties":{"nae":{"type":"object","title":"nae","description":"Meta information related to NAE interface","properties":{"mask_system_groups":{"type":"boolean","description":"Flag for masking system groups in NAE requests"}}}}},"tls_ciphers":{"description":"TLS Ciphers contain the list of cipher suites available in the system for the respective interfaces (KMIP, NAE & WEB) for TLS handshake.\n","type":"array","items":{"type":"object","properties":{"cipher_suite":{"type":"string","description":"TLS cipher suite name."},"enabled":{"type":"boolean","description":"TLS cipher suite enabled flag.\nIf set to true, cipher suite will be available for TLS hanshake.\n"},"configurable":{"type":"boolean","description":"TLS cipher suite configurable flag. This is a non-editable field.\nIf it is true, only then the corresponding cipher_suite can be enabled/disabled.\n"}}}},"allow_unregistered":{"type":"boolean","description":"If true, this flag enables interfaces to allow unregistered clients.\nonly supported in NAE interface.\n"}}},"examples":{"application/json":{"id":"173af49e-8748-4245-95a9-80bf147e108c","name":"web","mode":"tls-cert-opt-pw-opt","cert_user_field":"CN","auto_gen_ca_id":"kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e","port":443,"trusted_cas":{"local":["kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e"],"external":[]},"createdAt":"2018-07-05T20:22:10.289546Z","updatedAt":"2018-07-05T20:22:16.98482Z","meta":{},"tls_ciphers":[{"cipher_suite":"TLS_AES_256_GCM_SHA384","enabled":true,"configurable":false},{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","enabled":true,"configurable":false},{"cipher_suite":"TLS_AES_128_GCM_SHA256","enabled":true,"configurable":false},{"cipher_suite":"ECDHE-RSA-AES128-SHA256","enabled":true,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES256-GCM-SHA384","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES128-GCM-SHA256","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES128-SHA256","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES256-GCM-SHA384","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES128-GCM-SHA256","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES256-SHA","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES128-SHA","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES256-SHA384","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES256-SHA384","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES128-SHA","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES256-SHA","enabled":false,"configurable":true}]}}}}},"delete":{"summary":"Delete","description":"Delete given interface.\n\nInterfaces with name `web`, `kmip` and `nae` cannot be deleted.\n","tags":["Interfaces"],"responses":{"204":{"description":"No Content | Successful deletion of interface."}}}},"/v1/configs/interfaces/{interface}/certificate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","description":"The name of the interface.\n","required":true,"type":"string"}],"get":{"summary":"Get Certificate","description":"Return the public portion of the certificate in PEM format.\n","parameters":[{"name":"type","in":"query","required":false,"type":"string","description":"Indicates the type of the interface identifier. Valid values are \"name\" and \"port\". If not specified, the default value \"name\" is assumed."}],"tags":["Interfaces"],"responses":{"200":{"description":"OK","schema":{"properties":{"certificates":{"type":"string"}}},"examples":{"application/json":{"certificates":"-----BEGIN CERTIFICATE-----\\nMIIBXD...Favxw==\\n-----END CERTIFICATE-----\\n\n"}}}}},"put":{"summary":"Put Certificate","description":"Replace the certificate for this interface","parameters":[{"name":"body","in":"body","required":true,"description":"The details of the certificate operation to be performed.\nFor certificate import you will need the properties certificate, format, and if encrypted, password.\nFor self-signed generation all you will need is generate.\nNote: the 'kmip' interface is currently not configurable. It uses the TLS certificate configured for the 'nae' interface.\n","schema":{"type":"object","title":"Put Certificate","required":["certificate","format"],"properties":{"certificate":{"type":"string","description":"The certificate and key data in PEM format or base64 encoded PKCS12 format. A chain chain of certs may be included - it must be in ascending order (server to root ca).\n"},"format":{"type":"string","description":"The format of the certificate data (PEM or PKCS12).\n"},"password":{"type":"string","description":"Password to the encrypted key.\n"},"generate":{"type":"boolean","description":"Create a new self-signed certificate.\n"},"skip_validation":{"type":"boolean","description":"Disables the certificate chain validation. Default set to false. \nWhen the verification is not skipped the upload will be successful only when the chain is complete upto a self signed CA either present in the upload request or present in the CipherTrust Manager.\n"}}}}],"tags":["Interfaces"],"responses":{"200":{"description":"Successful resource update.","schema":{"properties":{"certificates":{"type":"string"}}},"examples":{"application/json":{"certificates":"-----BEGIN CERTIFICATE-----\\nMIIBXD...Favxw==\\n-----END CERTIFICATE-----\\n\n"}}}}}},"/v1/configs/interfaces/{interface}/enable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","description":"The name of the interface.\n","required":true,"type":"string"}],"post":{"summary":"Enable Interface","description":"This API starts and enables an interface to listen on its respective port.\n\nEnable/Disable is supported for NAE, KMIP, and SSH interfaces only.\n","tags":["Interfaces"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"34452a40-d258-408c-96bd-eba6aa430920","name":"ssh","port":22,"enabled":true,"network_interface":"all","interface_type":"ssh","createdAt":"2020-06-24T04:41:42.715961Z","updatedAt":"2020-06-30T09:55:20.905103Z"}}}}}},"/v1/configs/interfaces/{interface}/disable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","description":"The name of the interface.\n","required":true,"type":"string"}],"post":{"summary":"Disable Interface","description":"This API stops and disables an interface.\n\nEnable/Disable is supported for NAE, KMIP, and SSH interfaces only.\n","tags":["Interfaces"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"34452a40-d258-408c-96bd-eba6aa430920","name":"ssh","port":22,"enabled":false,"network_interface":"all","interface_type":"ssh","createdAt":"2020-06-24T04:41:42.715961Z","updatedAt":"2020-06-30T09:55:20.905103Z"}}}}}},"/v1/configs/interfaces/{interface}/restore-default-tls-ciphers":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","description":"The name of the interface.\n","required":true,"type":"string"}],"post":{"summary":"Restores Interface TLS Ciphers {{FF_CONFIG_WEB_TLS_GROUPS|and Groups}}","description":"This restore API sets TLS Ciphers {{FF_CONFIG_WEB_TLS_GROUPS|and Groups }}of an interface to default.\n\nTLS Ciphers is supported for NAE, KMIP, and WEB interfaces only.\n{{FF_CONFIG_WEB_TLS_GROUPS|TLS Groups are supported for WEB interface only.}}\n","tags":["Interfaces"],"responses":{"200":{"description":"OK","examples":{"application/json":[{"cipher_suite":"TLS_AES_256_GCM_SHA384","enabled":true,"configurable":false},{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","enabled":true,"configurable":false},{"cipher_suite":"TLS_AES_128_GCM_SHA256","enabled":true,"configurable":false},{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","enabled":true,"configurable":true},{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","enabled":true,"configurable":true},{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","enabled":true,"configurable":true},{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","enabled":true,"configurable":true},{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","enabled":false,"configurable":true},{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","enabled":false,"configurable":true},{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","enabled":false,"configurable":true},{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","enabled":false,"configurable":true},{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","enabled":false,"configurable":true},{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","enabled":false,"configurable":true},{"cipher_suite":"TLS_RSA_WITH_AES_128_CBC_SHA256","enabled":false,"configurable":true},{"cipher_suite":"TLS_RSA_WITH_AES_256_CBC_SHA","enabled":false,"configurable":true},{"cipher_suite":"TLS_RSA_WITH_AES_128_CBC_SHA","enabled":false,"configurable":true}]}}}}},"/v1/configs/interfaces/{interface}/csr":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","description":"The name of the interface.\n","required":true,"type":"string"}],"get":{"summary":"Get CSR","description":"Return the CSR.\n","tags":["Interfaces"],"responses":{"200":{"description":"OK","schema":{"properties":{"csr":{"type":"string"}}},"examples":{"application/json":{"csr":"-----BEGIN CERTIFICATE REQUEST-----\\nMIIEyDCCArACAQAwUjELMAkG...cf3MYX/xUQ==\\n-----END CERTIFICATE REQUEST-----\\n\n"}}}}},"post":{"summary":"CSR","description":"Generate CSR with the provided parameters, Without them, the system defaults are used.","parameters":[{"name":"body","in":"body","description":"CSR parameters","schema":{"type":"object","title":"CSR Request","properties":{"cn":{"type":"string","description":"Common Name"},"dns_names":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) values"},"email_addresses":{"type":"array","items":{"type":"string"},"description":"E-mail addresses"},"ip_addresses":{"type":"array","items":{"type":"string"},"description":"IP addresses"},"names":{"type":"array","items":{"type":"object","title":"CSR Name","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"RnD\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nFields can be duplicated if present in different objects.\n\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPS\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"}},"example":{"cn":"CM","dns_names":["*.thalesgroup.com","*.thalesgroup.net"],"email_addresses":["contact@thalesgroup.com"],"ip_addresses":["1.1.1.1"],"names":[{"O":"Thales Group","OU":"RnD","C":"US","ST":"MD","L":"Belcamp"}]}}}],"tags":["Interfaces"],"responses":{"201":{"description":"Successful CSR creation.","schema":{"type":"object"},"examples":{"application/json":{"csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIHNMHUCAQAwEzERMA8GA1UEAxMIVGVzdCBDU1IwWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAATndOIgsTp7m4bOuixxuAt2XQ3oZqp8th/woAo51z7RiAAGdm7IfB1w\n7uWr8o5PWKBatXIgvPp8hvRWHQPHCfcLoAAwCgYIKoZIzj0EAwIDSAAwRQIgVyvz\nhFGCKV460fNJC0vC48gI268B68Xr6osFoy9Ouw8CIQCWN1LtcyxPIvul3XF1Pj7l\navEeIqDBcfD6VHhbnpO2Ag==\n-----END CERTIFICATE REQUEST-----"}}}}}},"/v1/configs/syslogs/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of all syslog connections. The results can be filtered,\nusing the query parameters.\n","tags":["Syslog Connections"],"parameters":[{"name":"transport","in":"query","required":false,"type":"string","description":"Filter by the transport of the syslog connection (`udp`, `tcp` or `tls`)"},{"name":"host","in":"query","required":false,"type":"string","description":"Filter by the hostname or IP address of the syslog connection"},{"name":"port","in":"query","required":false,"type":"integer","description":"Filter by the port of the syslog connection"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"A syslog connection object","type":"object","properties":{"transport":{"type":"string","description":"`udp`, `tcp` or `tls`"},"host":{"type":"string","description":"The hostname or IP address of the syslog connection."},"port":{"type":"integer","description":"The port to use for the connection"},"caCert":{"type":"string","description":"The trusted CA cert in PEM format. Only used in TLS transport mode."},"messageFormat":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `plain_message`\n* `cef`\n* `leef`\n"}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"2ca211a1-a6fd-49c6-8c4e-61f0f474c803","account":"kylo:kylo:admin:accounts:kylo","host":"192.168.0.1","port":514,"transport":"udp","caCert":"","messageFormat":"plain_message","createdAt":"2017-08-30T22:17:30.663Z","updatedAt":"2017-08-30T22:17:30.663Z"}]}}}}},"post":{"summary":"Add","description":"Add a syslog connection.\n","tags":["Syslog Connections"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Add Syslog Connection","required":["transport","host"],"properties":{"transport":{"type":"string","description":"`udp`, `tcp` or `tls`"},"host":{"type":"string","description":"The hostname or IP address of the syslog connection"},"port":{"type":"integer","description":"The port to use for the connection. Defaults to `514` for\n`udp`, `601` for `tcp` and `6514` for `tls`\n"},"caCert":{"type":"string","description":"The trusted CA cert in PEM format. Only used in TLS transport\nmode\n"},"messageFormat":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `plain_message`\n* `cef`\n* `leef`\n"}},"example":{"transport":"udp","host":"192.168.0.1"}}}],"responses":{"201":{"description":"Successful syslog connection creation.","schema":{"description":"A syslog connection object","type":"object","properties":{"transport":{"type":"string","description":"`udp`, `tcp` or `tls`"},"host":{"type":"string","description":"The hostname or IP address of the syslog connection."},"port":{"type":"integer","description":"The port to use for the connection"},"caCert":{"type":"string","description":"The trusted CA cert in PEM format. Only used in TLS transport mode."},"messageFormat":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `plain_message`\n* `cef`\n* `leef`\n"}}},"examples":{"application/json":{"id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","account":"kylo:kylo:admin:accounts:kylo","transport":"tls","host":"192.168.0.1","port":514,"caCert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----","messageFormat":"cef","createdAt":"2017-08-30T22:17:30.663Z","updatedAt":"2017-08-30T22:17:30.663Z"}}}}}},"/v1/configs/syslogs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns a single syslog connection.","tags":["Syslog Connections"],"responses":{"200":{"description":"OK","schema":{"description":"A syslog connection object","type":"object","properties":{"transport":{"type":"string","description":"`udp`, `tcp` or `tls`"},"host":{"type":"string","description":"The hostname or IP address of the syslog connection."},"port":{"type":"integer","description":"The port to use for the connection"},"caCert":{"type":"string","description":"The trusted CA cert in PEM format. Only used in TLS transport mode."},"messageFormat":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `plain_message`\n* `cef`\n* `leef`\n"}}},"examples":{"application/json":{"id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","account":"kylo:kylo:admin:accounts:kylo","transport":"udp","host":"192.168.0.1","port":514,"caCert":"","messageFormat":"cef","createdAt":"2017-08-30T22:17:30.663Z","updatedAt":"2017-08-30T22:17:30.663Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a syslog connection.","tags":["Syslog Connections"],"responses":{"204":{"description":"No Content | Successful deletion of syslog connection."},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Change the properties of a syslog connection.\n","tags":["Syslog Connections"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Update Syslog Properties","properties":{"transport":{"type":"string","description":"`udp`, `tcp` or `tls`"},"host":{"type":"string","description":"The hostname or IP address of the syslog connection"},"port":{"type":"integer","description":"The port to use for the connection"},"caCert":{"type":"string","description":"The trusted CA cert in PEM format. Only used in TLS transport\nmode\n"},"messageFormat":{"type":"string","description":"The log message format to send log messages."}},"example":{"transport":"udp","host":"192.168.0.1"}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"A syslog connection object","type":"object","properties":{"transport":{"type":"string","description":"`udp`, `tcp` or `tls`"},"host":{"type":"string","description":"The hostname or IP address of the syslog connection."},"port":{"type":"integer","description":"The port to use for the connection"},"caCert":{"type":"string","description":"The trusted CA cert in PEM format. Only used in TLS transport mode."},"messageFormat":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `plain_message`\n* `cef`\n* `leef`\n"}}},"examples":{"application/json":{"id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","account":"kylo:kylo:admin:accounts:kylo","transport":"udp","host":"192.168.0.1","port":514,"caCert":"","messageFormat":"cef","createdAt":"2017-08-30T22:17:30.663Z","updatedAt":"2017-08-30T22:17:30.663Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/configs/log-forwarders/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of all Log Forwarders.\n","tags":["Log Forwarders"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter by the name of the Log Forwarder"},{"name":"type","in":"query","required":false,"type":"string","description":"Filter by the type of the Log Forwarder"},{"name":"connection_id","in":"query","required":false,"type":"string","description":"Filter by the connection_id of the Log Forwarder"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"A Log Forwarder resource","type":"object","properties":{"name":{"type":"string","description":"Name of the Log Forwarder."},"type":{"type":"string","description":"Type of the Log Forwarder.","enum":["elasticsearch","loki","syslog"]},"elasticsearch_params":{"type":"object","description":"The optional configuration fields for elasticsearch."},"loki_params":{"type":"object","description":"The optional configuration fields for loki."},"syslog_params":{"type":"object","description":"The optional configuration fields for syslog."}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"2ca211a1-a6fd-49c6-8c4e-61f0f474c803","account":"kylo:kylo:admin:accounts:kylo","name":"Elastic Search Connection","type":"elasticsearch","connection_id":"49c6-8c4e-61f0f474c803-2ca211a1-a6fd","params":{"host":"127.0.0.1","port":9200,"indices":{"server_audit_records":"server_audit_records","activity_nae":"activity_nae","activity_kmip":"activity_kmip"}},"createdAt":"2017-08-30T22:17:30.663Z","updatedAt":"2017-08-30T22:17:30.663Z"}]}}}}},"post":{"summary":"Add","description":"Add a Log Forwarder.\n","tags":["Log Forwarders"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Add Log Forwarders","required":["name","type","connection_id"],"properties":{"name":{"type":"string","description":"Unique name of the Log Forwarder."},"type":{"type":"string","description":"Type of the Log Forwarder\n","enum":["elasticsearch","loki","syslog"]},"connection_id":{"type":"string","description":"connection id of log-forwarder connection (elasticsearch, loki, syslog)."},"elasticsearch_params":{"type":"object","description":"Optional attributes specifying extra configuration fields specific to Elasticsearch\n","properties":{"indices":{"type":"object","properties":{"activity_nae":{"type":"string","description":"Index to be used for entires coming from the NAE activity log. Logs will not be forwarded if index is not provided. Consult Elasticsearch documentation for allowed characters."},"activity_kmip":{"type":"string","description":"Index to be used for entries coming from the KMIP activity log. Logs will not be forwarded if index is not provided. Consult Elasticsearch documentation for allowed characters."},"server_audit_records":{"type":"string","description":"Index to be used for entries coming from server audit records. Logs will not be forwarded if index is not provided. Consult Elasticsearch documentation for allowed characters."},"client_audit_records":{"type":"string","description":"Index to be used for entries coming from client audit records. Client audit logs are forwarded only if this index is provided. Consult Elasticsearch documentation for allowed characters."}},"description":"Optional attributes specifying index field for different logs\n"}}},"loki_params":{"type":"object","description":"Optional attributes specifying extra configuration fields specific to Loki\n","properties":{"labels":{"type":"object","properties":{"activity_nae":{"type":"string","description":"Labels to be used for entries coming from the NAE activity log, for example \"jobs=activity_nae\". Logs will not be forwarded if label is not provided. Consult Loki documentation for allowed characters."},"activity_kmip":{"type":"string","description":"Labels to be used for entries coming from the KMIP activity log, for example \"jobs=activity_kmip\". Logs will not be forwarded if label is not provided. Consult Loki documentation for allowed characters."},"server_audit_records":{"type":"string","description":"Labels to be used for entries coming from server audit records, for example \"jobs=server_audit_records\". Logs will not be forwarded if label is not provided. Consult Loki documentation for allowed characters."},"client_audit_records":{"type":"string","description":"Labels to be used for entries coming from client audit records, for example \"jobs=client_audit_records\". Client audit logs are forwarded only if this label is provided. Consult Loki documentation for allowed characters."}},"description":"Optional attributes specifying labels for different logs\n"}}},"syslog_params":{"type":"object","description":"Attributes specifying configuration fields specific to Syslog\n","properties":{"forward_logs":{"type":"object","properties":{"activity_nae":{"type":"boolean","description":"When true, NAE Activity logs will be forwarded. You need to enable NAE Acitivity logs before forwarding them."},"activity_kmip":{"type":"boolean","description":"When true, KMIP Activity logs will be forwarded. You need to enable KMIP Acitivity logs before forwarding them."},"server_audit_records":{"type":"boolean","description":"When true, Server Audit Records will be forwarded."},"client_audit_records":{"type":"boolean","description":"When true, Client Audit Records will be forwarded."}},"description":"Attributes specifying which log-type to be forwarded to syslog\n"}}}},"example":{"name":"es_logs","type":"elasticsearch","connection_id":"2ca211a1-a6fd-49c6-8c4e-61f0f474c803","elasticsearch_params":{"indices":{"server_audit_records":"server_audit_records","client_audit_records":"client_audit_records","activity_nae":"activity_nae","activity_kmip":"activity_kmip"}}}}}],"responses":{"201":{"description":"Successful Log Forwarder creation.","schema":{"description":"A Log Forwarder resource","type":"object","properties":{"name":{"type":"string","description":"Name of the Log Forwarder."},"type":{"type":"string","description":"Type of the Log Forwarder.","enum":["elasticsearch","loki","syslog"]},"elasticsearch_params":{"type":"object","description":"The optional configuration fields for elasticsearch."},"loki_params":{"type":"object","description":"The optional configuration fields for loki."},"syslog_params":{"type":"object","description":"The optional configuration fields for syslog."}}},"examples":{"application/json":{"id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","account":"kylo:kylo:admin:accounts:kylo","name":"Elastic Search Connection","type":"elasticsearch","connection_id":"2ca211a1-a6fd-49c6-8c4e-61f0f474c803","params":{"host":"127.0.0.1","port":9200,"indices":{"server_audit_records":"server_audit_records","client_audit_records":"client_audit_records","activity_nae":"activity_nae","activity_kmip":"activity_kmip"}},"createdAt":"2017-08-30T22:17:30.663Z","updatedAt":"2017-08-30T22:17:30.663Z"}}}}}},"/v1/configs/log-forwarders/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns a single Log Forwarder.","tags":["Log Forwarders"],"responses":{"200":{"description":"OK","schema":{"description":"A Log Forwarder resource","type":"object","properties":{"name":{"type":"string","description":"Name of the Log Forwarder."},"type":{"type":"string","description":"Type of the Log Forwarder.","enum":["elasticsearch","loki","syslog"]},"elasticsearch_params":{"type":"object","description":"The optional configuration fields for elasticsearch."},"loki_params":{"type":"object","description":"The optional configuration fields for loki."},"syslog_params":{"type":"object","description":"The optional configuration fields for syslog."}}},"examples":{"application/json":{"id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","account":"kylo:kylo:admin:accounts:kylo","name":"Elastic Search Connection","type":"elasticsearch","connection_id":"2ca211a1-a6fd-49c6-8c4e-61f0f474c803","params":{"host":"192.168.0.1","port":9200,"indices":{"server_audit_records":"server_audit_records","client_audit_records":"client_audit_records","activity_nae":"activity_nae","activity_kmip":"activity_kmip"}},"createdAt":"2017-08-30T22:17:30.663Z","updatedAt":"2017-08-30T22:17:30.663Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a Log Forwarder.","tags":["Log Forwarders"],"responses":{"204":{"description":"No Content | Successful deletion of Log Forwarder."},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Change the properties of a Log Forwarder.\n","tags":["Log Forwarders"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Update Log Forwarders","properties":{"name":{"type":"string","description":"Unique name of the Log Forwarder."},"connection_id":{"type":"string","description":"connection id of log-forwarder connection (elasticsearch, loki, syslog)."},"elasticsearch_params":{"type":"object","description":"Optional attributes specifying extra configuration fields specific to Elasticsearch\n","properties":{"indices":{"type":"object","properties":{"activity_nae":{"type":"string","description":"Index to be used for entires coming from the NAE activity log. Consult Elasticsearch documentation for allowed characters."},"activity_kmip":{"type":"string","description":"Index to be used for entries coming from the KMIP activity log. Consult Elasticsearch documentation for allowed characters."},"server_audit_records":{"type":"string","description":"Index to be used for entries coming from server audit records. Consult Elasticsearch documentation for allowed characters."},"client_audit_records":{"type":"string","description":"Index to be used for entries coming from client audit records. Consult Elasticsearch documentation for allowed characters."}},"description":"Optional attributes specifying index field for different logs\n"}}},"loki_params":{"type":"object","description":"Optional attributes specifying extra configuration fields specific to Loki\n","properties":{"labels":{"type":"object","properties":{"activity_nae":{"type":"string","description":"Labels to be used for entries coming from the NAE activity log, for example \"jobs=activity_nae\". Consult Loki documentation for allowed characters."},"activity_kmip":{"type":"string","description":"Labels to be used for entries coming from the KMIP activity log, for example \"jobs=activity_kmip\". Consult Loki documentation for allowed characters."},"server_audit_records":{"type":"string","description":"Labels to be used for entries coming from server audit records, for example \"jobs=server_audit_records\". Consult Loki documentation for allowed characters."},"client_audit_records":{"type":"string","description":"Labels to be used for entries coming from client audit records, for example \"jobs=client_audit_records\". Consult Loki documentation for allowed characters."}},"description":"Optional attributes specifying labels for different logs\n"}}},"syslog_params":{"type":"object","description":"Attributes specifying configuration fields specific to Syslog\n","properties":{"forward_logs":{"type":"object","properties":{"activity_nae":{"type":"boolean","description":"When true, NAE Activity logs will be forwarded. You need to enable NAE Acitivity logs before forwarding them."},"activity_kmip":{"type":"boolean","description":"When true, KMIP Activity logs will be forwarded. You need to enable KMIP Acitivity logs before forwarding them."},"server_audit_records":{"type":"boolean","description":"When true, Server Audit Records will be forwarded."},"client_audit_records":{"type":"boolean","description":"When true, Client Audit Records will be forwarded."}},"description":"Attributes specifying which log-type to be forwarded to syslog\n"}}}},"example":{"name":"es_update","connection_id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","elasticsearch_params":{"indices":{"server_audit_records":"server_audit_records","client_audit_records":"client_audit_records","activity_nae":"activity_nae","activity_kmip":"activity_kmip"}}}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"A Log Forwarder resource","type":"object","properties":{"name":{"type":"string","description":"Name of the Log Forwarder."},"type":{"type":"string","description":"Type of the Log Forwarder.","enum":["elasticsearch","loki","syslog"]},"elasticsearch_params":{"type":"object","description":"The optional configuration fields for elasticsearch."},"loki_params":{"type":"object","description":"The optional configuration fields for loki."},"syslog_params":{"type":"object","description":"The optional configuration fields for syslog."}}},"examples":{"application/json":{"id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","account":"kylo:kylo:admin:accounts:kylo","name":"es_update","type":"elasticsearch","connection_id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","params":{"host":"192.168.0.1","port":9200,"indices":{"server_audit_records":"server_audit_records","client_audit_records":"client_audit_records","activity_nae":"activity_nae","activity_kmip":"activity_kmip"}},"createdAt":"2017-08-30T22:17:30.663Z","updatedAt":"2017-08-30T22:17:30.663Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/configs/log-forwarders-domain-redirection/enable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Enable Domain Log Messages Redirection","description":"Enable redirection of domain log messages to the parent of current domain. Not applicable for the root domain.","tags":["Log Forwarders"],"x-feature":"FF_ENABLE_LOG_FORWARDERS_DOMAIN_REDIRECTION","responses":{"200":{"description":"Successfully enabled redirection of domain log messages to the parent of current domain.","schema":{"type":"object","properties":{"enable_log_forwarders_domain_redirection":{"type":"boolean"}}}},"409":{"description":"Enabling or disabling redirection of domain log messages from the root domain is not allowed."}}}},"/v1/configs/log-forwarders-domain-redirection/disable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Disable Domain Log Messages Redirection","description":"Disable redirection of domain log messages to the parent of current domain. Not applicable for the root domain.","tags":["Log Forwarders"],"x-feature":"FF_ENABLE_LOG_FORWARDERS_DOMAIN_REDIRECTION","responses":{"200":{"description":"Successfully disabled redirection of domain log messages to the parent domain.","schema":{"type":"object","properties":{"enable_log_forwarders_domain_redirection":{"type":"boolean"}}}},"409":{"description":"Enabling or disabling redirection of domain log messages from the root domain is not allowed."}}}},"/v1/configs/log-forwarders-domain-redirection/status":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Domain Log Messages Redirection Status","description":"Status of domain log messages redirection to the parent of current domain. By default it is true for all the non-root domains.","tags":["Log Forwarders"],"x-feature":"FF_ENABLE_LOG_FORWARDERS_DOMAIN_REDIRECTION","responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"enable_log_forwarders_domain_redirection":{"type":"boolean"}}}}}}},"/v1/configs/properties":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns the user configurable system properties.","tags":["Properties"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"System property name."},"value":{"type":"string","description":"System property value."},"description":{"type":"string","description":"Description of the system property."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"ENABLE_RECORDS_DB_STORE","value":"true","description":"Store audit records in database. Disabling also deletes the audit records. Values: true or false"}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/configs/properties/{name}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","description":"Name of the system property.","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of the specified system property.\n","tags":["Properties"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"System property name."},"value":{"type":"string","description":"System property value."},"description":{"type":"string","description":"Description of the system property."}}}]},"examples":{"application/json":{"name":"ENABLE_RECORDS_DB_STORE","value":"true","description":"Store audit records in database. Values: true or false"}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the system property with the specified value.\n","tags":["Properties"],"parameters":[{"name":"body","in":"body","description":"The new metadata to update. The \"Body Sample\" on the right pane shows the format.","required":true,"schema":{"type":"object","title":"Property","required":["value"],"properties":{"value":{"type":"string","description":"Value to be set."}}}}],"responses":{"202":{"description":"Accepted"},"404":{"description":"Resource not found."}}}},"/v1/configs/properties/{name}/reset":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","description":"Name of the system property.","required":true,"type":"string"}],"post":{"summary":"Reset","description":"Resets the specified system property to its default value.\n","tags":["Properties"],"responses":{"202":{"description":"Accepted"},"404":{"description":"Resource not found"}}}},"/v1/dns-hosts":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"This route is for creating host entries in DNS service to enable other services resolve\nthe domain names to IPs.\n","tags":["DNS Hosts"],"parameters":[{"name":"Time","in":"header","description":"Current date and time of the client in UTC. ex) 2006-01-02T15:04:05.000Z","type":"string"},{"name":"body","in":"body","description":"The body of the request should contain the domain name and either of IPs or IP field specified.\n","schema":{"type":"object","title":"Create DNS host record","required":["name"],"properties":{"name":{"type":"string","description":"Host Domain name.\n"},"ip":{"type":"string","description":"(deprecated) Host IP. This field is deprecated, use `ips` instead.\n"},"ips":{"type":"array","items":{"type":"string"},"description":"Multiple Host IPs."},"type":{"type":"string","description":"Type of the DNS Host Record. Can be either of:\n* address (default)\n* host-record\n\nEither of the values can be used at a time.\n"}},"example":{"name":"sample_domain1.com","ips":["172.85.86.12","172.32.54.41"],"type":"host-record"}}}],"responses":{"201":{"description":"Successful host DNS record creation.","schema":{"allOf":[{"type":"object","required":["name"],"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"name":{"type":"string","description":"Host Domain name."},"ip":{"type":"string","description":"(deprecated) Host IP. This field is deprecated, use `ips` instead.\n"},"ips":{"type":"array","items":{"type":"string"},"description":"Multiple Host IPs"},"type":{"type":"string","description":"Type of the DNS Host Record. Can be either of:\n* address (default)\n* host-record\n\nEither of the values can be used at a time.\n"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the host was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the host was last updated"}}}]},"examples":{"application/json":{"id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","name":"sample_domain1.com","ips":["172.85.86.12","172.32.54.41"],"type":"host-record","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2020-07-01T23:00:10.072423Z","updatedAt":"2020-07-01T23:00:10.072423Z"}}},"401":{"description":"Creation failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"get":{"summary":"List","description":"Returns the host's DNS entries.","tags":["DNS Hosts"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result by host name."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"System property name."},"value":{"type":"string","description":"System property value."},"description":{"type":"string","description":"Description of the system property."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":2,"resources":[{"id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","name":"sample_domain1.com","ip":"172.85.86.12","type":"address","uri":"demo-TOr:pers-admintester:audit:records:9f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2020-07-01T23:00:10.072423Z","updatedAt":"2020-07-01T23:00:10.072423Z"},{"id":"afc41e81-2689-4b2c-adc0-f0e1f3612214","name":"sample_domain2.com","ips":["172.85.86.12","52.73.19.723"],"type":"host-record","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2020-07-01T23:00:10.072423Z","updatedAt":"2020-07-01T23:00:10.072423Z"}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/dns-hosts/{name}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","description":"The name of the host","required":true,"type":"string"}],"get":{"summary":"Get","description":"Return the host details.\n","tags":["DNS Hosts"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","required":["name"],"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"name":{"type":"string","description":"Host Domain name."},"ip":{"type":"string","description":"(deprecated) Host IP. This field is deprecated, use `ips` instead.\n"},"ips":{"type":"array","items":{"type":"string"},"description":"Multiple Host IPs"},"type":{"type":"string","description":"Type of the DNS Host Record. Can be either of:\n* address (default)\n* host-record\n\nEither of the values can be used at a time.\n"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the host was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the host was last updated"}}}]},"examples":{"application/json":{"id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","name":"sample_domain1.com","ip":"172.85.86.12","type":"address","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2020-07-01T23:00:10.072423Z","updatedAt":"2020-07-01T23:00:10.072423Z"}}}}},"patch":{"summary":"Update","description":"Change the host's ip mapping and record type. Note: Patching of IPs is not additive in nature. New values would override older ones.\n","tags":["DNS Hosts"],"parameters":[{"name":"body","in":"body","description":"TO-DO\n","schema":{"type":"object","title":"Update Host","properties":{"ip":{"type":"string","description":"(deprecated) Host IP. This field is deprecated, use `ips` instead.\n"},"ips":{"type":"array","items":{"type":"string"},"description":"Multiple Host IPs."},"type":{"type":"string","description":"Type of the DNS Host Record. Can be either of:\n* address\n* host-record\n\nEither of the values can be used at a time.\n"}},"example":{"ips":["172.85.86.12","172.85.86.13","172.85.86.14"]}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"type":"object","required":["name"],"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"name":{"type":"string","description":"Host Domain name."},"ip":{"type":"string","description":"(deprecated) Host IP. This field is deprecated, use `ips` instead.\n"},"ips":{"type":"array","items":{"type":"string"},"description":"Multiple Host IPs"},"type":{"type":"string","description":"Type of the DNS Host Record. Can be either of:\n* address (default)\n* host-record\n\nEither of the values can be used at a time.\n"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the host was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the host was last updated"}}}]},"examples":{"application/json":{"id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","name":"sample_domain2.com","ips":["172.85.86.12","172.85.86.13","172.85.86.14"],"type":"host-record","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2020-07-01T23:00:10.072423Z","updatedAt":"2016-07-01T23:00:10.072423Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Delete given host's DNS record.\n","tags":["DNS Hosts"],"responses":{"204":{"description":"No Content | Successful deletion of host's DNS record."}}}},"/v1/configs/proxy":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"put":{"summary":"Set proxy","description":"Set proxy settings and certificate to trust in System","tags":["Proxy"],"parameters":[{"in":"body","name":"proxy","description":"The proxy to add and a corresponding SSL certificate to trust.","schema":{"allOf":[{"properties":{"http_proxy":{"type":"string","description":"HTTP proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"https_proxy":{"type":"string","items":{"type":"string"},"description":"HTTPS proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"no_proxy":{"type":"array","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."}},"example":{"http_proxy":"username:password@my.proxy.server:8080","https_proxy":"username:password@my.proxy.server:8081","no_proxy":["localhost","127.0.0.1"],"certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}}]}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"http_proxy":{"type":"string","description":"HTTP proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"https_proxy":{"type":"string","items":{"type":"string"},"description":"HTTPS proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"no_proxy":{"type":"array","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."}},"example":{"http_proxy":"username:password@my.proxy.server:8080","https_proxy":"username:password@my.proxy.server:8081","no_proxy":["localhost","127.0.0.1"],"certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}}]},"examples":{"application/json":{"HTTP_PROXY":"username:xxxx@my.proxy.server:8080","HTTPS_PROXY":"username:xxxx@my.proxy.server:8081","NO_PROXY":["localhost","127.0.0.1"],"certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}}}}},"patch":{"summary":"Update proxy","description":"Update proxy settings and certificate to trust in System","tags":["Proxy"],"parameters":[{"in":"body","name":"proxy","description":"Update proxy configurations.","schema":{"allOf":[{"properties":{"http_proxy":{"type":"string","description":"HTTP proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"https_proxy":{"type":"string","items":{"type":"string"},"description":"HTTPS proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"no_proxy":{"type":"array","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."}},"example":{"https_proxy":"username:password@my.proxy.server:8081","no_proxy":["localhost"],"certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}}]}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"http_proxy":{"type":"string","description":"HTTP proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"https_proxy":{"type":"string","items":{"type":"string"},"description":"HTTPS proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"no_proxy":{"type":"array","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."}},"example":{"http_proxy":"username:password@my.proxy.server:8080","https_proxy":"username:password@my.proxy.server:8081","no_proxy":["localhost","127.0.0.1"],"certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}}]},"examples":{"application/json":{"HTTP_PROXY":"username:xxxx@my.proxy.server:8080","HTTPS_PROXY":"username:xxxx@my.proxy.server:8081","NO_PROXY":["localhost"]}}},"400":{"description":"Bad Request | Invalid parameter values"}}},"get":{"summary":"Get","description":"Returns the proxy settings","tags":["Proxy"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"http_proxy":{"type":"string","description":"HTTP proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"https_proxy":{"type":"string","items":{"type":"string"},"description":"HTTPS proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"no_proxy":{"type":"array","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."}},"example":{"http_proxy":"username:password@my.proxy.server:8080","https_proxy":"username:password@my.proxy.server:8081","no_proxy":["localhost","127.0.0.1"],"certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}}]}}}},"delete":{"summary":"Delete","description":"Delete all the proxy settings.","tags":["Proxy"],"responses":{"204":{"description":"No Content | Proxy is deleted successfully."}}}},"/v1/configs/proxy/test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test proxy","description":"Test proxy settings and certificate before adding it to the System","tags":["Proxy"],"parameters":[{"in":"body","name":"proxy","description":"The proxy to test and a corresponding SSL certificate before adding it to the trusted list.","schema":{"allOf":[{"properties":{"http_proxy":{"type":"string"},"https_proxy":{"type":"string","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."},"test_url":{"type":"string","description":"HTTPS URL to test with given proxy. By default it is https://www.thalesdocs.com."}},"example":{"https_proxy":"username:password@my.proxy.server:8081","test_url":"https://www.thalesdocs.com/","certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}}]}}],"responses":{"200":{"description":"Successful proxy connection test.","schema":{"properties":{"connection_ok":{"type":"boolean"},"connection_error":{"type":"string"}}},"examples":{"application/json":{"connection_ok":true}}},"400":{"description":"Bad Request | Invalid parameter values"}}}},"/v1/configs/loki":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Get the loki configuration parameters.","tags":["Loki Configuration"],"responses":{"200":{"description":"OK","schema":{"description":"Loki configuration parameters","type":"object","properties":{"retention_time":{"type":"string","description":"The duration for which Loki logs are retained.\nThe retention period is a duration represented as a string that can be parsed using the Go library’s time.Duration, such as 24h, in multiple of 24h.\nDefault: 240h\n"}}},"examples":{"application/json":{"retention_time":"240h"}}}}},"patch":{"summary":"Update","description":"Modify the Loki configuration parameters.","parameters":[{"name":"body","in":"body","required":true,"description":"The Loki configuration to be updated.","schema":{"title":"Update Loki Configuration","description":"Update Loki configuration parameters","type":"object","properties":{"retention_time":{"type":"string","description":"The duration for which Loki logs are retained.\nThe retention period is a duration represented as a string that can be parsed using Go’s time.Duration, such as 24h, in multiple of 24h.\nExample: 240h\n"}}}}],"tags":["Loki Configuration"],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"Loki configuration parameters","type":"object","properties":{"retention_time":{"type":"string","description":"The duration for which Loki logs are retained.\nThe retention period is a duration represented as a string that can be parsed using the Go library’s time.Duration, such as 24h, in multiple of 24h.\nDefault: 240h\n"}}},"examples":{"application/json":{"retention_time":"480h"}}}}}},"/v1/configs/interfaces/{interface}/auto-gen-server-cert":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","description":"The name of the interface.\n","required":true,"type":"string"}],"post":{"summary":"AutoGen Server Certificate","description":"Update the interface with new auto generated server certificate using the CA present in the Automatic server Certificate Generation field and autogen CSR parameters.\n","tags":["Interfaces"],"parameters":[{"name":"body","in":"body","description":"Source interface name","schema":{"type":"object","properties":{"pending_renewal":{"type":"boolean","description":"If true, the certificate will be saved as an upcoming/renewed certificate to be applied later\nor applied immediately in case of false.\n"}}}}],"responses":{"200":{"description":"OK","schema":{"properties":{"certificates":{"type":"string"}}},"examples":{"application/json":{"certificates":"-----BEGIN CERTIFICATE-----\\nMIIBXD...Favxw==\\n-----END CERTIFICATE-----\\n\n"}}}}}},"/v1/configs/akeyless":{"x-feature":"FF_AKEYLESS","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get Akeyless Config","description":"Get the Akeyless gateway configuration parameters.","tags":["Akeyless Configuration"],"responses":{"200":{"description":"OK","schema":{"x-feature":"FF_AKEYLESS","type":"object","allOf":[{"type":"object","description":"ID, name or URI of an Akeyless connection associated with the Akeyless gateway.","properties":{"gateway_connection_id":{"type":"string","description":"ID, name or URI of an Akeyless connection associated with the Akeyless gateway."}}},{"type":"object","description":"The akeyless key ID to be used for Akeyless SSO.","properties":{"sso_access_id":{"type":"string","description":"The akeyless key ID to be used for Akeyless SSO."}}},{"x-feature":"FF_AKEYLESS_SINGLE_TENANT","type":"object","description":"URL of the akeyless infrastructure on which the account is created on signup.","properties":{"akeyless_url":{"type":"string","description":"URL of the akeyless infrastructure on which the account is created on signup."}}},{"type":"object","description":"Holds IDs of customer fragments which are accessible to the akeyless gateway. | The CipherTrust Customer Fragment is a secret object which could be used to protect akeyless secrets.","properties":{"customer_fragment_ids":{"type":"array","description":"Holds IDs of customer fragments which are accessible to the akeyless gateway. The CipherTrust Customer Fragment is a secret object which could be used to protect akeyless secrets."}}}]},"examples":{"application/json":{"gateway_connection_id":"","sso_access_id":"","akeyless_url":"https://akeyless.infrastructure.url","customer_fragment_ids":[""]}}}}},"patch":{"summary":"Update Akeyless Config","description":"Modifies the Akeyless configuration.\nSpecifies an existing Akeyless connection whose access key-id and access key will be used by the Akeyless gateway.\nSpecifies the akeyless access key-id that will be used for SSO {{FF_AKEYLESS_SINGLE_TENANT|and the URL of the akeyless infrastructure on which the account will be created on signup}}.\n","parameters":[{"name":"body","in":"body","required":true,"description":"The Akeyless configuration to be updated.","schema":{"title":"Update Akeyless Configuration","x-feature":"FF_AKEYLESS","type":"object","properties":{"gateway_connection_id":{"type":"string","description":"ID, name or URI of an Akeyless connection associated with the Akeyless gateway."},"sso_access_id":{"type":"string","description":"The akeyless key ID to be used for Akeyless SSO."},"akeyless_signup_url":{"x-feature":"FF_AKEYLESS_SINGLE_TENANT","type":"string","description":"URL of the akeyless infrastructure on which the account is created on signup. This parameter can be used in scenarios where a dedicated single tenant akeyless infrastructure is deployed. If this field is left blank, the default 'https://vault.akeyless.io' endpoint is used for signups. This parameter is considered only when the gateway_connection_id is not set."}}}}],"tags":["Akeyless Configuration"],"responses":{"200":{"description":"Successful resource update.","schema":{"x-feature":"FF_AKEYLESS","type":"object","allOf":[{"type":"object","description":"ID, name or URI of an Akeyless connection associated with the Akeyless gateway.","properties":{"gateway_connection_id":{"type":"string","description":"ID, name or URI of an Akeyless connection associated with the Akeyless gateway."}}},{"type":"object","description":"The akeyless key ID to be used for Akeyless SSO.","properties":{"sso_access_id":{"type":"string","description":"The akeyless key ID to be used for Akeyless SSO."}}},{"x-feature":"FF_AKEYLESS_SINGLE_TENANT","type":"object","description":"URL of the akeyless infrastructure on which the account is created on signup.","properties":{"akeyless_url":{"type":"string","description":"URL of the akeyless infrastructure on which the account is created on signup."}}},{"type":"object","description":"Holds IDs of customer fragments which are accessible to the akeyless gateway. | The CipherTrust Customer Fragment is a secret object which could be used to protect akeyless secrets.","properties":{"customer_fragment_ids":{"type":"array","description":"Holds IDs of customer fragments which are accessible to the akeyless gateway. The CipherTrust Customer Fragment is a secret object which could be used to protect akeyless secrets."}}}]},"examples":{"application/json":{"gateway_connection_id":"","sso_connection_id":"","akeyless_url":"https://akeyless.infrastructure.url","customer_fragment_ids":[""]}}}}}},"/v1/configs/akeyless/status":{"x-feature":"FF_AKEYLESS","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Status","description":"Checks if Akeyless is correctly configured and ready to use.","tags":["Akeyless Configuration"],"responses":{"200":{"description":"OK","schema":{"x-feature":"FF_AKEYLESS","type":"object","properties":{"status":{"type":"string","description":"Status of Akeyless if it is ready to use or not."}}},"examples":{"application/json":{"status":"ready"}}}}}},"/v1/configs/akeyless/customer-fragments":{"x-feature":"FF_AKEYLESS_MULTIPLE_FRAGMENTS","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Gets a list of customer fragments in the CipherTrust Manager.","tags":["Akeyless Configuration"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result by CF name."},{"name":"id","in":"query","required":false,"type":"string","description":"Filter result by CF id."},{"name":"akeyless_cf_id","in":"query","required":false,"type":"string","description":"Filter result by Akeyless CF id."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","description":"The CipherTrust Customer Fragment is a secret object which is used to protect akeyless secrets.","properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"description":{"type":"string","readOnly":true,"description":"The description of the resource."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}},"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":2,"resources":[{"id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","name":"cf_1","uri":"demo-TOr:pers-admintester:audit:records:9f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","createdAt":"2023-07-01T23:00:10.072423Z","akeyless_cf_id":"cf-7c5pbxqojsxb4dw3odnj"},{"id":"afc41e81-2689-4b2c-adc0-f0e1f3612214","name":"cf_2","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","createdAt":"2023-07-01T23:00:10.072423Z","akeyless_cf_id":""}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"post":{"summary":"Create","description":"Create a customer fragment in CipherTrust Manager. This operation adds the created CF in akeyless configs and triggers an akeyless server restart.\n","tags":["Akeyless Configuration"],"parameters":[{"name":"body","in":"body","description":"The body of the request contains name and optional description of the customer fragment.\n","schema":{"type":"object","title":"Create Customer Fragment","required":["name"],"properties":{"name":{"type":"string","description":"Customer Fragment name.\n"},"exportable":{"type":"boolean","description":"The Exportable field indicates whether the customer fragment can be exported for external use, such as in standalone Akeyless gateways, and can be set to true or false.\n"},"description":{"type":"string","description":"Short description of the customer fragment.\n"},"akeyless_cf_id":{"type":"string","description":"The Akeyless Customer Fragment ID is used to display customer fragments on the Akeyless gateway. If the akeyless-cf-id is not provided, the resource ID will be used instead.\nFor imported customer fragments, the akeyless-cf-id corresponds to the ID of the customer fragment as specified in the customer_fragment.json file downloaded from the standalone Akeyless gateway.\n"},"value":{"type":"object","description":"Customer fragment value.\n","properties":{"material":{"type":"string","description":"Customer fragment secret material is the value of customer fragment which is a base64 encoded string consisting of 88 characters. This field is used to create a customer fragment with user-provided secret material when the user has their own secret material.\nIn the case of imported customer fragments, material can be obtained from the customer_fragments.json file downloaded from the standalone akeyless gateway.\nIf the material is not provided, it will be automatically generated on the CipherTrust Manager; however, the material is required when an akeyless_cf_id is provided.\n"}}}},"example":{"name":"","description":"","akeyless_cf_id":"","exportable":false,"value":{"material":""}}}}],"responses":{"201":{"description":"Successful customer fragment creation.","schema":{"type":"object","description":"The CipherTrust Customer Fragment is a secret object which is used to protect akeyless secrets.","properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"description":{"type":"string","readOnly":true,"description":"The description of the resource."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}},"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}}]},"examples":{"application/json":{"id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","name":"cf_1","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","createdAt":"2020-07-01T23:00:10.072423Z","akeyless_cf_id":"cf-7c5pbxqojsxb4dw3odnj"}}},"401":{"description":"Creation failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/configs/akeyless/customer-fragments/export":{"x-feature":"FF_AKEYLESS_EXPORT_CF","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"GET","description":"Returns exportable customer fragments\n","tags":["Akeyless Configuration"],"responses":{"200":{"description":"Returns a JSON file of exportable customer fragment."}}}},"/v1/configs/akeyless/customer-fragments/{name}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","description":"The name of the host","required":true,"type":"string"}],"patch":{"x-feature":"FF_AKEYLESS_EXPORT_CF","summary":"Patch","description":"Update a customer fragment in CipherTrust Manager. This operation patches the created customer fragments in akeyless configs.\n","tags":["Akeyless Configuration"],"parameters":[{"name":"body","in":"body","description":"The Customer Fragment fields to be updated.\n","schema":{"type":"object","title":"Patch Customer Fragment","properties":{"exportable":{"type":"boolean","description":"The Exportable field specifies if this CF is eligible for external export, and can be set to true or false.\n"}},"example":{"exportable":false}}}],"responses":{"200":{"description":"Updated customer fragment successfully.","schema":{"type":"object","description":"The CipherTrust Customer Fragment is a secret object which is used to protect akeyless secrets.","properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"description":{"type":"string","readOnly":true,"description":"The description of the resource."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}},"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}}]},"examples":{"application/json":{"id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","name":"cf_1","exportable":"false","uri":"kylo:kylo:solo:customer-fragments:24afc329-20b4-47b0-875b-6dcb115d1cee","account":"kylo:kylo:admin:accounts:kylo","akeyless_cf_id":"cf-7c5pbxqojsxb4dw3odnj"}}},"401":{"description":"Authorization failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"delete":{"x-feature":"FF_AKEYLESS_MULTIPLE_FRAGMENTS","summary":"Delete","description":"Delete given customer fragment by Name or ID. This operation removes the CF from akeyless configs and triggers an akeyless server restart.\n\n_Note: Deleting a customer fragment deletes key material permanently. Thus all secrets protected using this fragment can never be decrypted. This is an irreversible event._\n","tags":["Akeyless Configuration","Danger"],"responses":{"204":{"description":"No Content | Successful deletion of customer fragment."}}}},"/v1/configs/akeyless/customer-fragments/import":{"x-feature":"FF_AKEYLESS_IMPORT_CF","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Import","description":"Imports customer fragments from standalone Akeyless Gateway into CipherTrust Manager. This operation creates Ciphertrust customer fragment resources corresponding to the imported customer fragments and triggers an akeyless server restart.\n","tags":["Akeyless Configuration"],"parameters":[{"name":"body","in":"body","description":"The body of the request contains array of customer fragments to be imported along with the ID and value of the Customer Fragment.\n","schema":{"type":"object","title":"Import Customer Fragments","properties":{"customer_fragments":{"type":"array","items":{"type":"object","description":"The Customer Fragment is a secret object which is used to protect akeyless secrets","required":["id","value"],"properties":{"id":{"type":"string","description":"The unique identifier of akeyless customer fragment"},"name":{"type":"string","description":"The name of the resource"},"value":{"type":"string","description":"The value of the resource"},"description":{"type":"string","description":"The description of the resource"},"fragment_type":{"type":"string","description":"Akeyless Customer Fragment type. Supported fragment types in CM - [\"standard\"]"}}}}}}}],"responses":{"202":{"description":"Accepted","schema":{"type":"object","properties":{"customer_fragments":{"type":"array","items":{"type":"object","description":"The Customer Fragment is a secret object which is used to protect akeyless secrets","properties":{"id":{"type":"string","readOnly":true,"description":"The unique identifier of akeyless customer fragment"},"name":{"type":"string","readOnly":true,"description":"The name of the resource"},"description":{"type":"string","readOnly":true,"description":"The description of the resource"},"status":{"type":"string","readOnly":true,"description":"Gives the status for imported Customer Fragments. Can be either \"success\" or \"fail\""},"error":{"type":"string","readOnly":true,"description":"Error message for customer fragments with failed import status"}}}},"total":{"type":"integer","readOnly":true,"description":"Total number of customer fragments to be imported."},"success":{"type":"integer","readOnly":true,"description":"Number of successfully imported customer fragments."},"failures":{"type":"integer","readOnly":true,"description":"Number of customer fragments failed to import."}}},"examples":{"application/json":{"total":2,"success":1,"failures":1,"customer_fragments":[{"id":"cf-dcfs23u4gaphogaq8kpo","name":"test-cf","description":"test-cf-desc","status":"success"},{"id":"cf-q6kl59czwvwektixg4hb","status":"fail","error":"Customer Fragment belongs to unsupported type : hsm_wrapped"}]}}},"409":{"description":"Conflict | Maximum 50 Customer Fragments are allowed to import at once."}}}},"/v1/configs/akeyless/gateway-versions/upload":{"x-feature":"FF_AKEYLESS_IN_PLACE_UPGRADE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Upload","description":"Upload Akeyless Versions file. This updates the list of versions to which the akeyless gateway can be upgraded to.\n","tags":["Akeyless Configuration"],"responses":{"201":{"description":"OK","schema":{"type":"object","required":["akeyless_versions"],"properties":{"akeyless_versions":{"type":"array","items":{"type":"object","description":"The Akeyless Version enables the gateway to be upgraded to the enclosed version.","properties":{"version":{"type":"string","format":"string","readOnly":true,"description":"Holds the version number."},"release_date":{"type":"string","format":"string","readOnly":true,"description":"The release date of the specified version."},"default":{"type":"boolean","readOnly":true,"description":"Specifies if this akeyless version is the default version for current CipherTrust Manager version. True meaning this is the minimum supported version for this CM build."},"current":{"type":"boolean","readOnly":true,"description":"Specifies if this akeyless version is the active version. If true, this version is set as the akeyless version on CipherTrust Manager."}}}}}},"examples":{"application/json":{"skip":0,"limit":10,"total":2,"akeyless_versions":[{"version":"4.5.0","release_date":"2024-03-15T00:00:00Z","default":false,"current":true},{"version":"4.3.0","release_date":"2024-03-04T00:00:00Z","default":true,"current":false}]}}},"401":{"description":"Upload failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/configs/akeyless/gateway-versions/":{"x-feature":"FF_AKEYLESS_IN_PLACE_UPGRADE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Gets a list of versions to which the akeyless gateway can be upgraded to.","tags":["Akeyless Configuration"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"version","in":"query","required":false,"type":"string","description":"Filter result by akeyless version."},{"name":"default","in":"query","required":false,"type":"boolean","description":"Filter result by default akeyless version."},{"name":"current","in":"query","required":false,"type":"boolean","description":"Filter result by active akeyless version."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","description":"The Akeyless Version enables the gateway to be upgraded to the enclosed version.","properties":{"version":{"type":"string","format":"string","readOnly":true,"description":"Holds the version number."},"release_date":{"type":"string","format":"string","readOnly":true,"description":"The release date of the specified version."},"default":{"type":"boolean","readOnly":true,"description":"Specifies if this akeyless version is the default version for current CipherTrust Manager version. True meaning this is the minimum supported version for this CM build."},"current":{"type":"boolean","readOnly":true,"description":"Specifies if this akeyless version is the active version. If true, this version is set as the akeyless version on CipherTrust Manager."}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":2,"resources":[{"version":"4.5.0","release_date":"2024-03-15T00:00:00Z","default":false,"current":true},{"version":"4.3.0","release_date":"2024-03-04T00:00:00Z","default":true,"current":false}]}}}}}},"/v1/configs/akeyless/gateway-version":{"x-feature":"FF_AKEYLESS_IN_PLACE_UPGRADE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"patch":{"summary":"Updates the Akeyless version","description":"Updates the Akeyless version. Only versions from the verified list of versions can be updated.\n","tags":["Akeyless Configuration"],"parameters":[{"name":"body","in":"body","description":"version","schema":{"type":"object","title":"Update version","required":["version"],"properties":{"version":{"type":"string","description":"Akeyless version name"}}}}],"responses":{"200":{"description":"OK"},"401":{"description":"Authorization failed.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}},"404":{"description":"Record not Found."}}},"get":{"summary":"Returns the active Akeyless version","description":"Returns the active Akeyless version\n","tags":["Akeyless Configuration"],"responses":{"200":{"description":"OK","schema":{"type":"object","description":"The Akeyless Version enables the gateway to be upgraded to the enclosed version.","properties":{"version":{"type":"string","format":"string","readOnly":true,"description":"Holds the version number."},"release_date":{"type":"string","format":"string","readOnly":true,"description":"The release date of the specified version."},"default":{"type":"boolean","readOnly":true,"description":"Specifies if this akeyless version is the default version for current CipherTrust Manager version. True meaning this is the minimum supported version for this CM build."},"current":{"type":"boolean","readOnly":true,"description":"Specifies if this akeyless version is the active version. If true, this version is set as the akeyless version on CipherTrust Manager."}}},"examples":{"application/json":{"version":"4.5.0","release_date":"2024-03-15T00:00:00Z","current":"true","default":"true"}}},"401":{"description":"Authorization failed.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}},"404":{"description":"Record not Found."}}}},"/v1/configs/interfaces/{interface}/use-certificate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","description":"The name of the interface.\n","required":true,"type":"string"}],"post":{"summary":"Copy Interface Certificate.","description":"Copies the server certificate from the interface provided in the parameter.\n","tags":["Interfaces"],"parameters":[{"name":"body","in":"body","description":"Source interface name","schema":{"type":"object","title":"Copy request","required":["copy_from"],"properties":{"copy_from":{"type":"string","description":"Source interface name"},"pending_renewal":{"type":"boolean","description":"If true, the certificate will be saved as an upcoming/renewed certificate to be applied later\nor applied immediately in case of false.\n"}}}}],"responses":{"200":{"description":"OK","schema":{"properties":{"certificates":{"type":"string"}}},"examples":{"application/json":{"certificates":"-----BEGIN CERTIFICATE-----\\nMIIBXD...Favxw==\\n-----END CERTIFICATE-----\\n\n"}}}}}},"/v1/configs/interfaces/{interface}/renewal-certificate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","description":"The name of the interface.\n","required":true,"type":"string"}],"get":{"summary":"Get Upcoming Certificate","description":"Return the public portion of the upcoming certificate in PEM format.\n","parameters":[{"name":"type","in":"query","required":false,"type":"string","description":"Indicates the type of the interface identifier. Valid values are \"name\" and \"port\". If not specified, the default value \"name\" is assumed."}],"tags":["Interfaces"],"responses":{"200":{"description":"OK","schema":{"properties":{"certificates":{"type":"string"}}},"examples":{"application/json":{"certificates":"-----BEGIN CERTIFICATE-----\\nMIIBXD...Favxw==\\n-----END CERTIFICATE-----\\n\n"}}}}},"put":{"summary":"Put upcoming Certificate","description":"Put or replace the upcoming certificate for this interface","parameters":[{"name":"body","in":"body","required":true,"description":"The details of the certificate operation to be performed.\nFor certificate import you will need the properties certificate, format, and if encrypted, password.\nFor self-signed generation all you will need is generate.\n","schema":{"type":"object","title":"Put Certificate","required":["certificate","format"],"properties":{"certificate":{"type":"string","description":"The certificate and key data in PEM format or base64 encoded PKCS12 format. A chain of certs may be included - it must be in ascending order (server to root ca).\n"},"format":{"type":"string","description":"The format of the certificate data (PEM or PKCS12).\n"},"password":{"type":"string","description":"Password to the encrypted key.\n"},"generate":{"type":"boolean","description":"Create a new self-signed certificate.\n"},"skip_validation":{"type":"boolean","description":"Disables the certificate chain validation. Default set to false.\nWhen the verification is not skipped the upload will be successful only when the chain is complete upto a self signed CA either present in the upload request or present in the CipherTrust Manager.\n"}}}}],"tags":["Interfaces"],"responses":{"200":{"description":"Successful resource update.","schema":{"properties":{"certificates":{"type":"string"}}},"examples":{"application/json":{"certificates":"-----BEGIN CERTIFICATE-----\\nMIIBXD...Favxw==\\n-----END CERTIFICATE-----\\n\n"}}}}},"delete":{"summary":"Delete Upcoming Certificate","description":"Delete the previously uploaded upcoming certificate\n","tags":["Interfaces"],"responses":{"200":{"description":"OK"},"404":{"description":"Not Found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/configs/interfaces/{interface}/renewal-certificate/apply":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","description":"The name of the interface.\n","required":true,"type":"string"}],"post":{"summary":"Apply Upcoming Certificate","description":"Replace the existing/in use certificate of the interface with the upcoming certificate\n","tags":["Interfaces"],"responses":{"200":{"description":"OK"}}}},"/v1/logs/download/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Logs Download","x-interactive":false,"description":"This API returns a gzipped tarball (tar.gz) containing the log file(s), certificate and digital signature.\nThe ca_id(optional parameter) and include_logs(optional parameter) can be passed using the query parameters.\nIf CA ID is not provided, the default local CA i.e. KeySecure Root CA, signs the log file.\n\nValid values for include_logs are system, activity and all.\n\"system\" includes the current system logs, \"activity\" includes the current NAE, KMIP and Web activity logs,\nand \"all\" flag includes both the current and the rotated logs in the CipherTrust Manager.\n\nMultiple values can be mentioned, separated by commas. Default value is \"system, activity\"\n","tags":["Logs","deprecated"],"produces":["application/gzip"],"parameters":[{"name":"ca_id","in":"query","required":false,"type":"string","description":"Use the provided CA to issue certificate and sign log file"},{"name":"include_logs","in":"query","required":false,"type":"string","description":"Example\n1. \"system, all\" downloads all the system logs.\n2. \"activity\" only downloads the current activity logs.\n3. \"system, activity\" downloads current system and activity logs.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/logs/download/nae-activity-logs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download NAE Activity Logs","x-interactive":false,"description":"This API returns a gzipped tar file containing NAE activity log files, certificate and digital signature.\n","tags":["Logs"],"produces":["application/gzip"],"parameters":[{"name":"ca_id","in":"query","required":false,"type":"string","description":"Use the provided CA to issue certificate and sign log file"},{"name":"start_datetime","in":"query","required":false,"type":"string","format":"date-time","x-nullable":true,"description":"Filters results by start date of logs. Timestamp should be UTC format e.g. 2023-09-11 11:24:22\n"},{"name":"end_datetime","in":"query","required":false,"type":"string","format":"date-time","x-nullable":true,"description":"Filters results by end date of logs. Timestamp should be UTC format e.g. 2023-09-11 11:24:22\n"}],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/logs/download/kmip-activity-logs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download KMIP Activity Logs","x-interactive":false,"description":"This API returns a gzipped tar file containing KMIP activity log files, certificate and digital signature.\n","tags":["Logs"],"produces":["application/gzip"],"parameters":[{"name":"ca_id","in":"query","required":false,"type":"string","description":"Use the provided CA to issue certificate and sign log file"},{"name":"start_datetime","in":"query","required":false,"type":"string","format":"date-time","x-nullable":true,"description":"Filters results by start date of logs. Timestamp should be UTC format e.g. 2023-09-11 11:24:22\n"},{"name":"end_datetime","in":"query","required":false,"type":"string","format":"date-time","x-nullable":true,"description":"Filters results by end date of logs. Timestamp should be UTC format e.g. 2023-09-11 11:24:22\n"}],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/logs/download/web-activity-logs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download Web Activity Logs","x-interactive":false,"description":"This API returns a gzipped tar file containing web activity log files, certificate and digital signature.\n","tags":["Logs"],"produces":["application/gzip"],"parameters":[{"name":"ca_id","in":"query","required":false,"type":"string","description":"Use the provided CA to issue certificate and sign log file"},{"name":"start_datetime","in":"query","required":false,"type":"string","format":"date-time","x-nullable":true,"description":"Filters results by start date of logs. Timestamp should be UTC format e.g. 2023-09-11 11:24:22\n"},{"name":"end_datetime","in":"query","required":false,"type":"string","format":"date-time","x-nullable":true,"description":"Filters results by end date of logs. Timestamp should be UTC format e.g. 2023-09-11 11:24:22\n"}],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/logs/download/debug-logs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download Debug Logs","x-interactive":false,"description":"This API returns a gzipped tar file containing debug log files, certificate and digital signature.\n","tags":["Logs"],"produces":["application/gzip"],"parameters":[{"name":"ca_id","in":"query","required":false,"type":"string","description":"Use the provided CA to issue certificate and sign log file"},{"name":"start_datetime","in":"query","required":false,"type":"string","format":"date-time","x-nullable":true,"description":"Filters results by start date of logs. Timestamp should be UTC format e.g. 2023-09-11 11:24:22\n"},{"name":"end_datetime","in":"query","required":false,"type":"string","format":"date-time","x-nullable":true,"description":"Filters results by end date of logs. Timestamp should be UTC format e.g. 2023-09-11 11:24:22\n"}],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/logs/download/all-logs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download All Logs","x-interactive":false,"description":"This API returns a gzipped tar file containing log files including debug and activity (NAE, KMIP and web),\ncertificate and digital signature.\n","tags":["Logs"],"produces":["application/gzip"],"parameters":[{"name":"ca_id","in":"query","required":false,"type":"string","description":"Use the provided CA to issue certificate and sign log file"},{"name":"start_datetime","in":"query","required":false,"type":"string","format":"date-time","x-nullable":true,"description":"Filters results by start date of logs. Timestamp should be UTC format e.g. 2023-09-11 11:24:22\n"},{"name":"end_datetime","in":"query","required":false,"type":"string","format":"date-time","x-nullable":true,"description":"Filters results by end date of logs. Timestamp should be UTC format e.g. 2023-09-11 11:24:22\n"}],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/logs/level/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get Log Level","x-interactive":false,"description":"This API allow users to get log level for `kmip` and `nae` service.\n","tags":["Logs"],"produces":["application/json"],"parameters":[{"name":"service","in":"query","required":true,"type":"string","description":"Service Name."}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"service":{"type":"string","description":"Service Name.","enum":["kmip","nae"]},"level":{"type":"string","description":"Log level string.","enum":["ERR","INF","DBG"]}}},"examples":{"service":"kmip","level":"INF"}},"401":{"description":"Unauthorized.","schema":{"type":"string"}}}},"post":{"summary":"Set Log Level","x-interactive":false,"description":"This API allow users to set log level for `kmip` and `nae` service.\n","tags":["Logs"],"consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"ServiceLogLevel","in":"body","required":true,"description":"Service log level object","schema":{"type":"object","properties":{"service":{"type":"string","description":"Service Name.","enum":["kmip","nae"]},"level":{"type":"string","description":"Log level string.","enum":["ERR","INF","DBG"]}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"service":{"type":"string","description":"Service Name.","enum":["kmip","nae"]},"level":{"type":"string","description":"Log level string.","enum":["ERR","INF","DBG"]}}},"examples":{"service":"kmip","level":"INF"}},"401":{"description":"Not Authenticated.","schema":{"type":"string"}},"403":{"description":"Access Forbidden","schema":{"type":"string"}},"422":{"description":"Invalid Parameter","schema":{"type":"string"}}}}},"/v1/kmip/kmip-profiles":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns the kmip client profiles.","tags":["KMIP/Client-Management"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"name","in":"query","collectionFormat":"multi","type":"string","description":"Filters results to those with matching names. The '?' and '*' wildcard characters may be used."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"System property name."},"value":{"type":"string","description":"System property value."},"description":{"type":"string","description":"Description of the system property."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"profile1","properties":{"cert_user_field":"","csr":"","csr_cn":"","csr_org_name":"","csr_org_unit":"","csr_email":"","csr_city":"","csr_state":"","csr_country":"","csr_uid":""},"device_credential":{"device_id":"","machine_id":"","media_id":"","network_id":"","serial_no":""}}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"post":{"summary":"Create","description":"This route will create KMIP client profile.\n","tags":["KMIP/Client-Management"],"parameters":[{"name":"Time","in":"header","description":"Current date and time of the client in UTC. ex) 2006-01-02T15:04:05.000Z","type":"string"},{"name":"body","in":"body","description":"The body of the request should contain the username and password\nof the user acquiring the token and optionally grant type or the refresh token\nwith grant type.\n","schema":{"type":"object","title":"Create Client Profile","required":["name","properties"],"properties":{"name":{"type":"string","description":"Client Profile name.\n"},"properties":{"type":"object","description":"Properties object will contains all profle properties, if CSR is given then no need to provide other csr params.\n cert_user_field [Specifies how the user name is extracted from the client certificate for kmip app client ]\n csr [CSR for client certificate for kmip app client ]\n csr_cn [CSR common name parameter for client certificate for kmip app client]\n csr_org_name [CSR organization name parameter for client certificate for kmip app client]\n csr_org_unit [CSR organizational unit parameter for client certificate for kmip app client]\n csr_email [CSR email address parameter for client certificate for kmip app client]\n csr_city [CSR city name parameter for client certificate for kmip app client]\n csr_state [CSR state name parameter for client certificate ]\n csr_country [CSR country name parameter for client certificate]\n csr_uid [CSR UID parameter for client certificate].\n csr_sn [ CSR surname parameter for client certificate].\n Fields like csr_org_name, csr_org_unit, csr_email, csr_city, csr_state and csr_country can have multiple values if specified in\n array. Example :- { \"csr_org_unit\" : [\"val1\",\"val2\",\"val3\"],\"csr_state\" : \"State\" }\n"},"device_credential":{"type":"object","description":"Device credential object will contains all device credentials related properties, please provide if the credential type is device.\n serial_no [Serial number of the device ]\n password [Password or shared secret of device]\n device_id [Device identifier]\n network_id [Network identifier]\n machine_id [Machine identifier]\n media_id [Media identifier]\n"},"do_not_modify_subject_dn":{"type":"boolean","description":"Flag to specify if the subject distinguished name (Subject DN) in the presented CSR is allowed to be modified or not.\nIf this is flag is set to true, then the subject distinguished name must be unique across all the CipherTrust Manager clients,\notherwise the client registration will not be allowed.\nThis flag is only applied when CSR is provided in the properties.\n"},"subject_dn_field_to_modify":{"type":"string","description":"This field is used in making the subject distinguished name (Subject DN) unique. This is required when the Subject DN from client's CSR is not unique in itself.\nAdmins should choose one of the following fields for this purpose. If none is chosen, by default UID is used to modify the Subject DN.\nIf the admin does not want the Subject DN to be modified, set the do_not_modify_subject_dn flag to true.\nIf one of these fields (except OU) is chosen, the original field values would be overridden by CipherTrust Manager .\nIf OU is chosen, the OU would be appended in the Subject DN with other attributes.\n","enum":["UID ('userid')","CN ('commonName')","SN ('serialNumber')","DNQ ('dnQualifier')","OU ('organizationalUnit')"]},"cert_duration":{"type":"integer","format":"uint64","description":"Duration in days for which the CipherTrust Manager client certificate is valid. The value cannot be negative."}},"example":{"name":"profile1","properties":{"cert_user_field":"","csr":"","csr_cn":"","csr_org_name":"","csr_org_unit":"","csr_email":"","csr_city":"","csr_state":"","csr_country":"","csr_uid":"","csr_sn":""},"device_credential":{"serial_no":"","password":"","device_id":"","network_id":"","machine_id":"","media_id":""}}}}],"responses":{"201":{"description":"Successful client profile creation.","schema":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles. Properties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]},"examples":{"application/json":{"success":"profile created successfully"}}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/kmip/kmip-profiles/{name}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","description":"The name of the client profile","required":true,"type":"string"}],"get":{"summary":"Get","description":"Return kmip client profile with given name.\n","tags":["KMIP/Client-Management"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles. Properties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]},"examples":{"application/json":{"id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","name":"profile1","properties":{"csr":"","csr_org_name":"Thales","csr_city":"Noida","csr_state":"UP","csr_country":"IN"},"device_credential":{"serial_no":"12345678","device_id":"dev-123","network_id":"Net-123","machine_id":"Machine-KS-1","media_id":"Media123"}}}}}},"delete":{"summary":"Delete","description":"Delete given kmip client profile.\n","tags":["KMIP/Client-Management"],"responses":{"204":{"description":"No Content | Successful deletion of kmip client profile."}}}},"/v1/kmip/kmip-clients":{"post":{"summary":"Register KMIP client","description":"This route is for registering a kmip client.\n","tags":["KMIP/Client-Management"],"parameters":[{"name":"body","in":"body","required":true,"description":"To register a kmip client. The name of the client and registration token to register the client is provided in body.\n","schema":{"type":"object","title":"Register KMIP client","required":["name","reg_token"],"properties":{"name":{"type":"string","description":"Client Name.\n"},"reg_token":{"type":"string","description":"Registration token mapped with Kmip Profile.\n"},"ext_cert":{"type":"string","description":"Client certificate signed by an external CA used in registering a KMIP client.\n"}},"example":{"name":"kmip1","reg_token":"ADW3CDSDCX==","ext_cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3u9h6JmcCy7BzJY=\n-----END CERTIFICATE-----"}}}],"responses":{"201":{"description":"Successful client registration.","examples":{"client_id":"7f8243dc-fa0d-4857-a382-fe70e0744fbc","key":"-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEA73clYaBS0gkqhk2CnNgGstCA8rFoqCfjYmz2nF4gAShO8N88\naTZsqA477saygoIi2FGfr/h+R3mVPBHe0ErdjZez1MiQFD6CnPIAzVsiVN9d3zFV\noeCy81LnyVpjUVOoz6OVUh8CWkomduhiQZzyfpoK32SBYO3nqU1zQB9UGPRMPyfn\nBObu4nLUa5+LAK5htpW4Swdluk2HcYnW29elHHKnsjN0Jz7bjhy9q3YvnFmIMhXg\nF6g4beB911D1a6pZj7pNUB1k0trslUxb7eqh+JvW4fIIc3DQF5z8gwDjyqDsk2dL\nAMHoVdJ5ivueoWE5FY5pCLsNPsXol1jdxde40wIDAQABAoIBAQCDTJLkiqGepIP6\ni7lYAmL53LU3XOsDeIuGxjQZ3MozmERgciaPkdXV96gI7k2mnXA5p9elBt1Gl3Wq\nMCo5jzMXldx2iVnmn7fCEjc6YgPbAXZZEJXhYnD8VbLdhn/6caKX5xvSoUoK86lP\nfW+Shlm37QKVJmiCGy/wdpUAzayw2QL8mpY+AyHsvU4QmvezHicGWgEV6KuBMWfp\nkSKtekNC5dbdz31H3LhkWvPMFzwNTjCZ/hENzG+NBK+UixuMqWSgOb/y3dZokiFt\n6CslCfYkNzQzMFS9Al6LeFvPTzJRT8AHDVmBB1PhSnLKuWNxhLRHqMVw8rCKjXhF\nIZjsD7FhAoGBAPxZONKykRlFKLQp4+OmkoaICDnOrfaxHeUbBnuctfEF2tI07WPi\nWgInDHfcc8nayGKl/R22yTsgNr56Urnv+atL3ypgrGag6PbP52D73JYttQw3fde1\n+Oxwwj1nZL+1XTgZ9ziCLVsUxJ9OklnKMKM8PSqRR6A4aT/3NtnrB987AoGBAPLu\nM3N/DRGO4C8Pum0aqXguRlA41AQz6Q3gpLIg7sZNufI3bP8av1E5N5GLnyDVQafj\nyl8nZZkkMt6LS5mm8QC5Ew9ajDZjPZca1JR9x868tv/wBlYPrGIiri7NkIf9JDwv\nIxlGIvxqUKJGPcR8K5mQq/vfMTBgAy/+qEbd/CNJAoGAHAcQ354DranXxoLsk8lZ\nduW+/CSvf7nWVy70PmB+eMGstzI3t6NZWenaYamzlpTdMs+62EUH/rAqRGezroEv\n2s23gK5yF4gBuAAJc+Ulb+ytsiirqnzEpAY2HLnSH9TWALgplDYpMXeSCxuf96cU\nVd0H8iVmri31yqv7hKKtIicCgYBAy1fdzl1l+X3CD6fhweLBs1X9v6qNFGts0CYd\nfLszGTgnarEfubqdp20y3NKspzTD2vX3O0LV/dmzkeOwL97IGpUC21vahc2/p+Bb\nWtEYSy1kRljqS3PnGOjsgtex7crkYo4yB4r9WD35ilKfPZ9Dblrw6y7rgDBZdMrd\nXAgMQQKBgB3R01iyHeaphD37L9/LDjVCtpzLMuendTQnKgIM+CpH4pw2k6Doi9/I\ni8YK7LGmnIxR9TPmsKICv8lUmBkq2mOztMfLadJDxnSJ1ckMtN3ba5RzfIyc3Y7E\nybSRpjvFa6uDYTJotcC/H3jft+3CQnN1viX5wlrAgcGf16O1vtU5\n-----END RSA PRIVATE KEY-----\n","signed_csr":"","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIICVzCCAT8CAQAwEjEQMA4GA1UEAxMHa21pcDEyMjCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAO93JWGgUtIJKoZNgpzYBrLQgPKxaKgn42Js9pxeIAEo\nTvDfPGk2bKgOO+7GsoKCIthRn6/4fkd5lTwR3tBK3Y2Xs9TIkBQ+gpzyAM1bIlTf\nXd8xVaHgsvNS58laY1FTqM+jlVIfAlpKJnboYkGc8n6aCt9kgWDt56lNc0AfVBj0\nTD8n5wTm7uJy1GufiwCuYbaVuEsHZbpNh3GJ1tvXpRxyp7IzdCc+244cvat2L5xZ\niDIV4BeoOG3gfddQ9WuqWY+6TVAdZNLa7JVMW+3qofib1uHyCHNw0Bec/IMA48qg\n7JNnSwDB6FXSeYr7nqFhORWOaQi7DT7F6JdY3cXXuNMCAwEAAaAAMA0GCSqGSIb3\nDQEBCwUAA4IBAQBpUtybSG6DG5J3LROkGj3/qcvu2Fdz6oCDq+B3Pnz06iJX2w4E\nFZGIGMYotq1m0DXv4xODFOMiLa8D8waef/+cN7dihPq1wKqw6Ml2I0/5nNY/51c4\ntuCRVDZ5zuBLVfw77yp93+VqwUHKP34398PcsYwtafm9jQM4lT7mLlaTjynVmyoF\nitocPLQLdXMbakAWPpu/+XJt4rGPCh35dv8ojPyChR0H43NMcXNX8sw2MzVwAHSE\nNJBcgC/6IIME8yNcljV3YTywe0VkVIJHgA5rJN9OwV3M3Hfji/9S/u3pD1Ixto48\nDJXbUwe5ubTKH9Eqo6TIu1sxdreKz1ONvlYV\n-----END CERTIFICATE REQUEST-----\n","cert":"-----BEGIN CERTIFICATE-----\nMIIEKzCCAhOgAwIBAgIQcftu9vMScnHheHSZPK7cdTANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNhbXAxEDAO\nBgNVBAoTB0dlbWFsdG8xGjAYBgNVBAMTEUtleVNlY3VyZSBSb290IENBMB4XDTE5\nMTIwOTA4Mzk1MFoXDTIxMTIwODA4Mzk1MFowEjEQMA4GA1UEAxMHa21pcDEyMjCC\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO93JWGgUtIJKoZNgpzYBrLQ\ngPKxaKgn42Js9pxeIAEoTvDfPGk2bKgOO+7GsoKCIthRn6/4fkd5lTwR3tBK3Y2X\ns9TIkBQ+gpzyAM1bIlTfXd8xVaHgsvNS58laY1FTqM+jlVIfAlpKJnboYkGc8n6a\nCt9kgWDt56lNc0AfVBj0TD8n5wTm7uJy1GufiwCuYbaVuEsHZbpNh3GJ1tvXpRxy\np7IzdCc+244cvat2L5xZiDIV4BeoOG3gfddQ9WuqWY+6TVAdZNLa7JVMW+3qofib\n1uHyCHNw0Bec/IMA48qg7JNnSwDB6FXSeYr7nqFhORWOaQi7DT7F6JdY3cXXuNMC\nAwEAAaM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAwG\nA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAH1PMnNJkS6yHTKqSIgv99QR\npd0l+3e2HfsslgWgQ12u4fpsNO6HqgTRj5U5pVj9naFxIZpj04hTgSPbvV1Bq867\nmwpeMpm9bZnmunD0osmuoaDvrJ3BUr/gsmtUc+jP6jc6Sxtu00W6HzCuxV/aX3sK\nc6ls2DlWXzxq1aKst0k9AL4Bq4N5J5dp3rc/U8ptv3mXzQ86PqDu7wAn/qjnJ8Og\nSSgxLUrF6Cr8Qd1Mb1jLWfX4RwIjM6ND931GPzGjvRQ0d7+Cubveso5RduwsTozr\nnQngyjANySrXl687Sj22VFdzrAJqy4QC3FAfDsBZirBNOOHfoY03JcXKG+xnyxeq\nbiBYg7NQVqlV8Fn4IvLVf7q6C6fP4+fFOltpW52oUkVb9Ae22u2IhtYoUivaNxzC\nASkY+GJhNIRXxJSM3x1JJzbKcHTR+yGezgNXCXm+AW3YV6vApHihLWr5NB9fiAhS\nvuW+G30/piUiJK3HRTswVkAuXhhSsw7d3Gu9thOjU63YqxtZENvEVViCbP0iM6J5\n3vPOua4lCoysm9CzkBx2gWoNBBbFcqx6T5sPhLM8H08fMfgtdjwmmRxxaV3cR89E\ndJ7v04Tf75RcmcEGyLljYNdo9OHDBC2FTpWFfLDBtM6zSFSdnJsyajXJ4OC2RsM+\n84e6K77ZD0fJK1J2TUwm\n-----END CERTIFICATE-----\n","client_ca":"-----BEGIN CERTIFICATE-----\nMIIFljCCA36gAwIBAgIRAMkiVccUDK7+Pu/tCdz5+8cwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0x\nOTEyMDkwNjM4MTFaFw0yMjAzMTMwNjM4MTFaMFwxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEcMBoG\nA1UEAxMTd2ViLmtleXNlY3VyZS5sb2NhbDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\nADCCAgoCggIBANalknhw0iXRsovQovxedMry7yJevMEEIfb7yGyHuwOKx76ISJ1H\ngJ8QKtICeRwOcegDkRhoAJDn1tgoKGTwP0iqccxSW9JbzJFuOGS6nC0YfeRxidKM\nxbGs5j8Vs1h3gHhzyZs0tu9OZBgWldJpT3qKDMvExybpo7rhjNW/4hen/8p75UB+\n+fDPz6znHb3ugmprFSDXU0v1euSZIC0omipaEmv4uXvNMCqGOEded4Iyjnq036L/\nfEYWiPhKPUyIU4TWuALU6DSuJVuc7f1LTVepnxZ2QGJChN7tUAVrb6L+TmaIlagJ\nG4Vi458lFeR0Cj0gVOuN9xZyAtHezipkutHJTN3erPPQrZChgRQPyavohCxl8goP\n4b/683lq/d+yzsQqJumcRYm9RAumT+MxnIc6puwXhDE3wUF8pQPHUWsY+hfpVkWv\nXFvaGpk1bSfxYC8b4QsbtjBn1UZGXAXd0wqecUI4iFZh084FkIRA9ll3A0GuFI88\nZycs/xoUGZ4qzvGTFi1So+x+kuOvWsuPhJzPN5WyMN+NEDi1ZdYXGrc3BdKgd1EG\n3uuTzjqbXjCzJgXgB78tfRpRogflj+qQpyqg4gBiRrkNBg8zw25OvsGtzkIYvS6I\nHbEX+3nmoLTb03QjEnfVOf9jg3SMoQd+rVpRYxhcU3m9yoCYgHQuLrghAgMBAAGj\nVTBTMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMB\nAf8EAjAAMB4GA1UdEQQXMBWBE3N1cHBvcnRAZ2VtYWx0by5jb20wDQYJKoZIhvcN\nAQELBQADggIBAHfCScI6bmrGGAEZk++opmTS8UfuW52E7UfUngB03AjQiDIE4632\n1GcBAFrpj6chbVaJcSTsdQoifj87yC5RbA73fUI/z2P2ruhb0YSvTDOkaoV23rYY\nkJczejm25RPNcsX28wYcv93yjF2rGQC6JVX6NgDyApv6fZjwLJnuGj6Hst/dBefX\ngm2BY62QU0w/d4RitZ1tBr8275JBNAIiRf33tNZ2mNnndmnEBYa56qfIE1ZUyM1m\noNA7HdCmjJ8aAgcvWYVcyrgnf98zuw9F2pEtO6SmHHb3NdK6VdPXp24AB7LlnMHD\nbL7Scj2YxSL6SKbOtEXpIsmTwkOp1bh+YkoxAIMItdOiTNXMG5GMeEwPuXxGK0Gh\npFhiBw4BKkO6luhOWLL49SA2EF1tbJ6+/T1wC49DcvHSq4QZT0n7srlUr3Dj64mz\nV9ZOIEtcpKTEG3frO7JaDX3oyf1TlOq4N8/G1sN+fF7BfoN3dX2ycJfuKyBULz8+\nd5WPUsl0EAP4gx5PwLblXcMtggApB1p6kHZNBlqg7zexU5yM48q1CZqkaLWLhJx9\nDdK7Ztdl6Y+EzZSCxGTF2d4HZjr4prC2IcueMTVm7R2YHkPwQjA0msNwjdVNGqig\nyLA9moWPCUljjp2d6qO+OXBLvGRmEBrVuZDLzBtARQ+eO1c4ixEEQ56x\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFgjCCA2qgAwIBAgIRAKgmQDuBuDdWmvBhHf0fNYAwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0x\nOTEyMDkwNjM4MDhaFw0yOTEyMDYwNjM4MDhaMFoxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEaMBgG\nA1UEAxMRS2V5U2VjdXJlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\nggIKAoICAQDkoXr6EPADnKF1C4tM4kHePFIzIFWeEI10MdUuKMyhgJYTofDSL4uG\n3uYWPmLkQcAuokcUC2MLGDcJU6zyFfv4DhA6VL9/Hef2P//Oj0BOvG71QV4g9lkT\nKlTfx6981JhE3ioXZNRkuLsLnTTENm7K1taKCqxv9HOgrCgHSDwC3bE9gBGuXokG\njt0S4cLdD/PkkrZyXQCbKZUi5XLK9F5Re9kB485t58zL/GdyDkgXFgldl3QsJIYw\nZIr7ekjxyURLQgeTDW8OPDsyqlD1vErSnDoxmOfuUW61bdS02SnVWm1ETCHvgylt\n5sEv+ITbkb0Xykm2WL6M09InjaDhXc4eSpwTZxDpYoKmQEu8O8JdXByOrWuGFjvN\nNiv8xeC2Ti4Bewab46tFB6tzHGK8MaGlti4kSCuU7TwhC8Rwm9HeJBkmqfWGGreR\n7O23dku8q7PnLNV7XPzVPn/K7FQPjs3fGTwwDF+FoXUhNVd5whyaKEinDPirjEGj\nFnhe11vfmv5ZKswxPLIwTkG5lvyUUNkuLSzflsbb+OIESqQjWOlweGJlrsPbNGjg\n7zYMAkB39I5lOggmnWbb2Feo4GAFEUksoFz5k8GR/15njIS01musIYTOEAQdPJ3Z\nrwsOuQTEJv9bpb93PLhwoq8IibrekqGOWvn5dGyvNjEr/EYQ3NtPBwIDAQABo0Mw\nQTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAeBgNVHREEFzAVgRNz\ndXBwb3J0QGdlbWFsdG8uY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBNQlJXZ5tR/Gpe\neNPiSn+QribNITfa8cuDhwU9y86R7wYnBvQDzvFilxP7lsuQRqb2/TkhdumPehwH\nRAn34RC7elNQXWo8xYmHH5SWH6/wPPNrK8SOM+CbnULZp+/Xml8qpMmAZG0xe8r7\nL08YizdJORGm8s8AJmVc8Wu0WihnBptlVEZv/nvUnpXGzAOK7QwmaZFdRTeNAxzR\nxf8ePW+fRfUVz9+nfDbATWidgxquHi/AT7SWaRMV7d+50VGthwvC+x7gce6qGWA1\nbdXha9zgVVOa/YgWCKylZhQIKVw7qnnqbOBArlnYocrFOFnPMfNLTkP4hGVxyCn5\nSDjuNOiD5peR/D3IFXg0hZ5tSECz3BfSLffOI8zECjnmwztLULa8eQhvhd/jubjg\nt3DgKnYq7VLw/KNbhmV/8rzV84hY1/vkj9LVUiGUqubbFe4LBtMuuHrdUZkBkccn\njbVMl3m1iPk1DisSP4C5TEJbsrH0YA8T7uL92RFL4HdT5Hkvcnf4BGo3PaSPGMfl\nCXPPVNn9W1MIP30gzFxXZys/lVTnFG/Lx9p1ytb5h3VZ+iEmsHHekyiSeS5BCitc\n0aB4cUtqwsIi1gAaliAeWhJzrnFN5+PDjM5SvqUFbFExiXHtBpCbq9RDd8pMdITK\niv2Bw42YgC0Jl+vmH1zMg+jZFP/CIA==\n-----END CERTIFICATE-----\n"}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"get":{"summary":"List","description":"Returns the kmip registered clients.","tags":["KMIP/Client-Management"],"parameters":[{"name":"name","in":"query","description":"Name of the registered client.","required":false,"type":"string"},{"name":"id","in":"query","description":"Id of registerd kmip client.","required":false,"type":"string"},{"name":"profile_name","in":"query","description":"Profile used for registering client.","required":false,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"System property name."},"value":{"type":"string","description":"System property value."},"description":{"type":"string","description":"Description of the system property."}}}]}}}}]},"examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"6bfbf7a8-3be9-4d5c-bdd5-f7f108f75779","uri":"kylo:kylo:nae:kmip_client:kmip1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-12-10T07:31:16.267524Z","name":"kmip1","updatedAt":"2019-12-10T07:31:16.267524Z","impersonated_user":"kmip1","fingerprint":"DC903547536A32BB32004171114D945445DAB469D31C4AA0281632246953FC64","profile_name":"profile1","certificate":"-----BEGIN CERTIFICATE-----\nMIIEKTCCAhGgAwIBAgIQDvBMYTeooqPsTfYNM+WmnzANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNhbXAxEDAO\nBgNVBAoTB0dlbWFsdG8xGjAYBgNVBAMTEUtleVNlY3VyZSBSb290IENBMB4XDTE5\nMTIwOTA3MzExNloXDTIxMTIwODA3MzExNlowEDEOMAwGA1UEAxMFa21pcDEwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC6lPiyX4pgez2Yd+hS/G3QI84\nXcEok6rCwEZG6uD8DTbePDQF/tRurUyWMDDBIYMC1UXIy683Ds1XGl2RjU6yp1yt\nvFutqOMpzYKMbt3F3KBJZlMeI/MGJELbfPdV3+ag68n1Q/iB/MiDPP67DO1pyWhg\nB1rHsZ5++YsEXAXO4Lx5Gpx+QnzmmBniDtgpUgw0zTyrTaYl3eEzoppe8N97ALEx\n89kZ0wBUryzxOOiGIV8VE6k0QwxwDzSX0eLK4JblEa4OgRBe/rbYbuZgmjdqNjNU\ns9vuDZdVy5xLdgVgEjO/3tHqtIRj0Y43T/P15kzMFZ0f/Lq2e+ZfEtjqjpYpAgMB\nAAGjNTAzMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNV\nHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4ICAQBrM4Am7EU7n00+tDscnNUuenfb\ne459Mt0iiiSRHH381FEOrqER/+9mAf1D4AA6rCm+5vuM/DT9RtLAsGGw+8pjbBDp\nMIdBPWxSxOJGlY4gUGXohjB/MFQTuMVFx6vsEaJ1DIQy1lvFqWaUCDBd/+yHydnU\n3ngHgML6o3nVkJnx2Ne+iEAy9WRkBaD05XCaJznWiLu32OcXp9/Rw5+7s2DUOwWN\ns1UeTjr7327DVvrnqHGKbMePahiPUOX4lsyjTOGzdaPcYgXLgx56d4z3uviJwxuu\nzme8GscEmoMNJlRZ+ZbuXSD+Gz2n1uIEoP60qEgLWxJrrLtRNosn4Gx3vZsy7QHx\nYoqkmRSB2FE7oWeWJdo18ubMCv1Z7Dy36ght2pTTl3QWujxF1Suac33WdGMBkdkL\n0G1f+7y+X3bbkuVsQuGMWrdhxrXIM+D7OZwksNKe6s+c1LBSxdMNDlYuXmrFsJw/\nE2pskLPA+oI8LIdtF9LKdn8z1Qz/93L2Ey323oRLublQ4wB3ENz041cLJM0v0c/J\nZ+sxGXzsnYDu5I4t3Gp3JfiAo3ExKUAZuilZnB8dnZaieve8EwOSjjXxKMGi7TtI\nWjAlv9a9nQH+JnnOCMNblDMWsAcF6zsFvef2qAoToSzzzIyDEn8Frmb823mZxZPY\nGOGKUqF6kloD9dygNg==\n-----END CERTIFICATE-----\n","device_credential":{"device_id":"","machine_id":"","media_id":"","network_id":"","serial_no":""}}]}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/kmip/kmip-clients-count":{"get":{"summary":"Get clients count","description":"Returns KMIP registered clients count across all domains.","tags":["KMIP/Client-Management","Beta"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"total":1}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/kmip/kmip-clients/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The ID of the kmip client","required":true,"type":"string"}],"delete":{"summary":"Delete","description":"Delete given kmip client.\n","tags":["KMIP/Client-Management"],"responses":{"204":{"description":"No Content | Successful deletion of kmip client."}}}},"/v1/kmip/regtokens/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Client registration token.\n","tags":["KMIP/Client-Management"],"parameters":[{"name":"body","in":"body","description":"Duration in days for which this token can be used for registering CipherTrust Manager clients. No limit by default.","schema":{"type":"object","title":"Create Client registration token","properties":{"ca_id":{"description":"ID of the trusted Certificate Authority that will be used to sign client certificate for the registration process. By default local Certificate Authority will be used to issue certificates. An external CA ID can be specified if KMIP client registration is being done using a client certificate signed by an external CA.","type":"string"},"lifetime":{"type":"string","description":"Duration in minutes/hours/days for which this token can be used for registering CipherTrust Manager clients. No limit by default. For 'x' amount of time, it should formatted as xm for x minutes, xh for hours and xd for days."},"cert_duration":{"type":"integer","format":"uint64","description":"Duration in days for which the CipherTrust Manager client certificate is valid. The value cannot be negative. It is not recommended to use this parameter, as this will be deprecated in future. Please use the one supported in profile."},"max_clients":{"type":"integer","description":"Maximum number of clients that can be registered using this registration token. No limit by default."},"profile_name":{"type":"string","description":"Name of kmip profile to be linked withthis token."},"name_prefix":{"type":"string","description":"Prefix for the client name. For a client registered using this registration token, name_prefix, if specified, client name will be constructed as 'name_prefix{nth client registered using this registation token}', If name_prefix is not specified, CipherTrust Manager server will generate a random name for the client.","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"token":{"type":"string","description":"Client registration token."},"lifetime":{"type":"string","description":"Duration in days for which this token can be used for registering CipherTrust Manager clients. No limit by default."},"cert_duration":{"type":"integer","format":"uint64","description":"Duration in days for which the CipherTrust Manager client certificate is valid. The value cannot be negative. It is not recommended to use this parameter, as this will be deprecated in future. Please use the one supported in profile."},"max_clients":{"type":"integer","description":"Maximum number of clients that can be registered using this registration token. No limit by default."},"ca_id":{"type":"string","description":"ID of the trusted Certificate Authority that will be used to sign client certificate during registration process."}}}]}},"example":{"ca_id":"d94ef496-5e43-4424-a6e7-f4213c108415","lifetime":"10h","cert_duration":10,"max_clients":100,"name_prefix":"test_client","profile_name":"profilename"}}}],"responses":{"201":{"description":"Successful client registration token creation.","schema":{"type":"object"},"examples":{"application/json":{"id":"80c46422-aed1-4ad3-b03d-919967b16d4b","uri":"kylo:kylo:munshi:tokens:80c46422-aed1-4ad3-b03d-919967b16d4b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T00:15:51.726926788Z","updatedAt":"2018-12-18T00:15:51.726926788Z","token":"zRErxzHRBCdhwfWXFvQhbFI9kMPyZvWMamCaRQUzbBlrWLlZHG2mi1GmZ9yAWsOK","valid_until":"0001-01-01T00:00:00Z","max_clients":-1,"cert_duration":10,"clients_registered":0,"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","name_prefix":"test_client","label":{"ClientProfile":"profilename"}}}}}}},"/v1/crypto/hide2":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Format-preserving encrypt","description":"This performs Format Preserving Encryption (FPE) per the FF3 algorithm.\n\nThe key used for encryption can be specified as a HTTP query parameter. \nA 256 bit AES key is created if it does not exist.\nA default key is used if the key name is not specified. The name of the default key\nis derived using quantities passed in the JWT (the issuer, subject, audience), and can\nbe considered unique per user. Once created, the same key will be reused for that user\nwhen the key name is not specified.\n \nTwo modes of input data are supported: batch data and single data.\n\nFor single data, the FPE parameters (tweak, etc.) are passed as HTTP query parameters,\nand the data is passed as plain text in the body. Set the HTTP \"Content Type\" header to\n\"text/plain\" for this mode.\n\nThe batch data mode allows passing both the FPE parameters and the plain text in the \nbody of the HTTP request. Set the HTTP \"Content Type\" and \"Accept\" headers to \"application/json\" for this mode. \nThe FPE parameters can be passed both as HTTP query parameters, or in the body. \nAny parameters passed via the body override the parameters passed in the query string.\nThe data to be encrypted must be passed in the body. Multiple plain text strings can be encrypted \nin a single request, each having their ownset of FPE parameters. The key and the hint\nare common to all data sets in the batch request.\n\nThe batch mode is recommended because it does not expose any of the FPE parameters via the HTTP query string.\nNote that the API playground only works in batch mode. The single data mode is not supported in the API playground.\n","tags":["Crypto"],"consumes":["application/json","text/plain"],"produces":["application/json"],"parameters":[{"name":"keyName","in":"query","required":false,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. An empty string is assumed if this parameter is absent. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},{"name":"version","in":"query","required":false,"type":"string","description":"This string is used for identifying the version of the cryptographic key that is used for encryption/hmac. The newest version is used if this parameter is omitted. This string is used only when the keyName parameter is also specified.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are actual version of the key, Latest version (-1), Latest active version (-2).}}"},{"name":"hint","in":"query","required":true,"type":"string","enum":["digit","alphabet","alphanumeric","printable","unicode"],"description":"This string identifies the type of input. It can be one of following printable strings - 'digit', 'alphabet', 'alphanumeric', 'printable' and 'unicode'. This hint needs to be passed."},{"name":"charset","in":"query","required":false,"type":"string","description":"This string identifies the charset name or id. It is required when hint is 'unicode'."},{"name":"tweakAlg","in":"query","required":false,"type":"string","description":"This string specifies the algorithm used for converting the tweak string into the tweak used by the FPE algorithm. Allowed values are \"sha1\", \"sha256\", \"sha512\" and \"none\". Defaults to \"none\"."},{"name":"tweak","in":"query","required":false,"type":"string","description":"This string identifies the tweak to be used along with the cryptographic key for hiding/unhiding the data. If tweakAlg is \"none\", this should be a 8-byte array encoded in hex. Length of encoded string is 16 bytes. It can be any arbitrary string if the tweakAlg is not \"none\". If provided, it must be the same for both hide and unhide operations for a given data. Tweak is not allowed if tweakAlg is empty."},{"name":"iv","in":"query","required":false,"type":"string","description":"This string identifies the IV to be used along with the cryptographic key for hiding/unhiding data. It is required only if the input data length is larger than the FPE block length. The block length depends on the hint (digit-56, alphabet,alphanumeric-32, printable-28 bytes). The IV should not be supplied if the data length does not exceed the FPE block length. The characters in the IV should lie in the alphabet specified via the hint. The length of the IV should equal the FPE block size."},{"name":"body","in":"body","required":true,"description":"The data to be hidden.\nBody can be specified in two ways: plain data for single data mode and JSON data for batch mode.\nFor plain data, provide data to be hidden in the body and Content-Type header as \"text/plain\".\nFor JSON data, provide data in JSON format as specified in the body schema and Content-Type and Accept headers as \"application/json\".\nOnly the characters in the data that are within the alphabet type specified by the hint are hidden.\nCharacters not part of the specified alphabet are returned without modification, at the same location within the string.\n","schema":{"type":"object","description":"Specify the HTTP Content-Type and Accept headers as \"application/json\" to provide data in JSON format.\nEither `\"input\"` or `\"input_base64\"` should be specified.\n","properties":{"batch_request":{"type":"array","description":"Provide single or multiple data.\n\n`\"iv\"`, `\"tweak_alg\"` and `\"tweak\"` can be part of either query parameters or `\"batch_request\"`.\nIf specified in query parameters, these will be applicable to every data in the batch.\nIf specified with a data in the batch, these will be applicable to only that data in the batch.\n\"iv\", \"tweak_alg\" and tweak\", if specified with both \"batch_request\" and the query parameters,\nvalues within \"batch_request\" takes precedence.\n\nResponse comes in `\"batch_response\"`. See `\"batch_response\"` description for more.\nResponse HTTP status code - 207 indicates failure in batch request.\n","items":{"type":"object","title":"HideData","description":"Data to hide and its associated values.\n","properties":{"input":{"type":"string","description":"Specify the data to be hidden (plaintext) as JSON string.\nEither `\"input\"` or `\"input_base64\"` should be specified.\nIf `\"input\"` is provided, `\"data\"` will contain the hidden data in the response.\n"},"input_base64":{"type":"string","description":"Specify the data to be hidden (plaintext) here. Data must be specified in base64 encoding.\nEither `\"input\"` or `\"input_base64\"` should be specified.\nIf `\"input_base64\"` is provided, `\"data_base64\"` will contain the hidden data in base64 encoding in the response.\n"},"iv":{"type":"string","description":"This string identifies the IV to be used along with the cryptographic key for hiding/unhiding data.\nIt is required only if the input data length is larger than the FPE block length.\nThe block length depends on the hint (digit-56, alphabet,alphanumeric-32, printable-28 bytes).\nThe IV should not be supplied if the data length does not exceed the FPE block length.\nThe characters in the IV should lie in the alphabet specified via the hint. The length of the IV should equal the FPE block size.\n"},"tweak_alg":{"type":"string","description":"This string specifies the algorithm used for converting the tweak string into the tweak used by the FPE algorithm.\nDefaults to \"none\".\n","enum":["sha1","sha256","sha512"],"default":"none"},"tweak":{"type":"string","description":"This string identifies the tweak to be used along with the cryptographic key for hiding/unhiding the data.\nIf tweakAlg is \"none\", this should be a 8-byte array encoded in hex. Length of encoded string is 16 bytes.\nIt can be any arbitrary string if the tweakAlg is not \"none\".\nIf provided, it must be the same for both hide and unhide operations for a given data.\nTweak is not allowed if tweakAlg is empty.\n"}}}}},"example":{"batch_request":[{"input":"123","tweak":"abc","tweak_alg":"sha256"},{"input_base64":"MTIz","tweak":"abc","tweak_alg":"sha256"},{"input":"012345678901234567890123456789012345678901234567890123456789","tweak":"abcd","tweak_alg":"sha512","iv":"01234567890123456789012345678901234567890123456789012345"}]}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"data":{"type":"string","description":"Contains hidden (encrypted) data when Content-Type is \"text/plain\"."},"opMeta":{"type":"object","properties":{"keyVersion":{"description":"The version of the cryptographic key used for encryption.\n"},"keyId":{"description":"ID of the key used for encryption."}}},"batch_response":{"type":"array","description":"Contains Hidden (Encrypted) data.\nReturned only when `\"batch_request\"` is provied in the request body.\n\nIf error occurs while processing any data in the batch, HTTP status code will be 207 and error will be\nreturned only for the data that failed, with `\"batch_response\"` containing `\"error\"` for that\nindex; rest all indexes will be successfully hidden (encrypted).\n","items":{"type":"object","title":"Hidden (encrypted) Data","description":"Hidden (encrypted) data and its associated values\n","properties":{"data":{"type":"string","description":"Hidden data. Either `\"data\"` or `\"data_base64\"` is returned.\nIf `\"input\"` is provided in the request, then `\"data\"` is returned.\n"},"data_base64":{"type":"string","description":"Hidden data in base64 encoding. Either `\"data\"` or `\"data_base64\"` is returned.\nIf `\"input_base64\"` is provided in the request, then `\"data_base64\"` is returned.\n"},"error":{"type":"string","description":"Returned only for the index that failed.\nEither `\"error\"` or `\"data\"`/`\"data_base64\"` will be returned.\n"}}}}}},"examples":{"application/json":{"data":"920-788-2756","opMeta":{"keyId":"f58d4353-740f-4ce2-91e2-1a753b8cda12","keyVersion":0}}}}}}},"/v1/crypto/unhide2":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Format-preserving decrypt","description":"This performs Format Preserving Decryption per the FF3 algorithm.\nIt decrypts the data created by the Hide operation.\n\nThe key used for decryption can be specified as a HTTP query parameter.\nThe default key is used if it is not specified.\nEither the specified key, or the default key, must exist.\n\nTwo modes of input data are supported: batch data and single data.\n\nFor single data, the FPE parameters (tweak, etc.) are passed as HTTP query parameters,\nand the data is passed in the body. Set the HTTP \"Content Type\" header to\n\"text/plain\" for this mode.\n\nThe batch data mode allows passing both the FPE parameters and the cipher text in the \nbody of the HTTP request. Set the HTTP \"Content Type\" and \"Accept\" headers to \"application/json\" for this mode. \nThe FPE parameters can be passed both as HTTP query parameters, or in the body. \nAny parameters passed via the body override the parameters passed in the query string.\nThe data to be decrypted must be passed in the body. Multiple text strings can be decrypted \nin a single request, each having their ownset of FPE parameters. The key and the hint\nare common to all data sets in the batch request.\n\nThe batch mode is recommended because it does not expose any of the FPE parameters via the HTTP query string.\nNote that the API playground only works in batch mode. The single data mode is not supported in the API playground.\n","tags":["Crypto"],"consumes":["application/json","text/plain"],"produces":["application/json"],"parameters":[{"name":"keyName","in":"query","required":false,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. An empty string is assumed if this parameter is absent. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},{"name":"version","in":"query","required":false,"type":"string","description":"This string is used for identifying the version of the cryptographic key that is used for encryption/hmac. The newest version is used if this parameter is omitted. This string is used only when the keyName parameter is also specified.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are actual version of the key, Latest version (-1), Latest active version (-2).}}"},{"name":"hint","in":"query","required":true,"type":"string","enum":["digit","alphabet","alphanumeric","printable","unicode"],"description":"This string identifies the type of input. It can be one of following printable strings - 'digit', 'alphabet', 'alphanumeric', 'printable' and 'unicode'. This hint needs to be passed."},{"name":"charset","in":"query","required":false,"type":"string","description":"This string identifies the charset name or id. It is required when hint is 'unicode'."},{"name":"tweakAlg","in":"query","required":false,"type":"string","description":"This string specifies the algorithm used for converting the tweak string into the tweak used by the FPE algorithm. Allowed values are \"sha1\", \"sha256\", \"sha512\" and \"none\". Defaults to \"none\"."},{"name":"tweak","in":"query","required":false,"type":"string","description":"This string identifies the tweak to be used along with the cryptographic key for hiding/unhiding the data. If tweakAlg is \"none\", this should be a 8-byte array encoded in hex. Length of encoded string is 16 bytes. It can be any arbitrary string if the tweakAlg is not \"none\". If provided, it must be the same for both hide and unhide operations for a given data. Tweak is not allowed if tweakAlg is empty."},{"name":"iv","in":"query","required":false,"type":"string","description":"This string identifies the IV to be used along with the cryptographic key for hiding/unhiding data. It is required only if the input data length is larger than the FPE block length. The block length depends on the hint (digit-56, alphabet,alphanumeric-32, printable-28 bytes). The IV should not be supplied if the data length does not exceed the FPE block length. The characters in the IV should lie in the alphabet specified via the hint. The length of the IV should equal the FPE block size."},{"name":"body","in":"body","required":true,"description":"The data to unhide. It should be the output of the hide operation.\nBody can be specified in two ways: plain data for single data mode and JSON data for batch mode.\nFor plain data, provide data to be hidden in the body and Content-Type header as \"text/plain\".\nFor JSON data, provide data in JSON format as specified in the body schema and Content-Type and Accept headers as \"application/json\".\n","schema":{"type":"object","description":"Provide Content-Type and Accept as \"application/json\" to provide data in JSON format.\nEither provide `\"input\"` or in `\"input_base64\"`.\n","properties":{"batch_request":{"type":"array","description":"Single or multiple data to unhide.\n\n`\"iv\"`, `\"tweak_alg\"` and `\"tweak\"` can be part of either query parameters or `\"batch_request\"`.\nIf specified in query parameters, these will be applicable to every data in the batch.\nIf specified with a data in the batch, these will be applicable to only that data in the batch.\n\"iv\", \"tweak_alg\" and tweak\", if specified with both \"batch_request\" and the query parameters,\nvalues within \"batch_request\" takes precedence.\n\nResponse comes in `\"batch_response\"`. See `\"batch_response\"` description for more.\nResponse HTTP status code - 207 indicates failure in batch request.\n","items":{"type":"object","title":"UnHideData","description":"Data to unhide and its associated values.\n","properties":{"input":{"type":"string","description":"Specify the data to unhide (ciphertext) as JSON string.\nEither `\"input\"` or `\"input_base64\"` should be specified.\nIf `\"input\"` is provided, `\"data\"` will contain the unhid (plaintext) data in the response.\n"},"input_base64":{"type":"string","description":"Specify the data to unhide (ciphertext) in base64 encoding.\nEither `\"input\"` or `\"input_base64\"` should be specified.\nIf `\"input_base64\"` is provided, `\"data_base64\"` will contain the unhid (plaintext) data in base64 encoding in the response.\n"},"iv":{"type":"string","description":"This string identifies the IV to be used along with the cryptographic key for hiding/unhiding data.\nIt is required only if the input data length is larger than the FPE block length.\nThe block length depends on the hint (digit-56, alphabet,alphanumeric-32, printable-28 bytes).\nThe IV should not be supplied if the data length does not exceed the FPE block length.\nThe characters in the IV should lie in the alphabet specified via the hint. The length of the IV should equal the FPE block size.\n"},"tweak_alg":{"type":"string","description":"This string specifies the algorithm used for converting the tweak string into the tweak used by the FPE algorithm.\nDefaults to \"none\".\n","enum":["sha1","sha256","sha512"],"default":"none"},"tweak":{"type":"string","description":"This string identifies the tweak to be used along with the cryptographic key for hiding/unhiding the data.\nIf tweakAlg is \"none\", this should be a 8-byte array encoded in hex. Length of encoded string is 16 bytes.\nIt can be any arbitrary string if the tweakAlg is not \"none\".\nIf provided, it must be the same for both hide and unhide operations for a given data.\nTweak is not allowed if tweakAlg is empty.\n"}}}}},"example":{"batch_request":[{"input":"123","tweak":"abc","tweak_alg":"sha256"},{"input":"189567","tweak":"abcd","tweak_alg":"sha512"}]}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"data":{"type":"string","description":"Contains unHid (decrypted) data when Content-Type is \"text/plain\"."},"opMeta":{"type":"object","properties":{"keyVersion":{"description":"The version of the cryptographic key used for decryption.\n"},"keyId":{"description":"ID of the key used for decryption."}}},"batch_response":{"type":"array","description":"Contains Unhid (Decrypted) data.\nReturned only when `\"batch_request\"` is given in the request body.\n\nIf error occurs while processing any data in the batch, HTTP status code will be 207 and error will be\nreturned only for the data that failed, with `\"batch_response\"` containing `\"error\"` for that\nindex; rest all indexes will be successfully Unhidden (decrypted).\n","items":{"type":"object","title":"Unhide (decrypted) Data","description":"Unhid (decrypted) data and its associated values\n","properties":{"data":{"type":"string","description":"Unhid data. Either `\"data\"` or `\"data_base64\"` is returned.\nIf `\"input\"` is provided in the request, then `\"data\"` is returned.\n"},"data_base64":{"type":"string","description":"Unhid data in base64 encoding. Either `\"data_base64\"` or `\"data\"` is returned.\nIf `\"input_base64\"` is provided in the request, then `\"data_base64\"` is returned.\n"},"error":{"type":"string","description":"Returned only for the index that failed.\nEither `\"error\"` or `\"data\"`/`\"data_base64\"` will be returned.\n"}}}}}},"examples":{"application/json":{"data":"239-823-9530","opMeta":{"keyId":"f58d4353-740f-4ce2-91e2-1a753b8cda12","keyVersion":0}}}}}}},"/v1/crypto/encrypt":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Encrypt","description":"This operation encrypts data. The key name and the data to encrypt must be supplied. The Additional Authenticated Data (AAD) may be included for AES/GCM operation. Optional information that are passed via query parameters include the key version, crypto mode, crypto padding mode, the Initialization Vector (IV), and the length of the AES-GCM tag. The key version and tag length are pointers, and cannot be used in the API playground. The plaintext and AAD are passed in via a JSON encoded blob. The output is a JSON blob. The JSON blob that is returned can be passed to the decrypt endpoint.\nIt supports two modes for input data, single data (default) and batch data. To use single data mode, provide data in `\"plaintext\"`. To use batch mode, refer \"`batch_request`\" in body schema.\n","tags":["Crypto"],"consumes":["application/json","text/plain"],"produces":["application/json"],"parameters":[{"name":"body","in":"body","required":true,"description":"The data to encrypt.","schema":{"description":"The input to an encrypt operation. It is a JSON object that contains the data to be encrypted. For AES-GCM, it also contains the data to be authenticated. Note that both these are byte arrays. JSON encodes byte arrays to base64 strings. Therefore, the JSON object that is input should contain valid base64 data for both the plaintext and AAD.","type":"object","title":"Encryption Input","required":["id"],"properties":{"id":{"type":"string","description":"The name, ID or URI of the key used by the crypto operation."},"name":{"type":"string","description":"The name, ID or URI of the key used by the crypto operation."},"type":{"type":"string","description":"Specify the type of the identifier specified by the 'name' field. Must be one of name, id, uri, or alias. If not specified, the type of the identifier is inferred."},"plaintext":{"type":"string","description":"Data to Encrypt. This is a byte array. JSON encodes byte arrays to base64 strings. Therefore, the string in the JSON object should be a valid base64 string."},"version":{"type":"integer","description":"Version of the key to use.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are\nActual version of the key, Latest Version (-1), Latest Active Version (-2). If no version is specified, the key's latest version (-1) is used by default.}}"},"mode":{"type":"string","description":"This string identifies the cryptographic mode to use for symmetric key operations (i.e algorithm is 'AES' or 'TDES'). Allowed values for AES are 'CBC', 'EBC', 'CTR', and 'GCM' (default is 'GCM'), and the only allowed value for TDES is 'CBC'."},"pad":{"type":"string","description":"This string identifies cryptographic padding algorithm to use. Allowed values depend on the algorithm used. For AES and TDES, allowed values are 'none', 'PKCS5' and 'PKCS7' (default is 'PKCS7'). For asymmetric algorithms the allowed values 'PKCS1', 'OAEP', 'OAEP256', 'OAEP384' and 'OAEP512', defaulting to 'OAEP'. Padding is not applicable for 'CTR' and 'GCM' mode."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."},"iv":{"type":"string","description":"The Initialization Vector (IV) is a byte array used with CBC and GCM cryptographic algorithm modes. It appears as a base64 encoded string in the JSON blob. We recommend to omit this field to let the server generate and return a secure IV using its random number generator. Otherwise follow the security guidelines in \"NIST SP800-38A\" and \"NIST SP800-38D\" publications to ensure your IV construction is secure."},"nae_key_version_header":{"type":"boolean","description":"This flag requests that the 3-byte NAE key-version header be prepended to the returned ciphertext."},"tag_len":{"type":"integer","description":"The byte length of the GCM tag. It can be between 4 and 16, defaults to 16."},"batch_request":{"type":"array","description":"Single or multiple data to encrypt.\n\n`\"iv\"`, `\"tag_len\"` and `\"aad\"` can be specified explicitly for each data within `\"batch_request\"` or\nfor all data in the batch request by making it part of the request body.\nIf specified at both the places, values inside `\"batch_request\"` takes precedence.\n\nResponse field `\"batch_response\"` will contain encrypted data. See `\"batch_response\"` description for more.\nResponse HTTP status code - 207 indicates failure in batch request.\n","items":{"type":"object","title":"EncryptData","description":"Data to encrypt and its associated values\n","properties":{"plaintext":{"type":"string","description":"Data to Encrypt. This is a byte array. JSON encodes byte arrays to base64 strings. Therefore, the string in the JSON object should be a valid base64 string."},"iv":{"type":"string","description":"The Initialization Vector (IV) is a byte array used with CBC and GCM cryptographic algorithm modes. It appears as a base64 encoded string in the JSON blob. We recommend to omit this field to let the server generate and return a secure IV using its random number generator. Otherwise follow the security guidelines in \"NIST SP800-38A\" and \"NIST SP800-38D\" publications to ensure your IV construction is secure."},"tag_len":{"type":"integer","description":"The byte length of the GCM tag. It can be between 4 and 16, defaults to 16."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."}}}}},"example":{"id":"mykey","plaintext":"ZW5jcnlwdA==","aad":"YXV0aGVudGljYXRl"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","description":"The output of an encrypt operation. It is a JSON object that contains the encrypted data, as well as parameters needed to decrypt the data.","title":"Encrypted Blob","properties":{"ciphertext":{"type":"string","description":"The cipher text is a byte array, and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array, and appears as a base64 encoded string in the JSON blob."},"id":{"type":"string","description":"ID of the key used for encrypting the data, only either ID or name should be specified."},"type":{"type":"string","description":"Specify the type of the identifier specified by the 'name' field. Must be one of name, id, uri, or alias. If not specified, the type of the identifier is inferred."},"version":{"type":"integer","description":"Version of the key used for encrypting the data.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are\nActual version of the key, Latest Version (-1), Latest Active Version (-2). If no version is specified, the key's latest version (-1) is used by default.}}"},"mode":{"type":"string","description":"The crypto mode (e.g. cbc, ecb, ctr, gcm)."},"pad":{"type":"string","description":"The padding algorithm (e.g. none, pkcs7)."},"iv":{"type":"string","description":"The IV is a byte array, and appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"The AAD is a byte array, and appears as a base64 encoded string in the JSON blob."},"nae_key_version_header":{"type":"boolean","description":"This flag indicates that the 3-byte NAE key-version header is prepended to the input ciphertext."},"batch_response":{"type":"array","description":"Contains encrypted data.\nReturned only when `\"batch_request\"` is provided in request (i.e if data is sent in batch mode).\n\nIf error occurs while processing any data in the batch, HTTP status code will be 207 and error will be\nreturned only for the data that failed, with `\"batch_response\"` containing `\"error\"` for that\nindex; rest all indexes will be successfully encrypted.\n\n`\"iv\"` and `\"aad\"`, if specified explicitly for a data within `\"batch_request\"`, are returned with the data within `\"batch_response\"`.\n`\"iv\"` and `\"aad\"`, if specified in request body, are returned in response body.\n`\"tag\"` is always returned with the data within `\"batch_response\"`.\nIf `\"iv\"` is not specified anywhere and generated automatically while encrypting, it will be returned with the data in `\"batch_response\"`.\n","items":{"type":"object","title":"Encrypted Data","description":"Encrypted data and its associated values\n","properties":{"ciphertext":{"type":"string","description":"The cipher text is a byte array, and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array, and appears as a base64 encoded string in the JSON blob."},"iv":{"type":"string","description":"The IV is a byte array, and appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."},"error":{"type":"string","description":"Returned only for the index that failed.\nEither `\"error\"` or `\"ciphertext\"` will be returned.\n"}}}}},"example":{"ciphertext":"V7xlczQt5A==","tag":"BUClpmg4Lu9GvgRe7/MgrA==","id":"8a16ee3a43a8fda6d0d3d923f20dc46821db19ed17cfa18f4b2af36d090e9da8","version":0,"mode":"gcm","iv":"0/RM+V753YJGJERC","aad":"YXV0aGVudGljYXRl"}},"examples":{"application/json":{"ciphertext":"VY2D+Q9UyPRj2tIlHP/yVQ==","tag":"ws/1krVDXQKA1JlThx6Ejg==","id":"mykey1","version":0,"mode":"gcm","iv":"GB1yLYeN5IljclAc38x6ow==","aad":"YWJj"}}}}}},"/v1/crypto/decrypt":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Decrypt","description":"This operation decrypts data. The input should be the JSON blob that was output by the encrypt operation. The output of this operation contains the plaintext encoded in a JSON blob.\nIt supports two modes for input data, single data (default) and batch data. To use single data mode, provide data in `\"ciphertext\"`. To use batch mode, refer \"`batch_request`\" in body schema.\n","tags":["Crypto"],"consumes":["application/json"],"produces":["application/json","text/plain"],"parameters":[{"name":"Accept","in":"header","description":"Accept type","type":"string","default":"application/json"},{"name":"body","in":"body","required":true,"description":"The data to decrypt.","schema":{"description":"The input of an decrypt operation. It is a JSON object that contains the encrypted data, as well as parameters needed to decrypt the data.","type":"object","title":"DecryptInput","properties":{"ciphertext":{"type":"string","description":"The cipher text is a byte array, and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array, and appears as a base64 encoded string in the JSON blob."},"id":{"type":"string","description":"ID of the key used for encrypting the data, only either ID or name should be specified."},"type":{"type":"string","description":"Specify the type of the identifier specified by the 'name' field. Must be one of name, id, uri, or alias. If not specified, the type of the identifier is inferred."},"version":{"type":"integer","description":"Version of the key used for encrypting the data.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are\nActual version of the key, Latest Version (-1), Latest Active Version (-2). If no version is specified, the key's latest version (-1) is used by default.}}"},"mode":{"type":"string","description":"The crypto mode (e.g. cbc, ecb, ctr, gcm)."},"pad":{"type":"string","description":"The padding algorithm (e.g. none, pkcs7)."},"iv":{"type":"string","description":"The IV is a byte array, and appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"The AAD is a byte array, and appears as a base64 encoded string in the JSON blob."},"nae_key_version_header":{"type":"boolean","description":"This flag indicates that the 3-byte NAE key-version header is prepended to the input ciphertext."},"batch_request":{"type":"array","description":"Single or multiple data to decrypt.\n\n`\"iv\"`, `\"tag\"` and `\"aad\"` can be specified explicitly for each data within `\"batch_request\"` or for all\ndata in the batch request by making it part of the request body.\nIf specified at both the places, values inside `\"batch_request\"` takes precedence.\n\nResponse field `\"batch_response\"` will contain decrypted data. See `\"batch_response\"` description for more.\nResponse HTTP status code - 207 indicates failure in batch request.\n","items":{"type":"object","title":"DecryptData","description":"Data to decrypt and its associated values.\n","properties":{"ciphertext":{"type":"string","description":"The cipher text is a byte array, and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array, and appears as a base64 encoded string in the JSON blob."},"iv":{"type":"string","description":"The IV is a byte array, and appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."}}}}},"example":{"ciphertext":"V7xlczQt5A==","tag":"BUClpmg4Lu9GvgRe7/MgrA==","id":"8a16ee3a43a8fda6d0d3d923f20dc46821db19ed17cfa18f4b2af36d090e9da8","version":0,"mode":"gcm","iv":"0/RM+V753YJGJERC","aad":"YXV0aGVudGljYXRl"}}}],"responses":{"200":{"description":"OK","schema":{"description":"The output of an decrypt operation. It is a JSON object that contains the plaintext.","type":"object","title":"Decrypted Blob","properties":{"plaintext":{"type":"string","description":"The plain text is a byte array, and appears as a base64 encoded string in the JSON blob."},"batch_response":{"type":"array","description":"Contains decrypted data.\nReturned only when `\"batch_request\"` is provided in request (i.e if data is sent in batch mode).\n\nIf error occurs while processing any data in a batch, Response HTTP status code will be 207 and error will be\nreturned only for the data that failed, with `\"batch_response\"` containing `\"error\"` for that\nindex; rest all indexes will be successfully decrypted.\n","items":{"type":"object","title":"Decrypted Data","description":"Decrypted Data.","properties":{"plaintext":{"type":"string","description":"The plain text is a byte array, and appears as a base64 encoded string in the JSON blob."},"error":{"type":"string","description":"Returned only for the index that failed.\nEither `\"error\"` or `\"plaintext\"` will be returned.\n"}}}}},"example":{"plaintext":"VY2D+Q9UyPRj2tIlHP/yVQ=="}},"examples":{"application/json":{"plaintext":"VY2D+Q9UyPRj2tIlHP/yVQ=="}}}}}},"/v1/crypto/reencrypt":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Reencrypt","description":"This operation re-encrypts the data. The re-encrypt operation first decrypts the ciphertext with the original key and returns no plaintext, and then encrypts the plaintext with a different or the same key and returns the ciphertext.\nFor the Decrypt operation, the input must be the JSON blob generated as a output of the encrypt operation. This operation doesn't return any plaintext as a output.\n\nFor Encrypt operation, The key name must be supplied. The Additional Authenticated Data (AAD) may be included for AES/GCM operation. Optional information that are passed via json parameters include the key version, crypto mode, crypto padding mode, the Initialization Vector (IV), and the length of the AES-GCM tag.\nThe AAD are passed in via a JSON encoded blob. The output is a JSON blob. The JSON blob that is returned can be passed to the decrypt endpoint.\n","tags":["Crypto"],"consumes":["application/json","text/plain"],"produces":["application/json"],"parameters":[{"name":"body","in":"body","required":true,"description":"The data to decrypt and encrypt.","schema":{"description":"The input for a re-encrypt operation. It is a JSON object that contains encryption and decryption parameters.\nThe decryption parameters contain the encrypted data and the parameters required to decrypt the data.\nFor Encryption parameters, in case of AES-GCM, it contains the data to be authenticated. Note that this is byte array. JSON encodes byte arrays to base64 strings. Therefore, the JSON object should contain valid base64 data for AAD.\nNote: The Plaintext parameter is not required.\n","title":"ReencryptInput","properties":{"decrypt":{"type":"object","description":"The input for a decrypt operation. It is a JSON object that contains the encrypted data and the parameters required to decrypt the data.","properties":{"ciphertext":{"type":"string","description":"The ciphertext is a byte array and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array that appears as a base64 encoded string in the JSON blob."},"id":{"type":"string","description":"The ID of the key used for encrypting the data. Specify either ID or name."},"type":{"type":"string","description":"Type of the identifier specified in the 'name' parameter. The Type of the identifier is derived from name, ID, URI, or alias. If not specified, the type of the identifier is automatically inferred."},"version":{"type":"integer","description":"Version of the key used for encrypting the data.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are\nActual version of the key, Latest Version (-1), Latest Active Version (-2). If no version is specified, the key's latest version (-1) is used by default.}}"},"mode":{"type":"string","description":"The cryptographic mode (for example, cbc, ecb, ctr, and gcm)."},"pad":{"type":"string","description":"The padding algorithm (for example, none, pkcs7)."},"iv":{"type":"string","description":"The IV is a byte array that appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"The AAD is a byte array that appears as a base64 encoded string in the JSON blob."},"nae_key_version_header":{"type":"boolean","description":"This flag indicates that the 3-byte NAE key-version header is prepended to the input ciphertext."}}},"encrypt":{"type":"object","description":"The input of Encrypt operation, In case of AES-GCM, it contains the data to be authenticated. Note that this is byte array. JSON encodes byte arrays to base64 strings.","properties":{"id":{"type":"string","description":"The name, ID, or URI of the key used by the crypto operation."},"name":{"type":"string","description":"The name, ID or URI of the key used by the crypto operation."},"type":{"type":"string","description":"Type of the identifier specified in the 'name' parameter. The Type of the identifier is derived from name, ID, URI, or alias. If not specified, the type of the identifier is automatically inferred."},"version":{"type":"integer","description":"Version of the key to use.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are\nActual version of the key, Latest Version (-1), Latest Active Version (-2). If no version is specified, the key's latest version (-1) is used by default.}}"},"mode":{"type":"string","description":"Identifies the cryptographic mode to use for the symmetric key operations. The allowed values depend on the algorithm used. Allowed values for AES are 'CBC', 'EBC', 'CTR', and 'GCM' (default is 'GCM'). The only allowed value for TDES is 'CBC'."},"pad":{"type":"string","description":"This string identifies the cryptographic padding algorithm to use. The allowed values depend on the algorithm used. For AES and TDES, the allowed values are 'none', 'PKCS5', and 'PKCS7' (default is 'PKCS7'). For asymmetric algorithms, the allowed values are 'PKCS1', 'OAEP', 'OAEP256', 'OAEP384', and 'OAEP512' (default is 'OAEP')."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."},"iv":{"type":"string","description":"The Initialization Vector (IV) is a byte array used with CBC and GCM cryptographic algorithm modes. It appears as a base64 encoded string in the JSON blob. We recommend to omit this field to let the server generate and return a secure IV using its random number generator. Otherwise follow the security guidelines in \"NIST SP800-38A\" and \"NIST SP800-38D\" publications to ensure your IV construction is secure."},"nae_key_version_header":{"type":"boolean","description":"This flag requests that the 3-byte NAE key-version header be prepended to the returned ciphertext."},"tag_len":{"type":"integer","description":"The byte length of the GCM tag. It can be between 4 and 16, defaults to 16."}}}},"example":{"decrypt":{"ciphertext":"V7xlczQt5A==","tag":"BUClpmg4Lu9GvgRe7/MgrA==","id":"8a16ee3a43a8fda6d0d3d923f20dc46821db19ed17cfa18f4b2af36d090e9da8","version":0,"mode":"gcm","iv":"0/RM+V753YJGJERC","aad":"YXV0aGVudGljYXRl"},"encrypt":{"id":"mykey","aad":"YXV0aGVudGljYXRl"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","description":"The output of a re-encrypt operation. It is a JSON object that contains the encrypted data and the parameters required to decrypt the data.","title":"Re-Encrypted Blob","properties":{"ciphertext":{"type":"string","description":"The ciphertext is a byte array that appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array that appears as a base64 encoded string in the JSON blob."},"id":{"type":"string","description":"The ID of the key used for encrypting the data. Specify either ID or name."},"type":{"type":"string","description":"Type of the identifier specified in the 'name' parameter. The Type of the identifier is derived from name, ID, URI, or alias. If not specified, the type of the identifier is automatically inferred."},"version":{"type":"integer","description":"Version of the key used for encrypting the data.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are\nActual version of the key, Latest Version (-1), Latest Active Version (-2). If no version is specified, the key's latest version (-1) is used by default.}}"},"mode":{"type":"string","description":"The cryptographic mode (for example, cbc, ecb, ctr, and gcm)."},"pad":{"type":"string","description":"The padding algorithm (for example, none, pkcs7)."},"iv":{"type":"string","description":"The IV is a byte array that appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"The AAD is a byte array that appears as a base64 encoded string in the JSON blob."},"nae_key_version_header":{"type":"boolean","description":"This flag indicates that the 3-byte NAE key-version header is prepended to the input ciphertext."}},"example":{"ciphertext":"V7xlczQt5A==","tag":"BUClpmg4Lu9GvgRe7/MgrA==","id":"8a16ee3a43a8fda6d0d3d923f20dc46821db19ed17cfa18f4b2af36d090e9da8","version":0,"mode":"gcm","iv":"0/RM+V753YJGJERC","aad":"YXV0aGVudGljYXRl"}},"examples":{"application/json":{"ciphertext":"VY2D+Q9UyPRj2tIlHP/yVQ==","tag":"ws/1krVDXQKA1JlThx6Ejg==","id":"mykey1","version":0,"mode":"gcm","iv":"GB1yLYeN5IljclAc38x6ow==","aad":"YWJj"}}}}}},"/v1/crypto/mac":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"MAC","description":"This operation creates the MAC. The key name (and optional version and algorithm - hmac or cmac), and the data to MAC should be supplied.\nWhile generating the HMAC key, specify the algorithm as a HMAC algorithm (e.g. hmac-sha256). For the CMAC algorithm,\nthe key algorithm should be AES. In addition the keys should have appropriate usage masks to \"MAC Generate\" and\n\"MAC Verify\" in the usageMask (e.g. usageMask=384). The MAC is returned in the response body.\n","tags":["Crypto"],"consumes":["application/octet-stream"],"produces":["application/json"],"parameters":[{"name":"keyName","in":"query","required":true,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},{"name":"version","in":"query","required":false,"type":"string","description":"This string is used for identifying the version of the cryptographic key that is used for encryption/hmac. The newest version is used if this parameter is omitted. This string is used only when the keyName parameter is also specified.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are actual version of the key, Latest version (-1), Latest active version (-2).}}"},{"name":"algorithm","in":"query","required":false,"type":"string","description":"This string specifies the MAC Algorithm used for MAC/MACV operations. The supported values for this are hmac and cmac."},{"name":"body","in":"body","required":true,"description":"The data for which to generate a MAC.","schema":{"type":"string","example":"how-now-brown-cow"}}],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"application/json":{"data":"6a8696683658f16d14cd8a7fc94ba213385ecf1f","opMeta":{"keyId":"f58d4353-740f-4ce2-91e2-1a753b8cda12","keyVersion":0}}}}}}},"/v1/crypto/macv":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"MAC Verify","description":"This operation verifies MAC. The key name (and optional version and algorithm - hmac or cmac), the data to\nMAC, and the MAC, are supplied. The MAC verification result is returned in the response body.\n","tags":["Crypto"],"consumes":["application/octet-stream"],"produces":["application/json"],"parameters":[{"name":"keyName","in":"query","required":true,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},{"name":"version","in":"query","required":false,"type":"string","description":"This string is used for identifying the version of the cryptographic key that is used for encryption/hmac. The newest version is used if this parameter is omitted. This string is used only when the keyName parameter is also specified.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are actual version of the key, Latest version (-1), Latest active version (-2).}}"},{"name":"algorithm","in":"query","required":false,"type":"string","description":"This string specifies the MAC Algorithm used for MAC/MACV operations. The supported values for this are hmac and cmac."},{"name":"hash","in":"query","required":true,"type":"string","description":"This string identifies the hex encoded mac to be verified for the given data."},{"name":"body","in":"body","required":true,"description":"The data for which MAC is to be verified.","schema":{"type":"string","example":"239-823-9530"}}],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"application/json":{"verified":true}}}}}},"/v1/crypto/sign":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Sign","description":"The key is uniquely associated with quantities passed in the JWT (the issuer, subject, audience), and the keyName string that is passed in as a query parameter. The signature along with the key version information is returned in the body of the response.","tags":["Crypto"],"consumes":["application/octet-stream"],"produces":["application/json"],"parameters":[{"name":"keyName","in":"query","required":true,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},{"name":"version","in":"query","required":false,"type":"string","description":"This string is used for identifying the version of the cryptographic key that is used for encryption/hmac. The newest version is used if this parameter is omitted. This string is used only when the keyName parameter is also specified.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are actual version of the key, Latest version (-1), Latest active version (-2).}}"},{"name":"signAlgo","in":"query","required":false,"type":"string","description":"This string specifies the signing algorithm used for generating signature. Allowed values are \"RSA\" and \"ECDSA\"."},{"name":"hashAlgo","in":"query","required":true,"type":"string","description":"This string specifies the hash algorithm used for generating signature. For ECDSA the allowed values are \"SHA1\", \"SHA-256\", \"SHA-384\", \"SHA-512\", \"SHA3-224\", \"SHA3-256\", \"SHA3-384\", \"SHA3-512\" and \"none\". For RSA, the allowed values are \"SHA1\", \"SHA-256\", \"SHA-384\", \"SHA-512\" and \"none\"."},{"name":"pad","in":"query","required":false,"type":"string","description":"This string specifies the padding used for generating signature and is only applicable for the RSA signing algorithm. Allowed values are 'PKCS1', 'PSS', and 'PSSWithPrecomputedHash'. Default value is 'PKCS1'."},{"name":"saltLength","in":"query","required":false,"type":"integer","description":"This integer specifies the saltLength for PSS padding. This is only applicable for the RSA signing algorithm. The SaltLength varies from -2 to a positive integer upto the maximum length supported by the algorithm.\n-1 is for HASH-EQUAL-LENGTH,\n0 is for MAX-LENGTH and\n-2 is for deterministic output.\nMaximum supported value of salt length = (Key length in bytes - HASH length in byte - 2)\n"},{"name":"body","in":"body","required":true,"description":"The data for which to generate signature.","schema":{"type":"string","example":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9"}}],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"application/json":{"data":"4742753e7000c6abff59336602789452209b7e4300de6029d4ba327d3ed45a1d5bf78fa8ea15ea99b48741d46f09f8210b1dd8cc905efb15821f813a37ac4008fdf802786f752f308110360e3c9e872ebe98cb29d1181aef7c3bd0d595b810091306b13ebdaec910d2cc59f947bed2d26bf3f44b5eaf0efcbc19f190f8895d99","opMeta":{"keyId":"f58d4353-740f-4ce2-91e2-1a753b8cda12","keyVersion":0}}}}}}},"/v1/crypto/signv":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Sign Verify","description":"The key is uniquely associated with quantities passed in the JWT (the issuer, subject, audience), and the keyName string that is passed in as a query parameter. The signature verification result is returned in the body of the response.","tags":["Crypto"],"consumes":["application/octet-stream"],"produces":["application/json"],"parameters":[{"name":"keyName","in":"query","required":true,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},{"name":"version","in":"query","required":false,"type":"string","description":"This string is used for identifying the version of the cryptographic key that is used for encryption/hmac. The newest version is used if this parameter is omitted. This string is used only when the keyName parameter is also specified.{{FF_LATEST_ACTIVE_KEY_VERSION| Supported Versions are actual version of the key, Latest version (-1), Latest active version (-2).}}"},{"name":"signAlgo","in":"query","required":false,"type":"string","description":"This string specifies the signing algorithm used for generating signature. Allowed values are \"RSA\" and \"ECDSA\"."},{"name":"hashAlgo","in":"query","required":true,"type":"string","description":"This string specifies the hash algorithm used for generating signature. For ECDSA the allowed values are \"SHA1\", \"SHA-256\", \"SHA-384\", \"SHA-512\", \"SHA3-224\", \"SHA3-256\", \"SHA3-384\", \"SHA3-512\" and \"none\". For RSA, the allowed values are \"SHA1\", \"SHA-256\", \"SHA-384\", \"SHA-512\" and \"none\"."},{"name":"pad","in":"query","required":false,"type":"string","description":"This string specifies the padding used for generating signature and is only applicable for the RSA signing algorithm. Allowed values are 'PKCS1', 'PSS', and 'PSSWithPrecomputedHash'. Default value is 'PKCS1'."},{"name":"saltLength","in":"query","required":false,"type":"integer","description":"This integer specifies the saltLength for PSS padding. This is only applicable for the RSA signing algorithm. The SaltLength varies from -2 to a positive integer upto the maximum length supported by the algorithm.\n-1 is for HASH-EQUAL-LENGTH,\n0 is for MAX-LENGTH and\n-2 is for deterministic output.\nMaximum supported value of salt length = (Key length in bytes - HASH length in byte - 2)\n"},{"name":"signature","in":"query","required":true,"type":"string","description":"This string identifies the hex encoded signature to be verified for the given data."},{"name":"body","in":"body","required":true,"description":"The data for which MAC is to be verified.","schema":{"type":"string","example":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9"}}],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"application/json":{"verified":true}}}}}},"/v1/crypto/encryptonite":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Encryptonite","x-interactive":false,"description":"This endpoint (`encryptonite`) is deprecated, please use the `encrypt` endpoint. The byte array passed in the message body is encrypted. The keyName string that is passed in as a query parameter. The encrypted data are returned in the body of the response. You must set content type to application/octet-stream for symmetric encryption, and to multipart/form-data for use with AES-GCM operations so both the data to encrypt and the authentication data can be passed in. You must set accept type to multipart/form-data.
The multipart/form-data returned via the body contains (i) the key ID and version used for encryption, (ii) the encrypted data, (iii) the IV that was generated (in case an IV was not passed in via a query parameter).","tags":["Crypto","deprecated"],"consumes":["application/octet-stream","multipart/form-data"],"produces":["multipart/form-data"],"parameters":[{"name":"keyName","in":"query","required":true,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},{"name":"Data","in":"formData","required":false,"type":"string","description":"The data to encrypt or decrypt. If the content type is multipart/form-data then it is included in the multipart under the label 'Data'."},{"name":"iv","in":"query","required":false,"type":"string","description":"This string identifies the IV to be used along with the cryptographic key for hiding/unhiding data. It is required only if the input data length is larger than the FPE block length. The block length depends on the hint (digit-56, alphabet,alphanumeric-32, printable-28 bytes). The IV should not be supplied if the data length does not exceed the FPE block length. The characters in the IV should lie in the alphabet specified via the hint. The length of the IV should equal the FPE block size."},{"name":"defaultiv","in":"query","required":false,"type":"string","description":"This boolean identifies if the user wants to use the default IV along with the cryptographic key for encrypting/decrypting data. False is 0 and True is 1. This field was introduced to support specific legacy integrations and applications. New applications are strongly recommended to use a unique IV for each encryption request."},{"name":"mode","in":"query","required":false,"type":"string","description":"This string identifies the cryptographic mode to use for symmetric operations (i.e algorithm is 'AES' or 'TDES'). Allowed values for AES are 'CBC', 'EBC', and 'GCM', and the only allowed value for TDES is 'CBC'. Defaults to 'cbc'."},{"name":"pad","in":"query","required":false,"type":"string","description":"This string identifies cryptographic padding algorithm to use. Allowed values depend on the algorithm used. For AES, allowed values are 'none', 'PKCS5', and 'PKCS7'. The default is 'PKCS7'. For asymmetric algorithms the allowed values 'PKCS1', and 'OAEP' defaulting to 'PKCS1'. Padding is not applicable for 'CTR' and 'GCM' mode."},{"name":"AAD","in":"formData","required":false,"type":"string","description":"The authentication data for AES-GCM cipher operations. It is included in the multipart/form-data of the body under the label 'AAD'."},{"name":"taglen","in":"query","required":false,"type":"integer","description":"This integer is the requested length of the authentication tag. This parameter is only used for AES-GCM, must be between 4 and 16 inclusive and defaults to 16."}],"responses":{"200":{"description":"OK"}}}},"/v1/crypto/decryptonite":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Decryptonite","x-interactive":false,"description":"This endpoint (`decryptonite`) is deprecated, please use the `decrypt` endpoint. The byte array passed in the message body is decrypted. The keyName string that is passed in as a query parameter. The decrypted data are returned in the body of the response. You must set content type to application/octet-stream for symmetric encryption, and to multipart/form-data for use with AES-GCM operations so both the data to encrypt and the authentication data can be passed in. You must set accept type to multipart/form-data.
The multipart/form-data returned via the body contains (i) the key ID and version used for decryption, (ii) the decrypted data.","tags":["Crypto","deprecated"],"consumes":["application/octet-stream","multipart/form-data"],"produces":["multipart/form-data"],"parameters":[{"name":"keyName","in":"query","required":true,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},{"name":"Data","in":"formData","required":false,"type":"string","description":"The data to encrypt or decrypt. If the content type is multipart/form-data then it is included in the multipart under the label 'Data'."},{"name":"iv","in":"query","required":false,"type":"string","description":"This string identifies the IV to be used along with the cryptographic key for hiding/unhiding data. It is required only if the input data length is larger than the FPE block length. The block length depends on the hint (digit-56, alphabet,alphanumeric-32, printable-28 bytes). The IV should not be supplied if the data length does not exceed the FPE block length. The characters in the IV should lie in the alphabet specified via the hint. The length of the IV should equal the FPE block size."},{"name":"defaultiv","in":"query","required":false,"type":"string","description":"This boolean identifies if the user wants to use the default IV along with the cryptographic key for encrypting/decrypting data. False is 0 and True is 1. This field was introduced to support specific legacy integrations and applications. New applications are strongly recommended to use a unique IV for each encryption request."},{"name":"mode","in":"query","required":false,"type":"string","description":"This string identifies the cryptographic mode to use for symmetric operations (i.e algorithm is 'AES' or 'TDES'). Allowed values for AES are 'CBC', 'EBC', and 'GCM', and the only allowed value for TDES is 'CBC'. Defaults to 'cbc'."},{"name":"pad","in":"query","required":false,"type":"string","description":"This string identifies cryptographic padding algorithm to use. Allowed values depend on the algorithm used. For AES, allowed values are 'none', 'PKCS5', and 'PKCS7'. The default is 'PKCS7'. For asymmetric algorithms the allowed values 'PKCS1', and 'OAEP' defaulting to 'PKCS1'. Padding is not applicable for 'CTR' and 'GCM' mode."},{"name":"AAD","in":"formData","required":false,"type":"string","description":"The authentication data for AES-GCM cipher operations. It is included in the multipart/form-data of the body under the label 'AAD'."},{"name":"tag","in":"query","required":false,"type":"string","description":"This string is a hex encoded AES-GCM authentication tag for decryption operations."}],"responses":{"200":{"description":"OK"}}}},"/v1/crypto/hash":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Generate Hash","description":"This operation calculate Hash(digest) of the data given. Data must be given in base64 encoding. Digest returned in response will be in base64 encoding.","tags":["Crypto"],"consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"body","in":"body","required":true,"description":"Specify Data to calculate hash of and Algorithm used to calculate hash.","schema":{"type":"object","title":"Body","description":"Specify data and algorithm.","example":{"algorithm":"SHA3-256","data":"YXNjaWktZGF0YQ=="},"required":["data"],"properties":{"algorithm":{"type":"string","description":"Algorithm used to calculate hash. Default - SHA-256","enum":["SHA-256","SHA-512","SHA-224","SHA-384","SHA-512/224","SHA-512/256","SHA3-256","SHA3-384","SHA3-512","SHA3-224"],"default":"SHA-256"},"data":{"type":"string","description":"Calculate hash of this data. Data must be given in base64 encoding."}}}}],"responses":{"200":{"description":"OK","schema":{"properties":{"data":{"type":"string","description":"Digest of data. In base64 encoding."}}},"examples":{"data":"5rgotvgzad2nXVPOwopz3xo3P4KOmP8s43JqsQ4UyxM="}}}}},"/v1/vault/random":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Random","description":"Generate random bytes using HMAC512-DRBG implementation. Displayed in base64 format.","tags":["Crypto"],"x-feature":"FF_GENERATE_RANDOM_BYTES","parameters":[{"name":"bytes","in":"query","type":"integer","description":"Length of the random bytes to be generated. Default is 32. The limit is 64k/65532 bytes. Make multiple requests if more than 64k bytes are needed.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"bytes":{"type":"string","description":"Random bytes in base64 format"}}},"examples":{"application/json":{"bytes":"mSsD6yHZRP4K5W9/i50mxNy933ZpN8gWJKscInvyfAw="}}}}}},"/v1/vault/keys2/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Lists all keys. Results can be refined with query parameters. Key objects included in the response do not include the `meta`, `links` and `certFields` fields by default. Use the `fields` query parameter to include these fields in the response.","tags":["Keys"],"x-permissions":["ReadKey"],"x-resource-type":"Keys","x-product":"Platform","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill attempt to include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, supported fields are \"meta\", \"links\" and \"certFields\". The server will only include the meta\nattribute in the response if the query parameters includes \"fields=meta\". Certificate information\nis included when \"certFields\" is one of the field values.\n"},{"name":"metaContains","in":"query","type":"string","collectionFormat":"multi","format":"JSON","description":"A valid JSON value. Only keys whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"id","in":"query","type":"string","collectionFormat":"multi","format":"UUID","description":"Filters result to the one with matching ID\n"},{"name":"uuid","in":"query","type":"string","collectionFormat":"multi","description":"Filters result to the one with matching UUID\n"},{"name":"muid","in":"query","type":"string","collectionFormat":"multi","description":"Filters result to the one with matching MUID\n"},{"name":"keyId","in":"query","type":"string","collectionFormat":"multi","description":"Filters result to the one with matching KeyID\n"},{"name":"size","in":"query","type":"integer","collectionFormat":"multi","description":"Filters results to those with matching size. May be specified more than once. Results will match *any*\nof the values.\n"},{"name":"curveid","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching elliptic key curve id. May be specified more than once. Results will match *any*\nof the values.\n"},{"name":"version","in":"query","type":"integer","collectionFormat":"multi","description":"Filters results to those with matching version. If version is specified as -1, only latest version of the\nkeys is returned. {{FF_LATEST_ACTIVE_KEY_VERSION| If version is specified as -2, only nae latest active version of the keys will be returned.}}\n"},{"name":"name","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching names. The '?' and '*' wildcard characters may be used."},{"name":"algorithm","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching algorithms. The '?' and '*' wildcard characters may be used."},{"name":"uri","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching uris. The '?' and '*' wildcard characters may be used."},{"name":"compareIDWithUUID","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching comparison between ID and UUID.\nIf `compareIDWithUUID` is set to `equal`, then it returns keys whose IDs are equal to their UUIDs.\nIf `compareIDWithUUID` is set to `notequal`, then it returns keys whose IDs are not equal to their UUIDs.\nThe supported values are `equal` and `notequal`.\n"},{"name":"sha1Fingerprint","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching SHA1 fingerprints. The '?' and '*' wildcard characters may be used.\nThis fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},{"name":"sha256Fingerprint","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching SHA256 fingerprints. The '?' and '*' wildcard characters may be used."},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"objectType","in":"query","type":"string","collectionFormat":"multi","description":"Type of the object. It is one of 'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},{"name":"state","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching key state. Allowed values are\n\"Pre-Active\", \"Active\", \"Deactivated\", \"Destroyed\", \"Compromised\" and \"Destroyed Compromised\".\n"},{"name":"alias","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching aliases. The '?' and '*' wildcard characters or\ncomma separted aliases may be used.\n"},{"name":"linkType","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching link types. The '?' and '*' wildcard characters or\ncomma separted link types may be used.\n"},{"name":"usageMask","in":"query","type":"integer","collectionFormat":"multi","description":"Filters results to those with matching Cryptographic usage mask. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303 (all usage masks including Export).\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"},{"name":"labels","in":"query","type":"string","description":"Filters results that match label selector expressions. Multiple\nvalues are logically ANDed. For example, to select keys that have\nthe label `{\"region\": \"noram\"}` but do not have `{\"team\": \"sales\"}`\nuse `region=noram,team!=sales`.\n\nSee the labels entry in /v1/vault/query-keys/ for a complete\ndescription of selector expressions. However, the format of the\nquery string is not JSON but must be a URL safe, comma separated\nlist of selector expressions. For example, instead of\n`[\"region=noram\",\"team!=sales\"]`, use `region=noram,team!=sales`\nwhich when URL encoded is `region%3Dnoram%2Cteam%21%3Dsales`.\n"},{"name":"keyCheckValue","x-feature":"FF_KEY_CHECK_VALUE_ENABLED","in":"query","type":"string","collectionFormat":"multi","description":"Filters results based on the matching Key Check Values. The '?' and '*' wildcard characters may be used."},{"name":"sha384Fingerprint","x-feature":"FF_SHA384_IN_KEYS","in":"query","type":"string","collectionFormat":"multi","description":"Filters results based on the matching SHA384 Fingerprints. The '?' and '*' wildcard characters may be used."},{"name":"cteKeyHash","x-feature":"FF_CTE_KEY_HASH","in":"query","type":"string","collectionFormat":"multi","description":"Filters results based on the matching cte key hash. The '?' and '*' wildcard characters may be used."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"state":{"type":"string","x-nullable":true,"description":"Current state of the key"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"rotationFrequencyDays":{"type":"string","x-nullable":true,"description":"Number of days from current date to rotate the key"},"scheduledRotationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the key will be rotated"},"usage":{"type":"string","x-nullable":true,"description":"Deprecated. Key usage"},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"meta":{"type":"object","format":"JSON","description":"Optional end-user or service data stored with the key"},"appMeta":{"type":"object","format":"JSON","description":"Optional app data stored with the key"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"aliases":{"type":"array","description":"Information associated with the KMIP Attribute called 'Name'","items":{"allOf":[{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}]}},"links":{"type":"array","description":"Information related to link from one Managed Cryptographic Object to another","items":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]}]}},"sha1Fingerprint":{"type":"string","x-nullable":true,"description":"This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha256Fingerprint":{"type":"string","x-nullable":true,"description":"SHA256 fingerprint of the key"},"sha384Fingerprint":{"x-feature":"FF_SHA384_IN_KEYS","type":"string","x-nullable":true,"description":"SHA384 fingerprint of the key"},"defaultIV":{"type":"string","x-nullable":true,"description":"Deprecated. This field was introduced to support specific legacy integrations and applications.\nNew applications are strongly recommended to use a unique IV for each encryption request\n"},"publickey":{"type":"string","x-nullable":true},"curveid":{"type":"string","x-nullable":true,"description":"elliptic key curve id"},"version":{"type":"integer","description":"key version"},"algorithm":{"type":"string","description":"key algorithm"},"size":{"type":"integer","x-nullable":true,"description":"Bit length for the key."},"unexportable":{"type":"boolean","description":"Key is not exportable if set to true."},"undeletable":{"type":"boolean","description":"Key is not deletable if set to true."},"neverExported":{"type":"boolean"},"neverExportable":{"type":"boolean"},"format":{"type":"string","x-nullable":true,"description":"format of the returned key material. It is one of 'pkcs1', 'pkcs8 (default)', 'pkcs12' for Asymmetric keys.\nAnd 'raw' or 'opaque' for Symmetric keys.\n"},"emptyMaterial":{"type":"boolean","description":"If set to true, the key material is not created and left empty."},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"splitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"pgpKeyVersion":{"type":"integer","x-nullable":true},"hkdfFields":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal lowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n"},"muid":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. This is optional and applicable for import key only.\n"},"keyId":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. The format of this value is of type long. This is optional and applicable for import key only.\n"},"idSize":{"type":"integer","x-nullable":true,"description":"Size of the ID for the key"},"labels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"permissions":{"type":"object","format":"JSON","x-nullable":true,"description":"This property holds a map of actions to user groups"},"description":{"type":"string","x-nullable":true,"description":"It store information about key"},"keyCheckValue":{"type":"string","x-nullable":true,"description":"KCV of the symmetric key"}}}]}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"24aae5e5-b627-4b0e-964a-f48af998ee2b","uri":"kylo:kylo:vault:keys:1480633212136-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-01T23:00:10.072423Z","name":"1480633212136","updatedAt":"2016-12-01T23:00:10.072423Z","usageMask":4194303,"version":0,"algorithm":"AES","size":256,"format":"raw","unexportable":false,"undeletable":false,"objectType":"Symmetric Key","activationDate":"2017-10-02T14:24:37.436073Z","deactivationDate":"2017-10-02T14:24:37.439922Z","archiveDate":"2017-10-02T14:24:37.440033Z","destroyDate":"2017-10-02T14:24:37.445276Z","revocationReason":"Cessation of Operation","state":"Destroyed","aliases":[{"alias":"altname1","type":"string","index":0},{"alias":"altname2:keysecure:gemalto:com","type":"uri","index":1}],"links":[{"id":"137ca586-eed5-4e67-933d-2422a1c37d67","type":"replacedObject","targetID":"0f3333c4-319a-448f-8e97-e6f4367b746a"}],"uuid":"177397cd-c411-4f05-bfad-6a5503dd3d96","labels":{"region":"noram","team":"sales"},"description":"This key is used to protect customer data."}]}}}}},"post":{"summary":"Create","description":"Creates a new key","tags":["Keys"],"x-permissions":["CreateKey","CreateKeyVersion"],"x-resource-type":"Keys","x-product":"Platform","parameters":[{"name":"includeMaterial","in":"query","required":false,"description":"Include key bytes in the response. If set to 'false' or not specified, only key meta data is returned.","type":"string"},{"name":"body","in":"body","description":"Type of key to create. By default an AES 256 bit key is created. Other key types are RSA and HMAC. Body itself and all parameters within are optional with the following exception.\nBy default, users not in the admin group *must* include `{\"ownerId\" : \"local|ab12...\"}` in the `meta` property of the post body. This is because the\ndefault policies state that only the owner of a key may use the key - so we must declare the owner in the metadata. Policies can be changed by admins if this behavior\nis not desired. The key by default enters \"Active\" state upon creation. For the key to start in \"Pre-Active\" state as specified in the KMIP spec, set state to \"Pre-Active\" in the\ncreate request POST body.\nAn array of aliases can be used to pass in one or more KMIP \"Name\" attributes associated with the key.\n","schema":{"title":"Create Key","properties":{"name":{"type":"string","description":"Optional friendly name, The key name should not contain special characters such as angular brackets (<,>) and backslash (`\\`)."},"usageMask":{"type":"integer","description":"Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303.\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"},"algorithm":{"type":"string","description":"Cryptographic algorithm this key is used with. Defaults to 'aes'","enum":["aes","tdes","rsa","ec","hmac-sha1","hmac-sha256","hmac-sha384","hmac-sha512","seed","aria","opaque"]},"xts":{"type":"boolean","description":"If set to true, then key created will be XTS/CBC-CS1 Key. Defaults to false. Key algorithm must be 'AES'."},"objectType":{"type":"string","description":"This specifies the type of object that is being created. Valid values are\n'Symmetric Key', 'Public Key', 'Private Key', 'Secret Data', 'Opaque Object',\nor 'Certificate'. The object type is inferred for many objects,\nbut must be supplied for the certificate object.\n"},"curveid":{"type":"string","description":"Cryptographic curve id for elliptic key. Key algorithm must be 'EC'. Values:\n * secp224k1\n * secp224r1\n * secp256k1\n * secp384r1\n * secp521r1\n * prime256v1\n * brainpoolP224r1\n * brainpoolP224t1\n * brainpoolP256r1\n * brainpoolP256t1\n * brainpoolP384r1\n * brainpoolP384t1\n * brainpoolP512r1\n * brainpoolP512t1\n * curve25519\n"},"size":{"type":"integer","description":"Bit length for the key."},"macSignBytes":{"type":"string","description":"This parameter specifies the MAC/Signature bytes to be used for verification while importing a key. The \"wrappingMethod\" should be \n\"mac/sign\" and the required parameters for the verification must be set.\n"},"macSignKeyIdentifier":{"type":"string","description":"This parameter specifies the identifier of the key to be used for generating MAC or signature of the key material.\nThe \"wrappingMethod\" should be \"mac/sign\" to verify the MAC/signature(\"macSignBytes\") of the key material(\"material\"). \nFor verifying the MAC, the key has to be a HMAC key. \nFor verifying the signature, the key has to be an RSA private or public key.\n"},"macSignKeyIdentifierType":{"type":"string","description":"This parameter specifies the identifier of the key(\"macSignKeyIdentifier\") used for generating MAC or signature of the key material.\nThe \"wrappingMethod\" should be \"mac/sign\" to verify the mac/signature(\"macSignBytes\") of the key material(\"material\").\nPossible values are:\n * name\n * id\n * alias\n"},"signingAlgo":{"type":"string","description":"This parameter specifies the algorithm to be used for generating the signature for the verification of the \"macSignBytes\" during import of key material. \nThe \"wrappingMethod\" should be \"mac/sign\" to verify the signature(\"macSignBytes\") of the key material(\"material\"). \nPossible values are:\n * RSA\n * RSA-PSS\n"},"wrapPublicKey":{"type":"string","description":"If the algorithm is 'aes','tdes','hmac-*', 'seed' or 'aria', this value will be used to encrypt\nthe returned key material. This value is ignored for other algorithms. Value must be an RSA public\nkey, PEM-encoded public key in either PKCS1 or PKCS8 format, or a PEM-encoded X.509 certificate.\nIf set, the returned 'material' value will be a Base64 encoded PKCS#1 v1.5 encrypted key. View \n\"wrapPublicKey\" in export parameters for more information.\nOnly applicable if 'includeMaterial' is true.\n"},"wrapPublicKeyPadding":{"type":"string","description":"1. WrapPublicKeyPadding specifies the type of padding scheme that needs to be set when importing\nthe Key using the specified wrapkey. Accepted values are \"pkcs1\", \"oaep\", \"oaep256\", \"oaep384\", \"oaep512\",\nand will default to \"pkcs1\" when 'wrapPublicKeyPadding' is not set and 'WrapPublicKey' is set.\n\n2. While creating a new key, wrapPublicKeyPadding parameter should be specified only if 'includeMaterial' is true.\nIn this case, key will get created and in response wrapped material using specified wrapPublicKeyPadding and other\nwrap parameters will be returned.\n","enum":["pkcs1","oaep","oaep256","oaep384","oaep512"]},"wrapKeyName":{"type":"string","description":"1. While creating a new key, If 'includeMaterial' is true, then only the key material will be wrapped with material of the specified key name. The response \"material\"\nproperty will be the base64 encoded ciphertext. For more details, view \"wrapKeyName\" in export parameters.\n\n2. While importing a key, the key material will be unwrapped with material of the specified key name. The only applicable \"wrappingMethod\" for the unwrapping is \"encrypt\" \nand the wrapping key has to be an AES key or an RSA private key.\n"},"wrapKeyIDType":{"type":"string","description":"IDType specifies how the wrapKeyName should be interpreted. \nValues can be:\n * name\n * id\n * alias\n"},"wrappingMethod":{"type":"string","description":"This parameter specifies the wrapping method used to wrap/mac/sign the key material.\nValid values:\n * encrypt\n * mac/sign\n * pbe \n\nIn \"encrypt\", the material of a symmetric key, private key or a certificate can be unwrapped based on\nseveral available parameters. \n\nFor AES Key Wrap with Padding(RFC 5649) or AES Key Wrap(RFC 3394)\nalgorithms, a wrapped symmetric key, private key or a certificate can be unwrapped using an AES wrapping key. For\nunwrapping a symmetric key and importing it, the following parameters are needed:\n * \"wrapKeyName\"(AES key)\n * \"wrapKeyIDType\"(optional)\n * \"wrappingEncryptionAlgo\" \n * \"padded\"(optional, required if padding not mentioned in \"wrappingEncryptionAlgo\")\n * \"material\" \n\nFor unwrapping a wrapped private key, the following parameters are needed:\n * \"wrapKeyName\"(AES key)\n * \"wrapKeyIDType\"(optional)\n * \"wrappingEncryptionAlgo\"(only \"aes/aeskeywrappadding\" allowed) \n * \"material\" \n\nFor unwrapping a wrapped certificate, the following parameters are needed:\n * \"wrapKeyName\"(AES key)\n * \"wrapKeyIDType\"(optional)\n * \"wrappingEncryptionAlgo\"(only \"aes/aeskeywrappadding\" allowed) \n * \"padded\"(only true is valid) \n\nAdditionally \"wrapHKDF\" parameters can be set in order to derive a wrapping key for the wrapping algorithm(RFC 5649/3394) \n\nA wrapped symmetric key can be unwrapped with RSA encryption using an RSA private key. \nFor this, the following parameters are needed: \n * \"wrapKeyName\"(RSA private key)\n * \"wrapKeyIDType\"(optional)\n * \"wrapPublicKeyPadding\"\n * \"material\" \n\nFor unwrapping a wrapped RSA private key with RSA AES KWP algorithm using an RSA private key, the following parameters are needed:\n * \"wrapKeyName\"(RSA private key)\n * \"wrapKeyIDType\"(optional)\n * \"wrappingEncryptionAlgo\"(set to \"rsa/rsaaeskeywrappadding\")\n * \"wrapRSAAES\"\n * \"material\" \n\n\nIn \"mac/sign\", either MAC or signature will be verified based on type of the key in \"macSignKeyIdentifier\". \nFor MAC operation, the hash algorithm will be inferred from the type of key using the \"macSignKeyIdentifier\" field which has to be an HMAC key. \nThe following parameters are needed for this operation:\n * \"macSignBytes\"\n * \"macSignKeyIdentifier\"\n * \"macSignKeyIdentifierType\"(optional) \n * \"material\" \n\nFor SIGN operation, the key used to verify the signature(\"macSignKeyIdentifier\") has to be an RSA private or public key. \nThe following parameters are needed for this operation:\n * \"macSignBytes\"\n * \"macSignKeyIdentifier\"\n * \"macSignKeyIdentifierType\"(optional)\n * \"signingAlgo\"\n * \"wrappingHashAlgo\" \n * \"material\" \n\nFor \"pbe\" (password based encryption) operation, a wrapped symmetric key, private key or a certificate can be \nunwrapped using the following parameters:\n * \"padded\"(for a symmetric key)\n * \"wrapPBE\" \n * \"material\" \n\n\nAdditionally, if \"includeMaterial\" query parameter is true, and the wrapping parameters are set as per \n\"wrappingMethod\" in export, the wrapped material can be obtained in the \"material\" field in response.\n"},"wrappingEncryptionAlgo":{"type":"string","enum":["AES/AESKEYWRAP","AES/AESKEYWRAPPADDING","RSA/RSAAESKEYWRAPPADDING"],"description":"It indicates the Encryption Algorithm information for wrapping the key.\nFormat is : Algorithm/Mode/Padding. For example : AES/AESKEYWRAP. Here AES is Algorithm, AESKEYWRAP is Mode & Padding is not specified.\nAES/AESKEYWRAP is RFC-3394 & AES/AESKEYWRAPPADDING is RFC-5649. For wrapping private key, only AES/AESKEYWRAPPADDING is allowed.\nRSA/RSAAESKEYWRAPPADDING is used to wrap/unwrap asymmetric keys using RSA AES KWP method. Refer \"WrapRSAAES\" to provide optional parameters.\n"},"wrappingHashAlgo":{"type":"string","description":"This parameter specifies the hashing algorithm used if \"wrappingMethod\" corresponds to \"mac/sign\".\nIn case of MAC operation, the hashing algorithm used will be inferred from the type of HMAC key(\"macSignKeyIdentifier\"). \nIn case of SIGN operation, the possible values are: \n * sha1\n * sha224\n * sha256\n * sha384\n * sha512\n"},"wrapHKDF":{"type":"object","title":"HKDF Wrap Parameters","description":"Information which is used to wrap a Key using HKDF.","properties":{"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF Wrapping.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"},"okmLen":{"type":"integer","description":"The desired output key material length in integer.\n"}}},"wrapPBE":{"type":"object","title":"Password based encryption parameters for generating password based derived keys.","description":"WrapPBE derives the key from the password and other parameters such as salt, iteration count, hashing algorithm, and derived key-length. PBE currently supports wrapping of symmetric keys (AES), private keys, and certificates.\nWrapPBE is a two-step process to export a key as mentioned below. The key import is similar to the key export but it unwraps the target key in the second step.\nStep 1 Use PBKDF2 with the specified parameters (pwd, hash-function, salt, iterations, purpose (opt), KEK length) to derive the KEK. For more details, refer to RFC 2898.\nStep 2 Perform AES-KW/KWP to wrap the target key using the KEK derived from Step 1. The AES KEK size is calculated by the KEK length parameter as described in Step 1. For more details, refer to RFC 3394 and 5649.\n","properties":{"hashAlgorithm":{"type":"string","description":"Underlying hashing algorithm that acts as a pseudorandom function to generate derive keys.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512","hmac-sha512/224","hmac-sha512/256","hmac-sha3-224","hmac-sha3-256","hmac-sha3-384","hmac-sha3-512"]},"password":{"type":"string","description":"Base password to generate derive keys. It cannot be used in conjunction with passwordidentifier.\npassword must be in range of 8 bytes to 128 bytes.\n"},"passwordIdentifier":{"type":"string","description":"Secret password identifier for password. It cannot be used in conjunction with password.\n"},"passwordIdentifierType":{"type":"string","description":"Type of the Passwordidentifier. If not set then default value is name.\n","enum":["id","name","slug"]},"salt":{"type":"string","description":"A Hex encoded string.\npbeSalt must be in range of 16 bytes to 512 bytes.\n"},"purpose":{"type":"string","description":"User defined purpose. If specified will be prefixed to pbeSalt.\npbePurpose must not be greater than 128 bytes.\n"},"dklen":{"type":"integer","description":"Intended length in octets of the derived key.\ndklen must be in range of 14 bytes to 512 bytes.\n"},"iteration":{"type":"integer","description":"Iteration count increase the cost of producing keys from a password.\nIteration must be in range of 1 to 1,00,00,000.\n"}}},"wrapRSAAES":{"type":"object","title":"RSA AES KWP parameters","description":"Information which is used to wrap/unwrap asymmetric keys using RSA AES KWP method.\nThis method internally requires AES key size to generate a temporary AES key and RSA padding.\nTo use WrapRSAAES, algorithm \"RSA/RSAAESKEYWRAPPADDING\" must be specified in WrappingEncryptionAlgo.\n","properties":{"aesKeySize":{"type":"integer","description":"Size of AES key for RSA AES KWP. Accepted value are 128, 192, 256.\nDefault value is \"256\".\n"},"padding":{"type":"string","description":"Padding specifies the type of padding scheme that needs to be set when exporting\nthe Key using RSA AES wrap. Accepted values are \"oaep\", \"oaep256\", \"oaep384\", \"oaep512\",\nDefault value is \"oaep256\".\n","enum":["oaep","oaep256","oaep384","oaep512"]}}},"padded":{"type":"boolean","description":"This parameter determines the padding for the wrap algorithm while unwrapping a symmetric key,\n * if \"wrappingMethod\" is \"encrypt\" and the \"wrappingEncryptionAlgo\" doesn't have a mode set\n * if \"wrappingMethod\" is \"pbe\". \n\nIf true, the RFC 5649(AES Key Wrap with Padding) is followed and if false, RFC 3394(AES Key Wrap) is followed for unwrapping the material for the symmetric key. \n\nIf a certificate is being unwrapped with the \"wrappingMethod\" set to \"encrypt\", the \"padded\" parameter has to be set to true. \nThis parameter defaults to false.\n"},"format":{"type":"string","description":"This parameter is used while importing keys ('material' is not empty), and also when returning\nthe key material after the key is created ('includeMaterial' is true).\n\n**For Asymmetric keys:**\n When this parameter is not specified, while importing keys, the format of the material is inferred from the material itself.\n When this parameter is specified, while importing keys, the only allowed format is 'pkcs12', and this only applies\n to the 'rsa' algorithm (the 'material' should contain the base64 encoded value of the PFX file in this case).\n\n When returning the key material, this parameter specifies the format of the returned key material.\n\n*Options:*\n\n- pkcs1\n- pkcs8 (default)\n- pkcs12\n\n**For Symmetric keys:**\n When importing keys if specified, the value must be given according to the format of the material.\n\n When returning the key material, this parameter specifies the format of the returned key material.\n\n *Options:*\n\n- raw \n- opaque \n"},"encoding":{"type":"string","description":"Specifies the encoding used for the 'material' field. This parameter is used :\n * during importing keys when key material is not empty\n * while returning the key material after the key is created ('includeMaterial' is true)\n\nFor wrapping scenarios and PKCS12 format, the only valid option is base64.\nIn case of \"Symmetric Keys\" when 'format' parameter has 'base64' value and 'encoding' parameter also contains some value;\nthe encoding parameter takes the priority. Following are the options for Symmetric Keys:\n","enum":["hex","base64"]},"material":{"type":"string","description":"If set, the value will be imported as the key's material. If not set, new key material will be\ngenerated on the server (certificate objects must always specify the material).\nThe format of this value depends on the algorithm. If the algorithm is\n'aes', 'tdes', 'hmac-*', 'seed' or 'aria', the value should be the hex-encoded bytes of the key material.\nIf the algorithm is 'rsa', and the format is 'pkcs12', it should be the base64 encoded PFX file.\nIf the algorithm is 'rsa' or 'ec', and format is not 'pkcs12', the value should be a PEM-encoded private\nor public key using PKCS1 or PKCS8 format.\nFor a X.509 DER encoded certificate, certType equals 'x509-der' and the material should equal the hex encoded certificate.\nThe material for a X.509 PEM encoded certificate (certType = 'x509-pem') should equal the certificate itself.\nWhen placing the PEM encoded certificate inside a JSON object (as in the playground), be sure to change\nall new line characters in the certificate to the string '\\n'.\n"},"defaultIV":{"type":"string","description":"Deprecated. This field was introduced to support specific legacy integrations and applications. New applications are strongly recommended to use a unique IV for each encryption request. Refer to Crypto encrypt endpoint for more details. Must be a 16 byte hex encoded string (32 characters long). If specified, this will be set as the default IV for this key."},"unexportable":{"type":"boolean","description":"Key is not exportable. Defaults to false.\n"},"undeletable":{"type":"boolean","description":"Key is not deletable. Defaults to false."},"meta":{"type":"object","description":"Optional end-user or service data stored with the key","properties":{"ownerId":{"type":"string","description":"Optional owner information for the key, required for non-admin. Value should be the user's `user_id`"}}},"state":{"type":"string","description":"Optional initial key state (Pre-Active) upon creation. Defaults to Active. If set,\nactivationDate and processStartDate can not be specified during key creation.\nIn case of import, allowed values are \"Pre-Active\", \"Active\", \"Deactivated\", \"Destroyed\", \"Compromised\"\nand \"Destroyed Compromised\". If key material is not specified, it will not be autogenerated if input\nparameters correspond to either of these states - \"Deactivated\", \"Destroyed\", \"Compromised\" and\n\"Destroyed Compromised\". Key in \"Destroyed\" or \"Destroyed Compromised\" state would not have key material even\nif specified during key creation.\n"},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"aliases":{"type":"array","description":"Aliases associated with the key. The alias and alias-type must be specified.\nThe alias index is assigned by this operation, and need not be specified.\n","items":{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}},"publicKeyParameters":{"type":"object","title":"Public Key","description":"Information needed to create a public key.","properties":{"name":{"type":"string","description":"Friendly name of the corresponding public key"},"usageMask":{"type":"integer","description":"Defined in PostKey parameters"},"meta":{"type":"object","description":"Optional end-user or service data stored with the key"},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"state":{"type":"string","description":"Optional initial key state (Pre-Active) upon creation. If set,\nactivationDate and processStartDate can not be specified during key creation.\nDefaults to Active.\n"},"aliases":{"type":"array","description":"Aliases associated with the key. The alias and alias-type must be specified.\nThe alias index is assigned by this operation, and need not be specified.\n","items":{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}},"unexportable":{"type":"boolean","description":"Key is not exportable. Defaults to false.\n"},"undeletable":{"type":"boolean","description":"Key is not deletable. Defaults to false."}}},"certType":{"type":"string","description":"This specifies the type of certificate object that is being created. Valid values\nare 'x509-pem' and 'x509-der'. At present, we only support x.509 certificates.\nThe cerfificate data is passed in via the 'material' field. The certificate type\nis infered from the material if it is left blank.\n"},"password":{"type":"string","description":"For pkcs12 format, either password or secretDataLink should be specified.\nThis should be the base64 encoded value of the password.\n"},"secretDataLink":{"type":"string","description":"For pkcs12 format, either secretDataLink or password should be specified.\nThe value can be either ID or name of Secret Data.\n"},"secretDataEncoding":{"type":"string","description":"For pkcs12 format, this field specifies the encoding method used for the secretDataLink material.\nIgnore this field if secretData is created from REST and is in plain format.\nSpecify the value of this field as HEX format if secretData is created from KMIP.\n"},"hkdfCreateParameters":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"generateKeyId":{"type":"boolean","description":"If specified as true, the key's keyId identifier of type long is generated. Defaults to false.\n"},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal\nlowercase digits with 4 dashes.\nThis is optional.\n- If set, the value is imported as the key's uuid.\n- If not set, new key uuid is generated on the server.\n"},"muid":{"type":"string","description":"Additional identifier of the key.\nThis is optional.\n- If set, the value is imported as the key's muid.\n"},"keyId":{"type":"string","description":"Additional identifier of the key. The format of this value is of type long.\nThis is optional.\n- If set, the value is imported as the key's keyId.\n"},"id":{"type":"string","description":"This optional parameter specifies the identifier of the key (id).\nIt is used only when creating keys with specific key material. If set, the key's id is set to this value.\n"},"rotationFrequencyDays":{"type":"string","description":"Number of days from current date to rotate the key. It should be greater than or equal to 0. Default is an empty string.\nIf set to 0, rotationFrequencyDays set to an empty string and auto rotation of key will be disabled.\n"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed."},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the object was first believed to be compromised, if known.\nOnly valid if the revocation reason is CACompromise or KeyCompromise, otherwise ignored.\n"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object entered into the compromised state."},"revocationReason":{"type":"string","description":"The reason the key is being revoked.","enum":["Unspecified","KeyCompromise","CACompromise","AffiliationChanged","Superseded","CessationOfOperation","PrivilegeWithdrawn"]},"revocationMessage":{"type":"string","description":"Message explaining revocation."},"idSize":{"type":"integer","description":"Size of the ID for the key"},"labels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys. APIs that list keys can use\nlabels to filter the set of matching resources.\n\nA label's key has an optional prefix up to 253 characters followed by a\nforward slash and a required name up to 63 characters. For example,\n`sales.widgets.com/region` is a label key with the prefix\n`sales.widgets.com` and the name `region`, while `region` is a label key\nwithout a prefix.\n\nA label's value may be empty and may be up to 63 characters.\n\nEach part of the label (i.e. the prefix, name, and value) must begin\nand end with an alphanumeric character (a-zA-Z0-9). Characters\ninbetween the beginning and end may contain alphanumeric characters,\ndots (.), dashes (-) and underscores (_).\n\nA Label can be a simple tag by specifying a key with no value\n(e.g. `{ \"critical\": \"\" }`).\n\nHere's a full example showing a name/value pair with prefix, a name/value pair, and a simple tag:\n```\n \"labels\": {\n \"sales.widgets.com/region\": \"noram\",\n \"team\": \"sales\",\n \"critical\": \"\"\n }\n```\n","example":{"region":"noram","team":"sales"}},"emptyMaterial":{"type":"boolean","description":"If set to `true`, the key material is not created and left empty.\n"},"assignSelfAsOwner":{"type":"boolean","description":"If set to `true`, the user who is creating the key is set as the key owner. Specify either `assignSelfAsOwner`\nor `ownerId` in the meta, not both. Specifying both in the meta returns an error.\n"},"description":{"type":"string","description":"It store information about key"},"templateId":{"type":"string","description":"The template ID field that a user needs to provide for creating a key using the template."}},"example":{"name":"My Encryption Key","usageMask":12,"algorithm":"aes","meta":{"ownerId":"local|1a45d..."},"state":"Pre-Active","deactivationDate":"2018-10-02T14:24:37.436073Z","protectStopDate":"2018-10-02T14:24:37.436073Z","aliases":[{"alias":"altname1","type":"string"},{"alias":"altname2:keysecure:gemalto:com","type":"uri"}]}}}],"responses":{"201":{"description":"Successful key creation.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"state":{"type":"string","x-nullable":true,"description":"Current state of the key"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"rotationFrequencyDays":{"type":"string","x-nullable":true,"description":"Number of days from current date to rotate the key"},"scheduledRotationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the key will be rotated"},"usage":{"type":"string","x-nullable":true,"description":"Deprecated. Key usage"},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"meta":{"type":"object","format":"JSON","description":"Optional end-user or service data stored with the key"},"appMeta":{"type":"object","format":"JSON","description":"Optional app data stored with the key"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"aliases":{"type":"array","description":"Information associated with the KMIP Attribute called 'Name'","items":{"allOf":[{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}]}},"links":{"type":"array","description":"Information related to link from one Managed Cryptographic Object to another","items":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]}]}},"sha1Fingerprint":{"type":"string","x-nullable":true,"description":"This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha256Fingerprint":{"type":"string","x-nullable":true,"description":"SHA256 fingerprint of the key"},"sha384Fingerprint":{"x-feature":"FF_SHA384_IN_KEYS","type":"string","x-nullable":true,"description":"SHA384 fingerprint of the key"},"defaultIV":{"type":"string","x-nullable":true,"description":"Deprecated. This field was introduced to support specific legacy integrations and applications.\nNew applications are strongly recommended to use a unique IV for each encryption request\n"},"publickey":{"type":"string","x-nullable":true},"curveid":{"type":"string","x-nullable":true,"description":"elliptic key curve id"},"version":{"type":"integer","description":"key version"},"algorithm":{"type":"string","description":"key algorithm"},"size":{"type":"integer","x-nullable":true,"description":"Bit length for the key."},"unexportable":{"type":"boolean","description":"Key is not exportable if set to true."},"undeletable":{"type":"boolean","description":"Key is not deletable if set to true."},"neverExported":{"type":"boolean"},"neverExportable":{"type":"boolean"},"format":{"type":"string","x-nullable":true,"description":"format of the returned key material. It is one of 'pkcs1', 'pkcs8 (default)', 'pkcs12' for Asymmetric keys.\nAnd 'raw' or 'opaque' for Symmetric keys.\n"},"emptyMaterial":{"type":"boolean","description":"If set to true, the key material is not created and left empty."},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"splitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"pgpKeyVersion":{"type":"integer","x-nullable":true},"hkdfFields":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal lowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n"},"muid":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. This is optional and applicable for import key only.\n"},"keyId":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. The format of this value is of type long. This is optional and applicable for import key only.\n"},"idSize":{"type":"integer","x-nullable":true,"description":"Size of the ID for the key"},"labels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"permissions":{"type":"object","format":"JSON","x-nullable":true,"description":"This property holds a map of actions to user groups"},"description":{"type":"string","x-nullable":true,"description":"It store information about key"},"keyCheckValue":{"type":"string","x-nullable":true,"description":"KCV of the symmetric key"}}}]}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904312Z","name":"sample RSA key","updatedAt":"2016-12-02T21:23:48.853904312Z","usageMask":12,"meta":{},"version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB-----END PUBLIC KEY-----","objectType\"":"Private Key","activationDate":"2017-10-02T14:24:37.436073Z","state":"Active","aliases":[{"alias":"altname1","type":"string","index":0},{"alias":"altname2:keysecure:gemalto:com","type":"uri","index":1}],"links":[{"id":"166997fb-850d-4b1d-af0c-724a5fb13576","type":"publicKey","targetID":"80f3f406-349d-4509-9ad1-5c019fc0a1ee"}],"uuid":"f813745d-3126-4c05-9f09-467619ddff78","muid":"f813745d-3126-4c05-9f09-467619ddff78d1c85c6f-d778-4267-b171-97485147942e","keyId":"2825844310","labels":{"region":"noram","team":"sales"},"description":"This key is used to protect customer data."}}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/vault/keys2/{id}":{"parameters":[{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. {{FF_LATEST_ACTIVE_KEY_VERSION| If -2 is specified then nae latest active version of key will be returned.}} \nOnly valid if the identifier is a key name or id , otherwise version is ignored.","type":"number"},{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns information about the key. Does not return the actual key\nmaterial (that is an \"export\", which is a different endpoint).\n\nDefaults to fetching the latest version of the key.\n","tags":["Keys"],"x-permissions":["ReadKey"],"x-resource-type":"Keys","x-product":"Platform","parameters":[{"name":"usageMask","in":"query","description":"Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303.\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n","type":"integer"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"state":{"type":"string","x-nullable":true,"description":"Current state of the key"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"rotationFrequencyDays":{"type":"string","x-nullable":true,"description":"Number of days from current date to rotate the key"},"scheduledRotationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the key will be rotated"},"usage":{"type":"string","x-nullable":true,"description":"Deprecated. Key usage"},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"meta":{"type":"object","format":"JSON","description":"Optional end-user or service data stored with the key"},"appMeta":{"type":"object","format":"JSON","description":"Optional app data stored with the key"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"aliases":{"type":"array","description":"Information associated with the KMIP Attribute called 'Name'","items":{"allOf":[{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}]}},"links":{"type":"array","description":"Information related to link from one Managed Cryptographic Object to another","items":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]}]}},"sha1Fingerprint":{"type":"string","x-nullable":true,"description":"This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha256Fingerprint":{"type":"string","x-nullable":true,"description":"SHA256 fingerprint of the key"},"sha384Fingerprint":{"x-feature":"FF_SHA384_IN_KEYS","type":"string","x-nullable":true,"description":"SHA384 fingerprint of the key"},"defaultIV":{"type":"string","x-nullable":true,"description":"Deprecated. This field was introduced to support specific legacy integrations and applications.\nNew applications are strongly recommended to use a unique IV for each encryption request\n"},"publickey":{"type":"string","x-nullable":true},"curveid":{"type":"string","x-nullable":true,"description":"elliptic key curve id"},"version":{"type":"integer","description":"key version"},"algorithm":{"type":"string","description":"key algorithm"},"size":{"type":"integer","x-nullable":true,"description":"Bit length for the key."},"unexportable":{"type":"boolean","description":"Key is not exportable if set to true."},"undeletable":{"type":"boolean","description":"Key is not deletable if set to true."},"neverExported":{"type":"boolean"},"neverExportable":{"type":"boolean"},"format":{"type":"string","x-nullable":true,"description":"format of the returned key material. It is one of 'pkcs1', 'pkcs8 (default)', 'pkcs12' for Asymmetric keys.\nAnd 'raw' or 'opaque' for Symmetric keys.\n"},"emptyMaterial":{"type":"boolean","description":"If set to true, the key material is not created and left empty."},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"splitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"pgpKeyVersion":{"type":"integer","x-nullable":true},"hkdfFields":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal lowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n"},"muid":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. This is optional and applicable for import key only.\n"},"keyId":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. The format of this value is of type long. This is optional and applicable for import key only.\n"},"idSize":{"type":"integer","x-nullable":true,"description":"Size of the ID for the key"},"labels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"permissions":{"type":"object","format":"JSON","x-nullable":true,"description":"This property holds a map of actions to user groups"},"description":{"type":"string","x-nullable":true,"description":"It store information about key"},"keyCheckValue":{"type":"string","x-nullable":true,"description":"KCV of the symmetric key"}}}]}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904312Z","name":"sample RSA key","updatedAt":"2016-12-02T21:23:48.853904312Z","usageMask":12,"meta":{},"version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB-----END PUBLIC KEY-----","activationDate":"2017-10-02T14:24:37.436073Z","state":"Active","links":[{"id":"166997fb-850d-4b1d-af0c-724a5fb13576","type":"publicKey","targetID":"80f3f406-349d-4509-9ad1-5c019fc0a1ee"}],"uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"},"description":"This key is used to protect customer data."}}},"409":{"description":"Conflict | An existing key has an incompatible usage."}}},"patch":{"summary":"Update","description":"Updates the key properties. This can be used to update the key\nmetadata, change the exportable and deletable properties, activation date,\ndeactivation date, compromise occurance date and revocation reason for the key.\n\nIf you update the `meta` field, and both the current value and the\nupdated value are JSON objects, the fields of the objects will be\nbe merged.\n\nThis operation can be used to add, delete and modify key aliases.\nTo add an alias, pass in the alias and alias-type.\nTo delete an alias, pass the unique index of the alias to be deleted.\nTo modify an alias, pass the index as well as the new values of the alias and alias-type.\n","tags":["Keys"],"x-permissions":["ReadKey","UpdateKey","UpdateKeyAppMeta"],"x-resource-type":"Keys","x-product":"Platform","parameters":[{"name":"body","in":"body","description":"The new metadata to update. The \"Body Sample\" on the right pane shows the format.","required":true,"schema":{"title":"Update Key","properties":{"meta":{"type":"object","description":"Optional end-user or service data stored with the key"},"unexportable":{"type":"boolean","description":"Key is not exportable.\n"},"undeletable":{"type":"boolean","description":"Key is not deletable."},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Object activation date."},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Object deactivation date."},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Object archive date."},"rotationFrequencyDays":{"type":"string","description":"Number of days from current date to rotate the key. It should be greater than or equal to 0. Default is an empty string.\nIf set to 0, rotationFrequencyDays set to an empty string and auto rotation of key will be disabled.\n"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"revocationReason":{"type":"string","description":"Revocation Reason Code for revoking the object. Required in conjunction with compromiseOccurrenceDate.\nIt is one of 'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message. Optionally used in conjunction with revocationReason."},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"aliases":{"type":"array","description":"Information needed for adding, modifying or deleting key aliases.\nTo delete a key, just specify its index. To add a key, do not specify the index.\nTo modify a key, specify its index, and the new values of the alias and type.\n","items":{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}},"muid":{"type":"string","description":"Optional additional identifier of the key.\nIt can be set if not set already.\n"},"keyId":{"type":"string","description":"Optional additional identifier of the key.\nIt can be set if not set already.\n"},"allVersions":{"type":"boolean","description":"To update the group permissions/custom attribute or both in metadata of all versions of the key.\nThis parameter also updates the usageMask, undeletable, and unexportable properties of all versions of a key at once.\nBy default it is set to false.\nSet to true, only when to update the group/custom attribute or both permissions of all versions of the key.\nIf this parameter is set to true, use the key name as the identifier.\n"},"usageMask":{"type":"integer","description":"Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303.\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"},"labels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys. When labels are provided\nthey are merged with the key's existing labels.\n\nTo remove a label, set the label's value to `null`.\n```\n \"labels\": {\n \"critical\": null\n }\n```\n\nTo remove all labels, set `labels` to `null`.\n```\n \"labels\": null\n```\n\nRefer to the schema under `/v1/vault/keys2 POST` for a full description\nof labels.\n","example":{"region":"noram","team":"sales"}},"description":{"type":"string","description":"It store information about the key"}},"example":{"meta":"Sample Metadata","activationDate":"2017-10-02T14:24:37.436073Z","deactivationDate":"2018-10-02T14:24:37.436073Z","processStartDate":"2017-10-02T14:24:37.436073Z","protectStopDate":"2018-10-02T14:24:37.436073Z","aliases":[{"alias":"modified-altname1","type":"string","index":0},{"alias":"newname3","type":"string"},{"index":1}],"allVersions":false,"usageMask":3}}}],"responses":{"201":{"description":"Successful resource update.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"state":{"type":"string","x-nullable":true,"description":"Current state of the key"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"rotationFrequencyDays":{"type":"string","x-nullable":true,"description":"Number of days from current date to rotate the key"},"scheduledRotationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the key will be rotated"},"usage":{"type":"string","x-nullable":true,"description":"Deprecated. Key usage"},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"meta":{"type":"object","format":"JSON","description":"Optional end-user or service data stored with the key"},"appMeta":{"type":"object","format":"JSON","description":"Optional app data stored with the key"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"aliases":{"type":"array","description":"Information associated with the KMIP Attribute called 'Name'","items":{"allOf":[{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}]}},"links":{"type":"array","description":"Information related to link from one Managed Cryptographic Object to another","items":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]}]}},"sha1Fingerprint":{"type":"string","x-nullable":true,"description":"This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha256Fingerprint":{"type":"string","x-nullable":true,"description":"SHA256 fingerprint of the key"},"sha384Fingerprint":{"x-feature":"FF_SHA384_IN_KEYS","type":"string","x-nullable":true,"description":"SHA384 fingerprint of the key"},"defaultIV":{"type":"string","x-nullable":true,"description":"Deprecated. This field was introduced to support specific legacy integrations and applications.\nNew applications are strongly recommended to use a unique IV for each encryption request\n"},"publickey":{"type":"string","x-nullable":true},"curveid":{"type":"string","x-nullable":true,"description":"elliptic key curve id"},"version":{"type":"integer","description":"key version"},"algorithm":{"type":"string","description":"key algorithm"},"size":{"type":"integer","x-nullable":true,"description":"Bit length for the key."},"unexportable":{"type":"boolean","description":"Key is not exportable if set to true."},"undeletable":{"type":"boolean","description":"Key is not deletable if set to true."},"neverExported":{"type":"boolean"},"neverExportable":{"type":"boolean"},"format":{"type":"string","x-nullable":true,"description":"format of the returned key material. It is one of 'pkcs1', 'pkcs8 (default)', 'pkcs12' for Asymmetric keys.\nAnd 'raw' or 'opaque' for Symmetric keys.\n"},"emptyMaterial":{"type":"boolean","description":"If set to true, the key material is not created and left empty."},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"splitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"pgpKeyVersion":{"type":"integer","x-nullable":true},"hkdfFields":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal lowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n"},"muid":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. This is optional and applicable for import key only.\n"},"keyId":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. The format of this value is of type long. This is optional and applicable for import key only.\n"},"idSize":{"type":"integer","x-nullable":true,"description":"Size of the ID for the key"},"labels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"permissions":{"type":"object","format":"JSON","x-nullable":true,"description":"This property holds a map of actions to user groups"},"description":{"type":"string","x-nullable":true,"description":"It store information about key"},"keyCheckValue":{"type":"string","x-nullable":true,"description":"KCV of the symmetric key"}}}]}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904Z","name":"sample RSA key","updatedAt":"2016-12-02T21:31:30.854924686Z","usageMask":12,"meta":"Object","myTag":"myValue","version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","activationDate":"2017-10-02T14:24:37.436073Z","state":"Active","aliases":[{"alias":"modified-altname1","type":"string","index":0},{"alias":"newname3","type":"string","index":2}],"uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"},"description":"This key is used to protect customer data."}}}}},"delete":{"summary":"Delete","description":"Deletes a key.","tags":["Keys"],"x-permissions":["DeleteKey"],"x-resource-type":"Keys","x-product":"Platform","responses":{"204":{"description":"No Content | Successful deletion of key."}}}},"/v1/vault/keys2/{id}/versions/":{"parameters":[{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List versions","description":"Returns a list of all the versions of a key.","tags":["Keys"],"x-permissions":["ReadKey"],"x-resource-type":"Keys","x-product":"Platform","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill attempt to include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, supported fields are \"meta\" and \"links\". The server will only include the meta\nattribute in the response if the query parameters includes \"fields=meta\"\n"},{"name":"state","in":"query","type":"string","description":"Filters results to those with matching key state. Allowed values are\n\"Pre-Active\", \"Active\", \"Deactivated\", \"Destroyed\", \"Compromised\" and \"Destroyed Compromised\".\n"},{"name":"alias","in":"query","type":"string","description":"Filters results to those with matching aliases. The '?' and '*' wildcard characters or\ncomma separted aliases may be used.\n"},{"name":"linkType","in":"query","type":"string","description":"Filters results to those with matching link types. The '?' and '*' wildcard characters or\ncomma separted link types may be used.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"state":{"type":"string","x-nullable":true,"description":"Current state of the key"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"rotationFrequencyDays":{"type":"string","x-nullable":true,"description":"Number of days from current date to rotate the key"},"scheduledRotationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the key will be rotated"},"usage":{"type":"string","x-nullable":true,"description":"Deprecated. Key usage"},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"meta":{"type":"object","format":"JSON","description":"Optional end-user or service data stored with the key"},"appMeta":{"type":"object","format":"JSON","description":"Optional app data stored with the key"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"aliases":{"type":"array","description":"Information associated with the KMIP Attribute called 'Name'","items":{"allOf":[{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}]}},"links":{"type":"array","description":"Information related to link from one Managed Cryptographic Object to another","items":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]}]}},"sha1Fingerprint":{"type":"string","x-nullable":true,"description":"This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha256Fingerprint":{"type":"string","x-nullable":true,"description":"SHA256 fingerprint of the key"},"sha384Fingerprint":{"x-feature":"FF_SHA384_IN_KEYS","type":"string","x-nullable":true,"description":"SHA384 fingerprint of the key"},"defaultIV":{"type":"string","x-nullable":true,"description":"Deprecated. This field was introduced to support specific legacy integrations and applications.\nNew applications are strongly recommended to use a unique IV for each encryption request\n"},"publickey":{"type":"string","x-nullable":true},"curveid":{"type":"string","x-nullable":true,"description":"elliptic key curve id"},"version":{"type":"integer","description":"key version"},"algorithm":{"type":"string","description":"key algorithm"},"size":{"type":"integer","x-nullable":true,"description":"Bit length for the key."},"unexportable":{"type":"boolean","description":"Key is not exportable if set to true."},"undeletable":{"type":"boolean","description":"Key is not deletable if set to true."},"neverExported":{"type":"boolean"},"neverExportable":{"type":"boolean"},"format":{"type":"string","x-nullable":true,"description":"format of the returned key material. It is one of 'pkcs1', 'pkcs8 (default)', 'pkcs12' for Asymmetric keys.\nAnd 'raw' or 'opaque' for Symmetric keys.\n"},"emptyMaterial":{"type":"boolean","description":"If set to true, the key material is not created and left empty."},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"splitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"pgpKeyVersion":{"type":"integer","x-nullable":true},"hkdfFields":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal lowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n"},"muid":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. This is optional and applicable for import key only.\n"},"keyId":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. The format of this value is of type long. This is optional and applicable for import key only.\n"},"idSize":{"type":"integer","x-nullable":true,"description":"Size of the ID for the key"},"labels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"permissions":{"type":"object","format":"JSON","x-nullable":true,"description":"This property holds a map of actions to user groups"},"description":{"type":"string","x-nullable":true,"description":"It store information about key"},"keyCheckValue":{"type":"string","x-nullable":true,"description":"KCV of the symmetric key"}}}]}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904Z","name":"sample RSA key","updatedAt":"2016-12-02T21:31:30.854925Z","usageMask":12,"version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"},"description":"This key is used to protect customer data."}]}}}}},"post":{"summary":"Create version","description":"Generates a new version of a key with the same keyname, metadata and attributes other than 'material', 'createdAt', and 'updatedAt'.","tags":["Keys"],"x-permissions":["ReadKey","ReadLink","CreateKeyVersion","ExportKey"],"x-resource-type":"Keys","x-product":"Platform","parameters":[{"name":"includeMaterial","in":"query","required":false,"description":"Include key bytes in the response. If set to 'false' or not specified, only key meta data is returned.","type":"string"},{"name":"body","in":"body","schema":{"type":"object","title":"Generate New Version","properties":{"material":{"type":"string","description":"If set, the value will be imported as the key's material. If not set, new key material will be\ngenerated on the server. The format of this value depends on the algorithm. If the algorithm is\n'aes', 'tdes', 'hmac-*', 'seed' or 'aria', the value should be the hex-encoded bytes of the key material\nunless format 'base64' is specified, in whcih case the key material is base64-encoded. If the algorithm is\n'rsa' or 'ec', the value should be a PEM-encoded private or public key using PKCS1 or PKCS8 format.\nFor a X.509 DER encoded certificate, certType equals 'x509-der' and the material should equal the hex encoded certificate.\nThe material for a X.509 PEM encoded certificate (certType = 'x509-pem') should equal the certificate itself.\nWhen placing the PEM encoded certificate inside a JSON object (as in the playground), be sure to change\nall new line characters in the certificate to the string '\\n'.\n"},"defaultIV":{"type":"string","description":"Deprecated. This field was introduced to support specific legacy integrations and applications. New applications are strongly recommended to use a unique IV for each encryption request. Refer to Crypto encrypt endpoint for more details. Must be a 16 byte hex encoded string (32 characters long). If specified, this will be set as the default IV for this key."},"wrapPublicKey":{"type":"string","description":"If the algorithm is 'aes','tdes','hmac-*', 'seed' or 'aria', this value will be used to encrypt\nthe returned key material. This value is ignored for other algorithms. Value must be an RSA public\nkey, PEM-encoded public key in either PKCS1 or PKCS8 format, or a PEM-encoded X.509 certificate.\nIf set, the returned 'material' value will be a Base64 encoded PKCS#1 v1.5 encrypted key.\nOnly applicable if 'includeMaterial' is true.\n"},"wrapPublicKeyPadding":{"type":"string","description":"1. wrapPublicKeyPadding specifies the type of padding scheme that needs to be set when importing\nthe Key using the specified wrapkey. Accepted values are \"pkcs1\", \"oaep\", \"oaep256\", \"oaep384\", \"oaep512\",\nand will default to \"pkcs1\" when 'wrapPublicKeyPadding' is not set and 'WrapPublicKey' is set.\n\n2. While creating a new version of a key, wrapPublicKeyPadding parameter should be specified only if 'includeMaterial' is true.\nIn this case, key will get created and in response wrapped material using specified wrapPublicKeyPadding and other\nwrap parameters will be returned.\n"},"wrapKeyName":{"type":"string","description":"1. While creating a new key, If 'includeMaterial' is true, then only the key material will be wrapped with material of the specified key name. The response \"material\"\nproperty will be the base64 encoded ciphertext. This will follow RFC-3394. Defaults to none. For RSA or EC keys it will follow RFC-5649.\n\n2. While importing a key, the key material will be unwrapped with material of the specified key name.\n"},"padded":{"type":"boolean","description":"If set as true, and \"wrapKeyName\" is specified or \"WrappingMethod\" is specified as \"pbe\" will use RFC-5649.\nDefaults to false. Applicable for symmetric keys only.\n"},"wrapKeyIDType":{"type":"string","description":"IDType specifies how the wrapKeyName should be interpreted\nValues can be name,id,alias.\n"},"encoding":{"type":"string","description":"Specifies the encoding used for the 'material' field. This parameter is used:\n * during import of keys when key material is not empty\n * while returning the key material after the key is created ('includeMaterial' is true)\n\nFor wrapping scenarios, the only valid option is base64.\nIn case of \"Symmetric Keys\" when 'format' parameter has 'base64' value and 'encoding' parameter also contains some value;\nthe encoding parameter takes the priority. Following are the options for Symmetric Keys:\n","enum":["hex","base64"]},"format":{"type":"string","description":"The format of the returned key material. It is applicable only if 'includeMaterial' is true. If the algorithm is 'rsa' or 'ec', the value\ncan be 'pkcs1' or 'pkcs8', and defaults to 'pkcs8'. For symmetric keys, the value of 'base64' can be used to indicate the key material\nis base64-encoded; without it, the key material defaults to hex-encoded.\n","enum":["pkcs1","pkcs8"]},"aliases":{"type":"array","description":"Aliases associated with the key. The alias and alias-type must be specified.\nThe alias index is assigned by this operation, and need not be specified.\n","items":{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}},"offset":{"type":"integer","description":"Specifies the offset time in seconds and is used to indicate the difference between the Creation Date and the\nActivation Date of the replacement key. \n- If no Offset is specified, the Activation Date,\nProcess Start Date, Protect Stop Date and Deactivation Date values are copied from the\nexisting key. \n- If Offset is set and dates exist for the existing key, then the dates of the\nreplacement key are set based on the dates of the existing key by adding the offset such that:\n - Activation Date (RK) = Creation Date (RK) + Offset\n - Deactivation Date (RK) = Deactivation Date (EK) + (Difference of Activation Date of RK - Activation Date of EK),\nwhere RK represents the Replacement Key and EK is the Existing Key.\n\nFor example, if a key is created at 2024-01-11T14:28:00 with an Activation Date specified as 2024-01-11T14:27:27. Now, if a request to replace this \nkey is sent after five minutes i.e. at 2024-01-11T14:33:26 with an offset set to 600 secs (~10 mins.), then the\nReplacement Key's Activation Date will be:\n14:33:26 + 00:10:00 = 2024-01-11T14:43:26.\n"},"certType":{"type":"string","description":"This specifies the type of certificate object that is being created. Valid values\nare 'x509-pem' and 'x509-der'. At present, we only support x.509 certificates.\nThe cerfificate data is passed in via the 'material' field. The certificate type\nis infered from the material if it is left blank.\n"},"idSize":{"type":"integer","description":"Size of the ID for the versioned key"},"labels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys. When labels are provided\nthey are merged with the key's existing labels.\n\nTo remove a label, set the label's value to `null`.\n```\n \"labels\": {\n \"critical\": null\n }\n```\n\nTo remove all labels, set `labels` to `null`.\n```\n \"labels\": null\n```\n\nRefer to the schema under `/v1/vault/keys2 POST` for a full description\nof labels.\n","example":{"region":"noram","team":"sales"}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal\nlowercase digits with 4 dashes. This is optional and applicable for import key only.\n- If set, the value is imported as the key's uuid.\n- If not set, new uuid is generated on the server.\n"},"muid":{"type":"string","description":"Additional identifier of the key.\nThis is optional and applicable for import key only.\n- If set, the value is imported as the key's muid.\n- If not set, new muid is generated on the server.\n"},"keyId":{"type":"string","description":"Additional identifier of the key. This is optional and applicable for import key only.\n- If set, the value is imported as the key's keyId.\n- If not set, new keyId is generated on the server if the latest version of key has keyID present.\n"},"description":{"type":"string","description":"It store information about the key"}}}}],"responses":{"201":{"description":"Successful key version creation.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"state":{"type":"string","x-nullable":true,"description":"Current state of the key"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"rotationFrequencyDays":{"type":"string","x-nullable":true,"description":"Number of days from current date to rotate the key"},"scheduledRotationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the key will be rotated"},"usage":{"type":"string","x-nullable":true,"description":"Deprecated. Key usage"},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"meta":{"type":"object","format":"JSON","description":"Optional end-user or service data stored with the key"},"appMeta":{"type":"object","format":"JSON","description":"Optional app data stored with the key"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"aliases":{"type":"array","description":"Information associated with the KMIP Attribute called 'Name'","items":{"allOf":[{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}]}},"links":{"type":"array","description":"Information related to link from one Managed Cryptographic Object to another","items":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]}]}},"sha1Fingerprint":{"type":"string","x-nullable":true,"description":"This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha256Fingerprint":{"type":"string","x-nullable":true,"description":"SHA256 fingerprint of the key"},"sha384Fingerprint":{"x-feature":"FF_SHA384_IN_KEYS","type":"string","x-nullable":true,"description":"SHA384 fingerprint of the key"},"defaultIV":{"type":"string","x-nullable":true,"description":"Deprecated. This field was introduced to support specific legacy integrations and applications.\nNew applications are strongly recommended to use a unique IV for each encryption request\n"},"publickey":{"type":"string","x-nullable":true},"curveid":{"type":"string","x-nullable":true,"description":"elliptic key curve id"},"version":{"type":"integer","description":"key version"},"algorithm":{"type":"string","description":"key algorithm"},"size":{"type":"integer","x-nullable":true,"description":"Bit length for the key."},"unexportable":{"type":"boolean","description":"Key is not exportable if set to true."},"undeletable":{"type":"boolean","description":"Key is not deletable if set to true."},"neverExported":{"type":"boolean"},"neverExportable":{"type":"boolean"},"format":{"type":"string","x-nullable":true,"description":"format of the returned key material. It is one of 'pkcs1', 'pkcs8 (default)', 'pkcs12' for Asymmetric keys.\nAnd 'raw' or 'opaque' for Symmetric keys.\n"},"emptyMaterial":{"type":"boolean","description":"If set to true, the key material is not created and left empty."},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"splitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"pgpKeyVersion":{"type":"integer","x-nullable":true},"hkdfFields":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal lowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n"},"muid":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. This is optional and applicable for import key only.\n"},"keyId":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. The format of this value is of type long. This is optional and applicable for import key only.\n"},"idSize":{"type":"integer","x-nullable":true,"description":"Size of the ID for the key"},"labels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"permissions":{"type":"object","format":"JSON","x-nullable":true,"description":"This property holds a map of actions to user groups"},"description":{"type":"string","x-nullable":true,"description":"It store information about key"},"keyCheckValue":{"type":"string","x-nullable":true,"description":"KCV of the symmetric key"}}}]}]},"examples":{"application/json":{"id":"13097490-acc2-491c-9d3a-b7fbb699961e","uri":"kylo:kylo:vault:keys:sample-rsa-key-v1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:37:24.597164919Z","name":"sample RSA key","updatedAt":"2016-12-02T21:37:24.597164919Z","usageMask":12,"meta":"Object","myTag":"myValue","version":1,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","aliases":[{"alias":"altname1","type":"string","index":0},{"alias":"altname2:keysecure:gemalto:com","type":"uri","index":1}],"links":[{"id":"5a390c08-7c77-4d54-9527-867478f785f4","type":"publicKey","targetID":"dea1fd9a-c084-42d6-b9f8-76ac4ab760b4"},{"id":"65963066-9c38-4694-85b0-749b768350da","type":"replacementObject","targetID":"0f3333c4-319a-448f-8e97-e6f4367b746a"}],"uuid":"75f471a8-970a-4998-a05e-adfb9ec44dbf","muid":"75f471a8-970a-4998-a05e-adfb9ec44dbfefc19969-f28f-467f-b4dd-0bedb7edbbf7","keyId":"3172642133","labels":{"region":"noram","team":"sales"},"description":"This key is used to protect customer data."}}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/vault/keys2/{id}/destroy":{"parameters":[{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. Only valid if the identifier is a key\nname, otherwise version is ignored.","type":"number"},{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Destroy","description":"Destroys key material of a key.","tags":["Keys"],"x-permissions":["ReadKey","DeleteKey"],"x-resource-type":"Keys","x-product":"Platform","responses":{"200":{"description":"Successful destruction of key material.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"state":{"type":"string","x-nullable":true,"description":"Current state of the key"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"rotationFrequencyDays":{"type":"string","x-nullable":true,"description":"Number of days from current date to rotate the key"},"scheduledRotationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the key will be rotated"},"usage":{"type":"string","x-nullable":true,"description":"Deprecated. Key usage"},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"meta":{"type":"object","format":"JSON","description":"Optional end-user or service data stored with the key"},"appMeta":{"type":"object","format":"JSON","description":"Optional app data stored with the key"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"aliases":{"type":"array","description":"Information associated with the KMIP Attribute called 'Name'","items":{"allOf":[{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}]}},"links":{"type":"array","description":"Information related to link from one Managed Cryptographic Object to another","items":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]}]}},"sha1Fingerprint":{"type":"string","x-nullable":true,"description":"This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha256Fingerprint":{"type":"string","x-nullable":true,"description":"SHA256 fingerprint of the key"},"sha384Fingerprint":{"x-feature":"FF_SHA384_IN_KEYS","type":"string","x-nullable":true,"description":"SHA384 fingerprint of the key"},"defaultIV":{"type":"string","x-nullable":true,"description":"Deprecated. This field was introduced to support specific legacy integrations and applications.\nNew applications are strongly recommended to use a unique IV for each encryption request\n"},"publickey":{"type":"string","x-nullable":true},"curveid":{"type":"string","x-nullable":true,"description":"elliptic key curve id"},"version":{"type":"integer","description":"key version"},"algorithm":{"type":"string","description":"key algorithm"},"size":{"type":"integer","x-nullable":true,"description":"Bit length for the key."},"unexportable":{"type":"boolean","description":"Key is not exportable if set to true."},"undeletable":{"type":"boolean","description":"Key is not deletable if set to true."},"neverExported":{"type":"boolean"},"neverExportable":{"type":"boolean"},"format":{"type":"string","x-nullable":true,"description":"format of the returned key material. It is one of 'pkcs1', 'pkcs8 (default)', 'pkcs12' for Asymmetric keys.\nAnd 'raw' or 'opaque' for Symmetric keys.\n"},"emptyMaterial":{"type":"boolean","description":"If set to true, the key material is not created and left empty."},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"splitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"pgpKeyVersion":{"type":"integer","x-nullable":true},"hkdfFields":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal lowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n"},"muid":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. This is optional and applicable for import key only.\n"},"keyId":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. The format of this value is of type long. This is optional and applicable for import key only.\n"},"idSize":{"type":"integer","x-nullable":true,"description":"Size of the ID for the key"},"labels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"permissions":{"type":"object","format":"JSON","x-nullable":true,"description":"This property holds a map of actions to user groups"},"description":{"type":"string","x-nullable":true,"description":"It store information about key"},"keyCheckValue":{"type":"string","x-nullable":true,"description":"KCV of the symmetric key"}}}]}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904Z","name":"sample RSA key","updatedAt":"2018-10-11T16:47:05.181373005Z","usageMask":12,"meta":"Object","myTag":"myValue","version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","activationDate":"2017-10-02T14:24:37.436073Z","destroyDate":"2018-10-11T16:47:05.18131037Z","state":"Destroyed","aliases":[{"alias":"modified-altname1","type":"string","index":0},{"alias":"newname3","type":"string","index":2}],"uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"}}}}}}},"/v1/vault/keys2/{id}/archive":{"parameters":[{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. Only valid if the identifier is a key\nname, otherwise version is ignored.","type":"number"},{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Archive","description":"Archives a key, effectively taking it offline. An archived key cannot be used\nor modified. When listing keys, archived keys are omitted from\nthe search results by default.\n\nThe archivedDate will be set to the current time. An error will\nbe returned if the key is not found, or is already archived.\n\nA key may be archived regardless of the key's state.","tags":["Keys"],"x-permissions":["ReadKey","ArchiveKey"],"x-resource-type":"Keys","x-product":"Platform","responses":{"200":{"description":"Successful key archival.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"state":{"type":"string","x-nullable":true,"description":"Current state of the key"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"rotationFrequencyDays":{"type":"string","x-nullable":true,"description":"Number of days from current date to rotate the key"},"scheduledRotationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the key will be rotated"},"usage":{"type":"string","x-nullable":true,"description":"Deprecated. Key usage"},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"meta":{"type":"object","format":"JSON","description":"Optional end-user or service data stored with the key"},"appMeta":{"type":"object","format":"JSON","description":"Optional app data stored with the key"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"aliases":{"type":"array","description":"Information associated with the KMIP Attribute called 'Name'","items":{"allOf":[{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}]}},"links":{"type":"array","description":"Information related to link from one Managed Cryptographic Object to another","items":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]}]}},"sha1Fingerprint":{"type":"string","x-nullable":true,"description":"This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha256Fingerprint":{"type":"string","x-nullable":true,"description":"SHA256 fingerprint of the key"},"sha384Fingerprint":{"x-feature":"FF_SHA384_IN_KEYS","type":"string","x-nullable":true,"description":"SHA384 fingerprint of the key"},"defaultIV":{"type":"string","x-nullable":true,"description":"Deprecated. This field was introduced to support specific legacy integrations and applications.\nNew applications are strongly recommended to use a unique IV for each encryption request\n"},"publickey":{"type":"string","x-nullable":true},"curveid":{"type":"string","x-nullable":true,"description":"elliptic key curve id"},"version":{"type":"integer","description":"key version"},"algorithm":{"type":"string","description":"key algorithm"},"size":{"type":"integer","x-nullable":true,"description":"Bit length for the key."},"unexportable":{"type":"boolean","description":"Key is not exportable if set to true."},"undeletable":{"type":"boolean","description":"Key is not deletable if set to true."},"neverExported":{"type":"boolean"},"neverExportable":{"type":"boolean"},"format":{"type":"string","x-nullable":true,"description":"format of the returned key material. It is one of 'pkcs1', 'pkcs8 (default)', 'pkcs12' for Asymmetric keys.\nAnd 'raw' or 'opaque' for Symmetric keys.\n"},"emptyMaterial":{"type":"boolean","description":"If set to true, the key material is not created and left empty."},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"splitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"pgpKeyVersion":{"type":"integer","x-nullable":true},"hkdfFields":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal lowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n"},"muid":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. This is optional and applicable for import key only.\n"},"keyId":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. The format of this value is of type long. This is optional and applicable for import key only.\n"},"idSize":{"type":"integer","x-nullable":true,"description":"Size of the ID for the key"},"labels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"permissions":{"type":"object","format":"JSON","x-nullable":true,"description":"This property holds a map of actions to user groups"},"description":{"type":"string","x-nullable":true,"description":"It store information about key"},"keyCheckValue":{"type":"string","x-nullable":true,"description":"KCV of the symmetric key"}}}]}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904Z","name":"sample RSA key","updatedAt":"2018-10-11T16:47:05.181373005Z","usageMask":12,"meta":"Object","myTag":"myValue","version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","activationDate":"2017-10-02T14:24:37.436073Z","archiveDate":"2018-10-11T16:47:05.18131037Z","state":"Active","uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"}}}}}}},"/v1/vault/keys2/{id}/recover":{"parameters":[{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. Only valid if the identifier is a key\nname, otherwise version is ignored.","type":"number"},{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Recover","description":"Recovers an archived key, effectively bringing the key back online.\nThe key may then be used or modified as usual.\n\nThe archiveDate will be cleared. An error will be returned if the\nkey is found. If the key is not currently archived, no error is returned:\nthe operation will silently succeed.","tags":["Keys"],"x-permissions":["ReadKey","RecoverKey"],"x-resource-type":"Keys","x-product":"Platform","responses":{"200":{"description":"Successful key recovery.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"state":{"type":"string","x-nullable":true,"description":"Current state of the key"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"rotationFrequencyDays":{"type":"string","x-nullable":true,"description":"Number of days from current date to rotate the key"},"scheduledRotationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the key will be rotated"},"usage":{"type":"string","x-nullable":true,"description":"Deprecated. Key usage"},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"meta":{"type":"object","format":"JSON","description":"Optional end-user or service data stored with the key"},"appMeta":{"type":"object","format":"JSON","description":"Optional app data stored with the key"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"aliases":{"type":"array","description":"Information associated with the KMIP Attribute called 'Name'","items":{"allOf":[{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}]}},"links":{"type":"array","description":"Information related to link from one Managed Cryptographic Object to another","items":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]}]}},"sha1Fingerprint":{"type":"string","x-nullable":true,"description":"This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha256Fingerprint":{"type":"string","x-nullable":true,"description":"SHA256 fingerprint of the key"},"sha384Fingerprint":{"x-feature":"FF_SHA384_IN_KEYS","type":"string","x-nullable":true,"description":"SHA384 fingerprint of the key"},"defaultIV":{"type":"string","x-nullable":true,"description":"Deprecated. This field was introduced to support specific legacy integrations and applications.\nNew applications are strongly recommended to use a unique IV for each encryption request\n"},"publickey":{"type":"string","x-nullable":true},"curveid":{"type":"string","x-nullable":true,"description":"elliptic key curve id"},"version":{"type":"integer","description":"key version"},"algorithm":{"type":"string","description":"key algorithm"},"size":{"type":"integer","x-nullable":true,"description":"Bit length for the key."},"unexportable":{"type":"boolean","description":"Key is not exportable if set to true."},"undeletable":{"type":"boolean","description":"Key is not deletable if set to true."},"neverExported":{"type":"boolean"},"neverExportable":{"type":"boolean"},"format":{"type":"string","x-nullable":true,"description":"format of the returned key material. It is one of 'pkcs1', 'pkcs8 (default)', 'pkcs12' for Asymmetric keys.\nAnd 'raw' or 'opaque' for Symmetric keys.\n"},"emptyMaterial":{"type":"boolean","description":"If set to true, the key material is not created and left empty."},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"splitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"pgpKeyVersion":{"type":"integer","x-nullable":true},"hkdfFields":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal lowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n"},"muid":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. This is optional and applicable for import key only.\n"},"keyId":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. The format of this value is of type long. This is optional and applicable for import key only.\n"},"idSize":{"type":"integer","x-nullable":true,"description":"Size of the ID for the key"},"labels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"permissions":{"type":"object","format":"JSON","x-nullable":true,"description":"This property holds a map of actions to user groups"},"description":{"type":"string","x-nullable":true,"description":"It store information about key"},"keyCheckValue":{"type":"string","x-nullable":true,"description":"KCV of the symmetric key"}}}]}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904Z","name":"sample RSA key","updatedAt":"2018-10-11T16:47:05.181373005Z","usageMask":12,"meta":"Object","myTag":"myValue","version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","activationDate":"2017-10-02T14:24:37.436073Z","state":"Active","uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"}}}}}}},"/v1/vault/keys2/{id}/revoke":{"parameters":[{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. Only valid if the identifier is a key\nname, otherwise version is ignored.","type":"number"},{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Revoke","description":"Transitions the key to the Deactivated, Compromised, or CompromisedDestroyed\nstate. If the key is revoked with a reason of CACompromised or\nKeyCompromised, the key will transition to either Compromised or\nCompromisedDestroyed state. All other reasons transition the key\nto the Deactivated state.\n\nIf the key transitions to the Deactivated state, the deactivationDate will\nbe set to the current time.\n\nIf the key transitions to the Compromised or CompromisedDestroyed state,\nthe compromiseDate will be set to the current time, and the\ncompromiseOccurrenceDate will be set to either the specified time, or\nto the creation time of the key.\n\nThe revocation reason must be specified. Other parameters are optional.\n\nAn error will be returned if the key is not found, the reason is\ninvalid, the key is archived, or the key is not able to transition to\nthe required state.","parameters":[{"name":"body","in":"body","description":"Specifies the parameters of the revoke operation.\n","schema":{"title":"Revoke Key Parameters","required":["reason"],"properties":{"reason":{"type":"string","description":"The reason the key is being revoked.","enum":["Unspecified","KeyCompromise","CACompromise","AffiliationChanged","Superseded","CessationOfOperation","PrivilegeWithdrawn"]},"message":{"type":"string","description":"Message explaining revocation."},"compromiseOccurrenceDate":{"type":"string","format":"date","description":"The time when the compromise occurred, if known.\nOnly valid if the revocation reason is\nCACompromise or KeyCompromise, otherwise ignored.\nDefaults to key's creation time."}}}}],"tags":["Keys"],"x-permissions":["ReadKey","RevokeKey"],"x-resource-type":"Keys","x-product":"Platform","responses":{"200":{"description":"Successful key revocation.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"state":{"type":"string","x-nullable":true,"description":"Current state of the key"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"rotationFrequencyDays":{"type":"string","x-nullable":true,"description":"Number of days from current date to rotate the key"},"scheduledRotationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the key will be rotated"},"usage":{"type":"string","x-nullable":true,"description":"Deprecated. Key usage"},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"meta":{"type":"object","format":"JSON","description":"Optional end-user or service data stored with the key"},"appMeta":{"type":"object","format":"JSON","description":"Optional app data stored with the key"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"aliases":{"type":"array","description":"Information associated with the KMIP Attribute called 'Name'","items":{"allOf":[{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}]}},"links":{"type":"array","description":"Information related to link from one Managed Cryptographic Object to another","items":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]}]}},"sha1Fingerprint":{"type":"string","x-nullable":true,"description":"This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha256Fingerprint":{"type":"string","x-nullable":true,"description":"SHA256 fingerprint of the key"},"sha384Fingerprint":{"x-feature":"FF_SHA384_IN_KEYS","type":"string","x-nullable":true,"description":"SHA384 fingerprint of the key"},"defaultIV":{"type":"string","x-nullable":true,"description":"Deprecated. This field was introduced to support specific legacy integrations and applications.\nNew applications are strongly recommended to use a unique IV for each encryption request\n"},"publickey":{"type":"string","x-nullable":true},"curveid":{"type":"string","x-nullable":true,"description":"elliptic key curve id"},"version":{"type":"integer","description":"key version"},"algorithm":{"type":"string","description":"key algorithm"},"size":{"type":"integer","x-nullable":true,"description":"Bit length for the key."},"unexportable":{"type":"boolean","description":"Key is not exportable if set to true."},"undeletable":{"type":"boolean","description":"Key is not deletable if set to true."},"neverExported":{"type":"boolean"},"neverExportable":{"type":"boolean"},"format":{"type":"string","x-nullable":true,"description":"format of the returned key material. It is one of 'pkcs1', 'pkcs8 (default)', 'pkcs12' for Asymmetric keys.\nAnd 'raw' or 'opaque' for Symmetric keys.\n"},"emptyMaterial":{"type":"boolean","description":"If set to true, the key material is not created and left empty."},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"splitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"pgpKeyVersion":{"type":"integer","x-nullable":true},"hkdfFields":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal lowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n"},"muid":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. This is optional and applicable for import key only.\n"},"keyId":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. The format of this value is of type long. This is optional and applicable for import key only.\n"},"idSize":{"type":"integer","x-nullable":true,"description":"Size of the ID for the key"},"labels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"permissions":{"type":"object","format":"JSON","x-nullable":true,"description":"This property holds a map of actions to user groups"},"description":{"type":"string","x-nullable":true,"description":"It store information about key"},"keyCheckValue":{"type":"string","x-nullable":true,"description":"KCV of the symmetric key"}}}]}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904Z","name":"sample RSA key","updatedAt":"2018-10-11T16:47:05.181373005Z","usageMask":12,"meta":"Object","myTag":"myValue","version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","activationDate":"2017-10-02T14:24:37.436073Z","state":"Active","uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"}}}}}}},"/v1/vault/keys2/{id}/reactivate":{"parameters":[{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. Only valid if the identifier is a key\nname, otherwise version is ignored.","type":"number"},{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Reactivate","description":"Transitions the key to the Active state (with or without protect stop date) based on the parameters.\n\nIn case of key transition from deactivated to active state, deactivation date and protect stop date will be unset.\nWhereas in case of key transition from deactivated to active with protect stop state, only deactivation date will be unset and protect stop date will be set to the current time.\nSimilarly in case of key transition from active with protect stop to active state, only protect stop date will be unset.\n\nThe reactivation reason must be specified. Other parameters are optional.\n\nAn error will be returned if the key is not found, the reason is\ninvalid, the key is archived, or the key cannot be transitioned to the specified state.","parameters":[{"name":"body","in":"body","description":"Specifies the parameters of the reactivation operation.\n","schema":{"title":"Reactivate Key Parameters","required":["reason"],"properties":{"reason":{"type":"string","description":"The reason the key is being reactivated.","enum":["DeactivatedToActive","ActiveProtectStopToActive","DeactivatedToActiveProtectStop"]},"message":{"type":"string","description":"Message explaining reactivation."}}}}],"tags":["Keys"],"x-permissions":["ReadKey","ReActivateKey"],"x-resource-type":"Keys","x-product":"Platform","responses":{"200":{"description":"Successful key reactivation.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"state":{"type":"string","x-nullable":true,"description":"Current state of the key"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"rotationFrequencyDays":{"type":"string","x-nullable":true,"description":"Number of days from current date to rotate the key"},"scheduledRotationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the key will be rotated"},"usage":{"type":"string","x-nullable":true,"description":"Deprecated. Key usage"},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"meta":{"type":"object","format":"JSON","description":"Optional end-user or service data stored with the key"},"appMeta":{"type":"object","format":"JSON","description":"Optional app data stored with the key"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"aliases":{"type":"array","description":"Information associated with the KMIP Attribute called 'Name'","items":{"allOf":[{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}]}},"links":{"type":"array","description":"Information related to link from one Managed Cryptographic Object to another","items":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]}]}},"sha1Fingerprint":{"type":"string","x-nullable":true,"description":"This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha256Fingerprint":{"type":"string","x-nullable":true,"description":"SHA256 fingerprint of the key"},"sha384Fingerprint":{"x-feature":"FF_SHA384_IN_KEYS","type":"string","x-nullable":true,"description":"SHA384 fingerprint of the key"},"defaultIV":{"type":"string","x-nullable":true,"description":"Deprecated. This field was introduced to support specific legacy integrations and applications.\nNew applications are strongly recommended to use a unique IV for each encryption request\n"},"publickey":{"type":"string","x-nullable":true},"curveid":{"type":"string","x-nullable":true,"description":"elliptic key curve id"},"version":{"type":"integer","description":"key version"},"algorithm":{"type":"string","description":"key algorithm"},"size":{"type":"integer","x-nullable":true,"description":"Bit length for the key."},"unexportable":{"type":"boolean","description":"Key is not exportable if set to true."},"undeletable":{"type":"boolean","description":"Key is not deletable if set to true."},"neverExported":{"type":"boolean"},"neverExportable":{"type":"boolean"},"format":{"type":"string","x-nullable":true,"description":"format of the returned key material. It is one of 'pkcs1', 'pkcs8 (default)', 'pkcs12' for Asymmetric keys.\nAnd 'raw' or 'opaque' for Symmetric keys.\n"},"emptyMaterial":{"type":"boolean","description":"If set to true, the key material is not created and left empty."},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"splitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"pgpKeyVersion":{"type":"integer","x-nullable":true},"hkdfFields":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal lowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n"},"muid":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. This is optional and applicable for import key only.\n"},"keyId":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. The format of this value is of type long. This is optional and applicable for import key only.\n"},"idSize":{"type":"integer","x-nullable":true,"description":"Size of the ID for the key"},"labels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"permissions":{"type":"object","format":"JSON","x-nullable":true,"description":"This property holds a map of actions to user groups"},"description":{"type":"string","x-nullable":true,"description":"It store information about key"},"keyCheckValue":{"type":"string","x-nullable":true,"description":"KCV of the symmetric key"}}}]}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904Z","name":"sample RSA key","updatedAt":"2018-10-11T16:47:05.181373005Z","usageMask":12,"meta":"Object","myTag":"myValue","version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","activationDate":"2017-10-02T14:24:37.436073Z","state":"Active","uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"}}}}}}},"/v1/vault/keys2/{id}/export":{"parameters":[{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. {{FF_LATEST_ACTIVE_KEY_VERSION| If -2 is specified then nae latest active version of key will be returned.}} \nOnly valid if the identifier is a key name or id , otherwise version is ignored.","type":"number"},{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Export","description":"Returns metadata and the material of the latest version of the key matching the given `id` and the JWT's `account` claim.","tags":["Keys"],"x-permissions":["ReadKey","ExportKey"],"x-resource-type":"Keys","x-product":"Platform","parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Export Key","properties":{"combineXts":{"type":"boolean","description":"If set to true, then full material of XTS/CBC-CS1 key will be exported. Defaults to false."},"wrapPublicKeyPadding":{"type":"string","description":"wrapPublicKeyPadding specifies the type of padding scheme that needs to be set when exporting\nthe Key using a public wrapping key. Accepted values are \"pkcs1\", \"oaep\", \"oaep256\", \"oaep384\", \"oaep512\",\nand will default to \"pkcs1\" when 'wrapPublicKeyPadding' is not set.\n(Not used when format is set to \"jwe\".)\n","enum":["pkcs1","oaep","oaep256","oaep384","oaep512"]},"wrapPublicKey":{"type":"string","description":"This parameter specifies the public key used to wrap the key material of the key to be exported. The \nresponse \"material\" property will be the base64 encoded ciphertext. This parameter is valid if the \n\"wrappingMethod\" is \"encrypt\" or \"format\" is \"jwe\". This parameter cannot be passed with \"wrapKeyName\"\nparameter for export with wrapping. \n\nIf wrapping of key material with \"encrypt\" method is desired the key has to be an RSA public key, a \nPEM-encoded public key in either PKCS1 or PKCS8 format, or a PEM-encoded X.509 certificate. If a \nsymmetric key is to be wrapped given a valid \"wrapPublicKey\", the \"wrappingMethod\" must be \"encrypt\". \nIf a RSA private key is to be wrapped using RSA AES KWP method, a valid \"wrapPublicKey\" must pe passed,\n the \"wrappingMethod\" must be \"encrypt\", the \"wrapRSAAES\" parameters should be set and the \n\"wrappingEncryptionAlgo\" should be set to \"RSA/RSAAESKEYWRAPPADDING\".\n\nFor Wrapping EC Keys \"wrappingEncryptionAlgo\" should be set to \"AES/AESKEYWRAPPADDING\". EC key wrap with\nasymmetric key is not supported.\n\nFor export with format 'jwe', if the algorithm is 'aes','tdes','hmac-*', 'seed', 'aria', 'rsa' or 'ec'\n, the \"wrapPublicKey\" value will be used to encrypt the return key material.\n"},"wrapKeyName":{"type":"string","description":"The key material will be wrapped with material of the specified key name. The \"material\" property in \nthe response will be base64 encoded ciphertext. If the \"wrappingMethod\" field is set to \"encrypt\",\nthen the wrapping key must be an AES key, RSA private key or RSA public key. For the export of symmetric\nkeys with the \"encrypt\" method, the three key types are allowed but for the export of a private key if the\n\"wrapRSAAES\" parameters are not set, the wrapping key has to be an AES key with a size of 256 bits. If\n\"wrapRSAAES\" parameters are set, then the wrapping key has to either be an RSA private or public key. \nYou can set either \"wrapKeyName\" parameter or \"wrapPublicKey\" at a time. The wrapping key should be \nactive with a protect stop date that is not expired.\n\nFor Wrapping EC Keys \"wrappingEncryptionAlgo\" should be set to \"AES/AESKEYWRAPPADDING\". EC key wrap with\nasymmetric key is not supported.\n\nFor export with format 'jwe',\n- One of wrapPublicKey or wrapKeyName is mandatory\n- wrapKeyName should be public key name that could be used for generation of 'jwe'\n"},"signingAlgo":{"type":"string","description":"This parameter specifies the algorithm used for generating a signature in response as \"macSignBytes\".\nThe \"wrappingMethod\" must equal \"mac/sign\" to generate the signature(\"macSignBytes\") of the key material. \nPossible values are:\n * RSA\n * RSA-PSS\n"},"macSignKeyIdentifier":{"type":"string","description":"This parameter specifies the identifier of the key used for generating the MAC or signature(\"macSignBytes\") of \nthe key whose key material is to be exported. \nThe \"wrappingMethod\" should be \"mac/sign\" to generate the MAC/signature. \nTo generate a MAC, the key should be a HMAC key. \nTo generate a signature, the key should be an RSA private key.\n"},"macSignKeyIdentifierType":{"type":"string","description":"This parameter specifies the identifier of the key used for generating the MAC or signature.\nThe \"wrappingMethod\" should be \"mac/sign\" to generate the mac/signature(\"macSignBytes\") of the key material(\"material\").\nPossible values are:\n * name\n * id\n * alias\n"},"wrapSymmetricKeyName":{"type":"string","description":"Deprecated. Use \"wrapKeyName\" instead."},"wrapKeyIDType":{"type":"string","description":"IDType specifies how the wrapKeyName should be interpreted. \nValues can be:\n * name\n * id\n * alias\n"},"wrappingMethod":{"type":"string","description":"This indicates the method used to wrap/mac/sign the key material.\nValid values:\n * encrypt\n * mac/sign\n * pbe \n\nIn \"encrypt\", the material of a symmetric key, private key or a certificate can be wrapped based on\nseveral available parameters. \nFor AES Key Wrap with Padding(RFC 5649) or AES Key Wrap(RFC 3394)\nalgorithms, a symmetric key, private key or a certificate can be wrapped using an AES wrapping key. \nFor wrapping a symmetric key, the following parameters are required: \n * \"wrapKeyName\"(AES key)\n * \"wrapKeyIDType\"(optional)\n * \"wrappingEncryptionAlgo\"\n * \"padded\"(optional, required if padding not mentioned in \"wrappingEncryptionAlgo\"). \n\nFor wrapping a private key, the following parameters are required:\n * \"wrapKeyName\"(AES key)\n * \"wrapKeyIDType\"(optional)\n * \"wrappingEncryptionAlgo\"(only \"aes/aeskeywrappadding\" allowed)\n * \"pemWrap\" \n\nFor wrapping a certificate, the following parameters are required:\n * \"wrapKeyName\"(AES key)\n * \"wrapKeyIDType\"(optional)\n * \"wrappingEncryptionAlgo\"(only \"aes/aeskeywrappadding\" allowed)\n * \"padded\"(only true is valid) \n\nAdditionally \"wrapHKDF\" parameters can be set in order to derive a wrapping key for the wrapping algorithm. \n\nA symmetric key can be wrapped with RSA encryption using an RSA public key, private key or a certificate. \nFor this, the following parameters are required:\n * either \"wrapKeyName\" or \"wrapPublicKey\"\n * \"wrapKeyIDType\"(optional) \n * \"wrapPublicKeyPadding\" \n\nFor wrapping a RSA private key with RSA AES KWP algorithms using an RSA public key, private key or a certificate,\nthe following parameters are required:\n * either \"wrapKeyName\" or \"wrapPublicKey\"\n * \"wrapKeyIDType\"(optional)\n * \"wrappingEncryptionAlgo\"(set to \"rsa/rsaaeskeywrappadding\")\n * \"wrapRSAAES\"\n * \"pemWrap\" \n\nIn \"mac/sign\", either MAC or signature will be calculated based on type of the key in \"macSignKeyIdentifier\". \nThe key to be exported has to be a symmetric key or a private key. \nFor MAC operation, the hash algorithm will be inferred from type of key using the \"macSignKeyIdentifier\" \nfield which has to be an HMAC key. The following parameters are needed for this method:\n * \"macSignKeyIdentifier\" \n * \"macSignKeyIdentifierType\"(optional) \n\nFor SIGN operation, the key used to generate the signature(\"macSignKeyIdentifier\") has to be an RSA \nprivate key. The following parameters are needed for this method:\n * \"macSignKeyIdentifier\"\n * \"macSignKeyIdentifierType\"(optional) \n * \"signingAlgo\"\n * \"wrappingHashAlgo\" \n\nFor \"pbe\" (password based encryption) operation, a symmetric key, private key or a certificate can be \nwrapped using the following parameters:\n * \"padded\"(for a symmetric key)\n * \"pemWrap\"(for a private key)\n * \"wrapPBE\"\n"},"wrappingEncryptionAlgo":{"type":"string","enum":["AES/AESKEYWRAP","AES/AESKEYWRAPPADDING","RSA/RSAAESKEYWRAPPADDING"],"description":"It indicates the Encryption Algorithm information for wrapping the key.\nFormat is : Algorithm/Mode/Padding. For example : AES/AESKEYWRAP. Here AES is Algorithm, AESKEYWRAP is Mode & Padding is not specified.\nAES/AESKEYWRAP is RFC-3394 & AES/AESKEYWRAPPADDING is RFC-5649. For wrapping private key, only AES/AESKEYWRAPPADDING is allowed.\nRSA/RSAAESKEYWRAPPADDING is used to wrap/unwrap asymmetric keys using RSA AES KWP method. Refer \"wrapRSAAES\" to provide optional parameters.\n"},"wrappingHashAlgo":{"type":"string","description":"This parameter specifies the hashing algorithm if \"wrappingMethod\" corresponds to \"mac/sign\".\nIn case of MAC operation, the hash algorithm will be inferred from the type of HMAC key(\"macSignKeyIdentifier\"). \nIn case of SIGN operation, Possible values are:\n * sha1\n * sha224\n * sha256\n * sha384\n * sha512\n"},"pemWrap":{"type":"boolean","description":"If the parameter is set to true, it wraps the PEM encoding of the private key (asymmetric) otherwise, the DER encoding of the key is wrapped. \nOnly valid when private keys (asymmetric) and certificates are to be wrapped for \"mac/sign\" and \"encrypt\" values for \"wrappingMethod\" parameter. \nDefault value: false.\n"},"padded":{"type":"boolean","description":"This parameter determines the padding for the wrap algorithm while exporting a symmetric key, \n * if \"wrappingMethod\" parameter is \"encrypt\" and the \"wrappingEncryptionAlgo\" doesn't have a mode set\n * if \"wrappingMethod\" is \"pbe\". \n\nIf true, the RFC 5649(AES Key Wrap with Padding) is followed and if false, RFC 3394(AES Key Wrap) is followed for wrapping the material for the symmetric key. \n\nIf a certificate is being exported with the \"wrappingMethod\" set to \"encrypt\", the \"padded\" parameter must be set to true. \nThis parameter defaults to false.\n"},"encoding":{"type":"string","description":"Specifies the encoding for the returned key material. \n\nFor wrapping scenarios and PKCS12 format, the only valid option is base64.\nIn case of \"Symmetric Keys\" when 'format' parameter has 'base64' value and 'encoding' parameter also contains some value;\nthen the encoding parameter takes the priority.\n\nFor example: When using the \"encoding\" parameter, keep in mind that PBE wrapping will be skipped. Only \"encoding\": \"base64\" will be \nactive during export, meaning that the key would be exported exclusively in base64 format. Make sure not to use both options at the same time.\n\nFollowing are the options for Symmetric Keys:\n","enum":["hex","base64"]},"format":{"type":"string","description":"The format of the returned key material. If the algorithm is 'rsa' or 'ec'. The value can be one of these: \n'pkcs1', 'pkcs8' , 'pkcs12', or 'jwe'. The default value is 'pkcs8'.\nIf algorithm is ‘rsa’ and format is 'pkcs12', the key material will contain the base64-encoded value of the PFX file.\nThe value 'base64' is used for symmetric keys, for which the format of the returned key material is base64-encoded\nif wrapping is applied (i.e., either 'wrapKeyName' or 'wrapPublicKey' is specified),otherwise, the format is hex-encoded,\nunless 'base64' is given.\nIf the \"format\" is 'jwe' then the \"material\" for the symmetric key, asymmetric key or certificate will be wrapped in JWE format.\n\"wrapKeyName\"(should be a public key) or \"wrapPublicKey\" and \"wrapJWE\" parameters are required for 'jwe' format.\nThe value 'opaque' is supported for symmetric keys with 'opaque' format only.\n","enum":["pkcs1","pkcs8","pkcs12","jwe"]},"password":{"type":"string","description":"For pkcs12 format, if the pkcs12passwordLink is not present in the Key (RSA keys), specify either password or secretDataLink.\nThis should be the base64 encoded value of the password.\n"},"secretDataLink":{"type":"string","description":"For pkcs12 format, if the pkcs12passwordLink is not present in the Key (RSA keys), specify either secretDataLink or password.\nThe value can be either ID or name of Secret Data.\n"},"secretDataEncoding":{"type":"string","description":"For pkcs12 format, this field specifies the encoding method used for the secretDataLink material.\nIgnore this field if secretData is created from REST and is in plain format.\nSpecify the value of this field as HEX format if secretData is created from KMIP.\n"},"wrapHKDF":{"type":"object","title":"HKDF Wrap Parameters","description":"Information which is used to wrap a Key using HKDF.","properties":{"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF Wrapping.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"},"okmLen":{"type":"integer","description":"The desired output key material length in integer.\n"}}},"wrapJWE":{"type":"object","title":"JWE Parameters for generating jwe","description":"Information which is used to wrap a Key using JWE. (JWT ID (JTI) provides a unique identifier for the JWT. JTI will be automatically included in JWE if it is available in JWT identity token.)","properties":{"jwtIdentifier":{"type":"string","description":"JWT identifier (JTI) is unique identifier for the JWT used by SFDC for cache key replay detection.\n"},"contentEncryptionAlgorithm":{"type":"string","description":"Content Encryption Algorithm is symmetric encryption algorithm used to encrypt the data , default is AES_256_GCM.\n","enum":["AES_128_CBC_HMAC_SHA_256","AES_192_CBC_HMAC_SHA_384","AES_256_CBC_HMAC_SHA_512","AES_128_GCM","AES_192_GCM","AES_256_GCM"]},"keyEncryptionAlgorithm":{"type":"string","description":"Key Encryption Algorithm is used to encrypt the Content Encryption Key (CEK), default is RSA_OAEP_SHA1.\nAlgorithm should correspond to type of public key provided for wrapping.\n","enum":["RSA1_5","RSA_OAEP_SHA1","RSA_OAEP_SHA256","ECDH_ES","ECDH_ES_AES_128_KEY_WRAP","ECDH_ES_AES_192_KEY_WRAP","ECDH_ES_AES_256_KEY_WRAP"]},"keyIdentifier":{"type":"string","description":"Key identifier to be used as \"kid\" parameter in JWE material and JWE header.\nDefaults to key id.\n"}}},"wrapPBE":{"type":"object","title":"Password based encryption parameters for generating password based derived keys.","description":"WrapPBE derives the key from the password and other parameters such as salt, iteration count, hashing algorithm, and derived key-length. PBE currently supports wrapping of symmetric keys (AES), private keys, and certificates.\nWrapPBE is a two-step process to export a key as mentioned below. The key import is similar to the key export but it unwraps the target key in the second step.\nStep 1 Use PBKDF2 with the specified parameters (pwd, hash-function, salt, iterations, purpose (opt), KEK length) to derive the KEK. For more details, refer to RFC 2898.\nStep 2 Perform AES-KW/KWP to wrap the target key using the KEK derived from Step 1. The AES KEK size is calculated by the KEK length parameter as described in Step 1. For more details, refer to RFC 3394 and 5649.\n","properties":{"hashAlgorithm":{"type":"string","description":"Underlying hashing algorithm that acts as a pseudorandom function to generate derive keys.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512","hmac-sha512/224","hmac-sha512/256","hmac-sha3-224","hmac-sha3-256","hmac-sha3-384","hmac-sha3-512"]},"password":{"type":"string","description":"Base password to generate derive keys. It cannot be used in conjunction with passwordidentifier.\npassword must be in range of 8 bytes to 128 bytes.\n"},"passwordIdentifier":{"type":"string","description":"Secret password identifier for password. It cannot be used in conjunction with password.\n"},"passwordIdentifierType":{"type":"string","description":"Type of the Passwordidentifier. If not set then default value is name.\n","enum":["id","name","slug"]},"salt":{"type":"string","description":"A Hex encoded string.\npbeSalt must be in range of 16 bytes to 512 bytes.\n"},"purpose":{"type":"string","description":"User defined purpose. If specified will be prefixed to pbeSalt.\npbePurpose must not be greater than 128 bytes.\n"},"dklen":{"type":"integer","description":"Intended length in octets of the derived key.\ndklen must be in range of 14 bytes to 512 bytes.\n"},"iteration":{"type":"integer","description":"Iteration count increase the cost of producing keys from a password.\nIteration must be in range of 1 to 1,00,00,000.\n"}}},"wrapRSAAES":{"type":"object","title":"RSA AES KWP parameters","description":"Information which is used to wrap/unwrap asymmetric keys using RSA AES KWP method.\nThis method internally requires AES key size to generate a temporary AES key and RSA padding.\nTo use WrapRSAAES, algorithm \"RSA/RSAAESKEYWRAPPADDING\" must be specified in WrappingEncryptionAlgo.\n","properties":{"aesKeySize":{"type":"integer","description":"Size of AES key for RSA AES KWP. Accepted value are 128, 192, 256.\nDefault value is \"256\".\n"},"padding":{"type":"string","description":"Padding specifies the type of padding scheme that needs to be set when exporting\nthe Key using RSA AES wrap. Accepted values are \"oaep\", \"oaep256\", \"oaep384\", \"oaep512\",\nDefault value is \"oaep256\".\n","enum":["oaep","oaep256","oaep384","oaep512"]}}}},"example":{"format":"pkcs1","wrapPublicKeyPadding":"pkcs1","wrapPublicKey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC20Df30JsXSSUvUYXYWe5od3ek\nkj6FfAXR51GhcaMvOypImCAT9Mc7majhyLQGQye7cfxo2jK1D4E135d+Pn/w+bdG\n6IFt4NK8+62RFfXmjmYGUU96IEu1XWRmGzTYvrGiQ43SLrCI+erhoV79Qx4dYsOn\n777GltHAVG0ECYCQxQIDAQAB\n-----END PUBLIC KEY-----\n"}}}],"responses":{"200":{"description":"Successful key export.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"state":{"type":"string","x-nullable":true,"description":"Current state of the key"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"rotationFrequencyDays":{"type":"string","x-nullable":true,"description":"Number of days from current date to rotate the key"},"scheduledRotationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the key will be rotated"},"usage":{"type":"string","x-nullable":true,"description":"Deprecated. Key usage"},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"meta":{"type":"object","format":"JSON","description":"Optional end-user or service data stored with the key"},"appMeta":{"type":"object","format":"JSON","description":"Optional app data stored with the key"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"aliases":{"type":"array","description":"Information associated with the KMIP Attribute called 'Name'","items":{"allOf":[{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}]}},"links":{"type":"array","description":"Information related to link from one Managed Cryptographic Object to another","items":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]}]}},"sha1Fingerprint":{"type":"string","x-nullable":true,"description":"This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha256Fingerprint":{"type":"string","x-nullable":true,"description":"SHA256 fingerprint of the key"},"sha384Fingerprint":{"x-feature":"FF_SHA384_IN_KEYS","type":"string","x-nullable":true,"description":"SHA384 fingerprint of the key"},"defaultIV":{"type":"string","x-nullable":true,"description":"Deprecated. This field was introduced to support specific legacy integrations and applications.\nNew applications are strongly recommended to use a unique IV for each encryption request\n"},"publickey":{"type":"string","x-nullable":true},"curveid":{"type":"string","x-nullable":true,"description":"elliptic key curve id"},"version":{"type":"integer","description":"key version"},"algorithm":{"type":"string","description":"key algorithm"},"size":{"type":"integer","x-nullable":true,"description":"Bit length for the key."},"unexportable":{"type":"boolean","description":"Key is not exportable if set to true."},"undeletable":{"type":"boolean","description":"Key is not deletable if set to true."},"neverExported":{"type":"boolean"},"neverExportable":{"type":"boolean"},"format":{"type":"string","x-nullable":true,"description":"format of the returned key material. It is one of 'pkcs1', 'pkcs8 (default)', 'pkcs12' for Asymmetric keys.\nAnd 'raw' or 'opaque' for Symmetric keys.\n"},"emptyMaterial":{"type":"boolean","description":"If set to true, the key material is not created and left empty."},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"splitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"pgpKeyVersion":{"type":"integer","x-nullable":true},"hkdfFields":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal lowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n"},"muid":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. This is optional and applicable for import key only.\n"},"keyId":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. The format of this value is of type long. This is optional and applicable for import key only.\n"},"idSize":{"type":"integer","x-nullable":true,"description":"Size of the ID for the key"},"labels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"permissions":{"type":"object","format":"JSON","x-nullable":true,"description":"This property holds a map of actions to user groups"},"description":{"type":"string","x-nullable":true,"description":"It store information about key"},"keyCheckValue":{"type":"string","x-nullable":true,"description":"KCV of the symmetric key"}}}]},{"type":"object","properties":{"material":{"type":"string","x-nullable":true,"description":"Encoded key"},"encoding":{"type":"string","x-nullable":true,"description":"encoding used for the 'material' field."},"macSignBytes":{"type":"string","x-nullable":true,"description":"MAC/Signature bytes to be used for verification while importing a key"},"pbeSalt":{"type":"string","x-nullable":true},"pbePurpose":{"type":"string","x-nullable":true}}}]},"examples":{"application/json":{"resources":[{"id":"13097490-acc2-491c-9d3a-b7fbb699961e","uri":"kylo:kylo:vault:keys:sample-rsa-key-v1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:37:24.597165Z","name":"sample RSA key","updatedAt":"2016-12-02T21:37:24.597165Z","material":"-----BEGIN PRIVATE KEY-----\nMIICdAIBADALBgkqhkiG9w0BAQEEggJgMIICXAIBAAKBgQDQSuQFFeK1fQBljzL/\nR+zCJc5X3ToLDmD4dQ8Cn+kU21ekjNhtfFoJVSY97ZRh7PzIpMNdYZ+8Ye3nkUWv\nALFmDMIgNAw9nUkDgmh1QtJj9I9zntudLXWjRUSUuzJ2JCNngKY403mphZXmBaGD\n/Zn3hdu1C4qyM+IiblGDnKjCmwIDAQABAoGAEsout6a5xNV56693UkASw5DVhGeY\njNbHOKKWsA3s4MzIozdxbq8BEEZ2JLAB6rOOOiti1FGyLzRGWdVpC9hsKDbcYwR6\nUzgPZHuwQXYFF2oMzs4BNNanaBZXudmQW7l+G2Ek4TsU3sSHT/5WIxq5NZskfnyC\nItWDv+Z+5LTf0MECQQDwV3ruOR3wXjl6G0nT5neRgc2Je0kuW5P0ZXb4Lsg08T+p\nxbvtQkyWhoGHxHG3GibKZhqxPyr6o4ibXVWva/TtAkEA3dzhguidUgsnxvhr8OO4\ndkUJup2FMX6TDPuDjTl9s+E67LCUdQVmOff8q1Mi3bIH+FZa6mBXbwADCWSgFIhs\npwJATT9Qu5CQFtmyD5UFvZ2tgI7/yNhfRQ8aFssl2c7velSv6ZksNa3Bf//rUf/J\nrNgy74qxuZZb8gLtvUHacG96YQJACEG7JssPZ8lAfrgqFDn1WHlzRj2sgk4KnPYT\nTEMyeWpNbheYPs6nokqnXZzndEa24zgbhBN3zYq7kjLrfjghiwJBALFpp8CRUwXR\nEYtQ0gCsSjdYqJOo+dY4nab0eFtJcoemXrSTsC9TyIEs9YMUvXF++L3empa7jCjD\n8bdLNXqGMkA=\n-----END PRIVATE KEY-----","usageMask":12,"meta":"Object","myTag":"myValue","version":1,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQSuQFFeK1fQBljzL/R+zCJc5X\n3ToLDmD4dQ8Cn+kU21ekjNhtfFoJVSY97ZRh7PzIpMNdYZ+8Ye3nkUWvALFmDMIg\nNAw9nUkDgmh1QtJj9I9zntudLXWjRUSUuzJ2JCNngKY403mphZXmBaGD/Zn3hdu1\nC4qyM+IiblGDnKjCmwIDAQAB\n-----END PUBLIC KEY-----","uuid":"75f471a8-970a-4998-a05e-adfb9ec44dbf","labels":{"region":"noram","team":"sales"}}]}}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/vault/keys2/{id}/clone":{"parameters":[{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. Only valid if the identifier is a key\nname, otherwise version is ignored.","type":"number"},{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"includeMaterial","in":"query","required":false,"description":"Include key bytes in the response. If set to 'false' or not specified, only key meta data is returned.","type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Clone","description":"It clones the metadata and the material of the given key identified by id or the combination of name and version, and matching the JWT's `account` claim.\n\nThe state of the new cloned key would always be active. If version is not specified with the key name, the latest version of the key will be cloned.\n\nXTS Keys will be cloned as a pair of two linked keys.\nPrivate keys will be cloned as private and public key pair, if public Key link is available for the private key.\nLinks from the key that is being cloned will not be carry forwarded to the cloned key.\n\nWhile cloning, the key attributes that will be cloned to the new cloned key are :\nMaterial, Algorithm, Usage, Size, Curveid, Unexportable, Undeletable,CertFields, ObjectType, defaultIV, meta.","tags":["Keys"],"x-permissions":["ReadKey","UseKey","CloneKey","ExportKey","CreateKey"],"x-resource-type":"Keys","x-product":"Platform","parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Clone Key","properties":{"newKeyName":{"type":"string","description":"Key name for the new cloned key."},"meta":{"type":"object","description":"Optional end-user or service data stored with the key"},"idSize":{"type":"integer","description":"Size of the ID for the key"}}}}],"responses":{"200":{"description":"Successful key clone.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"state":{"type":"string","x-nullable":true,"description":"Current state of the key"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"rotationFrequencyDays":{"type":"string","x-nullable":true,"description":"Number of days from current date to rotate the key"},"scheduledRotationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the key will be rotated"},"usage":{"type":"string","x-nullable":true,"description":"Deprecated. Key usage"},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"meta":{"type":"object","format":"JSON","description":"Optional end-user or service data stored with the key"},"appMeta":{"type":"object","format":"JSON","description":"Optional app data stored with the key"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"aliases":{"type":"array","description":"Information associated with the KMIP Attribute called 'Name'","items":{"allOf":[{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}]}},"links":{"type":"array","description":"Information related to link from one Managed Cryptographic Object to another","items":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]}]}},"sha1Fingerprint":{"type":"string","x-nullable":true,"description":"This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha256Fingerprint":{"type":"string","x-nullable":true,"description":"SHA256 fingerprint of the key"},"sha384Fingerprint":{"x-feature":"FF_SHA384_IN_KEYS","type":"string","x-nullable":true,"description":"SHA384 fingerprint of the key"},"defaultIV":{"type":"string","x-nullable":true,"description":"Deprecated. This field was introduced to support specific legacy integrations and applications.\nNew applications are strongly recommended to use a unique IV for each encryption request\n"},"publickey":{"type":"string","x-nullable":true},"curveid":{"type":"string","x-nullable":true,"description":"elliptic key curve id"},"version":{"type":"integer","description":"key version"},"algorithm":{"type":"string","description":"key algorithm"},"size":{"type":"integer","x-nullable":true,"description":"Bit length for the key."},"unexportable":{"type":"boolean","description":"Key is not exportable if set to true."},"undeletable":{"type":"boolean","description":"Key is not deletable if set to true."},"neverExported":{"type":"boolean"},"neverExportable":{"type":"boolean"},"format":{"type":"string","x-nullable":true,"description":"format of the returned key material. It is one of 'pkcs1', 'pkcs8 (default)', 'pkcs12' for Asymmetric keys.\nAnd 'raw' or 'opaque' for Symmetric keys.\n"},"emptyMaterial":{"type":"boolean","description":"If set to true, the key material is not created and left empty."},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"splitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"pgpKeyVersion":{"type":"integer","x-nullable":true},"hkdfFields":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal lowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n"},"muid":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. This is optional and applicable for import key only.\n"},"keyId":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. The format of this value is of type long. This is optional and applicable for import key only.\n"},"idSize":{"type":"integer","x-nullable":true,"description":"Size of the ID for the key"},"labels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"permissions":{"type":"object","format":"JSON","x-nullable":true,"description":"This property holds a map of actions to user groups"},"description":{"type":"string","x-nullable":true,"description":"It store information about key"},"keyCheckValue":{"type":"string","x-nullable":true,"description":"KCV of the symmetric key"}}}]}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-aes-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904312Z","name":"sample AES key","updatedAt":"2016-12-02T21:23:48.853904312Z","usageMask":12,"meta":{},"version":0,"algorithm":"AES","size":256,"format":"raw","unexportable":false,"undeletable":false,"activationDate":"2017-10-02T14:24:37.436073Z","state":"Active","uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"},"description":"This key is used to protect customer data."}}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/vault/keys2/{id}/generate-kcv":{"x-feature":"FF_KEY_CHECK_VALUE_ENABLED","parameters":[{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. Only valid if the identifier is a key\nname, otherwise version is ignored.","type":"number"},{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Generate KCV","description":"Returns the Key Check Value (KCV) of the symmetric key. If KCV for a key is not already calculated, this will calculate the KCV and stores its value.","tags":["Keys"],"x-permissions":["ReadKey","UpdateKey"],"x-resource-type":"Keys","x-product":"Platform","responses":{"200":{"description":"Key Check Value.","schema":{"properties":{"keyCheckValue":{"type":"string"}}},"examples":{"application/json":{"keyCheckValue":"5a78b6"}}},"400":{"description":"Invalid Key Format, Invalid Key Algorithm"},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/vault/keys2/{id}/attributes":{"x-feature":"FF_ENABLE_GENERATE_KEY_ATTRIBUTES","post":{"summary":"Generates or Returns the value of attribute.","description":"When a new key is created, it gets created with certain in-built attributes. If, with a new CipherTrust Manager release, a new attribute gets added to the key, the value of that attribute may not be set for the keys that are pre-existing.\nThis API allows setting values to the newly supported attributes, for pre-existing keys, where these attributes might not be set already.\nIf the attribute already has a value, the API will only return the attribute value in the response.\n\nFor example- \nIf a key get does not show Sha384Fingerprint value, this API will update the key with the Sha384Fingerprint for a particular key.","tags":["Keys"],"x-permissions":["ReadKey","UpdateKey"],"x-resource-type":"Keys","x-product":"Platform","parameters":[{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. Only valid if the identifier is a key\nname, otherwise version is ignored.","type":"number"},{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"body","in":"body","description":"Generate and store the value of the newly supported attribute in the existing key where it wasn't generated, or it will return the value of attribute if already set.\n","schema":{"title":"Generate Key Attributes","required":["name"],"properties":{"name":{"type":"string","description":"Specify the name of the attribute to get or generate its value. At a time, only one attribute name can be specified.\n{{FF_CTE_KEY_HASH|, cteKeyHash is applicable for CTE and is supported for Symmetric Objects only.}}\nSupported attributes are:","enum":["{{FF_SHA384_IN_KEYS|sha384Fingerprint}}","{{FF_CTE_KEY_HASH|cteKeyHash}}"]}}}}],"responses":{"200":{"description":"Generate or Return Attribute Value.","schema":{"properties":{"name":{"type":"string"}}},"examples":{"application/json":{"value":"f1ba54f3d5ce68caec41bbd9343b757e8fd67a69b1453a5b5fb740526a7c27a8accbcc6071d9884fb0846c59c7e07421"}}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/vault/key-policies/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List key policies","description":"Returns list of key policies.\n","tags":["Key Policies"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"id","in":"query","type":"string","collectionFormat":"multi","format":"UUID","description":"Filters result to the one with matching ID\n"},{"name":"name","in":"query","type":"string","description":"Name of key policy\n"},{"name":"description","in":"query","type":"string","description":"description of key policy\n"},{"name":"label_selector","in":"query","type":"string","description":"label_selector on which key policy is applied\n"},{"name":"createdAfter","in":"query","type":"string","description":"Time after the key policy is created\n"},{"name":"createdBefore","in":"query","type":"string","description":"Time before the key policy is created\n"},{"name":"permissionsContains","in":"query","type":"string","description":"Permissions applied on a key policy\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","title":"Parameters for Creating key policies.","description":"Parameters to be used for creating key policies.","required":["name","label_selector","permissions"],"properties":{"name":{"type":"string","description":"Name of key policy"},"description":{"type":"string","description":"Key policy description"},"permissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"label_selector":{"type":"string","description":"labels on which key policy applied.'=' and 'in' operator supported only. Also multiple conditions can be combined using ',' example:- env in (test1,test2), test3=test4"}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2016-12-02T21:23:48.853904312Z","name":"ADPAdmin","label_selector":"environment=dev","description":"Read Permissions","permissions":{"clients":{"ReadKey":["5484ed84-76d7-43f2-a43f-5a6e3d81ce42"]},"groups":{"ReadKey":["Application Data Protection Admins"]},"users":{"ReadKey":["local|909caa7f-a2f2-4f5f-a3ee-29a5b5dacd84"]}}}}}}}},"post":{"summary":"Create a key policy","description":"Creates a new key policy","tags":["Key Policies"],"parameters":[{"name":"body","in":"body","description":"To create a key policy\n","schema":{"example":{"application/json":{"name":"Sample Key Policy","label_selector":"env=testing","description":"Sample","permissions":{"clients":{"UseKey":["5484ed84-76d7-43f2-a43f-5a6e3d81ce42"]},"users":{"UseKey":["local|909caa7f-a2f2-4f5f-a3ee-29a5b5dacd84"]},"groups":{"UseKey":["group1"]}}}},"type":"object","title":"Parameters for Creating key policies.","description":"Parameters to be used for creating key policies.","required":["name","label_selector","permissions"],"properties":{"name":{"type":"string","description":"Name of key policy"},"description":{"type":"string","description":"Key policy description"},"permissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"label_selector":{"type":"string","description":"labels on which key policy applied.'=' and 'in' operator supported only. Also multiple conditions can be combined using ',' example:- env in (test1,test2), test3=test4"}}}}],"responses":{"201":{"description":"Successful key policy creation.","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","title":"Parameters for Creating key policies.","description":"Parameters to be used for creating key policies.","required":["name","label_selector","permissions"],"properties":{"name":{"type":"string","description":"Name of key policy"},"description":{"type":"string","description":"Key policy description"},"permissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"label_selector":{"type":"string","description":"labels on which key policy applied.'=' and 'in' operator supported only. Also multiple conditions can be combined using ',' example:- env in (test1,test2), test3=test4"}}}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904312Z","name":"ADPAdmin","label_selector":"environment=dev","description":"Read Permissions","permissions":{"clients":{"ReadKey":["5484ed84-76d7-43f2-a43f-5a6e3d81ce42"]},"groups":{"ReadKey":["Application Data Protection Admins"]},"users":{"ReadKey":["local|909caa7f-a2f2-4f5f-a3ee-29a5b5dacd84"]}}}}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/vault/key-policies/{id}":{"parameters":[{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get key policy","description":"Returns information about the key policy.\n","responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","title":"Parameters for Creating key policies.","description":"Parameters to be used for creating key policies.","required":["name","label_selector","permissions"],"properties":{"name":{"type":"string","description":"Name of key policy"},"description":{"type":"string","description":"Key policy description"},"permissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"label_selector":{"type":"string","description":"labels on which key policy applied.'=' and 'in' operator supported only. Also multiple conditions can be combined using ',' example:- env in (test1,test2), test3=test4"}}}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904312Z","name":"ADPAdmin","label_selector":"environment=dev","description":"Read Permissions","permissions":{"clients":{"ReadKey":["5484ed84-76d7-43f2-a43f-5a6e3d81ce42"]},"groups":{"ReadKey":["Application Data Protection Admins"]},"users":{"ReadKey":["local|909caa7f-a2f2-4f5f-a3ee-29a5b5dacd84"]}}}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the key policy\n","parameters":[{"name":"body","in":"body","description":"The new metadata to update. The \"Body Sample\" on the right pane shows the format.","required":true,"schema":{"example":{"application/json":{"label_selector":"env=dev","description":"Sample","permissions":{"clients":{"UseKey":["5484ed84-76d7-43f2-a43f-5a6e3d81ce42"]},"users":{"UseKey":["local|909caa7f-a2f2-4f5f-a3ee-29a5b5dacd84"]},"groups":{"UseKey":["group1"]}}}},"type":"object","title":"Parameters for updating key policies.","description":"update parameters for key policies.","properties":{"description":{"type":"string","description":"Key policy description"},"permissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"label_selector":{"description":"label_selector on which key policies are applied"}}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","title":"Parameters for Creating key policies.","description":"Parameters to be used for creating key policies.","required":["name","label_selector","permissions"],"properties":{"name":{"type":"string","description":"Name of key policy"},"description":{"type":"string","description":"Key policy description"},"permissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"label_selector":{"type":"string","description":"labels on which key policy applied.'=' and 'in' operator supported only. Also multiple conditions can be combined using ',' example:- env in (test1,test2), test3=test4"}}}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904312Z","name":"ADPAdmin","label_selector":"environment=dev","description":"Read Permissions","permissions":{"clients":{"ReadKey":["5484ed84-76d7-43f2-a43f-5a6e3d81ce42"]},"groups":{"ReadKey":["Application Data Protection Admins"]},"users":{"ReadKey":["local|909caa7f-a2f2-4f5f-a3ee-29a5b5dacd84"]}}}}}}},"delete":{"summary":"Delete","description":"Deletes a key policy.","tags":["Key Policies"],"responses":{"204":{"description":"No Content | Successful deletion of key."}}}},"/v1/vault/key-labels/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List key labels","description":"Returns list of key labels associated with all the keys in a domain\n","tags":["Keys"],"x-permissions":["ReadKey"],"x-resource-type":"Keys","x-product":"Platform","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"label","in":"query","type":"string","description":"Filters results that match label selector expression. Multiple\nexpressions are not supported. For example, to check if a label\n`{\"region\": \"noram\"}` exists, use `region=noram`. To check if a label\nexists with region not equal to noram, use `region!=noram`.\nAlso to get all labels with a given key `env` just use `env`.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"description":"An optional list labels","type":"array","items":{"type":"object","additionalProperties":{"type":"string"}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":{"label":"environment:dev"}}}}}}},"/v1/vault/query-keys/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Query","description":"This operation searches for keys stored on the CipherTrust Manager. The operation is similar to the list operation. The differences are (a) a lot more search parameters can be passed in, and (b) the search parameters are passed in the body of an HTTP POST request instead of being passed as query parameters in a HTTP GET request. Normally, this operation returns a list of keys, secrets, etc., that satisfy the search criteria. When the returnOnlyIDs input parameter is specified as `true`, this operation just returns a list of key IDs.\n","tags":["Keys"],"x-permissions":["ReadKey"],"x-resource-type":"Keys","x-product":"Platform","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"body","in":"body","required":true,"description":"The search filter parameters.","schema":{"type":"object","title":"Search Parameters","description":"Information needed to search for a managed object.","properties":{"skip":{"description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},"limit":{"description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},"returnOnlyIDs":{"type":"boolean","description":"When this is not specified, or set to false, a list of keys is returned.\nWhen this is set to true, a list of key IDs is returned.\n"},"name":{"type":"string","description":"Filters results to those with matching names. The '?' and '*' wildcard characters may be used."},"names":{"x-feature":"FF_INDIVIDUAL_KEY_SELECTION_NAMES","type":"array","items":{"type":"string"},"description":"A set of names of keys that filters results to those with matching names."},"id":{"type":"string","format":"UUID","description":"Find the key with a matching ID.\n"},"ids":{"x-feature":"FF_INDIVIDUAL_KEY_SELECTION_IDS","type":"array","items":{"type":"string"},"description":"A set of Key IDs that find keys with matching IDs.\n"},"uri":{"type":"string","description":"Filters results to those with matching uris. The '?' and '*' wildcard characters may be used."},"version":{"type":"integer","description":"Deprecated: Use 'versions'. Filters results to those with matching version. If version is specified as -1, only\nlatest version of the keys is returned.{{FF_LATEST_ACTIVE_KEY_VERSION| If version is specified as -2, only nae latest active version of the keys will be returned.}}\nAll versions are returned when the version is not specified.\n"},"versions":{"type":"array","description":"Filters results to those with matching versions. If versions is specified as [-1], only latest version of the keys are returned.{{FF_LATEST_ACTIVE_KEY_VERSION|If versions is specified as [-2], only nae latest active version of the keys are returned.}} All versions are returned when the version is not specified.","items":{"type":"integer"}},"algorithm":{"type":"string","description":"Deprecated: Use 'algorithms'. Filters results to those with matching algorithms. The '?' and '*' wildcard characters may be used."},"algorithms":{"type":"array","description":"Filters results to those with matching algorithms. The '?' and '*' wildcard characters may be used if only specifying a single value.","items":{"type":"string"}},"size":{"type":"integer","description":"Deprecated: Use 'sizes'. Filters results to those with matching size.\n"},"sizes":{"type":"array","description":"Filters results to those with a matching size.","items":{"type":"integer"}},"curveIDs":{"type":"array","items":{"type":"string"},"description":"Filters results to those with matching elliptic key curve id. Results will match *any*\nof the values.\n"},"states":{"type":"array","items":{"type":"string"},"description":"Filters results to those with matching key state. Allowed values are\n\"Pre-Active\", \"Active\", \"Deactivated\", \"Destroyed\", \"Compromised\" and \"Destroyed Compromised\".\n"},"aliases":{"type":"array","items":{"type":"string"},"description":"Filters results to those with any of the matching aliases. The '?' and '*' wildcard characters\nmay be used when a single alias is specified.\n"},"linkTypes":{"type":"array","items":{"type":"string"},"description":"Filters results to those with any of the matching link types. The '?' and '*' wildcard characters\nmay be used when a single link type is specified. See the links documentation\nfor the various link types.\n"},"usageMask":{"type":"integer","description":"Deprecated: Use 'usageMasks'.\nFilters results to those with matching Cryptographic usage mask. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303 (all usage masks including Export).\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"},"usageMasks":{"type":"array","description":"Filters results to those with matching any of the Cryptographic usage masks. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303 (all usage masks including Export).\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n","items":{"type":"integer"}},"metaContains":{"type":"string","format":"JSON","description":"A valid JSON value. Only keys whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},"objectTypes":{"type":"array","items":{"type":"string"},"description":"Filters results to those with any of the matching KMIP object types. The '?' and '*' wildcard characters\nmay be used when a single object type is specified. Valid object types are:\n\"Certificate\", \"Symmetric Key\", \"Public Key\", \"Private Key\", \"Split Key\", \"Secret Data\", \"Opaque Object\".\n"},"sha1Fingerprint":{"type":"string","description":"Deprecated: Use 'sha1Fingerprints'.\nFilters results to those with matching SHA1 fingerprints. The '?' and '*' wildcard characters may be used.\nThis fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha1Fingerprints":{"type":"array","description":"Filters results to those with matching one of the SHA1 fingerprints. The '?' and '*' wildcard characters may be used\nfor singular values. This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n","items":{"type":"string"}},"sha256Fingerprint":{"type":"string","description":"Deprecated: Use 'sha256Fingerprints'\nFilters results to those with matching SHA256 fingerprints. The '?' and '*' wildcard characters may be used.\n"},"rotationFrequencyDaysBefore":{"type":"string","description":"Filters results to those with rotation frequencies less than what is specified (in days)."},"rotationFrequencyDays":{"type":"string","description":"Filters results to those with matching values of rotation frequencies (in days). The '?' and '*' wildcard characters may be used."},"rotationFrequencyDaysAfter":{"type":"string","description":"Filters results to those with rotation frequencies greater than what is specified (in days)."},"sha256Fingerprints":{"type":"array","description":"Filters results to those with matching SHA256 fingerprints. The '?' and '*' wildcard characters may be used\nfor a single value.\n","items":{"type":"string"}},"neverExported":{"type":"boolean","description":"Find keys with the specified value of the `neverExported` attribute."},"neverExportable":{"type":"boolean","description":"Find keys with the specified value of the `neverExportable` attribute (same as the KMIP `Never Extractable` attribute)."},"unexportable":{"type":"boolean","description":"Find keys with the specified value of the `unexportable` attribute (opposite of the KMIP `Extractable` attribute)."},"revocationReason":{"type":"string","description":"Deprecated: Use 'revocationReasons'. Find keys having the specified value of the `revocationReason` attribute."},"revocationReasons":{"type":"array","description":"Find keys having one of the specified values of the `revocationReason` attribute.","items":{"type":"string"}},"createdBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\" will find keys created\nbefore 1 year, 2 months and 5 days ago.\n"},"createdAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\" will find keys created after 1 year, 2 months\nand 5 days ago.\n"},"createdAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys created within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"updatedBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys updated at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\" will find keys updated\nbefore 1 year, 2 months and 5 days ago.\n"},"updatedAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys updated at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"updatedAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys updated within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"activationBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose activation date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"activationAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose activation date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"activationAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose activation date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"processStartBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose process start date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"processStartAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose process start date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"processStartAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose process start date is within 0.5 seconds before or after the specified timestamp. Timestamp\nshould be in RFC3339Nano format.\n"},"protectStopBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose protect stop date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"protectStopAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose protect stop date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"protectStopAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose protect stop date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano format.\n"},"scheduledRotationBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose scheduled rotation date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively.\n"},"scheduledRotationAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose scheduled rotation date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively.\n"},"scheduledRotationAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose scheduled rotation date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano format.\n"},"deactivationBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose deactivation date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"deactivationAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose deactivation date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"deactivationAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose deactivation date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"destroyBefore":{"type":"string","format":"date-time","description":"Find keys whose destroy date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"destroyAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose destroy date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"destroyAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose destroy date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"archiveBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose archive date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"archiveAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose archive date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"archiveAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose archive date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"compromiseOccurranceBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise occurrance date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"compromiseOccurranceAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise occurrance date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"compromiseOccurranceAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise occurrance date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"compromiseBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"compromiseAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"compromiseAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"rotationDateReached":{"type":"boolean","description":"- If `rotationDateReached` is set to true then it returns latest version of the keys with rotationDate of latest version <= currentTime.\n- If `rotationDateReached` is set to false then it returns latest version of the keys with rotationDate of latest version > currentTime\n"},"compareIDWithUUID":{"type":"string","description":"- If `compareIDWithUUID` is set to `equal`, then it returns keys whose IDs are equal to their UUIDs.\n- If `compareIDWithUUID` is set to `notequal`, then it returns keys whose IDs are not equal to their UUIDs.\n- The supported values are `equal` and `notequal`.\n"},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"labels":{"type":"object","additionalProperties":{"type":"array"},"items":{"type":"string"},"x-nullable":true,"description":"Find keys that match label selector expressions. Multiple values are\nlogically ANDed.\n\nLabel selector expressions:\n- Select keys that have the label `{\"region\": \"noram\"}`:\n ```\n [ \"region=noram\" ]\n ```\n OR with a double equals:\n ```\n [ \"region==noram\" ]\n ```\n- Select keys that do not have the label `{\"region\": \"noram\"}`:\n ```\n [ \"region!=noram\" ]\n ```\n- Select keys that have either `{\"region\": \"noram\"}` or `{\"region\": \"emea\"}`\n ```\n [ \"region in (noram,emea)\" ]\n ```\n- Select keys that do not have `{\"region\": \"noram\"}` nor `{\"region\": \"emea\"}`\n ```\n [ \"region notin (noram,emea)\" ]\n ```\n- Select keys that have the label key `region` (the value may be anything)\n ```\n [ \"region\" ]\n ```\n- Select keys that not have the label key `region`\n ```\n [ \"!region\" ]\n ```\n\nMultiple label selector expressions, logically ANDed:\n- Select keys that have the label `{\"region\": \"noram\"}` but do not have\n `{\"team\": \"sales\"}`\n ```\n [ \"region=noram\", \"team!=sales\" ]\n\n ```\n"},"undeletable":{"type":"boolean","description":"Find keys with the specified value of the `undeletable` attribute."},"permissions":{"type":"array","items":{"type":"string"},"description":"The filter returns only those keys on which the user performing the query has the same permissions as given\nin the query. The permissions are given to a group in the key meta and the group must have the `ReadKey`\npermission. The user performing the query must be a member of the group having those permissions.\nAllowed values are \"EncryptWithKey\", \"DecryptWithKey\", \"MACWithKey\", \"MACVerifyWithKey\", \"SignWithKey\",\n\"SignVerifyWithKey\", \"ReadKey\", \"UseKey\", and \"ExportKey\".\n"},"keyCheckValues":{"x-feature":"FF_KEY_CHECK_VALUE_ENABLED","type":"array","description":"Filters results based on the matching Key Check Values (KCVs).\nThe '?' and '*' wildcard characters may be used for a single value. You can use an empty value [\"\"] to search keys with no KCV.\n","items":{"type":"string"}},"sha384Fingerprints":{"x-feature":"FF_SHA384_IN_KEYS","type":"array","description":"Filters results to those with matching SHA384Fingerprints. The '?' and '*' wildcard characters may be used. You can use an empty value [\"\"] to search keys with no sha384Fingerprint.\n","items":{"type":"string"}},"cteKeyHashes":{"x-feature":"FF_CTE_KEY_HASH","type":"array","description":"Filters results to those with matching cteKeyHash. The '?' and '*' wildcard characters may be used. You can use an empty value [\"\"] to search keys with no cteKeyHash.\n","items":{"type":"string"}}},"example":{"name":"oldkeys*","usageMask":12,"metaContains":"{\"info\":{\"color\":\"red\"}}","aliases":["abc1","yellow"],"size":256,"createdAfter":"2018-11-28T15:19:10Z"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"state":{"type":"string","x-nullable":true,"description":"Current state of the key"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"rotationFrequencyDays":{"type":"string","x-nullable":true,"description":"Number of days from current date to rotate the key"},"scheduledRotationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the key will be rotated"},"usage":{"type":"string","x-nullable":true,"description":"Deprecated. Key usage"},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"meta":{"type":"object","format":"JSON","description":"Optional end-user or service data stored with the key"},"appMeta":{"type":"object","format":"JSON","description":"Optional app data stored with the key"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"aliases":{"type":"array","description":"Information associated with the KMIP Attribute called 'Name'","items":{"allOf":[{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}]}},"links":{"type":"array","description":"Information related to link from one Managed Cryptographic Object to another","items":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. It is one of\n'privateKey', 'publicKey', 'certificate', 'derivationBaseObject', 'derivedKey',\n'replacementObject', 'replacedObject', 'parent', 'child', 'previous', 'next', 'pkcs12Password' or 'pkcs12Certificate'.\n"},"source":{"type":"string","description":"The source resource of a link. ID, URI or Name of a cryptographic resource."},"sourceID":{"type":"string","description":"ID of the source resource of a link"},"target":{"type":"string","description":"The target resource of a link. ID, URI or Name of a cryptographic resource."},"targetID":{"type":"string","description":"ID of the target resource of a link"},"index":{"type":"integer"}}}]}]}},"sha1Fingerprint":{"type":"string","x-nullable":true,"description":"This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha256Fingerprint":{"type":"string","x-nullable":true,"description":"SHA256 fingerprint of the key"},"sha384Fingerprint":{"x-feature":"FF_SHA384_IN_KEYS","type":"string","x-nullable":true,"description":"SHA384 fingerprint of the key"},"defaultIV":{"type":"string","x-nullable":true,"description":"Deprecated. This field was introduced to support specific legacy integrations and applications.\nNew applications are strongly recommended to use a unique IV for each encryption request\n"},"publickey":{"type":"string","x-nullable":true},"curveid":{"type":"string","x-nullable":true,"description":"elliptic key curve id"},"version":{"type":"integer","description":"key version"},"algorithm":{"type":"string","description":"key algorithm"},"size":{"type":"integer","x-nullable":true,"description":"Bit length for the key."},"unexportable":{"type":"boolean","description":"Key is not exportable if set to true."},"undeletable":{"type":"boolean","description":"Key is not deletable if set to true."},"neverExported":{"type":"boolean"},"neverExportable":{"type":"boolean"},"format":{"type":"string","x-nullable":true,"description":"format of the returned key material. It is one of 'pkcs1', 'pkcs8 (default)', 'pkcs12' for Asymmetric keys.\nAnd 'raw' or 'opaque' for Symmetric keys.\n"},"emptyMaterial":{"type":"boolean","description":"If set to true, the key material is not created and left empty."},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"splitKeyInfo":{"type":"object","title":"Split Key Info","description":"Information associated with a KMIP split key object.","properties":{"splitKeyParts":{"type":"integer"},"splitKeyPartIdentifier":{"type":"integer"},"splitKeyThreshold":{"type":"integer"},"splitKeyMethod":{"type":"integer"},"splitKeyPrimeFieldSize":{"type":"string"}}},"pgpKeyVersion":{"type":"integer","x-nullable":true},"hkdfFields":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal lowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n"},"muid":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. This is optional and applicable for import key only.\n"},"keyId":{"type":"string","x-nullable":true,"description":"Additional identifier of the key. The format of this value is of type long. This is optional and applicable for import key only.\n"},"idSize":{"type":"integer","x-nullable":true,"description":"Size of the ID for the key"},"labels":{"type":"object","format":"JSON","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"permissions":{"type":"object","format":"JSON","x-nullable":true,"description":"This property holds a map of actions to user groups"},"description":{"type":"string","x-nullable":true,"description":"It store information about key"},"keyCheckValue":{"type":"string","x-nullable":true,"description":"KCV of the symmetric key"}}}]}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904Z","name":"oldkeys1","updatedAt":"2016-12-02T21:31:30.854925Z","usageMask":12,"version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"}}]}}}}}},"/v1/vault/csr":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"CSR","description":"This operation creates a Certificate Signing Request (CSR) if a key identifier is provided. Alternatively,\nit generates a key given the key creation parameters in order to create a CSR. It supports CSR parameters for\nsubject and extensions like key usage, extended key usage and ca basic constraints.\n","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"CSR parameters","schema":{"title":"CSR Request","properties":{"keyID":{"type":"string","description":"Identifier for the private key to be used for creating CSR."},"keyIDType":{"type":"string","description":"Type of the identifier, keyID, for the private key to be used for creating CSR."},"keyVersion":{"type":"integer","description":"Version of the private key, keyID, to be used for creating CSR."},"csrParams":{"type":"object","title":"Parameters for CSR creation","description":"Parameters to be used during creating CSR like the subject, x509 extensions and signature algorithm used.","properties":{"cn":{"type":"string","description":"Common Name"},"dnsNames":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) values"},"emailAddresses":{"type":"array","items":{"type":"string"},"description":"E-mail addresses"},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"IP addresses"},"names":{"type":"array","items":{"type":"object","title":"CSR Name","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"RnD\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nFields can be duplicated if present in different objects.\n\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPS\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"},"keyUsage":{"type":"array","items":{"type":"string"},"description":"List of names of the permitted key usages added as CSR extensions. Values:\n * digitalSignature\n * contentCommitment\n * keyEncipherment\n * dataEncipherment\n * keyAgreement\n * keyCertSign\n * crlSign\n * encipherOnly\n * decipherOnly\n\nThese keyUsage are allowed for CSR creation.\n"},"extendedKeyUsage":{"type":"array","items":{"type":"string"},"description":"List of names of the permitted extended key usages added as CSR extensions. Values:\n * any\n * serverAuth\n * clientAuth\n * codeSigning\n * emailProtection\n * ipsecEndSystem\n * ipsecTunnel\n * ipsecUser\n * timeStamping\n * ocspSigning\n * microsoftServerGatedCrypto\n * netscapeServerGatedCrypto\n * microsoftCommercialCodeSigning\n * microsoftKernelCodeSigning\n\nThese extendedKeyUsage are allowed for CSR creation.\n"},"signatureAlgorithm":{"type":"string","description":"Signature algorithm used for creating the CSR. sha512WithRSA, sha384WithRSA, sha256WithRSA, sha1WithRSA,\necdsaWithSHA512, ecdsaWithSHA384, ecdsaWithSHA256 and ecdsaWithSHA1 are the permitted values.\n"},"subjectKeyIdentifierHash":{"type":"boolean","description":"If set to true, the Subject Key Identifier extension is set to the hash specified by RFC5280, else\nunset\n"},"isCA":{"type":"boolean","description":"If set, the value of the basic constraints extension value for CA is set to that boolean value and unset\notherwise.\n"},"maxPathLen":{"type":"integer","description":"This parameter is valid only when is CA parameter is set to true and specifies the maximum number of CAs that\ncan appear below this one in a chain. If maxPathLen is -1, pathlen is unset.\n"}}},"keyGenParams":{"type":"object","title":"Parameters for generation of key required for CSR creation","description":"Parameters to be used for creating an asymmetric key to be used for CSR creation.","properties":{"keyName":{"type":"string","description":"Name of key to be generated for CSR creation"},"algorithm":{"type":"string","description":"Algorithm of key to be generated for CSR creation. Permitted values are 'RSA' or 'EC' and defaults to 'RSA'.\n"},"size":{"type":"string","description":"Size of key to be generated for CSR creation. Refer create key API for sizes for EC and RSA keys and their default values.\n"},"curveid":{"type":"string","description":"Cryptographic curve id for elliptic key. Values:\n * secp224r1\n * secp384r1\n * secp521r1\n * prime256v1\nThese curves are allowed for CSR creation.\n"}}}},"example":{"keyGenParams":{"algorithm":"RSA","size":2048},"csrParams":{"cn":"kylo.com","dnsNames":["*.thalesgroup.com","*.thalesgroup.net"],"emailAddresses":["contact@thalesgroup.com"],"ipAddresses":["1.1.1.1"],"names":[{"O":"Thales Group","OU":"RnD","C":"US","ST":"MD","L":"Belcamp"}]}}}}],"responses":{"200":{"description":"Successful CSR creation.","schema":{"type":"object"},"examples":{"application/json":{"csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIHNMHUCAQAwEzERMA8GA1UEAxMIVGVzdCBDU1IwWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAATndOIgsTp7m4bOuixxuAt2XQ3oZqp8th/woAo51z7RiAAGdm7IfB1w\n7uWr8o5PWKBatXIgvPp8hvRWHQPHCfcLoAAwCgYIKoZIzj0EAwIDSAAwRQIgVyvz\nhFGCKV460fNJC0vC48gI268B68Xr6osFoy9Ouw8CIQCWN1LtcyxPIvul3XF1Pj7l\navEeIqDBcfD6VHhbnpO2Ag==\n-----END CERTIFICATE REQUEST-----"}}}}}},"/v1/vault/secrets":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Lists all Secrets. Results can be refined with query params.","tags":["Secrets"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill attempt to include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, supported fields are \"meta\" and \"links\". The server will only include the meta\nattribute in the response if the query parameters includes \"fields=meta\"\n"},{"name":"metaContains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only Secrets whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"id","in":"query","type":"string","format":"UUID","description":"Filters results to those with matching IDs. May be specified more than once. Results will match *any*\nof the values.\n"},{"name":"name","in":"query","type":"string","description":"Filters results to those with matching names. The '?' and '*' wildcard characters may be used."},{"name":"dataType","in":"query","type":"string","description":"Filters results to those with matching data types (blob, password, or seed)"},{"name":"uri","in":"query","type":"string","description":"Filters results to those with matching uris. The '?' and '*' wildcard characters may be used."},{"name":"sha1Fingerprint","in":"query","type":"string","description":"Filters results to those with matching SHA1 fingerprints. The '?' and '*' wildcard characters may be used.\nThis fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\n"},{"name":"sha256Fingerprint","in":"query","type":"string","description":"Filters results to those with matching SHA256 fingerprints. The '?' and '*' wildcard characters may be used.\n"},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"objectType","in":"query","type":"string","description":"Type of the object. It is one of 'Secret Data', 'Opaque Object'."},{"name":"version","x-feature":"FF_NATIVE_SECRET_MANAGEMENT","in":"query","type":"integer","collectionFormat":"multi","description":"Filters results to those with matching version. If version is specified as -1, only latest version of the\nsecrets is returned.\n"},{"name":"state","in":"query","type":"string","description":"Filters results to those with matching Secrets state. Allowed values are\n\"Pre-Active\", \"Active\", \"Deactivated\", \"Destroyed\", \"Compromised\" and \"Destroyed Compromised\".\n"},{"name":"alias","in":"query","type":"string","description":"Filters results to those with matching aliases. The '?' and '*' wildcard characters or\ncomma separted aliases may be used.\n"},{"name":"linkType","in":"query","type":"string","description":"Filters results to those with matching link types. The '?' and '*' wildcard characters or\ncomma separted link types may be used.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"name":{"type":"string","description":"The name of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"usage":{"type":"string","description":"Either FPE or Blob"},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date","description":"Date/time the application was updated"}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"7c7b0c9afb88b3e8c3b489b3ae753965391773f8c42e485cd51f698911e79265","uri":"kylo:kylo:vault:secrets:s-2-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-10-10T21:16:36.186538Z","name":"s-2","updatedAt":"2018-10-10T21:16:36.186538Z","usageMask":512,"meta":null,"dataType":"seed","unexportable":false,"undeletable":false,"objectType":"Secret Data","activationDate":"2018-10-10T21:16:36.184292Z","state":"Active"}]}}}}},"post":{"summary":"Create","description":"Creates a new blob, password, or seed secret.","tags":["Secrets"],"parameters":[{"name":"includeMaterial","in":"query","required":false,"description":"Include key bytes in the response. If set to 'false' or not specified, only key meta data is returned.","type":"string"},{"name":"body","in":"body","required":true,"schema":{"title":"Create Secrets","required":["dataType"],"properties":{"name":{"type":"string","description":"Friendly name"},"usageMask":{"type":"integer","description":"Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303.\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n\nDefaults to 12 (Encrypt, Decrypt).\n\nNot applicable to the following:\n * blob\n"},"dataType":{"type":"string","description":"The type of data the secret represents. Each data type corresponds to a KMIP type.\n * blob - KMIP opaque object\n * password - KMIP secret data password\n * seed - KMIP secret data seed\n"},"material":{"type":"string","description":"The data imported as the secret. The encoding of the data is not specified. If the data cannot be set as a JSON string, such as arbitrary binary data, then the caller should encode the data first (e.g. using base64). {{FF_NATIVE_SECRET_MANAGEMENT|This field is optional only for dataType \"password\" as material will be system generated for the authorized users.}}\n"},"unexportable":{"type":"boolean","description":"Material is not exportable. Defaults to false.\n"},"undeletable":{"type":"boolean","description":"Object is not deletable. Defaults to false."},"meta":{"type":"object","description":"End-user or service data stored with the secret."},"passwordConfig":{"x-feature":"FF_NATIVE_SECRET_MANAGEMENT","type":"object","title":"passwordConfig","description":"Complexity requirements for creating secret material.","properties":{"passwordLength":{"type":"integer","description":"The length of the secret string.\n"},"lowercaseCount":{"type":"integer","description":"Number of lower case count required in the secret string.\n"},"uppercaseCount":{"type":"integer","description":"Number of upper case required in the secret string.\n"},"symbolsCount":{"type":"integer","description":"Number of symbols count required in the secret string.\n"},"digitsCount":{"type":"integer","description":"Number of digits required in the secret string.\n"}}},"state":{"type":"string","description":"Initial Secret state (Pre-Active) upon creation. Defaults to Active. If set, activationDate can not be specified during state creation.\nNot applicable to the following:\n * blob\n"},"activationDate":{"type":"string","format":"date","description":"Date/time the Secret Data becomes active.\nNot applicable to the following:\n * blob\n"},"deactivationDate":{"type":"string","format":"date","description":"Date/time the Secret Data becomes inactive"},"idSize":{"type":"integer","description":"Size of the ID for the secret"}},"example":{"name":"My Secret","dataType":"seed","material":"DEADBEEF"}}}],"responses":{"201":{"description":"Created","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource"}}}]},{"properties":{"updatedAt":{"type":"string","format":"date","description":"Date/time the application was updated"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Blob"}}}]},{"type":"object","properties":{"material":{"type":"string","description":"data of the secret"},"meta":{"type":"object","description":"Optional end-user or service data stored with the Secret"}}}]},"examples":{"application/json":{"id":"7c7b0c9afb88b3e8c3b489b3ae753965391773f8c42e485cd51f698911e79265","uri":"kylo:kylo:vault:secrets:s-2-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-10-10T21:16:36.186537995Z","name":"s-2","updatedAt":"2018-10-10T21:16:36.186537995Z","usageMask":512,"meta":{"ownerId":"local|38119f31-33d6-40be-915f-683d7e7c16d4"},"dataType":"seed","unexportable":false,"undeletable":false,"objectType":"Secret Data","activationDate":"2018-10-10T21:16:36.184291754Z","state":"Active"}}},"409":{"description":"A Secret with the same name already exists.\n"}}}},"/v1/vault/secrets/{id}/versions/":{"x-feature":"FF_NATIVE_SECRET_MANAGEMENT","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"type","in":"query","description":"An optional parameter, to explicitly specify the type of id ( id, name or slug ).","type":"string"},{"name":"id","in":"path","description":"Name (or uuid) of the Secret","required":true,"type":"string"}],"get":{"summary":"List versions","description":"Returns a list of all the versions of a secret.","tags":["Secrets"],"x-permissions":["ReadKey"],"x-resource-type":"Keys","x-product":"Platform","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill attempt to include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, supported fields are \"meta\" and \"links\". The server will only include the meta\nattribute in the response if the query parameters includes \"fields=meta\"\n"},{"name":"state","in":"query","type":"string","description":"Filters results to those with matching secret state. Allowed values are\n\"Pre-Active\", \"Active\", \"Deactivated\", \"Destroyed\", \"Compromised\" and \"Destroyed Compromised\".\n"},{"name":"linkType","in":"query","type":"string","description":"Filters results to those with matching link types. The '?' and '*' wildcard characters or\ncomma separted link types may be used.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource"}}}]},{"properties":{"updatedAt":{"type":"string","format":"date","description":"Date/time the application was updated"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Blob"}}}]},{"type":"object","properties":{"material":{"type":"string","description":"data of the secret"},"meta":{"type":"object","description":"Optional end-user or service data stored with the Secret"}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"7c7b0c9afb88b3e8c3b489b3ae753965391773f8c42e485cd51f698911e79265","uri":"kylo:kylo:vault:secrets:s-2-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-10-10T21:16:36.186537995Z","name":"s-2","updatedAt":"2018-10-10T21:16:36.186537995Z","usageMask":512,"meta":{"ownerId":"local|38119f31-33d6-40be-915f-683d7e7c16d4"},"dataType":"seed","unexportable":false,"undeletable":false,"objectType":"Secret Data","activationDate":"2018-10-10T21:16:36.184291754Z","state":"Active"}]}}}}},"post":{"summary":"Create version","description":"Generates a new version of a secret with the same name, metadata, and attributes other than 'material', 'createdAt', and 'updatedAt'.","tags":["Secrets"],"parameters":[{"name":"includeMaterial","in":"query","required":false,"description":"Include key bytes in the response. If set to 'false' or not specified, only key meta data is returned.","type":"string"},{"name":"body","in":"body","schema":{"type":"object","title":"Generate New Version","properties":{"material":{"type":"string","description":"Mandatory field for the secrets to generate the version.\nOptional field for type \"password\":\n- When \"passwordConfig\" is used instead of user-provided material during the creation of the secret.\nThe secret's material will be system generated using the details of the \"passwordConfig\" for the authorized users.\n"},"idSize":{"type":"integer","description":"Size of the ID for the versioned key"}}}}],"responses":{"201":{"description":"Successful key version creation.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource"}}}]},{"properties":{"updatedAt":{"type":"string","format":"date","description":"Date/time the application was updated"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Blob"}}}]},{"type":"object","properties":{"material":{"type":"string","description":"data of the secret"},"meta":{"type":"object","description":"Optional end-user or service data stored with the Secret"}}}]},"examples":{"application/json":{"id":"7c7b0c9afb88b3e8c3b489b3ae753965391773f8c42e485cd51f698911e79265","uri":"kylo:kylo:vault:secrets:s-2-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-10-10T21:16:36.186537995Z","name":"s-2","updatedAt":"2018-10-10T21:16:36.186537995Z","usageMask":512,"meta":{"ownerId":"local|38119f31-33d6-40be-915f-683d7e7c16d4"},"dataType":"seed","unexportable":false,"undeletable":false,"objectType":"Secret Data","activationDate":"2018-10-10T21:16:36.184291754Z","state":"Active"}}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/vault/secrets/{id}/export":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"type","in":"query","description":"An optional parameter, to explicitly specify the type of id ( id, name or slug ).","type":"string"},{"name":"id","in":"path","description":"name (or uuid) of the Secret to export","required":true,"type":"string"}],"post":{"summary":"Export","description":"Returns metadata and the material of the secret matching the given `id`.","tags":["Secrets"],"responses":{"200":{"description":"OK","examples":{"application/json":{"resources":[{"id":"7c7b0c9afb88b3e8c3b489b3ae753965391773f8c42e485cd51f698911e79265","uri":"kylo:kylo:vault:secrets:s-2-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-10-10T21:16:36.186538Z","name":"s-2","updatedAt":"2018-10-10T21:16:36.186538Z","usageMask":512,"meta":{"ownerId":"local|38119f31-33d6-40be-915f-683d7e7c16d4"},"dataType":"seed","unexportable":false,"undeletable":false,"objectType":"Secret Data","activationDate":"2018-10-10T21:16:36.184292Z","state":"Active","material":"DEADBEEF"}]}}},"404":{"description":"Secret with that name or id does not exist"},"422":{"description":"Incompatible body and/or parameters"}}}},"/v1/vault/secrets/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns information about the secret. Does not return the actual Secret\nmaterial (that is an \"export\", which is a different endpoint).\n","tags":["Secrets"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"type","in":"query","description":"An optional parameter, to explicitly specify the type of id ( id, name or slug ).","type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource"}}}]},{"properties":{"updatedAt":{"type":"string","format":"date","description":"Date/time the application was updated"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Blob"}}}]},{"type":"object","properties":{"material":{"type":"string","description":"data of the secret"},"meta":{"type":"object","description":"Optional end-user or service data stored with the Secret"}}}]},"examples":{"application/json":{"id":"7c7b0c9afb88b3e8c3b489b3ae753965391773f8c42e485cd51f698911e79265","uri":"kylo:kylo:vault:secrets:s-2-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-10-10T21:16:36.186538Z","name":"s-2","updatedAt":"2018-10-10T21:16:36.186538Z","usageMask":512,"meta":{"ownerId":"local|38119f31-33d6-40be-915f-683d7e7c16d4"},"dataType":"seed","unexportable":false,"undeletable":false,"objectType":"Secret Data","activationDate":"2018-10-10T21:16:36.184292Z","state":"Active"}}},"409":{"description":"An existing Secret has an incompatible usage\n"}}},"patch":{"summary":"Update","description":"Updates the Secret properties. This can be used to update the secret\nmetadata, change the exportable and deletable properties, activation date,\ndeactivation date, compromise occurance date and revocation reason for the Secret.\n\nIf you update the `meta` field, and both the current value and the\nupdated value are JSON objects, the fields of the objects will be\nbe merged.\n","tags":["Secrets"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"type","in":"query","description":"An optional parameter, to explicitly specify the type of id ( id, name or slug ).","type":"string"},{"name":"body","in":"body","description":"The new metadata to update. The \"Body Sample\" on the right pane shows the format.","required":true,"schema":{"title":"Update Secrets","properties":{"meta":{"type":"object","description":"Optional end-user or service data stored with the Secret"},"unexportable":{"type":"boolean","description":"Material is not exportable.\n"},"undeletable":{"type":"boolean","description":"Object is not deletable."},"activationDate":{"type":"string","format":"date","description":"Secret Data activation date."},"deactivationDate":{"type":"string","format":"date","description":"Secret Data deactivation date."},"compromiseOccurrenceDate":{"type":"string","format":"date","description":"Date/time security compromise of the object was identified"},"revocationReason":{"type":"string","description":"Revocation Reason Code for revoking the object. Required in conjunction with compromiseOccurrenceDate.\nIt is one of 'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message. Optionally used in conjunction with revocationReason."}},"example":{"revocationReason":"Unspecified","revocationMessage":"My Reason"}}}],"responses":{"201":{"description":"Successful update of Secret.","schema":{"properties":{"meta":{"type":"object","description":"Optional end-user or service data stored with the Secret"},"unexportable":{"type":"boolean","description":"Material is not exportable.\n"},"undeletable":{"type":"boolean","description":"Object is not deletable."},"activationDate":{"type":"string","format":"date","description":"Secret Data activation date."},"deactivationDate":{"type":"string","format":"date","description":"Secret Data deactivation date."},"compromiseOccurrenceDate":{"type":"string","format":"date","description":"Date/time security compromise of the object was identified"},"revocationReason":{"type":"string","description":"Revocation Reason Code for revoking the object. Required in conjunction with compromiseOccurrenceDate.\nIt is one of 'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message. Optionally used in conjunction with revocationReason."}},"example":{"revocationReason":"Unspecified","revocationMessage":"My Reason"}},"examples":{"application/json":{"id":"7c7b0c9afb88b3e8c3b489b3ae753965391773f8c42e485cd51f698911e79265","uri":"kylo:kylo:vault:secrets:s-2-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-10-10T21:16:36.186538Z","name":"s-2","updatedAt":"2018-10-10T21:16:36.186538Z","usageMask":512,"meta":{"ownerId":"local|38119f31-33d6-40be-915f-683d7e7c16d4"},"dataType":"seed","unexportable":true,"undeletable":false,"objectType":"Secret Data","activationDate":"2018-10-10T21:16:36.184292Z","state":"Active"}}}}},"delete":{"summary":"Delete","description":"Deletes a Secret.","tags":["Secrets"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"type","in":"query","description":"An optional parameter, to explicitly specify the type of id ( id, name or slug ).","type":"string"}],"responses":{"204":{"description":"No Content | Successful deletion of secret."}}}},"/v1/vault/secrets/{id}/destroy":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"type","in":"query","description":"An optional parameter, to explicitly specify the type of id ( id, name or slug ).","type":"string"},{"name":"id","in":"path","description":"name (or uuid) of the secret to be destroyed","required":true,"type":"string"}],"post":{"summary":"Destroy","description":"Destroys material of a secret.","tags":["Secrets"],"responses":{"200":{"description":"Successful destruction of Secret material","schema":{"properties":{"meta":{"type":"object","description":"Optional end-user or service data stored with the Secret"},"unexportable":{"type":"boolean","description":"Material is not exportable.\n"},"undeletable":{"type":"boolean","description":"Object is not deletable."},"activationDate":{"type":"string","format":"date","description":"Secret Data activation date."},"deactivationDate":{"type":"string","format":"date","description":"Secret Data deactivation date."},"compromiseOccurrenceDate":{"type":"string","format":"date","description":"Date/time security compromise of the object was identified"},"revocationReason":{"type":"string","description":"Revocation Reason Code for revoking the object. Required in conjunction with compromiseOccurrenceDate.\nIt is one of 'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message. Optionally used in conjunction with revocationReason."}},"example":{"revocationReason":"Unspecified","revocationMessage":"My Reason"}},"examples":{"application/json":{"id":"7c7b0c9afb88b3e8c3b489b3ae753965391773f8c42e485cd51f698911e79265","uri":"kylo:kylo:vault:secrets:s-2-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-10-10T21:16:36.186538Z","name":"s-2","updatedAt":"2018-10-10T21:16:36.186538Z","usageMask":512,"meta":{"ownerId":"local|38119f31-33d6-40be-915f-683d7e7c16d4"},"dataType":"seed","unexportable":false,"undeletable":false,"objectType":"Secret Data","activationDate":"2018-10-10T21:16:36.184292Z","destroyDate":"2018-10-11T03:46:50.154721Z","state":"Destroyed"}}}}}},"/v1/admin/policies/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Lists all policies. Supports standard paging\nquery params. Supports filtering on name. Supports sorting\non name, uri, or createdAt.\n","tags":["Policies"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"name","in":"query","description":"Filter results by policy name. Wildcards are supported.","required":false,"type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"Policies are access control rules. They declare a set of\nactions, applied to a set of resources, under an optional set of\nconditions, which are either allowed or not allowed.\n\nPolicies, like other resources, share common properties like `id`,\n`uri`, `name`, etc.\n\n`actions` is a list of permissions.\n\nTBD: link to\ncanonical dictionary of permissions. Operations will require some\nset of the these permissions\n\n`resources` is a list of URI patterns.\n","type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"allow":{"type":"boolean"},"effect":{"type":"string","description":"The effect describes the effect of the policy. There are 4 possible values.\nWith effect, the allow flag gets deprecated. Please use one of the two and\nuse allow only if it is needed, instead use effect.\n","enum":["allow","deny","obligate_on_allow","obligate_on_deny"]},"conditions":{"type":"array","items":{"type":"object","properties":{"path":{"type":"string","format":"A JSON path, with template variables.","description":"A JSON path which resolves to a value in the operation\n"},"op":{"type":"string","format":"equals|==|equalsIgnoreCase|matches|regex|=~|empty|contains|@>\n","description":"The comparison operator used to compare the operation value\nto the conditions values.\n"},"values":{"description":"The value or values to compare with the operation value.\nCan be either a single value, or an array. If an\narray, each of the items in the array is compared to\nthe operation value, and if any match, the condition is\nmet. In other words, the items are logically OR'd.\n"}}}},"includeDescendantAccounts":{"type":"boolean","description":"When this is false, only the resources in the principal's account can be accessed if the policy allows it.\nWhen this is true, the resources the principal's account as well as all child accounts associated with the\nprincipal's account, can be accessed if the policy allows it.\nFor example, sub-domains will be included while listing domains when this parameter is true.\n"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"bb03e94f-8e64-4915-8844-0ecec73293eb","uri":"asdf-gxO:pers-apitestuser:admin:policies:all","account":"asdf-gxO:pers-apitestuser:admin:accounts:pers-apitestuser","application":"dev-portal:pers-github-107825:admin:apps:asdf-gxO","devAccount":"dev-portal:pers-github-107825:admin:accounts:pers-github-107825","createdAt":"2015-09-23T02:40:48.163733Z","name":"All","actions":["*"],"resources":["*"],"allow":true,"effect":"allow"}]}}}}},"post":{"summary":"Create","description":"Creates a new policy. \"name\" is the name of the policy. \"allow\" is the effect of the policy, either to\nallow the actions or to deny the actions. \"actions\" is an array of strings, which can contain the \"*\"\nwildcard character. \"resources\" is a list of URI strings, which must be in URI format (*:*:*:*:*). Any of\nthe components of the URI may have a \"*\" wildcard character. If successful, the created policy is returned.\nIf the principalSelector does not include either \"acc\" or \"acct\", then \"acct\" will automatically be added, set\nto the current account.\n","tags":["Policies","Danger"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Create Policy","properties":{"name":{"type":"string"},"allow":{"type":"boolean"},"effect":{"type":"string","description":"The effect describes the effect of the policy. There are 4 possible values.\nWith effect, the allow flag gets deprecated. Please use one of the two and\nuse allow only if it is needed, instead use effect.\n","enum":["allow","deny","obligate_on_allow","obligate_on_deny"]},"resources":{"type":"array","items":{"type":"string"}},"actions":{"type":"array","items":{"type":"string"}},"conditions":{"type":"array","items":{"type":"object","title":"Condition","properties":{"path":{"type":"string","format":"A JSON path, with template variables.","description":"A JSON path, with template variables, which resolves to a value in the operation\n"},"op":{"type":"string","format":"equals|==|equalsIgnoreCase|matches|regex|=~|empty|contains|@>\n","description":"The comparison operator used to compare the operation value\nto the conditions values.\nformat: equals|==|equalsIgnoreCase|matches|regex|=~|empty|contains|@>\n"},"values":{"description":"The value or values to compare with the operation value.\nCan be either a single value, or an array. If an\narray, each of the items in the array is compared to\nthe operation value, and if any match, the condition is\nmet. In other words, the items are logically OR'd.\n"},"negate":{"type":"boolean","description":"reverse the result of `op`"}}}},"obligations":{"type":"array","items":{"type":"object","title":"Obligation","properties":{"type":{"type":"string","format":"a string which defines the obligation.","description":"Obligations have a \"type\", which declares the type of obligation.\nEnsure to use the obligation types which the PEPs understand and know how to fulfill.\n"},"attributes":{"type":"object","format":"A json object.","description":"A JSON object which defines information the PEP might need to fulfill the obligation.\n"}}}},"includeDescendantAccounts":{"type":"boolean","default":false,"description":"When this is false, only the resources in the principal's account can be accessed if the policy allows it.\nWhen this is true, the resources the principal's account as well as all child accounts associated with the\nprincipal's account, can be accessed if the policy allows it.\nFor example, this parameter should be set to true in order to include sub-domains while listing domains.\n"}}}}],"responses":{"201":{"description":"Successful policy creation.","schema":{"description":"Policies are access control rules. They declare a set of\nactions, applied to a set of resources, under an optional set of\nconditions, which are either allowed or not allowed.\n\nPolicies, like other resources, share common properties like `id`,\n`uri`, `name`, etc.\n\n`actions` is a list of permissions.\n\nTBD: link to\ncanonical dictionary of permissions. Operations will require some\nset of the these permissions\n\n`resources` is a list of URI patterns.\n","type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"allow":{"type":"boolean"},"effect":{"type":"string","description":"The effect describes the effect of the policy. There are 4 possible values.\nWith effect, the allow flag gets deprecated. Please use one of the two and\nuse allow only if it is needed, instead use effect.\n","enum":["allow","deny","obligate_on_allow","obligate_on_deny"]},"conditions":{"type":"array","items":{"type":"object","properties":{"path":{"type":"string","format":"A JSON path, with template variables.","description":"A JSON path which resolves to a value in the operation\n"},"op":{"type":"string","format":"equals|==|equalsIgnoreCase|matches|regex|=~|empty|contains|@>\n","description":"The comparison operator used to compare the operation value\nto the conditions values.\n"},"values":{"description":"The value or values to compare with the operation value.\nCan be either a single value, or an array. If an\narray, each of the items in the array is compared to\nthe operation value, and if any match, the condition is\nmet. In other words, the items are logically OR'd.\n"}}}},"includeDescendantAccounts":{"type":"boolean","description":"When this is false, only the resources in the principal's account can be accessed if the policy allows it.\nWhen this is true, the resources the principal's account as well as all child accounts associated with the\nprincipal's account, can be accessed if the policy allows it.\nFor example, sub-domains will be included while listing domains when this parameter is true.\n"}}}]},"examples":{"application/json":{"id":"bb03e94f-8e64-4915-8844-0ecec73293eb","uri":"asdf-gxO:pers-apitestuser:admin:policies:all","account":"asdf-gxO:pers-apitestuser:admin:accounts:pers-apitestuser","application":"dev-portal:pers-github-107825:admin:apps:asdf-gxO","devAccount":"dev-portal:pers-github-107825:admin:accounts:pers-github-107825","createdAt":"2015-09-23T02:40:48.163733Z","name":"All","resources":["*"],"actions":["*"],"allow":true,"effect":"allow"}}}}}},"/v1/admin/policies/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"\"id\" can be the policy slug, uri, or id.\n","tags":["Policies"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"description":"Policies are access control rules. They declare a set of\nactions, applied to a set of resources, under an optional set of\nconditions, which are either allowed or not allowed.\n\nPolicies, like other resources, share common properties like `id`,\n`uri`, `name`, etc.\n\n`actions` is a list of permissions.\n\nTBD: link to\ncanonical dictionary of permissions. Operations will require some\nset of the these permissions\n\n`resources` is a list of URI patterns.\n","type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"allow":{"type":"boolean"},"effect":{"type":"string","description":"The effect describes the effect of the policy. There are 4 possible values.\nWith effect, the allow flag gets deprecated. Please use one of the two and\nuse allow only if it is needed, instead use effect.\n","enum":["allow","deny","obligate_on_allow","obligate_on_deny"]},"conditions":{"type":"array","items":{"type":"object","properties":{"path":{"type":"string","format":"A JSON path, with template variables.","description":"A JSON path which resolves to a value in the operation\n"},"op":{"type":"string","format":"equals|==|equalsIgnoreCase|matches|regex|=~|empty|contains|@>\n","description":"The comparison operator used to compare the operation value\nto the conditions values.\n"},"values":{"description":"The value or values to compare with the operation value.\nCan be either a single value, or an array. If an\narray, each of the items in the array is compared to\nthe operation value, and if any match, the condition is\nmet. In other words, the items are logically OR'd.\n"}}}},"includeDescendantAccounts":{"type":"boolean","description":"When this is false, only the resources in the principal's account can be accessed if the policy allows it.\nWhen this is true, the resources the principal's account as well as all child accounts associated with the\nprincipal's account, can be accessed if the policy allows it.\nFor example, sub-domains will be included while listing domains when this parameter is true.\n"}}}]},"examples":{"application/json":{"id":"bb03e94f-8e64-4915-8844-0ecec73293eb","uri":"asdf-gxO:pers-apitestuser:admin:policies:all","account":"asdf-gxO:pers-apitestuser:admin:accounts:pers-apitestuser","application":"dev-portal:pers-github-107825:admin:apps:asdf-gxO","devAccount":"dev-portal:pers-github-107825:admin:accounts:pers-github-107825","createdAt":"2015-09-23T02:40:48.163733Z","name":"All","actions":["*"],"resources":["*"],"allow":true,"effect":"allow"}}}}},"delete":{"summary":"Delete","tags":["Policies","Danger"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successful deletion of policy."}}}},"/v1/admin/policy-attachments/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns attached policies. Each resource contains the body of the policy,\nand the principal selector it is attached to. Supports sorting on policy,\nuri, createdAt, jurisdiction, name, or allow. Supports filtering on policy,\nname, and jurisdiction. Wildcards are supported.\n","tags":["Policy Attachments"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"name","in":"query","description":"Filter results by policy name. Wildcards are supported.","required":false,"type":"string"},{"name":"policy","in":"query","description":"Filter results by policy URI.","required":false,"type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"policy":{"type":"string","format":"uri"},"principalSelector":{"type":"object","format":"an subset of the internal JWT body"},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"allow":{"type":"boolean"},"jurisdiction":{"type":"string","format":"account uri"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b7a91f-ba22-45ce-985b-18fb9932f561","uri":"dev-portal:pers-testingsupport:admin:policy-attachments:91b7a91f-ba22-45ce-985b-18fb9932f561","account":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2015-09-23T02:45:43.980289Z","policy":"dev-portal:pers-testingsupport:admin:policies:mypolicy-yhg","jurisdiction":"dev-portal:pers-testingsupport:admin:accounts:pers-testingsupport","principalSelector":{"acct":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","user":"dev-portal:pers-github-107825:admin:users:apitestuser"},"name":"All","resources":["*"],"actions":["*"],"allow":true,"effect":"allow"}]}}}}},"post":{"summary":"Attach","description":"Attaches a policy to principals. The policy will be applied to all principals whose\nJWT token contains the principal selector. If an attachment\nbetween those two already exists, the call will succeed, but the\nexisting attachment will be returned. \"jurisdiction\" is optional, it will default\nto the current account.\n","tags":["Policy Attachments","Danger"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Attach Policy","required":["policy","principalSelector"],"properties":{"policy":{"type":"string","format":"a policy URI"},"principalSelector":{"type":"object","format":"can contain any subset of an internal JWT body"},"jurisdiction":{"type":"string","format":"an account URI","description":"reserved for future use"}}}}],"responses":{"201":{"description":"Successful policy attachment creation.","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"policy":{"type":"string","format":"uri"},"principalSelector":{"type":"object","format":"an subset of the internal JWT body"},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"allow":{"type":"boolean"},"jurisdiction":{"type":"string","format":"account uri"}}}]},"examples":{"application/json":{"id":"91b7a91f-ba22-45ce-985b-18fb9932f561","uri":"dev-portal:pers-testingsupport:admin:policy-attachments:91b7a91f-ba22-45ce-985b-18fb9932f561","account":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2015-09-23T02:45:43.980289Z","policy":"dev-portal:pers-testingsupport:admin:policies:mypolicy-yhg","jurisdiction":"dev-portal:pers-testingsupport:admin:accounts:pers-testingsupport","principalSelector":{"acct":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","user":"dev-portal:pers-github-107825:admin:users:apitestuser"},"name":"All","resources":["*"],"actions":["*"],"allow":true,"effect":"allow"}}}}}},"/v1/admin/policy-attachments/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","tags":["Policy Attachments"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"policy":{"type":"string","format":"uri"},"principalSelector":{"type":"object","format":"an subset of the internal JWT body"},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"allow":{"type":"boolean"},"jurisdiction":{"type":"string","format":"account uri"}}}]},"examples":{"application/json":{"id":"91b7a91f-ba22-45ce-985b-18fb9932f561","uri":"dev-portal:pers-testingsupport:admin:policy-attachments:91b7a91f-ba22-45ce-985b-18fb9932f561","account":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2015-09-23T02:45:43.980289Z","policy":"dev-portal:pers-testingsupport:admin:policies:mypolicy-yhg","jurisdiction":"dev-portal:pers-testingsupport:admin:accounts:pers-testingsupport","principalSelector":{"acct":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","user":"dev-portal:pers-github-107825:admin:users:apitestuser"},"name":"All","resources":["*"],"actions":["*"],"allow":true,"effect":"allow"}}}}},"delete":{"summary":"Detach","tags":["Policy Attachments","Danger"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successful deletion of polcy attachment."}}}},"/v1/admin/internal/authorize":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Authorize","tags":["Authorization","Private"],"description":"Post a set of \"operations\", return a code indicating whether\nall the operations are authorized or not for the JWT in the header.\nDetails will include all the policies which applied to the request.\nOperations in the request can use wildcards in the action or resource\nfields. If used, the answer returned may be \"maybe\" if the policy\nservice is not able to determine if applicable policies completely contain\nthe set of actions/resources espressed by the operation.\n","parameters":[{"name":"body","in":"body","schema":{"type":"object","properties":{"operations":{"type":"array","items":{"type":"object","properties":{"action":{"type":"string","format":"string with wildcards"},"resource":{"type":"string","format":"URI or URI mask with wildcards"}}}}},"example":{"operations":[{"action":"*","resource":"ncryptify:gemalto:admin:apps:*"}]}}}],"responses":{"200":{"description":"Successful authorization request.","schema":{"type":"object","properties":{"allowed":{"type":"string","format":"yes, no, or maybe"},"operations":{"type":"array","items":{"type":"object","properties":{"action":{"type":"string"},"resource":{"type":"string"},"allowed":{"type":"string","format":"yes, no, or maybe"},"includeDescendantAccounts":{"type":"boolean","description":"When this is false, only the resources in the principal's account can be accessed if the policy allows it.\nWhen this is true, the resources the principal's account as well as all child accounts associated with the\nprincipal's account, can be accessed if the policy allows it.\nFor example, this parameter should be set to true in order to include sub-domains while listing domains.\n"},"details":{"type":"object","description":"A map. The keys are the jurisdictions (account URIs) involved in the request. The\nvalue is an object describing the details of the verdict in that jurisdiction.\n","additionalProperties":{"type":"object","properties":{"jurisdiction":{"type":"string","format":"account URI"},"allowed":{"type":"string","format":"yes, no, or maybe"},"allowingPolicies":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"policy":{"type":"string","format":"uri"},"principalSelector":{"type":"object","format":"an subset of the internal JWT body"},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"allow":{"type":"boolean"},"jurisdiction":{"type":"string","format":"account uri"}}}]}},"denyingPolicies":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"policy":{"type":"string","format":"uri"},"principalSelector":{"type":"object","format":"an subset of the internal JWT body"},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"allow":{"type":"boolean"},"jurisdiction":{"type":"string","format":"account uri"}}}]}}}}}}}}},"example":{"allowed":"maybe","operations":[{"action":"*","resource":"ncryptify:gemalto:admin:apps:ncryptify","allowed":"maybe","details":{"asdf-gxO:pers-apitestuser:admin:accounts:pers-apitestuser":{"jurisdiction":"asdf-gxO:pers-apitestuser:admin:accounts:pers-apitestuser","allowed":"maybe","allowingPolicies":{"id":"91b7a91f-ba22-45ce-985b-18fb9932f561","uri":"dev-portal:pers-testingsupport:admin:policy-attachments:91b7a91f-ba22-45ce-985b-18fb9932f561","account":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2015-09-23T02:45:43.980289Z","policy":"dev-portal:pers-testingsupport:admin:policies:mypolicy-yhg","jurisdiction":"dev-portal:pers-testingsupport:admin:accounts:pers-testingsupport","principalSelector":{"acct":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","user":"dev-portal:pers-github-107825:admin:users:apitestuser"},"name":"All","resources":["*"],"actions":["read"],"allow":true,"effect":"allow"},"denyingPolicies":{"id":"91b7a91f-ba22-45ce-985b-18fb9932f561","uri":"dev-portal:pers-testingsupport:admin:policy-attachments:91b7a91f-ba22-45ce-985b-18fb9932f561","account":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2015-09-23T02:45:43.980289Z","policy":"dev-portal:pers-testingsupport:admin:policies:mypolicy-yhg","jurisdiction":"dev-portal:pers-testingsupport:admin:accounts:pers-testingsupport","principalSelector":{"acct":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","user":"dev-portal:pers-github-107825:admin:users:apitestuser"},"name":"All","resources":["*"],"actions":["read"],"allow":false,"effect":"deny"}}}}]}}}}}},"/v1/audit/records":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns 0 or more audit records.","tags":["Records"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"service","in":"query","type":"string","x-nullable":true,"description":"Filters results to specified service., e.g.: kylo\n"},{"name":"message","in":"query","type":"string","x-nullable":true,"collectionFormat":"multi","description":"Filters results on message\n"},{"name":"success","in":"query","type":"string","x-nullable":true,"description":"Filters result based on success status . eg : \"true\"\n"},{"name":"client_ip","in":"query","type":"string","x-nullable":true,"description":"Filters results to specified clientIP value\n"},{"name":"severity","in":"query","type":"string","x-nullable":true,"collectionFormat":"multi","description":"Filters results on severity eg: info, warning\n"},{"name":"source","in":"query","type":"string","x-nullable":true,"description":"Filters result based on source\n"},{"name":"username","in":"query","type":"string","x-nullable":true,"description":"Filters result based on username\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"message":{"type":"string","description":"The audit message wished to be recorded."},"service":{"type":"string","description":"The service category for the record, typically `anon`, `keys`, ..."},"requestId":{"type":"string","description":"The unique identifier for tracing a request through the services."},"success":{"type":"boolean","description":"To indicate an event's outcome; true if the event completed or the action was permitted, false if the event errored or the action was denied."},"username":{"type":"string","description":"indicates the kylo user by who the operation/event is done , username is retrived from the JWT"},"severity":{"type":"string","description":"this severity field in records as per standard guidelines, critical,warning, error , info"},"clientIP":{"type":"string","description":"indicates the real clientIP which triggered the event"},"source":{"type":"string","description":"indicates the CipherTrust Manager server name"},"details":{"type":"object","description":"Additional data included in the record."},"principal":{"type":"object","description":"The claims in the authentication token related to the request."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2016-08-22T15:19:46.61956217Z","details":{"color":"red"},"message":"the quick fox","service":"admin","requestId":"f47ac10b-58cc-4372-a567-0e02b2c3d479","success":true,"username":"admin","severity":"info","clientIP":"10.164.76.56","source":"KS_SJ_node1"}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"post":{"summary":"Create","description":"Records an audit event. The `message`, `service`, `requestId`, `instanceId`, `instanceTime`, `instanceTz` and `success` post body fields are mandatory. The entire post body will be recorded for possible searching and viewing (functionality to be implemented).","tags":["Records","Private"],"parameters":[{"name":"body","in":"body","description":"Variable data in JSON form to store with record. `message`, `service`, `requestId`, `instanceId`, `instanceTime`, `instanceTz` and `success` are required.","required":true,"schema":{"properties":{"message":{"type":"string","description":"The audit message wished to be recorded."},"service":{"type":"string","description":"The service category for the record, typically `anon`, `keys`, ..."},"success":{"type":"boolean","description":"To indicate an event's outcome; true if the event completed or the action was permitted, false if the event errored or the action was denied. Optional, defaults to true."},"details":{"type":"object","description":"Any additional information to include the record. Optional."}},"example":{"message":"the quick fox","service":"admin","success":true,"username":"admin","severity":"info","clientIP":"10.164.76.56","source":"KS_SJ_node1","details":{"color":"red"}}}}],"responses":{"201":{"description":"Successful audit event creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"message":{"type":"string","description":"The audit message wished to be recorded."},"service":{"type":"string","description":"The service category for the record, typically `anon`, `keys`, ..."},"requestId":{"type":"string","description":"The unique identifier for tracing a request through the services."},"success":{"type":"boolean","description":"To indicate an event's outcome; true if the event completed or the action was permitted, false if the event errored or the action was denied."},"username":{"type":"string","description":"indicates the kylo user by who the operation/event is done , username is retrived from the JWT"},"severity":{"type":"string","description":"this severity field in records as per standard guidelines, critical,warning, error , info"},"clientIP":{"type":"string","description":"indicates the real clientIP which triggered the event"},"source":{"type":"string","description":"indicates the CipherTrust Manager server name"},"details":{"type":"object","description":"Additional data included in the record."},"principal":{"type":"object","description":"The claims in the authentication token related to the request."}}}]},"examples":{"application/json":{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2016-08-22T15:19:46.61956217Z","details":{"color":"red"},"message":"the quick fox","service":"admin","requestId":"f47ac10b-58cc-4372-a567-0e02b2c3d479","success":true,"username":"admin","severity":"info","clientIP":"10.164.76.56","source":"KS_SJ_node1"}}}}}},"/v1/audit/records/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns an audit record. `id` can be either the `id`, `uri` or `slug` returned during record creation.","tags":["Records"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"message":{"type":"string","description":"The audit message wished to be recorded."},"service":{"type":"string","description":"The service category for the record, typically `anon`, `keys`, ..."},"requestId":{"type":"string","description":"The unique identifier for tracing a request through the services."},"success":{"type":"boolean","description":"To indicate an event's outcome; true if the event completed or the action was permitted, false if the event errored or the action was denied."},"username":{"type":"string","description":"indicates the kylo user by who the operation/event is done , username is retrived from the JWT"},"severity":{"type":"string","description":"this severity field in records as per standard guidelines, critical,warning, error , info"},"clientIP":{"type":"string","description":"indicates the real clientIP which triggered the event"},"source":{"type":"string","description":"indicates the CipherTrust Manager server name"},"details":{"type":"object","description":"Additional data included in the record."},"principal":{"type":"object","description":"The claims in the authentication token related to the request."}}}]},"examples":{"application/json":{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2016-08-22T15:19:46.61956217Z","details":{"color":"red"},"message":"the quick fox","service":"admin","requestId":"f47ac10b-58cc-4372-a567-0e02b2c3d479","success":true,"username":"admin","severity":"info","clientIP":"10.164.76.56","source":"KS_SJ_node1"}}}}}},"/v1/audit/client-records":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns 0 or more client records. Query parameter 'details' must contain valid JSON.","tags":["Records"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"client","in":"query","type":"string","x-nullable":true,"description":"Filters results to specified client value\n"},{"name":"event","in":"query","type":"string","x-nullable":true,"description":"Filters results to specified event\n"},{"name":"severity","in":"query","type":"string","x-nullable":true,"collectionFormat":"multi","description":"Filters results on severity eg: info, warning\n"},{"name":"client_type","in":"query","type":"string","x-nullable":true,"description":"Filters results on the client type eg: CTE\n"},{"name":"details","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only client records whose 'details' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"event":{"type":"string","description":"The audit message wished to be recorded on the client."},"client_type":{"type":"string","description":"The type of client, typically `CTE`, ..."},"severity":{"type":"string","description":"the severity field in client records as per standard guidelines eg:critical, warning, error, info"},"client":{"type":"string","description":"indicates the real identifier of the client which triggered the event. It can be the Id, name or hostname of the client"},"details":{"type":"object","description":"Additional data included in the client record."},"time_stamp":{"type":"string","description":"the time stamp when the event occured on the client"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2016-08-22T15:19:46.61956217Z","details":{"log":"red","mid":"CGA3193I","pid":9414,"args":{"gp":"/opt/ path3"},"message":"Successfully guarded [/opt/path3]","version":"7.0.0.9003","filename":"SecFS_upload_test-client-1.179","hostname":"test-client-1","client_id":"9d94db93-30c5-4e14-96e9-39e280257f61"},"event":"Grd Success","client_type":"CTE","severity":"info","client":"Client1","time_stamp":"2020-06-12 08:40:45.716+00"}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/audit/client-records/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns an audit record. `id` can be either the `id`, `uri` or `slug` returned during record creation.","tags":["Records"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"event":{"type":"string","description":"The audit message wished to be recorded on the client."},"client_type":{"type":"string","description":"The type of client, typically `CTE`, ..."},"severity":{"type":"string","description":"the severity field in client records as per standard guidelines eg:critical, warning, error, info"},"client":{"type":"string","description":"indicates the real identifier of the client which triggered the event. It can be the Id, name or hostname of the client"},"details":{"type":"object","description":"Additional data included in the client record."},"time_stamp":{"type":"string","description":"the time stamp when the event occured on the client"}}}]},"examples":{"application/json":{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2016-08-22T15:19:46.61956217Z","details":{"log":"red","mid":"CGA3193I","pid":9414,"args":{"gp":"/opt/ path3"},"message":"Successfully guarded [/opt/path3]","version":"7.0.0.9003","filename":"/var/log/client_logs/SecFS_upload_test-client-1.179","hostname":"test-client-1","client_id":"9d94db93-30c5-4e14-96e9-39e280257f61"},"event":"Grd Success","client_type":"CTE","severity":"info","client":"Client1","time_stamp":"2020-06-12 08:40:45.716+00"}}}}}},"/v1/audit/loki/api/v1/query_range":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns 0 or more audit logs. This api is calling Loki to get local node audit logs. See Loki api docs, \"https://grafana.com/docs/loki/latest/api/#get-lokiapiv1query_range\", for syntax and usage.","tags":["Records"],"parameters":[{"name":"start","in":"query","required":false,"type":"string","description":"The start time for the query as a nanosecond Unix epoch. The timestamps can also be written in RFC3339 and RFC3339Nano format, as supported by Go's time package. Defaults to one hour ago."},{"name":"end","in":"query","required":false,"type":"string","description":"The end time for the query as a nanosecond Unix epoch. The timestamps can also be written in RFC3339 and RFC3339Nano format, as supported by Go's time package. Defaults to now."},{"name":"query","in":"query","required":true,"type":"string","description":"The LogQL query to perform. This parameter is required, use {job=\"server_audit_records\"} for basic server audit log query or {job=\"client_audit_records\"} for basic client audit log query."},{"name":"limit","in":"query","required":false,"type":"integer","description":"The max number of entries to return."},{"name":"step","in":"query","required":false,"type":"string","description":"Query resolution step width in duration format or float number of seconds. \"duration\" refers to Prometheus duration string of form [0-9]+[smhdwy]."},{"name":"interval","in":"query","required":false,"type":"string","description":"Only return entries at (or greater than) the specified internval, can be a duration format or float number of seconds. \"duration\" refers to Prometheus duration string of form [0-9]+[smhdwy]."},{"name":"direction","in":"query","required":false,"type":"string","description":"Determines the sort order of logs. Supported values are forward or backward. Defaults to backward."}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"message":{"type":"string","description":"The audit message wished to be recorded."},"service":{"type":"string","description":"The service category for the record, typically `anon`, `keys`, ..."},"requestId":{"type":"string","description":"The unique identifier for tracing a request through the services."},"success":{"type":"boolean","description":"To indicate an event's outcome; true if the event completed or the action was permitted, false if the event errored or the action was denied."},"username":{"type":"string","description":"indicates the kylo user by who the operation/event is done , username is retrived from the JWT"},"severity":{"type":"string","description":"this severity field in records as per standard guidelines, critical,warning, error , info"},"clientIP":{"type":"string","description":"indicates the real clientIP which triggered the event"},"source":{"type":"string","description":"indicates the CipherTrust Manager server name"},"details":{"type":"object","description":"Additional data included in the record."},"principal":{"type":"object","description":"The claims in the authentication token related to the request."}}}]},"examples":{"status":"success","data":{"resultType":"streams","result":[{"stream":{"account":"kylo:kylo:admin:accounts:kylo","filename":"/audit-logs/cm.audit.log","job":"server_audit_records"},"values":[["1644433794613530000","{\"principal\":{\"acc\":\"kylo\",\"acct\":\"kylo:kylo:admin:accounts:kylo\",\"iss\":\"kylo\",\"sub\":\"local|6156717d-9bda-4b90-b509-031dd4b1448f\"},\"details\":{\"auth_domain\":\"\",\"client_id\":\"7b95deda-dc0d-423a-a3e7-b45ccd807403\",\"connection\":\"local_account\",\"domain\":\"\",\"grant_type\":\"password\",\"refresh_token_counts\":{\"labels\":{},\"no_label\":4,\"total\":4},\"refresh_token_id\":\"457c97ee-b5e0-4e02-80bb-ce22f3bd4101\",\"renew_refresh_token\":false,\"user_id\":\"local|6156717d-9bda-4b90-b509-031dd4b1448f\",\"username\":\"admin\"},\"message\":\"Create Token\",\"service\":\"kylo\",\"requestId\":\"392c1588-0597-4f84-a4e7-aefd10e21c00\",\"success\":true,\"username\":\"admin\",\"severity\":\"info\",\"source\":\"ubuntu1804\",\"domain_id\":\"00000000-0000-0000-0000-000000000000\",\"createdAt\":\"2022-02-09T19:09:54.61353Z\",\"account\":\"kylo:kylo:admin:accounts:kylo\",\"id\":\"551eace7-69e6-4b6d-8443-625b9416c2d8\"}"],["1644433458160450000","{\"principal\":{\"acc\":\"kylo\",\"acct\":\"kylo:kylo:admin:accounts:kylo\",\"iss\":\"kylo\",\"sub\":\"local|6156717d-9bda-4b90-b509-031dd4b1448f\"},\"details\":{\"auth_domain\":\"\",\"client_id\":\"24053daa-b7ef-48e5-914c-57094ea00b7a\",\"connection\":\"local_account\",\"domain\":\"\",\"grant_type\":\"password\",\"refresh_token_counts\":{\"labels\":{},\"no_label\":3,\"total\":3},\"refresh_token_id\":\"7e4a5c00-c265-4bf8-a805-1605f9463e52\",\"renew_refresh_token\":false,\"user_id\":\"local|6156717d-9bda-4b90-b509-031dd4b1448f\",\"username\":\"admin\"},\"message\":\"Create Token\",\"service\":\"kylo\",\"requestId\":\"44b4fcb0-03c1-40ab-81ac-f9d53bd4e21d\",\"success\":true,\"username\":\"admin\",\"severity\":\"info\",\"source\":\"ubuntu1804\",\"domain_id\":\"00000000-0000-0000-0000-000000000000\",\"createdAt\":\"2022-02-09T19:04:18.16045Z\",\"account\":\"kylo:kylo:admin:accounts:kylo\",\"id\":\"67b70e6d-3d19-4e01-93da-7bf4f7753c46\"}"]]}],"stats":{"summary":{"bytesProcessedPerSecond":5604120,"linesProcessedPerSecond":10196,"totalBytesProcessed":11542,"totalLinesProcessed":21,"execTime":0.002059556},"store":{"totalChunksRef":0,"totalChunksDownloaded":0,"chunksDownloadTime":0,"headChunkBytes":0,"headChunkLines":0,"decompressedBytes":0,"decompressedLines":0,"compressedBytes":0,"totalDuplicates":0},"ingester":{"totalReached":1,"totalChunksMatched":1,"totalBatches":1,"totalLinesSent":2,"headChunkBytes":11542,"headChunkLines":21,"decompressedBytes":0,"decompressedLines":0,"compressedBytes":0,"totalDuplicates":0}}}}}}}},"/v1/audit/alarm-configs":{"post":{"summary":"Create","description":"Create a configuration to generate alarms for either audit or client records. \nAlarms are generated with the given name, description and severity whenever the chosen record type matches the\ncondition, and the number of records hits a threshold within the given time interval in seconds. Conditions are defined in\n[Open Policy Agent's query language Rego](https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/).\nBoth records and triggered alarms can have one of the following severity levels:\n\n* critical\n* error\n* warning\n* info\n\nWhen no severity or description is defined in alarm configuration, then triggered alarms inherit them from records.\nWhen threshold and time interval is not defined in alarm configuration, then the default values for both will be 0\nand CM will not check for threshold. The interval value should be specified in seconds.\n\nThe following example shows an alarm configuration whose condition is satisfied by the provided record and threshold\nhits (since it is set to 1) so it generates an alarm.\n\nAlarm configuration:\n```\n {\n \"name\": \"RSA key too small\",\n \"source_type\": \"server_record\",\n \"description\": \"RSA key should be 2048 bits or higher\",\n \"severity\": \"critical\",\n \"condition\": \"input.success\\ninput.message == \\\"Create Key\\\"\\ninput.details.algorithm == \\\"RSA\\\"\\ninput.details.size <= 1024\",\n \"threshold\": 1,\n \"interval\" : 10\n }\n```\n* The properties `name`, `source_type`, `description` and `severity` are used to\n populate properties with the same name in the generated alarm.\n* To have alarms triggered from the audit records either omit `source_type` or set it to \"server_record\". To trigger\n an alarm off of a client record then set it to \"client_record\"\n* The `condition` is a set of assertions that must evaluate to true in\n order to generate an alarm. The first assertion `input.success` says\n that given the input document, which is the record, test if the\n record's `success` property is true. See OPA's \n [input document](https://www.openpolicyagent.org/docs/latest/how-does-opa-work/#the-input-document) for more information.\n* The properties `threshold` and `interval` are used to raise alarm if the number of records fetched within a current time interval hits threshold.\n\nMatching record:\n```\n {\n \"id\": \"059015dc-f476-4e56-9b5f-d5e766b5c139\",\n \"uri\": \"kylo:kylo:audit:records:059015dc-f476-4e56-9b5f-d5e766b5c139\",\n \"account\": \"kylo:kylo:admin:accounts:kylo\",\n \"application\": \"ncryptify:gemalto:admin:apps:kylo\",\n \"devAccount\": \"ncryptify:gemalto:admin:accounts:gemalto\",\n \"createdAt\": \"2019-08-09T15:23:44.085148Z\",\n \"message\": \"Create Key\",\n \"service\": \"minerva\",\n \"requestId\": \"735625dd-0673-43fd-8d74-aa1269a34420\",\n \"success\": true,\n \"username\": \"admin\",\n \"details\": {\n \"id\": \"9a0c147806055a5ab6be5215e217e934d740ca8d838cfe61fd1a6a07bd1de242\",\n \"uri\": \"kylo:kylo:vault:keys:mykey-v0\",\n \"name\": \"mykey\",\n \"size\": 1024,\n \"ownerId\": \"local|9e7f69ef-5bb4-4160-a5d1-7ab3fdb605cd\",\n \"algorithm\": \"RSA\",\n \"usageMask\": 3,\n \"objectType\": \"Private Key\"\n },\n \"principal\": {\n \"acc\": \"kylo\",\n \"iss\": \"kylo\",\n \"sub\": \"local|9e7f69ef-5bb4-4160-a5d1-7ab3fdb605cd\",\n \"acct\": \"kylo:kylo:admin:accounts:kylo\"\n }\n }\n```\n\nResulting alarm:\n```\n {\n \"id\": \"00fea201-aaaa-44ef-a97d-723c1bd38147\",\n \"uri\": \"kylo:kylo:alarms:00fea201-aaaa-44ef-a97d-723c1bd38147\",\n \"createdAt\": \"2019-08-08T20:49:01.907543Z\",\n \"createdBy\": \"admin\",\n \"clearedAt\": \"\",\n \"clearedBy\": \"\",\n \"acknowledgAt\": \"\",\n \"acknowledgBy\": \"\",\n \"account\": \" kylo:kylo:admin:accounts:kylo\",\n \"application\": \" ncryptify:gemalto:admin:apps:kylo\",\n \"dev_account\": \" ncryptify:gemalto:admin:accounts:gemalto\",\n \"name\": \"RSA key too small\",\n \"source_type\": \"server_record\",\n \"state\": \"on\",\n \"description\": \"RSA key should be 2048 bits or higher\",\n \"severity\": \"critical\",\n \"service\": \"Kylo\",\n \"source\": \"10.3.201.41\",\n \"details\": {\n \"id\": \"059015dc-f476-4e56-9b5f-d5e766b5c139\",\n \"uri\": \"kylo:kylo:audit:records:059015dc-f476-4e56-9b5f-d5e766b5c139\",\n \"account\": \"kylo:kylo:admin:accounts:kylo\",\n \"application\": \"ncryptify:gemalto:admin:apps:kylo\",\n \"devAccount\": \"ncryptify:gemalto:admin:accounts:gemalto\",\n \"createdAt\": \"2019-08-09T15:23:44.085148Z\",\n \"message\": \"Create Key\",\n \"service\": \"minerva\",\n \"requestId\": \"735625dd-0673-43fd-8d74-aa1269a34420\",\n \"success\": true,\n \"username\": \"admin\",\n \"details\": {\n \"id\": \"9a0c147806055a5ab6be5215e217e934d740ca8d838cfe61fd1a6a07bd1de242\",\n \"uri\": \"kylo:kylo:vault:keys:mykey-v0\",\n \"name\": \"mykey\",\n \"size\": 1024,\n \"ownerId\": \"local|9e7f69ef-5bb4-4160-a5d1-7ab3fdb605cd\",\n \"algorithm\": \"RSA\",\n \"usageMask\": 3,\n \"objectType\": \"Private Key\"\n },\n \"principal\": {\n \"acc\": \"kylo\",\n \"iss\": \"kylo\",\n \"sub\": \"local|9e7f69ef-5bb4-4160-a5d1-7ab3fdb605cd\",\n \"acct\": \"kylo:kylo:admin:accounts:kylo\"\n }\n }\n }\n```\n","tags":["Records"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"required":["name","condition"],"example":{"application/json":{"name":"RSA key too small","source_type":"server_record","description":"RSA key should be 2048 bits or higher","severity":"critical","condition":"input.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024","threshold":20,"interval":10}},"allOf":[{"properties":{"severity":{"type":"string","enum":["critical","error","warning","info"],"description":"Alarm severity level"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of this config. This value will also be used as the name property of the generated alarms."},"source_type":{"type":"string","description":"The source type to trigger an alarm from. Defaults to \"server_record\"","enum":["server_record","client_record"]},"description":{"type":"string","description":"The description of this config which will also be used as the `description` property of the generated alarms when it is set.\nIf it not set, `message` property of the `records` will be used as alarms `description`.\n"},"condition":{"type":"string","description":"The condition is a set of assertions that must evaluate to true\nin order to generate an alarm. It is defined using\n[Open Policy Agent's query language Rego](https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/)\nwhich let's you compose complex rules to evaluate against an\naudit record.\n\nNote: all record properties must be prefixed with `input`\n(e.g. `input.success` or `input.details.size`) because a record\nis the input document in OPA's document model.\n\nExample: generate an alarm when a weak RSA key is created. (All double quotes and newlines must be escaped when inserted as a JSON string.)\n\n```\ninput.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024\n```\n"},"threshold":{"type":"integer","description":"The threshold is an integer value which defines the limit for raising alarm by observing the number of records fetched in given time interval.\nIf it is not set then the default value will be 0 and it will not be used for raising alarm.\n"},"interval":{"type":"integer","description":"The interval is an integer value which defines the time interval in seconds and it is used for raising alarms if a threshold hits within this time interval.\n"}}}]}}],"responses":{"201":{"description":"Successful alarm config creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"allOf":[{"properties":{"severity":{"type":"string","enum":["critical","error","warning","info"],"description":"Alarm severity level"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of this config. This value will also be used as the name property of the generated alarms."},"source_type":{"type":"string","description":"The source type to trigger an alarm from. Defaults to \"server_record\"","enum":["server_record","client_record"]},"description":{"type":"string","description":"The description of this config which will also be used as the `description` property of the generated alarms when it is set.\nIf it not set, `message` property of the `records` will be used as alarms `description`.\n"},"condition":{"type":"string","description":"The condition is a set of assertions that must evaluate to true\nin order to generate an alarm. It is defined using\n[Open Policy Agent's query language Rego](https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/)\nwhich let's you compose complex rules to evaluate against an\naudit record.\n\nNote: all record properties must be prefixed with `input`\n(e.g. `input.success` or `input.details.size`) because a record\nis the input document in OPA's document model.\n\nExample: generate an alarm when a weak RSA key is created. (All double quotes and newlines must be escaped when inserted as a JSON string.)\n\n```\ninput.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024\n```\n"},"threshold":{"type":"integer","description":"The threshold is an integer value which defines the limit for raising alarm by observing the number of records fetched in given time interval.\nIf it is not set then the default value will be 0 and it will not be used for raising alarm.\n"},"interval":{"type":"integer","description":"The interval is an integer value which defines the time interval in seconds and it is used for raising alarms if a threshold hits within this time interval.\n"}}}]}]},"examples":{"application/json":{"name":"RSA key too small","source_type":"server_record","description":"RSA key should be 2048 bits or higher","severity":"critical","condition":"input.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024","id":"24aae5e5-b627-4b0e-964a-f48af998ee2b","uri":"kylo:kylo:audit:records:24aae5e5-b627-4b0e-964a-f48af998ee2b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-01T23:00:10.072423Z","updatedAt":"2016-12-01T23:00:10.072423Z","threshold":20,"interval":10}}}}},"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns 0 or more alarm configurations.","tags":["Records"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"source_type","in":"query","type":"string","description":"Filter on alarm configuration source type. Valid values are 'server_record' and 'client_record'"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"allOf":[{"properties":{"severity":{"type":"string","enum":["critical","error","warning","info"],"description":"Alarm severity level"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of this config. This value will also be used as the name property of the generated alarms."},"source_type":{"type":"string","description":"The source type to trigger an alarm from. Defaults to \"server_record\"","enum":["server_record","client_record"]},"description":{"type":"string","description":"The description of this config which will also be used as the `description` property of the generated alarms when it is set.\nIf it not set, `message` property of the `records` will be used as alarms `description`.\n"},"condition":{"type":"string","description":"The condition is a set of assertions that must evaluate to true\nin order to generate an alarm. It is defined using\n[Open Policy Agent's query language Rego](https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/)\nwhich let's you compose complex rules to evaluate against an\naudit record.\n\nNote: all record properties must be prefixed with `input`\n(e.g. `input.success` or `input.details.size`) because a record\nis the input document in OPA's document model.\n\nExample: generate an alarm when a weak RSA key is created. (All double quotes and newlines must be escaped when inserted as a JSON string.)\n\n```\ninput.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024\n```\n"},"threshold":{"type":"integer","description":"The threshold is an integer value which defines the limit for raising alarm by observing the number of records fetched in given time interval.\nIf it is not set then the default value will be 0 and it will not be used for raising alarm.\n"},"interval":{"type":"integer","description":"The interval is an integer value which defines the time interval in seconds and it is used for raising alarms if a threshold hits within this time interval.\n"}}}]}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"RSA key too small","source_type":"server_record","description":"RSA key should be 2048 bits or higher","severity":"critical","condition":"input.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024","id":"24aae5e5-b627-4b0e-964a-f48af998ee2b","uri":"kylo:kylo:audit:records:24aae5e5-b627-4b0e-964a-f48af998ee2b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-01T23:00:10.072423Z","updatedAt":"2016-12-01T23:00:10.072423Z","threshold":20,"interval":10}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/audit/alarm-configs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns an alarm configuration. `id` can be either the `id`, `uri` or `slug` returned during record creation.","tags":["Records"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"allOf":[{"properties":{"severity":{"type":"string","enum":["critical","error","warning","info"],"description":"Alarm severity level"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of this config. This value will also be used as the name property of the generated alarms."},"source_type":{"type":"string","description":"The source type to trigger an alarm from. Defaults to \"server_record\"","enum":["server_record","client_record"]},"description":{"type":"string","description":"The description of this config which will also be used as the `description` property of the generated alarms when it is set.\nIf it not set, `message` property of the `records` will be used as alarms `description`.\n"},"condition":{"type":"string","description":"The condition is a set of assertions that must evaluate to true\nin order to generate an alarm. It is defined using\n[Open Policy Agent's query language Rego](https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/)\nwhich let's you compose complex rules to evaluate against an\naudit record.\n\nNote: all record properties must be prefixed with `input`\n(e.g. `input.success` or `input.details.size`) because a record\nis the input document in OPA's document model.\n\nExample: generate an alarm when a weak RSA key is created. (All double quotes and newlines must be escaped when inserted as a JSON string.)\n\n```\ninput.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024\n```\n"},"threshold":{"type":"integer","description":"The threshold is an integer value which defines the limit for raising alarm by observing the number of records fetched in given time interval.\nIf it is not set then the default value will be 0 and it will not be used for raising alarm.\n"},"interval":{"type":"integer","description":"The interval is an integer value which defines the time interval in seconds and it is used for raising alarms if a threshold hits within this time interval.\n"}}}]}]},"examples":{"name":"RSA key too small","source_type":"server_record","description":"RSA key should be 2048 bits or higher","severity":"critical","condition":"input.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024","id":"24aae5e5-b627-4b0e-964a-f48af998ee2b","uri":"kylo:kylo:audit:records:24aae5e5-b627-4b0e-964a-f48af998ee2b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-01T23:00:10.072423Z","updatedAt":"2016-12-01T23:00:10.072423Z","threshold":20,"interval":10}}}},"patch":{"summary":"Update","description":"Updates an alarm configuration. `id` can be either the `id`, `uri` or `slug` returned during record creation.","tags":["Records"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","required":true,"schema":{"example":{"application/json":{"source_type":"server_record","condition":"input.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 2048","threshold":30,"interval":15}},"allOf":[{"properties":{"severity":{"type":"string","enum":["critical","error","warning","info"],"description":"Alarm severity level"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of this config. This value will also be used as the name property of the generated alarms."},"source_type":{"type":"string","description":"The source type to trigger an alarm from. Defaults to \"server_record\"","enum":["server_record","client_record"]},"description":{"type":"string","description":"The description of this config which will also be used as the `description` property of the generated alarms when it is set.\nIf it not set, `message` property of the `records` will be used as alarms `description`.\n"},"condition":{"type":"string","description":"The condition is a set of assertions that must evaluate to true\nin order to generate an alarm. It is defined using\n[Open Policy Agent's query language Rego](https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/)\nwhich let's you compose complex rules to evaluate against an\naudit record.\n\nNote: all record properties must be prefixed with `input`\n(e.g. `input.success` or `input.details.size`) because a record\nis the input document in OPA's document model.\n\nExample: generate an alarm when a weak RSA key is created. (All double quotes and newlines must be escaped when inserted as a JSON string.)\n\n```\ninput.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024\n```\n"},"threshold":{"type":"integer","description":"The threshold is an integer value which defines the limit for raising alarm by observing the number of records fetched in given time interval.\nIf it is not set then the default value will be 0 and it will not be used for raising alarm.\n"},"interval":{"type":"integer","description":"The interval is an integer value which defines the time interval in seconds and it is used for raising alarms if a threshold hits within this time interval.\n"}}}]}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"allOf":[{"properties":{"severity":{"type":"string","enum":["critical","error","warning","info"],"description":"Alarm severity level"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of this config. This value will also be used as the name property of the generated alarms."},"source_type":{"type":"string","description":"The source type to trigger an alarm from. Defaults to \"server_record\"","enum":["server_record","client_record"]},"description":{"type":"string","description":"The description of this config which will also be used as the `description` property of the generated alarms when it is set.\nIf it not set, `message` property of the `records` will be used as alarms `description`.\n"},"condition":{"type":"string","description":"The condition is a set of assertions that must evaluate to true\nin order to generate an alarm. It is defined using\n[Open Policy Agent's query language Rego](https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/)\nwhich let's you compose complex rules to evaluate against an\naudit record.\n\nNote: all record properties must be prefixed with `input`\n(e.g. `input.success` or `input.details.size`) because a record\nis the input document in OPA's document model.\n\nExample: generate an alarm when a weak RSA key is created. (All double quotes and newlines must be escaped when inserted as a JSON string.)\n\n```\ninput.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024\n```\n"},"threshold":{"type":"integer","description":"The threshold is an integer value which defines the limit for raising alarm by observing the number of records fetched in given time interval.\nIf it is not set then the default value will be 0 and it will not be used for raising alarm.\n"},"interval":{"type":"integer","description":"The interval is an integer value which defines the time interval in seconds and it is used for raising alarms if a threshold hits within this time interval.\n"}}}]}]},"examples":{"name":"RSA key too small","source_type":"server_record","description":"RSA key should be 2048 bits or higher","severity":"critical","condition":"input.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 2048","id":"24aae5e5-b627-4b0e-964a-f48af998ee2b","uri":"kylo:kylo:audit:records:24aae5e5-b627-4b0e-964a-f48af998ee2b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-01T23:00:10.072423Z","updatedAt":"2016-12-01T23:20:10.072423Z","threshold":20,"interval":10}}}},"delete":{"summary":"Delete","description":"Deletes an alarm configuration. `id` can be either the `id`, `uri` or `slug` returned during record creation.","tags":["Records"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successful deletion of alarm config."}}}},"/v1/usermgmt/groupmaps/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of groupmaps. Query parameters can be\nused to filter the results. Results are returned in pages.\nEach page of results includes the total results found, and\ninformation for requesting the next page of results, using\nthe `skip` and `limit` query parameters.\n","tags":["Groupmaps"],"parameters":[{"name":"connection_name","in":"query","description":"Filter by the connection name. A * character can be used as a wildcard.\n","required":false,"type":"string"},{"name":"connection_group_name","in":"query","description":"Filter by the connection group name. A * character can be used as a wildcard.\nThis attribute replaces the deprecated `ldap_group_name` attribute.\n","required":false,"type":"string"},{"name":"group_name","in":"query","description":"Filter by the CipherTrust Manager group name. A * character can be used as a wildcard.\n","required":false,"type":"string"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"A mapping between a connection group and a local CipherTrust Manager group","type":"object","title":"Groupmap","required":["connection_name","connection_group_name","group_name"],"properties":{"connection_name":{"type":"string","description":"Connection name. This must be an existing connection."},"connection_group_name":{"type":"string","description":"Group within the connection. This attribute replaces the deprecated `ldap_group_name` attribute."},"group_name":{"type":"string","description":"Local CipherTrust Manager group name. This must be an existing group."},"id":{"type":"string","description":"A unique ID associated with the mapping between the connection group and local CipherTrust Manager group."},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was last updated"}},"example":{"connection_name":"ldap_connection","connection_group_name":"ldap_group_name","group_name":"key_secure_group_name","id":"76fddd1e-7a44-417d-9d34-58254c5a96ed","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"connection_name":"ldap_connection","connection_group_name":"ldap_group_name","group_name":"key_secure_group_name","id":"76fddd1e-7a44-417d-9d34-58254c5a96ed","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}]}}}}},"post":{"summary":"Create","tags":["Groupmaps"],"parameters":[{"name":"body","in":"body","schema":{"description":"Parameters needed to create a mapping between a connection group and a local CipherTrust Manager group","type":"object","title":"Create Groupmap","required":["connection_name","connection_group_name","group_name"],"properties":{"connection_name":{"type":"string","description":"Connection name. This must be an existing connection."},"connection_group_name":{"type":"string","description":"Group within the connection. This attribute replaces the deprecated `ldap_group_name` attribute."},"group_name":{"type":"string","description":"Local CipherTrust Manager group name. This must be an existing group."}}}}],"responses":{"201":{"description":"Successful groupmap creation.","schema":{"description":"A mapping between a connection group and a local CipherTrust Manager group","type":"object","title":"Groupmap","required":["connection_name","connection_group_name","group_name"],"properties":{"connection_name":{"type":"string","description":"Connection name. This must be an existing connection."},"connection_group_name":{"type":"string","description":"Group within the connection. This attribute replaces the deprecated `ldap_group_name` attribute."},"group_name":{"type":"string","description":"Local CipherTrust Manager group name. This must be an existing group."},"id":{"type":"string","description":"A unique ID associated with the mapping between the connection group and local CipherTrust Manager group."},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was last updated"}},"example":{"connection_name":"ldap_connection","connection_group_name":"ldap_group_name","group_name":"key_secure_group_name","id":"76fddd1e-7a44-417d-9d34-58254c5a96ed","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}},"examples":{"application/json":{"connection_name":"ldap_connection","connection_group_name":"ldap_group_name","group_name":"key_secure_group_name","id":"76fddd1e-7a44-417d-9d34-58254c5a96ed","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}}}}}},"/v1/usermgmt/groupmaps/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","type":"string","required":true,"description":"the group map ID, returned when the group map was created"}],"get":{"summary":"Get","tags":["Groupmaps"],"responses":{"200":{"description":"OK","schema":{"description":"A mapping between a connection group and a local CipherTrust Manager group","type":"object","title":"Groupmap","required":["connection_name","connection_group_name","group_name"],"properties":{"connection_name":{"type":"string","description":"Connection name. This must be an existing connection."},"connection_group_name":{"type":"string","description":"Group within the connection. This attribute replaces the deprecated `ldap_group_name` attribute."},"group_name":{"type":"string","description":"Local CipherTrust Manager group name. This must be an existing group."},"id":{"type":"string","description":"A unique ID associated with the mapping between the connection group and local CipherTrust Manager group."},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was last updated"}},"example":{"connection_name":"ldap_connection","connection_group_name":"ldap_group_name","group_name":"key_secure_group_name","id":"76fddd1e-7a44-417d-9d34-58254c5a96ed","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}},"examples":{"application/json":{"connection_name":"ldap_connection","connection_group_name":"ldap_group_name","group_name":"key_secure_group_name","id":"76fddd1e-7a44-417d-9d34-58254c5a96ed","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","tags":["Groupmaps"],"responses":{"204":{"description":"No Content | Successful deletion of group map."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"The only thing you can update on a groupmap is the CipherTrust Manager group name `group_name`.\n","tags":["Groupmaps"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"description":"Parameters needed to update a mapping between a connection group and a local CipherTrust Manager group","type":"object","title":"Update Groupmap","required":["group_name"],"properties":{"group_name":{"type":"string","description":"Local CipherTrust Manager group name. This must be an existing group."}}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"A mapping between a connection group and a local CipherTrust Manager group","type":"object","title":"Groupmap","required":["connection_name","connection_group_name","group_name"],"properties":{"connection_name":{"type":"string","description":"Connection name. This must be an existing connection."},"connection_group_name":{"type":"string","description":"Group within the connection. This attribute replaces the deprecated `ldap_group_name` attribute."},"group_name":{"type":"string","description":"Local CipherTrust Manager group name. This must be an existing group."},"id":{"type":"string","description":"A unique ID associated with the mapping between the connection group and local CipherTrust Manager group."},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was last updated"}},"example":{"connection_name":"ldap_connection","connection_group_name":"ldap_group_name","group_name":"key_secure_group_name","id":"76fddd1e-7a44-417d-9d34-58254c5a96ed","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}},"examples":{"application/json":{"connection_name":"ldap_connection","connection_group_name":"ldap_group_name","group_name":"key_secure_group_name","id":"76fddd1e-7a44-417d-9d34-58254c5a96ed","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/cluster":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Info","description":"Returns the called node's view of the cluster status.","tags":["Cluster"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"application/json":{"nodeID":"a6d995ff-3382-40a9-a04a-7985d8f6f1f5","status":{"code":"r","description":"ready"},"nodeCount":1}}}}},"delete":{"summary":"Delete","description":"Deletes cluster configurations from this node. This node must not be a part of a cluster or is the only member of the cluster.","tags":["Cluster"],"responses":{"204":{"description":"No Content | Successful removal of the node."},"400":{"description":"Bad Request | A node can't remove itself","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Invalid ID","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/cluster/new":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"New","description":"Initializes a new cluster with the called node as the initial member. All cluster members (including this one) must be able to resolve and reach localNodeHost.","tags":["Cluster","Enterprise"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"type":"object","title":"Initialize Cluster","required":["localNodeHost"],"properties":{"localNodeHost":{"type":"string","description":"The hostname or IP of this node. Must be reachable by all nodes in the cluster, including this one."},"localNodePort":{"type":"integer","description":"The port of the node wanting to join, defaults to 5432"},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or public IP of this node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"}}}}],"responses":{"201":{"description":"Successful cluster initialization.","schema":{"type":"string"},"examples":{"application/json":{"nodeID":"a6d995ff-3382-40a9-a04a-7985d8f6f1f5","status":{"code":"r","description":"ready"},"nodeCount":1}}},"400":{"description":"Bad Request | Cluster already created.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/cluster/csr":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create CSR","description":"Generates a new keypair and CSR from the node that wants to join the cluster and returns the CSR. localNodeHost refers to the node that wants to join the cluster.","tags":["Cluster"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"type":"object","title":"Create CSR","required":["localNodeHost"],"properties":{"localNodeHost":{"type":"string","description":"The hostname or IP of the node wanting to join. Must be reachable by all nodes in the cluster, including this one."},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or public IP of this node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"}}}}],"responses":{"201":{"description":"Successful CSR creation.","schema":{"type":"string"},"examples":{"application/json":{"csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBcjCCARcCAQAwgYMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNRDEQMA4GA1UE\nBxMHQmVsY2FtcDEbMBkGA1UECRMSNDY5MCBNaWxsZW5pdW0gRHIuMRAwDgYDVQQK\nEwdHZW1hbHRvMSYwJAYDVQQDDB1EQk1nciBDbHVzdGVyIE5vZGUga3lsbzJfcGdf\nMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJOJAqGnnxzRdlDu2Whu80uLJGVF\nFc4gGDRMaeEOh67mISkiYKyfer/pB+wlYNm+fRfmDS7epBvHxUONi7Wgj3CgMTAv\nBgkqhkiG9w0BCQ4xIjAgMB4GA1UdEQQXMBWBE3N1cHBvcnRAZ2VtYWx0by5jb20w\nCgYIKoZIzj0EAwIDSQAwRgIhAPktHcL4nUPtbzG5zCVKH/S/GH4bce88YWQomDQe\nua5MAiEAhu6vmmLxXuG3bXk1cW59GJPh9BBUjOtyzR7M2rr/5OM=\n-----END CERTIFICATE REQUEST-----\n"}}},"400":{"description":"Bad Request | Cluster already exists.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/cluster/join":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Join","description":"Joins a node into an existing cluster. The cert, cachain, mkek_blob{{FF_ENABLE_ETCD|, clusterList and clusterToken}} from a POST to /nodes are required. localNodeHost refers to the node wanting to join and memberNodeHost refers to any existing member of the cluster.","tags":["Cluster","Enterprise"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"type":"object","title":"Join Cluster","required":["cert","cachain","localNodeHost","memberNodeHost","mkek_blob"],"properties":{"cert":{"type":"string","description":"The cert issued by the node already in the cluster"},"cachain":{"type":"string","description":"The cachain issued by the node already in the cluster"},"localNodeHost":{"type":"string","description":"The hostname or IP of the node wanting to join"},"localNodePort":{"type":"integer","description":"The port of the node wanting to join, defaults to 5432"},"localNodePublicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or public IP of the node wanting to join.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"},"memberNodeHost":{"type":"string","description":"The hostname or IP of the existing member of the cluster"},"memberNodePort":{"type":"integer","description":"The port of the existing member of the cluster, defaults to 5432"},"mkek_blob":{"type":"string","description":"Master KEK blob extracted from member to be sent to new node, possibly wrapped with HSM root key. This blob is returned back as part of the CSR sign response"},"node_type":{"x-feature":"FF_ENABLE_CLUSTER_WITH_GATEWAY_NODES","type":"string","description":"The mode in which you wish to join the new node. Valid values are 'rw' and 'gateway', defaults to 'rw'.","default":"rw","enum":["rw","gateway"]},"blocking":{"type":"boolean","description":"When set to true, cluster join operation will block until finished"},"clusterToken":{"x-feature":"FF_ENABLE_ETCD","type":"string","description":"Token that identifies a cluster."},"clusterList":{"x-feature":"FF_ENABLE_ETCD","type":"string","description":"Encoded list of existing nodes in cluster."}}}}],"responses":{"201":{"description":"Successful cluster join.","schema":{"type":"string"},"examples":{"application/json":{"nodeID":"a6d995ff-3382-40a9-a04a-7985d8f6f1f5","status":{"code":"r","description":"ready"},"nodeCount":2}}},"400":{"description":"Bad Request | Node is already in a cluster.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/cluster/errors":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of all the cluster errors.","tags":["Cluster","Enterprise"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"Returns a list of all the cluster errors.","type":"object","properties":{"nodeID":{"type":"string","description":"Unique identifier of the node.","readOnly":true},"isThisNode":{"type":"boolean","description":"When true, this objects represents the current node resource that was called.","readOnly":true},"clusterErrors":{"type":"array","items":{"description":"Returns a cluster errors of a node.","type":"object","properties":{"errorMessage":{"type":"string","description":"Returns error of the node.","readOnly":true},"errorTime":{"type":"string","format":"date-time","description":"Return the error time of the node.","readOnly":true}}}}},"example":{"isThisNode":false,"nodeID":"553b2dfdee5a43a59c946e8b6301ee7d","clusterErrors":{"errorMessage":"could not connect to the postgresql server in replication mode: timeout expired\n","errorTime":"2023-11-23T06:57:09.068131Z"}}}}}}]}}}}},"/v1/cluster/summary":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Info","description":"Returns the summary of the cluster.","tags":["Cluster"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"object","properties":{"node_id":{"type":"object","properties":{"clusterSummary":{"type":"object","items":{"description":"Returns a list of all the cluster nodes summary with cluster errors.","type":"object","properties":{"node_id":{"type":"object","description":"Unique identifier of the node.","properties":{"summary":{"type":"string","description":"Human readable summary of the node.","readOnly":true},"nodeInfo":{"description":"A cluster node object. Represents a single node instance in the cluster.","type":"object","properties":{"nodeID":{"type":"string","description":"Unique identifier of the node.","readOnly":true},"status":{"type":"object","title":"Node status","description":"The status of the node in the cluster","properties":{"code":{"type":"string","description":"Status code of the node in the cluster","readOnly":true},"description":{"type":"string","description":"Descriptive status name of the node in the cluster","readOnly":true}}},"host":{"type":"string","description":"The hostname or IP of the node","readOnly":true},"port":{"type":"integer","description":"The port of the node, typically 5432.","readOnly":true},"isThisNode":{"type":"boolean","description":"When true, this objects represents the current node resource that was called.","readOnly":true},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or the public IP address of the node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"},"nodeName":{"type":"string","description":"Friendly name of a cluster node."},"nodeType":{"type":"string","description":"The type of node. Valid values are 'rw' and 'gateway'.","enum":["rw","gateway"]}},"example":{"nodeID":"f7f8706c-cd9c-4e7d-abe9-6c3a734d1e60","status":{"code":"r","description":"ready"},"host":"keysecure_node1","port":5432,"isThisNode":true,"publicAddress":"node1.example.com","nodeName":"NARegionServer"}},"clusterErrors":{"type":"array","items":{"description":"Returns a cluster errors of a node.","type":"object","properties":{"errorMessage":{"type":"string","description":"Returns error of the node.","readOnly":true},"errorTime":{"type":"string","format":"date-time","description":"Return the error time of the node.","readOnly":true}}}}}}}}},"lastUpdated":{"type":"string","format":"date-time"}}}}}}}]}}}}},"/v1/nodes":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of all the cluster nodes.\n{{FF_CM_REPORTS| Specify \"Accept\" header with value \"application/pdf\" or \"text/csv\" to download report in \nPDF or CSV format using external clients.}}\n","tags":["Cluster Nodes"],"parameters":[{"name":"allowlist","in":"query","type":"string","description":"Filter the results based on an IP in allowlist. It gives the list of nodes which have the given IP in their allowlist. \nTo filter results wherein IP is not a part of the allowlist, precede the field value with a minus sign (\"-\").\nFor example:\n -192.168.3.4\n"}],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"A cluster node object. Represents a single node instance in the cluster.","type":"object","properties":{"nodeID":{"type":"string","description":"Unique identifier of the node.","readOnly":true},"status":{"type":"object","title":"Node status","description":"The status of the node in the cluster","properties":{"code":{"type":"string","description":"Status code of the node in the cluster","readOnly":true},"description":{"type":"string","description":"Descriptive status name of the node in the cluster","readOnly":true}}},"host":{"type":"string","description":"The hostname or IP of the node","readOnly":true},"port":{"type":"integer","description":"The port of the node, typically 5432.","readOnly":true},"isThisNode":{"type":"boolean","description":"When true, this objects represents the current node resource that was called.","readOnly":true},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or the public IP address of the node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"},"nodeName":{"type":"string","description":"Friendly name of a cluster node."},"nodeType":{"type":"string","description":"The type of node. Valid values are 'rw' and 'gateway'.","enum":["rw","gateway"]}},"example":{"nodeID":"f7f8706c-cd9c-4e7d-abe9-6c3a734d1e60","status":{"code":"r","description":"ready"},"host":"keysecure_node1","port":5432,"isThisNode":true,"publicAddress":"node1.example.com","nodeName":"NARegionServer"}}}}}]}}}},"post":{"parameters":[{"name":"body","in":"body","required":true,"schema":{"type":"object","title":"Sign CSR Request","required":["csr","newNodeHost"],"properties":{"csr":{"type":"string","description":"The CSR that was issued by the node wanting to join the cluster"},"shared_hsm_partition":{"type":"boolean","description":"When true, wrap the CipherTrust Manager master KEK blob with the HSM root key. This feature will only work if the nodes are using the same HSM or HSM cluster as they would share the same HSM root key. If possible it is recommended to use this feature as it will increase the security of the master KEK during transport"},"newNodeHost":{"type":"string","description":"The hostname or IP of the node wanting to join the cluster"},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or public IP of this node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"}}}}],"summary":"Sign Cert","description":"Signs a CSR on an existing node within the cluster and returns the signed certificate along with CA chain, master KEK blob{{FF_ENABLE_ETCD|, Cluster Token and Cluster List}}.\n\nThis call must be made to any existing cluster member.\n","tags":["Cluster Nodes"],"produces":["application/json"],"responses":{"201":{"description":"Sucessful resource creation.","schema":{"type":"string"},"examples":{"application/json":{"cert":"-----BEGIN CERTIFICATE-----\nMIICWDCCAf6gAwIBAgIRAKF31H7269dPEkqFy7C2TjEwCgYIKoZIzj0EAwIwdjEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRswGQYD\nVQQJExI0NjkwIE1pbGxlbml1bSBEci4xEDAOBgNVBAoTB0dlbWFsdG8xGTAXBgNV\nBAMTEERCTWdyIENsdXN0ZXIgQ0EwHhcNMTcwMTI0MTg0NjE4WhcNMjcwMTI0MTg0\nNjE4WjCBgzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxj\nYW1wMRswGQYDVQQJExI0NjkwIE1pbGxlbml1bSBEci4xEDAOBgNVBAoTB0dlbWFs\ndG8xJjAkBgNVBAMMHURCTWdyIENsdXN0ZXIgTm9kZSBreWxvMl9wZ18xMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAE3PXsHIWdDdpIxCE6ckkVg6T+QdFbJ4ndh0UQ\n1HtoUmqDNo4gioHG9FNP1r59aWg1JoKpSyTPsj19/aJ7e9EEE6NfMF0wDgYDVR0P\nAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB\nAf8EAjAAMB4GA1UdEQQXMBWBE3N1cHBvcnRAZ2VtYWx0by5jb20wCgYIKoZIzj0E\nAwIDSAAwRQIgQrPF73bbkJUx4/ekD60F9DIjQXweg1GwLDgD9kzonG4CIQDqLToJ\nMK+sX0CQaRHifi+rYrEEXFksM2tUrio8vUtzhg==\n-----END CERTIFICATE-----\n","cachain":"-----BEGIN CERTIFICATE-----\nMIICLTCCAdSgAwIBAgIRAIGuqyHParpLc/AyDK0kLb8wCgYIKoZIzj0EAwIwdjEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRswGQYD\nVQQJExI0NjkwIE1pbGxlbml1bSBEci4xEDAOBgNVBAoTB0dlbWFsdG8xGTAXBgNV\nBAMTEERCTWdyIENsdXN0ZXIgQ0EwHhcNMTcwMTI0MTgxNjUzWhcNMzcwMTI0MTgx\nNjUzWjB2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNh\nbXAxGzAZBgNVBAkTEjQ2OTAgTWlsbGVuaXVtIERyLjEQMA4GA1UEChMHR2VtYWx0\nbzEZMBcGA1UEAxMQREJNZ3IgQ2x1c3RlciBDQTBZMBMGByqGSM49AgEGCCqGSM49\nAwEHA0IABGuwRSlXglcBIpLz4kQF0ngifNpD3Y1lV7+OQ6pioi8EmZtmaVU2q1jl\nHwFUdS9TQNdt381Bbep1xvNCaWwZL3ujQzBBMA4GA1UdDwEB/wQEAwIBhjAPBgNV\nHRMBAf8EBTADAQH/MB4GA1UdEQQXMBWBE3N1cHBvcnRAZ2VtYWx0by5jb20wCgYI\nKoZIzj0EAwIDRwAwRAIgPFEgfMxslyl208ZpYJezYjksK9K+cj28AN/N2Q3gs70C\nIEZs2HLxg85JxXguUJkEveUDvRhoZm+g64kFmY3KgqyZ\n-----END CERTIFICATE-----\n","mkek_blob":"ZXhhbXBsZSBtYXN0ZXIga2V5IGJsb2IK"}}},"400":{"description":"Bad Request | This node is not in a cluster.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"409":{"description":"Resource confict.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/nodes/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns node information for the given node.","tags":["Cluster Nodes"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"description":"A cluster node object. Represents a single node instance in the cluster.","type":"object","properties":{"nodeID":{"type":"string","description":"Unique identifier of the node.","readOnly":true},"status":{"type":"object","title":"Node status","description":"The status of the node in the cluster","properties":{"code":{"type":"string","description":"Status code of the node in the cluster","readOnly":true},"description":{"type":"string","description":"Descriptive status name of the node in the cluster","readOnly":true}}},"host":{"type":"string","description":"The hostname or IP of the node","readOnly":true},"port":{"type":"integer","description":"The port of the node, typically 5432.","readOnly":true},"isThisNode":{"type":"boolean","description":"When true, this objects represents the current node resource that was called.","readOnly":true},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or the public IP address of the node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"},"nodeName":{"type":"string","description":"Friendly name of a cluster node."},"nodeType":{"type":"string","description":"The type of node. Valid values are 'rw' and 'gateway'.","enum":["rw","gateway"]}},"example":{"nodeID":"f7f8706c-cd9c-4e7d-abe9-6c3a734d1e60","status":{"code":"r","description":"ready"},"host":"keysecure_node1","port":5432,"isThisNode":true,"publicAddress":"node1.example.com","nodeName":"NARegionServer"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Updates the node properties. This method can be used to update the public address of the node.","tags":["Cluster Nodes"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"The node properties to change.","schema":{"type":"object","title":"Update node","properties":{"publicAddress":{"type":"string","description":"The public address of the node. Specify an empty string to clear existing value."}},"example":{"publicAddress":"node5.example.com"}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"A cluster node object. Represents a single node instance in the cluster.","type":"object","properties":{"nodeID":{"type":"string","description":"Unique identifier of the node.","readOnly":true},"status":{"type":"object","title":"Node status","description":"The status of the node in the cluster","properties":{"code":{"type":"string","description":"Status code of the node in the cluster","readOnly":true},"description":{"type":"string","description":"Descriptive status name of the node in the cluster","readOnly":true}}},"host":{"type":"string","description":"The hostname or IP of the node","readOnly":true},"port":{"type":"integer","description":"The port of the node, typically 5432.","readOnly":true},"isThisNode":{"type":"boolean","description":"When true, this objects represents the current node resource that was called.","readOnly":true},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or the public IP address of the node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"},"nodeName":{"type":"string","description":"Friendly name of a cluster node."},"nodeType":{"type":"string","description":"The type of node. Valid values are 'rw' and 'gateway'.","enum":["rw","gateway"]}},"example":{"nodeID":"f7f8706c-cd9c-4e7d-abe9-6c3a734d1e60","status":{"code":"r","description":"ready"},"host":"keysecure_node1","port":5432,"isThisNode":true,"publicAddress":"node1.example.com","nodeName":"NARegionServer"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Removes given node from the cluster. This API call must be made to a node other than the one being removed. Once removed, a node can be re-joined by making the Cluster Delete API call from that node.","tags":["Cluster Nodes"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successful removal of the node."},"400":{"description":"Bad Request | A node can't remove itself","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/nodes/{id}/delete":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Delete","description":"Removes given node from the cluster. This API call must be made to a node other than the one being removed. Once removed, a node can be re-joined by making the Cluster Delete API call from that node.","tags":["Cluster Nodes"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","required":true,"schema":{"type":"object","title":"Delete Node","required":["force"],"properties":{"force":{"type":"boolean","description":"With force set to false the node deletion is replicated across the cluster. This is similar to the DELETE operation.\nWith force set to true the given node is deleted only on the local node, and delete must be called with force set to true on\nall remaining cluster nodes. Force delete is required only if majority of nodes are unavailable at the time of\nremoving a node from the cluster.\n"}}}}],"responses":{"204":{"description":"No Content | Successful removal of the node."},"400":{"description":"Bad Request | A node can't remove itself","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/backups":{"x-feature":"FF_BACKUP_RESTORE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Start a Backup","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain.\n"},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the backup can only be restored to instances that use the same HSM partition.\nValid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\"{{FF_BACKUP_RESTORE_CF|, \"customer_fragments\"}} and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nIf multiple parameters of 'vault/query-keys' are provided then the result will be AND of all.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": \"{\"info\":{\"color\":\"red\"}}}\"`.{{FF_INDIVIDUAL_KEY_SELECTION_NAMES| To backup specific keys using names, use {\"names\":[\"key1\", \"key2\"]}.}}\n{{FF_INDIVIDUAL_KEY_SELECTION_IDS| To backup specific keys using ids, use {\"ids\":[\"a0aac0a14dcc4651abd3dae6bb8e6f9496af0\", \"89aac2314dcc4651abd3dae6bb8e6f9496a96\"]}.}}\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n\n{{FF_BACKUP_RESTORE_CF|For Customer fragments, valid `resourceQuery` parameter values are 'ids' and 'names' of Customer fragments. To backup specific customer fragments using ids, use {\"ids\":[\"370c4373-2675-4aa1-8cc7-07a9f95a5861\", \"4e1b9dec-2e38-40d7-b4d6-244043200546\"]}. To backup specific customer fragments using names, use {\"names\":[\"customerFragment1\", \"customerFragment2\"]}.}}\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup,\nand is returned while retrieving the backup information, or while listing backups.\nFor example, users can include a backup name or description, or the ID of the HSM the backup is tied to.\n"}}}}],"summary":"Create","description":"Starts a new asynchronous backup.","tags":["Backups/Backup-Restore"],"responses":{"201":{"description":"Successful backup creation.","schema":{"type":"object"},"examples":{"application/json":{"scope":"system","account":"kylo:kylo:admin:accounts:kylo","version":"v0.0.1","id":"bb8888e8-4eb8-4744-aa55-d1a809a90795","createdAt":"2017-01-24T21:46:48.219287427Z","status":"In Progress","tiedToHSM":false,"backupKey":"0afa3896-0c2f-4b2f-936c-2b7407a5c072","productVersion":"v1.10.0-beta1.4242"}}}}},"get":{"summary":"List","description":"Returns a list of all backups.","tags":["Backups/Backup-Restore"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"scope","in":"query","type":"string","description":"Backup scope - system or domain."}],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":2,"total":2,"resources":[{"scope":"system","account":"kylo:kylo:admin:accounts:kylo","version":"v0.0.1","id":"bb8888e8-4eb8-4744-aa55-d1a809a90795","createdAt":"2017-01-24T21:46:48.219287427Z","status":"Completed","tiedToHSM":true,"backupKey":"0afa3896-0c2f-4b2f-936c-2b7407a5c072","productVersion":"v1.10.0-beta1.4242"},{"scope":"domain","account":"kylo:kylo:admin:accounts:kylo","version":"v0.0.1","id":"cc8888e8-4eb8-4744-aa55-d1a809a90796","createdAt":"2020-02-04T21:48:48.219287427Z","status":"Completed","tiedToHSM":false,"backupKey":"0afa3896-0c2f-4b2f-936c-2b7407a5c072","productVersion":"v1.10.0-beta1.4242"}]}}}}}},"/v1/backups/{id}":{"x-feature":"FF_BACKUP_RESTORE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns info for a specific backup based on the id.","tags":["Backups/Backup-Restore"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"scope":"system","account":"kylo:kylo:admin:accounts:kylo","version":"v0.0.1","id":"bb8888e8-4eb8-4744-aa55-d1a809a90795","createdAt":"2017-01-24T21:46:48.219287427Z","status":"Completed","tiedToHSM":false,"backupKey":"0afa3896-0c2f-4b2f-936c-2b7407a5c072","productVersion":"v1.10.0-beta1.4242"}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}},"delete":{"summary":"Delete","description":"Deletes a specific backup based on the id.","tags":["Backups/Backup-Restore"],"produces":["application/json"],"responses":{"204":{"description":"No Content | Successful removal of the backup.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/backups/{id}/download":{"x-feature":"FF_BACKUP_RESTORE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"summary":"Download","x-interactive":false,"description":"Downloads a specific backup based on the id to a file.","tags":["Backups/Backup-Restore"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/scp/public-key":{"x-feature":"FF_BACKUP_SCP","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Return the public key for the SCP/SFTP connection.\nUser must upload it to the destination machines authorized keys in the \"/home/user/.ssh/\" directory.\n","tags":["Backups/SCP Backup"],"responses":{"200":{"description":"OK.","schema":{"type":"string"},"examples":{"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDiBnZfS+7NfNiRJIawBC/JxByHPYsjiOkF+uQ2wVPBVY1uHKVeRJxMb//GXu0xfqHD7RWDifJsnv4wkerBFOo9zrh4xdmCpraKP3cpNLYwud9uD/+FH5dOoTsb6UJ7g3dwUPsSHXVbzhWOvKtus1Hx3PDCpwcibYsCt/jhJSpYf4mY2W6q1ma+Pb6fsb6JtT/Zu/l6FD/n9W9StnE/wF2ideOpk9X1Ylm4tGd8uGvA/5ZjmZdAH3wx+AWRtdrGJkKfKWcjRAQiyas9iRXztkcnbTsVztqvckAnjVIRSboYeUcccqAnLRSnIbpWGMfolyqqrCUaok/gldsUfQJvUpfkCX89nXByVPIMvKaycOfRaqklJta+t==":null}},"404":{"description":"Resource not found."}}}},"/v1/scp/public-key/rotate":{"x-feature":"FF_BACKUP_SCP","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"POST","description":"Rotates the public key for the SCP/SFTP connection. This will break SCP/SFTP operation, if any, in database_backup scheduler.\nUser must upload the new key to the destination machines authorized keys in the \"/home/user/.ssh/\" directory.\n","tags":["Backups/SCP Backup"],"responses":{"201":{"description":"OK.","schema":{"type":"string"},"examples":{"success":true}},"404":{"description":"Resource not found."}}}},"/v1/backups/{id}/scp":{"x-feature":"FF_BACKUP_SCP","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"parameters":[{"name":"body","in":"body","schema":{"allOf":[{"type":"object","allOf":[{"type":"object","required":["host","username","auth_method","path_to"],"properties":{"host":{"type":"string","description":"Hostname or FQDN of remote machine used for SCP/SFTP operation."},"port":{"type":"integer","description":"Port where SCP/SFTP service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP/SFTP server."},"auth_method":{"type":"string","description":"Authentication type for SCP/SFTP. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP/SFTP. Example \"/home/ubuntu/datafolder/\""},"protocol":{"type":"string","description":"Use 'sftp' or 'scp'. 'sftp' is the default value."}}},{"type":"object","description":"Sensitive parameters specific to a SCP/SFTP connection.","required":["public_key"],"properties":{"password":{"type":"string","description":"Password for SCP/SFTP server."},"public_key":{"type":"string","description":"Public key for SCP/SFTP. It will be used to verify the host's identity by verifying key fingerprint. It can be retrieved from \"/etc/ssh/\" of remote host machine."}}}]}]}}],"summary":"SCP","description":"Initiates a secure copy of the specified backup to the host machine.\nThe status of the backup transfer can be checked using the scp-status API.\nOnly system backups are supported.\n","tags":["Backups/SCP Backup"],"produces":["application/json"],"responses":{"202":{"description":"Successful SCP/SFTP of a backup.","schema":{"type":"object"},"examples":{"application/json":{"id":"3ab568fb-3f43-4d99-ad77-9e13df5c376d","uri":"kylo:kylo:scp:backups:3ab568fb-3f43-4d99-ad77-9e13df5c376d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-05-16T17:23:13.706771675Z","updatedAt":"2021-05-16T17:23:13.703198137Z","connection_status":"in_progress"}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/backups/{id}/scp/{connection_id}":{"x-feature":"FF_BACKUP_SCP","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"connection_id","in":"path","description":"Name or ID of the SCP connection which stores the details for SCP server.\n","required":true,"type":"string"}],"post":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"connection_id","in":"path","description":"Name or ID of the SCP connection which stores the details for SCP server.\n","required":true,"type":"string"}],"summary":"SCP","description":"Initiates a transfer of the specified backup to the host machine. The host information is retrieved from the specified scp connection.\nThe status of the secure copy can be checked using the scp-status API.\nOnly system backups are supported.\n","tags":["Backups/SCP Backup"],"produces":["application/json"],"responses":{"202":{"description":"Successful SCP/SFTP of a backup.","schema":{"type":"object"},"examples":{"application/json":{"id":"3ab568fb-3f43-4d99-ad77-9e13df5c376d","uri":"kylo:kylo:scp:backups:3ab568fb-3f43-4d99-ad77-9e13df5c376d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-05-16T17:23:13.706771675Z","updatedAt":"2021-05-16T17:23:13.703198137Z","connection_status":"in_progress"}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/backups/{id}/scp-status":{"x-feature":"FF_BACKUP_SCP","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"summary":"Recent backup transfer status of the provided backup","description":"Gets the recent status of transfer of a specific backup based on the id.","tags":["Backups/SCP Backup"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"type":"object"}},"examples":{"application/json":[{"id":"60b3ccef-0658-4e59-86cf-b4d81998d2d6","host":"54.147.179.159","connection_status":"completed","createdAt":"2021-05-26T10:10:43.895088892Z","updatedAt":"2021-05-26T10:10:57.305288048Z"},{"id":"57b2e4cc-e530-4ed0-816f-77fcd142096d","host":"54.147.179.159","connection_status":"completed","createdAt":"2021-05-26T10:15:27.998122254Z","updatedAt":"2021-05-26T10:16:03.695139245Z"}]}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/backups/{id}/scp-status/{scp_id}":{"x-feature":"FF_BACKUP_SCP","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"scp_id","in":"path","description":"SCP id is used to determine the status of\nasynchronous SCP process.\n","required":true,"type":"string"}],"get":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"scp_id","in":"path","description":"SCP id is used to determine the status of\nasynchronous SCP process.\n","required":true,"type":"string"}],"summary":"SCP/SFTP Status","description":"Gets the status of the backup transferred via SCP/SFTP of a given backup id.","tags":["Backups/SCP Backup"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"3ab568fb-3f43-4d99-ad77-9e13df5c376d","uri":"kylo:kylo:scp:backups:3ab568fb-3f43-4d99-ad77-9e13df5c376d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-05-16T17:23:13.706771675Z","updatedAt":"2021-05-16T17:23:13.703198137Z","connection_status":"completed"}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/backups/{id}/restore":{"x-feature":"FF_BACKUP_RESTORE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Start Restoring a Backup","properties":{"force":{"x-feature":"FF_BACKUP_RESTORE_FORCE","type":"boolean","description":"If false, version check is performed to prevent restoring backups from a newer release or an too old release; if true, no version check is performed."},"filters":{"x-feature":"FF_ENABLE_SELECTIVE_RESTORE_FROM_DOMAIN_BACKUP","type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to browse/restore. Valid values are \"Keys\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nIf multiple parameters of 'vault/query-keys' are provided then the result will be AND of all.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": \"{\"info\":{\"color\":\"red\"}}}\"`.{{FF_INDIVIDUAL_KEY_SELECTION_NAMES| To backup specific keys using names, use {\"names\":[\"key1\", \"key2\"]}.}}\n{{FF_INDIVIDUAL_KEY_SELECTION_IDS| To backup specific keys using ids, use {\"ids\":[\"a0aac0a14dcc4651abd3dae6bb8e6f9496af0\", \"89aac2314dcc4651abd3dae6bb8e6f9496a96\"]}.}}\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to restore from the backup. Only applicable to domain-scoped backups.\nOnly keys resource type is supported to filter. By default, no filters are applied and the restore includes all keys with other resources.\nFor example, to restore all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"}}}}],"summary":"Restore","description":"Restores a specific backup based on the id.","tags":["Backups/Backup-Restore"],"produces":["application/json"],"responses":{"200":{"description":"Successful restore of a backup.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}},"409":{"description":"Version check prevented restoring a backup.","schema":{"type":"string"}}}}},"/v1/backups/{id}/browse-prepare":{"x-feature":"FF_ENABLE_SELECTIVE_RESTORE_FROM_DOMAIN_BACKUP","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Browse-Prepare","description":"Browse prepare creates a browse of specific domain-scoped backup based on the id.\n","tags":["Backups/Backup-Restore"],"produces":["application/json"],"responses":{"202":{"description":"Accepted"},"400":{"description":"Bad Request"},"403":{"description":"Insufficient Permissions"},"404":{"description":"Resource not found"},"409":{"description":"Conflict"},"500":{"description":"Internal Server Error"}}}},"/v1/backups/{id}/browse":{"x-feature":"FF_ENABLE_SELECTIVE_RESTORE_FROM_DOMAIN_BACKUP","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Browse backup","description":"Lets you browse through domain scoped backup. Before doing this operation, ensure that backup has already been prepared for browsing.\n","tags":["Backups/Backup-Restore"],"produces":["application/json"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Browse through a prepared backup","properties":{"skip":{"type":"integer","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.\n"},"limit":{"type":"integer","description":"The max number of resources to return. Equivalent to 'limit' in SQL.\n"},"filter":{"type":"object","description":"A set of selection criteria to specify what resources to include in response.\nOnly keys resource type is supported. By default, no filters are applied and the response includes all keys.\nFor example, to retrieve all keys with a name containing 'enc-key', set the filter to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to browse/restore. Valid values are \"Keys\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nIf multiple parameters of 'vault/query-keys' are provided then the result will be AND of all.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": \"{\"info\":{\"color\":\"red\"}}}\"`.{{FF_INDIVIDUAL_KEY_SELECTION_NAMES| To backup specific keys using names, use {\"names\":[\"key1\", \"key2\"]}.}}\n{{FF_INDIVIDUAL_KEY_SELECTION_IDS| To backup specific keys using ids, use {\"ids\":[\"a0aac0a14dcc4651abd3dae6bb8e6f9496af0\", \"89aac2314dcc4651abd3dae6bb8e6f9496a96\"]}.}}\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resource_type":"keys","resources":[{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904Z","name":"oldkeys1","updatedAt":"2016-12-02T21:31:30.854925Z","usageMask":12,"version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"}}]}}},"400":{"description":"Bad Request"},"403":{"description":"Insufficient permissions"}}}},"/v1/backups/{id}/browse-cleanup":{"x-feature":"FF_ENABLE_SELECTIVE_RESTORE_FROM_DOMAIN_BACKUP","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"delete":{"summary":"Browse-Cleanup","description":"Browse cleanup deletes the prepared browse of specific domain-scoped backup based on the id.\n","tags":["Backups/Backup-Restore"],"produces":["application/json"],"responses":{"202":{"description":"Accepted"},"400":{"description":"Bad Request"},"403":{"description":"Insufficient Permissions"},"404":{"description":"Resource not found"}}}},"/v1/uploadBackup":{"x-feature":"FF_BACKUP_RESTORE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"parameters":[{"name":"scope","required":false,"in":"query","type":"string","description":"Scope of the backup or backup key - system (default) or domain. Scope must be specified for a domain scoped backup.\n"},{"name":"chunked","required":false,"in":"query","description":"When set to `true`, indicates that the file is uploaded in multiple chunks.\n","type":"boolean","default":false},{"name":"start","required":false,"in":"query","description":"Set to `true` for the first chunk request, when the file is uploaded in multiple chunks.\n","type":"boolean","default":false},{"name":"done","required":false,"in":"query","description":"Set to `true` for the last chunk request, when the file is uploaded in multiple chunks.\n","type":"boolean","default":false},{"name":"uploadID","required":false,"in":"query","description":"This parameter is used when the file is uploaded in multiple chunks.\nFor the first chunk request, when upload_start is `true`, you can set an upload ID via this parameter.\nIf an upload ID is not set in the first chunk request, an upload ID is assigned and returned in the response.\nThe upload ID is required as a query parameter for the remaining chunk requests.\n","type":"string"}],"summary":"Upload","x-interactive":false,"description":"Uploads a backup file. A backup file can be uploaded via a single HTTP request, or in multiple requests.\nMultiple (chunked) requests are useful when the backup file is large enough that a single request would make the JWT expire\nbefore the upload is complete. The body of the HTTP request contains the data from the file.\nQuery parameters are used to chunk the backup.\n","tags":["Backups/Backup-Restore"],"produces":["application/json"],"responses":{"201":{"description":"Successful upload of a backup","schema":{"type":"object"},"examples":{"application/json":{"scope":"system","account":"kylo:kylo:admin:accounts:kylo","version":"v0.0.1","id":"bb8888e8-4eb8-4744-aa55-d1a809a90795","createdAt":"2017-01-24T21:46:48.219287427Z","status":"Ready"}}}}}},"/v1/backupStatus":{"x-feature":"FF_BACKUP_RESTORE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Status","description":"Gets the status of an last asynchronous backup operation (create{{FF_ENABLE_SELECTIVE_RESTORE_FROM_DOMAIN_BACKUP|, browse-prepare, browse-cleanup}} or restore).","tags":["Backups/Backup-Restore"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"scope":"system","account":"kylo:kylo:admin:accounts:kylo","operation":"Backup restore","id":"ba97c7b6-216d-4b23-b42f-d30c28d6827b","started":"2018-05-25T18:08:26.17540688Z","finished":"2018-05-25T18:09:03.677208895Z","status":"Completed"}}}}}},"/v1/backupkeys":{"x-feature":"FF_BACKUP_RESTORE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Create a backup key to encrypt backup files.","tags":["Backup Keys"],"produces":["application/json"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Create a backup key","properties":{"scope":{"type":"string","description":"Scope of the backup key - system (default) or domain.\nDomain scope must be specified for the key to be used with a domain scoped backup.\n"},"isDefault":{"type":"boolean","description":"Set this backup key as default. The default backup key cannot be deleted."}}}}],"responses":{"201":{"description":"Successful backup key creation.","schema":{"type":"object"},"examples":{"application/json":{"scope":"system","account":"kylo:kylo:admin:accounts:kylo","version":"1","id":"8c3b78a8-299b-4640-9499-36af4939de80","createdAt":"2017-05-26T15:52:15.083533997Z","isDefault":false}}}}},"get":{"summary":"List","description":"Returns a list of all backup keys","tags":["Backup Keys"],"parameters":[{"name":"scope","in":"query","type":"string","description":"Backup scope - system or domain."},{"name":"default","in":"query","type":"boolean","description":"Set to true to return only the default backup key."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"properties":{"scope":{"type":"string","description":"Scope of the backup key - system or domain\n"},"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource\n"},"account":{"type":"string","format":"URI","description":"The account which owns this resource\n"},"version":{"type":"string","description":"The version of the key\n"},"createdAt":{"type":"string","format":"date-time","description":"Date/time the key was created\n"},"state":{"type":"string","description":"Usability of the key - active or inactive\n"},"isDefault":{"type":"boolean","description":"Is default key of the system; The default backup key cannot be deleted\n"}}},"examples":{"application/json":{"skip":0,"limit":2,"total":2,"resources":[{"scope":"system","account":"kylo:kylo:admin:accounts:kylo","version":"1","id":"8c3b78a8-299b-4640-9499-36af4939de80","createdAt":"2017-05-26T15:52:15.083533997Z","isDefault":true,"state":"active"},{"scope":"domain","account":"kylo:kylo:admin:accounts:kylo","version":"3","id":"9d3b78a8-399b-2640-6499-36af4939de82","createdAt":"2020-02-14T15:52:15.083533997Z","isDefault":true,"state":"active"}]}}}}}},"/v1/backupkeys/{id}":{"x-feature":"FF_BACKUP_RESTORE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns info of a specific backup key based on the id.","tags":["Backup Keys"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"properties":{"scope":{"type":"string","description":"Scope of the backup key - system or domain\n"},"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource\n"},"account":{"type":"string","format":"URI","description":"The account which owns this resource\n"},"version":{"type":"string","description":"The version of the key\n"},"createdAt":{"type":"string","format":"date-time","description":"Date/time the key was created\n"},"state":{"type":"string","description":"Usability of the key - active or inactive\n"},"isDefault":{"type":"boolean","description":"Is default key of the system; The default backup key cannot be deleted\n"}}},"examples":{"application/json":{"scope":"system","account":"kylo:kylo:admin:accounts:kylo","version":"1","id":"8c3b78a8-299b-4640-9499-36af4939de80","createdAt":"2017-05-26T15:52:15.083533997Z","isDefault":false,"state":"active"}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}},"delete":{"summary":"Delete","description":"Deletes a specific backup key based on the id. Default backup key can not be deleted.","tags":["Backup Keys"],"produces":["application/json"],"responses":{"204":{"description":"No Content | Successful removal of the backup key.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/backupkeys/{id}/default":{"x-feature":"FF_BACKUP_RESTORE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Default","description":"Set a specific backup key as default based on the id.","tags":["Backup Keys"],"produces":["application/json"],"responses":{"201":{"description":"Successful resource update.","schema":{"type":"object"},"examples":{"application/json":{"scope":"system","account":"kylo:kylo:admin:accounts:kylo","version":"3","id":"8c3b78a8-299b-4640-9499-36af4939de80","createdAt":"2017-05-26T15:52:15.083533997Z","isDefault":true}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/backupkeys/{id}/download":{"x-feature":"FF_BACKUP_RESTORE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"parameters":[{"name":"body","in":"body","description":"Parameters `password` and optionally `passwordHint` to encrypt the backup key.","schema":{"type":"object","required":["password"],"properties":{"password":{"type":"string","description":"The password used to encrypt the backup key."},"passwordHint":{"type":"string","description":"The password hint that is stored as the key metadata."}}}}],"summary":"Download","x-interactive":false,"description":"Downloads a specific backup key by its id and encrypting it with the given password.","tags":["Backup Keys"],"produces":["text/plain"],"responses":{"201":{"description":"Successful download of a backup key.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}},"422":{"description":"Validation error."}}}},"/v1/backupkeys/upload":{"x-feature":"FF_BACKUP_RESTORE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"parameters":[{"name":"body","in":"body","description":"The `key` value is the downloaded backup key. The `password` value decrypts the backup key.","schema":{"type":"object","required":["password","key"],"properties":{"key":{"type":"string","description":"The encrypted backup key (in base64 encoded form)."},"password":{"type":"string","description":"The password used to encrypt the backup key."},"isDefault":{"x-feature":"FF_UPLOAD_BACKUPKEY_ISDEFAULT","type":"boolean","description":"Set this backup key as default. The default backup key cannot be deleted."}}}}],"summary":"Upload","x-interactive":false,"description":"Uploads a backup key.","tags":["Backup Keys"],"produces":["application/json"],"responses":{"201":{"description":"Successful backup key upload.","schema":{"type":"object"},"examples":{"application/json":{"account":"kylo:kylo:admin:accounts:kylo","version":"3","id":"8c3b78a8-299b-4640-9499-36af4939de80","createdAt":"2017-05-26T15:52:15.083533997Z","isDefault":false}}}}}},"/v1/migrations":{"x-feature":"FF_BACKUP_MIGRATION","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"parameters":[{"name":"chunked","required":false,"in":"query","description":"When set to `true`, indicates that the file is uploaded in multiple chunks.\n","type":"boolean","default":false},{"name":"start","required":false,"in":"query","description":"Set to `true` for the first chunk request, when the file is uploaded in multiple chunks.\n","type":"boolean","default":false},{"name":"done","required":false,"in":"query","description":"Set to `true` for the last chunk request, when the file is uploaded in multiple chunks.\n","type":"boolean","default":false},{"name":"uploadID","required":false,"in":"query","description":"This parameter is used when the file is uploaded in multiple chunks.\nFor the first chunk request, when upload_start is `true`, you can set an upload ID via this parameter.\nIf an upload ID is not set in the first chunk request, an upload ID is assigned and returned in the response.\nThe upload ID is required as a query parameter for the remaining chunk requests.\n","type":"string"},{"name":"description","in":"query","type":"string","required":false,"description":"A description of the KeySecure Classic or DSM backup file.\nIf provided, it is stored in the file metadata. It can be read via the GET or LIST APIs.\n"},{"name":"passwordHint","in":"query","required":false,"type":"string","description":"Hint to the password needed for decrypting a KeySecure Classic backup file.\nIf provided, it is stored in the file metadata. It can be read via the GET or LIST APIs.\n"},{"name":"checksum","in":"query","required":false,"type":"string","description":"The SHA256 checksum of the file.\nIf provided, the server validates the SHA256 checksum of the uploaded file with this value.\n"}],"summary":"Upload","x-interactive":false,"description":"Upload a 'KeySecure Classic' or DSM backup file to the device.\nThe backup file can be uploaded via a single http request, or in multiple requests.\nMultiple (chunked) requests are useful when the file is large enough to make the JWT expire\nbefore the upload is complete. The body of the http request contains the data from the file.\nQuery parameters are used to orchestrate chunking of the backup.\nThe CipherTrust Manager CLI is convenient for uploading via `ksctl migrations upload ...`.\n","tags":["Migrations"],"produces":["application/json"],"responses":{"201":{"description":"Successful upload of the backup file.","schema":{"type":"object"},"examples":{"application/json":{"id":"bb8888e8-4eb8-4744-aa55-d1a809a90795","description":"keysecure-classic backup file description","password_hint":"keysecure-classic backup file decryption password hint","file_size":"keysecure-classic backup file size","createdAt":"2017-01-24T21:46:48.219287427Z"}}}}},"get":{"summary":"List","description":"Obtain a list of the previously uploaded backup files.\nThis API can also search for a file having a specific description.\n","tags":["Migrations"],"parameters":[{"name":"description","in":"query","type":"string","description":"Search for a backup file with a matching description."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":"0","limit":"1","total":"1","resources":{"id":"bb8888e8-4eb8-4744-aa55-d1a809a90795","description":"keysecure-classic backup file description","password_hint":"keysecure-classic backup file decryption password hint","file_size":"keysecure-classic backup file size","createdAt":"2017-01-24T21:46:48.219287427Z"}}}}}}},"/v1/migrations/{id}":{"x-feature":"FF_BACKUP_MIGRATION","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Obtain information about a specific backup file.","tags":["Migrations"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"bb8888e8-4eb8-4744-aa55-d1a809a90795","description":"keysecure-classic backup file description","password_hint":"keysecure-classic backup file decryption password hint","file_size":"keysecure-classic backup file size","createdAt":"2017-01-24T21:46:48.219287427Z"}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}},"delete":{"summary":"Delete","description":"Delete a specific backup file.","tags":["Migrations"],"produces":["application/json"],"responses":{"204":{"description":"No Content | Successful removal of the backup file.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/migrations/{id}/migrate":{"x-feature":"FF_BACKUP_MIGRATION","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Migrate","description":"Migrate a KeySecure Classic or DSM backup file.\nThis is the main operation associated with this API.\nBe sure to upload the appropriate Migration Split Key before migrating a DSM backup file.\n","tags":["Migrations"],"parameters":[{"name":"body","in":"body","description":"Information needed to perform the migration.","schema":{"properties":{"password":{"type":"string","description":"This field is used only while migrating KeySecure Classic backup files, and is mandatory for those files.\nIt specifies the password needed to decrypt the KeySecure Classic backup file.\n"},"usersType":{"type":"string","description":"This field is used only while migrating KeySecure Classic backup files, and is mandatory for those files.\nIt specifies the type of user accounts being migrated - local or ldap.\n"},"ldapConnectionName":{"type":"string","description":"This optional field is used only while migrating KeySecure Classic backup files.\nIt specifies the name for the LDAP connection being migrated.\nIt is required only if usersType is set to 'ldap'.\n"},"privateKey":{"type":"string","description":"It specifies the name or id of the CM key.\nIt is required only for the cckm product.\n"},"domains":{"type":"array","items":{"type":"string"},"description":"This optional field is used only while migrating DSM backup files.\nIt can be used to specify an array of domains.\nAll the domains are migrated if this is left empty.\n"},"containers":{"type":"array","items":{"type":"string"},"description":"This optional field is used only while migrating DSM backup files.\nIt can be used to specify an array of containers.\n"},"groupName":{"type":"string","description":"This optional field is used only while migrating DSM backup files.\nIt can be used to specify the name of a key-sharing group.\nThis group is created in all the domains that are migrated.\nThe keys in the migrated domains will be accessible to all the members of this group.\n"},"autoCTEGroups":{"type":"boolean","description":"This optional parameter used only while migrating DSM backup files.\nIt can be used to control how CTE keys get migrated.\nOn the DSM, if a key has the \"Source\" field set to \"From DSM\" or an\nempty string, and this flag is set to true, the key is migrated so that\nit is fully accessible to members of the \"CTE Clients\" group.\n"},"migrateCCKMSourceKeys":{"type":"boolean","description":"This optional parameter used only while migrating CCKM Enterprise Keys.\nIf this flag is set to true, the key created in DSM from CCKM enterprise\nwill be migrated to CipherTrust Manager.\n"},"migrateOnlyCCKMSourceKeys":{"type":"boolean","description":"This optional parameter used only while migrating DSM source keys created in CCKM Enterprise.\nIf this flag is set to true, the key created in DSM from CCKM enterprise\nwill be migrated to CipherTrust Manager.\n"},"migrateCloudKeysWithExternalCm":{"type":"boolean","description":"This optional parameter used only while migrating cloud keys created in CCKM Enterprise.\nIf this flag is set to true, the cloud key created in CCKM enterprise\nwill be migrated to CipherTrust Manager if DSM source keys migration done.\n"},"migrateDsmKeysToExternalCmFromCm":{"x-feature":"FF_CCKM_DSM_EXTERNALCM_MIGRATION","type":"boolean","description":"This optional parameter used only while migrating source keys from DSM to External CipherTrust Manager when the cloud keys from CCKM Enterprise are already migrated to CipherTrust Manager.\nIf this flag is set to true, the source keys from DSM to External CipherTrust Manager will be migrated.\n"},"updateCloudKeysWithExternalCMKeys":{"x-feature":"FF_CCKM_DSM_EXTERNALCM_MIGRATION","type":"boolean","description":"This is an optional parameter. Use this flag to update linking of cloud keys with DSM as keysource to External CM.\nIf this flag is set to true, The source keys of the cloud keys will be updated with the corresponding migrated External CipherTrust Manager key.\n"},"externalCMDomainID":{"x-feature":"FF_CCKM_DKE_EXTERNALCM_MIGRATION","type":"string","description":"This is an optional parameter & is only used while migrating CCKM DKE Keys.\nIt is used to provide the domain which belongs the external CM, where the keys are to be migrated."},"externalCMConnection":{"x-feature":"FF_CCKM_DKE_EXTERNALCM_MIGRATION","type":"string","description":"This is an optional parameter & is only used while migrating CCKM DKE Keys.\nIt is used to provide the connection of the external CM from which the keys are to be migrated."},"migrateDKESourceKeys":{"x-feature":"FF_CCKM_DKE_EXTERNALCM_MIGRATION","type":"boolean","description":"This is an optional parameter & is only used while migrating CCKM DKE Keys.\nIt is used to execute CCKM DKE Keys migration."},"keyOwners":{"type":"object","description":"This optional parameter is a JSON object used only while migrating data from DSM to the CipherTrust Manager.\nThis parameter contains the key-value pairs. \nThe key corresponds to the domain in the DSM backup and the value is the user id of an existing user in the root domain of the CipherTrust Manager. \nAfter migration, this value (user id) will be assigned to the corresponding new domain and will be the owner of all keys in that domain.\nIf no key owner is provided during migration, then the default owner will be the migration user.\nFor example: {domain1 : local|f224bced-800b-4103-9d94-5e5a6034706f}\nHere domain1 is the domain name which will be migrated from the DSM and local|f224bced-800b-4103-9d94-5e5a6034706f\nis the id of the user created on the CipherTrust Manager.\n"}},"example":{"password":"a133cdfe","usersType":"ldap","privateKey":"12a9758f","ldapConnectionName":"someldapconnection","domains":["domain1","domain2"],"containers":["container1","container2"],"groupName":"key-sharing-group","autoCTEGroups":true,"migrateCCKMSourceKeys":true,"migrateOnlyCCKMSourceKeys":true,"migrateCloudKeysWithExternalCm":true,"migrateDsmKeysToExternalCmFromCm":true,"updateCloudKeysWithExternalCMKeys":true,"migrateMicrosoftDkeKeys":true,"externalCMDomainID":"f224bced-800b-4103-9d94-5e5a6034706f","externalCMConnection":"someexternalcm-connection","keyOwners":{"domain1":"local|f224bced-800b-4103-9d94-5e5a6034706f","domain2":"local|x524afec-500e-2568-9d58-5r7a6032586j"}}}}],"produces":["application/json"],"responses":{"202":{"description":"Successful start of asynchronous migration of the backup file","schema":{"type":"object"},"examples":{"application/json":{"id":"bb8888e8-4eb8-4744-aa55-d1a809a90795","description":"keysecure-classic backup file description","password_hint":"keysecure-classic backup file decryption password hint","file_size":"keysecure-classic backup file size","createdAt":"2017-01-24T21:46:48.219287427Z","status":"In progress"}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/migrations/download":{"x-feature":"FF_BACKUP_MIGRATION","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Migration Data Download","description":"Download migration data.\n","tags":["Migrations"],"parameters":[{"name":"body","in":"body","description":"Information needed to download the migration data.","schema":{"properties":{"userName":{"type":"string","description":"This specifies the userName for the cckm enterprise.\n"},"password":{"type":"string","description":"This specifies the password for the cckm enterprise.\n"},"ip":{"type":"string","description":"This is the IP of cckm enterprise.\n"},"certificate":{"type":"string","description":"This specifies the certificate for the cckm enterprise.\n"},"publicKey":{"type":"string","description":"ID of the CipherTrust Manager key to be used for encrypting migration data.\n"},"publicKeyMaterial":{"type":"string","description":"Public key generated from External CipherTrust Manager to encrypt migration data.\n"},"downloadDsmExternalCmMigrationData":{"type":"boolean","description":"Should be true when downloading migration data for the migration of source keys from DSM to External CipherTrust Manager when the cloud keys from CCKM Enterprise are already migrated to CipherTrust Manager.\n"}},"example":{"ip":"127.0.0.1","userName":"cckm-username","password":"cckm-password","certificate":"cckm-certificate","publicKey":"key-id","publicKeyMaterial":"-----BEGIN PUBLIC KEY-----MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDXrrAQO1aKDRY9-----END PUBLIC KEY-----","downloadDsmExternalCmMigrationData":true}}}],"produces":["text/plain"],"responses":{"200":{"description":"OK","schema":{"type":"string"}}}}},"/v1/migrations/generate-migration":{"x-feature":"FF_BACKUP_MIGRATION","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Generate and upload migration file based on the key source.","description":"Generates and uploads the _migration file_ for migrating keys to the CipherTrust Manager.\n","tags":["Migrations"],"parameters":[{"name":"body","in":"body","description":"Information needed to download the migration data.","schema":{"required":["publicKey"],"properties":{"publicKey":{"type":"string","description":"ID of the CipherTrust Manager key to be used for encrypting migration data.\n"},"KeySource":{"type":"string","description":"Specifies the key source. Default key source is `dsm`. \n","enum":["dsm","cm"]},"KeyType":{"type":"string","description":"Specifies the key type. For DKE KeyType, `cm` as a KeySource should be provided.\n","enum":["dke"]}},"example":{"publicKey":"key-id","keySource":"dsm"}}}],"produces":["application/json"],"responses":{"201":{"description":"Successful start of asynchronous migration of the backup file","schema":{"type":"object"},"examples":{"application/json":{"status":"In progress"}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/migrations/{id}/log":{"x-feature":"FF_BACKUP_MIGRATION","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Log","description":"Returns the log of the ongoing or last migration for this backup. An\nempty body is returned when the backup has never been migrated.\n","tags":["Migrations"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"text/plain":"Migration started\nIgnored migrating user 'jdoe': warnings [already exists]\nMigration finished\n"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/migrations/status":{"x-feature":"FF_BACKUP_MIGRATION","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Status","description":"Returns status about the ongoing or last migration.","tags":["Migrations"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"12a9758f-d6c5-4190-a1e4-0f543f31f652","overall_status":"Completed","users_status":{"status":"Completed","num_processed":10,"num_failed":0,"num_ignored":0},"groups_status":{"status":"Completed","num_processed":5,"num_failed":0,"num_ignored":0},"user_groups_status":{"status":"Completed","num_processed":1000,"num_failed":0,"num_ignored":0}}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/migrations/{id}/containers":{"x-feature":"FF_BACKUP_MIGRATION","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get Containers from migration file","description":"List CCKM containers from migration file.\n","tags":["Migrations"],"produces":["application/json"],"responses":{"202":{"description":"List CCKM containers from migration file","schema":{"type":"object"},"examples":{"application/json":{"Containers":[{"Type":"azure","Name":"vmencrypt-keyvault","Tenant":"8cc92a18-12e6-4fb9-a4a9-24cf1768e5mns"},{"Type":"azure","Name":"jimmy-hsm-kv","Tenant":"8cc92a18-12e6-4fb9-a4a9-24cf1768e5mns"},{"Type":"azure","Name":"jimmy-kv-west-europe","Tenant":"8cc92a18-12e6-4fb9-a4a9-24cf1768e5mns"},{"Type":"azure","Name":"jhan-key-vault","Tenant":"8cc92a18-45e6-4fb9-a4a9-24cf1768e2cf"}]}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/licensing/lockdata":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the license lock data. Use the license lock code on Thales’ Virtual CipherTrust Manager License portal to get a license code.","tags":["Licensing"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"code":{"type":"string"},"cluster_code":{"type":"string"}}},"examples":{"application/json":{"code":"*1NV CUHX DL2F 5ABN","cluster_code":"*1TH CCGB KTLC Y9M9"}}}}}},"/v1/licensing/licenses/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Retrieves all of the installed licenses.","tags":["Licensing"],"parameters":[{"name":"bind_type","in":"query","type":"string","description":"Filter on license bind type. Can be either 'instance' or 'cluster'."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"Licenses object","type":"object","properties":{"id":{"type":"string","description":"ID of the license"},"hash":{"type":"string","description":"Hash of the license"},"type":{"type":"string","description":"License type - Normal or Trial"},"state":{"type":"string","description":"State of the license - active or inactive"},"start":{"type":"string","format":"date","description":"Start date/time of the license"},"expiration":{"type":"string","format":"date","description":"End date/time of the license or \"no expiration\" if it never\nexpires. Please note that the expiration is different from trial\nseconds remaining. For trial licenses only trial seconds remaining\nshould be used and for other licenses expiration should be used.\n"},"feature":{"type":"string","description":"Feature name associated with this license"},"version":{"type":"string","description":"Version of the feature"},"license_count":{"type":"integer","description":"Number of licenses"},"trial_seconds_remaining":{"type":"string","description":"For trial licenses only, the number of seconds until the trial duration ends"},"bind_type":{"type":"string","description":"License bind type, 'instance' or 'cluster'"}}}}}}]},"examples":{"application/json":{"skip":0,"limit":0,"total":1,"resources":[{"id":"3522E6F949C7C962","hash":"3522E6F949C7C962","type":"normal","state":"active","start":"2006-01-01T00:00:00Z","expiration":"no expiration","feature":"Base","license_count":5}]}}}}},"post":{"summary":"Add","description":"Add a license string.","tags":["Licensing"],"parameters":[{"name":"body","in":"body","description":"License string.","required":true,"schema":{"type":"object","required":["license"],"properties":{"license":{"type":"string","description":"License string."},"bind_type":{"type":"string","description":"Binding type for this license. Can be either 'instance' or 'cluster'.\nIf omitted, then CM attempts to bind the license to the cluster. If this step fails with a lock code error,\nit will attempt to bind to the instance.\n"}},"example":{"license":"16 Virtual_KeySecure Ni LONG NORMAL STANDALONE EXCL 5_KEYS INFINITE_KEYS 16 JUN 2017 0 0 16 JUN 2017 19 0 NiL SLM_CODE CL_ND_LCK NiL *16QLW6DGSG8JSRX400 NiL NiL NiL 5_MINS NiL 0 JuuF6Bf5XnSmUEKsRB1D3SKZ:vwndBx1Bvj:EaN,Clf2G5moq,efLcwePrXzXd4tfDvYjtu4LTQwzvhHGwl:LvfV##AID=0d8b304a-435d-4436-82f2-db8994773438"}}}],"responses":{"201":{"description":"Successful license string addition."},"409":{"description":"Conflict | License string already exists."},"422":{"description":"Validation error | License string is invalid, expired or not locked to this instance."}}}},"/v1/licensing/licenses/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Gets a license by id.","tags":["Licensing"],"responses":{"200":{"description":"OK","schema":{"description":"Licenses object","type":"object","properties":{"id":{"type":"string","description":"ID of the license"},"hash":{"type":"string","description":"Hash of the license"},"type":{"type":"string","description":"License type - Normal or Trial"},"state":{"type":"string","description":"State of the license - active or inactive"},"start":{"type":"string","format":"date","description":"Start date/time of the license"},"expiration":{"type":"string","format":"date","description":"End date/time of the license or \"no expiration\" if it never\nexpires. Please note that the expiration is different from trial\nseconds remaining. For trial licenses only trial seconds remaining\nshould be used and for other licenses expiration should be used.\n"},"feature":{"type":"string","description":"Feature name associated with this license"},"version":{"type":"string","description":"Version of the feature"},"license_count":{"type":"integer","description":"Number of licenses"},"trial_seconds_remaining":{"type":"string","description":"For trial licenses only, the number of seconds until the trial duration ends"},"bind_type":{"type":"string","description":"License bind type, 'instance' or 'cluster'"}}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes a license string.","tags":["Licensing"],"parameters":[{"name":"id","in":"path","type":"string","required":true,"description":"ID of the license. For example 1F66552EAE96D7ED."}],"responses":{"204":{"description":"No Content | Successful deletion of license."},"404":{"description":"Resource not found."},"409":{"description":"Conflict | License is in use by one or more client."}}}},"/v1/licensing/features/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Retrieves the features of all the licenses.\n{{FF_CM_REPORTS| Specify \"Accept\" header with value \"application/pdf\" or \"text/csv\" to download report in PDF or CSV format using external clients.}}\n","tags":["Licensing"],"parameters":[{"name":"bind_type","in":"query","type":"string","description":"Filter on license bind type. Can be either 'instance' or 'cluster'."},{"name":"domains_view","in":"query","type":"boolean","description":"For Reports Only. Set to true to get domain license usage report. Defaults to false for system license usage report."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"Features object","type":"object","properties":{"name":{"type":"string","description":"Feature name"},"version":{"type":"string","description":"Version of the feature"},"status":{"type":"string","description":"Status of the feature - active or inactive"},"details":{"type":"string","description":"Additional details provided when the feature is inactive (optional)"},"license_count":{"type":"integer","description":"Number of licenses"},"expiration":{"type":"string","format":"date","description":"End date/time of the license or \"no expiration\" if it never\nexpires. Please note that the expiration is different from trial\nseconds remaining. For trial licenses only trial seconds remaining\nshould be used and for other licenses expiration should be used.\n"},"trial_seconds_remaining":{"type":"string","description":"For trial licenses only, the number of seconds until the trial duration ends"},"bind_type":{"type":"string","description":"License bind type, 'instance' or 'cluster'"},"total_usage_count":{"type":"number","description":"Total count of used licenses"},"domains_usage":{"type":"array","description":"Array of domains for licenses usage","items":{"type":"object","properties":{"domain_id":{"type":"string","description":"Domain id"},"name":{"type":"string","description":"Domain name"},"parent_domain_id":{"type":"string","description":"Parent domain id"},"usage_count":{"type":"number","description":"Licenses usage"}}}}}}}}}]},"examples":{"application/json":{"skip":0,"limit":0,"total":1,"resources":[{"name":"Virtual_KeySecure","status":"active"}]}}}}}},"/v1/licensing/trials/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Retrieves the available trials.","tags":["Licensing"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"Trial object","type":"object","properties":{"name":{"type":"string","description":"Trial name"},"id":{"type":"string","description":"Unique identifier for resource"},"description":{"type":"string","description":"Trial description"},"status":{"type":"string","description":"Current status of the trial, can be \"available\", \"activated\", or \"deactivated\"","enum":["available","activated","deactivated"]},"activated_at":{"type":"string","format":"date-time","description":"Time the trial was activated, omitted if it has never been activated"},"deactivated_at":{"type":"string","format":"date-time","description":"Time the trial was deactivated, omitted if it has never been deactivated"}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"CipherTrust Manager Full Trial","id":"0dc8bce6-5279-418d-b12f-a3d71e024e77","description":"90 day trial including support for all CipherTrust Manager connectors and Enterprise features","status":"activated","activated_at":"2022-02-17T20:26:38.51622Z"}]}}}}}},"/v1/licensing/trials/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Gets a trial by id.","tags":["Licensing"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"description":"Trial object","type":"object","properties":{"name":{"type":"string","description":"Trial name"},"id":{"type":"string","description":"Unique identifier for resource"},"description":{"type":"string","description":"Trial description"},"status":{"type":"string","description":"Current status of the trial, can be \"available\", \"activated\", or \"deactivated\"","enum":["available","activated","deactivated"]},"activated_at":{"type":"string","format":"date-time","description":"Time the trial was activated, omitted if it has never been activated"},"deactivated_at":{"type":"string","format":"date-time","description":"Time the trial was deactivated, omitted if it has never been deactivated"}}},{"type":"object","properties":{"features":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"Sentinel RMS feature name"},"friendly_name":{"type":"string","description":"Display friendly name"},"product":{"type":"string","description":"Product name this feature belongs to"},"bind_type":{"type":"string","description":"License bind type, either 'instance' or 'cluster'"}}}}}}]}},"404":{"description":"Resource not found."}}}},"/v1/licensing/trials/{id}/activate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Activate","description":"Activates a trial. A trial can be activated more than once. Trial licenses will be only be valid for the\ntrial period starting from the first activation.\n","tags":["Licensing"],"responses":{"201":{"description":"Successful trial activation.","schema":{"allOf":[{"description":"Trial object","type":"object","properties":{"name":{"type":"string","description":"Trial name"},"id":{"type":"string","description":"Unique identifier for resource"},"description":{"type":"string","description":"Trial description"},"status":{"type":"string","description":"Current status of the trial, can be \"available\", \"activated\", or \"deactivated\"","enum":["available","activated","deactivated"]},"activated_at":{"type":"string","format":"date-time","description":"Time the trial was activated, omitted if it has never been activated"},"deactivated_at":{"type":"string","format":"date-time","description":"Time the trial was deactivated, omitted if it has never been deactivated"}}},{"type":"object","properties":{"features":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"Sentinel RMS feature name"},"friendly_name":{"type":"string","description":"Display friendly name"},"product":{"type":"string","description":"Product name this feature belongs to"},"bind_type":{"type":"string","description":"License bind type, either 'instance' or 'cluster'"}}}}}}]}}}}},"/v1/licensing/trials/{id}/deactivate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Deactivate","description":"Deactivates a trial. A trial can be re-activated but the trial period will continue from the original activation date.","tags":["Licensing"],"responses":{"201":{"description":"Successful trial deactivation.","schema":{"allOf":[{"description":"Trial object","type":"object","properties":{"name":{"type":"string","description":"Trial name"},"id":{"type":"string","description":"Unique identifier for resource"},"description":{"type":"string","description":"Trial description"},"status":{"type":"string","description":"Current status of the trial, can be \"available\", \"activated\", or \"deactivated\"","enum":["available","activated","deactivated"]},"activated_at":{"type":"string","format":"date-time","description":"Time the trial was activated, omitted if it has never been activated"},"deactivated_at":{"type":"string","format":"date-time","description":"Time the trial was deactivated, omitted if it has never been deactivated"}}},{"type":"object","properties":{"features":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"Sentinel RMS feature name"},"friendly_name":{"type":"string","description":"Display friendly name"},"product":{"type":"string","description":"Product name this feature belongs to"},"bind_type":{"type":"string","description":"License bind type, either 'instance' or 'cluster'"}}}}}}]}},"409":{"description":"Conflict | can only deactivate an activated trial"}}}},"/v1/vault/links/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Lists all links. Results can be refined with query params.","tags":["Links"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"source","in":"query","type":"string","description":"Filters results to links with matching link source. Provide ID, URI or Name of a cryptographic resource.\n"},{"name":"target","in":"query","type":"string","description":"Filters results to links with matching link target. Provide ID, URI or Name of a cryptographic resource.\n"},{"name":"type","in":"query","type":"string","description":"Filters results to links with matching link type(s). Use query format type=previous,child or type=previous&type=child.\n"},{"name":"index","in":"query","type":"integer","description":"Filters results to links with matching index. Typically combined with filter on source as the combination (source, index) is unique.\n"}],"responses":{"200":{"description":"OK","examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"d59bb9be-1a8a-4fcf-9089-6f64f091a24e","uri":"kylo:kylo:vault:links:d59bb9be-1a8a-4fcf-9089-6f64f091a24e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-09-08T21:42:15.793839Z","updatedAt":"2017-09-08T21:42:15.793839Z","type":"child","source":"kylo:kylo:vault:keys:testvkeysgeneral-14ce4ddc-d736-41a6-8d20-923bb7383bca-v0","target":"kylo:kylo:vault:keys:testvkeysgeneral-14ce4ddc-d736-41a6-8d20-923bb7383bca-v3"}]}}}}},"post":{"summary":"Create","description":"Creates a new link","tags":["Links"],"parameters":[{"name":"body","in":"body","description":"Type of link to create between two cryptographic resources.\n","required":true,"schema":{"title":"Create Link","example":{"application/json":{"type":"previous","source":"kylo:kylo:vault:keys:testvkeysgeneral-14ce4ddc-d736-41a6-8d20-923bb7383bca-v0","target":"kylo:kylo:vault:keys:testvkeysgeneral-14ce4ddc-d736-41a6-8d20-923bb7383bca-v3"}},"properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. Required for Create.","enum":["privateKey","publicKey","certificate","derivationBaseObject","derivedKey","replacementObject","replacedObject","parent","child","previous","next","pkcs12Password","pkcs12Certificate"]},"source":{"type":"string","description":"The source resource of a link. Provide ID, URI or Name of a cryptographic resource. Required for Create."},"target":{"type":"string","description":"The target resource of a link. Provide ID, URI or Name of a cryptographic resource. Required for Create."}}}}],"responses":{"201":{"description":"Successful link creation.","examples":{"application/json":{"id":"d59bb9be-1a8a-4fcf-9089-6f64f091a24e","uri":"kylo:kylo:vault:links:d59bb9be-1a8a-4fcf-9089-6f64f091a24e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-09-08T21:42:15.793839Z","updatedAt":"2017-09-08T21:42:15.793839Z","type":"child","source":"kylo:kylo:vault:keys:testvkeysgeneral-14ce4ddc-d736-41a6-8d20-923bb7383bca-v0","target":"kylo:kylo:vault:keys:testvkeysgeneral-14ce4ddc-d736-41a6-8d20-923bb7383bca-v3"}}},"409":{"description":"Conflict | Could not create link as it already exists"}}}},"/v1/vault/links/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns information about the link.\n","tags":["Links"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"d59bb9be-1a8a-4fcf-9089-6f64f091a24e","uri":"kylo:kylo:vault:links:d59bb9be-1a8a-4fcf-9089-6f64f091a24e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-09-08T21:42:15.793839Z","updatedAt":"2017-09-08T21:42:15.793839Z","type":"child","source":"kylo:kylo:vault:keys:testvkeysgeneral-14ce4ddc-d736-41a6-8d20-923bb7383bca-v0","target":"kylo:kylo:vault:keys:testvkeysgeneral-14ce4ddc-d736-41a6-8d20-923bb7383bca-v3"}}}}},"patch":{"summary":"Update","description":"Updates the link properties. This can be used to update the link type, source and target.\n","tags":["Links"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"The new metadata to update. The \"Body Sample\" on the right pane shows the format.","required":true,"schema":{"title":"Update Link","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. Required for Create.","enum":["privateKey","publicKey","certificate","derivationBaseObject","derivedKey","replacementObject","replacedObject","parent","child","previous","next","pkcs12Password","pkcs12Certificate"]},"source":{"type":"string","description":"The source resource of a link. Provide ID, URI or Name of a cryptographic resource. Required for Create."},"target":{"type":"string","description":"The target resource of a link. Provide ID, URI or Name of a cryptographic resource. Required for Create."}},"example":{"type":"next","source":"key1","target":"key2"}}}],"responses":{"201":{"description":"Successful resource update."}}},"delete":{"summary":"Delete","description":"Deletes a Link.","tags":["Links"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successful deletion of link."}}}},"/v1/ca/csr":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"CSR","description":"Creates a Certificate Signing Request (CSR) and its corresponding\nprivate key. This API does not store any state on the server as\neverything is returned back in the result. This means that both the CSR\nand the private key must be stored securely on the client side.\n\nThe private key can optionally be encrypted with a password. It is\nstrongly recommended to encrypt the private key.\n","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"CSR parameters","schema":{"type":"object","title":"CSR Request","required":["cn"],"properties":{"name":{"type":"string","description":"A unique name of CSR."},"algorithm":{"type":"string","description":"RSA or ECDSA (default) algorithms are supported. Signature algorithm (SHA512WithRSA, SHA384WithRSA,\nSHA256WithRSA, SHA1WithRSA, ECDSAWithSHA512, ECDSAWithSHA384, ECDSAWithSHA256) is selected\nbased on the algorithm and size.\n"},"size":{"type":"integer","description":"Key size. RSA: 1024 - 4096 (default: 2048), ECDSA: 256 (default), 384, 521\n"},"cn":{"type":"string","description":"Common Name"},"dnsNames":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) values"},"emailAddresses":{"type":"array","items":{"type":"string"},"description":"E-mail addresses"},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"IP addresses"},"names":{"type":"array","items":{"type":"object","title":"CSR Name","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"RnD\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nFields can be duplicated if present in different objects.\n\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPS\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"},"password":{"type":"string","description":"Password to PEM-encrypt the private key. If not specified, the private key is not encrypted in return."},"encryptionAlgo":{"type":"string","description":"Private key encryption algorithm. AES256 (default), AES192, AES128, TDES"},"privateKeyBytes":{"type":"string","description":"Private Key bytes of the key which is to be used while creating CSR(Algorithm and size should be according to this key). If not given will generate key internally as per algorithm and size."}},"example":{"name":"sample-csr","algorithm":"RSA","size":2048,"cn":"kylo.com","dnsNames":["*.thalesgroup.com","*.thalesgroup.net"],"emailAddresses":["contact@thalesgroup.com"],"ipAddresses":["1.1.1.1"],"names":[{"O":"Thales Group","OU":"RnD","C":"US","ST":"MD","L":"Belcamp"}]}}}],"responses":{"200":{"description":"Successful CSR creation.","schema":{"type":"object"},"examples":{"application/json":{"csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIHNMHUCAQAwEzERMA8GA1UEAxMIVGVzdCBDU1IwWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAATndOIgsTp7m4bOuixxuAt2XQ3oZqp8th/woAo51z7RiAAGdm7IfB1w\n7uWr8o5PWKBatXIgvPp8hvRWHQPHCfcLoAAwCgYIKoZIzj0EAwIDSAAwRQIgVyvz\nhFGCKV460fNJC0vC48gI268B68Xr6osFoy9Ouw8CIQCWN1LtcyxPIvul3XF1Pj7l\navEeIqDBcfD6VHhbnpO2Ag==\n-----END CERTIFICATE REQUEST-----","key":"-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIOx4fmUGuAp0i/aAxHPVyCiHYTnumQaTM3CJAwg9+bqroAoGCCqGSM49\nAwEHoUQDQgAE53TiILE6e5uGzroscbgLdl0N6GaqfLYf8KAKOdc+0YgABnZuyHwd\ncO7lq/KOT1igWrVyILz6fIb0Vh0Dxwn3Cw==\n-----END EC PRIVATE KEY-----"}}}}}},"/v1/ca/external-cas":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"x-feature":"FF_CA_MANAGEMENT","summary":"Upload external CA","description":"Uploads an external CA certificate. These certificates can later be\ntrusted by services inside the system for verification of client\ncertificates.\n\nThe uploaded certificate must have \"CA:TRUE\" as part of the\n\"X509v3 Basic Constraints\" to be accepted.\n","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"External CA certificate parameters","schema":{"type":"object","title":"Upload External CA Request","required":["cert"],"properties":{"name":{"type":"string","description":"A unique name of CA, if not provided, will be set to externalca-."},"cert":{"type":"string","description":"External CA certificate in PEM format"},"parent":{"type":"string","description":"URI reference to a parent external CA certificate. This\ninformation can be used to build a certificate\nhierarchy.\n"}},"example":{"name":"sample-ex-CA","cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----"}}}],"responses":{"201":{"description":"Successful external CA upload.","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-ex-CA","id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","uri":"kylo:kylo:naboo:external_ca:58212a4b-81f5-4de2-aeae-60b8b6f1091e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-09-29T14:46:38.1078Z","updatedAt":"2017-09-29T14:46:38.1078Z","cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----","serialNumber":"0","subject":"/C=US/ST=TX/L=Austin/O=Thales/OU=RnD/CN=ca.kylo.thalesgroup.com","issuer":"/C=US/ST=TX/L=Austin/O=Thales/OU=RnD/CN=ca.kylo.thalesgroup.com","notBefore":"2017-08-02T22:42:23Z","notAfter":"2047-07-26T22:42:23Z","purpose":{"client_authentication":"Enabled","user_authentication":"Enabled"}}}}}},"get":{"x-feature":"FF_CA_MANAGEMENT","summary":"List external CAs","description":"Returns a list of external CA certificates. The results can be\nfiltered, using the query parameters.\n{{FF_CM_REPORTS| Specify \"Accept\" header with value \"application/pdf\" or \"text/csv\" to download report in PDF or CSV format using external clients.}}\n","tags":["Certificate Authority"],"parameters":[{"name":"subject","in":"query","required":false,"type":"string","description":"Filter by the subject"},{"name":"issuer","in":"query","required":false,"type":"string","description":"Filter by the issuer"},{"name":"serialNumber","in":"query","required":false,"type":"string","description":"Filter by the serial number"},{"name":"cert","in":"query","required":false,"type":"string","description":"Filter by the cert"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object"}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"sample-ex-CA","id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","uri":"kylo:kylo:naboo:external_ca:58212a4b-81f5-4de2-aeae-60b8b6f1091e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-09-29T14:46:38.1078Z","updatedAt":"2017-09-29T14:46:38.1078Z","cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----","serialNumber":"0","subject":"/C=US/ST=TX/L=Austin/O=Thales/OU=RnD/CN=ca.kylo.thalesgroup.com","issuer":"/C=US/ST=TX/L=Austin/O=Thales/OU=RnD/CN=ca.kylo.thalesgroup.com","notBefore":"2017-08-02T22:42:23Z","notAfter":"2047-07-26T22:42:23Z","purpose":{"client_authentication":"Enabled","user_authentication":"Enabled"}}]}}}}}},"/v1/ca/external-cas/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"x-feature":"FF_CA_MANAGEMENT","summary":"Get external CA","description":"Returns a single external CA certificate.","tags":["Certificate Authority"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-ex-CA","id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","uri":"kylo:kylo:naboo:external_ca:58212a4b-81f5-4de2-aeae-60b8b6f1091e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-09-29T14:46:38.1078Z","updatedAt":"2017-09-29T14:46:38.1078Z","cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----","serialNumber":"0","subject":"/C=US/ST=TX/L=Austin/O=Thales/OU=RnD/CN=ca.kylo.thalesgroup.com","issuer":"/C=US/ST=TX/L=Austin/O=Thales/OU=RnD/CN=ca.kylo.thalesgroup.com","notBefore":"2017-08-02T22:42:23Z","notAfter":"2047-07-26T22:42:23Z","purpose":{"client_authentication":"Enabled","user_authentication":"Enabled"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"x-feature":"FF_CA_MANAGEMENT","summary":"Delete external CA","description":"Deletes an external CA certificate.","tags":["Certificate Authority"],"responses":{"204":{"description":"No Content | Successful deletion of external CA.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"x-feature":"FF_CA_MANAGEMENT","summary":"Update External CA","description":"Update an external CA.","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"External CA update certificate parameters","schema":{"type":"object","title":"Update CA params","properties":{"allow_client_authentication":{"type":"boolean","description":"If set to true, the certificates signed by the specified CA can be used for client authentication.","example":{"allow_client_authentication":false}},"allow_user_authentication":{"x-feature":"FF_CA_USER_AUTH","type":"boolean","description":"If set to true, the certificates signed by the specified CA can be used for user authentication.","example":{"allow_user_authentication":false}}}}}],"responses":{"200":{"description":"Update successful.","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-ex-CA","id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","uri":"kylo:kylo:naboo:external_ca:58212a4b-81f5-4de2-aeae-60b8b6f1091e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-09-29T14:46:38.1078Z","updatedAt":"2017-09-29T14:46:38.1078Z","cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----","serialNumber":"0","subject":"/C=US/ST=TX/L=Austin/O=Thales/OU=RnD/CN=ca.kylo.thalesgroup.com","issuer":"/C=US/ST=TX/L=Austin/O=Thales/OU=RnD/CN=ca.kylo.thalesgroup.com","notBefore":"2017-08-02T22:42:23Z","notAfter":"2047-07-26T22:42:23Z","purpose":{"client_authentication":"Enabled","user_authentication":"Enabled"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ca/local-cas":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"x-feature":"FF_CA_MANAGEMENT","summary":"Create local CA","description":"Creates a pending local CA. This operation returns a CSR\nthat either can be self-signed by calling local-cas/{id}/self-sign or\nsigned by another CA and installed by calling local-cas/{id}/install. A\nlocal CA keeps the corresponding private key inside the system and can\nissue certificates for clients, servers or intermediate CAs.\nThe local CA can also be trusted by services inside the system for\nverification of client certificates.\n","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"Local CA certificate parameters","schema":{"type":"object","title":"Create Local CA Request","required":["cn"],"properties":{"copy_from_ca":{"type":"string","description":"ID of any Local CA. If given, the csr properties are copied from the given CA."},"name":{"type":"string","description":"A unique name of CA, if not provided, will be set to localca-."},"algorithm":{"type":"string","description":"RSA or ECDSA (default) algorithms are supported. Signature algorithm (SHA512WithRSA, SHA384WithRSA,\nSHA256WithRSA, SHA1WithRSA, ECDSAWithSHA512, ECDSAWithSHA384, ECDSAWithSHA256) is selected\nbased on the algorithm and size.\n"},"size":{"type":"integer","description":"Key size. RSA: 1024 - 4096 (default: 2048), ECDSA: 256 (default), 384, 521\n"},"cn":{"type":"string","description":"Common Name"},"dnsNames":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) values"},"emailAddresses":{"type":"array","items":{"type":"string"},"description":"E-mail addresses"},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"IP addresses"},"names":{"type":"array","items":{"type":"object","title":"Local CA Name","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales\""},"OU":{"type":"string","description":"Organizational Unit, for example \"RnD\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nFields can be duplicated if present in different objects.\n\nExample: [{\"O\": \"Thales\", \"OU\": \"RnD\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"}},"example":{"name":"sample-CA","algorithm":"RSA","size":2048,"cn":"kylo.com","dnsNames":["*.thalesgroup.com","*.thalesgroup.net"],"emailAddresses":["contact@thalesgroup.com"],"ipAddresses":["1.1.1.1"],"names":[{"O":"Thales","OU":"RnD","C":"US","ST":"MD","L":"Belcamp"}]}}}],"responses":{"201":{"description":"Successful local CA creation.","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-CA","id":"cd3435f1-11aa-4e67-adba-73a14b3a552d","uri":"kylo:kylo:naboo:localca:cd3435f1-11aa-4e67-adba-73a14b3a552d","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:28:51.470Z","updatedAt":"2017-10-02T14:28:51.470Z","state":"pending","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIHJMHECAQAwDzENMAsGA1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABBQSwzCdcmzEUK6S9lj3V32oMbZysm05TtfnMhVy9Ic63ZnOjSa2uH/NQw80\nA4KX0b/IWTq+MajEmNJMoLNN2nigADAKBggqhkjOPQQDAgNIADBFAiEA7HWFmyzr\nIWsyiAfky6yhZltJ5Z3gYTTO0zgyGtD9ex8CIALcV6ZFSRz1a3PTaJuPrX7fU6fk\n4atNxIoedOcU3Srm\n-----END CERTIFICATE REQUEST-----","notBefore":"1901-01-01T00:00:00.000Z","notAfter":"1901-01-01T00:00:00.000Z"}}}}},"get":{"x-feature":"FF_CA_MANAGEMENT","summary":"List local CAs","description":"Returns a list of local CA certificates. The results can be\nfiltered, using the query parameters.\n{{FF_CM_REPORTS| Specify \"Accept\" header with value \"application/pdf\" or \"text/csv\" to download report in PDF or CSV format using external clients.}}\n","tags":["Certificate Authority"],"parameters":[{"name":"subject","in":"query","required":false,"type":"string","description":"Filter by the subject"},{"name":"issuer","in":"query","required":false,"type":"string","description":"Filter by the issuer"},{"name":"state","in":"query","required":false,"type":"string","description":"Filter by the state; active or pending"},{"name":"cert","in":"query","required":false,"type":"string","description":"Filter by the cert"},{"name":"id","in":"query","required":false,"type":"string","description":"Filter by the id"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nCurrently, sorting on following field are supported : createdAt, updatedAt and state.\nFor example:\n -state\n\n...will sort the results on `state` in descending order.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object"}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"sample-CA","id":"25af621e-dddd-4147-8c95-519a095b893c","uri":"kylo:kylo:naboo:localca:25af621e-dddd-4147-8c95-519a095b893c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:18:21.644Z","updatedAt":"2017-10-02T14:18:54.339Z","state":"active","cert":"-----BEGIN CERTIFICATE-----\nMIIBPzCB5aADAgECAhAw+e7jP0aueBVpHHpWiL6qMAoGCCqGSM49BAMCMA8xDTAL\nBgNVBAMTBFRlc3QwHhcNMTcxMDAyMTQxODU0WhcNMTcxMDAyMTQxODU0WjAPMQ0w\nCwYDVQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFwDtc+JXlLQq\n2RZhX9p964AR6rrja6uUH5HKM9dZTDqiJ4bCwKRzTJoIIuUEc6cAoHcPucyanux3\nc6R+nZ0706MjMCEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wCgYI\nKoZIzj0EAwIDSQAwRgIhAKvSZNyrG1z6XYLff9nQNwAijbhwdd3Y7vFpY0AaFbL1\nAiEArODxqQmg3SpfoSg+aaRD2OFy/a28bKG1PPteh+2AEX4=\n-----END CERTIFICATE-----","serialNumber":"65100670933312698147490232854133653162","subject":"/CN=Test","issuer":"/CN=Test","notBefore":"2017-10-02T14:18:54.000Z","notAfter":"2017-10-02T14:18:54.000Z","sha1Fingerprint":"1A0547A1F8560E6EE8887B07ECD325585788C3EB","sha256Fingerprint":"E2500B6FF4B946BC50B24DA9113E03A8218681A5A5CEBE5C08E776EEA9B0E095","sha512Fingerprint":"FF1AC34C7D82396E954F9CDD63C91E01395B6EDDBB9C2FEAF6AF5551ED790916319BAFE84FEDF5C65CF6D29E585646A4E076DA3EF5E6701B666A986D46AA17A0","purpose":{"client_authentication":"Enabled","user_authentication":"Enabled"}}]}}}}}},"/v1/ca/local-cas/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"x-feature":"FF_CA_MANAGEMENT","summary":"Get local CA","description":"Returns a single local CA certificate.","tags":["Certificate Authority"],"parameters":[{"name":"chained","in":"query","required":false,"type":"boolean","description":"When set to true, the full CA chain is returned with the certificate."}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-CA","id":"25af621e-dddd-4147-8c95-519a095b893c","uri":"kylo:kylo:naboo:localca:25af621e-dddd-4147-8c95-519a095b893c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:18:21.644Z","updatedAt":"2017-10-02T14:18:54.339Z","state":"active","cert":"-----BEGIN CERTIFICATE-----\nMIIBPzCB5aADAgECAhAw+e7jP0aueBVpHHpWiL6qMAoGCCqGSM49BAMCMA8xDTAL\nBgNVBAMTBFRlc3QwHhcNMTcxMDAyMTQxODU0WhcNMTcxMDAyMTQxODU0WjAPMQ0w\nCwYDVQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFwDtc+JXlLQq\n2RZhX9p964AR6rrja6uUH5HKM9dZTDqiJ4bCwKRzTJoIIuUEc6cAoHcPucyanux3\nc6R+nZ0706MjMCEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wCgYI\nKoZIzj0EAwIDSQAwRgIhAKvSZNyrG1z6XYLff9nQNwAijbhwdd3Y7vFpY0AaFbL1\nAiEArODxqQmg3SpfoSg+aaRD2OFy/a28bKG1PPteh+2AEX4=\n-----END CERTIFICATE-----","serialNumber":"65100670933312698147490232854133653162","subject":"/CN=Test","issuer":"/CN=Test","notBefore":"2017-10-02T14:18:54.000Z","notAfter":"2017-10-02T14:18:54.000Z","sha1Fingerprint":"1A0547A1F8560E6EE8887B07ECD325585788C3EB","sha256Fingerprint":"E2500B6FF4B946BC50B24DA9113E03A8218681A5A5CEBE5C08E776EEA9B0E095","sha512Fingerprint":"FF1AC34C7D82396E954F9CDD63C91E01395B6EDDBB9C2FEAF6AF5551ED790916319BAFE84FEDF5C65CF6D29E585646A4E076DA3EF5E6701B666A986D46AA17A0","purpose":{"client_authentication":"Enabled","user_authentication":"Enabled"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"x-feature":"FF_CA_MANAGEMENT","summary":"Delete local CA","description":"Deletes a local CA certificate.","tags":["Certificate Authority"],"responses":{"204":{"description":"No Content | Successful deletion of local CA.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"x-feature":"FF_CA_MANAGEMENT","summary":"Update local CA","description":"Update a local CA.","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"Local CA update certificate parameters","schema":{"type":"object","title":"Update CA params","properties":{"allow_client_authentication":{"type":"boolean","description":"If set to true, the certificates signed by the specified CA can be used for client authentication.","example":{"allow_client_authentication":false}},"allow_user_authentication":{"x-feature":"FF_CA_USER_AUTH","type":"boolean","description":"If set to true, the certificates signed by the specified CA can be used for user authentication.","example":{"allow_user_authentication":false}}}}}],"responses":{"200":{"description":"Update successful.","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-CA","id":"25af621e-dddd-4147-8c95-519a095b893c","uri":"kylo:kylo:naboo:localca:25af621e-dddd-4147-8c95-519a095b893c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:18:21.644Z","updatedAt":"2017-10-02T14:18:54.339Z","state":"active","cert":"-----BEGIN CERTIFICATE-----\nMIIBPzCB5aADAgECAhAw+e7jP0aueBVpHHpWiL6qMAoGCCqGSM49BAMCMA8xDTAL\nBgNVBAMTBFRlc3QwHhcNMTcxMDAyMTQxODU0WhcNMTcxMDAyMTQxODU0WjAPMQ0w\nCwYDVQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFwDtc+JXlLQq\n2RZhX9p964AR6rrja6uUH5HKM9dZTDqiJ4bCwKRzTJoIIuUEc6cAoHcPucyanux3\nc6R+nZ0706MjMCEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wCgYI\nKoZIzj0EAwIDSQAwRgIhAKvSZNyrG1z6XYLff9nQNwAijbhwdd3Y7vFpY0AaFbL1\nAiEArODxqQmg3SpfoSg+aaRD2OFy/a28bKG1PPteh+2AEX4=\n-----END CERTIFICATE-----","serialNumber":"65100670933312698147490232854133653162","subject":"/CN=Test","issuer":"/CN=Test","notBefore":"2017-10-02T14:18:54.000Z","notAfter":"2017-10-02T14:18:54.000Z","sha1Fingerprint":"1A0547A1F8560E6EE8887B07ECD325585788C3EB","sha256Fingerprint":"E2500B6FF4B946BC50B24DA9113E03A8218681A5A5CEBE5C08E776EEA9B0E095","sha512Fingerprint":"FF1AC34C7D82396E954F9CDD63C91E01395B6EDDBB9C2FEAF6AF5551ED790916319BAFE84FEDF5C65CF6D29E585646A4E076DA3EF5E6701B666A986D46AA17A0","purpose":{"client_authentication":"Enabled","user_authentication":"Enabled"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ca/local-cas/{id}/self-sign":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"x-feature":"FF_CA_MANAGEMENT","summary":"Self-sign a local CA","description":"Self-sign a local CA certificate. This is used to create a root CA. Either duration or notAfter date must be specified.\nIf both notAfter and duration are given, then notAfter date takes precedence over duration. If duration is given \nwithout notBefore date, ceritificate is issued starting from server's current time for the specified duration. \n","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"Local CA certificate parameters","schema":{"type":"object","title":"Self-sign Request","properties":{"duration":{"type":"integer","description":"Duration in days of certificate. Either duration or notAfter date must be specified."},"notBefore":{"type":"string","description":"Start date of certificate."},"notAfter":{"type":"string","description":"End date of certificate. Either notAfter date or duration must be specified. notAfter overrides duration if both are given."}},"example":{"duration":365,"notBefore":"2016-12-02Z","notAfter":"2026-12-02Z"}}}],"responses":{"201":{"description":"Successful self-sign of local CA.","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-CA","id":"25af621e-dddd-4147-8c95-519a095b893c","uri":"kylo:kylo:naboo:localca:25af621e-dddd-4147-8c95-519a095b893c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:18:21.644Z","updatedAt":"2017-10-02T14:18:54.339Z","state":"active","cert":"-----BEGIN CERTIFICATE-----\nMIIBPzCB5aADAgECAhAw+e7jP0aueBVpHHpWiL6qMAoGCCqGSM49BAMCMA8xDTAL\nBgNVBAMTBFRlc3QwHhcNMTcxMDAyMTQxODU0WhcNMTcxMDAyMTQxODU0WjAPMQ0w\nCwYDVQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFwDtc+JXlLQq\n2RZhX9p964AR6rrja6uUH5HKM9dZTDqiJ4bCwKRzTJoIIuUEc6cAoHcPucyanux3\nc6R+nZ0706MjMCEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wCgYI\nKoZIzj0EAwIDSQAwRgIhAKvSZNyrG1z6XYLff9nQNwAijbhwdd3Y7vFpY0AaFbL1\nAiEArODxqQmg3SpfoSg+aaRD2OFy/a28bKG1PPteh+2AEX4=\n-----END CERTIFICATE-----","serialNumber":"65100670933312698147490232854133653162","subject":"/CN=Test","issuer":"/CN=Test","notBefore":"2017-10-02T14:18:54.000Z","notAfter":"2017-10-02T14:18:54.000Z","sha1Fingerprint":"1A0547A1F8560E6EE8887B07ECD325585788C3EB","sha256Fingerprint":"E2500B6FF4B946BC50B24DA9113E03A8218681A5A5CEBE5C08E776EEA9B0E095","sha512Fingerprint":"FF1AC34C7D82396E954F9CDD63C91E01395B6EDDBB9C2FEAF6AF5551ED790916319BAFE84FEDF5C65CF6D29E585646A4E076DA3EF5E6701B666A986D46AA17A0","purpose":{"client_authentication":"Enabled","user_authentication":"Enabled"}}}}}}},"/v1/ca/local-cas/{id}/install":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"x-feature":"FF_CA_MANAGEMENT","summary":"Install a local CA","description":"Installs a certificate signed by other CA to act as a local CA. Issuer\ncan be both local or external CA. Typically used for intermediate CAs.\n\nThe CA certificate must match the earlier created CA CSR, have\n\"CA:TRUE\" as part of the \"X509v3 Basic Constraints\", and have\n\"Certificate Signing\" as part of \"X509v3 Key Usage\" in order to be\naccepted.\n","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"Local CA certificate parameters","schema":{"type":"object","title":"Install Local CA Request","required":["cert","parentId"],"properties":{"cert":{"type":"string","description":"Signed certificate in PEM format to install as a local CA\n"},"parentId":{"type":"string","description":"An identifier of the parent resource. The resource can be\neither a local or an external CA. The identifier can be\neither the ID (a UUIDv4) or the URI.\n"}},"example":{"cert":"-----BEGIN CERTIFICATE-----\nMIIBPzCB5aADAgECAhAw+e7jP0aueBVpHHpWiL6qMAoGCCqGSM49BAMCMA8xDTAL\nBgNVBAMTBFRlc3QwHhcNMTcxMDAyMTQxODU0WhcNMTcxMDAyMTQxODU0WjAPMQ0w\nCwYDVQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFwDtc+JXlLQq\n2RZhX9p964AR6rrja6uUH5HKM9dZTDqiJ4bCwKRzTJoIIuUEc6cAoHcPucyanux3\nc6R+nZ0706MjMCEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wCgYI\nKoZIzj0EAwIDSQAwRgIhAKvSZNyrG1z6XYLff9nQNwAijbhwdd3Y7vFpY0AaFbL1\nAiEArODxqQmg3SpfoSg+aaRD2OFy/a28bKG1PPteh+2AEX4=\n-----END CERTIFICATE-----","parentId":"25af621e-dddd-4147-8c95-519a095b893c"}}}],"responses":{"200":{"description":"Successful install of local CA.","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-CA","id":"25af621e-dddd-4147-8c95-519a095b893c","uri":"kylo:kylo:naboo:localca:25af621e-dddd-4147-8c95-519a095b893c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:18:21.644Z","updatedAt":"2017-10-02T14:18:54.339Z","state":"active","cert":"-----BEGIN CERTIFICATE-----\nMIIBPzCB5aADAgECAhAw+e7jP0aueBVpHHpWiL6qMAoGCCqGSM49BAMCMA8xDTAL\nBgNVBAMTBFRlc3QwHhcNMTcxMDAyMTQxODU0WhcNMTcxMDAyMTQxODU0WjAPMQ0w\nCwYDVQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFwDtc+JXlLQq\n2RZhX9p964AR6rrja6uUH5HKM9dZTDqiJ4bCwKRzTJoIIuUEc6cAoHcPucyanux3\nc6R+nZ0706MjMCEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wCgYI\nKoZIzj0EAwIDSQAwRgIhAKvSZNyrG1z6XYLff9nQNwAijbhwdd3Y7vFpY0AaFbL1\nAiEArODxqQmg3SpfoSg+aaRD2OFy/a28bKG1PPteh+2AEX4=\n-----END CERTIFICATE-----","serialNumber":"65100670933312698147490232854133653162","subject":"/CN=Test","issuer":"/CN=Test","notBefore":"2017-10-02T14:18:54.000Z","notAfter":"2017-10-02T14:18:54.000Z","sha1Fingerprint":"1A0547A1F8560E6EE8887B07ECD325585788C3EB","sha256Fingerprint":"E2500B6FF4B946BC50B24DA9113E03A8218681A5A5CEBE5C08E776EEA9B0E095","sha512Fingerprint":"FF1AC34C7D82396E954F9CDD63C91E01395B6EDDBB9C2FEAF6AF5551ED790916319BAFE84FEDF5C65CF6D29E585646A4E076DA3EF5E6701B666A986D46AA17A0","purpose":{"client_authentication":"Enabled","user_authentication":"Enabled"}}}}}}},"/v1/ca/local-cas/{caid}/certs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"caid","in":"path","description":"An identifier of the issuer CA resource. This can be either the ID (a\nUUIDv4), the name, the URI, or the slug (which is the last\ncomponent of the URI).\n","type":"string","required":true}],"post":{"x-feature":"FF_CA_MANAGEMENT","summary":"Issue certificate","description":"Issues a certificate by signing the provided CSR with the CA. This is typically used\nto issue server, client or intermediate CA certificates. Either duration or notAfter date must be specified.\nIf both notAfter date and duration are given, then notAfter takes precedence over duration. If duration is given \nwithout notBefore date, ceritificate is issued starting from server's current time for the specified duration.\n","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"Certificate parameters","schema":{"type":"object","title":"Issue Certificate Request","required":["csr","purpose"],"properties":{"name":{"type":"string","description":"A unique name of Certificate, if not provided, will be set to cert-."},"csr":{"type":"string","description":"CSR in PEM format"},"purpose":{"type":"string","description":"server, client or ca"},"duration":{"type":"integer","description":"Duration in days of certificate. Either duration or notAfter date must be specified."},"notBefore":{"type":"string","description":"Start date of certificate"},"notAfter":{"type":"string","description":"End date of certificate. Either notAfter or duration must be specified. notAfter overrides duration if both are given."}},"example":{"name":"sample-cert","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIHMMHQCAQAwEjEQMA4GA1UEAxMHbXkgY2VydDBZMBMGByqGSM49AgEGCCqGSM49\nAwEHA0IABBJCi5oqg7DT9erDtUS0Si9t4lxP6qvcZbJ0Dsu6+h7q/2ogtzUWY8TT\nE4W2Xc+YHE7z5AaMpb2OvTLnk8CLDv2gADAKBggqhkjOPQQDAgNIADBFAiAH3+2h\nVpMB+PPIJXrCsnqK4UScMQPUakSqKbGasqW33AIhALZ6aSD0EghCyBxBAhVKLsNh\nysB/i0c6R/O7USFQJQTr\n-----END CERTIFICATE REQUEST-----","purpose":"server","duration":365,"notBefore":"2023-10-02T14:24:37.436Z","notAfter":"2033-10-02T14:24:37.436Z"}}}],"responses":{"201":{"description":"Successful certificate issue.","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-cert","id":"fe7ba3b3-5f77-461b-a357-b98045b159d6","uri":"kylo:kylo:naboo:certs:fe7ba3b3-5f77-461b-a357-b98045b159d6","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:44:59.080Z","updatedAt":"2017-10-02T14:44:59.080Z","cert":"-----BEGIN CERTIFICATE-----\nMIIBUTCB+KADAgECAhEAoJIuJYnCF4moxtJKCPDlZDAKBggqhkjOPQQDAjAPMQ0w\nCwYDVQQDEwRUZXN0MB4XDTE3MTAwMjE0NDQ1OVoXDTE3MTAwMjE0NDQ1OVowDzEN\nMAsGA1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNA2m18mNW8j\n7ZEJGQT/X8pF5mgixDzvVAr3qlau9C3hXsIVvpSx45synuMiZaRcAZz3V6pNmXD/\nr+WTv3qjQkWjNTAzMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcD\nATAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0gAMEUCIQCTxSTwxA6J7f7DV4xz\nRtrUxBJrqXAWJuKm0+fBORz+uwIgeOVnowlN9nZv2aJ2FKqGEyeH93T/ukasevOv\ntngmUug=\n-----END CERTIFICATE-----","ca":"kylo:kylo:naboo:localca:cd3435f1-11aa-4e67-adba-73a14b3a552d","revoked_at":"1901-01-01T00:00:00.000Z","sha1Fingerprint":"1F1631E7EDA1475983AEF10A92141CB04D1FAD57","sha256Fingerprint":"8C6EC21FF9B93FB5C1D75D086DD0371A0E54BF1073A2B07369B60F26948A79E8","sha512Fingerprint":"256AB3E47CD03A791CE6FC2A8F8F4161C0461C42B2BEB27D83C6D48148BB42EEA1281876DF658EAF629C4CAFE4AFD387C56363BC05F66FEF976323CA20F8035C","serialNumber":"213435490631850494611318770278023095652","subject":"/CN=Test","issuer":"/CN=Test","notBefore":"2017-10-02T14:44:59.000Z","notAfter":"2017-10-02T14:44:59.000Z"}}}}},"get":{"x-feature":"FF_CA_MANAGEMENT","summary":"List certificates","description":"Returns a list of certificates issued by given CA. The results can be filtered,\nusing the query parameters.\n{{FF_CM_REPORTS| Specify \"Accept\" header with value \"application/pdf\" or \"text/csv\" to download report in PDF or CSV format using external clients.}}\n","tags":["Certificate Authority"],"parameters":[{"name":"subject","in":"query","required":false,"type":"string","description":"Filter by the subject"},{"name":"issuer","in":"query","required":false,"type":"string","description":"Filter by the issuer"},{"name":"cert","in":"query","required":false,"type":"string","description":"Filter by the cert"},{"name":"id","in":"query","required":false,"type":"string","description":"Filter by the ID or URI"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object"}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"sample-cert","id":"fe7ba3b3-5f77-461b-a357-b98045b159d6","uri":"kylo:kylo:naboo:certs:fe7ba3b3-5f77-461b-a357-b98045b159d6","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:44:59.080Z","updatedAt":"2017-10-02T14:44:59.080Z","cert":"-----BEGIN CERTIFICATE-----\nMIIBUTCB+KADAgECAhEAoJIuJYnCF4moxtJKCPDlZDAKBggqhkjOPQQDAjAPMQ0w\nCwYDVQQDEwRUZXN0MB4XDTE3MTAwMjE0NDQ1OVoXDTE3MTAwMjE0NDQ1OVowDzEN\nMAsGA1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNA2m18mNW8j\n7ZEJGQT/X8pF5mgixDzvVAr3qlau9C3hXsIVvpSx45synuMiZaRcAZz3V6pNmXD/\nr+WTv3qjQkWjNTAzMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcD\nATAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0gAMEUCIQCTxSTwxA6J7f7DV4xz\nRtrUxBJrqXAWJuKm0+fBORz+uwIgeOVnowlN9nZv2aJ2FKqGEyeH93T/ukasevOv\ntngmUug=\n-----END CERTIFICATE-----","ca":"kylo:kylo:naboo:localca:cd3435f1-11aa-4e67-adba-73a14b3a552d","revoked_at":"1901-01-01T00:00:00.000Z","sha1Fingerprint":"1F1631E7EDA1475983AEF10A92141CB04D1FAD57","sha256Fingerprint":"8C6EC21FF9B93FB5C1D75D086DD0371A0E54BF1073A2B07369B60F26948A79E8","sha512Fingerprint":"256AB3E47CD03A791CE6FC2A8F8F4161C0461C42B2BEB27D83C6D48148BB42EEA1281876DF658EAF629C4CAFE4AFD387C56363BC05F66FEF976323CA20F8035C","serialNumber":"213435490631850494611318770278023095652","subject":"/CN=Test","issuer":"/CN=Test","notBefore":"2017-10-02T14:44:59.000Z","notAfter":"2017-10-02T14:44:59.000Z"}]}}}}}},"/v1/ca/local-cas/{caid}/certs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"caid","in":"path","description":"An identifier of the issuer CA resource. This can be either the ID (a\nUUIDv4), the name, the URI, or the slug (which is the last\ncomponent of the URI).\n","type":"string","required":true},{"name":"id","in":"path","description":"An identifier of the certificate resource. This can be either the ID (a\nUUIDv4), the URI, or the slug (which is the last\ncomponent of the URI).\n","type":"string","required":true}],"get":{"x-feature":"FF_CA_MANAGEMENT","summary":"Get certificate","description":"Returns a single local certificate.","tags":["Certificate Authority"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-cert","id":"7fd13837-4d41-4394-85f3-7e7443fdc345","uri":"kylo:kylo:naboo:certs:7fd13837-4d41-4394-85f3-7e7443fdc345","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-03T15:34:30.242Z","updatedAt":"2017-10-03T15:34:30.242Z","cert":"-----BEGIN CERTIFICATE-----\nMIIBpDCCAUugAwIBAgIRALyT9RceYiOKmn9/wg9RB+AwCgYIKoZIzj0EAwIwWjEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAwDgYD\nVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgcm9vdCBDQTAeFw0xNzEw\nMDMxNTM0MzBaFw0yNzEwMDExNTM0MzBaMBcxFTATBgNVBAMTDEtNSVAgQ2xpZW50\nMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOAfvDG7tTwwK/5dOHvXOjHETKQN\n10S/CSpfpOwOJdkqi5Ln/vQ1kNxUXWqDlXhkg2w+l4khYAv3PVGc5HjO/iCjNTAz\nMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8E\nAjAAMAoGCCqGSM49BAMCA0cAMEQCIBHUDGpetRKXpOHVkQc52uPGd7nCbPXnN2No\nhl3KsilTAiAnUOVEUlaGNoiNZxEItuDfN1lMFU15z+bTibMp88tU2A==\n-----END CERTIFICATE-----","ca":"kylo:kylo:naboo:localca:e38a9148-c0ad-46ae-8adc-bb74d9bb11ca","revoked_at":"1901-01-01T00:00:00.000Z","sha1Fingerprint":"2A2985534D2E528DBA7724D5D145714747C40FE2","sha256Fingerprint":"A28420E3967E06A13D974122E6C4D2FFD6CE8E6FB9A1AB82AE0403873DED9843","sha512Fingerprint":"C4D07E74EB61FFE34F28C924DB8EC9A6D3C3DFC6E6CC034EB9EAABB09DDDDB6B08DE0CCC264DCDC227920DDDFB702857E5CE908A63831D39897F850D5BD304B8","serialNumber":"250663101867772629119216267626881812448","subject":"/CN=KMIP Client1","issuer":"/C=US/ST=MD/L=Belcamp/O=Thales/CN=CipherTrust Manager root CA","notBefore":"2017-10-03T15:34:30.000Z","notAfter":"2027-10-01T15:34:30.000Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"x-feature":"FF_CA_MANAGEMENT","summary":"Delete certificate","description":"Deletes a local certificate.","tags":["Certificate Authority"],"responses":{"204":{"description":"No Content | Successful deletion of certificate.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ca/local-cas/{caid}/certs/{id}/revoke":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"caid","in":"path","description":"An identifier of the issuer CA resource. This can be either the ID (a\nUUIDv4), the name, the URI, or the slug (which is the last\ncomponent of the URI).\n","type":"string","required":true},{"name":"id","in":"path","description":"An identifier of the certificate resource. This can be either the ID (a\nUUIDv4), the URI, or the slug (which is the last\ncomponent of the URI).\n","type":"string","required":true}],"post":{"x-feature":"FF_CA_MANAGEMENT","summary":"Revoke certificate","description":"Revoke certificate with a given specific reason.","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"Certificate revoke parameters","schema":{"type":"object","title":"Revoke Certificate Request","required":["reason"],"properties":{"reason":{"type":"string","description":"Specify one of the reason. Reasons to revoke a certificate according to RFC 5280 are -","enum":["unspecified","keyCompromise","cACompromise","affiliationChanged","superseded","cessationOfOperation","certificateHold","removeFromCRL","privilegeWithdrawn","aACompromise"]}},"example":{"reason":"certificateHold"}}}],"responses":{"200":{"description":"Successful certificate revoke.","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-cert","id":"fe7ba3b3-5f77-461b-a357-b98045b159d6","uri":"kylo:kylo:naboo:certs:fe7ba3b3-5f77-461b-a357-b98045b159d6","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:44:59.080Z","updatedAt":"2017-10-02T14:44:59.080Z","cert":"-----BEGIN CERTIFICATE-----\nMIIBUTCB+KADAgECAhEAoJIuJYnCF4moxtJKCPDlZDAKBggqhkjOPQQDAjAPMQ0w\nCwYDVQQDEwRUZXN0MB4XDTE3MTAwMjE0NDQ1OVoXDTE3MTAwMjE0NDQ1OVowDzEN\nMAsGA1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNA2m18mNW8j\n7ZEJGQT/X8pF5mgixDzvVAr3qlau9C3hXsIVvpSx45synuMiZaRcAZz3V6pNmXD/\nr+WTv3qjQkWjNTAzMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcD\nATAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0gAMEUCIQCTxSTwxA6J7f7DV4xz\nRtrUxBJrqXAWJuKm0+fBORz+uwIgeOVnowlN9nZv2aJ2FKqGEyeH93T/ukasevOv\ntngmUug=\n-----END CERTIFICATE-----","ca":"kylo:kylo:naboo:localca:cd3435f1-11aa-4e67-adba-73a14b3a552d","revoked_at":"2017-10-02T14:44:59.080Z","revoked_reason":"certificateHold","state":"revoked","sha1Fingerprint":"1F1631E7EDA1475983AEF10A92141CB04D1FAD57","sha256Fingerprint":"8C6EC21FF9B93FB5C1D75D086DD0371A0E54BF1073A2B07369B60F26948A79E8","sha512Fingerprint":"256AB3E47CD03A791CE6FC2A8F8F4161C0461C42B2BEB27D83C6D48148BB42EEA1281876DF658EAF629C4CAFE4AFD387C56363BC05F66FEF976323CA20F8035C","serialNumber":"213435490631850494611318770278023095652","subject":"/CN=Test","issuer":"/CN=Test","notBefore":"2017-10-02T14:44:59.000Z","notAfter":"2017-10-02T14:44:59.000Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/ca/local-cas/{caid}/certs/{id}/resume":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"caid","in":"path","description":"An identifier of the issuer CA resource. This can be either the ID (a\nUUIDv4), the name, the URI, or the slug (which is the last\ncomponent of the URI).\n","type":"string","required":true},{"name":"id","in":"path","description":"An identifier of the certificate resource. This can be either the ID (a\nUUIDv4), the URI, or the slug (which is the last\ncomponent of the URI).\n","type":"string","required":true}],"post":{"x-feature":"FF_CA_MANAGEMENT","summary":"Resume certificate","description":"Certificate can be resumed only if it is revoked with reason certificatehold.","tags":["Certificate Authority"],"responses":{"200":{"description":"Successful certificate resume.","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-cert","id":"fe7ba3b3-5f77-461b-a357-b98045b159d6","uri":"kylo:kylo:naboo:certs:fe7ba3b3-5f77-461b-a357-b98045b159d6","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:44:59.080Z","updatedAt":"2017-10-02T14:44:59.080Z","cert":"-----BEGIN CERTIFICATE-----\nMIIBUTCB+KADAgECAhEAoJIuJYnCF4moxtJKCPDlZDAKBggqhkjOPQQDAjAPMQ0w\nCwYDVQQDEwRUZXN0MB4XDTE3MTAwMjE0NDQ1OVoXDTE3MTAwMjE0NDQ1OVowDzEN\nMAsGA1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNA2m18mNW8j\n7ZEJGQT/X8pF5mgixDzvVAr3qlau9C3hXsIVvpSx45synuMiZaRcAZz3V6pNmXD/\nr+WTv3qjQkWjNTAzMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcD\nATAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0gAMEUCIQCTxSTwxA6J7f7DV4xz\nRtrUxBJrqXAWJuKm0+fBORz+uwIgeOVnowlN9nZv2aJ2FKqGEyeH93T/ukasevOv\ntngmUug=\n-----END CERTIFICATE-----","ca":"kylo:kylo:naboo:localca:cd3435f1-11aa-4e67-adba-73a14b3a552d","revoked_at":"1901-01-01T00:00:00.000Z","state":"active","sha1Fingerprint":"1F1631E7EDA1475983AEF10A92141CB04D1FAD57","sha256Fingerprint":"8C6EC21FF9B93FB5C1D75D086DD0371A0E54BF1073A2B07369B60F26948A79E8","sha512Fingerprint":"256AB3E47CD03A791CE6FC2A8F8F4161C0461C42B2BEB27D83C6D48148BB42EEA1281876DF658EAF629C4CAFE4AFD387C56363BC05F66FEF976323CA20F8035C","serialNumber":"213435490631850494611318770278023095652","subject":"/CN=Test","issuer":"/CN=Test","notBefore":"2017-10-02T14:44:59.000Z","notAfter":"2017-10-02T14:44:59.000Z"}}},"400":{"description":"Bad Request | Cannot resume certificate.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/ntp/servers":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of previously configured NTP servers.\n","tags":["NTP Servers"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","properties":{"host":{"type":"string"},"key":{"type":"string"},"key_type":{"x-feature":"FF_NTP_ENABLE_KEY_TYPE","type":"string"}}}}}},"examples":{"application/json":{"resources":[{"host":"foo.example.com","key":"key1"}]}}}}},"post":{"summary":"Add","description":"Adds a new NTP server to be used by the system.\n","tags":["NTP Servers"],"parameters":[{"name":"body","in":"body","description":"NTP servers parameters","schema":{"type":"object","title":"Add NTP servers Request","required":["host"],"properties":{"host":{"type":"string","description":"Host (hostname/ip) of NTP server to add"},"key":{"type":"string","description":"Symmetric key value to be used for authenticated NTP servers"},"key_type":{"x-feature":"FF_NTP_ENABLE_KEY_TYPE","type":"string","description":"Digest algorithm to be used for authenticated NTP servers; MD5, SHA-1, SHA-256, SHA-384 or SHA-512 (defaults to SHA-256)"}},"example":{"host":"foo.example.com","key":"key1"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"host":"foo.example.com","key":"key1"}}}}}},"/v1/system/ntp/servers/{host}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"host","in":"path","required":true,"type":"string","description":"Host (hostname/ip) of NTP server"}],"get":{"summary":"Get","description":"Returns the details of a single NTP server.","tags":["NTP Servers"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"host":"foo.example.com","key":"key1"}}},"404":{"description":"NTP server not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes an NTP server.","tags":["NTP Servers"],"responses":{"204":{"description":"No Content | Successful deletion of NTP server.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/ntp/status":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Status","description":"Returns the status of all NTP servers in the system","tags":["NTP Servers"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"ntpq -p":" remote refid st t when poll reach delay offset jitter\n==============================================================================\n tick.gemalto.co .POOL. 16 p - 64 0 0.000 0.000 0.000\n tock.gemalto.co .POOL. 16 p - 64 0 0.000 0.000 0.000\n absdnsvwp50.gem 10.42.179.243 6 u 6 64 1 130.365 -486.28 0.000\n crodnsvwp50.gem 10.42.176.35 6 u 3 64 1 134.071 -354.54 0.000\n","ntpq -c as":"ind assid status conf reach auth condition last_event cnt\n===========================================================\n 1 21100 8811 yes none none reject mobilize 1\n 2 21101 8811 yes none none reject mobilize 1\n 3 21102 1014 no yes none reject reachable 1\n 4 21103 1014 no yes none reject reachable 1\n"}}},"404":{"description":"NTP server not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/hsm/setup":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Setup","description":"Performs the initial setup of the system to use HSM.\n\nA `reset` operation is required. This means that all existing data in\nthe system will be wiped and CipherTrust Manager will be started from a clean\nslate.\n\nNote:\n This is a long running operation and could take some time, the\n browser might timeout before the operation completes. If you get a\n timeout error then the operation started successfully and you will\n need to `list` to determine if it has completed\n\nNote:\n It is important that time is in sync when using HSM. Please ensure\n the system time is correct before.\n","tags":["HSM Servers","Enterprise"],"parameters":[{"name":"body","in":"body","description":"HSM setup parameters","schema":{"type":"object","title":"Setup HSM Request","required":["type","connInfo"],"properties":{"type":{"type":"string","description":"Type of HSM server to setup, supported types are \"luna\", \"lunapci\", \"lunatct\", \"protectserver\", \"aws\", \"dpod\"{{FF_GCP_HSM_ROT|, \"gcp\"}}, \"nshield\" and \"ibmhpcs\". \"luna\" refers to the Luna Network HSM version 5, 6, or 7, \"lunapci\" refers to the embedded Luna PCIe HSM, \"lunatct\" refers to the Luna T-Series HSMs, \"protectserver\" refers to ProtectServer HSM, \"aws\" refers to AWS CloudHSM, \"dpod\" refers to Thales Data Protection on Demand's HSM on Demand service{{FF_GCP_HSM_ROT|, \"gcp\" refers to Google Cloud HSM}}, \"nshield\" refers to Entrust nShield Connect HSM, and \"ibmhpcs\" refers to IBM HPCS HSM.\n"},"connInfo":{"type":"string","description":"Connection information for initial HSM to setup in JSON document format. The expected content of this parameter depends on the specific HSM type used.\n\nFor Luna Network HSM (including TCT) and Luna PCIe, the required attributes are:\n\n- \"partition_name\" \n The name of the HSM partition to use.\n\n- \"partition_password\" \n The password of the initial partition to use. This will be the Crypto Officer role password or challenge secret. Luna documentation describes in detail how to set up a password for an application to access a partition. \n If you plan to use multiple Luna HSMs operating in high-availability (HA) mode, all HSMs must have the same password.\n\nFor ProtectServer HSM, the required attributes are:\n\n- \"token_serial\" \n The serial number of the slot.\n\n- \"token_password\" \n The password of the slot.\n\nFor AWS Cloud HSM (Cavium), the required attributes are:\n\n- \"partition_name\"\n This must have the value \"cavium\".\n\n- \"partition_password\"\n The credentials of a cryptouser in the form of \"username:password\"\n\nFor DPoD HSM on Demand Service, the required attributes are:\n\n- \"partition_name\"\n The name of the the partition configured during partition initialization\n\n- \"partition_password\"\n The password of the Crypto Officer\n\n{{FF_GCP_HSM_ROT|For Google Cloud HSM, the required attributes are:}}\n\n{{FF_GCP_HSM_ROT|- \"type\"}}\n{{FF_GCP_HSM_ROT| The type of the Google Cloud Platform (GCP) account. The value must be `service_account`. The service account must be granted a role or roles with the following IAM permissions: `cloudkms.keyRings.get` in the location, `cloudkms.locations.generateRandomBytes` in the location, `cloudkms.cryptoKeys.list`, `cloudkms.cryptoKeyVersions.list`, `cloudkms.cryptoKeyVersions.manageRawAesCbcKeys`, `cloudkms.cryptoKeyVersions.useToDecrypt`, `cloudkms.cryptoKeyVersions.useToEncrypt`, `cloudkms.cryptoKeyVersions.useToSign`, `cloudkms.cryptoKeyVersions.useToVerify`, `cloudkms.cryptoKeys.create` and `cloudkms.cryptoKeyVersions.destroy` in the keyring.}}\n\n{{FF_GCP_HSM_ROT|- \"project_id\"}}\n{{FF_GCP_HSM_ROT| The project ID of the GCP service account.}}\n\n{{FF_GCP_HSM_ROT|- \"private_key_id\"}}\n{{FF_GCP_HSM_ROT| The private key ID of the GCP service account.}}\n\n{{FF_GCP_HSM_ROT|- \"private_key\"}}\n{{FF_GCP_HSM_ROT| The private key of the GCP service account.}}\n\n{{FF_GCP_HSM_ROT|- \"client_email\"}}\n{{FF_GCP_HSM_ROT| The client email of the GCP service account.}}\n\n{{FF_GCP_HSM_ROT|- \"client_id\"}}\n{{FF_GCP_HSM_ROT| The client ID of the GCP service account.}}\n\n{{FF_GCP_HSM_ROT|- \"auth_uri\"}}\n{{FF_GCP_HSM_ROT| The auth URI of the GCP service account.}}\n\n{{FF_GCP_HSM_ROT|- \"token_uri\"}}\n{{FF_GCP_HSM_ROT| The token URI of the GCP service account.}}\n\n{{FF_GCP_HSM_ROT|- \"auth_provider_x509_cert_url\"}}\n{{FF_GCP_HSM_ROT| The auth provider X509 cert URL of the GCP service account.}}\n\n{{FF_GCP_HSM_ROT|- \"client_x509_cert_url\"}}\n{{FF_GCP_HSM_ROT| The client X509 cert URL of the GCP service account.}}\n\nFor Entrust nShield Connect HSM, the required parameters are:\n\n- \"softcard_name\" \n The name of the softcard to use to protect the keys.\n\n- \"softcard_password\" \n The password of the softcard.\n\nFor IBM HPCS HSM the required parameter is:\n\n- \"api_key\" \n The api key for the Normal User with Key operator privileges.\n\nLuna Network/PCIe HSM (including TCT) example: \n`\"{\\\"partition_name\\\": \\\"kylo-partition\\\", \\\"partition_password\\\": \\\"sOmeP@ssword\\\"}\"`\n\nProtectServer example: \n`\"{\\\"token_serial\\\": \\\"123456:54321\\\", \\\"token_password\\\": \\\"sOmeP@ssword\\\"}\"`\n\nAWS CloudHSM (Cavium) example: \n`\"{\\\"partition_name\\\": \\\"cavium\\\", \\\"partition_password\\\": \\\"hsmuser:sOmeP@ssword\\\"}\"`\n\nDPoD example: \n`\"{\\\"partition_name\\\": \\\"partition-name\\\", \\\"partition_password\\\": \\\"sOmeP@ssword\\\"}\"`\n\n{{FF_GCP_HSM_ROT|GCP Cloud HSM example (see https://cloud.google.com/iam/docs/keys-create-delete#creating):}}\n{{FF_GCP_HSM_ROT|`\"{\\\"type\\\": \\\"service_account\\\", \\\"project_id\\\": \\\"myproject\\\", \\\"private_key_id\\\": \\\"1234567890abcdef1234567890abcdef12345678\\\", \\\"private_key\\\": \\\"-----BEGIN PRIVATE KEY-----\\\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDV7g0lBwL/XaBD...\\\\n59cqC1DjxsmVcmpabyi/726I\\\\n-----END PRIVATE KEY-----\\\\n\\\", \\\"client_email\\\": \\\"someone@myproject.iam.gserviceaccount.com\\\", \\\"client_id\\\": \\\"123456789012345678901\\\", \\\"auth_uri\\\": \\\"https://accounts.google.com/o/oauth2/auth\\\", \\\"token_uri\\\": \\\"https://accounts.google.com/o/oauth2/token\\\", \\\"auth_provider_x509_cert_url\\\": \\\"https://www.googleapis.com/oauth2/v1/certs\\\", \\\"client_x509_cert_url\\\": \\\"https://www.googleapis.com/robot/v1/metadata/x509/someone%40myproject.iam.gserviceaccount.com\\\"}\"`}}\n\nEntrust nShield Connect HSM example: \n`\"{\\\"softcard_name\\\": \\\"softcard-name\\\", \\\"softcard_password\\\": \\\"sOmeP@ssword\\\"}\"`\n\nIBM HPCS HSM example: \n`\"{\\\"api_key\\\": \\\"api-key\\\"}\"`\n"},"initialConfig":{"type":"object","description":"A free form JSON opaque blob. The expected content of this parameter depends on the specific HSM type used.\n\nFor Luna Network HSM (including TCT) the required attributes are:\n- \"host\"\n IP or hostname\n- \"serial\"\n Serial number of the partition to use\n- \"server-cert\"\n Server certificate in PEM format. Line breaks in PEM string must be replaced with \"\\n\".\n For externally signed server certs (not supported on TCT), append all certificates in the signing chain.\n- \"client-cert\"\n Client certificate in PEM format. Line breaks in PEM string must be replaced with \"\\n\".\n- \"client-cert-key\"\n Client private key in PEM format. Line breaks in PEM string must be replaced with \"\\n\".\n\nFor Luna Network HSM using the STC protocol, the required attributes are:\n- \"host\"\n IP or hostname\n- \"serial\"\n Serial number of the partition to use\n- \"server-cert\"\n Server certificate in PEM format. Line breaks in PEM string must be replaced with \"\\n\".\n- \"stc-par-identity\"\n STC partition identity encoded as a base64 string without line breaks (base64 -w0 1234567890123.pid)\nNote that this instance's STC client identity (see /system/hsm/clients/stcidentity) must be registered externally prior to invoking this API.\n\nLuna PCIe HSM (including TCT) does not require any attribute. initialConfig shall be omitted.\n\nFor ProtectServer HSM, the attributes are:\n- \"host\"\n IP or hostname of the ProtectServer HSM (required)\n- \"port\"\n Port number of the ProtectServer HSM. (optional, defaults to 12396)\n- \"server_cert\"\n The HSM server certificate of the ProtectServer HSM (required)\n\nFor AWS CloudHSM (Cavium) the required attributes are:\n- \"host\"\n ENI IP Address of cloudhsm cluster.\n- \"server-cert\"\n CloudHSM cluster certificate in PEM format. Line breaks in PEM string must be replaced with \"\\n\".\n\n{{FF_GCP_HSM_ROT|For Google Cloud HSM the required attributes are:}}\n{{FF_GCP_HSM_ROT|- \"location\"}}\n{{FF_GCP_HSM_ROT| Google Cloud Location of the key ring. It should match location specified in GCP Project for Google Cloud HSM.}}\n{{FF_GCP_HSM_ROT|- \"key_ring\"}}\n{{FF_GCP_HSM_ROT| Name of key ring that contains the Cloud HSM key. This key ring must exist on specified Google Cloud Location.}}\n\n{{FF_GCP_HSM_ROT|For Google Cloud HSM the optional attribute is:}}\n{{FF_GCP_HSM_ROT|- \"project_id\"}}\n{{FF_GCP_HSM_ROT| ID of the GCP project where the key ring is in. If not specified, default to the ID of the project the service account belongs to.}}\n\nFor Entrust nShield Connect HSM the required attributes are:\n- \"host\"\n IP Address of the Entrust nShield Connect HSM.\n- \"serial\"\n Electronic Serial Number (ESN) of the Entrust nShield Connect HSM.\n- \"hkneti\"\n Hash of the KNETI key (HKNETI) of the Entrust nShield Connect HSM.\n- \"rfs_host\"\n IP Address of the Entrust nShield Connect HSM's Remote File System (RFS).\n\nFor Entrust nShield Connect HSM the optional attributes are:\n- \"port\"\n Port number of the nShield Connect HSM. If not specified, default to 9004.\n- \"rfs_port\"\n Port number of the nShield Connect HSM's RFS. If not specified, default to 9004.\n\nFor IBM HPCS HSM the required attributes are:\n- \"host\"\n Host name or IP Address of cloudhsm server.\n- \"port\"\n Port number of cloudhsm server .\n- \"instance_id\"\n Instance ID of IBM HPCS instance.\n- \"token_space_id\"\n IBM HPCS token space ID.\n\nLuna Network HSM (including TCT) example:\n\n {\n \"host\": \"172.20.32.11\",\n \"serial\": \"1234\",\n \"server-cert\": \"-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\",\n \"client-cert\": \"-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\",\n \"client-cert-key\": \"-----BEGIN RSA PRIVATE KEY-----\\n...\\n-----END RSA PRIVATE KEY-----\"\n }\n\nProtectServer HSM example:\n\n {\n \"host\": \"172.20.32.11\",\n \"port\": \"12396\",\n \"server_cert\": \"-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\"\n }\n\nAWS CloudHSM example:\n\n {\n \"host\": \"172.20.32.11\",\n \"server-cert\": \"-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\"\n }\n\nDPoD example:\n\n Cloud HSMoD (DPoD) client:\n\n {\n \"server_cert\": \"-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\",\n \"partition_ca_cert\": \"-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\",\n \"partition_cert\": \"-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\",\n \"cv_partition_data\": \"Chrystoki-conf-PartitionData00\",\n \"auth_token_config_uri\": \"Chrystoki-conf-AuthTokenConfigURI\",\n \"auth_token_client_id\": \"Chrystoki-conf-AuthTokenClientId\",\n \"auth_token_client_secret\": \"Chrystoki-conf-AuthTokenClientSecret\"\n }\n\n{{FF_GCP_HSM_ROT|GCP Cloud HSM example:}}\n\n{{FF_GCP_HSM_ROT| {}}\n{{FF_GCP_HSM_ROT| \"location\": \"us-east1\",}}\n{{FF_GCP_HSM_ROT| \"key_ring\": \"my-keyring\"}}\n{{FF_GCP_HSM_ROT| }}}\n\nEntrust nShield Connect HSM example:\n\n {\n \"host\": \"10.194.173.39\",\n \"serial\": \"AB03-02E0-D947\",\n \"hkneti\": \"4a7b4d770abc415654cd2b50a25dd38aafce8d60\",\n \"rfs_host\": \"10.194.173.70\"\n }\n\nIBM HPCS HSM example:\n\n\n {\n \"host\": \"ep11.us-south.hs-crypto.cloud.ibm.com\"\n \"port\": \"9253\",\n \"instance_id\": \"4ec51d44-d94d-4200-bc2c-fcfb04b1287c`\"\n \"token_space_id\": \"12c2c67d-9bfe-4e73-a97f-9902913daf6f\"\n }\n\nNote: JSON does not allow line-breaks, it needs to be replaced with \\n. Use \"sed -z 's/\\n/\\\\n/g' cert-file.pem\" command to format the certificate.\n"},"reset":{"type":"boolean","description":"If true CipherTrust Manager will perform a reset operation after the initial HSM setup.\n\nCurrently a reset is required for this operation to succeed.\n\nWARNING - Reset is a destructive operation and will wipe all\ndata in the CipherTrust Manager.\n"},"delay":{"type":"integer","description":"Delay in seconds before reset, defaults to 5 seconds"}},"example":{"type":"luna","connInfo":"{\"partition_name\": \"kylo-partition\", \"partition_password\": \"sOmeP@ssword\"}","initialConfig":{"host":"172.20.32.11","serial":"1234","server-cert":"-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----","client-cert":"-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----","client-cert-key":"-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----"},"reset":true,"delay":5}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","type":"luna","config":{"host":"172.20.32.11","serial":"1234","server-cert":"-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"}}}}}}},"/v1/system/hsm/servers":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add","description":"Adds a new HSM server for high-availability (HA) and load balancing. Only supported for Luna Network HSM (including TCT), AWS cloud HSM, and Entrust nShield Connect HSM.\n\nLuna Network HSM (including TCT) specific notes:\n- The partition password as provided during HSM setup must be the same for all servers in the same HA group\n- The call will fail if the partition on the joining node contains objects. It must be manually cleared using the Luna toolset, or either one of the forceClear or forceCopy optional attributes specified for this operation to succeed. Refer to CipherTrust Manager Administration Guide for more details.\n\nAWS cloud HSM notes:\n- The AWS cloud HSM being added must belong to the same AWS cloud HSM cluster.\n\nEntrust nShield Connect HSM specific note:\n- The new HSM server being added must belong to the same Security World as existing setup or added HSM server(s).\n\nNote:\n This is a long running operation and could take some time, the\n browser might timeout before the operation completes. If you get a\n timeout error then the operation started successfully and you will\n need to `list` to determine if it has completed\n","tags":["HSM Servers"],"parameters":[{"name":"body","in":"body","description":"HSM servers parameters","schema":{"type":"object","title":"Add HSM servers Request","required":["config"],"properties":{"config":{"type":"object","description":"Connection information for the HSM to add as a free form JSON opaque blob. The expected content of this parameter depends on the specific HSM type being added.\n\nFor Luna Network HSM (including TCT) the required attributes are:\n- \"host\"\n IP or hostname\n- \"server-cert\"\n Server certificate in PEM format\n- \"serial\"\n Serial number of the partition to use, this is used to ensure the correct partition is added to the HA group\n\nFor Luna Network HSM (including TCT) the optional attributes are:\n- \"forceClear\"\n When set to \"true\", forcefully clears all existing data on the partition of the joining node before adding it to the HA group. Use with caution. Refer to CipherTrust Manager Administration Guide for more details.\n- \"forceCopy\"\n When set to \"true\", all existing objects on the joining partition are retained and propagated within the HA group. Use with caution. Refer to CipherTrust Manager Administration Guide for more details.\n- \"stc-par-identity\"\n Specify this parameter to use the STC protocol to the Luna Network HSM partition. The STC partition identity must encoded as a base64 string without line breaks (base64 -w0 1234567890123.pid)\n Note that this instance's STC client identity (see /system/hsm/clients/stcidentity) must be registered externally prior to invoking this API.\n\nFor Entrust nShield Connect HSM the required attributes are:\n- \"host\"\n IP Address of the Entrust nShield Connect HSM.\n- \"serial\"\n Electronic Serial Number (ESN) of the Entrust nShield Connect HSM.\n- \"hkneti\"\n Hash of the KNETI key (HKNETI) of the Entrust nShield Connect HSM.\n\nFor Entrust nShield Connect HSM the optional attribute is:\n- \"port\"\n Port number of the nShield Connect HSM. If not specified, default to 9004.\n\nFor AWS cloud HSM, the required attribute is:\n- \"host\"\n IP Address of the AWS cloud HSM\n\nLuna Network HSM (including TCT) example:\n\n {\n \"host\": \"1.2.3.4\",\n \"serial\": \"1234\",\n \"server-cert\": \"-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\"\n }\n\nEntrust nShield Connect HSM example:\n\n {\n \"host\": \"10.194.173.39\",\n \"serial\": \"AB03-02E0-D947\",\n \"hkneti\": \"4a7b4d770abc415654cd2b50a25dd38aafce8d60\"\n }\n\nAWS cloud HSM example:\n\n {\n \"host\": \"10.171.43.174\"\n }\n"}},"example":{"config":{"host":"1.2.3.4","serial":"1234","server-cert":"-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","type":"luna","config":{"host":"1.2.3.4","serial":"1234","server-cert":"-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"}}}}}},"get":{"summary":"List","description":"Returns a list of previously configured HSM servers.\n","tags":["HSM Servers"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string"},"host":{"type":"string"},"config":{"type":"string"}}}}}},"examples":{"application/json":{"resources":[{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","type":"luna","config":{"host":"172.20.32.11","serial":"1234","server-cert":"-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"}}]}}}}}},"/v1/system/hsm/servers/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","required":true,"type":"string","description":"ID of HSM server"}],"get":{"summary":"Get","description":"Returns the details of a single HSM server.","tags":["HSM Servers"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","type":"luna","config":{"host":"172.20.32.11","serial":"1234","server-cert":"-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"}}}},"404":{"description":"HSM server not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a HSM server.\n\nA `reset` operation is required when the last HSM server is deleted.\nThis means that all existing data in the system will be wiped and\nCipherTrust Manager will be started from a clean slate.\n","tags":["HSM Servers"],"parameters":[{"name":"body","in":"body","description":"HSM server delete parameters","schema":{"type":"object","title":"Delete HSM server Request","properties":{"reset":{"type":"boolean","description":"If true CipherTrust Manager will perform a reset operation after adding the HSM server.\n\nCurrently a reset is required for this operation to succeed.\n\nWARNING - Reset is a destructive operation and will wipe all\ndata in the CipherTrust Manager.\n"},"delay":{"type":"integer","description":"Delay in seconds before reset, defaults to 5 seconds"}},"example":{"reset":true,"delay":5}}}],"responses":{"204":{"description":"No Content | Successful deletion of HSM server.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/hsm/clients/stcidentity/download":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Luna STC client identity file download","x-interactive":false,"description":"This API returns the Luna STC client identity file. The STC protocol is an alternative to the default NTLS\nprotocol. The partition Security Officer supplies the downloaded file during the 'stcconfig clientregister'\nlunacm command which must be done before invoking the /system/hsm/setup API (see the schema property\ninformation for initialConfig of the /system/hsm/setup API)\n","tags":["HSM Clients"],"produces":["application/octet-stream"],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/system/services/reset":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Reset","description":"Resets the CipherTrust Manager instance.\n\nWARNING - This is a destructive operation and will wipe all data in the\nCipherTrust Manager.\n","tags":["Services"],"parameters":[{"name":"body","in":"body","description":"Reset CipherTrust Manager parameters","schema":{"type":"object","title":"Reset CipherTrust Manager Request","properties":{"delay":{"type":"integer","description":"Delay in seconds before reset, defaults to 5 seconds"}},"example":{"delay":5}}}],"responses":{"202":{"description":"Accept","schema":{"type":"object"},"examples":{"application/json":null}}}}},"/v1/system/services/restart":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Restart","description":"Restarts the CipherTrust Manager service.\n","tags":["Services"],"parameters":[{"name":"body","in":"body","description":"Restart CipherTrust Manager parameters","schema":{"type":"object","title":"Restart CipherTrust Manager Request","properties":{"delay":{"type":"integer","description":"Delay in seconds before restart, defaults to 5 seconds"},"services":{"type":"array","items":{"type":"string"},"description":"An array of services to restart. If this parameter is ommitted, the entire application is restarted. Options include - nae-kmip, web\n"}},"example":{"delay":5,"services":["nae-kmip"]}}}],"responses":{"202":{"description":"Accept","schema":{"type":"object"},"examples":{"application/json":null}}}}},"/v1/system/services/status":{"get":{"summary":"Status","description":"Returns the status of CipherTrust Manager instance and services.\n","produces":["application/json"],"parameters":[{"name":"service_names","in":"query","description":"Filter by CipherTrust Manager service name, for example \"nae-kmip\".","type":"string"},{"name":"status","in":"query","description":"Filter by CipherTrust Manager service status, valid status are started, starting, bootstrap and error.","type":"string"}],"tags":["Services"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"status":{"type":"string","description":"Overall status of the system (started, starting, error, bootstrap)"},"services":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"Name of service"},"status":{"type":"string","description":"Status of service (started, starting, error)"}}}},"messages":{"type":"array","items":{"type":"string","description":"An optional list of human readable error messages from server"}}}},"examples":{"application/json":{"status":"started","services":[{"name":"nae-kmip","status":"started"},{"name":"web","status":"started"}]}}}}}},"/v1/system/info":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns this system's info attributes.\n","tags":["Info"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"name":{"type":"string"}}}]},"examples":{"application/json":{"name":"production1","version":"1.2.3.1111","model":"CipherTrust Manager k170v"}}}}},"patch":{"summary":"Set","description":"Set the system info. Only the name can be set - other attributes in the body are invalid.\n","tags":["Info"],"parameters":[{"name":"body","in":"body","description":"Set Info parameters","schema":{"type":"object","title":"Set Info Request","required":["name"],"properties":{"name":{"type":"string","description":"New user friendly name for the system. Will be returned by subsequent calls to GET."}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"name":{"type":"string"}}}]},"examples":{"application/json":{"name":"production1","version":"1.2.3.1111","model":"CipherTrust Manager k170v"}}}}}},"/v1/system/ssh/keys":{"post":{"summary":"Add","description":"Adds an SSH public key to use for authentication. This operation is allowed only during CipherTrust Manager service bootstrap\nwhen there are no SSH public keys configured on the system or only the default SSH public key is present.\nThe default SSH key will be removed if it exists. CipherTrust Manager service will not start unless the default SSH public key is replaced.\n","tags":["SSH"],"parameters":[{"name":"body","in":"body","description":"Add SSH public key parameters","schema":{"type":"object","title":"Add SSH public key Request","required":["key"],"properties":{"key":{"type":"string","description":"SSH public key to add"}},"example":{"key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIVGP8Ojyum6d7/r2Q1oihXfEcmEgzKUOCcNue2ovIRaxnqdFBTIEVnPBu6R0kMvBHvhyYpqQaLyCa6QhYgmzLA16A7M0+QSdBz+pFC6cMF6VK9b/lXgLek3aD4s+ynCc+/RF+n2AcS5j+JmkvQeOntY/WhmvCwJJpk6cmNfpnqfF/C8ExvGC3IPBCaVtHU2eIHvT0rIVwGYNZulrryeoPQZ2vH4cUPCDHxFeWTGCjXxPvy0JSoY0Z5mKJtxWLnEgIFzTUYiDueKM7HTrj5LPzov3ohB5bhNdiA+wLljFL7da8OvNhXp6aqCgg9ezs8df3bNSkWiaf24R/28sTeDuF"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"2stB4YDM5bz0uGez/EVhY6tX77E+taz0E6oL6m0Uv1g","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIVGP8Ojyum6d7/r2Q1oihXfEcmEgzKUOCcNue2ovIRaxnqdFBTIEVnPBu6R0kMvBHvhyYpqQaLyCa6QhYgmzLA16A7M0+QSdBz+pFC6cMF6VK9b/lXgLek3aD4s+ynCc+/RF+n2AcS5j+JmkvQeOntY/WhmvCwJJpk6cmNfpnqfF/C8ExvGC3IPBCaVtHU2eIHvT0rIVwGYNZulrryeoPQZ2vH4cUPCDHxFeWTGCjXxPvy0JSoY0Z5mKJtxWLnEgIFzTUYiDueKM7HTrj5LPzov3ohB5bhNdiA+wLljFL7da8OvNhXp6aqCgg9ezs8df3bNSkWiaf24R/28sTeDuF"}}}}}},"/v1/system/network/ping":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Ping a host","description":"Returns a ping response of the specified system using the interface contained in the call","tags":["Network"],"parameters":[{"name":"body","in":"body","description":"Ping submission parameters","schema":{"type":"object","title":"Test the reachability of a host","required":["destination"],"properties":{"destination":{"type":"string","description":"Hostname, domain name or IP Address"},"ipv4":{"type":"boolean","description":"use IPv4 only. Cannot be used with ipv6"},"ipv6":{"type":"boolean","description":"use IPv6 only. Cannot be used with ipv4"},"interface":{"type":"string","description":"Network interface to use. Refer List network interfaces api for available interfaces"},"count":{"type":"integer","description":"Number of packets to send"},"timeout_secs":{"type":"integer","description":"Number of seconds to wait for response"}},"example":{"destination":"www.google.com","count":1,"timeout_secs":2}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","title":"Test the reachability of a host","required":["destination"],"properties":{"destination":{"type":"string","description":"Hostname, domain name or IP Address"},"ipv4":{"type":"boolean","description":"use IPv4 only. Cannot be used with ipv6"},"ipv6":{"type":"boolean","description":"use IPv6 only. Cannot be used with ipv4"},"interface":{"type":"string","description":"Network interface to use. Refer List network interfaces api for available interfaces"},"count":{"type":"integer","description":"Number of packets to send"},"timeout_secs":{"type":"integer","description":"Number of seconds to wait for response"}},"example":{"destination":"www.google.com","count":1,"timeout_secs":2}},"examples":{"application/json":{"response":{"ip_address":"172.217.1.228","hostname":"www.google.com","packets_sent":1,"packets_received":1,"packets_lost":0,"min_rtt":60187,"max_rtt":176342,"avg_rtt":99607}}}},"422":{"description":"Interface not found / Host not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/network/traceroute":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Tracerouting a host","description":"Returns a traceroute response of the specified system using the interface contained in the call","tags":["Network"],"parameters":[{"name":"body","in":"body","description":"Traceroute submission parameters","schema":{"type":"object","title":"Trace the possible routes and measure delays that an IP packet takes to its destination","required":["destination"],"properties":{"destination":{"type":"string","description":"Hostname, domain name or IP Address"},"port":{"type":"integer","description":"The destination port to use"},"ipv4":{"type":"boolean","description":"use IPv4 only. Cannot be used with ipv6"},"ipv6":{"type":"boolean","description":"use IPv6 only. Cannot be used with ipv4"},"interface":{"type":"string","description":"Network interface to use. Refer List network interfaces api for available interfaces."},"tcp":{"type":"boolean","description":"Use TCP SYN for tracerouting"},"udp":{"type":"boolean","description":"Use UDP to particular port for tracerouting"},"sendwait":{"type":"integer","description":"Minimum time interval between probes"},"max_ttl":{"type":"integer","description":"The max number of hops"},"first_ttl":{"type":"integer","description":"Start from the first_ttl hop"},"nqueries":{"type":"integer","description":"The number of probes per each hop"}},"example":{"destination":"www.google.com","max_ttl":5}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","title":"Trace the possible routes and measure delays that an IP packet takes to its destination","required":["destination"],"properties":{"destination":{"type":"string","description":"Hostname, domain name or IP Address"},"port":{"type":"integer","description":"The destination port to use"},"ipv4":{"type":"boolean","description":"use IPv4 only. Cannot be used with ipv6"},"ipv6":{"type":"boolean","description":"use IPv6 only. Cannot be used with ipv4"},"interface":{"type":"string","description":"Network interface to use. Refer List network interfaces api for available interfaces."},"tcp":{"type":"boolean","description":"Use TCP SYN for tracerouting"},"udp":{"type":"boolean","description":"Use UDP to particular port for tracerouting"},"sendwait":{"type":"integer","description":"Minimum time interval between probes"},"max_ttl":{"type":"integer","description":"The max number of hops"},"first_ttl":{"type":"integer","description":"Start from the first_ttl hop"},"nqueries":{"type":"integer","description":"The number of probes per each hop"}},"example":{"destination":"www.google.com","max_ttl":5}},"examples":{"application/json":{"response":["traceroute to 127.0.0.1 (127.0.0.1), 30 hops max, 60 byte packets","1 localhost (127.0.0.1) 0.045 ms 0.017 ms 0.012 ms"]}}},"422":{"description":"Interface not found / Host not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/network/checkport":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Check if a port is available on a remote system","description":"Returns the response after attempting to connect to a remote system using the (optional) interface contained in the call","tags":["Network"],"parameters":[{"name":"body","in":"body","description":"Checkport submission parameters","schema":{"type":"object","title":"Connect if a specific TCP port is open or not on the specified remote host","required":["destination","port"],"properties":{"destination":{"type":"string","description":"Hostname, domain name or IP Address"},"interface":{"type":"string","description":"Network interface to use. Refer List network interfaces api for available interfaces."},"ipv4":{"type":"boolean","description":"use IPv4 only. Cannot be used with ipv6"},"ipv6":{"type":"boolean","description":"use IPv6 only. Cannot be used with ipv4"},"port":{"type":"integer","description":"Port number"},"timeout_secs":{"type":"integer","description":"Number of seconds to wait for the response"}},"example":{"destination":"www.google.com","port":80,"timeout_secs":2}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","title":"Connect if a specific TCP port is open or not on the specified remote host","required":["destination","port"],"properties":{"destination":{"type":"string","description":"Hostname, domain name or IP Address"},"interface":{"type":"string","description":"Network interface to use. Refer List network interfaces api for available interfaces."},"ipv4":{"type":"boolean","description":"use IPv4 only. Cannot be used with ipv6"},"ipv6":{"type":"boolean","description":"use IPv6 only. Cannot be used with ipv4"},"port":{"type":"integer","description":"Port number"},"timeout_secs":{"type":"integer","description":"Number of seconds to wait for the response"}},"example":{"destination":"www.google.com","port":80,"timeout_secs":2}},"examples":{"application/json":{"response":{"response":"connection successful"}}}},"422":{"description":"Interface not found / Host not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/network/interfaces":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of network interfaces and their states. When an\ninterface is configured with DHCP then its actual addresses are\nreturned.\n","tags":["Network"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"resources":{"type":"object","title":"Interface","required":["name"],"properties":{"name":{"type":"string","description":"The network interface name, e.g. \"ens3\"."},"force_gateway":{"type":"boolean","description":"Force system default gateway update, i.e. overwrite system default gateway when this device is brought up. By default a network interface will only set the system default gateway if is not already set. This feature can be used to force a specific network interface to be used for outgoing traffic initiated from the machine itself.\n\ntrue to enable, false to disable, and absent to use the existing\nvalue.\n"},"inet":{"description":"IPv4 specific settings.","type":"object","title":"inet","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in dot-decimal notation (e.g. 255.255.255.0). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"inet6":{"description":"IPv6 specific settings.","type":"object","title":"inet6","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* auto - obtain all settings via stateless autoconfiguration\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in bits (e.g. 64). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"bond":{"description":"Bond specific settings.","type":"object","title":"bond","properties":{"options":{"type":"string","description":"Read only. Bond configuration's 'options' field. See https://developer.gnome.org/NetworkManager/stable/nmcli.html table 11. Only applies to the interface that bonded other interfaces."},"master":{"type":"string","description":"Read only. The name of the network interface that bonded this interface."}}}},"example":{"name":"ens3","inet":{"method":"static","ip":"192.168.1.2","netmask":"255.255.255.0","gateway":"192.168.1.0","dns":["8.8.8.8","8.8.4.4"]}}}}},"examples":{"application/json":{"skip":0,"limit":10,"total":4,"resources":[{"name":"ens3","inet":{"method":"static","ip":"192.168.1.2","netmask":"255.255.255.0","gateway":"192.168.1.0","dns":["8.8.8.8","8.8.4.4"]},"inet6":{"method":"auto","ip":"2005:1000::a00:27ff:febb:5083","netmask":64,"gateway":"fe80::cad7:19ff:feff:774d"},"bond":{"options":"auto","master":"bond0"}},{"name":"bond0","inet":{"method":"dhcp","ip":"192.168.1.3","netmask":"255.255.255.0","gateway":"192.168.1.0","dns":["8.8.8.8","8.8.4.4"]},"inet6":{"method":"none"},"bond":{"options":"mode=balance-rr"}},{"name":"ens4","inet":{"method":"none"},"inet6":{"method":"none"},"bond":{"master":"bond0"}},{"name":"ens5","inet":{"method":"none"},"inet6":{"method":"none"},"bond":{"master":"bond0"}}]}}}}}},"/v1/system/network/interfaces/{interface}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","required":true,"type":"string","description":"Name of the network interface"}],"get":{"summary":"Get","description":"Returns the state of the network interface. When the interface is configured with DHCP then its actual addresses are returned.","tags":["Network"],"responses":{"200":{"description":"OK","schema":{"type":"object","title":"Interface","required":["name"],"properties":{"name":{"type":"string","description":"The network interface name, e.g. \"ens3\"."},"force_gateway":{"type":"boolean","description":"Force system default gateway update, i.e. overwrite system default gateway when this device is brought up. By default a network interface will only set the system default gateway if is not already set. This feature can be used to force a specific network interface to be used for outgoing traffic initiated from the machine itself.\n\ntrue to enable, false to disable, and absent to use the existing\nvalue.\n"},"inet":{"description":"IPv4 specific settings.","type":"object","title":"inet","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in dot-decimal notation (e.g. 255.255.255.0). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"inet6":{"description":"IPv6 specific settings.","type":"object","title":"inet6","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* auto - obtain all settings via stateless autoconfiguration\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in bits (e.g. 64). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"bond":{"description":"Bond specific settings.","type":"object","title":"bond","properties":{"options":{"type":"string","description":"Read only. Bond configuration's 'options' field. See https://developer.gnome.org/NetworkManager/stable/nmcli.html table 11. Only applies to the interface that bonded other interfaces."},"master":{"type":"string","description":"Read only. The name of the network interface that bonded this interface."}}}},"example":{"name":"ens3","inet":{"method":"static","ip":"192.168.1.2","netmask":"255.255.255.0","gateway":"192.168.1.0","dns":["8.8.8.8","8.8.4.4"]}}},"examples":{"application/json":{"name":"ens3","inet":{"ip":"10.10.105.32","netmask":"255.255.252.0","gateway":"10.10.105.1","dns":["8.8.8.8"]},"inet6":{"ip":"2001:0db8:85a3:0000:0000:8a2e:0370:7334","netmask":64,"dns":["2001:4860:4860:0:0:0:0:8888"]}}}},"404":{"description":"Network interface not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Modify the network interface configuration asynchronously. Since the final result is not known, GET with the same path can be used periodically to check if the change is applied successfully.\nWhen inet or inet6 has existing values and the request method is 'static' then any property absent from the request inherits the existing value. For example, if the interface is configured to use DHCP and the modify request only contains 'ip' and 'dns', then the existing values for netmask and gateway are applied as part of the static configuration.\nIf 'bond' is provided then it is ignored. These values can only be modified via the console or ssh using 'nmcli'.\nPlease note there is a risk that modifying a network interface remotely using this API may make communication with the node impossible without console access.","tags":["Network"],"parameters":[{"name":"body","in":"body","description":"Update interface with static IPv4","required":true,"schema":{"type":"object","title":"Interface","required":["name"],"properties":{"name":{"type":"string","description":"The network interface name, e.g. \"ens3\"."},"force_gateway":{"type":"boolean","description":"Force system default gateway update, i.e. overwrite system default gateway when this device is brought up. By default a network interface will only set the system default gateway if is not already set. This feature can be used to force a specific network interface to be used for outgoing traffic initiated from the machine itself.\n\ntrue to enable, false to disable, and absent to use the existing\nvalue.\n"},"inet":{"description":"IPv4 specific settings.","type":"object","title":"inet","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in dot-decimal notation (e.g. 255.255.255.0). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"inet6":{"description":"IPv6 specific settings.","type":"object","title":"inet6","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* auto - obtain all settings via stateless autoconfiguration\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in bits (e.g. 64). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"bond":{"description":"Bond specific settings.","type":"object","title":"bond","properties":{"options":{"type":"string","description":"Read only. Bond configuration's 'options' field. See https://developer.gnome.org/NetworkManager/stable/nmcli.html table 11. Only applies to the interface that bonded other interfaces."},"master":{"type":"string","description":"Read only. The name of the network interface that bonded this interface."}}}},"example":{"name":"ens3","inet":{"method":"static","ip":"192.168.1.2","netmask":"255.255.255.0","gateway":"192.168.1.0","dns":["8.8.8.8","8.8.4.4"]}}}}],"responses":{"202":{"description":"Accepted - request started but a response cannot be provided because the IP address may change. There is no guarantee the request is applied successfully."},"409":{"description":"Conflict - when the existing configuration uses DHCP but the request does not have 'ip'.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/network/lookup":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Query the mapping between domain name and ipaddress or other dns records.","description":"When looking up a host name, a list of IP addresses associated with the host name are returned.\nWhen looking up an IP address, a list of host names associated with the IP address are returned.\n","tags":["Network"],"parameters":[{"name":"body","in":"body","description":"Lookup parameters","schema":{"type":"object","title":"Query the mapping between domain name and IP address or other dns records","required":["target"],"properties":{"target":{"type":"string","description":"An IP address or host name to lookup.\nThe IP address can be an IPv4 or IPv6 address.\n"}},"example":{"target":"1.1.1.1"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"hosts":{"type":"array","description":"List of host names mapping to the supplied IP address, or,\nlist of IP addresses mapping to the host name.\n","items":{"type":"string"}}}},"examples":{"application/json":{"response":{"hosts":["www.abc.com","www.def.com"]}}}},"422":{"description":"Address or host name not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/mkeks":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of Master KEKs. Results can be refined with query params.\n","parameters":[{"name":"default","in":"query","type":"boolean","description":"true to get only the default Mkek, false for otherwise.(default is true)\n"}],"tags":["MKek"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","properties":{"id":{"type":"string","description":"Mkek ID."},"name":{"type":"string","description":"Secret Name"},"is_default":{"type":"boolean","description":"If this is the default Mkek"},"created_at":{"type":"string","format":"date-time","description":"Creation time of the Master KEK"},"sealer_name":{"type":"string","description":"name of the sealer"},"kek_name":{"type":"string","description":"Name of the secret i.e. KEK."}}}]}}}},"examples":{"application/json":{"total":1,"info":[{"id":"5f266878-ca45-4576-9e21-e1c5f106d04f","name":"sampleMkek","is_default":true,"created_at":"2021-02-25T06:57:50.15507095Z","sealer_name":"none"}]}}}}}},"/v1/system/mkeks/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","required":true,"type":"string","description":"ID of the Master KEK"}],"get":{"summary":"Get MKek","description":"Get the details of a Master KEK given by ID.","tags":["MKek"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"id":{"type":"string","description":"Mkek ID."},"name":{"type":"string","description":"Secret Name"},"is_default":{"type":"boolean","description":"If this is the default Mkek"},"created_at":{"type":"string","format":"date-time","description":"Creation time of the Master KEK"},"sealer_name":{"type":"string","description":"name of the sealer"},"kek_name":{"type":"string","description":"Name of the secret i.e. KEK."}}}}}}},"/v1/system/mkeks/rotate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Rotate MKek","description":"Rotates the default mkek on the CipherTrust Manager. It will be replicated across all the nodes in a cluster.","tags":["MKek"],"parameters":[{"in":"body","name":"body","schema":{"type":"object","allOf":[{"type":"object","description":"Custom name of the Master KEK","properties":{"name":{"type":"string","description":"Custom name of the Master KEK."}}}],"example":{"application/json":{"name":"mkek_sample_name"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"id":{"type":"string","description":"Mkek ID."},"name":{"type":"string","description":"Secret Name"},"is_default":{"type":"boolean","description":"If this is the default Mkek"},"created_at":{"type":"string","format":"date-time","description":"Creation time of the Master KEK"},"sealer_name":{"type":"string","description":"name of the sealer"},"kek_name":{"type":"string","description":"Name of the secret i.e. KEK."}}}}}}},"/v1/system/metrics/prometheus":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get metrics","description":"This endpoint is typically used by a Prometheus client.\nIt must use the API token to authenticate itself to the CipherTrust Manager.\nThe API token can be obtained by enabling Prometheus metrics collection (POST to\n/v1/system/metrics/prometheus/enable), or by\ngetting the status of Prometheus metrics server on the CM (GET to\n/v1/system/metrics/prometheus/status).\n\nHere is a curl command that can be used for fetching Prometheus metrics:\n\ncurl -k 'https:///api/v1/system/metrics/prometheus' -H 'Authorization: Bearer ' --compressed\n","tags":["Prometheus Metrics"],"produces":["text/plain"],"responses":{"200":{"description":"OK"}}}},"/v1/system/metrics/prometheus/enable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Enable metrics collection","description":"This enables collection of Prometheus metrics.\nIt also returns an API token that can be used by a Prometheus client to scrape the CM for metrics.\n","tags":["Prometheus Metrics"],"responses":{"201":{"description":"OK","schema":{"type":"object","description":"Status of metrics collection","properties":{"enabled":{"type":"boolean","description":"This determines whether Prometheus metrics collection is enabled (true) or disabled (false).\n"},"token":{"type":"string","description":"This token can be used by the Prometheus client to get metrics from the CM.\n"}}}}}}},"/v1/system/metrics/prometheus/disable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Disable metrics collection","tags":["Prometheus Metrics"],"responses":{"201":{"description":"OK","schema":{"type":"object","description":"Status of metrics collection","properties":{"enabled":{"type":"boolean","description":"This determines whether Prometheus metrics collection is enabled (true) or disabled (false).\n"},"token":{"type":"string","description":"This token can be used by the Prometheus client to get metrics from the CM.\n"}}}}}}},"/v1/system/metrics/prometheus/renew-token":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Renew metrics collection token","description":"This renews the token used by Prometheus clients to scrape the CM for metrics.\n","tags":["Prometheus Metrics"],"responses":{"201":{"description":"OK","schema":{"type":"object","description":"Status of metrics collection","properties":{"enabled":{"type":"boolean","description":"This determines whether Prometheus metrics collection is enabled (true) or disabled (false).\n"},"token":{"type":"string","description":"This token can be used by the Prometheus client to get metrics from the CM.\n"}}}}}}},"/v1/system/metrics/prometheus/status":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"get configuration","description":"Determine whether Prometheus metrics collection is enabled, and also get\nthe API token that can be used for scraping metrics.\n","tags":["Prometheus Metrics"],"responses":{"200":{"description":"OK","schema":{"type":"object","description":"Status of metrics collection","properties":{"enabled":{"type":"boolean","description":"This determines whether Prometheus metrics collection is enabled (true) or disabled (false).\n"},"token":{"type":"string","description":"This token can be used by the Prometheus client to get metrics from the CM.\n"}}}}}}},"/v1/system/rot-keys":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of root of trust keys.","tags":["Root of Trust Keys"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","properties":{"id":{"type":"string","description":"Root of trust key ID."},"created_at":{"type":"string","format":"date-time","description":"Creation time of the root of trust key."},"is_active_key":{"type":"boolean","description":"Specifies whether this root of trust key is the active key."}}}]}}}},"examples":{"skip":0,"limit":10,"count":1,"rotkeys":[{"id":"DARKSTARKEY_37e16cb1-8fc6-406f-b3b8-a08d9f529926","created_at":"2021-12-10T00:38:42.000488Z","is_active_key":true},{"id":"DARKSTARKEY","created_at":"2021-12-09T00:28:42.000758Z"}]}}}}},"/v1/system/rot-keys/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Gets a root of trust key by id.","tags":["Root of Trust Keys"],"responses":{"200":{"description":"OK","schema":{"properties":{"resources":{"type":"object","allOf":[{"type":"object","properties":{"id":{"type":"string","description":"Root of trust key ID."},"created_at":{"type":"string","format":"date-time","description":"Creation time of the root of trust key."},"is_active_key":{"type":"boolean","description":"Specifies whether this root of trust key is the active key."}}}]}}},"examples":{"id":"DARKSTARKEY_37e16cb1-8fc6-406f-b3b8-a08d9f529926","created_at":"2021-12-10T00:38:42.000488Z"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a root of trust key by id.","parameters":[{"name":"force","in":"query","type":"boolean","description":"true for deletion with force option, false for deletion without force option.(default is false)\n"}],"tags":["Root of Trust Keys"],"responses":{"204":{"description":"No Content | Successful deletion of the root of trust key."},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"409":{"description":"Resource conflict.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/rotate-rot-keys":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Rotate","description":"This operation rotates the current (active) root of trust key to a new or pre-existing key.\n\nA new key with a randomly generated name is created when no ID is supplied.\nThe key ID can be specified in the body of the request.\nA new key with this ID is created if a key with the supplied ID doesn't exist.\n\nIf multiple CipherTrust Manager instances are configured to use the same HSM partition,\nthey end up using shared 'root of trust' keys.\nIn a \"Shared HSM\" configuration, this operation facilitates sharing\nof rotated root of trust key among various nodes in the cluster.\n","tags":["Root of Trust Keys"],"parameters":[{"in":"body","name":"body","schema":{"type":"object","title":"Root of Trust Key Details","properties":{"id":{"type":"string","description":"Root of trust key ID.\nA new RoT key is created if this parameter isn't supplied, or\na RoT key with the supplied ID doesn't exist.\n"}},"example":{"application/json":{"id":"DARKSTARKEY_37e16cb1-8fc6-406f-b3b8-a08d9f529926"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"id":{"type":"string","description":"Root of trust key ID."},"created_at":{"type":"string","format":"date-time","description":"Creation time of the root of trust key."},"is_active_key":{"type":"boolean","description":"Specifies whether this root of trust key is the active key."}}},"examples":{"application/json":{"id":"DARKSTARKEY_37e16cb1-8fc6-406f-b3b8-a08d9f529926","createdAt":"2021-12-16T23:17:59.329893777Z","is_active_key":true}}}}}},"/v1/system/ssh/kex":{"get":{"x-feature":"FF_CONFIG_SSH_KEX","summary":"List","description":"Returns a list of SSH key exchange algorithms.\n","tags":["SSH"],"responses":{"200":{"description":"OK","schema":{"type":"object"}},"403":{"description":"Forbidden"}}},"patch":{"x-feature":"FF_CONFIG_SSH_KEX","summary":"Update","description":"Update the list of SSH key exchange algorithms to be used by the system.\n","tags":["SSH"],"parameters":[{"name":"body","in":"body","description":"SSH key exchange algorithms parameters","schema":{"type":"object","title":"Update SSH key exchange algorithms","required":["kex_algorithms"],"properties":{"kex_algorithms":{"type":"array","description":"Tech Preview - List of SSH key exchange algorithms","items":{"type":"object","required":["name","enabled"],"properties":{"name":{"type":"string","description":"SSH key exchange algorithm name. Valid values are - 'diffie-hellman-group-exchange-sha256', 'curve25519-sha256@libssh.org' and 'mlkem768x25519-sha256'"},"enabled":{"type":"boolean","description":"If set to true, corresponding key exchange algorithm is enabled.\n"}}}}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"}},"403":{"description":"Forbidden"},"422":{"description":"UnprocessableEntity"}}}},"/v1/snmp/info":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns SNMP info attributes.\n","tags":["SNMP"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"engine_id":{"type":"string"}}}]},"examples":{"application/json":{"engine_id":"0x80001f880422353539353933584e4d5272317956486922"}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}}},"/v1/snmp/communities":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"List the SNMP communities configured for SNMP v1 and v2c management.\n","tags":["SNMP"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string"},"createdAt":{"type":"string"},"updatedAt":{"type":"string"},"name":{"type":"string"},"source":{"type":"string"},"mib_accesses":{"type":"array","items":{"type":"string"}},"read_write":{"type":"boolean"}}}}}},"examples":{"application/json":{"skip":0,"limit":10,"total":2,"resources":[{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10911","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","name":"public","mib_accesses":["standard","enterprise"],"read_write":false},{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10912","createdAt":"2019-03-17T14:57:08.989757Z","updatedAt":"2019-03-17T14:57:08.989757Z","name":"private","mib_accesses":["enterprise"],"read_write":true}]}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API. \n"}}},"post":{"summary":"Add","description":"Add SNMP community configuration to use with versions v1 and v2c. Valid community names must contain 1 non-space character and must not contain any\nof these characters: double quote (\"), single quote ('), slash (/), back slash (\\\\), carriage return (\\r) and line feed (\\n).\n","tags":["SNMP"],"parameters":[{"name":"body","in":"body","description":"SNMP Community configuration","schema":{"type":"object","title":"SNMP Community configuration.","required":["name"],"properties":{"name":{"type":"string","description":"Community name"},"source":{"type":"string","description":"SNMP Management station IP or hostname or range of addresses to be allowed.\nDefault value is 'default' which will allow all management stations.\n"},"mib_accesses":{"type":"array","items":{"type":"string"},"description":"Access to MIB object groups 'standard', 'enterprise', or both. Default is 'standard' only.\n"},"read_write":{"type":"boolean","description":"Read-write or read-only access to the MIB objects. Default is read-only."}},"example":{"application/json":{"name":"public","source":"10.10.0.0/16","mib_accesses":["standard","enterprise"],"read_write":true}}}}],"responses":{"201":{"description":"SNMP community configuration has been saved and loaded to SNMP agent.","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10911","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","name":"public","source":"10.10.0.0/16","mib_accesses":["standard","enterprise"],"read_write":true}}},"202":{"description":"Configuration is saved but not loaded to SNMP agent. It will be loaded later when the\nSNMP agent becomes available.\n"},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}}},"/v1/snmp/communities/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","required":true,"type":"string","description":"Resource identifier. ID of the SNMP Community configuration."}],"get":{"summary":"Get","description":"Get a Community configuration info.","tags":["SNMP"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10911","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","name":"john","source":"1.1.1.15","mib_accesses":["standard","enterprise"],"read_write":true}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}},"patch":{"summary":"Update","description":"Update a SNMP community configuration. Valid community names must contain 1 non-space character and must not contain any\nof these characters: double quote (\"), single quote ('), slash (/), back slash (\\\\), carriage return (\\r) and line feed (\\n).\n","tags":["SNMP"],"parameters":[{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, the supported fields are \"auth_password\" and \"priv_password\". These fields are not \nincluded in response by default and so this query parameter is necessary if those fields are needed.\n"},{"name":"body","in":"body","description":"SNMP Community configuration","schema":{"type":"object","title":"SNMP Community configuration.","required":["name"],"properties":{"name":{"type":"string","description":"Community name"},"source":{"type":"string","description":"SNMP Management station IP or hosts to be allowed."},"mib_accesses":{"type":"array","items":{"type":"string"},"description":"Access to MIB object groups 'standard', 'enterprise', or both.\n"},"read_write":{"type":"boolean","description":"Read-write or read-only access to the MIB objects."}},"example":{"application/json":{"mib_accesses":["standard","enterprise"]}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10911","createdAt":"2019-03-17T14:39:08.989757Z","updatedAt":"2019-03-17T14:45:08.989757Z","name":"public","mib_accesses":["standard","enterprise"],"read_write":false}}},"202":{"description":"Configuration is saved but not loaded to SNMP agent. It will be loaded later when the\nSNMP agent becomes available.\n"},"404":{"description":"Resource not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}},"delete":{"summary":"Delete","description":"Deletes a SNMP Community configuration.","tags":["SNMP"],"responses":{"202":{"description":"Configuration is saved but not loaded to SNMP agent. It will be loaded later when the\nSNMP agent becomes available.\n"},"204":{"description":"No Content | Successful deletion of SNMP management station.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}}},"/v1/snmp/users":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"List the configured SNMP USM users.\n","tags":["SNMP"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, the supported fields are \"auth_password\" and \"priv_password\". These fields are not \nincluded in response by default and so this query parameter is necessary if those fields are needed.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string"},"createdAt":{"type":"string"},"updatedAt":{"type":"string"},"engine_id":{"type":"string"},"name":{"type":"string"},"security_level":{"type":"string"},"auth_protocol":{"type":"string"},"auth_password":{"type":"string"},"priv_protocol":{"type":"string"},"priv_password":{"type":"string"},"mib_accesses":{"type":"array","items":{"type":"string"}},"read_write":{"type":"boolean"}}}}}},"examples":{"application/json":{"resources":[{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10911","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","name":"john","security_level":"authPriv","auth_protocol":"SHA","priv_protocol":"AES","mib_accesses":["standard","enterprise"],"read_write":false},{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10912","createdAt":"2019-03-17T14:57:08.989757Z","updatedAt":"2019-03-17T14:57:08.989757Z","name":"rob","security_level":"authNoPriv","auth_protocol":"MD5","priv_protocol":"SHA","mib_accesses":["enterprise"],"read_write":false}]}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}},"post":{"summary":"Add","description":"Add a SNMP USM user to use with SNMP v3 management or notifications (traps and informs). User names or passwords must not contain any\nof these characters: double quote (\"), single quote ('), slash (/), back slash (\\\\), carriage return (\\r) and line feed (\\n).\n","tags":["SNMP"],"parameters":[{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, the supported fields are \"auth_password\" and \"priv_password\". These fields are not \nincluded in response by default and so this query parameter is necessary if those fields are needed.\n"},{"name":"body","in":"body","description":"SNMP user configuration","schema":{"type":"object","title":"Add a SNMP user configuration","required":["name","security_level"],"properties":{"engine_id":{"type":"string","description":"Engine ID of the notification receiver for inform and it is optional.\nIt will be discovered for inform if not set.\n"},"name":{"type":"string","description":"Name of the user. It is also called as security name. Max 32."},"security_level":{"type":"string","description":"Security level. Valid values are noAuthNoPriv, authNoPriv and authPriv."},"auth_protocol":{"type":"string","description":"Authentication protocol. MD5, SHA, SHA-224, SHA-256, SHA-384, SHA-512 are supported.\nRequired for authNoPriv and authPriv security levels.\n"},"auth_password":{"type":"string","description":"Authentication password. Required with authentication protocol. Size must be 8 - 32"},"priv_protocol":{"type":"string","description":"Privacy protocol. DES, AES, AES-192, AES-192-C, AES-256, AES-256-C are supported. Algorithms AES, AES-192 and AES-256 use the Blumenthal Internet-Draft. Algorithms AES-192-C and AES-256-C (Cisco) use the key localization procedure for 3DES (Reeder Internet-Draft)."},"priv_password":{"type":"string","description":"Privacy password. Required with privacy protcol. Size must be 8 - 32."},"mib_accesses":{"type":"array","items":{"type":"string"},"description":"Access to MIB object groups 'standard', 'enterprise', or both.\nDo not set if the user will be used only for notifications.\n"},"read_write":{"type":"boolean","description":"Read-write or read-only access to the MIB objects. Default is read only.\n"}},"example":{"name":"john","security_level":"authPriv","auth_protocol":"SHA","auth_password":"AuthPass@1","priv_protocol":"AES","priv_password":"PrivPass@1","mib_accesses":["standard","enterprise"],"read_write":true}}}],"responses":{"201":{"description":"Successful SNMP user creation and loaded to SNMP agent.","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10911","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","name":"john","security_level":"authPriv","auth_protocol":"SHA","auth_password":"AuthPass@1","priv_protocol":"AES","priv_password":"PrivPass@1","mib_accesses":["standard","enterprise"],"read_write":true}}},"202":{"description":"Configuration is saved but not loaded to SNMP agent. It will be loaded later when the\nSNMP agent becomes available.\n"},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}}},"/v1/snmp/users/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","required":true,"type":"string","description":"Resource identifier. ID of the SNMP user."}],"get":{"summary":"Get","description":"Get a SNMP user configuration info.","tags":["SNMP"],"parameters":[{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, the supported fields are \"auth_password\" and \"priv_password\". These fields are not \nincluded in response by default and so this query parameter is necessary if those fields are needed.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10911","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","name":"john","security_level":"authPriv","auth_protocol":"SHA","auth_password":"AuthPass@1","priv_protocol":"AES","priv_password":"PrivPass@1","mib_accesses":["standard","enterprise"],"read_write":true}}},"404":{"description":"Resource not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}},"patch":{"summary":"Update","description":"Update a SNMP user configuration. Passwords must not contain any of these characters: double quote (\"), single quote ('), slash (/), back slash (\\\\), carriage return (\\r) and line feed (\\n).\n","tags":["SNMP"],"parameters":[{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, the supported fields are \"auth_password\" and \"priv_password\". These fields are not \nincluded in response by default and so this query parameter is necessary if those fields are needed.\n"},{"name":"body","in":"body","description":"SNMP user configuration","schema":{"type":"object","title":"SNMP user configuration","properties":{"security_level":{"type":"string","description":"Security level. Valid values are noAuthNoPriv, authNoPriv and authPriv."},"auth_protocol":{"type":"string","description":"Authentication protocol. MD5, SHA, SHA-224, SHA-256, SHA-384, SHA-512 are supported.\nRequired for authNoPriv and authPriv security levels.\n"},"auth_password":{"type":"string","description":"Authentication password. Required with authentication protocol. Size must be 8 - 32"},"priv_protocol":{"type":"string","description":"Privacy protocol. DES, AES, AES-192, AES-256 are supported. Required for authPriv security level."},"priv_password":{"type":"string","description":"Privacy password. Required with privacy protcol. Size must be 8 - 32."},"mib_accesses":{"type":"array","items":{"type":"string"},"description":"Access to MIB object groups 'standard', 'enterprise', or both.\nDo not set if the user will be used only for notifications.\n"},"read_write":{"type":"boolean","description":"Read-write or read-only access to the MIB objects. Default is read only.\n"}},"example":{"auth_protocol":"SHA","auth_password":"AuthPass@1","priv_protocol":"AES","priv_password":"PrivPass@1","mib_accesses":["standard","enterprise"],"read_write":true}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10911","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","name":"john","security_level":"authPriv","auth_protocol":"SHA","auth_password":"AuthPass@1","priv_protocol":"AES","priv_password":"PrivPass@1","mib_accesses":["standard","enterprise"],"read_write":true}}},"202":{"description":"Configuration is saved but not loaded to SNMP agent. It will be loaded later when the\nSNMP agent becomes available.\n"},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}},"delete":{"summary":"Delete","description":"Deletes a SNMP user configuration.","tags":["SNMP"],"responses":{"202":{"description":"Configuration is saved but not loaded to SNMP agent. It will be loaded later."},"204":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}}},"/v1/snmp/management-stations":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"List the SNMP management stations configured for receiving notifications (traps, informs).\n","tags":["SNMP"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","properties":{"notification_type":{"type":"string"},"host":{"type":"string"},"port":{"type":"integer"},"version":{"type":"string"},"security_name":{"type":"string"}}}}}},"examples":{"application/json":{"resources":[{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","notification_type":"trap","host":"192.168.1.5","port":162,"version":"1","security_name":"public"},{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091f","createdAt":"2019-03-17T14:56:08.989757Z","updatedAt":"2019-03-17T14:56:08.989757Z","notification_type":"inform","host":"192.168.1.5","port":1162,"version":"3","security_name":"john"}]}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API. \n"}}},"post":{"summary":"Add","description":"Add a SNMP Management Station to receive SNMP notifications (traps, informs).\n","tags":["SNMP"],"parameters":[{"name":"body","in":"body","description":"SNMP Management Station configuration","schema":{"type":"object","title":"SNMP Management Station","required":["host","version","security_name"],"properties":{"notification_type":{"type":"string","description":"Notification type 'trap' or 'inform'. Default is 'trap'."},"host":{"type":"string","description":"Hostname or IPAddress of the SNMP trap receiver."},"port":{"type":"integer","description":"Port to receive the notification. Default is 162."},"version":{"type":"string","description":"SNMP version 1, 2c or 3"},"security_name":{"type":"string","description":"Security name is Community name for versions 1 / 2c, and User name for version 3.\nUser must be already configured for version 3.\n"}},"example":{"host":"192.168.1.5","version":"1","security_name":"public"}}}],"responses":{"200":{"description":"SNMP management station configuration has been saved and loaded to SNMP agent.","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","notification_type":"trap","host":"192.168.1.5","port":162,"version":"1","security_name":"public"}}},"202":{"description":"Configuration is saved but not loaded to SNMP agent. It will be loaded later."},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}}},"/v1/snmp/management-stations/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","required":true,"type":"string","description":"Resource identifier. ID of the management station configuration."}],"get":{"summary":"Get","description":"Get a management station configuration info.","tags":["SNMP"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","notification_type":"trap","host":"192.168.1.5","pprt":162,"version":"1","security_name":"public"}}},"404":{"description":"Resource not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}},"patch":{"summary":"Update Management Station","description":"Update a SNMP management station configuration\n","tags":["SNMP"],"parameters":[{"name":"body","in":"body","description":"SNMP management station configuration","schema":{"type":"object","title":"Update a SNMP Management station","properties":{"security_name":{"type":"string","description":"Security name is Community name for versions 1 / 2c, and User name for version 3.\nUser must be already configured for version 3.\n"}},"example":{"security_name":"public"}}}],"responses":{"200":{"description":"SNMP management station configuration has been updated and loaded to SNMP agent.","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","notification_type":"trap","host":"192.168.1.5","port":162,"version":"1","security_name":"public"}}},"202":{"description":"Configuration is saved but not loaded to SNMP agent. It will be loaded later when the\nSNMP agent becomes available.\n"},"404":{"description":"Resource not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}},"delete":{"summary":"Delete","description":"Deletes a SNMP management station configuration.","tags":["SNMP"],"responses":{"202":{"description":"Configuration is saved but not loaded to SNMP agent. It will be loaded later when the\nSNMP agent becomes available.\n"},"204":{"description":"No Content | Successful deletion of SNMP USM user.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}}},"/v1/locker/diskenc/status":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Status","description":"Returns the encryption status of a server\n","tags":["Disk Encryption"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"encryptionStatus":{"type":"string"},"hasDEK":{"type":"boolean"},"attendedBoot":{"type":"boolean"}}}]},"examples":{"application/json":{"data":{"encryptionStatus":"not encrypted","hasDEK":false,"attendedBoot":false}}}}}}},"/v1/locker/diskenc/setup":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Encrypt","description":"Encrypt server on next reboot\n","tags":["Disk Encryption"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","properties":{"attendedBoot":{"type":"boolean","description":"Requires the user to explicitly issue the command 'secureboot' to unlock the encrypted disk. When the value is false then the encrypted disk is automatically unlocked during boot. Default value is `true`."},"reencrypt":{"type":"boolean","description":"Reencrypt using a new random master key. Use this when the disk is already encrypted."}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"status":{"type":"string"}}}]},"examples":{"application/json":{"data":{"status":"Configuration success. Please reboot appliance to start encryption."}}}}}}},"/v1/client-management/regtokens/":{"x-feature":"FF_CLIENT_MANAGEMENT","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Client registration token. \n{{FF_CA_MANAGEMENT| It is not recommended to use cert_duration and ca_id.}}\n{{FF_CLIENT_MANAGEMENT_PROFILES| Please use the one supported in client profile.}}\n","tags":["Client-Management/Tokens"],"parameters":[{"name":"body","in":"body","description":"Duration in days for which this token can be used for registering CipherTrust Manager clients. No limit by default.","schema":{"type":"object","title":"Create Client registration token","properties":{"client_management_profile_id":{"x-feature":"FF_CLIENT_MANAGEMENT_PROFILES","description":"ID of the client management profile","type":"string"},"ca_id":{"x-feature":"FF_CA_MANAGEMENT","description":"**DEPRECATED**: the field is deprecated. Use the ca_id in the client profile instead. ca_id is the ID of the trusted Certificate Authority that will be used to sign client certificate during registration process.\n","type":"string"},"lifetime":{"type":"string","description":"Duration in minutes/hours/days for which this token can be used for registering CipherTrust Manager clients. No limit by default. For 'x' amount of time, it should formatted as xm for x minutes, xh for hours and xd for days."},"cert_duration":{"x-feature":"FF_CA_MANAGEMENT","type":"integer","format":"uint64","description":"Duration in days for which the CipherTrust Manager client certificate is valid. The value cannot be negative. If 0 is provided then the value will be ignored. It is not recommended to use this parameter. Please use the one supported in client profile."},"max_clients":{"type":"integer","description":"Maximum number of clients that can be registered using this registration token. No limit by default."},"label":{"type":"object","description":"Label is the key value pair. In case of KMIP client registration, Key is KmipClientProfile and in case of PA client registration Key is ClientProfile. Value for the key is the profile name of protectapp/Kmip client profile to be mapped with the token for protectapp/Kmip client registration."},"name_prefix":{"type":"string","description":"Prefix for the client name. For a client registered using this registration token, name_prefix, if specified, client name will be constructed as 'name_prefix{nth client registered using this registation token}', If name_prefix is not specified, CipherTrust Manager server will generate a random name for the client.","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"token":{"type":"string","description":"Client registration token."},"lifetime":{"type":"string","description":"Duration in days for which this token can be used for registering CipherTrust Manager clients. No limit by default."},"cert_duration":{"type":"integer","format":"uint64","description":"Duration in days for which the CipherTrust Manager client's certificate is valid and this cannot be negative."},"max_clients":{"type":"integer","description":"Maximum number of clients that can be registered using this registration token. No limit by default."},"ca_id":{"type":"string","description":"ID of the trusted Certificate Authority that will be used to sign client certificate during registration process."},"labels":{"x-feature":"FF_ADD_LABELS_TO_CLIENT_REGISTRATION_TOKENS","type":"object","description":"Labels comprise of key/value pairs. Labels whose key's start with ncryptify-reserved are reserved for internal use."}}}]},"labels":{"x-feature":"FF_ADD_LABELS_TO_CLIENT_REGISTRATION_TOKENS","type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Labels are key/value pairs used to group resources.\nThey are based on Kubernetes Labels, see \nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/. \n\nTo add a label, set the label's value as follows.\n```\n \"labels\": {\n \"key1\": \"value1\",\n \"key2\": \"value2\"\n }\n```\n"}},"example":{"client_management_profile_id":"af500824-29d1-47b2-8af8-21e7e4021d44","ca_id":"d94ef496-5e43-4424-a6e7-f4213c108415","lifetime":"10h","max_clients":100,"name_prefix":"test_client","label":{"ClientProfile":"profilename"},"labels":{"color":"purple","size":"small"}}}}],"responses":{"201":{"description":"Successful client registration token creation.","schema":{"type":"object"},"examples":{"application/json":{"id":"80c46422-aed1-4ad3-b03d-919967b16d4b","uri":"kylo:kylo:munshi:tokens:80c46422-aed1-4ad3-b03d-919967b16d4b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T00:15:51.726926788Z","updatedAt":"2018-12-18T00:15:51.726926788Z","token":"zRErxzHRBCdhwfWXFvQhbFI9kMPyZvWMamCaRQUzbBlrWLlZHG2mi1GmZ9yAWsOK","valid_until":"0001-01-01T00:00:00Z","max_clients":-1,"clients_registered":0,"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","name_prefix":"test_client","label":{"ClientProfile":"profilename"},"labels":{"color":"purple","size":"small"}}}}}},"get":{"summary":"List","description":"Returns a list of client registraton tokens. The results can be filtered using the query parameters.\n","tags":["Client-Management/Tokens"],"parameters":[{"name":"id","in":"query","required":false,"type":"string","description":"Filter the results by id of client registration token."},{"name":"token","in":"query","required":false,"type":"string","description":"Filter the results by token of client registration token."},{"name":"label","in":"query","required":false,"type":"string","format":"JSON","description":"Filter the results by label of client registration token."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"labels","in":"query","type":"string","description":"Filters results that match label selector expressions. Multiple\nvalues are logically ANDed. \n\nFor example, to select resources that have the label `{\"region\": \"noram\"}` but do not \nhave `{\"team\": \"sales\"}` use `region=noram,team!=sales`.\n\nTo select resources whose labels contain the key called region, use `region`.\n\nTo select resources whose labels do not contain the key called region, use `!region`.\n\nTo select resources in the sales and engineering teams, use `team in (sales,engineering)`.\n\nTo select resources that are not in the sales and engineering teams, or do not have a key called `team`, use `team notin (sales,engineering)`.\n\nTo select resources that are not in the sales and engineering teams, and have a key called `team`, use `team,team notin (sales,engineering)`.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"token":{"type":"string","description":"Client registration token."},"lifetime":{"type":"string","description":"Duration in days for which this token can be used for registering CipherTrust Manager clients. No limit by default."},"cert_duration":{"type":"integer","format":"uint64","description":"Duration in days for which the CipherTrust Manager client's certificate is valid and this cannot be negative."},"max_clients":{"type":"integer","description":"Maximum number of clients that can be registered using this registration token. No limit by default."},"ca_id":{"type":"string","description":"ID of the trusted Certificate Authority that will be used to sign client certificate during registration process."},"labels":{"x-feature":"FF_ADD_LABELS_TO_CLIENT_REGISTRATION_TOKENS","type":"object","description":"Labels comprise of key/value pairs. Labels whose key's start with ncryptify-reserved are reserved for internal use."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"80c46422-aed1-4ad3-b03d-919967b16d4b","uri":"kylo:kylo:munshi:tokens:80c46422-aed1-4ad3-b03d-919967b16d4b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T00:15:51.726926788Z","updatedAt":"2018-12-18T00:15:51.726926788Z","token":"zRErxzHRBCdhwfWXFvQhbFI9kMPyZvWMamCaRQUzbBlrWLlZHG2mi1GmZ9yAWsOK","valid_until":"0001-01-01T00:00:00Z","max_clients":-1,"clients_registered":0,"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","name_prefix":"test_client","label":{"ClientProfile":"profilename"},"labels":{"color":"purple","size":"small"}}]}}}}}},"/v1/client-management/regtokens/{id}":{"x-feature":"FF_CLIENT_MANAGEMENT","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a client registration token with the given `id`.","tags":["Client-Management/Tokens"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"token":{"type":"string","description":"Client registration token."},"lifetime":{"type":"string","description":"Duration in days for which this token can be used for registering CipherTrust Manager clients. No limit by default."},"cert_duration":{"type":"integer","format":"uint64","description":"Duration in days for which the CipherTrust Manager client's certificate is valid and this cannot be negative."},"max_clients":{"type":"integer","description":"Maximum number of clients that can be registered using this registration token. No limit by default."},"ca_id":{"type":"string","description":"ID of the trusted Certificate Authority that will be used to sign client certificate during registration process."},"labels":{"x-feature":"FF_ADD_LABELS_TO_CLIENT_REGISTRATION_TOKENS","type":"object","description":"Labels comprise of key/value pairs. Labels whose key's start with ncryptify-reserved are reserved for internal use."}}}]},"examples":{"application/json":{"id":"80c46422-aed1-4ad3-b03d-919967b16d4b","uri":"kylo:kylo:munshi:tokens:80c46422-aed1-4ad3-b03d-919967b16d4b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T00:15:51.726926788Z","updatedAt":"2018-12-18T00:15:51.726926788Z","token":"zRErxzHRBCdhwfWXFvQhbFI9kMPyZvWMamCaRQUzbBlrWLlZHG2mi1GmZ9yAWsOK","valid_until":"0001-01-01T00:00:00Z","max_clients":-1,"clients_registered":0,"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","name_prefix":"test_client","label":{"ClientProfile":"profilename"},"labels":{"color":"purple","size":"small"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Updates details of a client registration token.","tags":["Client-Management/Tokens"],"parameters":[{"name":"body","in":"body","description":"The client registration token properties to change. The properties will be merged with the client registration token resource.\n","schema":{"type":"object","title":"Update Client registration token","properties":{"client_management_profile_id":{"x-feature":"FF_CLIENT_MANAGEMENT_PROFILES","description":"ID of the client management profile","type":"string"},"lifetime":{"type":"string","description":"Extended lifetime of client registration token from current time in days."},"max_clients":{"type":"integer","description":"Modify maximum number of clients that can be registered using this registration token."},"cert_duration":{"x-feature":"FF_CA_MANAGEMENT","type":"integer","format":"uint64","description":"Modify the duration in days for which the CipherTrust Manager client certificate is valid. The value cannot be negative. To unset cert_duration set it to zero. It is not recommended to use this parameter. Please use the one supported in client profile."},"ca_id":{"x-feature":"FF_CA_MANAGEMENT","description":"**DEPRECATED**: The field is deprecated. Use the ca_id in the client profile instead. The ca_id can be unset by setting it to empty(\"\"). To allow system to use the ca_id in the client profile, it is recommended to unset the parameter in the token.\n","type":"string"},"labels":{"x-feature":"FF_ADD_LABELS_TO_CLIENT_REGISTRATION_TOKENS","type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Labels are key/value pairs used to group resources.\nThey are based on Kubernetes Labels, see \nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/. \n\nWhen labels are provided they are merged with the resource's existing labels.\n\nTo remove a label, set the label's value to `null`.\n```\n \"labels\": {\n \"critical\": null\n }\n```\n\nTo remove all labels, set `labels` to `null`.\n```\n \"labels\": null\n```\n"}},"example":{"client_management_profile_id":"b944f84a-b620-4e75-a19d-98df155cb1e6","lifetime":"10h","max_clients":100,"labels":{"size":"large"}}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"cert":{"description":"Client certificate issued by CipherTrust Manager.","type":"string"},"sha256_fingerprint":{"description":"Client certificate's sha256_fingerprint.","type":"string"},"issuer":{"description":"CipherTrust Manager CA used for issuing the client certificate.","type":"string"}}}]},"examples":{"application/json":{"id":"80c46422-aed1-4ad3-b03d-919967b16d4b","uri":"kylo:kylo:munshi:tokens:80c46422-aed1-4ad3-b03d-919967b16d4b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T00:15:51.726926788Z","updatedAt":"2018-12-18T00:15:51.726926788Z","token":"zRErxzHRBCdhwfWXFvQhbFI9kMPyZvWMamCaRQUzbBlrWLlZHG2mi1GmZ9yAWsOK","valid_until":"0001-01-01T00:00:00Z","max_clients":100,"clients_registered":0,"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","name_prefix":"test_client","label":{"ClientProfile":"profilename"},"client_management_profile_id":"b944f84a-b620-4e75-a19d-98df155cb1e6","labels":{"color":"purple","size":"large"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a client registration token.","tags":["Client-Management/Tokens"],"responses":{"204":{"description":"No Content | Successful deletion of client registration token.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/client-management/webcert-fingerprint/":{"x-feature":"FF_CLIENT_MANAGEMENT","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Web Certificate Fingerprint","description":"Returns fingerprint of the web server certificate.","tags":["Client-Management/Tokens"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"token":{"type":"string","description":"Client registration token."},"lifetime":{"type":"string","description":"Duration in days for which this token can be used for registering CipherTrust Manager clients. No limit by default."},"cert_duration":{"type":"integer","format":"uint64","description":"Duration in days for which the CipherTrust Manager client's certificate is valid and this cannot be negative."},"max_clients":{"type":"integer","description":"Maximum number of clients that can be registered using this registration token. No limit by default."},"ca_id":{"type":"string","description":"ID of the trusted Certificate Authority that will be used to sign client certificate during registration process."},"labels":{"x-feature":"FF_ADD_LABELS_TO_CLIENT_REGISTRATION_TOKENS","type":"object","description":"Labels comprise of key/value pairs. Labels whose key's start with ncryptify-reserved are reserved for internal use."}}}]},"examples":{"application/json":{"interface":"web","sha256_fingerprint":"C0BB65D8105F940C1D7A063A4E70F8FDE0799CFA6AA585291EA593B180650380","sha512_fingerprint":"A9A764382F934E192325E23C79FC2223FFC04A97BE3788219BAE0E24FD0F7AE7A6C3C4212B08A07516197EC6A3150A3C52BA797AC082F6F8F89EF9446C3F4DAF"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/client-management/clients/":{"x-feature":"FF_CLIENT_MANAGEMENT","post":{"summary":"Register","description":"Adds a new CipherTrust Manager client on the CipherTrust Manager. Specify the following details.\n- Name for the CipherTrust Manager client (optional).\n- Client Registration Token.\n- Client Type (optional).\n{{FF_CA_MANAGEMENT| \n- Specify any one of the following fields\n - Certificate signing request.\n - CSR params.\n - Client Certificate in case when clients bring their own certs.\n- If cert_duration is present in both Client Profile and Registration Token then the preference will be given to the cert_duration present in client profile. If cert_duration is neither provided in Client Profile nor in Client Registration Tokens then server will use 730 days by default during registration.\n- If ca_id is present in both Client Profile and Registration Token then the preference will be given to the ca_id present in registration token.\n}}\n","tags":["Client-Management/Clients"],"parameters":[{"name":"body","in":"body","description":"CipherTrust Manager client parameters","schema":{"type":"object","title":"Register CipherTrust Manager Client","required":["registration_token"],"properties":{"name":{"type":"string","description":"Name for the CipherTrust Manager client to display on CipherTrust Manager."},"registration_token":{"type":"string","description":"CipherTrust Manager Client registration token."},"csr":{"type":"string","description":"Certificate signing request to be signed by CipherTrust Manager."},"client_type":{"type":"string","description":"CipherTrust Manager client registration type"},"subject_dn_field_to_modify":{"type":"string","description":"This field makes the Subject Distinguished Name (Subject DN) unique. It is required when the Subject DN from client's CSR is not unique.\nBy default, the `UID` is used to modify the Subject DN. However, Subject DN can be modified based on the following fields.\nIf one of these fields (except OU) is chosen, the original field values is overridden by the CipherTrust Manager.\nIf OU is chosen, the OU gets appended in the Subject DN with other attributes.\nTo prevent Subject DN from being modified, set the `do_not_modify_subject_dn` flag to `true`.\n","enum":["UID ('userid')","CN ('commonName')","SN ('serialNumber')","DNQ ('dnQualifier')","OU ('organizationalUnit')"]},"do_not_modify_subject_dn":{"type":"boolean","description":"Specifies if Subject DN in the CSR is allowed to be modified or not.\nIf this flag is set to true, then Subject DN must be unique across all the CipherTrust Manager clients, otherwise registration will not be allowed.\nThis flag is applicable if client is registered using a presented CSR.\n"},"csr_params":{"type":"object","title":"CSR creation request parameters","properties":{"algorithm":{"type":"string","description":"RSA or ECDSA (default) algorithms are supported. Signature algorithm (SHA512WithRSA, SHA384WithRSA,\nSHA256WithRSA, SHA1WithRSA, ECDSAWithSHA512, ECDSAWithSHA384, ECDSAWithSHA256) is selected\nbased on the algorithm and size.\n"},"size":{"type":"integer","description":"Key size. RSA: 1024 - 4096 (default: 2048), ECDSA: 256 (default), 384, 521\n"},"cn":{"type":"string","description":"Common Name"},"dnsNames":{"type":"array","items":{"type":"string","description":"Subject Alternative Names (SAN) values"}},"emailAddresses":{"type":"array","items":{"type":"string","description":"E-mail addresses"}},"ipAddresses":{"type":"array","items":{"type":"string","description":"IP addresses"}},"names":{"type":"array","items":{"type":"object","title":"CSR Name","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"CPL\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nFields can be duplicated if present in different objects.\n\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPL\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"},"password":{"type":"string","description":"Password to PEM-encrypt the private key. If not specified, the private key is not encrypted in return."},"encryptionAlgo":{"type":"string","description":"Private key encryption algorithm. AES256 (default), AES192, AES128, TDES"},"privateKeyBytes":{"type":"string","description":"Private Key bytes of the key which is to be used while creating CSR(Algorithm and size should be according to this key). If not given will generate key internally as per algorithm and size."}}},"client_cert_params":{"type":"object","title":"Client Certificate parameters, to register a client using certificate.","properties":{"certificate":{"type":"string","description":"Certificate issued by a CA known to CipherTrust Manager."}}}},"example":{"name":"Client_Windows","registration_token":"d94ef4965e4344246e7f4213c108415","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIHNMHUCAQAwEzERMA8GA1UEAxMIVGVzdCBDU1IwWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAATndOIgsTp7m4bOuixxuAt2XQ3oZqp8th/woAo51z7RiAAGdm7IfB1w\n7uWr8o5PWKBatXIgvPp8hvRWHQPHCfcLoAAwCgYIKoZIzj0EAwIDSAAwRQIgVyvz\nhFGCKV460fNJC0vC48gI268B68Xr6osFoy9Ouw8CIQCWN1LtcyxPIvul3XF1Pj7l\navEeIqDBcfD6VHhbnpO2Ag==\n-----END CERTIFICATE REQUEST-----","subject_dn_field_to_modify":"DNQ","do_not_modify_subject_dn":false}}}],"responses":{"201":{"description":"Successful client registration.","schema":{"type":"object"},"examples":{"application/json":{"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","cert":"-----BEGIN CERTIFICATE----- MIIDfTCCAWWgAwIBAgIRAPvsR8igXyZzpMAnmkgldAwwDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw DgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0x ODEyMTgwMDE2MjZaFw0yMDEyMTcwMDE2MjZaMBExDzANBgNVBAMTBnRlc3RlcjB2 MBAGByqGSM49AgEGBSuBBAAiA2IABEvBmz1WRQmfiG2IGOjE7fpPyDTCNwvqSXsW HAhrVCRDOmPLuaiVn08/k7zRFum5UxcIWjwxJ5tnO7Z38Y3gKIyE42mHINqQHPOT cz9JLKqaGALwZtQCzB61M0ul7dGA5aM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1Ud JQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB AK7rTYW1+woOfHOLeYjs6jobO7kROm71ffdVwcHIMS3IE0B1eLdteKdG3yy2znAy VU7Jkwo2396Z9cPofrKt95wURAkSYvtz3IpTL9ibrpqJ47XxEXLHl+OycWdYoqAm YJe4A/mW3OxdR4kPbxnDXPNMZiId2xSyzkrEqaFTBBtlkdjuljEfQraKW7TiQovd dKb8xzAgozuZ4C200GlKbgjPkRF4iEXk6sihzYikmyE0s5VBEyAGvdv+s6rv6+4n mbaLkTF/ReXJryIRLDJ1uWN/PDKIqGyU1IrB26wYUWEG+4xcT1LqBxS2HL0ko1Cr 5yeWMEo952YyGeMwW0oWzhIDMxPVRXEfRu0nG35K2Gpz4KywhFVkQ1lrd7/FLwUH mrMtMwr5LG14I1NG3kEz+UVcdwfCeYxnIGW/u9CbUSmedlklZtuXjEN6bQdP+oZi f32u0mI4MSHYK55bdMWw7Rr4IlGdKRdUDOl71uZt8nztQuWVHTrii34gN5Hvz4EY g7jpDq9ZXpb1ZtLmEq2TM8XzyBzJkdIAT304L666826cle1kOgsZQw08W72ju02B 1qj/HtqGoRXPw1vk+y2XIYIwcPP3T6YctJA6TMaFZ1lIKoWWflT0uqFo19CadC8z PylaiQwwuJGV7MmJ7lC8LmYUP2Pj2v+S+5s8j0QgY0C5 -----END CERTIFICATE----- ","cert_id":"59e23c51-fca5-44f4-9902-0ca94d851990","client_metadata":null,"created_at":"2018-12-18T00:16:26.670861+00:00","id":"1e33456b-8782-43a2-9efe-b415dc76ce52","issuer":"/C=US/ST=MD/L=Belcamp/O=Thales Group/CN=CipherTrust Manager Root CA","name":"client-1e33456b-8782-43a2-9efe-b415dc76ce52","revocation_reason":null,"sha256_fingerprint":"C0BB65D8105F940C1D7A063A4E70F8FDE0799CFA6AA585291EA593B180650380","state":"active","updated_at":"2018-12-18T00:16:26.670861+00:00","valid_until":"2020-12-17 00:16:26 +0000 UTC","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIICVzCCAT8CAQAwEjEQMA4GA1UEAxMHa21pcDEyMjCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAO93JWGgUtIJKoZNgpzYBrLQgPKxaKgn42Js9pxeIAEo\nTvDfPGk2bKgOO+7GsoKCIthRn6/4fkd5lTwR3tBK3Y2Xs9TIkBQ+gpzyAM1bIlTf\nXd8xVaHgsvNS58laY1FTqM+jlVIfAlpKJnboYkGc8n6aCt9kgWDt56lNc0AfVBj0\nTD8n5wTm7uJy1GufiwCuYbaVuEsHZbpNh3GJ1tvXpRxyp7IzdCc+244cvat2L5xZ\niDIV4BeoOG3gfddQ9WuqWY+6TVAdZNLa7JVMW+3qofib1uHyCHNw0Bec/IMA48qg\n7JNnSwDB6FXSeYr7nqFhORWOaQi7DT7F6JdY3cXXuNMCAwEAAaAAMA0GCSqGSIb3\nDQEBCwUAA4IBAQBpUtybSG6DG5J3LROkGj3/qcvu2Fdz6oCDq+B3Pnz06iJX2w4E\nFZGIGMYotq1m0DXv4xODFOMiLa8D8waef/+cN7dihPq1wKqw6Ml2I0/5nNY/51c4\ntuCRVDZ5zuBLVfw77yp93+VqwUHKP34398PcsYwtafm9jQM4lT7mLlaTjynVmyoF\nitocPLQLdXMbakAWPpu/+XJt4rGPCh35dv8ojPyChR0H43NMcXNX8sw2MzVwAHSE\nNJBcgC/6IIME8yNcljV3YTywe0VkVIJHgA5rJN9OwV3M3Hfji/9S/u3pD1Ixto48\nDJXbUwe5ubTKH9Eqo6TIu1sxdreKz1ONvlYV\n-----END CERTIFICATE REQUEST-----\n"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"get":{"summary":"List","description":"Returns a list of CipherTrust Manager clients added to the CipherTrust Manager. The results can be filtered, using the query parameters.{{FF_CM_REPORTS| Specify \"Accept\" header with value \"application/pdf\" or \"text/csv\" to download report in PDF or CSV format using external clients.}}\n","tags":["Client-Management/Clients"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"query","required":false,"type":"string","description":"Filter the results by client id."},{"name":"name","in":"query","required":false,"type":"string","description":"Filter the results by client's name."},{"name":"sha256_fingerprint","in":"query","required":false,"type":"string","description":"Filter the results by clients certificate's sha256_fingerprint."},{"name":"subject","in":"query","required":false,"type":"string","description":"Filter the results by clients certificate's subject distinguished name."},{"name":"state","in":"query","required":false,"type":"string","description":"Filter the results by client's state."},{"name":"groups","in":"query","required":false,"type":"string","description":"Filter by clients in the given group name. Using 'nil' as the group name will return clients that are not part of any group."},{"name":"client_metadata","in":"query","required":false,"type":"string","collectionFormat":"multi","description":"Filters the result based on the 'client_type' field. For example, {\"client_type\":\"kmip\"} will filter clients by client_type \"kmip\". Similarly, you can filter the result by 'sub_client_type' and other metadata fields such as profile_name and client_profile_id. This is a multi-value parameter, you can provide multiple client_metadata values and the clients matching at least one of the provided client_metadata will be returned. Example - https:////&client_metadata={\"client_type\":\"kmip}&client_metadata={\"client_type\":\"cte\"}"},{"name":"ca_id","x-feature":"FF_CA_MANAGEMENT","in":"query","required":false,"type":"string","description":"Filter the results based on ca_id."},{"name":"client_management_profile_id","x-feature":"FF_CLIENT_MANAGEMENT_PROFILES","in":"query","required":false,"type":"string","description":"Filter the results based on client_management_profile_id. A special value 'empty' can be used to filter clients which do not have a client management profile."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"cert":{"description":"Client certificate issued by CipherTrust Manager.","type":"string"},"sha256_fingerprint":{"description":"Client certificate's sha256_fingerprint.","type":"string"},"issuer":{"description":"CipherTrust Manager CA used for issuing the client certificate.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","cert":"-----BEGIN CERTIFICATE----- MIIDfTCCAWWgAwIBAgIRAPvsR8igXyZzpMAnmkgldAwwDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw DgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0x ODEyMTgwMDE2MjZaFw0yMDEyMTcwMDE2MjZaMBExDzANBgNVBAMTBnRlc3RlcjB2 MBAGByqGSM49AgEGBSuBBAAiA2IABEvBmz1WRQmfiG2IGOjE7fpPyDTCNwvqSXsW HAhrVCRDOmPLuaiVn08/k7zRFum5UxcIWjwxJ5tnO7Z38Y3gKIyE42mHINqQHPOT cz9JLKqaGALwZtQCzB61M0ul7dGA5aM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1Ud JQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB AK7rTYW1+woOfHOLeYjs6jobO7kROm71ffdVwcHIMS3IE0B1eLdteKdG3yy2znAy VU7Jkwo2396Z9cPofrKt95wURAkSYvtz3IpTL9ibrpqJ47XxEXLHl+OycWdYoqAm YJe4A/mW3OxdR4kPbxnDXPNMZiId2xSyzkrEqaFTBBtlkdjuljEfQraKW7TiQovd dKb8xzAgozuZ4C200GlKbgjPkRF4iEXk6sihzYikmyE0s5VBEyAGvdv+s6rv6+4n mbaLkTF/ReXJryIRLDJ1uWN/PDKIqGyU1IrB26wYUWEG+4xcT1LqBxS2HL0ko1Cr 5yeWMEo952YyGeMwW0oWzhIDMxPVRXEfRu0nG35K2Gpz4KywhFVkQ1lrd7/FLwUH mrMtMwr5LG14I1NG3kEz+UVcdwfCeYxnIGW/u9CbUSmedlklZtuXjEN6bQdP+oZi f32u0mI4MSHYK55bdMWw7Rr4IlGdKRdUDOl71uZt8nztQuWVHTrii34gN5Hvz4EY g7jpDq9ZXpb1ZtLmEq2TM8XzyBzJkdIAT304L666826cle1kOgsZQw08W72ju02B 1qj/HtqGoRXPw1vk+y2XIYIwcPP3T6YctJA6TMaFZ1lIKoWWflT0uqFo19CadC8z PylaiQwwuJGV7MmJ7lC8LmYUP2Pj2v+S+5s8j0QgY0C5 -----END CERTIFICATE----- ","cert_id":"59e23c51-fca5-44f4-9902-0ca94d851990","client_metadata":null,"created_at":"2018-12-18T00:16:26.670861+00:00","id":"1e33456b-8782-43a2-9efe-b415dc76ce52","issuer":"/C=US/ST=MD/L=Belcamp/O=Thales Group/CN=CipherTrust Manager Root CA","name":"client-1e33456b-8782-43a2-9efe-b415dc76ce52","revocation_reason":null,"sha256_fingerprint":"C0BB65D8105F940C1D7A063A4E70F8FDE0799CFA6AA585291EA593B180650380","state":"active","updated_at":"2018-12-18T00:16:26.670861+00:00","valid_until":"2020-12-17 00:16:26 +0000 UTC","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIICVzCCAT8CAQAwEjEQMA4GA1UEAxMHa21pcDEyMjCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAO93JWGgUtIJKoZNgpzYBrLQgPKxaKgn42Js9pxeIAEo\nTvDfPGk2bKgOO+7GsoKCIthRn6/4fkd5lTwR3tBK3Y2Xs9TIkBQ+gpzyAM1bIlTf\nXd8xVaHgsvNS58laY1FTqM+jlVIfAlpKJnboYkGc8n6aCt9kgWDt56lNc0AfVBj0\nTD8n5wTm7uJy1GufiwCuYbaVuEsHZbpNh3GJ1tvXpRxyp7IzdCc+244cvat2L5xZ\niDIV4BeoOG3gfddQ9WuqWY+6TVAdZNLa7JVMW+3qofib1uHyCHNw0Bec/IMA48qg\n7JNnSwDB6FXSeYr7nqFhORWOaQi7DT7F6JdY3cXXuNMCAwEAAaAAMA0GCSqGSIb3\nDQEBCwUAA4IBAQBpUtybSG6DG5J3LROkGj3/qcvu2Fdz6oCDq+B3Pnz06iJX2w4E\nFZGIGMYotq1m0DXv4xODFOMiLa8D8waef/+cN7dihPq1wKqw6Ml2I0/5nNY/51c4\ntuCRVDZ5zuBLVfw77yp93+VqwUHKP34398PcsYwtafm9jQM4lT7mLlaTjynVmyoF\nitocPLQLdXMbakAWPpu/+XJt4rGPCh35dv8ojPyChR0H43NMcXNX8sw2MzVwAHSE\nNJBcgC/6IIME8yNcljV3YTywe0VkVIJHgA5rJN9OwV3M3Hfji/9S/u3pD1Ixto48\nDJXbUwe5ubTKH9Eqo6TIu1sxdreKz1ONvlYV\n-----END CERTIFICATE REQUEST-----\n","subject":"/CN=test","hostname":"1.2.3.4"}]}}}}}},"/v1/client-management/clients/{id}":{"x-feature":"FF_CLIENT_MANAGEMENT","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a CipherTrust Manager client.","tags":["Client-Management/Clients"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"cert":{"description":"Client certificate issued by CipherTrust Manager.","type":"string"},"sha256_fingerprint":{"description":"Client certificate's sha256_fingerprint.","type":"string"},"issuer":{"description":"CipherTrust Manager CA used for issuing the client certificate.","type":"string"}}}]},"examples":{"application/json":{"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","cert":"-----BEGIN CERTIFICATE----- MIIDfTCCAWWgAwIBAgIRAPvsR8igXyZzpMAnmkgldAwwDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw DgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0x ODEyMTgwMDE2MjZaFw0yMDEyMTcwMDE2MjZaMBExDzANBgNVBAMTBnRlc3RlcjB2 MBAGByqGSM49AgEGBSuBBAAiA2IABEvBmz1WRQmfiG2IGOjE7fpPyDTCNwvqSXsW HAhrVCRDOmPLuaiVn08/k7zRFum5UxcIWjwxJ5tnO7Z38Y3gKIyE42mHINqQHPOT cz9JLKqaGALwZtQCzB61M0ul7dGA5aM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1Ud JQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB AK7rTYW1+woOfHOLeYjs6jobO7kROm71ffdVwcHIMS3IE0B1eLdteKdG3yy2znAy VU7Jkwo2396Z9cPofrKt95wURAkSYvtz3IpTL9ibrpqJ47XxEXLHl+OycWdYoqAm YJe4A/mW3OxdR4kPbxnDXPNMZiId2xSyzkrEqaFTBBtlkdjuljEfQraKW7TiQovd dKb8xzAgozuZ4C200GlKbgjPkRF4iEXk6sihzYikmyE0s5VBEyAGvdv+s6rv6+4n mbaLkTF/ReXJryIRLDJ1uWN/PDKIqGyU1IrB26wYUWEG+4xcT1LqBxS2HL0ko1Cr 5yeWMEo952YyGeMwW0oWzhIDMxPVRXEfRu0nG35K2Gpz4KywhFVkQ1lrd7/FLwUH mrMtMwr5LG14I1NG3kEz+UVcdwfCeYxnIGW/u9CbUSmedlklZtuXjEN6bQdP+oZi f32u0mI4MSHYK55bdMWw7Rr4IlGdKRdUDOl71uZt8nztQuWVHTrii34gN5Hvz4EY g7jpDq9ZXpb1ZtLmEq2TM8XzyBzJkdIAT304L666826cle1kOgsZQw08W72ju02B 1qj/HtqGoRXPw1vk+y2XIYIwcPP3T6YctJA6TMaFZ1lIKoWWflT0uqFo19CadC8z PylaiQwwuJGV7MmJ7lC8LmYUP2Pj2v+S+5s8j0QgY0C5 -----END CERTIFICATE----- ","cert_id":"59e23c51-fca5-44f4-9902-0ca94d851990","client_metadata":null,"created_at":"2018-12-18T00:16:26.670861+00:00","id":"1e33456b-8782-43a2-9efe-b415dc76ce52","issuer":"/C=US/ST=MD/L=Belcamp/O=Thales Group/CN=CipherTrust Manager Root CA","name":"client-1e33456b-8782-43a2-9efe-b415dc76ce52","revocation_reason":null,"sha256_fingerprint":"C0BB65D8105F940C1D7A063A4E70F8FDE0799CFA6AA585291EA593B180650380","state":"active","updated_at":"2018-12-18T00:16:26.670861+00:00","valid_until":"2020-12-17 00:16:26 +0000 UTC","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIICVzCCAT8CAQAwEjEQMA4GA1UEAxMHa21pcDEyMjCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAO93JWGgUtIJKoZNgpzYBrLQgPKxaKgn42Js9pxeIAEo\nTvDfPGk2bKgOO+7GsoKCIthRn6/4fkd5lTwR3tBK3Y2Xs9TIkBQ+gpzyAM1bIlTf\nXd8xVaHgsvNS58laY1FTqM+jlVIfAlpKJnboYkGc8n6aCt9kgWDt56lNc0AfVBj0\nTD8n5wTm7uJy1GufiwCuYbaVuEsHZbpNh3GJ1tvXpRxyp7IzdCc+244cvat2L5xZ\niDIV4BeoOG3gfddQ9WuqWY+6TVAdZNLa7JVMW+3qofib1uHyCHNw0Bec/IMA48qg\n7JNnSwDB6FXSeYr7nqFhORWOaQi7DT7F6JdY3cXXuNMCAwEAAaAAMA0GCSqGSIb3\nDQEBCwUAA4IBAQBpUtybSG6DG5J3LROkGj3/qcvu2Fdz6oCDq+B3Pnz06iJX2w4E\nFZGIGMYotq1m0DXv4xODFOMiLa8D8waef/+cN7dihPq1wKqw6Ml2I0/5nNY/51c4\ntuCRVDZ5zuBLVfw77yp93+VqwUHKP34398PcsYwtafm9jQM4lT7mLlaTjynVmyoF\nitocPLQLdXMbakAWPpu/+XJt4rGPCh35dv8ojPyChR0H43NMcXNX8sw2MzVwAHSE\nNJBcgC/6IIME8yNcljV3YTywe0VkVIJHgA5rJN9OwV3M3Hfji/9S/u3pD1Ixto48\nDJXbUwe5ubTKH9Eqo6TIu1sxdreKz1ONvlYV\n-----END CERTIFICATE REQUEST-----\n"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a client from the CipherTrust Manager.\n\n_Note: Deleting a client removes its link with all assocated rules. This is an irreversible event._\n","tags":["Client-Management/Clients","Danger"],"responses":{"204":{"description":"No Content | Successful deletion of client.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/client-management/clients/{id}/revoke":{"x-feature":"FF_CLIENT_MANAGEMENT","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Revoke","description":"Revokes a CipherTrust Manager client.","tags":["Client-Management/Clients"],"parameters":[{"name":"body","in":"body","description":"CipherTrust Manager client revoke parameters","schema":{"type":"object","title":"Revoke CipherTrust Manager Client","properties":{"revocation_reason":{"type":"string","description":"Message string indicating reasson for revoking CipherTrust Manager client."}},"example":{"revocation_reason":"went rogue"}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"cert":{"description":"Client certificate issued by CipherTrust Manager.","type":"string"},"sha256_fingerprint":{"description":"Client certificate's sha256_fingerprint.","type":"string"},"issuer":{"description":"CipherTrust Manager CA used for issuing the client certificate.","type":"string"}}}]},"examples":{"application/json":{"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","cert":"-----BEGIN CERTIFICATE----- MIIDfTCCAWWgAwIBAgIRAPvsR8igXyZzpMAnmkgldAwwDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw DgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0x ODEyMTgwMDE2MjZaFw0yMDEyMTcwMDE2MjZaMBExDzANBgNVBAMTBnRlc3RlcjB2 MBAGByqGSM49AgEGBSuBBAAiA2IABEvBmz1WRQmfiG2IGOjE7fpPyDTCNwvqSXsW HAhrVCRDOmPLuaiVn08/k7zRFum5UxcIWjwxJ5tnO7Z38Y3gKIyE42mHINqQHPOT cz9JLKqaGALwZtQCzB61M0ul7dGA5aM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1Ud JQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB AK7rTYW1+woOfHOLeYjs6jobO7kROm71ffdVwcHIMS3IE0B1eLdteKdG3yy2znAy VU7Jkwo2396Z9cPofrKt95wURAkSYvtz3IpTL9ibrpqJ47XxEXLHl+OycWdYoqAm YJe4A/mW3OxdR4kPbxnDXPNMZiId2xSyzkrEqaFTBBtlkdjuljEfQraKW7TiQovd dKb8xzAgozuZ4C200GlKbgjPkRF4iEXk6sihzYikmyE0s5VBEyAGvdv+s6rv6+4n mbaLkTF/ReXJryIRLDJ1uWN/PDKIqGyU1IrB26wYUWEG+4xcT1LqBxS2HL0ko1Cr 5yeWMEo952YyGeMwW0oWzhIDMxPVRXEfRu0nG35K2Gpz4KywhFVkQ1lrd7/FLwUH mrMtMwr5LG14I1NG3kEz+UVcdwfCeYxnIGW/u9CbUSmedlklZtuXjEN6bQdP+oZi f32u0mI4MSHYK55bdMWw7Rr4IlGdKRdUDOl71uZt8nztQuWVHTrii34gN5Hvz4EY g7jpDq9ZXpb1ZtLmEq2TM8XzyBzJkdIAT304L666826cle1kOgsZQw08W72ju02B 1qj/HtqGoRXPw1vk+y2XIYIwcPP3T6YctJA6TMaFZ1lIKoWWflT0uqFo19CadC8z PylaiQwwuJGV7MmJ7lC8LmYUP2Pj2v+S+5s8j0QgY0C5 -----END CERTIFICATE----- ","cert_id":"59e23c51-fca5-44f4-9902-0ca94d851990","client_metadata":null,"created_at":"2018-12-18T00:16:26.670861+00:00","id":"1e33456b-8782-43a2-9efe-b415dc76ce52","issuer":"/C=US/ST=MD/L=Belcamp/O=Thales Group/CN=CipherTrust Manager Root CA","name":"client-1e33456b-8782-43a2-9efe-b415dc76ce52","sha256_fingerprint":"C0BB65D8105F940C1D7A063A4E70F8FDE0799CFA6AA585291EA593B180650380","state":"revoked","revocation_reason":"went rogue","updated_at":"2018-12-18T00:16:26.670861+00:00","valid_until":"2020-12-17 00:16:26 +0000 UTC"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/client-management/clients/{id}/renew":{"x-feature":"FF_CLIENT_MANAGEMENT","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Renew","description":"Renews the certificate of a CipherTrust Manager client.","tags":["Client-Management/Clients"],"parameters":[{"name":"body","in":"body","description":"CipherTrust Manager client renew parameters","schema":{"type":"object","title":"Renews a CipherTrust Manager Client.","properties":{"server_csr":{"type":"object","title":"server csr","description":"Input csr parameters for the server to create a CSR and a Key.","properties":{"subject_dn_template":{"type":"object","title":"Subject DN template","description":"Subject DN template","properties":{"cn":{"type":"string","description":"Common Name"},"dns_names":{"type":"array","items":{"type":"string","description":"Subject Alternative Names (SAN) values"}},"email_addresses":{"type":"array","items":{"type":"string","description":"E-mail addresses"}},"ip_addresses":{"type":"array","items":{"type":"string","description":"IP addresses"}},"names":{"type":"array","items":{"type":"object","title":"CSR Name","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"CPL\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nFields can be duplicated if present in different objects.\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPL\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"}}},"key_gen_params":{"type":"object","title":"Key generation parameters","description":"Key generation parameters","properties":{"algorithm":{"type":"string","description":"RSA or ECDSA (default) algorithms are supported. Signature algorithm (SHA512WithRSA, SHA384WithRSA,\nSHA256WithRSA, SHA1WithRSA, ECDSAWithSHA512, ECDSAWithSHA384, ECDSAWithSHA256) is selected\nbased on the algorithm and size.\n"},"size":{"type":"integer","description":"Key size. RSA: 1024 - 4096 (default: 2048), ECDSA: 256 (default), 384, 521\n"},"password":{"type":"string","description":"Password to PEM-encrypt the private key. If not specified, the private key is not encrypted in return."},"encryption_algo":{"type":"string","description":"Private key encryption algorithm. AES256 (default), AES192, AES128, TDES"},"private_key_bytes":{"type":"string","description":"Private Key bytes of the key which is to be used while creating CSR(Algorithm and size should be according to this key). If not given will generate key internally as per algorithm and size."}}}}},"client_csr":{"type":"object","title":"client csr","properties":{"csr":{"type":"string","description":"CSR to be signed by one of the Local CAs(the CA which is the issuer of the current client certificate) of CipherTrust Manager.\n"},"do_not_modify_subject_dn":{"type":"boolean","description":"Flag to specify if the subject distinguished name (Subject DN) in the presented CSR is allowed to be modified or not.\nIf this is flag is set to true, then the subject distinguished name must be unique across all the CipherTrust Manager clients,\notherwise the renew will not be allowed. To maintain the uniqueness of Subject DN of clients across the domains, \nit is required to provide same value during renewal as it was provided during the client registration.\n"}}},"subject_dn_field_to_modify":{"type":"string","description":"This field is used in making the subject distinguished name (Subject DN) unique. This is required when the Subject DN from client's CSR is not unique in itself.\nAdmins should choose one of the following fields for this purpose. If none is chosen, by default UID is used to modify the Subject DN.\nIf the admin does not want the Subject DN to be modified, set the do_not_modify_subject_dn flag to true.\nIf one of these fields (except OU) is chosen, the original field values would be overridden by CipherTrust Manager .\nIf OU is chosen, the OU would be appended in the Subject DN with other attributes.\nTo maintain the uniqueness of Subject DN of clients across the domains, it is required to provide same value during renewal as it was provided during the client registration.\n","enum":["UID ('userid')","CN ('commonName')","SN ('serialNumber')","DNQ ('dnQualifier')","OU ('organizationalUnit')"]},"ext_cert":{"type":"string","description":"New client certificate signed by an external CA to renew an existing CipherTrust Manager client."},"cert_duration":{"type":"integer","description":"Duration in days for which the CipherTrust Manager client's renewed certificate is valid. This is valid for clients issued by Local CA. Following is the precedence order for the \"cert_duration\" in the given scenarios:\n- If \"cert_duration\" is provided in the request and in the profile attached to the client, the preference will be given to the request.\n- If \"cert_duration\" is not provided in both, it will be set to the default value which is 730 days.\n"},"ca_id":{"type":"string","description":"ID of the CA to be used in the renewal. This is to override the CA in the client profile, if any."}},"example":{"server_csr":{"subject_dn_template":{"cn":"test"},"key_gen_params":{"private_key_bytes":"-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIEj1iesPsLdk0tM7Jv87sruegOPdmji9SY3s3ncdckxqoAoGCCqGSM49\nAwEHoUQDQgAEL8cvuduRZs6e/vsttMlhi9HxV+0FzhCg/zHUmXNmyH5KlmQgoaql\nVfwnHqQk79lf+55WSLD7uUwaxhYwGHIapw==\n-----END EC PRIVATE KEY-----","algorithm":"ecdsa","size":256}},"client_csr":{"csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIIByTCCATICAQAwgYgxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl\nMQ8wDQYDVQQHEwZNeUNpdHkxFDASBgNVBAoTC0NvbXBhbnkgTHRkMQswCQYDVQQL\nEwJJVDEVMBMGA1UEAxMMY2xpZW50QWRtaW4xMRkwFwYKCZImiZPyLGQBARMJMTIz\nNDU2Nzg5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0oG74mGfxRPVOxbup\nbdn2kdlSn4aHXw+KBZ7HZzlmoV8p5BvhAoQWmJ7nxKeP+8fj0h7tcMof+HEThOBj\nfylTej4BnyvJDKMZXwN5PTt0MGPfkIblO9f/8DLmWidEyfmxzDUB90+8Ac77KDXX\nGrPrEQ2V66kLTTcfgMis79LOzQIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEAaYIN\nwzbsAYYiVmAjV1Wrcc2uqFEWl56VRPv6n8EYhsBhZd7cKGjTAaRDDjIi7pNdu7uB\nUHxlrr6Cj/jPLaJ/dAxKJP76N+A0v2MeNCecBScBv8LnAlTDUHkm4HDNi3Q9ymbv\nEsbB6DS7ejDrS6QCJ5bkgkX2Jc54dk+QG4qQyLg=\n-----END CERTIFICATE REQUEST-----"},"subject_dn_field_to_modify":"DNQ"}}}],"responses":{"200":{"description":"Successful client renewal.","examples":{"client_id":"1e33456b-8782-43a2-9efe-b415dc76ce52","cert":"-----BEGIN CERTIFICATE----- MIIDfTCCAWWgAwIBAgIRAPvsR8igXyZzpMAnmkgldAwwDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw DgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0x ODEyMTgwMDE2MjZaFw0yMDEyMTcwMDE2MjZaMBExDzANBgNVBAMTBnRlc3RlcjB2 MBAGByqGSM49AgEGBSuBBAAiA2IABEvBmz1WRQmfiG2IGOjE7fpPyDTCNwvqSXsW HAhrVCRDOmPLuaiVn08/k7zRFum5UxcIWjwxJ5tnO7Z38Y3gKIyE42mHINqQHPOT cz9JLKqaGALwZtQCzB61M0ul7dGA5aM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1Ud JQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB AK7rTYW1+woOfHOLeYjs6jobO7kROm71ffdVwcHIMS3IE0B1eLdteKdG3yy2znAy VU7Jkwo2396Z9cPofrKt95wURAkSYvtz3IpTL9ibrpqJ47XxEXLHl+OycWdYoqAm YJe4A/mW3OxdR4kPbxnDXPNMZiId2xSyzkrEqaFTBBtlkdjuljEfQraKW7TiQovd dKb8xzAgozuZ4C200GlKbgjPkRF4iEXk6sihzYikmyE0s5VBEyAGvdv+s6rv6+4n mbaLkTF/ReXJryIRLDJ1uWN/PDKIqGyU1IrB26wYUWEG+4xcT1LqBxS2HL0ko1Cr 5yeWMEo952YyGeMwW0oWzhIDMxPVRXEfRu0nG35K2Gpz4KywhFVkQ1lrd7/FLwUH mrMtMwr5LG14I1NG3kEz+UVcdwfCeYxnIGW/u9CbUSmedlklZtuXjEN6bQdP+oZi f32u0mI4MSHYK55bdMWw7Rr4IlGdKRdUDOl71uZt8nztQuWVHTrii34gN5Hvz4EY g7jpDq9ZXpb1ZtLmEq2TM8XzyBzJkdIAT304L666826cle1kOgsZQw08W72ju02B 1qj/HtqGoRXPw1vk+y2XIYIwcPP3T6YctJA6TMaFZ1lIKoWWflT0uqFo19CadC8z PylaiQwwuJGV7MmJ7lC8LmYUP2Pj2v+S+5s8j0QgY0C5 -----END CERTIFICATE----- ","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIICVzCCAT8CAQAwEjEQMA4GA1UEAxMHa21pcDEyMjCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAO93JWGgUtIJKoZNgpzYBrLQgPKxaKgn42Js9pxeIAEo\nTvDfPGk2bKgOO+7GsoKCIthRn6/4fkd5lTwR3tBK3Y2Xs9TIkBQ+gpzyAM1bIlTf\nXd8xVaHgsvNS58laY1FTqM+jlVIfAlpKJnboYkGc8n6aCt9kgWDt56lNc0AfVBj0\nTD8n5wTm7uJy1GufiwCuYbaVuEsHZbpNh3GJ1tvXpRxyp7IzdCc+244cvat2L5xZ\niDIV4BeoOG3gfddQ9WuqWY+6TVAdZNLa7JVMW+3qofib1uHyCHNw0Bec/IMA48qg\n7JNnSwDB6FXSeYr7nqFhORWOaQi7DT7F6JdY3cXXuNMCAwEAAaAAMA0GCSqGSIb3\nDQEBCwUAA4IBAQBpUtybSG6DG5J3LROkGj3/qcvu2Fdz6oCDq+B3Pnz06iJX2w4E\nFZGIGMYotq1m0DXv4xODFOMiLa8D8waef/+cN7dihPq1wKqw6Ml2I0/5nNY/51c4\ntuCRVDZ5zuBLVfw77yp93+VqwUHKP34398PcsYwtafm9jQM4lT7mLlaTjynVmyoF\nitocPLQLdXMbakAWPpu/+XJt4rGPCh35dv8ojPyChR0H43NMcXNX8sw2MzVwAHSE\nNJBcgC/6IIME8yNcljV3YTywe0VkVIJHgA5rJN9OwV3M3Hfji/9S/u3pD1Ixto48\nDJXbUwe5ubTKH9Eqo6TIu1sxdreKz1ONvlYV\n-----END CERTIFICATE REQUEST-----\n","ca_cert":"-----BEGIN CERTIFICATE-----\nMIIFoDJlbGNhbXAxEDAO\nMTUxMFowWjELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAwDgYDVQQKEwdHZW1hbHRvMRowGAYD\nVQQDExFLZXlTZWN1cmUgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC\nAgoCggIBAPgJPiSciHZcAPMnEv7dpP1/jc82V9a9pmOIU2jkE7xIvhc7wQ/xVYZX\npl0c/+9v4YEcle/GjkSl7v04hOg+klf10lpTTp2ctdUd83gECDVrwpUUMpFtdhiL\nAC/hXNGobnJxjEMZPV3/gZIkxR4jDoa8A3FiLL5xLoWc9YLn85JDlYRVE1rdcpgW\n0ElTNrOko1mUJ1g90mXBiE7TGHdHR6gtbloSNZOUBFlf0P17pQPLyzZxR3tlq3qo\n/l/+hdcYfLw/Jf323c30CbuVFFbYQzADmB6k0rZaajQMZJIhYO+EUt7HKrF/gU6E\nj0uq18yxQxsXnxs2n94fpeSWF/UfuIIkjJ8mA6yGgkgT3Nw/MoD+8eTnMeoaH04S\nbm3a1pi7nlVKYdRednFphxx9YmkIMy+2VQoWfVmKvJTxCtE7rzElZsqKQ6ZFvtPi\n71YPlt0gWwHMkWY4lFuUYPMcH7x7Zzb/adggES17DhmrqUivIEQgl4VYQSBkK/b3\nPQ64+iXhtnLDiiSneKErEvMqA81RIqWd3c6XG07+6YTFoL3peOEm5XWw0KvzDhUT\nomJkNTsh+Og4OXBtLXSCJzUVeY6yuxALb6GaSS0a90k34/iRP71BESO0EtngH3lr\nQhOVYibGMKfJDSMEEfCATbY4fBn1uj1RrAUhQ3GlauU/lLzZ8gjDAgMBAAGjYjBg\nMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/B0GA1UdDgQWBBTzcq97\nqHASsOatm3N+6Iq1TD0gIzAeBgNVHREEFzAVgRNzdXBwb3J0QGdlbWFsdG8uY29t\nMA0GCSqGSIb3DQEBCwUAA4ICAQBmwTdayCb9gBlAKJVhW5mBh+muajk53cXxaXJx/VwLe\ntyyNQZhV5r6AIgdSLuy8UPj9rWeVMeI4xWutdy/ANj6737pzr4WjNNBirVtkDhRh\nMZtV9Q==\n-----END CERTIFICATE-----\n"}},"400":{"description":"Bad Request | Cannot renew client certificate.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/client-management/self/client/renew":{"x-feature":"FF_CLIENT_MANAGEMENT","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Renew","description":"Renew the client certificate. This applies to a client, which uses client ID and grant_type as client_credential, to get the access token.","tags":["Client-Management/Clients"],"parameters":[{"name":"body","in":"body","description":"CipherTrust Manager client renew parameters","schema":{"type":"object","title":"Renews a CipherTrust Manager Client.","properties":{"server_csr":{"type":"object","title":"server csr","description":"Input csr parameters for the server to create a CSR and a Key.","properties":{"subject_dn_template":{"type":"object","title":"Subject DN template","description":"Subject DN template","properties":{"cn":{"type":"string","description":"Common Name"},"dns_names":{"type":"array","items":{"type":"string","description":"Subject Alternative Names (SAN) values"}},"email_addresses":{"type":"array","items":{"type":"string","description":"E-mail addresses"}},"ip_addresses":{"type":"array","items":{"type":"string","description":"IP addresses"}},"names":{"type":"array","items":{"type":"object","title":"CSR Name","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"CPL\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nFields can be duplicated if present in different objects.\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPL\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"}}},"key_gen_params":{"type":"object","title":"Key generation parameters","description":"Key generation parameters","properties":{"algorithm":{"type":"string","description":"RSA or ECDSA (default) algorithms are supported. Signature algorithm (SHA512WithRSA, SHA384WithRSA,\nSHA256WithRSA, SHA1WithRSA, ECDSAWithSHA512, ECDSAWithSHA384, ECDSAWithSHA256) is selected\nbased on the algorithm and size.\n"},"size":{"type":"integer","description":"Key size. RSA: 1024 - 4096 (default: 2048), ECDSA: 256 (default), 384, 521\n"},"password":{"type":"string","description":"Password to PEM-encrypt the private key. If not specified, the private key is not encrypted in return."},"encryption_algo":{"type":"string","description":"Private key encryption algorithm. AES256 (default), AES192, AES128, TDES"},"private_key_bytes":{"type":"string","description":"Private Key bytes of the key which is to be used while creating CSR(Algorithm and size should be according to this key). If not given will generate key internally as per algorithm and size."}}}}},"client_csr":{"type":"object","title":"client csr","properties":{"csr":{"type":"string","description":"CSR to be signed by one of the Local CAs(the CA which is the issuer of the current client certificate) of CipherTrust Manager.\n"},"do_not_modify_subject_dn":{"type":"boolean","description":"Flag to specify if the subject distinguished name (Subject DN) in the presented CSR is allowed to be modified or not.\nIf this is flag is set to true, then the subject distinguished name must be unique across all the CipherTrust Manager clients,\notherwise the renew will not be allowed. To maintain the uniqueness of Subject DN of clients across the domains, \nit is required to provide same value during renewal as it was provided during the client registration.\n"}}},"subject_dn_field_to_modify":{"type":"string","description":"This field is used in making the subject distinguished name (Subject DN) unique. This is required when the Subject DN from client's CSR is not unique in itself.\nAdmins should choose one of the following fields for this purpose. If none is chosen, by default UID is used to modify the Subject DN.\nIf the admin does not want the Subject DN to be modified, set the do_not_modify_subject_dn flag to true. To maintain the uniqueness of Subject DN of clients across the domains, \nit is required to provide same value during renewal as it was provided during the client registration.\nIf one of these fields (except OU) is chosen, the original field values would be overridden by CipherTrust Manager .\nIf OU is chosen, the OU would be appended in the Subject DN with other attributes.\n","enum":["UID ('userid')","CN ('commonName')","SN ('serialNumber')","DNQ ('dnQualifier')","OU ('organizationalUnit')"]},"ext_cert":{"type":"string","description":"New client certificate signed by an external CA to renew an existing CipherTrust Manager client."},"cert_duration":{"x-feature":"FF_CA_MANAGEMENT","type":"integer","description":"The parameter is deprecated and any value provided in this will be ignored. To configure certificate duration for a client, use the \"cert_duration\" parameter available in the client profile API. If cert_duration is not available in the client profile, it will be set to the server's default duration, that is, 730 days.\n"}},"example":{"server_csr":{"subject_dn_template":{"cn":"test"},"key_gen_params":{"private_key_bytes":"-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIEj1iesPsLdk0tM7Jv87sruegOPdmji9SY3s3ncdckxqoAoGCCqGSM49\nAwEHoUQDQgAEL8cvuduRZs6e/vsttMlhi9HxV+0FzhCg/zHUmXNmyH5KlmQgoaql\nVfwnHqQk79lf+55WSLD7uUwaxhYwGHIapw==\n-----END EC PRIVATE KEY-----","algorithm":"ecdsa","size":256}},"client_csr":{"csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIIByTCCATICAQAwgYgxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl\nMQ8wDQYDVQQHEwZNeUNpdHkxFDASBgNVBAoTC0NvbXBhbnkgTHRkMQswCQYDVQQL\nEwJJVDEVMBMGA1UEAxMMY2xpZW50QWRtaW4xMRkwFwYKCZImiZPyLGQBARMJMTIz\nNDU2Nzg5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0oG74mGfxRPVOxbup\nbdn2kdlSn4aHXw+KBZ7HZzlmoV8p5BvhAoQWmJ7nxKeP+8fj0h7tcMof+HEThOBj\nfylTej4BnyvJDKMZXwN5PTt0MGPfkIblO9f/8DLmWidEyfmxzDUB90+8Ac77KDXX\nGrPrEQ2V66kLTTcfgMis79LOzQIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEAaYIN\nwzbsAYYiVmAjV1Wrcc2uqFEWl56VRPv6n8EYhsBhZd7cKGjTAaRDDjIi7pNdu7uB\nUHxlrr6Cj/jPLaJ/dAxKJP76N+A0v2MeNCecBScBv8LnAlTDUHkm4HDNi3Q9ymbv\nEsbB6DS7ejDrS6QCJ5bkgkX2Jc54dk+QG4qQyLg=\n-----END CERTIFICATE REQUEST-----"},"subject_dn_field_to_modify":"DNQ"}}}],"responses":{"200":{"description":"Successful client renewal.","examples":{"client_id":"1e33456b-8782-43a2-9efe-b415dc76ce52","cert":"-----BEGIN CERTIFICATE----- MIIDfTCCAWWgAwIBAgIRAPvsR8igXyZzpMAnmkgldAwwDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw DgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0x ODEyMTgwMDE2MjZaFw0yMDEyMTcwMDE2MjZaMBExDzANBgNVBAMTBnRlc3RlcjB2 MBAGByqGSM49AgEGBSuBBAAiA2IABEvBmz1WRQmfiG2IGOjE7fpPyDTCNwvqSXsW HAhrVCRDOmPLuaiVn08/k7zRFum5UxcIWjwxJ5tnO7Z38Y3gKIyE42mHINqQHPOT cz9JLKqaGALwZtQCzB61M0ul7dGA5aM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1Ud JQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB AK7rTYW1+woOfHOLeYjs6jobO7kROm71ffdVwcHIMS3IE0B1eLdteKdG3yy2znAy VU7Jkwo2396Z9cPofrKt95wURAkSYvtz3IpTL9ibrpqJ47XxEXLHl+OycWdYoqAm YJe4A/mW3OxdR4kPbxnDXPNMZiId2xSyzkrEqaFTBBtlkdjuljEfQraKW7TiQovd dKb8xzAgozuZ4C200GlKbgjPkRF4iEXk6sihzYikmyE0s5VBEyAGvdv+s6rv6+4n mbaLkTF/ReXJryIRLDJ1uWN/PDKIqGyU1IrB26wYUWEG+4xcT1LqBxS2HL0ko1Cr 5yeWMEo952YyGeMwW0oWzhIDMxPVRXEfRu0nG35K2Gpz4KywhFVkQ1lrd7/FLwUH mrMtMwr5LG14I1NG3kEz+UVcdwfCeYxnIGW/u9CbUSmedlklZtuXjEN6bQdP+oZi f32u0mI4MSHYK55bdMWw7Rr4IlGdKRdUDOl71uZt8nztQuWVHTrii34gN5Hvz4EY g7jpDq9ZXpb1ZtLmEq2TM8XzyBzJkdIAT304L666826cle1kOgsZQw08W72ju02B 1qj/HtqGoRXPw1vk+y2XIYIwcPP3T6YctJA6TMaFZ1lIKoWWflT0uqFo19CadC8z PylaiQwwuJGV7MmJ7lC8LmYUP2Pj2v+S+5s8j0QgY0C5 -----END CERTIFICATE----- ","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIICVzCCAT8CAQAwEjEQMA4GA1UEAxMHa21pcDEyMjCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAO93JWGgUtIJKoZNgpzYBrLQgPKxaKgn42Js9pxeIAEo\nTvDfPGk2bKgOO+7GsoKCIthRn6/4fkd5lTwR3tBK3Y2Xs9TIkBQ+gpzyAM1bIlTf\nXd8xVaHgsvNS58laY1FTqM+jlVIfAlpKJnboYkGc8n6aCt9kgWDt56lNc0AfVBj0\nTD8n5wTm7uJy1GufiwCuYbaVuEsHZbpNh3GJ1tvXpRxyp7IzdCc+244cvat2L5xZ\niDIV4BeoOG3gfddQ9WuqWY+6TVAdZNLa7JVMW+3qofib1uHyCHNw0Bec/IMA48qg\n7JNnSwDB6FXSeYr7nqFhORWOaQi7DT7F6JdY3cXXuNMCAwEAAaAAMA0GCSqGSIb3\nDQEBCwUAA4IBAQBpUtybSG6DG5J3LROkGj3/qcvu2Fdz6oCDq+B3Pnz06iJX2w4E\nFZGIGMYotq1m0DXv4xODFOMiLa8D8waef/+cN7dihPq1wKqw6Ml2I0/5nNY/51c4\ntuCRVDZ5zuBLVfw77yp93+VqwUHKP34398PcsYwtafm9jQM4lT7mLlaTjynVmyoF\nitocPLQLdXMbakAWPpu/+XJt4rGPCh35dv8ojPyChR0H43NMcXNX8sw2MzVwAHSE\nNJBcgC/6IIME8yNcljV3YTywe0VkVIJHgA5rJN9OwV3M3Hfji/9S/u3pD1Ixto48\nDJXbUwe5ubTKH9Eqo6TIu1sxdreKz1ONvlYV\n-----END CERTIFICATE REQUEST-----\n","ca_cert":"-----BEGIN CERTIFICATE-----\nMIIFoDJlbGNhbXAxEDAO\nMTUxMFowWjELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAwDgYDVQQKEwdHZW1hbHRvMRowGAYD\nVQQDExFLZXlTZWN1cmUgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC\nAgoCggIBAPgJPiSciHZcAPMnEv7dpP1/jc82V9a9pmOIU2jkE7xIvhc7wQ/xVYZX\npl0c/+9v4YEcle/GjkSl7v04hOg+klf10lpTTp2ctdUd83gECDVrwpUUMpFtdhiL\nAC/hXNGobnJxjEMZPV3/gZIkxR4jDoa8A3FiLL5xLoWc9YLn85JDlYRVE1rdcpgW\n0ElTNrOko1mUJ1g90mXBiE7TGHdHR6gtbloSNZOUBFlf0P17pQPLyzZxR3tlq3qo\n/l/+hdcYfLw/Jf323c30CbuVFFbYQzADmB6k0rZaajQMZJIhYO+EUt7HKrF/gU6E\nj0uq18yxQxsXnxs2n94fpeSWF/UfuIIkjJ8mA6yGgkgT3Nw/MoD+8eTnMeoaH04S\nbm3a1pi7nlVKYdRednFphxx9YmkIMy+2VQoWfVmKvJTxCtE7rzElZsqKQ6ZFvtPi\n71YPlt0gWwHMkWY4lFuUYPMcH7x7Zzb/adggES17DhmrqUivIEQgl4VYQSBkK/b3\nPQ64+iXhtnLDiiSneKErEvMqA81RIqWd3c6XG07+6YTFoL3peOEm5XWw0KvzDhUT\nomJkNTsh+Og4OXBtLXSCJzUVeY6yuxALb6GaSS0a90k34/iRP71BESO0EtngH3lr\nQhOVYibGMKfJDSMEEfCATbY4fBn1uj1RrAUhQ3GlauU/lLzZ8gjDAgMBAAGjYjBg\nMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/B0GA1UdDgQWBBTzcq97\nqHASsOatm3N+6Iq1TD0gIzAeBgNVHREEFzAVgRNzdXBwb3J0QGdlbWFsdG8uY29t\nMA0GCSqGSIb3DQEBCwUAA4ICAQBmwTdayCb9gBlAKJVhW5mBh+muajk53cXxaXJx/VwLe\ntyyNQZhV5r6AIgdSLuy8UPj9rWeVMeI4xWutdy/ANj6737pzr4WjNNBirVtkDhRh\nMZtV9Q==\n-----END CERTIFICATE-----\n"}},"400":{"description":"Bad Request | Cannot renew client certificate.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/client-management/profiles":{"x-feature":"FF_CLIENT_MANAGEMENT_PROFILES","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Create a new client profile","tags":["Client-Management/Profiles"],"parameters":[{"name":"body","in":"body","description":"Creates a client profile","schema":{"type":"object","properties":{"name":{"description":"Name of the Client Management profile","type":"string"},"description":{"description":"Description of the Client Management Profile","type":"string"},"ca_id":{"description":"ID of the trusted Certificate Authority that will be used to sign client certificate during registration process","type":"string"},"cert_duration":{"type":"integer","format":"uint64","description":"Duration in days for which the CipherTrust Manager client certificate is valid. If 0 is provided then the value will be ignored. The value cannot be negative."},"csr_params":{"type":"object","description":"Client certificate parameters to be updated.\n- csr_cn: common name\n- csr_country: country name\n- csr_state: state name\n- csr_city: city name\n- csr_org_name: organization name\n- csr_org_unit: organizational unit\n- csr_email: email\n- csr_uid:\n"},"groups":{"type":"array","items":{"type":"string"},"description":"List of the groups in which client will be added while registration. Clients while registration are always added to 'All Clients' group irrespective of any value of this parameter."},"labels":{"x-feature":"FF_ADD_LABELS_TO_CLIENT_PROFILES","type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Labels are key/value pairs used to group resources.\nThey are based on Kubernetes Labels, see \nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/. \n\nTo add a label, set the label's value as follows.\n```\n \"labels\": {\n \"key1\": \"value1\",\n \"key2\": \"value2\"\n }\n```\n"},"confidential_computing_params":{"x-feature":"FF_CC","type":"object","items":{"type":"object"},"description":"Confidential computing parameters are required for a client/connector to attest itself by an attestation authority and are currently supported for only CipherTrust Transparent Encryption(CTE). \nList of confidential computing parameters that are required within profile:\n- attestation_authority_identifier: name of attestation authority\n- connection_id: identifier of connection required for attestation \n- cloud_provider: name of cloud service provider, valid values are AZURE and GOOGLE_CLOUD\n- policy_type: attestation policy type \n- policy_ids: attestation policies to be used for client attestation\n"}},"example":{"name":"profile-1","ca_id":"a9c41e81-2689-4b2c-adc0-f0e1f3612215","csr_params":{"csr_cn":"example.com","csr_country":"example","csr_state":"example-state","csr_city":"example-city","csr_org_name":"example","csr_org_unit":"example tech","csr_email":"john.doe@example.com","csr_uid":""},"groups":["sample-group1","sample-group2"],"labels":{"color":"purple","size":"small"},"confidential_computing_params":{"attestation_authority_identifier":"IntelTrustAuthority","connection_id":"test_cc_connection","cloud_provider":"AZURE","policy_type":"Appraisal policy","policy_ids":{"b2a737ac-b9d7-44a0-b47e-2f3cb9591e8a":"attestation-policy"}}}}}],"responses":{"201":{"description":"Created","schema":{"type":"object"},"examples":{"application/json":{"id":"e7af0ea2-9472-404c-b06e-5abfb36a53dd","uri":"kylo:kylo:client-management:generic-client-profiles:e7af0ea2-9472-404c-b06e-5abfb36a53dd","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-12T17:02:12.493058Z","updatedAt":"2023-01-12T17:02:12.493058Z","ca_id":"","name":"profile-1","csr_params":{"csr_city":"example-city","csr_cn":"example.com","csr_country":"example","csr_email":"john.doe@example.com","csr_org_name":"example","csr_org_unit":"example tech","csr_state":"example-state","csr_uid":""},"groups":["sample-group1","sample-group2"],"labels":{"color":"purple","size":"small"},"confidential_computing_params":{"attestation_authority_identifier":"IntelTrustAuthority","connection_id":"test_cc_connection","cloud_provider":"AZURE","policy_type":"Appraisal policy","policy_ids":{"b2a737ac-b9d7-44a0-b47e-2f3cb9591e8a":"attestation-policy"}}}}},"404":{"description":"Resource Not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"get":{"summary":"List","description":"Returns a list of CipherTrust Manager profile added to the CipherTrust Manager. The results can be filtered, using the query parameters.\n","tags":["Client-Management/Profiles"],"parameters":[{"name":"ca_id","in":"query","required":false,"type":"string","description":"Filter results by ID of the trusted Certificate Authority"},{"name":"name","in":"query","required":false,"type":"string","description":"Filter results by Client Management Profile Name"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"name","type":"string","description":"The fields to sort results by.Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nCurrently, the field 'name' is only available for sorting. \nFor example:\n\n -name\n\n...will sort the results first by `name`, descending\n"},{"name":"labels","in":"query","type":"string","description":"Filters results that match label selector expressions. Multiple\nvalues are logically ANDed. \n\nFor example, to select resources that have the label `{\"region\": \"noram\"}` but do not \nhave `{\"team\": \"sales\"}` use `region=noram,team!=sales`.\n\nTo select resources whose labels contain the key called region, use `region`.\n\nTo select resources whose labels do not contain the key called region, use `!region`.\n\nTo select resources in the sales and engineering teams, use `team in (sales,engineering)`.\n\nTo select resources that are not in the sales and engineering teams, or do not have a key called `team`, use `team notin (sales,engineering)`.\n\nTo select resources that are not in the sales and engineering teams, and have a key called `team`, use `team,team notin (sales,engineering)`.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"f2d272d4-0bd3-4839-8d62-200d7bc603fa","uri":"kylo:kylo:client-management:generic-client-profiles:f2d272d4-0bd3-4839-8d62-200d7bc603fa","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-04T20:06:26.647Z","updatedAt":"2023-01-04T20:06:26.647Z","ca_id":null,"name":"profile-1","csr_params":{"csr_cn":null,"csr_uid":null,"csr_city":null,"csr_email":null,"csr_state":null,"csr_country":null,"csr_org_name":"Thales","csr_org_unit":["Thales DIS"],"cert_user_field":"CN"},"labels":{"color":"purple","size":"small"},"confidential_computing_params":{"attestation_authority_identifier":"IntelTrustAuthority,","connection_id":"test_cc_connection,","cloud_provider":"AZURE,","policy_type":"Appraisal policy,","policy_ids":{"b2a737ac-b9d7-44a0-b47e-2f3cb9591e8a":"attestation-policy"}}}]}}}}}},"/v1/client-management/profiles/{id}":{"x-feature":"FF_CLIENT_MANAGEMENT_PROFILES","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a profile with the given `id`","tags":["Client-Management/Profiles"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"ceb226b8-8151-4e26-ab6c-038b4ae797e8","uri":"kylo:kylo:client-management:generic-client-profiles:ceb226b8-8151-4e26-ab6c-038b4ae797e8","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-12T17:33:11.690693Z","updatedAt":"2023-01-12T17:33:11.690693Z","ca_id":"","name":"profile-1","csr_params":{"csr_cn":"example.com","csr_uid":"","csr_city":"example-city","csr_email":"john.doe@example.com","csr_state":"example-state","csr_country":"example","csr_org_name":"example","csr_org_unit":"example tech"},"labels":{"color":"purple","size":"small"},"confidential_computing_params":{"attestation_authority_identifier":"IntelTrustAuthority,","connection_id":"test_cc_connection,","cloud_provider":"AZURE,","policy_type":"Appraisal policy,","policy_ids":{"b2a737ac-b9d7-44a0-b47e-2f3cb9591e8a":"attestation-policy"}}}}}}},"patch":{"summary":"Update","description":"Update a profile","tags":["Client-Management/Profiles"],"parameters":[{"name":"body","in":"body","description":"Updates the configurations of a given client profile","schema":{"type":"object","properties":{"name":{"description":"Name of the Client Management Profile","type":"string"},"description":{"description":"Description of the Client Management Profile","type":"string"},"ca_id":{"description":"ID of the trusted Certificate Authority that will be used to sign client certificate during registration process. By default local Certificate Authority will be used to issue certificates.","type":"string"},"cert_duration":{"type":"integer","format":"uint64","description":"Modify the duration in days for which the CipherTrust Manager client certificate is valid. To unset cert_duration set it to zero. The value cannot be negative."},"csr_params":{"type":"object","description":"Client certificate parameters to be updated.\n- csr_cn: common name\n- csr_country: country name\n- csr_state: state name\n- csr_city: city name\n- csr_org_name: organization name\n- csr_org_unit: organizational unit\n- csr_email: email\n"},"groups":{"type":"array","items":{"type":"string"},"description":"Updates the list of the groups in which client will be added while registration. Updating this list will not change existing clients' groups. Changes will be effective for new registration of clients. Also, note that updated list will overwrite the existing list of groups in profile."},"labels":{"x-feature":"FF_ADD_LABELS_TO_CLIENT_PROFILES","type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Labels are key/value pairs used to group resources.\nThey are based on Kubernetes Labels, see \nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/. \n\nWhen labels are provided they are merged with the resource's existing labels.\n\nTo remove a label, set the label's value to `null`.\n```\n \"labels\": {\n \"critical\": null\n }\n```\n\nTo remove all labels, set `labels` to `null`.\n```\n \"labels\": null\n```\n"},"confidential_computing_params":{"x-feature":"FF_CC","type":"object","x-nullable":false,"description":"parameters required for a client/connector to attest itself by an attestation authority and are currently supported for only CipherTrust Transparent Encryption(CTE).\nList of parameters that can be updated:\n- attestation_authority_identifier: supported attestation authority identifier\n- connection_id: identifier for credentials of attestation authority \n- cloud_provider: name of cloud service provider, valid values are AZURE and GOOGLE_CLOUD\n- policy_type: type of policy to be used for attestation,\n- policy_ids: map of policyIDs and name to be used for connector/client attestation\n"}},"example":{"ca_id":"localca-6682f2ad-14fc-4f93-8332-18205f9d268e","csr_params":{"csr_cn":"example.com","csr_country":"example","csr_state":"example-state","csr_city":"example-city","csr_org_name":"example","csr_org_unit":"example tech","csr_email":"john.doe@example.com","csr_uid":""},"groups":["sample-group3"],"labels":{"size":"large"},"confidential_computing_params":{"attestation_authority_identifier":"IntelTrustAuthority","connection_id":"test_cc_connection","cloud_provider":"AZURE","policy_type":"Appraisal policy","policy_ids":{"b2a737ac-b9d7-44a0-b47e-2f3cb9591e8a":"attestation-policy"}}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"ceb226b8-8151-4e26-ab6c-038b4ae797e8","uri":"kylo:kylo:client-management:generic-client-profiles:ceb226b8-8151-4e26-ab6c-038b4ae797e8","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-12T17:33:11.690693Z","updatedAt":"2023-01-12T23:27:06.275532Z","ca_id":"localca-6682f2ad-14fc-4f93-8332-18205f9d268e","name":"profile-1","csr_params":{"csr_city":"example-city","csr_cn":"example.com","csr_country":"example","csr_email":"john.doe@example.com","csr_org_name":"example","csr_org_unit":"example tech","csr_state":"example-state","csr_uid":""},"groups":["sample-group3"],"labels":{"color":"purple","size":"large"},"confidential_computing_params":{"attestation_authority_identifier":"IntelTrustAuthority,","connection_id":"test_cc_connection,","cloud_provider":"AZURE,","policy_type":"Appraisal policy,","policy_ids":{"b2a737ac-b9d7-44a0-b47e-2f3cb9591e8a":"attestation-policy"}}}}},"400":{"description":"Bad Request","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Delete a profile","tags":["Client-Management/Profiles"],"responses":{"204":{"description":"No Content","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/client-management/confidential-computing/{id}/nonce":{"x-feature":"FF_CC","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns nonce for the client with given `id`","tags":["Client-Management/Confidential-Computing"],"x-permissions":["ReadGenericClientProfile","ReadClient"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"cc_nonce":{"iat":"MjAyNC0wNC0wNCAxNjoyMTo0NiArMDAwMCBVVEM=","signature":"WHelJImkyEUdJJ+pkfzOeoO93PLm6IKldx1n7Ye6+uwJblQg6v+JE0tUZZatg2Sv0l51rqA4Num1SR2TmfU0SXRrozBr5l5s4Xt3ZJfxohTNc8NasPDCZJDryS/Lf1y1jlyHy4JY47brRP2My5BaoauKx3Ttb/XLCYy2WucR9x+RuvS0aBcz6gMA3ZTufkFFEnA7IzFtjKqTpr52PkLlmPvT93rOiZPzixHzuzlt086Qb279xCmaZQ/XKe4UqK3TIc8yyxK3kfB790YgoLwEN1QmYEQavQu014GLMFkZYit57aKuolQxvMTBZVHr5djhESeAinoVW7ABv/liB7PYPyXTjHmqOEEBH3vASj0MkOdEflwiY5vJDM90VdyLqoKb/smkBnNWUQ61/OQFfWoUvN1uYymJLSD6SmTalP11/HrUclcSn0aqM+2dz2B/lxvXWx+3431eJTbLYj5WNJe41M6fvXZef5z1te5B6rvw7fDfZTmTeMP9LmDOkG/3Jj2y","val":"eGZEeDZMUlJCM3lma2h3SlFOMlBXcWRCeG1hN2ZyaURVNGhVbFVVU0R6dVRuMlY5ZFFNREZ2MGpPZExZZ2xMUitoTUMwZ2ZMNFczSnBMQWl2YUlESmc9PQ=="},"cm_nonce":{"iat":"AQAAAA7doMqZAVTwmAAA","signature":"ZqdMFyHZp7IG0CK9coGRsTqiWRfZFTJH+j9Cn0IrYKw=","val":"YTNsc2J6cHJlV3h2T21Ga2JXbHVPbUZqWTI5MWJuUnpPbXQ1Ykc4NlpXUmlZMkZrWm1NdE0yWmtNQzAwTlRVMExUazNORFl0WkRSbU9XSTFNVE0yWW1RNQ=="}}}},"400":{"description":"Bad Request","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"401":{"description":"Unauthorized","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"403":{"description":"Forbidden","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/client-management/confidential-computing/{id}/attest":{"x-feature":"FF_CC","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Attest","description":"Attestation of client with given `id`","tags":["Client-Management/Confidential-Computing"],"x-permissions":["ReadGenericClientProfile","ReadClient"],"parameters":[{"name":"body","in":"body","description":"Confidential computing attestation parameters","schema":{"type":"object","title":"Attest client/connector","required":["nonce","attestation_evidence"],"properties":{"nonce":{"type":"object","description":"Nonce to attest client/connector through CipherTrust Manager."},"attestation_evidence":{"type":"object","description":"CipherTrust Manager Client evidence generated on vTPM hosted on a Cloud Service Provider."}},"example":{"nonce":{"cc_nonce":{"iat":"MjAyNC0wNC0wNCAxNjoyMTo0NiArMDAwMCBVVEM=","signature":"WHelJImkyEUdJJ+pkfzOeoO93PLm6IKldx1n7Ye6+uwJblQg6v+JE0tUZZatg2Sv0l51rqA4Num1SR2TmfU0SXRrozBr5l5s4Xt3ZJfxohTNc8NasPDCZJDryS/Lf1y1jlyHy4JY47brRP2My5BaoauKx3Ttb/XLCYy2WucR9x+RuvS0aBcz6gMA3ZTufkFFEnA7IzFtjKqTpr52PkLlmPvT93rOiZPzixHzuzlt086Qb279xCmaZQ/XKe4UqK3TIc8yyxK3kfB790YgoLwEN1QmYEQavQu014GLMFkZYit57aKuolQxvMTBZVHr5djhESeAinoVW7ABv/liB7PYPyXTjHmqOEEBH3vASj0MkOdEflwiY5vJDM90VdyLqoKb/smkBnNWUQ61/OQFfWoUvN1uYymJLSD6SmTalP11/HrUclcSn0aqM+2dz2B/lxvXWx+3431eJTbLYj5WNJe41M6fvXZef5z1te5B6rvw7fDfZTmTeMP9LmDOkG/3Jj2y","val":"eGZEeDZMUlJCM3lma2h3SlFOMlBXcWRCeG1hN2ZyaURVNGhVbFVVU0R6dVRuMlY5ZFFNREZ2MGpPZExZZ2xMUitoTUMwZ2ZMNFczSnBMQWl2YUlESmc9PQ=="},"cm_nonce":{"iat":"AQAAAA7doMqZAVTwmAAA","signature":"ZqdMFyHZp7IG0CK9coGRsTqiWRfZFTJH+j9Cn0IrYKw=","val":"YTNsc2J6cHJlV3h2T21Ga2JXbHVPbUZqWTI5MWJuUnpPbXQ1Ykc4NlpXUmlZMkZrWm1NdE0yWmtNQzAwTlRVMExUazNORFl0WkRSbU9XSTFNVE0yWW1RNQ=="}},"attestation_evidence":{"quote":"BAACAIEAAAAAAAAAk5pyM/ecTKmUCg2zlX8GB9jgKb+QIKLzT3Ktn1TaKvkAAAAAAgEGAAAAAAAAAAAAAAAAADYDBNNKFqrOChjgmtLQfSuf08F0N45==","runtime_data":"eyJrZXlzIjpbeyJraWQiOiJIQ0xBa1B1YiIsImtleV9vcHMiOlsic2lnbiJdLCJrdHkiOiJSU0EiLCJlIjoiQVFBQiIsIm4iOiIwVGIzSH","type":1413765120,"user_data":"WVROc2MySjZjSEpsVjNoMlQyMUdhMkpYYkhWUGJVWnFXVEk1TVdKdVVucFBiWFExWWtjNE5rNXFXbWhOYlVreVdrZEpkRmxYUm14UFF6QXdXWHBS=="}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"Claims":{"attester_held_data":"WVROc2MySjZjSEpsVjNoMlQyMUdhMkpYYkhWUGJVWnFXVEk1TVdKdVVucFBiWFExWWtjNE5sbFhXWHBPUkdzd1RVUk5kRTFxWjNwTmVUQXdXWHBSTWt4VWF6SmFiVWwwVFhwV2ExcHFTVE5QUjFKc1RqSlZ==","attester_tcb_date":"2023-08-09T00:00:00Z","attester_tcb_status":"UpToDate","attester_type":"TDX","dbgstat":"disabled","eat_profile":"https://portal.trustauthority.intel.com/eat_profile.html","exp":"1713432893,","iat":"1713431093,","intuse":"generic","iss":"Intel Trust Authority","jti":"8eb80b95-5262-4955-b054-f5359e0cd219","nbf":"1713431093,","policy_ids_matched":[{"hash":"K2pMdDgvbjRsRVNHcElZaERCbzYvK2h3RmRiU1ZJM01CUENydjBEakdVNSs2K0JhejhTUE1Xdkg3NCtGUi9LZA==","id":"b2a7371b-b9d7-44a0-abce-2f3cb9591e8a","version":"v8"}],"tdx_collateral":{"qeidcerthash":"b2ca71b8e849d5e799451b4bfe43159a0ee548032cecb2c0e479bf6ee3f39fd1","qeidcrlhash":"ca685ff1fa572b5fd5b0d10c1e06fce40f25544729b6052689583aa17166ab85","qeidhash":"11a0adf4d35f7c7132c44b4b5022b2a524161820dd1dc1c97d09cfc5e84d1233","quotehash":"64adf556af582ff32928182332154fc16c8e1fd1927acb8f259217f768ff5df0","tcbinfocerthash":"b2ca71b8e849d5e799451b4bfe43159a0ee548032cecb2c0e479bf6ee3f39fd1","tcbinfocrlhash":"ca685ff1fa572b5fd5b0d10c1e06fce40f25544729b6052689583aa17166ab85","tcbinfohash":"5cabc4af0171848b848c9c6fbb6aad24d7d82d5d0daa6f455288607e6cc2a976"},"tdx_is_debuggable":false,"tdx_mrconfigid":"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","tdx_mrowner":"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","tdx_mrownerconfig":"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","tdx_mrseam":"360304d34a16aace0a18e09ad2d07d2b9fd3c174378e5bf108388079827f89ff62acc5f8c473dd40706324834e202946","tdx_mrsignerseam":"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","tdx_mrtd":"0cc279c02d62414498ef4455822f2aea53351c8d4c265f587e695fa94b136386f97480c47bb5b26927023947cdf938d3","tdx_report_data":"9d32652b10c25d839de55078cdcfe8336b7fe6f50478368c62be2d9eb833721c0000000000000000000000000000000000000000000000000000000000000000","tdx_rtmr0":"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","tdx_rtmr1":"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","tdx_rtmr2":"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","tdx_rtmr3":"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","tdx_seam_attributes":"0000000000000000","verifier_nonce":{"iat":"MjAyNC0wNC0xOCAwOTowNDo1MiArMDAwMCBVVEM=","signature":"Q6etjNM+FcFYpSxGynXbnApIvu6V1Y0Kd7At1bkGETLKyWDyQoExd9NpLIlr/+r8m1H8HOsEbXcDzo1YfvYxnQB4zIjK","val":"dVZJVytrR2tKN0tlempVNGFtTjB6SjlwRmhmVm5MWUkwMEs5YUxoY2hFWUFFbldpNjNWSXZqWllLYnJoL09PK3FqMTJ4YjI4ZkRnNlVtRm1hYnlnSEE9PQ=="}},"Header":{"alg":"PS384","jku":"https://portal.trustauthority.intel.com/certs","kid":"79d80711b754cceb307d4278dc59957f27eb55a8e33d3b824967975843dcbf21df924eebaf93fce186fd291d36817785","typ":"JWT"},"Method":{"Hash":6,"Name":"PS384"},"Raw":"eyJhbGciOiJQUzM4NCIsImprdSI6Imh0dHBzOi8vcG9ydGFsLnRydXN0YXV0aG9yaXR5LmludGVsLmNvbS9jZXJ0cyIsImtpZCI6Ijc5ZDgwNzExYjc1NGNjZWIzMD","Signature":"NTlCE9-Yd9f7x39aocdtt5ysZQEndEwL0OqBDJKh8V82stxkPg3fwWzZ05QsilyhutzbsuVIevOV8QtRDM-8HMxVbhi2Xa2vSNxRlLabNZ1bdF6zSjb33E89VpE68y0dNxxj0Jttg7-","Valid":true}}},"400":{"description":"Bad Request","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"401":{"description":"Unauthorized","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"403":{"description":"Forbidden","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/client-management/confidential-computing/policies":{"x-feature":"FF_CC","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"List","description":"lists attestation policies for connector/client attestation","tags":["Client-Management/Confidential-Computing"],"x-permissions":["ReadGenericClientProfile","ReadClient"],"parameters":[{"name":"body","in":"body","description":"Confidential computing search policy parameters","schema":{"type":"object","title":"List attestation policies","required":["attestation_authority_identifier","connection_id"],"properties":{"attestation_authority_identifier":{"type":"string","description":"Attestation authority identifier to get attestation policies."},"connection_id":{"type":"string","description":"Connection name/id to use in order to get attestation policies from the attestation authority."},"policy_type":{"type":"string","description":"Attestation policy type that will be used for client."}},"example":{"application/json":{"attestation_authority_identifier":"IntelTrustAuthority","connection_id":"test_cc_connection","policy_type":"Appraisal policy"}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"b2a7371b-b9d7-44a0-abce-2f3cb9591e8a":"attestation-policy1","b2a7371b-b9d7-44a0-abce-2f3cb9591e8b":"attestation-policy2","b2a7371b-b9d7-44a0-abce-2f3cb9591e8c":"attestation-policy3","b2a7371b-b9d7-44a0-abce-2f3cb9591e8d":"attestation-policy4"}}},"400":{"description":"Bad Request","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"401":{"description":"Unauthorized","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"403":{"description":"Forbidden","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/clientprofiles/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new ProtectFile client profile.\nA client profile defines the CipherTrust Manager connection\ninformation and logging criteria for the ProtectFile client.\nAt least one client profile must be defined before adding a ProtectFile client\nto the CipherTrust Manager.\n","tags":["ProtectFile/ClientProfiles"],"parameters":[{"name":"body","in":"body","description":"Client profile parameters.","schema":{"type":"object","title":"Create Client Profile","required":["name"],"properties":{"name":{"type":"string","description":"Name for the client profile."},"allowOffline":{"type":"boolean","description":"Enable/disable the offline mode. The default value is 'false'."},"offlineTimeout":{"type":"integer","description":"Duration of the offline mode in days. The default value is '7' days."},"logLevel":{"type":"string","description":"Log level configuration for the ProtectFile client logs.\nValues can be `ERROR`, `WARN`, `INFO`, `DEBUG`, `NONE`. ERROR will log only\nerrors, WARN will log errors and warnings and so on.\n`NONE` will disable logging. The default log level is `WARN`.\n"},"syslogEnabled":{"type":"boolean","description":"Enable/disable log upload to the Syslog server. The default value is 'false'."},"syslogServerIp":{"type":"string","description":"IP address of the Syslog server."},"syslogServerPort":{"type":"integer","description":"Port of the Syslog server."},"syslogProtocol":{"type":"string","description":"Protocol of the Syslog server."},"syslogFacility":{"type":"string","description":"Name of the Syslog server facility."},"allowSuAccess":{"type":"boolean","description":"Allow/disallow \"root\" to impersonate as other users. The default value is 'false'."},"clusterHostList":{"type":"string","description":"Semi-colon separated list of hostname or IP of the all the cluster nodes."},"clusterPort":{"type":"integer","description":"Port on which all nodes in the cluster will run. The default value is '0'."},"allowSuException":{"type":"string","description":"Semi-colon separated list of users to be prevented from gaining access rights of a different user through su."},"clientPollingIntervalMin":{"type":"integer","description":"Minimum value in sec(s) for client poll interval. The lowest possible value is 60 sec(s) and default value is 180 secs(s)"},"clientPollingIntervalMax":{"type":"integer","description":"Maximum value in sec(s) for client poll interval. The default value is 360 secs(s)"},"fingerPrintCheck":{"type":"boolean","description":"Require a fingerprint check for all programs that are specified in an \"access policy\". The default value is 'false'."}},"example":{"name":"ClientProfile_Windows","allowOffline":true,"offlineTimeout":10,"logLevel":"ERROR","syslogEnabled":true,"syslogServerIp":"10.164.16.100","syslogServerPort":514,"syslogProtocol":"tcp","syslogFacility":"local1","allowSuAccess":true,"allowSuException":"root","clusterHostList":"10.168.12.34;10.168.14.56","clusterPort":443,"clientPollingIntervalMin":180,"clientPollingIntervalMax":360,"fingerPrintCheck":true}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"d94ef496-5e43-4424-a6e7-f4213c108415","uri":"kylo:kylo:mogambo:clientprofile:ClientProfile_Windows","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T11:15:58.103355313Z","name":"ClientProfile_Windows","updatedAt":"2018-02-24T11:15:58.103355313Z","allowOffline":true,"offlineTimeout":10,"logLevel":"INFO","syslogEnabled":true,"syslogServerIp":"10.164.16.100","syslogServerPort":514,"syslogProtocol":"udp","syslogFacility":"local1","allowSuAccess":false,"allowSuException":"root","clusterHostList":"10.168.12.34;10.168.14.56","clusterPort":443,"clientPollingIntervalMin":180,"clientPollingIntervalMax":360,"fingerPrintCheck":true}}}}},"get":{"summary":"List","description":"Returns a list of client profiles. The results can be filtered using the query parameters.\n","tags":["ProtectFile/ClientProfiles"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter the results by name of client profiles. Use wildcards to search for client profiles matching the specified pattern in their names."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name of the client profile."},"allowOffline":{"type":"boolean","description":"Enable/disable the offline mode. The default value is 'false'."},"offlineTimeout":{"type":"integer","description":"Duration of the offline mode in days. The default value is '7' days."},"logLevel":{"type":"string","description":"Log level configuration for the ProtectFile client logs.\nValues can be `ERROR`, `WARN`, `INFO`, `DEBUG`, `NONE`. ERROR will log only\nerrors, WARN will log errors and warnings and so on.\n`NONE` will disable logging. The default log level is `WARN`.\n"},"syslogEnabled":{"type":"boolean","description":"Enable/disable log upload to the Syslog server. The default value is 'false'."},"syslogServerIp":{"type":"string","description":"IP address of the Syslog server."},"syslogServerPort":{"type":"integer","description":"Port of the Syslog server."},"syslogProtocol":{"type":"string","description":"Protocol of the Syslog server."},"syslogFacility":{"type":"string","description":"Name of the Syslog server facility."},"allowSuAccess":{"type":"boolean","description":"Allow/disallow \"root\" to impersonate as other users. The default value is 'false'."},"clusterHostList":{"type":"string","description":"Semi-colon separated list of hostname or IP of the all the cluster nodes."},"clusterPort":{"type":"integer","description":"Port number on which all nodes in the cluster will run. The default value is '443'."},"allowSuException":{"type":"string","description":"Semi-colon separated list of users to be prevented from gaining access rights of a different user through su."},"clientPollingIntervalMin":{"type":"integer","description":"Minimum value in sec(s) for client poll interval. The lowest possible value is 60 sec(s) and default value is 180 secs(s)"},"clientPollingIntervalMax":{"type":"integer","description":"Maximum value in sec(s) for client poll interval. The default value is 360 secs(s)"},"fingerPrintCheck":{"type":"boolean","description":"Require a fingerprint check for all programs that are specified in an \"access policy\". The default value is 'false'."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"d94ef496-5e43-4424-a6e7-f4213c108415","uri":"kylo:kylo:mogambo:clientprofile:ClientProfile_Windows","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T11:15:58.103355Z","name":"ClientProfile_Windows","updatedAt":"2018-02-24T11:15:58.103355Z","allowOffline":true,"offlineTimeout":10,"logLevel":"INFO","syslogEnabled":true,"syslogServerIp":"10.164.16.100","syslogServerPort":514,"syslogProtocol":"udp","syslogFacility":"local1","allowSuAccess":true,"allowSuException":"root","clusterHostList":"10.168.12.34;10.168.14.56","clusterPort":443,"clientPollingIntervalMin":180,"clientPollingIntervalMax":360,"fingerPrintCheck":true}]}}}}}},"/v1/protectfile/clientprofiles/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a client profile with the given `id`.","tags":["ProtectFile/ClientProfiles"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name of the client profile."},"allowOffline":{"type":"boolean","description":"Enable/disable the offline mode. The default value is 'false'."},"offlineTimeout":{"type":"integer","description":"Duration of the offline mode in days. The default value is '7' days."},"logLevel":{"type":"string","description":"Log level configuration for the ProtectFile client logs.\nValues can be `ERROR`, `WARN`, `INFO`, `DEBUG`, `NONE`. ERROR will log only\nerrors, WARN will log errors and warnings and so on.\n`NONE` will disable logging. The default log level is `WARN`.\n"},"syslogEnabled":{"type":"boolean","description":"Enable/disable log upload to the Syslog server. The default value is 'false'."},"syslogServerIp":{"type":"string","description":"IP address of the Syslog server."},"syslogServerPort":{"type":"integer","description":"Port of the Syslog server."},"syslogProtocol":{"type":"string","description":"Protocol of the Syslog server."},"syslogFacility":{"type":"string","description":"Name of the Syslog server facility."},"allowSuAccess":{"type":"boolean","description":"Allow/disallow \"root\" to impersonate as other users. The default value is 'false'."},"clusterHostList":{"type":"string","description":"Semi-colon separated list of hostname or IP of the all the cluster nodes."},"clusterPort":{"type":"integer","description":"Port number on which all nodes in the cluster will run. The default value is '443'."},"allowSuException":{"type":"string","description":"Semi-colon separated list of users to be prevented from gaining access rights of a different user through su."},"clientPollingIntervalMin":{"type":"integer","description":"Minimum value in sec(s) for client poll interval. The lowest possible value is 60 sec(s) and default value is 180 secs(s)"},"clientPollingIntervalMax":{"type":"integer","description":"Maximum value in sec(s) for client poll interval. The default value is 360 secs(s)"},"fingerPrintCheck":{"type":"boolean","description":"Require a fingerprint check for all programs that are specified in an \"access policy\". The default value is 'false'."}}}]},"examples":{"application/json":{"id":"2327602e-7e02-4a6f-87b9-20415e2b85df","uri":"kylo:kylo:mogambo:clientprofile:ClientProfile_1519477559","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T13:05:58.965702Z","name":"ClientProfile_Windows","updatedAt":"2018-02-24T13:05:58.965702Z","allowOffline":false,"offlineTimeout":7,"logLevel":"WARN","syslogEnabled":false,"allowSuAccess":true,"allowSuException":"root","clusterHostList":"10.168.12.34;10.168.14.56","clusterPort":443,"clientPollingIntervalMin":180,"clientPollingIntervalMax":360,"fingerPrintCheck":true}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Updates details of a client profile.","tags":["ProtectFile/ClientProfiles"],"parameters":[{"name":"body","in":"body","description":"The client profile properties to change. The properties will be merged with the client profile resource.\n","schema":{"type":"object","title":"Update Client Profile","properties":{"allowOffline":{"type":"boolean","description":"Enable/disable the offline mode."},"offlineTimeout":{"type":"integer","description":"Duration of the offline mode in days."},"logLevel":{"type":"string","description":"Log level configuration for the ProtectFile client logs.\nValues can be `ERROR`, `WARN`, `INFO`, `DEBUG`, `NONE`. ERROR will log only\nerrors, WARN will log errors and warnings and so on.\n`NONE` will disable logging. The default log level is `WARN`.\n"},"syslogEnabled":{"type":"boolean","description":"Enable/disable log upload to the Syslog server."},"syslogServerIp":{"type":"string","description":"IP address of the Syslog server."},"syslogServerPort":{"type":"integer","description":"Port of the Syslog server."},"syslogProtocol":{"type":"string","description":"Protocol of the Syslog server."},"syslogFacility":{"type":"string","description":"Name of the Syslog server facility."},"allowSuAccess":{"type":"boolean","description":"Allow/disallow \"root\" to impersonate as other users."},"clusterHostList":{"type":"string","description":"Semi-colon separated list of hostname or IP of the nodes wanting to join the cluster. The default value is ''."},"clusterPort":{"type":"integer","description":"Port on which all nodes in the cluster will run. The default value is '0'."},"allowSuException":{"type":"string","description":"Semi-colon separated list of users to be prevented from gaining access rights of a different user through su."},"clientPollingIntervalMin":{"type":"integer","description":"Minimum value in sec(s) for client poll interval. The lowest possible value is 60 sec(s) and default value is 180 secs(s)"},"clientPollingIntervalMax":{"type":"integer","description":"Maximum value in sec(s) for client poll interval. The default value is 360 secs(s)"},"fingerPrintCheck":{"type":"boolean","description":"Require a fingerprint check for all programs that are specified in an \"access policy\". The default value is 'false'."}},"example":{"allowOffline":true,"offlineTimeout":10,"logLevel":"DEBUG","syslogEnabled":true,"syslogServerIp":"10.164.16.100","syslogServerPort":514,"syslogProtocol":"tcp","syslogFacility":"local1","allowSuAccess":false,"clusterHostList":"10.168.12.34;10.168.14.56","clusterPort":443}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a ProtectFile client on CipherTrust Manager.","type":"string"},"ipHostname":{"description":"IP address or hostname of the ProtectFile client.This field is used for identification of client.","type":"string"},"clientProfile":{"description":"Client profile to use by the ProtectFile client.","type":"string"},"osType":{"description":"Operating system of the ProtectFile client machine (windows or linux).","type":"string"},"sharedSecret":{"description":"The shared secret.","type":"string"},"isBootstrapped":{"description":"The client has been bootstrapped.","type":"boolean"},"productName":{"description":"CTE-U, or blank.","type":"string"},"productVersion":{"description":"The CTE-U version, or blank.","type":"string"},"productMajorVersion":{"description":"The CTE-U major version number, or blank.","type":"integer"},"productMinorVersion":{"description":"The CTE-U minor version number, or blank.","type":"integer"},"osVersion":{"description":"The OS distribution name and version (CTE-U only).","type":"string"},"kernelVersion":{"description":"The version of the linux kernel (CTE-U only).","type":"string"},"lastCheckIn":{"description":"A timestamp of the last time the client checked in with the CipherTrust Manager.","type":"string"},"clientDescription":{"description":"An editable string that describes the client.","type":"string"}}}]},"examples":{"application/json":{"id":"2ab12cb5-b444-425e-8019-dd2228495c74","uri":"kylo:kylo:mogambo:clientprofile:ClientProfile_1519477869","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T13:11:08.8083Z","name":"ClientProfile_Windows","updatedAt":"2018-02-24T13:11:16.652176146Z","allowOffline":true,"offlineTimeout":10,"logLevel":"DEBUG","syslogEnabled":true,"syslogServerIp":"10.164.16.100","syslogServerPort":514,"syslogProtocol":"udp","syslogFacility":"local1","allowSuAccess":false,"clusterHostList":"10.168.12.34;10.168.14.56","clusterPort":443,"clientPollingIntervalMin":180,"clientPollingIntervalMax":360,"fingerPrintCheck":true}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a client profile.","tags":["ProtectFile/ClientProfiles"],"responses":{"204":{"description":"No Content | Successful deletion of client profile.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/clients/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of ProtectFile clients added to the CipherTrust Manager. The results can be filtered, using the query parameters.\n","tags":["ProtectFile/Clients"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter the results by client's name."},{"name":"ipHostname","in":"query","required":false,"type":"string","description":"Filter the results by clients's IP address or hostname."},{"name":"osType","in":"query","required":false,"type":"string","description":"Filter the results by client's operating system."},{"name":"clientProfile","in":"query","required":false,"type":"string","description":"Filter the results by client's client profile."},{"name":"clientDescription","in":"query","required":false,"type":"string","description":"Filter the results by client's client description."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a ProtectFile client on CipherTrust Manager.","type":"string"},"ipHostname":{"description":"IP address or hostname of the ProtectFile client.This field is used for identification of client.","type":"string"},"clientProfile":{"description":"Client profile to use by the ProtectFile client.","type":"string"},"osType":{"description":"Operating system of the ProtectFile client machine (windows or linux).","type":"string"},"sharedSecret":{"description":"The shared secret.","type":"string"},"isBootstrapped":{"description":"The client has been bootstrapped.","type":"boolean"},"productName":{"description":"CTE-U, or blank.","type":"string"},"productVersion":{"description":"The CTE-U version, or blank.","type":"string"},"productMajorVersion":{"description":"The CTE-U major version number, or blank.","type":"integer"},"productMinorVersion":{"description":"The CTE-U minor version number, or blank.","type":"integer"},"osVersion":{"description":"The OS distribution name and version (CTE-U only).","type":"string"},"kernelVersion":{"description":"The version of the linux kernel (CTE-U only).","type":"string"},"lastCheckIn":{"description":"A timestamp of the last time the client checked in with the CipherTrust Manager.","type":"string"},"clientDescription":{"description":"An editable string that describes the client.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"69930680-4223-49fd-bc3b-ab74be55a094","uri":"kylo:kylo:mogambo:clients:Client_1519478372","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T13:19:32.330947Z","name":"Client_Windows","updatedAt":"2018-02-24T13:19:32.330947Z","ipHostname":"server01.domain.com","osType":"windows","clientProfile":"ClientProfile_Windows","sharedSecret":"","isBootstrapped":true,"productName":"CTE-U","productVersion":"9.3.0.000.999","productMajorVersion":"9","productMinorVersion":"3","osVersion":"CentOS Linux7","kernelVersion":"3.10.0-1160.21.1.el7.x86_64","lastCheckIn":"2021-08-19T21:30:06.705652Z","clientDescription":"NFS Server"}]}}}}}},"/v1/protectfile/clients/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a ProtectFile client.","tags":["ProtectFile/Clients"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a ProtectFile client on CipherTrust Manager.","type":"string"},"ipHostname":{"description":"IP address or hostname of the ProtectFile client.This field is used for identification of client.","type":"string"},"clientProfile":{"description":"Client profile to use by the ProtectFile client.","type":"string"},"osType":{"description":"Operating system of the ProtectFile client machine (windows or linux).","type":"string"},"sharedSecret":{"description":"The shared secret.","type":"string"},"isBootstrapped":{"description":"The client has been bootstrapped.","type":"boolean"},"productName":{"description":"CTE-U, or blank.","type":"string"},"productVersion":{"description":"The CTE-U version, or blank.","type":"string"},"productMajorVersion":{"description":"The CTE-U major version number, or blank.","type":"integer"},"productMinorVersion":{"description":"The CTE-U minor version number, or blank.","type":"integer"},"osVersion":{"description":"The OS distribution name and version (CTE-U only).","type":"string"},"kernelVersion":{"description":"The version of the linux kernel (CTE-U only).","type":"string"},"lastCheckIn":{"description":"A timestamp of the last time the client checked in with the CipherTrust Manager.","type":"string"},"clientDescription":{"description":"An editable string that describes the client.","type":"string"}}}]},"examples":{"application/json":{"id":"4b6de4b0-d70e-42c8-a555-e8c791ed2ebf","uri":"kylo:kylo:mogambo:clients:Client_1519478754","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T13:25:54.062258Z","name":"Client_Windows","updatedAt":"2018-02-24T13:25:54.062258Z","ipHostname":"server01.domain.com","osType":"windows","clientProfile":"ClientProfile_Windows","sharedSecret\"":"","isBootstrapped\"":true,"productName\"":"CTE-U","productVersion\"":"9.3.0.000.999","productMajorVersion\"":"9","productMinorVersion\"":"3","osVersion\"":"CentOS Linux7","kernelVersion\"":"3.10.0-1160.21.1.el7.x86_64","lastCheckIn\"":"2021-08-19T21:30:06.705652Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Updates the details of a client on the CipherTrust Manager.","tags":["ProtectFile/Clients"],"parameters":[{"name":"body","in":"body","description":"The ProtectFile client properties to change. The properties will be merged\nwith the client resource.\n","schema":{"type":"object","title":"Update Client","properties":{"ipHostname":{"type":"string","description":"IP address or hostname of the ProtectFile client.This field is used for identification of client."},"osType":{"type":"string","description":"Operating system of the ProtectFile client."},"clientProfile":{"type":"string","description":"Client profile for the ProtectFile client."},"clientDescription":{"type":"string","description":"Client description for the ProtectFile client."}},"example":{"ipHostname":"10.164.15.103","osType":"linux","clientProfile":"ClientProfile_Linux","clientDescription":"Local File Server"}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a ProtectFile client on CipherTrust Manager.","type":"string"},"ipHostname":{"description":"IP address or hostname of the ProtectFile client.This field is used for identification of client.","type":"string"},"clientProfile":{"description":"Client profile to use by the ProtectFile client.","type":"string"},"osType":{"description":"Operating system of the ProtectFile client machine (windows or linux).","type":"string"},"sharedSecret":{"description":"The shared secret.","type":"string"},"isBootstrapped":{"description":"The client has been bootstrapped.","type":"boolean"},"productName":{"description":"CTE-U, or blank.","type":"string"},"productVersion":{"description":"The CTE-U version, or blank.","type":"string"},"productMajorVersion":{"description":"The CTE-U major version number, or blank.","type":"integer"},"productMinorVersion":{"description":"The CTE-U minor version number, or blank.","type":"integer"},"osVersion":{"description":"The OS distribution name and version (CTE-U only).","type":"string"},"kernelVersion":{"description":"The version of the linux kernel (CTE-U only).","type":"string"},"lastCheckIn":{"description":"A timestamp of the last time the client checked in with the CipherTrust Manager.","type":"string"},"clientDescription":{"description":"An editable string that describes the client.","type":"string"}}}]},"examples":{"application/json":{"id":"f9e1c4b3-1449-4b00-a480-6b101c395ff2","uri":"kylo:kylo:mogambo:clients:Client_1519479034","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T13:30:34.237821Z","name":"Client_Linux","updatedAt":"2018-02-24T13:30:41.099510554Z","ipHostname":"10.164.15.103","osType":"linux","clientProfile":"ClientProfile_Linux","clientDescription":"Local File Server"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a ProtectFile client from the CipherTrust Manager.\n\n_Note: Deleting a ProtectFile client will dis-associate all the rules. This is an irreversible event._\n","tags":["ProtectFile/Clients","Danger"],"responses":{"204":{"description":"No Content | Successful deletion of ProtectFile client.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/clients/{clientId}/fingerprint/refresh":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"patch":{"summary":"Fingerprint refresh","description":"Force the CTE-U client to reload fingerprint data.\n","tags":["ProtectFile/Clients"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the CTE-U client.","type":"string","required":true}],"responses":{"204":{"description":"Success. Fingerprint records for the specified client have been removed.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/clients/{clientId}/shares/{shareId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create Link","description":"Create a link between client with id '_clientId_' and network share with id '_shareId_'.\n","tags":["ProtectFile/Client-Share"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can bethe ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"shareId","in":"path","description":"An identifier of the network share. This can be the ID (a UUIDv4), the URI, or the slug which is the last component of the URI).","type":"string","required":true}],"responses":{"201":{"description":"Successful link creation.","schema":{"type":"object"},"examples":{"application/json":{"id":"f5d29707-6572-4ab8-8c14-aff8b7195664","uri":"kylo:kylo:mogambo:client_rule_association:f5d29707-6572-4ab8-8c14-aff8b7195664","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-23T16:19:56.428692275Z","updatedAt":"2018-05-23T16:19:56.428692275Z","shareId":"79a27b89-7e02-4afa-85d2-8ac5d5677f23","clientID":"db0b7cd9-a27e-4334-bfd9-a3c375b07fde"}}}}},"delete":{"summary":"Delete Link","description":"Removes a network share from the client.","tags":["ProtectFile/Client-Share"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can bethe ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"shareId","in":"path","description":"An identifier of the network share. This can be the ID(a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"get":{"summary":"Get Link","description":"Returns the list of network shares for a ProtectFile client.\n","tags":["ProtectFile/Client-Share"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can be the ID (a UUIDv4), the URI, or the slug which is the last component of the URI).","type":"string","required":true},{"name":"shareId","in":"path","required":true,"type":"string","description":"An identifier of the ProtectFile share. This can be the ID (a UUIDv4), the URI, or the slug which is the last component of the URI)."}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"clientId":{"description":"Unique identifier of the ProtectFile client.","type":"string"},"shareId":{"description":"Unique identifier of the share.","type":"string"}}}]},"examples":{"application/json":{"id":"22848ff3-18ec-4600-9219-49e58b748282","uri":"kylo:kylo:mogambo:client_share_association:22848ff3-18ec-4600-9219-49e58b748282","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-09-20T04:37:42.969067Z","updatedAt":"2018-09-20T04:37:42.969067Z","shareId":"52d62aaa-61f6-4e93-a799-bc02e2ae0aa1","clientId":"84646ede-3a2e-4b38-b933-9051f650b6b7"}}}}}},"/v1/protectfile/clients/{clientId}/shares/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Shares","description":"Returns the list of network shares for a ProtectFile client.\n","tags":["ProtectFile/Client-Share"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can be the ID (a UUIDv4), the URI, or the slug which is the last component of the URI).","type":"string","required":true},{"name":"type","in":"query","required":false,"type":"string","description":"Filter result by share type."},{"name":"shareId","in":"query","required":false,"type":"string","description":"Filter result by share id."},{"name":"shareName","in":"query","required":false,"type":"string","description":"Filter result by share name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"clientId":{"description":"Unique identifier of the ProtectFile client.","type":"string"},"shareId":{"description":"Unique identifier of the share.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"22848ff3-18ec-4600-9219-49e58b748282"},{"uri":"kylo:kylo:mogambo:client_share_association:22848ff3-18ec-4600-9219-49e58b748282"},{"account":"kylo:kylo:admin:accounts:kylo"},{"application":"ncryptify:gemalto:admin:apps:kylo"},{"devAccount":"ncryptify:gemalto:admin:accounts:gemalto"},{"createdAt":"2018-09-20T04:37:42.969067Z"},{"updatedAt":"2018-09-20T04:37:42.969067Z"},{"shareId":"52d62aaa-61f6-4e93-a799-bc02e2ae0aa1"},{"clientId":"84646ede-3a2e-4b38-b933-9051f650b6b7"}]}}}}}},"/v1/protectfile/clients/{clientId}/clusters/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Clusters","description":"Returns the list of Clusters for a ProtectFile client.\n","tags":["ProtectFile/Clients"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can be the ID (a UUIDv4), the URI, or the slug which is the last component of the URI).","type":"string","required":true},{"name":"clusterId","in":"query","required":false,"type":"string","description":"Filter result by cluster id."},{"name":"clusterName","in":"query","required":false,"type":"string","description":"Filter result by cluster name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"clusterId":{"description":"Unique identifier of the ProtectFile cluster. This value is the yugo `ID`.","type":"string"},"clientId":{"description":"Unique identifier of the client. This value is the yugo `ID`.","type":"string"},"clusterName":{"description":"Name of cluster corresponding to clusterId.","type":"string"},"clientName":{"description":"Name of client corresponding to clientId.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"22848ff3-18ec-4600-9219-49e58b748282"},{"uri":"kylo:kylo:mogambo:client_cluster_association:22848ff3-18ec-4600-9219-49e58b748282"},{"account":"kylo:kylo:admin:accounts:kylo"},{"application":"ncryptify:gemalto:admin:apps:kylo"},{"devAccount":"ncryptify:gemalto:admin:accounts:gemalto"},{"createdAt":"2018-09-20T04:37:42.969067Z"},{"updatedAt":"2018-09-20T04:37:42.969067Z"},{"shareId":"52d62aaa-61f6-4e93-a799-bc02e2ae0aa1"},{"clientId":"84646ede-3a2e-4b38-b933-9051f650b6b7"}]}}}}}},"/v1/protectfile/shares/{shareId}/clients/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Clients","description":"Returns the list of clients associated with network shares.\n","tags":["ProtectFile/Client-Share"],"parameters":[{"name":"shareId","in":"path","description":"An identifier of the ProtectFile shares. This can be the ID (a UUIDv4), the URI, or the slug which is the last component of the URI).","type":"string","required":true},{"name":"type","in":"query","required":false,"type":"string","description":"Filter result by share type."},{"name":"clientId","in":"query","required":false,"type":"string","description":"Filter result by client id."},{"name":"clientName","in":"query","required":false,"type":"string","description":"Filter result by client name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"clientId":{"description":"Unique identifier of the ProtectFile client.","type":"string"},"shareId":{"description":"Unique identifier of the share.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"22848ff3-18ec-4600-9219-49e58b748282"},{"uri":"kylo:kylo:mogambo:client_share_association:22848ff3-18ec-4600-9219-49e58b748282"},{"account":"kylo:kylo:admin:accounts:kylo"},{"application":"ncryptify:gemalto:admin:apps:kylo"},{"devAccount":"ncryptify:gemalto:admin:accounts:gemalto"},{"createdAt":"2018-09-20T04:37:42.969067Z"},{"updatedAt":"2018-09-20T04:37:42.969067Z"},{"shareId":"52d62aaa-61f6-4e93-a799-bc02e2ae0aa1"},{"clientId":"84646ede-3a2e-4b38-b933-9051f650b6b7"}]}}}}}},"/v1/protectfile/rules/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Adds a new rule to the ProtectFile clients\nusing a rule identifier. The rule status and parameters specific to a client-rule combination are present in the client-rule association.\nA rule is an unnamed resource. Either `includeExtensions` or `excludeExtensions` can be present in a single rule.\n","tags":["ProtectFile/Rules"],"parameters":[{"name":"body","in":"body","description":"ProtectFile rule creation parameters.","schema":{"type":"object","title":"Create Rule","required":["path"],"properties":{"path":{"type":"string","description":"Path of the directory or file to protect. Paths to encrypt or decrypt are referred to as \"encryption paths\" in this document."},"name":{"type":"string","description":"Name for the rule. If name is not provided, a name of the form \"Rule-XXXX\" is automatically generated, where XXXX is a random string 27 characters."},"includeExtensions":{"type":"string","description":"Extensions of files to encrypt. This option is applicable if 'EncryptData' is \"true\". Multiple values should be provided as Semi-colon seperated list. Either `includeExtensions` or `excludeExtensions` can be present."},"excludeExtensions":{"type":"string","description":"Extensions of files to ignore during encryption. This option is applicable if 'EncryptData' is \"true\". Multiple values should be provided as Semi-colon seperated list. Either `includeExtensions` or `excludeExtensions` can be present."},"isDirectory":{"type":"boolean","description":"Whether the 'Path' is a directory. Default value is `true`."},"isRecursive":{"type":"boolean","description":"Whether the rule will be applied recursively if \"path\" is a directory. Default value is `true`."},"ignoreDirectory":{"type":"string","description":"(Applicable to Linux clients) Comma-separated list of directories to ignore during encryption. Default value is `true`."},"encryptData":{"type":"boolean","description":"Whether to encrypt data or provide access control only. \"true\" for encryption, \"false\" for no encryption. Default value is `true`."},"skipMigration":{"type":"boolean","description":"Skip the migration step when adding a new directory. CTE-U will NOT wait for agent to scan all files before it marks the path encryption completed. \"true\" to skip migration, \"false\" to perform migration. Default value is `false`."}},"example":{"path":"/tmp/file1.txt","name":"RecordEncryptRule","includeExtensions":"*.txt;*.gif","excludeExtensions":"*.pem","isDirectory":true,"isRecursive":true,"ignoreDirectory":"/usr/local, /var/log","encryptData":true,"skipMigration":false}}}],"responses":{"201":{"description":"Successful rule creation.","schema":{"type":"object"},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:mogambo:rules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-24T14:15:47.331272857Z","updatedAt":"2018-05-24T14:15:47.331272857Z","path":"C:\\AppData","name":"RecordEncryptRule","includeExtensions":"","excludeExtensions":"","isRecursive":true,"ignoreDirectory":"","encryptData":true,"skipMigration":false,"isDirectory":true}}}}},"get":{"summary":"List","description":"Returns the list of rules added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["ProtectFile/Rules"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the rule name."},{"name":"encryptData","in":"query","required":false,"type":"boolean","description":"Filter result for encryption or Access-Only rules."},{"name":"skipMigration","in":"query","required":false,"type":"boolean","description":"Filter result for migrate or do-not-migrate rules."},{"name":"path","in":"query","required":false,"type":"string","description":"Filter result using the path."},{"name":"isDirectory","in":"query","required":false,"type":"boolean","description":"Filter result for Directory or File type rules."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"path":{"description":"Path of the directory or file where to protect. Paths to encrypt or decrypt are referred to as \"encryption paths\" in this document.","type":"string"},"name":{"description":"Optional name for the rule. If name is not provided, a name of the form \"Rule-XXXX\" is automatically generated, where XXXX is a random string 27 characters.","type":"string"},"includeExtensions":{"description":"File extensions (Semi-colon separated list) on which the rule will be applied. This tag is applicable to \"encrypt data\" policies only.","type":"string"},"excludeExtensions":{"description":"File extensions (Semi-colon separated list) on which the rule will not be applied. This tag is applicable to \"encrypt data\" policies only.","type":"string"},"isDirectory":{"description":"Whether the path is a directory.","type":"boolean"},"isRecursive":{"description":"Whether the rule will be applied recursively if path is a directory.","type":"boolean"},"ignoreDirectory":{"description":"(Applicable to Linux clients) Comma-separated list of directories to ignore during encryption.","type":"string"},"encryptData":{"description":"Whether to encrypt data or perform access checks only (no encryption). \"true\" for encryption, \"false\" for no encryption.","type":"boolean"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"2,","resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:mogambo:rules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-24T14:15:47.331272857Z","updatedAt":"2018-05-24T14:15:47.331272857Z","path":"C:\\AppData","name":"RecordEncryptRule","includeExtensions":"","excludeExtensions":"","isRecursive":true,"ignoreDirectory":"","encryptData":true,"skipMigration":false,"isDirectory":true},{"id":"2a650512-2564-4f6b-aa43-d8105d4d5f69","uri":"kylo:kylo:mogambo:rules:2a650512-2564-4f6b-aa43-d8105d4d5f69","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-24T14:22:01.504063739Z","updatedAt":"2018-05-24T14:22:01.504063739Z","path":"C:\\ProtectedData","name":"Rule-S%^GHT@#KIU&*%T%%dfvaenjutf","includeExtensions":"","excludeExtensions":"","isRecursive":true,"ignoreDirectory":"","encryptData":false,"skipMigration":false,"isDirectory":true}]}}}}}},"/v1/protectfile/rules/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modify rule parameters. The parameters which are to be modified are placed in the body params. There is no default value for parameters.\n","tags":["ProtectFile/Rules"],"parameters":[{"name":"body","in":"body","description":"ProtectFile rule parameters.","schema":{"type":"object","title":"Modify Rule","properties":{"path":{"type":"string","description":"Path of the directory or file to protect. Paths to encrypt or decrypt are referred to as \"encryption paths\" in this document."},"isDirectory":{"type":"boolean","description":"Whether the 'Path' is a directory."},"isRecursive":{"type":"boolean","description":"Whether the rule will be applied recursively if \"path\" is a directory."},"ignoreDirectory":{"type":"string","description":"(Applicable to Linux clients) Comma-separated list of directories to ignore during encryption."},"encryptData":{"type":"boolean","description":"Whether to encrypt data or provide access control only (no encryption). \"true\" for encryption, \"false\" for no encryption."},"skipMigration":{"type":"boolean","description":"Lets the customer skip the migration step. In other words, it will NOT wait for agent to scan all files before it marks the path encryption completed. \"true\" to skip migration, \"false\" to perform migration. Default value is `false`."}},"example":{"isRecursive":true}}}],"responses":{"201":{"description":"Successful resource update.","schema":{"type":"object"},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:mogambo:rules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-24T14:15:47.331272857Z","updatedAt":"2018-05-24T14:15:47.331272857Z","path":"C:\\AppData","name":"RecordEncryptRule","includeExtensions":"","excludeExtensions":"","isRecursive":true,"ignoreDirectory":"","encryptData":true,"skipMigration":false,"isDirectory":true}}}}},"get":{"summary":"Get","description":"Returns details of a rule with the given id.\n","tags":["ProtectFile/Rules"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:mogambo:rules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-24T14:15:47.331272857Z","updatedAt":"2018-05-24T14:15:47.331272857Z","path":"C:\\AppData","name":"RecordEncryptRule","includeExtensions":"","excludeExtensions":"","isRecursive":true,"ignoreDirectory":"","encryptData":true,"skipMigration":false,"isDirectory":true}}}}},"delete":{"summary":"Delete","description":"Deletes a rule with a given id if it is not used by any ProtectFile client.","tags":["ProtectFile/Rules"],"responses":{"204":{"description":"No Content | Successful deletion of rule.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/clients/{clientId}/rules/{ruleId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add Rule","description":"Create a link between client with id '_clientId_' and rule with id '_ruleId_'\n","tags":["ProtectFile/Clients"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"ProtectFile client-rule link creation parameters.","schema":{"type":"object","title":"Create Client Rule link","required":["accessPolicyGroup"],"properties":{"keyName":{"type":"string","description":"Name of the key to encrypt data. Encryption keys are not needed if 'EncryptData' is \"false\"."},"accessPolicyGroup":{"type":"string","description":"Identifier of the access policy group to use for controlling access."}}}}],"responses":{"201":{"description":"Successful rule addition.","schema":{"type":"object"},"examples":{"application/json":{"id":"f5d29707-6572-4ab8-8c14-aff8b7195664","uri":"kylo:kylo:mogambo:client_rule_association:f5d29707-6572-4ab8-8c14-aff8b7195664","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-23T16:19:56.428692275Z","updatedAt":"2018-05-23T16:19:56.428692275Z","parentId":"79a27b89-7e02-4afa-85d2-8ac5d5677f23","ruleID":"db0b7cd9-a27e-4334-bfd9-a3c375b07fde","ruleSeqNumber":0,"ruleOperation":"None","ruleState":"Created","ruleFailed":"No","keyName":"pf-aes-256","oldKeyName":"","keyRotationType":"Shallow","accessPolicyGroup":"DemoGroup","ruleType":"LOCAL","driveGUID":"11111111-1111-1111-1111-111111111111"}}}}},"get":{"summary":"Get Rule","description":"Returns a link between clientId and ruleId along with other parameters like ruleState, failedEarlier and driveGuid.\n","tags":["ProtectFile/Clients"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"ruleId":"a645e023-2224-4aa5-ba6b-586653051ef1","ruleSeqNumber":0,"path":"/opt/test/1_50","name":"Rule-McASQ3QIKthU/o/MtVdwRyik40na9Prw/uiP","ruleType":"LOCAL","keyName":"testKey_1_50","oldKeyName":"","includeExtensions":"","excludeExtensions":"","isRecursive":true,"ignoreDirectory":"","encryptData":true,"skipMigration":false,"keyRotationType":"Shallow","ruleState":"InProgress","failedRule":"No","ruleOperation":"Encrypt","isDirectory":true,"accessPolicyGroup":"APG1_1","driveGUID":"11111111-1111-1111-1111-111111111111"}}}}},"delete":{"summary":"Remove Rule","description":"Removes a rule from the client","tags":["ProtectFile/Clients"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/clients/{clientId}/rules/{ruleId}/operation":{"patch":{"summary":"Deploy Rule","description":"Updates operation for rule of a client for Encryption, Rekey and Decryption.\nUser can also modify the access policy group linked to client-rule link.\nFor Rekey/Key Rotation `keyName` is required field.\n","tags":["ProtectFile/Clients"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"ProtectFile rule update parameters.","schema":{"type":"object","title":"Modify Rule operation","properties":{"ruleOperation":{"type":"string","description":"The operation to perform on the rule. The valid values are \"Encrypt\" \"KeyRotate\" and \"Decrypt\".\n"},"keyName":{"type":"string","description":"Name of the key to encrypt data. This option is applicable if 'encryptData' is \"true\"."},"keyRotationType":{"type":"string","description":"Type of Key Rotation operation. Not valid if 'NoEncryption' is true.\nValid values are `Shallow` and `Deep`. Default value for Key Rotation is `shallow`.\n"},"accessPolicyGroup":{"type":"string","description":"Access Policy Group identifier to change access control on rule."}},"example":{"ruleOperation":"Encrypt"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"866856b3-2a53-4d35-bcbc-f848aa120398","uri":"kylo:kylo:mogambo:client_rule_association:866856b3-2a53-4d35-bcbc-f848aa120398","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-24T07:07:05.748731Z","updatedAt":"2018-05-24T14:31:11.264614636Z","parentId":"fb40eecc-9c2a-437b-9f88-b690a14f5a3d","ruleID":"b9a3fa37-6c03-4701-b96f-0f6fd7386844","ruleSeqNumber":0,"ruleOperation":"KeyRotate","ruleState":"InProgress","ruleFailed":"No","keyName":"DemoKey1","oldKeyName":"DemoKey2","keyRotationType":"Shallow","accessPolicyGroup":"DemoAPG","ruleType":"LOCAL","driveGUID":"80c02829-dfd9-4c93-9f25-0b57ef7792ff"}}}}}},"/v1/protectfile/clients/{clientId}/rules/{ruleId}/drive_guid":{"patch":{"summary":"Update Drive GUID","description":"Updates the drive GUID of a LOCAL rule of a client.\nThe rule has to be in the Encrypted state to be able to successfully update the drive GUID.\nThis operation is only valid for Windows Clients.\nMembers of the Protectfile Admins Group are allowed to update the drive GUID.\n","tags":["ProtectFile/Clients"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"driveGUID","in":"body","required":true,"description":"ProtectFile rule update parameters.","schema":{"type":"object","title":"Modify Drive GUID","required":["driveGUID"],"properties":{"driveGUID":{"type":"string","description":"The new drive GUID to be used.\n"}},"example":{"driveGUID":"80c02829-dfd9-4c93-9f25-0b57ef7792ff"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"f5d29707-6572-4ab8-8c14-aff8b7195664","uri":"kylo:kylo:mogambo:client_rule_association:f5d29707-6572-4ab8-8c14-aff8b7195664","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-23T16:19:56.428692275Z","updatedAt":"2018-05-23T16:19:56.428692275Z","parentId":"79a27b89-7e02-4afa-85d2-8ac5d5677f23","ruleID":"db0b7cd9-a27e-4334-bfd9-a3c375b07fde","ruleSeqNumber":0,"ruleOperation":"None","ruleState":"Encrypted","ruleFailed":"No","keyName":"pf-aes-256","oldKeyName":"","keyRotationType":"Shallow","accessPolicyGroup":"DemoGroup","ruleType":"LOCAL","driveGUID":"80c02829-dfd9-4c93-9f25-0b57ef7792ff"}}}}}},"/v1/protectfile/clients/{clientId}/rules/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Show Rules","description":"Returns the list of rules for a ProtectFile client.\n","tags":["ProtectFile/Clients"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleOperation","in":"query","required":false,"type":"string","description":"Filter result by rule operation."},{"name":"ruleState","in":"query","required":false,"type":"string","description":"Filter result by rule state."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"parentId":{"description":"Unique identifier of the ProtectFile client.","type":"string"},"ruleId":{"description":"Unique identifier of the rule.","type":"string"},"ruleSeqNumber":{"description":"Rule sequence number","type":"integer"},"ruleOperation":{"description":"Operation getting performed on the rule.","type":"string"},"ruleState":{"description":"Current state of the rule.","type":"string"},"ruleFailed":{"description":"Whether the operation on rule has failed.","type":"string"},"keyName":{"description":"Name of the key to encrypt data.","type":"string"},"keyVersion":{"description":"Version of keyName.","type":"integer"},"oldKeyName":{"description":"Name of the old key used for encryption. This key will be replaced by a new key to perform key rotation.","type":"string"},"oldKeyVersion":{"description":"Version of oldKeyName.","type":"integer"},"keyRotationType":{"description":"Type of key rotation - shallow or deep.","type":"string"},"accessPolicyGroup":{"description":"Name of the access policy group.","type":"string"},"ruleType":{"description":"Type of the rule - Local, Network, Cluster.","type":"string"},"driveGUID":{"description":"Drive GUID mapped to path on ProtectFile client.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"ruleId":"a645e023-2224-4aa5-ba6b-586653051ef1","ruleSeqNumber":0,"path":"/opt/test/1_50","name":"Rule-McASQ3QIKthU/o/MtVdwRyik40na9Prw/uiP","ruleType":"LOCAL","keyName":"testKey_1_50","oldKeyName":"","includeExtensions":"","excludeExtensions":"","isRecursive":true,"ignoreDirectory":"","encryptData":true,"skipMigration":false,"keyRotationType":"Shallow","ruleState":"InProgress","failedRule":"No","ruleOperation":"Encrypt","isDirectory":true,"accessPolicyGroup":"APG1_1","driveGUID":"11111111-1111-1111-1111-111111111111"}]}}}}}},"/v1/protectfile/accesspolicies/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new access policy to manage access control of an encrypted path.\nAn access policy can be created for individual entities (users, groups, or processes) or combination of \"user and process\" and \"group and process\".\nAt least one of the entities or valid combination is requied to create access policy.\n","tags":["ProtectFile/AccessPolicies"],"parameters":[{"name":"body","in":"body","description":"Parameters for creating Access Policy.","schema":{"type":"object","title":"Create AccessPolicy","required":["access"],"properties":{"access":{"type":"string","description":"The access to be granted for selected user/group/process or combination.\nValid values for access are `ReadWrite`, `Write`, `Read`, `ReadWriteCipher`\n`ReadCipher` and `NoAccess`. The access `ReadWriteCipher` & `ReadCipher` are not\napplicable for no encryption rule and access policy group.\n"},"name":{"type":"string","description":"Name for the access policy. If name is not provided, a name of the form \"Access-Policy-XXXX\" is automatically generated, where XXXX is a random string 19 characters."},"username":{"type":"string","description":"The username for which access control is to be enforced.\nIf the user is a domain user, specify domain name with the username; for example, user@domain.com.\n"},"groupname":{"type":"string","description":"The group for which access control is to be enforced.\nIf group is a domain group, specify domain name with the groupname; for example, group@domain.com.\n"},"processname":{"type":"string","description":"The name of the process for which access control is to be enforced.\nThe process name should be a fully qualified domain name; for example, /path/to/process or C:\\\\Path\\\\To\\\\Process.exe.\n"}},"example":{"access":"ReadWrite","username":"Administrator","processname":"C:\\Windows\\System32\\notepad.exe","name":"AccessPolicy_1"}}}],"responses":{"201":{"description":"Successful access policy creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"access":{"type":"string","description":"Access type to be granted for user/group/process."},"name":{"type":"string","description":"Optional name for the access policy. If name is not provided, a name of the form \"AccessPolicy-XXXX\" is automatically generated, where XXXX is a random string 19 characters."},"username":{"type":"string","description":"Name of the user for which the policy will be created."},"groupname":{"type":"string","description":"Name of the group for which the policy will be created."},"processname":{"type":"string","description":"Name of the process for which the policy will be created."},"type":{"type":"string","description":"Entity type against which the access check will be performed."}}}]},"examples":{"application/json":{"id":"a114b6c4-8261-4bda-87f4-380f6c1ab7e2","uri":"testapp:bob:mogambo:accesspolicies:a114b6c4-8261-4bda-87f4-380f6c1ab7e2","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-29T21:06:28.094236187+05:30","updatedAt":"2018-04-29T21:06:28.094236187+05:30","username":"Administrator","groupname":"","processname":"","type":"user","access":"ReadWrite","name":"AccessPolicy_1"}}}}},"get":{"summary":"List","description":"Returns a list of access policies. The result can be filtered using the query parameters.","tags":["ProtectFile/AccessPolicies"],"parameters":[{"name":"username","in":"query","required":false,"type":"string","description":"Filter result by username of access policy."},{"name":"groupname","in":"query","required":false,"type":"string","description":"Filter result by groupname of access policy."},{"name":"processname","in":"query","required":false,"type":"string","description":"Filter result by processname of access policy."},{"name":"type","in":"query","required":false,"type":"string","description":"Filter result by type of access policy. Valid values for 'type' are `user`, `group`, `process`, `user AND process` and `group AND process`."},{"name":"access","in":"query","required":false,"type":"string","description":"Filter result by access of access policy. Valid values for access are `ReadWrite`, `Write`, `Read`, `ReadWriteCipher`,\n`ReadCipher` and `NoAccess`. The access `ReadWriteCipher` & `ReadCipher` are not\napplicable for no encryption rule and access policy group.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"access":{"type":"string","description":"Access type to be granted for user/group/process."},"name":{"type":"string","description":"Optional name for the access policy. If name is not provided, a name of the form \"AccessPolicy-XXXX\" is automatically generated, where XXXX is a random string 19 characters."},"username":{"type":"string","description":"Name of the user for which the policy will be created."},"groupname":{"type":"string","description":"Name of the group for which the policy will be created."},"processname":{"type":"string","description":"Name of the process for which the policy will be created."},"type":{"type":"string","description":"Entity type against which the access check will be performed."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"d20fb9b6-013e-4183-b1f4-73dfa907bf75","uri":"testapp:bob:mogambo:accesspolicies:d20fb9b6-013e-4183-b1f4-73dfa907bf75","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-29T12:55:36.66755Z","updatedAt":"2018-04-29T13:01:14.78638Z","username":"Administrator","groupname":"","processname":"","type":"user","access":"ReadWrite","name":"AccessPolicy_1"}]}}}}}},"/v1/protectfile/accesspolicies/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an access policy with the given `id`.","tags":["ProtectFile/AccessPolicies"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"access":{"type":"string","description":"Access type to be granted for user/group/process."},"name":{"type":"string","description":"Optional name for the access policy. If name is not provided, a name of the form \"AccessPolicy-XXXX\" is automatically generated, where XXXX is a random string 19 characters."},"username":{"type":"string","description":"Name of the user for which the policy will be created."},"groupname":{"type":"string","description":"Name of the group for which the policy will be created."},"processname":{"type":"string","description":"Name of the process for which the policy will be created."},"type":{"type":"string","description":"Entity type against which the access check will be performed."}}}]},"examples":{"application/json":{"id":"d20fb9b6-013e-4183-b1f4-73dfa907bf75","uri":"testapp:bob:mogambo:accesspolicies:d20fb9b6-013e-4183-b1f4-73dfa907bf75","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-29T12:55:36.66755Z","updatedAt":"2018-04-29T13:01:14.78638Z","username":"Administrator","groupname":"","processname":"","type":"user","access":"ReadWrite","name":"AccessPolicy_1"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Updates parameters of an Access Policy with the given `id`.","tags":["ProtectFile/AccessPolicies"],"parameters":[{"name":"body","in":"body","description":"Properties of the access policy to change. The properties will be merged with the access policy resource.\n","schema":{"type":"object","title":"Update Access Policy","properties":{"access":{"type":"string","description":"The access to be granted to the specified user/group/process or their combination.\nThe valid values are `ReadWrite`, `Write`, `Read`, `ReadWriteCipher`,\n`ReadCipher`, and `NoAccess`. The access `ReadWriteCipher` & `ReadCipher` are not\napplicable for no encryption rule and access policy group.\n"},"username":{"type":"string","description":"The username for which access control is to be enforced.\nIf the user is a domain user, specify domain name with the username; for example, user@domain.com.\n"},"groupname":{"type":"string","description":"The group for which access control is to be enforced.\nIf group is a domain group, specify domain name with the groupname; for example, group@domain.com.\n"},"processname":{"type":"string","description":"The name of the process for which access control is to be enforced.\nThe process name should be a fully qualified domain name; for example, /path/to/process or C:\\\\Path\\\\To\\\\Process.exe.\n"}},"example":{"access":"Encrypt","username":"root","groupname":"wheel","processname":"/usr/bin/tar"}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"access":{"type":"string","description":"Access type to be granted for user/group/process."},"name":{"type":"string","description":"Optional name for the access policy. If name is not provided, a name of the form \"AccessPolicy-XXXX\" is automatically generated, where XXXX is a random string 19 characters."},"username":{"type":"string","description":"Name of the user for which the policy will be created."},"groupname":{"type":"string","description":"Name of the group for which the policy will be created."},"processname":{"type":"string","description":"Name of the process for which the policy will be created."},"type":{"type":"string","description":"Entity type against which the access check will be performed."}}}]},"examples":{"application/json":{"id":"d20fb9b6-013e-4183-b1f4-73dfa907bf75","uri":"testapp:bob:mogambo:accesspolicies:d20fb9b6-013e-4183-b1f4-73dfa907bf75","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-29T12:55:36.66755Z","updatedAt":"2018-04-29T13:01:14.78638Z","username":"Administrator","groupname":"","processname":"","type":"user","access":"Encrypt","name":"AccessPolicy_1"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes an access policy with the given `id`.","tags":["ProtectFile/AccessPolicies"],"responses":{"204":{"description":"No Content | Successful deletion of access policy.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/accesspolicygroups/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new access policy group. An access policy group is a logical grouping of access policies of the same type. It is used to link access policies of the same type.\n","tags":["ProtectFile/AccessPolicyGroups"],"parameters":[{"name":"body","in":"body","description":"Parameters for creating AccessPolicyGroup","schema":{"type":"object","title":"Create AccessPolicyGroup","required":["name"],"properties":{"name":{"type":"string","description":"The name of access policy group.\n"},"osType":{"type":"string","description":"The operating system on which the access policy group will be applied.\nThe valid values are 'windows' and 'linux'; default is 'windows'.\n"},"encryptData":{"type":"boolean","description":"Whether the access policy group provides access control only (no encryption). \"false\" for access control only, \"true\" for encryption. If set to \"false\" only access control will be enforced, data will not be encrypted.\n"},"defaultAccess":{"type":"string","description":"Default access permission for the access policy group.\nThis access will be granted if an entity's access request does not match any\naccess policy in the access policy group. The valid values are `ReadWrite`, `Write`, `Read`, `ReadWriteCipher`,\n`ReadCipher`, and `NoAccess`. If not specified, \"NoAccess\" is granted by default.\nThe access `ReadWriteCipher` & `ReadCipher` are not applicable for no encryption rule and access policy group.\n"}},"example":{"name":"Windows_Database_Group","osType":"windows","encryptData":true,"defaultAccess":"NoAccess"}}}],"responses":{"201":{"description":"Successful access policy group creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name for the access policy group."},"osType":{"type":"string","description":"Applicable operating system."},"encryptData":{"type":"boolean","description":"Whether the access policy group provides access control only (no encryption). \"false\" for access control only, \"true\" for encryption.\nIf set to \"false\" only access control will be enforced, data will not be encrypted.\n"},"defaultAccess":{"type":"string","description":"Default access permission for the access policy group. This access will be granted if an entity's access request does not match any access policy in the access policy group."}}}]},"examples":{"application/json":{"id":"0c4b6842-bee4-405c-9a2a-f41dce27f24d","uri":"testapp:bob:mogambo:accesspolicygroups:Windows_Database_Group","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-30T16:52:39.988661441+05:30","name":"Windows_Database_Group","updatedAt":"2018-04-30T16:52:39.988661441+05:30","osType":"windows","encryptData":true,"defaultAccess":"NoAccess"}}}}},"get":{"summary":"List","description":"Returns a list of access policy groups. The result can be filtered using the query parameters.","tags":["ProtectFile/AccessPolicyGroups"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter result by name of accesspolicygroup."},{"name":"osType","in":"query","required":false,"type":"string","description":"Filter result by operating system type of accesspolicygroup. Valid values are `windows` and `linux`."},{"name":"encryptData","in":"query","required":false,"type":"boolean","description":"Filter result by encryption capability of accesspolicygroup. Valid values are `true` and `false`."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name for the access policy group."},"osType":{"type":"string","description":"Applicable operating system."},"encryptData":{"type":"boolean","description":"Whether the access policy group provides access control only (no encryption). \"false\" for access control only, \"true\" for encryption.\nIf set to \"false\" only access control will be enforced, data will not be encrypted.\n"},"defaultAccess":{"type":"string","description":"Default access permission for the access policy group. This access will be granted if an entity's access request does not match any access policy in the access policy group."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"0c4b6842-bee4-405c-9a2a-f41dce27f24d","uri":"testapp:bob:mogambo:accesspolicygroups:Windows_Database_Group","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-30T11:22:39.988661Z","name":"Windows_Database_Group","updatedAt":"2018-04-30T11:22:39.988661Z","osType":"windows","encryptData":true,"defaultAccess":"NoAccess"}]}}}}}},"/v1/protectfile/accesspolicygroups/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an access policy group with the given `id`.","tags":["ProtectFile/AccessPolicyGroups"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name for the access policy group."},"osType":{"type":"string","description":"Applicable operating system."},"encryptData":{"type":"boolean","description":"Whether the access policy group provides access control only (no encryption). \"false\" for access control only, \"true\" for encryption.\nIf set to \"false\" only access control will be enforced, data will not be encrypted.\n"},"defaultAccess":{"type":"string","description":"Default access permission for the access policy group. This access will be granted if an entity's access request does not match any access policy in the access policy group."}}}]},"examples":{"application/json":{"id":"0c4b6842-bee4-405c-9a2a-f41dce27f24d","uri":"testapp:bob:mogambo:accesspolicygroups:Windows_Database_Group","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-30T11:22:39.988661Z","name":"Windows_Database_Group","updatedAt":"2018-04-30T11:22:39.988661Z","osType":"windows","encryptData":true,"defaultAccess":"NoAccess"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Updates the details of an access policy group with the given `id`.","tags":["ProtectFile/AccessPolicyGroups"],"parameters":[{"name":"body","in":"body","description":"Properties of the access policy group to change. The properties will be merged with the access policy resource.\n","schema":{"type":"object","title":"Update Access Policy Group","properties":{"defaultAccess":{"type":"string","description":"default access of the access policy group. The valid values are `ReadWrite`, `Write`, `Read`, `ReadWriteCipher`,\n`ReadCipher`, and `NoAccess`.\n"}},"example":{"defaultAccess":"ReadWriteCipher"}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name for the access policy group."},"osType":{"type":"string","description":"Applicable operating system."},"encryptData":{"type":"boolean","description":"Whether the access policy group provides access control only (no encryption). \"false\" for access control only, \"true\" for encryption.\nIf set to \"false\" only access control will be enforced, data will not be encrypted.\n"},"defaultAccess":{"type":"string","description":"Default access permission for the access policy group. This access will be granted if an entity's access request does not match any access policy in the access policy group."}}}]},"examples":{"application/json":{"id":"0c4b6842-bee4-405c-9a2a-f41dce27f24d","uri":"testapp:bob:mogambo:accesspolicygroups:Windows_Database_Group","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-30T11:22:39.988661Z","name":"Windows_Database_Admin_Group","updatedAt":"2018-04-30T17:06:23.434545831+05:30","osType":"windows","encryptData":true,"defaultAccess":"ReadWriteCipher"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes an access policy group with the given `id`.","tags":["ProtectFile/AccessPolicyGroups"],"responses":{"204":{"description":"No Content | Successful deletion of access policy group.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/accesspolicygroups/{groupId}/accesspolicies/{policyId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"groupId","in":"path","type":"string","description":"An identifier of the Access Policy Group.\nThis can be either the ID (a UUIDv4), the URI, or the name of Access Policy Group.\n","required":true},{"name":"policyId","in":"path","type":"string","description":"An identifier of the access policy. This can be the ID (a UUIDv4), the URI, or the name of the access policy.","required":true}],"post":{"summary":"Add AccessPolicy","description":"Adds an access policy to the access policy group.","tags":["ProtectFile/AccessPolicyGroups"],"responses":{"200":{"description":"Successful access policy group addition.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"accessPolicyGroupId":{"type":"string","description":"Unique identifier of an access policy group."},"accessPolicyId":{"type":"string","description":"Unique identifier of an access policy."},"type":{"type":"string","description":"Type of the access policy."},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL. Access policy group association will provide additional record for default access.\n"}}}]},"examples":{"application/json":{"id":"4ff9bff0-f2ff-41a0-b657-b08bbc33a0a1","uri":"testapp:bob:mogambo:accesspolicygroupaccesspolicyassociations:4ff9bff0-f2ff-41a0-b657-b08bbc33a0a1","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-05-01T09:57:56.571331793+05:30","accessPolicyGroupId":"0c4b6842-bee4-405c-9a2a-f41dce27f24d","accessPolicyId":"a114b6c4-8261-4bda-87f4-380f6c1ab7e2","type":"user"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Remove AccessPolicy","description":"Deletes an access policy from the access policy group.","tags":["ProtectFile/AccessPolicyGroups"],"responses":{"204":{"description":"No Content | Successful deletion of access policy.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/accesspolicygroups/{groupId}/accesspolicies/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"groupId","in":"path","type":"string","description":"An identifier of the access policy group. This can be the ID (a UUIDv4), the URI, or the name of the access policy group.\n","required":true}],"get":{"summary":"List AccessPolicies","description":"Returns the list of access policies in an access policy group.","tags":["ProtectFile/AccessPolicyGroups"],"parameters":[{"name":"type","in":"query","required":false,"type":"string","description":"Filter the results by type of access policies. Use wildcards to search for client profiles matching the specified pattern in their names."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The result will return one extra policy for default access.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name for the access policy group."},"osType":{"type":"string","description":"Applicable operating system."},"encryptData":{"type":"boolean","description":"Whether the access policy group provides access control only (no encryption). \"false\" for access control only, \"true\" for encryption.\nIf set to \"false\" only access control will be enforced, data will not be encrypted.\n"},"defaultAccess":{"type":"string","description":"Default access permission for the access policy group. This access will be granted if an entity's access request does not match any access policy in the access policy group."}}}]},"examples":{"application/json":{"groupname":"Windows_Database_Admin_Group","osType":"windows","AccessPolicies":[{"id":"d20fb9b6-013e-4183-b1f4-73dfa907bf75","uri":"testapp:bob:mogambo:accesspolicies:d20fb9b6-013e-4183-b1f4-73dfa907bf75","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-29T12:55:36.66755Z","updatedAt":"2018-05-01T04:22:41.034771Z","username":"Administrator","groupname":"","processname":"","type":"user","access":"ReadWrite","name":"AccessPolicy_1"},{"id":"d20fb9b6-013e-4183-b1f4-73dfa907bf75","uri":"testapp:bob:mogambo:accesspolicies:d20fb9b6-013e-4183-b1f4-73dfa907bf75","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-29T12:55:36.66755Z","updatedAt":"2018-05-01T04:22:41.034771Z","username":"Administrator","groupname":"","processname":"C:\\Windows\\System32\\notepad.exe","type":"user AND process","access":"ReadWrite","name":"AccessPolicy_2"},{"id":"","uri":"","account":"","application":"","devAccount":"","createdAt":"0001-01-01T00:00:00Z","updatedAt":"0001-01-01T00:00:00Z","username":"Default","groupname":"","processname":"","type":"Default","access":"NoAccess","name":"AccessPolicy_3"}]}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/shares/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Adds a new network share to the CipherTrust Manager.\nSpecify the following details.\n- Name for the network share.\n- IP address or hostname of the NAS server.\n- Path shared on the NAS server.\n- Type of the network share - SMB or NFS.\n- Encryptor client to encrypt paths on the network share.\n- Whether a network share is automatically mounted.\n- Whether the SMB network share is exposed to clients through DFS Namespaces.\n- DFS alias when DFS is set to true.\n- A username with access to all directories on the SMB network share.\n- Password of the user with access to the SMB share.\n","tags":["ProtectFile/Shares"],"parameters":[{"name":"body","in":"body","description":"Network share parameters","schema":{"type":"object","title":"Create Network Share","required":["name","type","ipHostname","shareName"],"properties":{"name":{"type":"string","description":"User-specified name to display on the CipherTrust Manager to uniquely identify a network share. This field is mandatory."},"ipHostname":{"type":"string","description":"IP address or hostname of the NAS server where NAS path is shared. This field is mandatory."},"shareName":{"type":"string","description":"Path shared on the NAS server. This field is mandatory."},"type":{"type":"string","description":"Type of the network share - SMB or NFS. This field is mandatory."},"encryptorClient":{"type":"string","description":"Name of the client that will encrypt paths on the network share. If an encryptor client is not specified, paths on the network share cannot be encrypted.However, you can modify the network share to specify the encryptor client later."},"username":{"type":"string","description":"(SMB shares) A username with access to all directories on the network share that will be encrypted.The encryptor client will use this username to access directories on the share."},"password":{"type":"string","description":"(SMB shares) Password of the user (username) with access to the SMB share."},"dfs":{"type":"boolean","description":"(Applicable to Windows clients and SMB shares) Whether the network share is exposed to clients through DFS Namespaces. The default value is false."},"dfsAlias":{"type":"string","description":"(Applicable to Windows clients and SMB shares) This field is applicable when DFS is set to true. Names of machines/domains through which the network shares exposed through DFS Namespace are accessed by users/applications. These names can be NetBIOS names or alias names of domains and/or DFS node clients configured on DNS. Aliases could be IP address, FQDN, NetBIOS name, or hostname. Separate aliases by semicolons. Ensure that aliases specified in the DFS Alias field are correct; ProtectFile does not resolve these names."},"autoMount":{"type":"boolean","description":"(Applicable to Linux clients) Whether a network share is automatically mounted through Autofs.The default value is false."}},"example":{"name":"Test_Network_Share","ipHostname":"server01.domain.com","type":"SMB","shareName":"smb_share_1","username":"smb_user1","password":"password","encryptorClient":"Windows_Client_1","dfs":true,"dfsAlias":"win_alias"}}}],"responses":{"201":{"description":"Successful network share creation.","schema":{"type":"object"},"examples":{"application/json":{"id":"c2ae3531-f490-4224-af7c-273d8feb0dc4","uri":"dev-portal:kylo:mogambo:share:testshare8","account":"dev-portal:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T13:19:32.330946801Z","name":"testshare8","updatedAt":"2018-02-24T13:19:32.330946801Z","type":"NFS","ipHostname":"server01.domain.com","username":"admin","password":"admin","shareName":"smb_share_1","encryptorClient\"":"Windows_Client_1","autoMount":false,"dfs":true,"dfsAlias":"alias_1"}}}}},"get":{"summary":"List","description":"Returns a list of network shares added to the CipherTrust Manager.The results can be filtered using the query parameters.\n","tags":["ProtectFile/Shares"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter result by share's name."},{"name":"ipHostname","in":"query","required":false,"type":"string","description":"Filter result by NAS server's IP address or hostname."},{"name":"type","in":"query","required":false,"type":"string","description":"Filter result by share type, SMB or NFS."},{"name":"encryptorClient","in":"query","required":false,"type":"string","description":"Filter result by encryptor client."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"User-specified name to display on the CipherTrust Manager to uniquely identify a network share. This field is mandatory.","type":"string"},"ipHostname":{"description":"IP address or hostname of the NAS server where NAS path is shared. This field is mandatory.","type":"string"},"type":{"description":"Type of the network share - SMB or NFS.This field is mandatory.","type":"string"},"shareName":{"description":"Path shared on the NAS server (identified by `ipHostname`).This field is mandatory.","type":"string"},"encryptorClient":{"description":"Name of the client that will encrypt paths on the network share. If an encryptor client is not specified, paths on the network share cannot be encrypted. However, you can modify the network share to specify the encryptor client later.","type":"string"},"autoMount":{"description":"(Applicable to Linux clients) Whether a network share is automatically mounted through Autofs. The default value is false.","type":"boolean"},"dfs":{"description":"(Applicable to Windows clients and SMB shares) Whether the network share is exposed to clients through DFS Namespaces. The default value is false.","type":"boolean"},"dfsAlias":{"description":"(Applicable to Windows clients and SMB shares) This field is applicable when DFS is set to true. Names of machines/domains through which the network shares exposed through DFS Namespace are accessed by users/applications. These names can be NetBIOS names or alias names of domains and/or DFS node clients configured on DNS. Aliases could be IP address, FQDN, NetBIOS name, or hostname. Separate aliases by semicolons. Ensure that aliases specified in the DFS Alias field are correct; ProtectFile does not resolve these names.","type":"string"},"userName":{"description":"(SMB shares) A username with access to all directories on the network share that will be encrypted. The encryptor client will use this username to access directories on the share.","type":"string"},"password":{"description":"(SMB shares) Password of the user (username) with access to the SMB share.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"c2ae3531-f490-4224-af7c-273d8feb0dc4","uri":"dev-portal:kylo:mogambo:share:testshare8","account":"dev-portal:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T13:19:32.330946801Z","name":"testshare8","updatedAt":"2018-02-24T13:19:32.330946801Z","type":"NFS","ipHostname":"server01.domain.com","username":"admin","password":"admin","shareName":"smb_share_1","encryptorClient\"":"Windows_Client_1","autoMount":false,"dfs":true,"dfsAlias":"alias_1"}]}}}}}},"/v1/protectfile/shares/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a network share.","tags":["ProtectFile/Shares"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"User-specified name to display on the CipherTrust Manager to uniquely identify a network share. This field is mandatory.","type":"string"},"ipHostname":{"description":"IP address or hostname of the NAS server where NAS path is shared. This field is mandatory.","type":"string"},"type":{"description":"Type of the network share - SMB or NFS.This field is mandatory.","type":"string"},"shareName":{"description":"Path shared on the NAS server (identified by `ipHostname`).This field is mandatory.","type":"string"},"encryptorClient":{"description":"Name of the client that will encrypt paths on the network share. If an encryptor client is not specified, paths on the network share cannot be encrypted. However, you can modify the network share to specify the encryptor client later.","type":"string"},"autoMount":{"description":"(Applicable to Linux clients) Whether a network share is automatically mounted through Autofs. The default value is false.","type":"boolean"},"dfs":{"description":"(Applicable to Windows clients and SMB shares) Whether the network share is exposed to clients through DFS Namespaces. The default value is false.","type":"boolean"},"dfsAlias":{"description":"(Applicable to Windows clients and SMB shares) This field is applicable when DFS is set to true. Names of machines/domains through which the network shares exposed through DFS Namespace are accessed by users/applications. These names can be NetBIOS names or alias names of domains and/or DFS node clients configured on DNS. Aliases could be IP address, FQDN, NetBIOS name, or hostname. Separate aliases by semicolons. Ensure that aliases specified in the DFS Alias field are correct; ProtectFile does not resolve these names.","type":"string"},"userName":{"description":"(SMB shares) A username with access to all directories on the network share that will be encrypted. The encryptor client will use this username to access directories on the share.","type":"string"},"password":{"description":"(SMB shares) Password of the user (username) with access to the SMB share.","type":"string"}}}]},"examples":{"application/json":{"id":"c2ae3531-f490-4224-af7c-273d8feb0dc4","uri":"dev-portal:kylo:mogambo:share:testshare8","account":"dev-portal:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T13:19:32.330946801Z","name":"testshare8","updatedAt":"2018-02-24T13:19:32.330946801Z","type":"NFS","ipHostname":"server01.domain.com","username":"admin","password":"admin","shareName":"smb_share_1","encryptorClient\"":"Windows_Client_1","autoMount":false,"dfs":true,"dfsAlias":"alias_1"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Updates the details of a network share on the CipherTrust Manager.","tags":["ProtectFile/Shares"],"parameters":[{"name":"body","in":"body","description":"The network share properties to change. The properties will be merged with the network share resource.\n","schema":{"type":"object","title":"Update Network Share","properties":{"ipHostname":{"type":"string","description":"IP address or hostname of the NAS server where NAS path is shared.This field is mandatory."},"shareName":{"type":"string","description":"Path shared on the NAS server (identified by 'ipHostname'). This field is mandatory."},"encryptorClient":{"type":"string","description":"Name of the client that will encrypt paths on the network share. If an encryptor client is not specified, paths on the network share cannot be encrypted. However, you can modify the network share to specify the encryptor client later."},"username":{"type":"string","description":"(SMB shares) A username with access to all directories on the network share that will be encrypted.The encryptor client will use this username to access directories on the share."},"password":{"type":"string","description":"(SMB shares) Password of the user (username) with access to the SMB share."},"dfs":{"type":"boolean","description":"(Applicable to Windows clients and SMB shares) Whether the network share is exposed to clients through DFS Namespaces. The default value is false."},"dfsAlias":{"type":"string","description":"(Applicable to Windows clients and SMB shares)This field is applicable when DFS is set to true. Names of machines/domains through which the network shares exposed through DFS Namespace are accessed by users/applications. These names can be NetBIOS names or alias names of domains and/or DFS node clients configured on DNS. Aliases could be IP address, FQDN, NetBIOS name, or hostname. Separate aliases by semicolons.Ensure that aliases specified in the DFS Alias field are correct; ProtectFile does not resolve these names."},"autoMount":{"type":"boolean","description":"(Applicable to Linux clients) Whether a network share is automatically mounted through Autofs. The default value is false."}}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"User-specified name to display on the CipherTrust Manager to uniquely identify a network share. This field is mandatory.","type":"string"},"ipHostname":{"description":"IP address or hostname of the NAS server where NAS path is shared. This field is mandatory.","type":"string"},"type":{"description":"Type of the network share - SMB or NFS.This field is mandatory.","type":"string"},"shareName":{"description":"Path shared on the NAS server (identified by `ipHostname`).This field is mandatory.","type":"string"},"encryptorClient":{"description":"Name of the client that will encrypt paths on the network share. If an encryptor client is not specified, paths on the network share cannot be encrypted. However, you can modify the network share to specify the encryptor client later.","type":"string"},"autoMount":{"description":"(Applicable to Linux clients) Whether a network share is automatically mounted through Autofs. The default value is false.","type":"boolean"},"dfs":{"description":"(Applicable to Windows clients and SMB shares) Whether the network share is exposed to clients through DFS Namespaces. The default value is false.","type":"boolean"},"dfsAlias":{"description":"(Applicable to Windows clients and SMB shares) This field is applicable when DFS is set to true. Names of machines/domains through which the network shares exposed through DFS Namespace are accessed by users/applications. These names can be NetBIOS names or alias names of domains and/or DFS node clients configured on DNS. Aliases could be IP address, FQDN, NetBIOS name, or hostname. Separate aliases by semicolons. Ensure that aliases specified in the DFS Alias field are correct; ProtectFile does not resolve these names.","type":"string"},"userName":{"description":"(SMB shares) A username with access to all directories on the network share that will be encrypted. The encryptor client will use this username to access directories on the share.","type":"string"},"password":{"description":"(SMB shares) Password of the user (username) with access to the SMB share.","type":"string"}}}]},"examples":{"application/json":{"id":"c2ae3531-f490-4224-af7c-273d8feb0dc4","uri":"dev-portal:kylo:mogambo:share:testshare8","account":"dev-portal:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T13:19:32.330946801Z","name":"testshare8","updatedAt":"2018-02-24T13:19:32.330946801Z","type":"NFS","ipHostname":"server01.domain.com","username":"admin","password":"admin","shareName":"smb_share_1","encryptorClient\"":"Windows_Client_1","autoMount":false,"dfs":true,"dfsAlias":"alias_1"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a network share from the CipherTrust Manager.\n\n_Note: Deleting a network share will dis-associate all the rules.\nThis is an irreversible event._\n","tags":["ProtectFile/Shares"],"responses":{"204":{"description":"No Content | Successful deletion of network share.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/shares/{shareId}/rules/{ruleId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add Rule","description":"Create a link between network share with id '_shareId_' and rule with id '_ruleId_'.\n","tags":["ProtectFile/Shares"],"parameters":[{"name":"shareId","in":"path","description":"An identifier of the network share. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"Network share-rule link creation parameters.","schema":{"type":"object","title":"Create Share Rule link","required":["accessPolicyGroup"],"properties":{"keyName":{"type":"string","description":"Name of the key to encrypt data. Encryption keys are not needed if 'encryptData' is \"false\"."},"accessPolicyGroup":{"type":"string","description":"Identifier of the access policy group to use for controlling access."}}}}],"responses":{"201":{"description":"Successful rule addition.","schema":{"type":"object"},"examples":{"application/json":{"id":"f5d29707-6572-4ab8-8c14-aff8b7195664","uri":"kylo:kylo:mogambo:client_rule_association:f5d29707-6572-4ab8-8c14-aff8b7195664","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-23T16:19:56.428692275Z","updatedAt":"2018-05-23T16:19:56.428692275Z","parentId":"79a27b89-7e02-4afa-85d2-8ac5d5677f23","ruleID":"db0b7cd9-a27e-4334-bfd9-a3c375b07fde","ruleSeqNumber":0,"ruleOperation":"None","ruleState":"Created","ruleFailed":"No","keyName":"pf-aes-256","oldKeyName":"","keyRotationType":"Shallow","accessPolicyGroup":"DemoGroup","ruleType":"LOCAL","driveGUID":"11111111-1111-1111-1111-111111111111"}}}}},"get":{"summary":"Get Rule","description":"Returns a link between network share with id '_shareId_' and rule with id '_ruleId_'. Other parameters like 'ruleState', 'failedEarlier', and 'driveGuid' are also returned.\n","tags":["ProtectFile/Shares"],"parameters":[{"name":"shareId","in":"path","description":"An identifier of the network share. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"ruleId":"a645e023-2224-4aa5-ba6b-586653051ef1","ruleSeqNumber":0,"path":"/opt/test/1_50","name":"Rule-McASQ3QIKthU/o/MtVdwRyik40na9Prw/uiP","ruleType":"LOCAL","keyName":"testKey_1_50","oldKeyName":"","includeExtensions":"","excludeExtensions":"","isRecursive":true,"ignoreDirectory":"","encryptData":true,"keyRotationType":"Shallow","ruleState":"InProgress","failedRule":"No","ruleOperation":"Encrypt","isDirectory":true,"accessPolicyGroup":"APG1_1","driveGUID":"11111111-1111-1111-1111-111111111111"}}}}},"delete":{"summary":"Remove Rule","description":"Removes a rule from the network share.","tags":["ProtectFile/Shares"],"parameters":[{"name":"shareId","in":"path","description":"An identifier of the network share. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4),the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successful deletion of rule from network share.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/shares/{shareId}/rules/{ruleId}/operation":{"patch":{"summary":"Deploy Rule","description":"Updates operation for rule of a network share for encryption, rekey, and decryption.The access policy group linked to the network share-rule link can also be modified. For rekey/key rotation, `keyName` is the mandatory field.\n","tags":["ProtectFile/Shares"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"shareId","in":"path","description":"An identifier of the network share. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4),the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"ProtectFile rule update parameters.","schema":{"type":"object","title":"Modify Rule operation","properties":{"ruleOperation":{"type":"string","description":"The operation to perform on the rule. The valid values are \"Encrypt\" \"KeyRotate\" and \"Decrypt\".\n"},"keyName":{"type":"string","description":"Name of the key to encrypt data. This option is applicable if 'encryptData' is \"true\"."},"keyRotationType":{"type":"string","description":"Type of the key rotation operation. Not valid if 'encryptData' is true. Valid values are `Shallow` and `Deep`. Default value for key rotation is `shallow`.\n"},"accessPolicyGroup":{"type":"string","description":"Access policy group identifier to change access control on the rule."}},"example":{"ruleOperation":"Encrypt"}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"type":"object"},"examples":{"application/json":{"id":"866856b3-2a53-4d35-bcbc-f848aa120398","uri":"kylo:kylo:mogambo:client_rule_association:866856b3-2a53-4d35-bcbc-f848aa120398","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-24T07:07:05.748731Z","updatedAt":"2018-05-24T14:31:11.264614636Z","parentId":"fb40eecc-9c2a-437b-9f88-b690a14f5a3d","ruleID":"b9a3fa37-6c03-4701-b96f-0f6fd7386844","ruleSeqNumber":0,"ruleOperation":"KeyRotate","ruleState":"InProgress","ruleFailed":"No","keyName":"DemoKey1","oldKeyName":"DemoKey2","keyRotationType":"Shallow","accessPolicyGroup":"DemoAPG","ruleType":"LOCAL","driveGUID":"80c02829-dfd9-4c93-9f25-0b57ef7792ff"}}}}}},"/v1/protectfile/shares/{shareId}/rules/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Show Rules","description":"Returns the list of rules for a network share.\n","tags":["ProtectFile/Shares"],"parameters":[{"name":"shareId","in":"path","description":"An identifier of the network share. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleOperation","in":"query","required":false,"type":"string","description":"Filter result by rule operation."},{"name":"ruleState","in":"query","required":false,"type":"string","description":"Filter result by rule state."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"parentId":{"description":"Unique identifier of the ProtectFile client.","type":"string"},"ruleId":{"description":"Unique identifier of the rule.","type":"string"},"ruleSeqNumber":{"description":"Rule sequence number","type":"integer"},"ruleOperation":{"description":"Operation getting performed on the rule.","type":"string"},"ruleState":{"description":"Current state of the rule.","type":"string"},"ruleFailed":{"description":"Whether the operation on rule has failed.","type":"string"},"keyName":{"description":"Name of the key to encrypt data.","type":"string"},"keyVersion":{"description":"Version of keyName.","type":"integer"},"oldKeyName":{"description":"Name of the old key used for encryption. This key will be replaced by a new key to perform key rotation.","type":"string"},"oldKeyVersion":{"description":"Version of oldKeyName.","type":"integer"},"keyRotationType":{"description":"Type of key rotation - shallow or deep.","type":"string"},"accessPolicyGroup":{"description":"Name of the access policy group.","type":"string"},"ruleType":{"description":"Type of the rule - Local, Network, Cluster.","type":"string"},"driveGUID":{"description":"Drive GUID mapped to path on ProtectFile client.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"ruleId":"a645e023-2224-4aa5-ba6b-586653051ef1","ruleSeqNumber":0,"path":"/opt/test/1_50","name":"Rule-McASQ3QIKthU/o/MtVdwRyik40na9Prw/uiP","ruleType":"LOCAL","keyName":"testKey_1_50","oldKeyName":"","includeExtensions":"","excludeExtensions":"","isRecursive":true,"ignoreDirectory":"","encryptData":true,"keyRotationType":"Shallow","ruleState":"InProgress","failedRule":"No","ruleOperation":"Encrypt","isDirectory":true,"accessPolicyGroup":"APG1_1","driveGUID":"11111111-1111-1111-1111-111111111111"}]}}}}}},"/v1/protectfile/clusters/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Adds a new ProtectFile cluster. Specify the following details.\n- Name for the ProtectFile cluster.\n- Unique Name for windows cluster (if cluster is for window clients)\n- Name of client responsible for migration if cluster is of type linux.\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"body","in":"body","description":"ProtectFile cluster parameters","schema":{"type":"object","title":"Create Cluster","required":["name"],"properties":{"name":{"type":"string","description":"Name of the cluster."},"windowsClusterName":{"type":"string","description":"Unique Name for the Windows cluster. This value should be provided during the creation of Windows cluster.\nThis is not applicable for Linux cluster.\n"},"encryptorClient":{"type":"string","description":"Name of client responsible for migration. This is applicable for Linux cluster."},"clusterOsType":{"type":"string","description":"Operating system type (`windows' or `linux` ) of client cluster. Default value is `windows`."}},"example":{"name":"Cluster1","windowsClusterName":"PF_CLUSTER_TEST.test.com","encryptorClient":"","clusterOsType":"windows"}}}],"responses":{"201":{"description":"Successful ProtectFile cluster creation.","schema":{"type":"object"},"examples":{"application/json":{"id":"c260d8ac-0370-42d6-800c-3d2d30b4c1c0","uri":"kylo:kylo:mogambo:pfcluster:Cluster1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-19T11:01:42.643296689Z","name":"Cluster1","updatedAt":"2018-11-19T11:01:42.643296689Z","windowsClusterName":"PF_CLUSTER_TEST.test.com","encryptorClient":"None","clusterOsType":"windows"}}}}},"get":{"summary":"List","description":"Returns the list of ProtectFile clusters.\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the cluster name."},{"name":"windowsClusterName","in":"query","required":false,"type":"string","description":"Filter result using the windows cluster unique name."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name of ProtectFile Cluster.","type":"string"},"windowsClusterName":{"description":"Unique Name identifying the Windows cluster. This name is attached to service. For linux cluster, this value is empty.","type":"string"},"encryptorClient":{"description":"Name of the client responsible for migration. Valid only for Linux cluster. For Windows, this value is set to 'None'.","type":"string"},"clusterOsType":{"description":"Operating system type (`windows' or `linux`) of attached clients.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"2,","resources":[{"id":"c260d8ac-0370-42d6-800c-3d2d30b4c1c0","uri":"kylo:kylo:mogambo:pfcluster:Cluster1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-19T11:01:42.643296689Z","name":"Cluster1","updatedAt":"2018-11-19T11:01:42.643296689Z","windowsClusterName":"PF_CLUSTER_TEST.test.com","encryptorClient":"None","clusterOsType":"windows"},{"id":"ba754686-0ea9-42c7-8135-e230b0bb030f","uri":"kylo:kylo:mogambo:pfcluster:Cluster2","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-19T11:04:53.491489Z","name":"Cluster2","updatedAt":"2018-11-19T11:04:53.491489Z","windowsClusterName":"","encryptorClient":"C1","clusterOsType":"linux"}]}}}}}},"/v1/protectfile/clusters/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modify cluster parameters.\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"body","in":"body","description":"ProtectFile rule parameters.","schema":{"type":"object","title":"Modify Cluster","properties":{"windowsClusterName":{"type":"string","description":"Unique Name for the Windows cluster. This is the name provided during creation of cluster.\nThis is not applicable for Linux cluster.\n"},"encryptorClient":{"type":"string","description":"Name of client responsible for migration. This is applicable for Linux cluster."}},"example":{"windowsClusterName":"PF_CLUSTER_TEST_3.test.com"}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"type":"object"},"examples":{"application/json":{"id":"c260d8ac-0370-42d6-800c-3d2d30b4c1c0","uri":"kylo:kylo:mogambo:pfcluster:Cluster1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-19T11:01:42.643296689Z","name":"Cluster1","updatedAt":"2018-11-19T11:01:42.643296689Z","windowsClusterName":"PF_CLUSTER_TEST_3.test.com","encryptorClient":"None","clusterOsType":"windows"}}}}},"get":{"summary":"Get","description":"Returns details of a cluster with the given id.\n","tags":["ProtectFile/Clusters"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"c260d8ac-0370-42d6-800c-3d2d30b4c1c0","uri":"kylo:kylo:mogambo:pfcluster:Cluster1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-19T11:01:42.643296689Z","name":"Cluster1","updatedAt":"2018-11-19T11:01:42.643296689Z","windowsClusterName":"PF_CLUSTER_TEST_3.test.com","encryptorClient":"None","clusterOsType":"windows"}}}}},"delete":{"summary":"Delete","description":"Deletes a cluster with a given id if it does not contain any clients.","tags":["ProtectFile/Clusters"],"responses":{"204":{"description":"No Content | Successful deletion of cluster.","schema":{"type":"string"}}}}},"/v1/protectfile/clusters/{clusterId}/clients/{clientId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add Client","description":"Add client to an existing cluster. The client must be bootstrapped. The path parameters clusterId and clientId can\ncontain either ID, URI or name for cluster and client.\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"clusterId","in":"path","description":"An identifier of the ProtectFile cluster. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"clientId","in":"path","description":"An identifier of the client. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"201":{"description":"Successful client addition.","schema":{"type":"object"},"examples":{"application/json":{"id":"cf77ecd3-3a2d-47b1-ab26-dbd3eb63e9b3","uri":"kylo:kylo:mogambo:pfclusterclientassociation:cf77ecd3-3a2d-47b1-ab26-dbd3eb63e9b3","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-18T16:18:35.253599Z","updatedAt":"2018-11-18T16:18:35.253599Z","clusterID":"3ab495bd-16f0-4281-832e-c5a0a46ec8b8","clientID":"ca847d0c-2aea-4dd2-97f6-c096774e75bf","clusterName":"LinuxCluster","clientName":"C1"}}}}},"get":{"summary":"Get Client","description":"Returns a link between cluster and client.\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"clusterId","in":"path","description":"An identifier of the ProtectFile cluster. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"clientId","in":"path","description":"An identifier of the client. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"cf77ecd3-3a2d-47b1-ab26-dbd3eb63e9b3","uri":"kylo:kylo:mogambo:pfclusterclientassociation:cf77ecd3-3a2d-47b1-ab26-dbd3eb63e9b3","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-18T16:18:35.253599Z","updatedAt":"2018-11-18T16:18:35.253599Z","clusterID":"3ab495bd-16f0-4281-832e-c5a0a46ec8b8","clientID":"ca847d0c-2aea-4dd2-97f6-c096774e75bf","clusterName":"LinuxCluster","clientName":"C1"}}}}},"delete":{"summary":"Remove Client","description":"Removes a client from the cluster","tags":["ProtectFile/Clusters"],"parameters":[{"name":"clusterId","in":"path","description":"An identifier of the ProtectFile cluster. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"clientId","in":"path","description":"An identifier of the client. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"OK","schema":{"type":"string"}}}}},"/v1/protectfile/clusters/{clusterId}/clients/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Clients","description":"Returns all link between cluster and associated clients\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"clusterId","in":"path","description":"An identifier of the ProtectFile cluster. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"clientName","in":"query","required":false,"type":"string","description":"Filter result by client name."},{"name":"clientId","in":"query","required":false,"type":"string","description":"Filter result by client ID."}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":[{"id":"cf77ecd3-3a2d-47b1-ab26-dbd3eb63e9b3","uri":"kylo:kylo:mogambo:pfclusterclientassociation:cf77ecd3-3a2d-47b1-ab26-dbd3eb63e9b3","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-18T16:18:35.253599Z","updatedAt":"2018-11-18T16:18:35.253599Z","clusterID":"3ab495bd-16f0-4281-832e-c5a0a46ec8b8","clientID":"ca847d0c-2aea-4dd2-97f6-c096774e75bf","clusterName":"LinuxCluster","clientName":"C1"},{"id":"3486dd2e-26b2-4a70-b6c5-f732479582d2","uri":"kylo:kylo:mogambo:pfclusterclientassociation:3486dd2e-26b2-4a70-b6c5-f732479582d2","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-13T12:20:33.894826Z","updatedAt":"2018-11-13T12:20:33.894826Z","clusterID":"f415a696-bb7c-4d2b-b832-5ff6e03b4ba5","clientID":"ca847d0c-2aea-4dd2-97f6-c096774e75bg","clusterName":"LinuxCluster","clientName":"C2"}]}}}}},"/v1/protectfile/clusters/{clusterId}/rules/{ruleId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add Rule","description":"Create a link between clusters with id '_clusterId_' and rule with id '_ruleId_'.\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"clusterId","in":"path","description":"An identifier of the cluster. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"Cluster-rule link creation parameters.","schema":{"type":"object","title":"Create Cluster Rule link","required":["accessPolicyGroup"],"properties":{"keyName":{"type":"string","description":"Name of the key to encrypt data. Encryption keys are not needed if 'encryptData' is \"false\"."},"accessPolicyGroup":{"type":"string","description":"Identifier of the access policy group to use for controlling access."}}}}],"responses":{"201":{"description":"Successful rule addition.","schema":{"type":"object"},"examples":{"application/json":{"id":"36efcc99-bffb-4bdb-a847-9f9c57744aa6","uri":"kylo:kylo:mogambo:client_rule_association:36efcc99-bffb-4bdb-a847-9f9c57744aa6","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-18T16:53:49.086500602Z","updatedAt":"2018-11-18T16:53:49.086500602Z","parentId":"f415a696-bb7c-4d2b-b832-5ff6e03b4ba5","ruleId":"ddec66dc-574f-4055-ba89-bef964931faa","ruleSeqNumber":"0,","ruleOperation":"None","ruleState":"Created","ruleFailed":"No","keyName":"fe-key1","oldKeyName":"","keyRotationType":"Shallow","accessPolicyGroup":"Default_NoAccess_for_Windows","ruleType":"CLUSTER","driveGUID":"11111111-1111-1111-1111-111111111111"}}}}},"get":{"summary":"Get Rule","description":"Returns a link between cluster with id '_clusterId_' and rule with id '_ruleId_'. Other parameters like 'ruleState', 'failedEarlier', and 'driveGuid' are also returned.\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"clusterId","in":"path","description":"An identifier of the ProtectFile cluster. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"ruleId":"ddec66dc-574f-4055-ba89-bef964931faa","ruleSeqNumber\"":"0,","path":"C:\\Path1","name":"Rule1","ruleType":"CLUSTER","keyName":"fe-key1","oldKeyName":"","includeExtensions":"","excludeExtensions":"","isRecursive":"true,","ignoreDirectory":"","encryptData":"true,","keyRotationType":"Shallow","ruleState":"Created","failedRule":"No","ruleOperation":"None","isDirectory":"true,","accessPolicyGroup":"Default_NoAccess_for_Windows","driveGUID":"11111111-1111-1111-1111-111111111111"}}}}},"delete":{"summary":"Remove Rule","description":"Removes a rule from the cluster.","tags":["ProtectFile/Clusters"],"parameters":[{"name":"clusterId","in":"path","description":"An identifier of the ProtectFile cluster. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4),the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successful deletion of rule from the cluster.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/clusters/{clusterId}/rules/{ruleId}/operation":{"patch":{"summary":"Deploy Rule","description":"Updates operation for rule of a ProtectFile cluster for encryption, rekey, and decryption.The access policy group linked to the cluster-rule link can also be modified. For rekey/key rotation, `keyName` is the mandatory field.\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clusterId","in":"path","description":"An identifier of the ProtectFile cluster. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4),the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"ProtectFile rule update parameters.","schema":{"type":"object","title":"Modify Rule operation","properties":{"ruleOperation":{"type":"string","description":"The operation to perform on the rule. The valid values are \"Encrypt\" \"KeyRotate\" and \"Decrypt\".\n"},"keyName":{"type":"string","description":"Name of the key to encrypt data. This option is applicable if 'encryptData' is \"true\"."},"keyRotationType":{"type":"string","description":"Type of the key rotation operation. Not valid if 'encryptData' is true. Valid values are `Shallow` and `Deep`. Default value for key rotation is `shallow`.\n"},"accessPolicyGroup":{"type":"string","description":"Access policy group identifier to change access control on the rule."}},"example":{"ruleOperation":"Encrypt"}}}],"responses":{"200":{"description":"Successful rule deployment.","schema":{"type":"object"},"examples":{"application/json":{"id":"36efcc99-bffb-4bdb-a847-9f9c57744aa6","uri":"kylo:kylo:mogambo:client_rule_association:36efcc99-bffb-4bdb-a847-9f9c57744aa6","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-18T16:53:49.086501Z","updatedAt":"2018-11-18T17:01:22.913909952Z","parentId":"f415a696-bb7c-4d2b-b832-5ff6e03b4ba5","ruleId":"ddec66dc-574f-4055-ba89-bef964931faa","ruleSeqNumber":"0,","ruleOperation":"Encrypt","ruleState":"InProgress","ruleFailed":"No","keyName":"fe-key1","oldKeyName":"","keyRotationType":"Shallow","accessPolicyGroup":"Default_NoAccess_for_Windows","ruleType":"CLUSTER","driveGUID":"11111111-1111-1111-1111-111111111111"}}}}}},"/v1/protectfile/clusters/{clusterId}/rules/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Show Rules","description":"Returns the list of rules for a ProtectFile cluster.\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"clusterId","in":"path","description":"An identifier of the ProtectFile cluster. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleOperation","in":"query","required":false,"type":"string","description":"Filter result by rule operation."},{"name":"ruleState","in":"query","required":false,"type":"string","description":"Filter result by rule state."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"parentId":{"description":"Unique identifier of the ProtectFile client.","type":"string"},"ruleId":{"description":"Unique identifier of the rule.","type":"string"},"ruleSeqNumber":{"description":"Rule sequence number","type":"integer"},"ruleOperation":{"description":"Operation getting performed on the rule.","type":"string"},"ruleState":{"description":"Current state of the rule.","type":"string"},"ruleFailed":{"description":"Whether the operation on rule has failed.","type":"string"},"keyName":{"description":"Name of the key to encrypt data.","type":"string"},"keyVersion":{"description":"Version of keyName.","type":"integer"},"oldKeyName":{"description":"Name of the old key used for encryption. This key will be replaced by a new key to perform key rotation.","type":"string"},"oldKeyVersion":{"description":"Version of oldKeyName.","type":"integer"},"keyRotationType":{"description":"Type of key rotation - shallow or deep.","type":"string"},"accessPolicyGroup":{"description":"Name of the access policy group.","type":"string"},"ruleType":{"description":"Type of the rule - Local, Network, Cluster.","type":"string"},"driveGUID":{"description":"Drive GUID mapped to path on ProtectFile client.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"ruleId":"ddec66dc-574f-4055-ba89-bef964931faa","ruleSeqNumber":"0,","path":"C:\\Path1","name":"Rule1","ruleType":"CLUSTER","keyName":"fe-key1","oldKeyName":"","includeExtensions":"","excludeExtensions":"","isRecursive":"true,","ignoreDirectory":"","encryptData":"true,","keyRotationType":"Shallow","ruleState":"InProgress","failedRule":"No","ruleOperation":"Encrypt","isDirectory":"true,","accessPolicyGroup":"Default_NoAccess_for_Windows","driveGUID":"11111111-1111-1111-1111-111111111111"}]}}}}}},"/v1/protectapp/profiles":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns the protect app client profiles.","tags":["ProtectApp/Client-Profiles","deprecated"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"nae_iface_name":{"type":"string","description":"Nae interface mapped with profile."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles.\nproperties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"0511a184-4cf9-4bcc-b55b-36d1d39fb4d5","uri":"kylo:kylo:nae:profile:test","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-04-20T08:43:08.068039Z","name":"test","updatedAt":"2021-04-20T08:43:08.068039Z","nae_iface_name":"nae","owner":"ncryptify:gemalto:admin:users:admin","properties":{"csr_cn":"","csr_sn":"","csr_uid":"","csr_city":"","csr_email":"","csr_state":"","csr_country":"","csr_org_name":"","csr_org_unit":"","read_timeout":60000,"cert_user_field":"CN","connection_timeout":10000,"impersonated_users":[],"pcache_cache_expiry":43200,"symmetric_cache_expiry":43200,"verify_ssl_certificate":false,"syslog_server_ip":"","syslog_server_port":514,"syslog_server_protocol":"tcp_ok","syslog_no_of_retries":3,"syslog_retry_interval":1,"syslog_retry_limit":2,"use_persistent_connections":true,"size_of_connection_pool":300,"load_balancing_algorithm":"round-robin","connection_idle_timeout":600000,"connection_retry_interval":600000,"cluster_synchronization_delay":170,"cert_file_location":"","credentials_encrypted":false,"asymmetric_key_cache_enabled":false,"persistent_cache_enabled":false,"persistent_cache_directory":"","persistent_cache_expiry_keys":43200,"persistent_cache_max_size":100,"log_level":"medium","log_file":"","log_rotation":"Daily","log_size_limit":"100k","key_non_exportable_policy":true,"symmetric_cache_enabled":false}}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"post":{"summary":"Create","description":"This route is for exchanging a username and password credential or refresh token for\nan API authentication token (access token), which can be used to make API calls.\nThe username and password or refresh token is passed in the body of the request.\n\nThe response contains the `jwt`, which is the API authentication token (access token),\n`duration`, which is the length of time until the token expires, refresh token\nthat can be used to get a new or additional API authentication token, and the\nclient id of the refresh token.\n","tags":["ProtectApp/Client-Profiles","deprecated"],"parameters":[{"name":"Time","in":"header","description":"Current date and time of the client in UTC. ex) 2006-01-02T15:04:05.000Z","type":"string"},{"name":"body","in":"body","description":"The body of the request should contain the username and password\nof the user acquiring the token and optionally grant type or the refresh token\nwith grant type.\n","schema":{"type":"object","title":"Create Client Profile","properties":{"name":{"type":"string","description":"Client Profile name.\n"},"nae_iface_name":{"type":"string","description":"Nae interface mapped with profile.\n"},"properties":{"type":"object","description":"Properties object will contains all profle properties\nsymmetric_cache_enabled [Symmetric cache expiry time for local cache for protectapp clients]\nsymmetric_cache_expiry [Symmetric cache expiry time for local cache for protectapp clients]\npcache_cache_expiry [Persistent cache expiry time for local cache for protectapp clients]\nverify_ssl_certificate [verification of Key Manager IP address(IPV4 or IPV6)/host name against Subject Common Name (CN) or Subject Alternative Name (DNS or IP) in the certificate for protectapp clients]\nsyslog_server_ip [Syslog Server IP address (IPV4/IPV6) for protectapp clients]\nsyslog_server_port [Syslog Server port to connect on]\nsyslog_server_protocol [Syslog Server protocol]\nsyslog_no_of_retries [No. of times the connection is retried to Syslog Server]\nsyslog_retry_interval [The duration in seconds after which the connection is retried since the last try on Syslog Server]\nsyslog_retry_limit [Maximum number of times the protectapp client can retry for a particular connection]\nuse_persistent_connections [Enable or disable persistent connections on protectapp clients]\nsize_of_connection_pool [The maximum number of connections in the persistent connection pool on protectapp clients]\nload_balancing_algorithm [The algorithm to determine how the protectapp client selects a Key Manager from a load balancing group]\nconnection_idle_timeout [The time a connection is allowed to be idle in the connection pool before it gets closed automatically by the protectapp client]\nconnection_retry_interval [The amount of time to wait before trying to reconnect by a protectapp client to a disabled server]\ncluster_synchronization_delay [The total amount of time to spend trying to make requests on keys go to the same device the key create or latest key modify went to]\ncert_file_location [To describe via which location client certificate authentication will be done i.e via File Path or using Microsoft Certificate Store]\ncredentials_encrypted [To Enable/Disable the obfuscation of the username and password for making connection by the protectapp clients with the Key Manager]\nasymmetric_key_cache_enabled [To enable asymmetric key caching for local cache on protectapp clients]\npersistent_cache_enabled [To enable persistent key caching during local encryption on protectapp clients]\npersistent_cache_directory [The location of the directory which will contain the persistent key caches of protectapp clients]\npersistent_cache_expiry_keys [The expiration interval after which a key is fetched from key manager]\npersistent_cache_max_size [Maximum number of elements in the Persistent Cache on protectapp clients]\nlog_level [The level of logging to determine verbosity of protectapp clients logs]\nlog_file [The location of the log file of protectapp clients]\nlog_rotation [The log rotation to specify how frequently the log file is rotated on protectapp clients]\nlog_size_limit [The maximum log file size on protectapp clients]\nkey_non_exportable_policy [To enable/disable policy for non exportable keys to perform remote cipher operation, applicable only to symmetric cache present on protectapp clients]\nconnection_timeout [Connection timeout value for protectapp clients]\nread_timeout [Read timeout value for protectapp clients]\ncert_user_field [Specifies how the user name is extracted from the client certificate for protectapp client]\ncsr_email [CSR email address parameter for client certificate for protectapp client]\ncsr_sn [CSR surname parameter for client certificate for protectapp client]\ncsr_cn [CSR common name parameter for client certificate for protect app client]\ncsr_org_name [CSR organization name parameter for client certificate for protect app client]\ncsr_org_unit [CSR organizational unit parameter for client certificate for protect app client]\ncsr_city [CSR city name parameter for client certificate for protect app client]\ncsr_state [CSR state name parameter for client certificate ]\ncsr_country [CSR country name parameter for client certificate]\ncsr_uid [CSR UID parameter for client certificate]\nimpersonated_users [List of impersonated users]\n"}},"example":{"name":"profile1","nae_iface_name":"nae","properties":{"symmetric_cache_enabled":false,"verify_ssl_certificate":false,"syslog_server_ip":"","syslog_server_port":514,"syslog_server_protocol":"tcp_ok","syslog_no_of_retries":3,"syslog_retry_interval":1,"syslog_retry_limit":2,"use_persistent_connections":true,"size_of_connection_pool":300,"load_balancing_algorithm":"round-robin","connection_idle_timeout":600000,"connection_retry_interval":600000,"cluster_synchronization_delay":170,"cert_file_location":"","credentials_encrypted":false,"asymmetric_key_cache_enabled":false,"persistent_cache_enabled":false,"persistent_cache_directory":"","persistent_cache_expiry_keys":43200,"persistent_cache_max_size":100,"log_level":"medium","log_file":"","log_rotation":"Daily","log_size_limit":"100k","key_non_exportable_policy":true,"symmetric_cache_expiry":43200,"pcache_cache_expiry":43200,"connection_timeout":60000,"read_timeout":7000,"cert_user_field":"","csr_email":"","csr_sn":"","csr_cn":"","csr_org_name":"","csr_org_unit":"","csr_city":"","csr_state":"","csr_country":"","csr_uid":"","impersonated_users":[]}}}}],"responses":{"201":{"description":"Successful client profile creation.","schema":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"nae_iface_name":{"type":"string","description":"Nae interface mapped with profile."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles.\nproperties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]},"examples":{"application/json":{"success":"profile created successfully"}}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/protectapp/profiles/{name}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","description":"The name of the client profile","required":true,"type":"string"}],"get":{"summary":"Get","description":"Return the configuration details of the given interface.\n","tags":["ProtectApp/Client-Profiles","deprecated"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"nae_iface_name":{"type":"string","description":"Nae interface mapped with profile."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles.\nproperties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]},"examples":{"application/json":{"id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","name":"profile1","nae_iface_name":"nae","properties":{"symmetric_cache_enabled":true,"verify_ssl_certificate":false,"syslog_server_ip":"","syslog_server_port":514,"syslog_server_protocol":"tcp_ok","syslog_no_of_retries":3,"syslog_retry_interval":1,"syslog_retry_limit":2,"use_persistent_connections":true,"size_of_connection_pool":300,"load_balancing_algorithm":"round-robin","connection_idle_timeout":600000,"connection_retry_interval":600000,"cluster_synchronization_delay":170,"cert_file_location":"","credentials_encrypted":false,"asymmetric_key_cache_enabled":false,"persistent_cache_enabled":false,"persistent_cache_directory":"","persistent_cache_expiry_keys":43200,"persistent_cache_max_size":100,"log_level":"medium","log_file":"","log_rotation":"Daily","log_size_limit":"100k","key_non_exportable_policy":true,"symmetric_cache_expiry":43200,"pcache_cache_expiry":43200,"connection_timeout":30000,"read_timeout":7000,"csr_org_name":"Thales","csr_city":"Noida","csr_state":"UP","csr_country":"IN"}}}}}},"delete":{"summary":"Delete","description":"Delete given client profile.\n\nInterfaces with name `web`, `kmip` and `nae` cannot be deleted.\n","tags":["ProtectApp/Client-Profiles","deprecated"],"responses":{"204":{"description":"No Content | Successful deletion of interface."}}}},"/v1/protectapp/clients":{"post":{"summary":"Registers","description":"This route is for exchanging a username and password credential or refresh token for\nan API authentication token (access token), which can be used to make API calls.\nThe username and password or refresh token is passed in the body of the request.\n\nThe response contains the `jwt`, which is the API authentication token (access token),\n`duration`, which is the length of time until the token expires, refresh token\nthat can be used to get a new or additional API authentication token, and the\nclient id of the refresh token.\n","tags":["ProtectApp/Client-Profiles","deprecated"],"parameters":[{"name":"Time","in":"header","description":"Current date and time of the client in UTC. ex) 2006-01-02T15:04:05.000Z","type":"string"},{"name":"body","in":"body","description":"The body of the request should contain the username and password\nof the user acquiring the token and optionally grant type or the refresh token\nwith grant type.\n","schema":{"type":"object","title":"Create Client Profile","required":["name","component_name","reg_token","component_version","host_name"],"properties":{"name":{"type":"string","description":"Client Name.\n"},"component_name":{"type":"string","description":"Component Name.\n"},"reg_token":{"type":"string","description":"registration token.\n"},"component_version":{"type":"string","description":"component version.\n"},"os_version":{"type":"string","description":"Operating System.\n"},"min_java_version":{"type":"string","description":"Minimum Java Version.\n"},"rte_version":{"type":"string","description":"Run Time Enviroment Version.\n"},"host_name":{"type":"string","description":"host name.\n"}},"example":{"name":"ProtectAppJCE","component_name":"ProtectAppJCE","reg_token":"ADW3CDSDCX==","component_version":"8.9","os_version":"Linux","rte_version":"1.8.0_252","min_java_version":"1.7.0","host_name":"10.1.1.1"}}}],"responses":{"201":{"description":"Successful client registration.","schema":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"nae_iface_name":{"type":"string","description":"Nae interface mapped with profile."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles.\nproperties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]},"examples":{"application/json":{"success":"client registration successfully"}}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"get":{"summary":"List","description":"Returns the protect app registered clients.","tags":["ProtectApp/Client-Profiles","deprecated"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"nae_iface_name":{"type":"string","description":"Nae interface mapped with profile."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles.\nproperties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"70cdf611-b903-4e2c-a6a8-5b1dffc2cf52","uri":"","account":"","application":"","devAccount":"","createdAt":"2021-04-20T08:43:40.054235Z","name":"test","updatedAt":"2021-04-20T08:43:40.054235Z","component_name":"ProtectAppJCE","component_version":"1","cert_expiry":"2023-04-19 08:43:39 +0000 UTC","client_host_name":"1","profile_name":"test","client_management_client_id":"c65dc4b9-5298-4b74-bce0-8118706782b8","fingerprint":"7491560B8CE0C7F670380094D47D8DAD018255ECBF2FA6C016AF0E1BB493590E","impersonated_users":[],"os_version":"","rte_version":"","min_java_version":"","certificate":"-----BEGIN CERTIFICATE-----\nMIIEWzCCAkOgAwIBAgIRAInyQ5zwobH2n/OQILYByIwwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTA0MTkwODQzMzlaFw0yMzA0MTkwODQzMzlaMEExLTArBgNVBAMTJDcwY2RmNjEx\nLWI5MDMtNGUyYy1hNmE4LTViMWRmZmMyY2Y1MjEQMA4GCgmSJomT8ixkAQETADCC\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAND5qfkxQV0vdYEN5mXZVi8v\nOIMyxTD4su98CQ/lSf5HDvgRdJtsh5TlrG9JB/U4Z0aFjOBa52sJplu6/lg8BaPR\n3xgCAbLtkfb6hR/JyBkgYtI6KtxpzzRVVkL7qNynGWuxPEmxh0TPfNIqC4Vdxrg0\nHYPq04Y6NLO5HW+GRr0BuPkUnJND+3JfglPXvxJDgwaoKdSiJil+I4qbX9eQ9NWu\n51wTA/cke07eFEyERqN8NBAWHy79txoMRUPFTmYy9Bh1KTuZ/EhHI+U72GE46iqz\ndeOf2SweSJlnv8dFwrUQzACJtW5ZcnrFJ79bbarW9ufKU4dCEtpMx/b3PvOPPokC\nAwEAAaM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAwG\nA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAC3swY0NzoSLUPjY/ZZKEf9e\n62Q3zIZv+5OGYpDKo5XfxeSsXd7D2VY+XjUjaoMqsqNiHAP620nNy52gPD2igEJr\n9iTJ0lkpJVNROcY71i75qz+BSCv48ab8oprwZxPQFaWHbXc+Bq4zUg3kfLdmNvz5\ny43nRojr9RX+j6oH9eyL4K1TB5u3E3lCKHIQ3Z/pt8PFTdU5OLAiD7lvDizZcEBK\nqtD/CwVYcAQp9eD0gCbqLhblMiT2BCUs4/m4gM8HUINcM2yJbt418/M85kp7FX0L\nHUoHH1zZ+jWXpeBnJ2ym9u4RlV6marXwPZOWWQBMOBfG30dyNx4tlKDtOXD4yGZ6\niHg0YosDtq/kblLgXGyjQ2jzL+Xh+/k5zxsaLbjTULejB+Ro+8yqUKKueeVTq9aW\nor5F35OeVaVZiqhrAyzJoLzZ4b06fQZzseHNRs0z48D6NTmWpuVaa0WxE14OsTOI\nwd+3FbGbGd+icYJCBchkIaggV6j9xNaUen520yE4kG0YRQ9hqGQKiTvpGpihtkk5\nqfup8DkPZHOiOiNpTMqbl22mui5JZaxcBxOBB0ZsmAaiN4FovQAG9j8+aNoEHaOx\nqdOkK2s8cdyWtcBeW+K3Kt3QtvKPhJp1dPQYS/Iy4Tulp345NgGB5LoBZ3sBPFUR\nJvjtUT0TO+WFdg9DS2xr\n-----END CERTIFICATE-----\n"}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectapp/clients/{name}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","description":"The name of the regiter client","required":true,"type":"string"}],"get":{"summary":"Get","description":"Return the configuration details of the given interface.\n","tags":["ProtectApp/Client-Profiles","deprecated"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"nae_iface_name":{"type":"string","description":"Nae interface mapped with profile."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles.\nproperties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]},"examples":{"application/json":{"client_id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","name":"test_client","component_name":"b9c41e81-2689-4b2c-bdc0-f0e1f3612214","cert_expiry":"28-08-2017 12:25:00","client_host_name":"10.164.12.56","profile_id":"b9c41e81-2689-4b2c-adc0-f0e1f36122131","client_management_client_id":"rer341e81-2689-4b2c-adc0-f0e1f36122131"}}}}},"delete":{"summary":"Delete","description":"Delete given protectapp client.\n","tags":["ProtectApp/Client-Profiles","deprecated"],"responses":{"204":{"description":"No Content | Successful deletion of interface."}}}},"/v1/transparent-encryption/unenroll/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Unenrolls a client from the CipherTrust Manager.","description":"Unenrolling a CTE client from the CipherTrust Manager means that the CTE Agent can no longer communicate with the CipherTrust Manager. However, some of the Agent properties can still be seen on the CipherTrust Manager.","tags":["CTE/Clients"],"x-permissions":["ReadClientCTE","UnenrollClientCTE","DeleteCSIClientCTE","ReadClientsPoliciesReportCTE","UpdateClientCTE","ReadGuardPointCTE","UpdateGuardPointCTE","ReadLDTGroupCommServiceCTE","DeleteLDTGroupCommServiceClientAssociationCTE","DeleteLDTGroupCommServiceClientAssociationCTE","ReadLDTGroupCommServiceClientAssociationCTE"],"x-resource-type":"Clients","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"Name of the CTE Client to be unenrolled.","schema":{"type":"object","title":"CTE Client unenrollment parameters","required":["name"],"properties":{"name":{"description":"Name of the CTE client to be unenrolled.","type":"string"}},"example":{"name":"10.3.34.100"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"name":{"description":"Name of the unenrolled CTE Client.","type":"string"}}},"examples":{"name":"10.3.34.100"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a CTE client on the CipherTrust Manager. The client need not necessarily have the CTE Agent installed on it.","tags":["CTE/Clients"],"x-permissions":["CreateClientCTE","ReadProfileCTE"],"x-resource-type":"Clients","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE Client creation parameters.","schema":{"type":"object","title":"Create CTE Client","required":["name"],"properties":{"name":{"description":"Name to uniquely identify the client. This name will be visible on the CipherTrust Manager.","type":"string"},"description":{"description":"Description to identify the client.","type":"string"},"password_creation_method":{"description":"Password creation method for the client. Valid values are `MANUAL` and `GENERATE`. The default value is `GENERATE`.","type":"string"},"password":{"description":"Password for the client. Required when `password_creation_method` is `MANUAL`.","type":"string"},"registration_allowed":{"description":"Whether client's registration with the CipherTrust Manager is allowed. The default value is `false`. Set to `true` to allow registration.","type":"boolean"},"communication_enabled":{"description":"Whether communication with the client is enabled. The default value is `false`. Can be set to `true` only if `registration_allowed` is `true`.","type":"boolean"},"client_locked":{"description":"Whether the CTE client is locked. The default value is `false`. Enable this option to lock the configuration of the CTE Agent on the client. Set to `true` to lock the configuration, set to `false` to unlock. Locking the Agent configuration prevents updates to any policies on the client.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"client_type":{"description":"Type of CTE Client. The default value is FS. Valid values are {{FF_CTE_USERSPACE|CTE-U and }}FS.","type":"string"},"profile_identifier":{"description":"Identifier of the Client Profile to be associated with the client. If not provided, the default profile will be linked.","type":"string"}},"example":{"name":"Client_1","description":"Test Client","communication_enabled":false,"client_type":"FS"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`. \n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]},"examples":{"application/json":{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:Client_1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"Client_1","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","client_version":9,"min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":false,"auth_binaries":null,"del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"","auth_binaries_from":"","status_ref":0,"config_ref":0,"capabilities":"LDT,DOCKER,EKP,CBCCS1","enabled_capabilities":"LDT,EKP","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"UNREGISTERED","ldt_status":"","client_errors":"[]","client_warnings":"[]","ldt_group_comm_service_id":"","ldt_group_comm_service_name":"","assigned_with_ldt_group_comm_service":false,"domain_list":"[\"root\"]","account_list":"[\"kylo:kylo:admin:accounts:kylo\"]","enable_domain_sharing":false,"native_domain":"root","os_kernel":"","uor_version":"","profile_id":"63010a60-daf4-4bfd-ad19-216f99b5bf54","profile_name":"DefaultClientProfile","ldt_enabled":false,"metadata":{},"client_type":"FS","client_mfa_enabled":false,"sign_capable":false}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of registered clients. The results can be filtered using the query parameters.\n","tags":["CTE/Clients"],"x-permissions":["ReadClientCTE"],"x-resource-type":"Clients","x-product":"CTE","parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter the results by name of client. Use wildcards to search for clients matching the specified pattern in their names."},{"name":"uri_list","in":"query","required":false,"type":"string","description":"Filter the results by uri. To fetch multiple resources provide comma-delimited list of uri."},{"name":"num_errors","in":"query","required":false,"type":"integer","description":"Filter clients which have number of errors EQUAL to this value."},{"name":"num_gp_errors","in":"query","required":false,"type":"integer","description":"Filter clients which have number of GuardPoint errors EQUAL to this value."},{"name":"num_warnings","in":"query","required":false,"type":"integer","description":"Filter clients which have number of warnings EQUAL to this value."},{"name":"client_health_status","in":"query","required":false,"type":"string","description":"Filter clients by client health status. Valid values are UNREGISTERED, ERROR, WARNING, HEALTHY, EXPUNGED, WAITING FOR CONNECTION, NOT CONNECTED.\nTo filter clients by multiple status provide comma-delimited list of status.\nFor example: HEALTHY,WARNING\n...will filter clients which have HEALTHY or WARNING client health status.\n"},{"name":"os_type","in":"query","required":false,"type":"string","description":"Filter clients by os type of client.Valid values are LINUX, WINDOWS, FREEBSD and AIX."},{"name":"client_version","description":"Filter clients by version of client.","in":"query","required":false,"type":"string"},{"name":"profile_name","in":"query","required":false,"type":"string","description":"Filter clients by profile name."},{"name":"profile_id","in":"query","required":false,"description":"Filter clients by profile identifier.","type":"string"},{"name":"ldt_enabled","description":"Filter clients by ldt_enabled flag.","in":"query","required":false,"type":"boolean"},{"name":"assigned_with_ldt_group_comm_service","description":"Filter clients by assigned_with_ldt_group_comm_service flag.","in":"query","required":false,"type":"boolean"},{"name":"client_type","description":"Filter clients based on client type. Valid values are{{FF_CTE_CSI| CSI,}}{{FF_CTE_USERSPACE| CTE-U and}} FS","in":"query","required":false,"type":"string"},{"name":"node_name","x-feature":"FF_CTE_CSI","description":"Filter CSI clients based on node name.","in":"query","required":false,"type":"string"},{"name":"storage_class_name","x-feature":"FF_CTE_CSI","description":"Filter CSI clients based on storage class name.","in":"query","required":false,"type":"string"},{"name":"namespace_name","x-feature":"FF_CTE_CSI","description":"Filter CSI clients based on namespace name.","in":"query","required":false,"type":"string"},{"name":"client_mfa_enabled","description":"Filter clients based on MFA status - enabled or not.","in":"query","required":false,"type":"boolean"},{"name":"sign_capable","description":"Filter clients based on sign capability","in":"query","required":false,"type":"boolean"},{"name":"protection_mode","description":"Filter clients based on protection mode. Valid values are CTE and RWP.","in":"query","required":false,"type":"string"},{"name":"lgcs_access_only","description":"Filter clients based on lgcs_access_only flag.","in":"query","required":false,"type":"string"},{"name":"native_domain","in":"query","required":false,"type":"string","description":"Filter result based on the native domain, that is, the domain where the resource is created. \nIt will be relevant when some resources are shared across multiple domains.\nUse a comma-separated list to pass names of multiple domains in one go.\n"},{"name":"enable_domain_sharing","description":"Filter resources based on whether cross-domain sharing is enabled.","in":"query","required":false,"type":"boolean"},{"name":"fetch_current_domain_resources_only","description":"Filter resources belonging to the current domain only.","in":"query","required":false,"type":"boolean"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"labels","in":"query","type":"string","description":"Filters results that match label selector expressions. Multiple\nvalues are logically ANDed. \n\nFor example, to select resources that have the label `{\"region\": \"noram\"}` but do not \nhave `{\"team\": \"sales\"}` use `region=noram,team!=sales`.\n\nTo select resources whose labels contain the key called region, use `region`.\n\nTo select resources whose labels do not contain the key called region, use `!region`.\n\nTo select resources in the sales and engineering teams, use `team in (sales,engineering)`.\n\nTo select resources that are not in the sales and engineering teams, or do not have a key called `team`, use `team notin (sales,engineering)`.\n\nTo select resources that are not in the sales and engineering teams, and have a key called `team`, use `team,team notin (sales,engineering)`.\n"},{"name":"dps_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by DPS status of the client."},{"name":"fam_state","in":"query","required":false,"type":"string","description":"Filter the results by FAM state of client. \nValid filters are DISABLED, PENDING_ACTIVE, ACTIVE.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`. \n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:10.164.13.17","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","client_version":9,"min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":100536,"config_ref":78651,"capabilities":"LDT,DOCKER,EKP,CBCCS1,RWP","enabled_capabilities":"LDT,EKP","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":"","client_errors":"[]","client_warnings":"[]","ldt_group_comm_service_id":"","ldt_group_comm_service_name":"","assigned_with_ldt_group_comm_service":false,"metadata":{"ekp_disabled":false,"lgcs_access_only":false},"domain_list":"[\"root\"]","account_list":"[\"kylo:kylo:admin:accounts:kylo\"]","enable_domain_sharing":false,"native_domain":"root","os_kernel":"","uor_version":"","profile_id":"63010a60-daf4-4bfd-ad19-216f99b5bf54","profile_name":"DefaultClientProfile","ldt_enabled":false,"client_type":"FS","client_mfa_enabled":false,"sign_capable":false,"protection_mode":"CTE RWP","dps_enabled":false,"fam_enabled":true,"fam_state":"FAM_DISABLED","cc_enabled":false,"host_name":"sjdev04-rh8-spt-010","labels":null}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}}}}},"/v1/transparent-encryption/clients/delete/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"patch":{"summary":"Delete Clients","description":"Notifies the CipherTrust Manager to delete multiple clients. Both the *del_client* and *force_del_client* options are mutually exclusive.\nUse the *force_del_client* option with caution. If the value is set to true, **It will delete the client entry from CM, without waiting for client's acknowledgement.**\nAlternatively, this api could be exclusively used to clean up the stale clients from the client mgmt. scope. Parameter for that cleanup is mutually exclusive with other parameters in this api.\n","tags":["CTE/Clients"],"x-permissions":["ReadClientCTE","ReadClientsPoliciesReportCTE","DeleteClientCTE"],"x-resource-type":"Clients","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE Bulk client deletion.\n","schema":{"type":"object","title":"Delete CTE Client","properties":{"client_id_list":{"description":"IDs of the clients to be deleted. The IDs could be the name, ID (a UUIDv4), URI, or slug of the clients.","type":"array","items":{"type":"string"}},"del_client":{"description":"Deletes the client from the CipherTrust Manager. Set the value to true.","type":"boolean"},"delete_stale_clients":{"description":"Deletes the stale client from the CipherTrust Manager Client Mgmt scope. It has to be used exclusively from other parameters in this api i.e. either stale clients from client mgmt. will be cleaned up OR delete parameters shall be used to delete CTE clients.","type":"boolean"}},"example":{"client_id_list":["id1","id2"],"del_client":true}}}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"clients":{"description":"List of successfully deleted clients.","type":"array","items":{"type":"object","properties":{"client_id":{"description":"ID of deleted client.","type":"string"},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}},"failed_clients":{"description":"List of clients that failed to delete.","type":"array","items":{"type":"object","properties":{"client_id":{"description":"ID of deleted client.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}}}}]},"examples":{"application/json":{"clients":[{"client_id":"client_1","status_code":200},{"client_id":"client_2","status_code":200}],"failed_clients":[{"client_id":"client_3","error":"record not found","status_code":404}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a client with the given `id`.","tags":["CTE/Clients"],"x-permissions":["ReadClientCTE"],"x-resource-type":"Clients","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`. \n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]},"examples":{"application/json":[{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:10.164.13.17","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","profile_id":"3604b51e-17d7-4d85-abc5-a414114955f1","profile_name":"testProfile","description":"","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","client_version":"6.3.0.88","min_comm_version":1,"max_comm_version":1,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":1582016251095,"config_ref":1582016258471,"capabilities":"LDT,DOCKER,EKP,CBCCS1,RWP","enabled_capabilities":"LDT,EKP","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":"","client_errors":"[]","client_warnings":"[]","ldt_group_comm_service_id":"","ldt_group_comm_service_name":"","assigned_with_ldt_group_comm_service":false,"metadata":{"ekp_disabled":false,"lgcs_access_only":false},"domain_list":"[\"root\"]","account_list":"[\"kylo:kylo:admin:accounts:kylo\"]","enable_domain_sharing":false,"native_domain":"root","os_kernel":"","uor_version":"","ldt_enabled":false,"client_type":"FS","client_mfa_enabled":false,"sign_capable":false,"protection_mode":"RWP","dps_enabled":false,"fam_enabled":true,"fam_state":"FAM_DISABLED","cc_enabled":false,"host_name":"sjdev04-rh8-spt-010","labels":null}]}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"patch":{"summary":"Update","description":"Updates the details of a client.","tags":["CTE/Clients"],"x-permissions":["ReadClientCTE","UpdateClientCTE","ReadProfileCTE","ReadGuardPointCTE","ReadClientGroupClientAssociationCTE","ReadClientGroupCTE","ReadPolicyCTE","CreateGuardPointCTE","ReadKernelVersionCTE"],"x-resource-type":"Clients","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE Client parameters to be modified.\n","schema":{"type":"object","title":"Update CTE Client","properties":{"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether the CTE client is locked. The default value is `false`. Enable this option to lock the configuration of the CTE Agent on the client. Set to `true` to lock the configuration, set to `false` to unlock. Locking the Agent configuration prevents updates to any policies on the client.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"communication_enabled":{"description":"Whether communication with the client is enabled. The default value is `false`. Can be set to `true` only if `registration_allowed` is `true`.","type":"boolean"},"registration_allowed":{"description":"Whether client's registration with the CipherTrust Manager is allowed. Applicable to the clients manually created on the CipherTrust Manager. The default value is `false`. Set to `true` to allow registration.","type":"boolean"},"password":{"description":"This field is **deprecated** from update client endpoint, use '/clients/{id}/password' endpoint instead to update the password.","type":"string"},"password_creation_method":{"description":"This field is **deprecated** from update client endpoint, use '/clients/{id}/password` endpoint instead to update the password creation method.","type":"string"},"del_client":{"description":"Whether to mark the client for deletion from the CipherTrust Manager. The default value is false.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"enabled_capabilities":{"description":"Client capabilities to be enabled. Separate values with comma. Valid values are:\n -\tLDT - Live Data Transformation\n -\tEKP - Encryption Key Protection\n","type":"string"},"disable_capability":{"description":"Client capability to be disabled.\nOnly EKP - Encryption Key Protection can be disabled.\n","type":"string"},"profile_id":{"description":"ID of the profile that contains logger, logging, and QOS configuration.","type":"string"},"shared_domain_list":{"x-feature":"FF_CTE_DOMAIN_SHARING","description":"List of domains in which the client needs to be shared.","type":"array","items":{"type":"string"}},"enable_domain_sharing":{"x-feature":"FF_CTE_DOMAIN_SHARING","description":"Whether domain sharing is enabled for the client.","type":"boolean"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the client.","type":"boolean"},"dynamic_parameters":{"description":"Array of parameters to be updated after the client is registered. Specify the parameters in the name-value pair JSON format strings. Make sure to specify all the parameters even if you want to update one or more parameters.\n\nFor example, if there are two parameters in the CTE client list and you want to update the value of \"param1\", then specify the correct value (one from the \"allowed_values\") in the \"current_value\" field, and keep the remaining parameters intact.\n\n**Example of dynamic parameters:**\n\n\"dynamic_parameters\": \"[{\\\"name\\\":\\\"param1\\\",\\\"type\\\":\\\"SingleSelectString\\\",\n\\\"description\\\":\\\"Enable or disable param1 capability for CTE binaries.\\\",\n\\\"allowed_values\\\":\\\"enabled^disabled\\\",\n\\\"default_value\\\":\\\"disabled\\\",\n\\\"current_value\\\":\\\"enabled\\\"},{\\\"name\\\":\\\"param2\\\",\n\\\"type\\\":\\\"MultiSelectString\\\",\\\"description\\\":\\\"param2 that takes multiple strings as value\\\",\n\\\"allowed_values\\\":\\\"Option1^Option2^Option3^Option4\\\",\n\\\"default_value\\\":\\\"Option1^Option2^Option3\\\",\n\\\"current_value\\\":\\\"Option1^Option2^Option3\\\"}]\"\n","type":"string"},"lgcs_access_only":{"description":"Whether the client can be added to an LDT communication group. If lgcs_access_only is set to false, the client can be added to an LDT communication group. Only available on Windows clients.","type":"boolean"},"protection_mode":{"description":"Update protection mode for windows client. This change is irreversible. The valid value is \"CTE RWP\".","type":"string"},"labels":{"x-feature":"FF_CTE_FAM","type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Labels are key/value pairs used to group resources.\nThey are based on Kubernetes Labels, see \nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/. \n\nWhen labels are provided they are merged with the resource's existing labels.\n\nTo remove a label, set the label's value to `null`.\n```\n \"labels\": {\n \"critical\": null\n }\n```\n\nTo remove all labels, set `labels` to `null`.\n```\n \"labels\": null\n```\n"}},"example":{"client_locked":true,"system_locked":false,"communication_enabled":true}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`. \n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]},"examples":{"application/json":[{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:10.164.13.17","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","client_version":"6.3.0.88","min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":1582016251095,"config_ref":1582016258471,"capabilities":"LDT,DOCKER,EKP,CBCCS1,RWP","enabled_capabilities":"LDT,EKP","profile_id":"3604b51e-17d7-4d85-abc5-a414114955f1","profile_name":"testProfile","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":"","client_errors":"[]","client_warnings":"[]","ldt_group_comm_service_id":"","ldt_group_comm_service_name":"","assigned_with_ldt_group_comm_service":false,"metadata":{"ekp_disabled":false,"lgcs_access_only":false},"domain_list":"[\"root\"]","account_list":"[\"kylo:kylo:admin:accounts:kylo\"]","enable_domain_sharing":false,"native_domain":"root","os_kernel":"","uor_version":"","ldt_enabled":false,"client_type":"FS","client_mfa_enabled":false,"sign_capable":false,"protection_mode":"CTE RWP","dynamic_parameters":"[{\"name\":\"param1\",\"type\":\"SingleSelectString\",\"description\":\"Enable or disable param1 capability for CTE binaries.\",\"allowed_values\":\"enabled^disabled\",\"default_value\":\"disabled\",\"current_value\":\"enabled\"},{\"name\":\"param2\",\"type\":\"MultiSelectString\",\"description\":\"param2 that takes multiple strings as value\",\"allowed_values\":\"Option1^Option2^Option3^Option4\",\"default_value\":\"Option1^Option2^Option3\",\"current_value\":\"Option1^Option2^Option3\"}]"}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/password":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update Client Password","description":"Updates password of a client.","tags":["CTE/Clients"],"x-permissions":["ReadClientPasswordCTE","UpdateClientPasswordCTE"],"x-resource-type":"Clients","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE Client password parameters to be modified.\n","schema":{"type":"object","title":"Update CTE Client","properties":{"password":{"description":"Password for the client if password_creation_method is manual. Agents use this password to encrypt the data encryption key (DEK).\nThe password MUST be minimum 8 characters and MUST contain one alphabet, one number, and one of the !@#$%^&*(){}[] special characters.\n\n- A CTE agent encrypts the DEK when it passes between the client and the CipherTrust Manager.\n- A VDE agent encrypts the DEK saved on the disk.\nThis password is used for the challenge and response to unlock the agent when the client and the CipherTrust Manager are unreachable\n","type":"string"},"password_creation_method":{"description":"Method to create password for the client, GENERATE or MANUAL. The default method is GENERATE.\n\nGENERATE – Client user must request a new password from a CipherTrust Manager administrator each time a client password is required.\nWhen GENERATE is specified, the Regenerate Password option is displayed on the GUI. Use this option to generate a new random\npassword and download it to the client. This new password is used to wrap the DEK.\nMANUAL – Specify password for unlocking a GuardPoint when the CipherTrust Manager is unreachable. The Password and Confirm Password options are\ndisplayed on the GUI to re-enter the password.\n","type":"string"}},"example":{"password_creation_method":"MANUAL","password":"Hello12@"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`. \n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]},"examples":{"application/json":[{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:10.164.13.17","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","client_version":"6.3.0.88","min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":1582016251095,"config_ref":1582016258471,"capabilities":"LDT,DOCKER,EKP,CBCCS1,RWP","enabled_capabilities":"LDT,EKP","profile_id":"3604b51e-17d7-4d85-abc5-a414114955f1","profile_name":"testProfile","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":"","client_errors":"[]","client_warnings":"[]","ldt_group_comm_service_id":"","ldt_group_comm_service_name":"","assigned_with_ldt_group_comm_service":false,"metadata":{"ekp_disabled":false,"lgcs_access_only":false},"domain_list":"[\"root\"]","account_list":"[\"kylo:kylo:admin:accounts:kylo\"]","enable_domain_sharing":false,"native_domain":"root","os_kernel":"","uor_version":"","ldt_enabled":false,"client_type":"FS","client_mfa_enabled":false,"sign_capable":false,"protection_mode":"CTE RWP","dynamic_parameters":"[{\"name\":\"param1\",\"type\":\"SingleSelectString\",\"description\":\"Enable or disable param1 capability for CTE binaries.\",\"allowed_values\":\"enabled^disabled\",\"default_value\":\"disabled\",\"current_value\":\"enabled\"},{\"name\":\"param2\",\"type\":\"MultiSelectString\",\"description\":\"param2 that takes multiple strings as value\",\"allowed_values\":\"Option1^Option2^Option3^Option4\",\"default_value\":\"Option1^Option2^Option3\",\"current_value\":\"Option1^Option2^Option3\"}]"}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/delete":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Delete Client","description":"Notifies the CipherTrust Manager to delete a client. Both the *del_client* and *force_del_client* options are mutually exclusive.\nUse the *force_del_client* option with caution. If the value is set to true, **It will delete the client entry from CM, without waiting for client's acknowledgement.**\n","tags":["CTE/Clients"],"x-permissions":["ReadClientCTE","ReadClientsPoliciesReportCTE","DeleteClientCTE","UpdateClientCTE","ReadClientGroupCTE","ReadClientGroupClientAssociationCTE","DeleteClientGroupClientAssociationCTE","UpdateGuardPointCTE","ReadGuardPointCTE","DeleteGuardPointCTE"],"x-resource-type":"Clients","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE Client parameters to be modified.\n","schema":{"type":"object","title":"Delete CTE Client","properties":{"del_client":{"description":"Deletes the client from the CipherTrust Manager. Set the value to true.","type":"boolean"}},"example":{"del_client":true}}}],"responses":{"200":{"description":"OK","examples":{"message":"Request for delete CTE client: client_1 submitted successfully."}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/auth-binaries":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update Client Authentication Binaries","description":"Updates authentication binaries for a client.","tags":["CTE/Clients"],"x-permissions":["ReadClientCTE","UpdateClientCTE","ReadClientGroupCTE","ReadClientGroupClientAssociationCTE","ReadSignatureSetCTE"],"x-resource-type":"Clients","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"Client Authentication Binaries parameters to be modified.\n","schema":{"type":"object","title":"Update client settings for a CTE Client.","properties":{"re_sign":{"description":"Whether to re-sign the client settings.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.\nSignature set can be provided in +sig= format.\nFor example:\n{\n \\\"privilege\\\": \\\"authenticator+sig=TestSignSet\\\",\n \\\"filename\\\": \\\"/usr/sbin/tsm\\\"\n}\n","type":"string"},"client_auth_binaries_from":{"description":"ID of the ClientGroup from which client settings will be inherited.","type":"string"}},"example":{"re_sign":true,"auth_binaries":"[ { \"privilege\": \"authenticator\", \"filename\": \"/usr/sbin/tsm\" }, { \"privilege\": \"authenticator\", \"filename\": \"/usr/sbin/sshd\" }, { \"privilege\": \"authenticator\", \"filename\": \"/usr/dt/bin/dtlogin\" }, { \"privilege\": \"authenticator_euid\", \"filename\": \"/usr/sbin/ftpd\" } ]\n"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`. \n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]},"examples":{"application/json":[{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:10.164.13.17","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","client_version":9,"min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":"[ { \"privilege\": \"authenticator\", \"filename\": \"/usr/sbin/tsm\" }, { \"privilege\": \"authenticator\", \"filename\": \"/usr/sbin/sshd\" }, { \"privilege\": \"authenticator\", \"filename\": \"/usr/dt/bin/dtlogin\" }, { \"privilege\": \"authenticator_euid\", \"filename\": \"/usr/sbin/ftpd\" } ]\n","del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":100536,"config_ref":78651,"capabilities":"LDT,DOCKER,EKP,CBCCS1","enabled_capabilities":"LDT,EKP","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":"","client_errors":"[]","client_warnings":"[]","ldt_group_comm_service_id":"","ldt_group_comm_service_name":"","assigned_with_ldt_group_com_service":false,"domain_list":"[\"root\"]","account_list":"[\"kylo:kylo:admin:accounts:kylo\"]","enable_domain_sharing":false,"native_domain":"root","os_kernel":"","uor_version":"","profile_id":"63010a60-daf4-4bfd-ad19-216f99b5bf54","profile_name":"DefaultClientProfile","ldt_enabled":false,"metadata":{},"client_type":"FS","client_mfa_enabled":false,"sign_capable":false}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/clientgroups":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get ClientGroups for Client","description":"Returns the list of ClientGroups a client is linked to.","tags":["CTE/Clients"],"x-permissions":["ReadClientCTE","ReadClientGroupClientAssociationCTE","ReadClientGroupCTE"],"x-resource-type":"Clients","x-product":"CTE","parameters":[{"name":"client_group_name","in":"query","required":false,"type":"string","description":"Filter the results by name of clientgroup."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"cluster_type":{"description":"Cluster Type (NON-CLUSTER).","type":"string"},"description":{"description":"Descriptive string for ClientGroup","type":"string"},"client_locked":{"description":"Is FS Agent locked ?","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.\nWhen enabled, patches to the operating system of the client will fail due to the protection of these files.\n","type":"boolean"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Currently only `RESIGN` for re-signing client settings is available.","type":"string"},"enabled_capabilities":{"description":"Comma-separated agent capabilities that are enabled. Currently, only RESIGN can be enabled for re-signing client settings.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]}}}}]}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/resetpassword":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"ResetPassword","description":"Generates a new password for the client.","tags":["CTE/Clients"],"x-permissions":["ReadClientCTE","UpdateClientCTE"],"x-resource-type":"Clients","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`. \n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]},"examples":{"application/json":[{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:10.164.13.17","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","client_version":9,"min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":true,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":100536,"config_ref":78651,"capabilities":"LDT,DOCKER,EKP,CBCCS1","enabled_capabilities":"LDT,EKP","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":"","client_errors":"[]","client_warnings":"[]","ldt_group_comm_service_id":"","ldt_group_comm_service_name":"","assigned_with_ldt_group_comm_service":false,"domain_list":"[\"root\"]","account_list":"[\"kylo:kylo:admin:accounts:kylo\"]","enable_domain_sharing":false,"native_domain":"root","os_kernel":"","uor_version":"","profile_id":"63010a60-daf4-4bfd-ad19-216f99b5bf54","profile_name":"DefaultClientProfile","ldt_enabled":false,"metadata":{},"client_type":"FS","client_mfa_enabled":false,"sign_capable":false}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/get-agentinfo":{"x-feature":"FF_CTE_AGENT_INFO","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Collect AgentInfo","description":"Informs the CTE client to collect the Agent information and send it back to the CipherTrust Manager.","tags":["CTE/Clients"],"x-permissions":["ReadClientCTE"],"x-resource-type":"Clients","x-product":"CTE","responses":{"202":{"description":"Accepted"},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/download-agentinfo":{"x-feature":"FF_CTE_AGENT_INFO","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Download AgentInfo","description":"Downloads the Agent information from the CipherTrust Manager. After download, the Agent information is removed from the CipherTrust Manager. In a CipherTrust Manager cluster, the information will be downloaded from the node where the Agent information is requested.","tags":["CTE/Clients"],"x-permissions":["ReadClientCTE"],"x-resource-type":"Clients","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"type":"file"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/check-agentinfo":{"x-feature":"FF_CTE_AGENT_INFO","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Check AgentInfo","description":"Checks if the Agent information is available on the CipherTrust Manager. If available shows the file name and other details.","tags":["CTE/Clients"],"x-permissions":["ReadClientCTE"],"x-resource-type":"Clients","x-product":"CTE","responses":{"200":{"description":"OK","examples":{"clientID":"840688a3-1882-4bd8-9117-c260a030bca7","fileName":"ai_840688a3-1882-4bd8-9117-c260a030bca7_2022-11-16_11:39:53.tgz","message":"Available"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/clear-agentinfo":{"x-feature":"FF_CTE_AGENT_INFO","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Clears AgentInfo","description":"Removes all the files containing the Agent information from the CipherTrust Manager.","tags":["CTE/Clients"],"x-permissions":["ReadClientCTE"],"x-resource-type":"Clients","x-product":"CTE","responses":{"200":{"description":"OK"},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/enable-unique-to-client":{"x-feature":"FF_CTE_UNIQUE_TO_CLIENT_SALT_FIX","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Enable Unique to Client","description":"Enables unique to client support.\n","tags":["CTE/Clients"],"x-permissions":["ReadClientCTE","UpdateClientCTE"],"x-resource-type":"Clients","x-product":"CTE","responses":{"200":{"description":"OK"},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/query-capabilities":{"x-feature":"FF_CTE_QUERY_CLIENT_CAPABILITY","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get latest client capabilities","description":"Request from CipherTrust Manager to fetch the latest client capabilities from all the active clients present in the domain.","tags":["CTE/Clients"],"x-permissions":["ReadClientCTE","UpdateClientCTE"],"x-resource-type":"Clients","x-product":"CTE","responses":{"202":{"description":"OK"},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"429":{"description":"TooManyRequests","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/query-status-update":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Query status update","description":"Explicitly ask the agent to update the complete status.","tags":["CTE/Clients"],"x-permissions":["ReadClientCTE","UpdateClientCTE"],"x-resource-type":"Clients","x-product":"CTE","responses":{"202":{"description":"Accepted"},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Adds a new signature set to the CipherTrust Manager.","tags":["CTE/SignatureSets"],"x-permissions":["CreateSignatureSetCTE"],"x-resource-type":"SignatureSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE Signature set creation parameters.","schema":{"type":"object","title":"Create Signature set","required":["name"],"properties":{"name":{"description":"Name of the signature set.","type":"string"},"type":{"description":"Type of the signature set. The valid values are Application{{FF_CTE_CSI| and Container-Image}}. The default value is `Application`.","type":"string"},"description":{"description":"Description of the signature set.","type":"string"},"source_list":{"description":"Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.","type":"array","items":{"type":"string"}},"labels":{"x-feature":"FF_CTE_FAM","type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Labels are key/value pairs used to group resources.\nThey are based on Kubernetes Labels, see \nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/. \n\nTo add a label, set the label's value as follows.\n```\n \"labels\": {\n \"key1\": \"value1\",\n \"key2\": \"value2\"\n }\n```\n"}},"example":{"name":"TestSignSet","type":"Application","source_list":["/usr/bin","/usr/sbin"]}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the signature set.","type":"string"},"type":{"description":"Type of the signature set.","type":"string"},"source_list":{"description":"Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.","type":"array","items":{"type":"string"}}}}]},"examples":{"application/json":{"id":"d94ef496-5e43-4424-a6e7-f4213c108415","uri":"kylo:kylo:henry:signatureset:TestSignSet","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-02-24T11:15:58.103355313Z","updatedAt":"2019-02-24T11:15:58.103355313Z","name":"TestSignSet","type":"Application","description":"","reference_version":0,"source_list":["/usr/bin/","/usr/sbin/"],"signing_status":"UNSIGNED","percentage_complete":0,"updated_by":"","docker_img_id":"","docker_cont_id":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of signature sets added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/SignatureSets"],"x-permissions":["ReadSignatureSetCTE"],"x-resource-type":"SignatureSet","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the name of signatureset."},{"name":"signing_status","in":"query","required":false,"type":"string","description":"Filter result using signing_status. Valid values are Finished, FinishedWithWarning, InProgress, Aborted, and UNSIGNED."},{"name":"source_list","in":"query","required":false,"type":"string","description":"Filter result using the source_list like \"/usr/bin;/usr/sbin\"."},{"name":"type","in":"query","required":false,"type":"string","description":"Filter result using the type of signature set. Valid values are Application{{FF_CTE_CSI| and Container-Image}}."},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"labels","in":"query","type":"string","description":"Filters results that match label selector expressions. Multiple\nvalues are logically ANDed. \n\nFor example, to select resources that have the label `{\"region\": \"noram\"}` but do not \nhave `{\"team\": \"sales\"}` use `region=noram,team!=sales`.\n\nTo select resources whose labels contain the key called region, use `region`.\n\nTo select resources whose labels do not contain the key called region, use `!region`.\n\nTo select resources in the sales and engineering teams, use `team in (sales,engineering)`.\n\nTo select resources that are not in the sales and engineering teams, or do not have a key called `team`, use `team notin (sales,engineering)`.\n\nTo select resources that are not in the sales and engineering teams, and have a key called `team`, use `team,team notin (sales,engineering)`.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the signature set.","type":"string"},"type":{"description":"Type of the signature set.","type":"string"},"source_list":{"description":"Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.","type":"array","items":{"type":"string"}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"d94ef496-5e43-4424-a6e7-f4213c108415","uri":"kylo:kylo:henry:signatureset:TestSignSet","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-02-24T11:15:58.103355313Z","updatedAt":"2019-02-24T11:15:58.103355313Z","name":"TestSignSet","type":"Application","description":"","reference_version":0,"source_list":["/usr/bin/","/usr/sbin/"],"signing_status":"UNSIGNED","percentage_complete":0,"updated_by":"","docker_img_id":"","docker_cont_id":""}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{id}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modifies the signature set parameters. The parameters to be modified are placed in the body parameters.\n","tags":["CTE/SignatureSets"],"x-permissions":["UpdatePolicyElementsCTE","ReadSignatureSetCTE","UpdateSignatureSetCTE","ReadSignatureRuleCTE","ReadClientAndResourceMappingReadCTE","ReadPolicyCTE","ReadUserSetCTE","ReadProcessSetCTE","ReadResourceSetCTE","UpdatePolicyCTE","ReadClientCTE","ReadProcessSetSignatureSetAssociationCTE"],"x-resource-type":"SignatureSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE signatureset parameters.","schema":{"type":"object","title":"Modify Signature Set.","properties":{"description":{"description":"Description of the signature set.","type":"string"},"source_list":{"description":"Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.","type":"array","items":{"type":"string"}},"labels":{"x-feature":"FF_CTE_FAM","type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Labels are key/value pairs used to group resources.\nThey are based on Kubernetes Labels, see \nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/. \n\nWhen labels are provided they are merged with the resource's existing labels.\n\nTo remove a label, set the label's value to `null`.\n```\n \"labels\": {\n \"critical\": null\n }\n```\n\nTo remove all labels, set `labels` to `null`.\n```\n \"labels\": null\n```\n"}},"example":{"source_list":["/usr/bin"]}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the signature set.","type":"string"},"type":{"description":"Type of the signature set.","type":"string"},"source_list":{"description":"Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.","type":"array","items":{"type":"string"}}}}]},"examples":{"application/json":{"id":"d94ef496-5e43-4424-a6e7-f4213c108415","uri":"kylo:kylo:henry:signatureset:TestSignSet","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-02-24T11:15:58.103355313Z","updatedAt":"2019-02-24T11:15:58.103355313Z","name":"TestSignSet","type":"Application","description":"","reference_version":0,"source_list":["/usr/bin/","/usr/sbin/"],"signing_status":"UNSIGNED","percentage_complete":0,"updated_by":"","docker_img_id":"","docker_cont_id":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a signature set with the given id.\n","tags":["CTE/SignatureSets"],"x-permissions":["ReadSignatureSetCTE"],"x-resource-type":"SignatureSet","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the signature set.","type":"string"},"type":{"description":"Type of the signature set.","type":"string"},"source_list":{"description":"Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.","type":"array","items":{"type":"string"}}}}]},"examples":{"application/json":{"id":"d94ef496-5e43-4424-a6e7-f4213c108415","uri":"kylo:kylo:henry:signatureset:TestSignSet","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-02-24T11:15:58.103355313Z","updatedAt":"2019-02-24T11:15:58.103355313Z","name":"TestSignSet","type":"Application","description":"","reference_version":0,"source_list":["/usr/bin/","/usr/sbin/"],"signing_status":"FINISHED","percentage_complete":0,"updated_by":"","docker_img_id":"","docker_cont_id":""}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a signature set with the given id. Signature sets being used by clients cannot be deleted.","tags":["CTE/SignatureSets"],"x-permissions":["ReadSignatureSetCTE","ReadClientCTE","ReadClientGroupCTE","DeletePolicyElementsCTE","DeleteSignatureSetCTE"],"x-resource-type":"SignatureSet","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{signatureSetId}/delete-sources/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"signatureSetId","in":"path","type":"string","description":"An identifier of the signature set.\nThis can be the ID (a UUIDv4), URI, or name of signature set.\n","required":true}],"patch":{"summary":"Update","description":"Delete sources from the signature set.\n","tags":["CTE/SignatureSets"],"x-permissions":["ReadSignatureSetCTE","UpdatePolicyElementsCTE","UpdateSignatureSetCTE","ReadSignatureRuleCTE","ReadClientAndResourceMappingReadCTE","ReadPolicyCTE","ReadUserSetCTE","ReadProcessSetCTE","ReadResourceSetCTE","UpdatePolicyCTE","ReadClientCTE","ReadProcessSetSignatureSetAssociationCTE"],"x-resource-type":"SignatureSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE signatureset parameters.","schema":{"type":"object","title":"Delete sources from Signature Set.","required":["source_list"],"properties":{"source_list":{"description":"Path of the directory or file to be signed.","type":"array","items":{"type":"string"}}},"example":{"source_list":["/usr/sbin"]}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the signature set.","type":"string"},"type":{"description":"Type of the signature set.","type":"string"},"source_list":{"description":"Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.","type":"array","items":{"type":"string"}}}}]},"examples":{"application/json":{"id":"d94ef496-5e43-4424-a6e7-f4213c108415","uri":"kylo:kylo:henry:signatureset:TestSignSet","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-02-24T11:15:58.103355313Z","updatedAt":"2019-02-24T11:15:58.103355313Z","name":"TestSignSet","type":"Application","description":"","reference_version":0,"source_list":["/usr/bin/","/usr/sbin/"],"signing_status":"UNSIGNED","percentage_complete":0,"updated_by":"","docker_img_id":"","docker_cont_id":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{signatureSetId}/signatures/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"signatureSetId","in":"path","type":"string","description":"An identifier of the signature set.\nThis can be the ID (a UUIDv4), URI, or name of signature set.\n","required":true}],"get":{"summary":"List","description":"Returns the list of signatures added to a signature set with the given id. The results can be filtered using the query parameters.\n","tags":["CTE/SignatureSets"],"x-permissions":["ReadSignatureSetCTE","ReadSignatureCTE"],"x-resource-type":"SignatureSet","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"hash_value","in":"query","required":false,"type":"string","description":"Filter result using hash_value of signature."},{"name":"file_name","in":"query","required":false,"type":"string","description":"Filter result using file_name of signature."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"signatureSet":{"description":"Signature set which owns the signatures.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"b385b959-e96f-4b0e-93dd-debfae1d1c1b","uri":"kylo:kylo:henry:signature:b385b959-e96f-4b0e-93dd-debfae1d1c1b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-02T09:38:13.836493Z","updatedAt":"2019-07-02T09:38:13.836493Z","file_name":"/usr/sbin/xfsrestore","hash_value":"5160748D0C2938D24EEA3F6F042DCF984F42A80625EDB75FB600EAF89D970891","digest":"SHA-256","signature_set_id":"TestSignSet"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{signatureSetId}/addsignatures/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"signatureSetId","in":"path","type":"string","description":"An identifier of the signature set.\nThis can be the ID (a UUIDv4), URI, or name of the signature set.\n","required":true}],"patch":{"summary":"Update","description":"Modifies the list of signatures to be added to the signature set.\n","tags":["CTE/SignatureSets"],"x-permissions":["UpdatePolicyElementsCTE","ReadSignatureSetCTE","UpdateSignatureSetCTE","ReadSignatureCTE","CreateSignatureCTE","UpdateSignatureCTE","ReadSecurityRuleCTE","ReadProcessSetCTE","ReadSignatureRuleCTE","ReadGuardPointCTE","ReadClientCTE"],"x-resource-type":"SignatureSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE signature set parameters.","schema":{"type":"object","title":"Modify Signature Set","required":["signatures"],"properties":{"signatures":{"description":"List of signatures to be added to the signature set.","type":"array","items":{"type":"object","title":"Signature","required":["file_name","hash_value"],"properties":{"file_name":{"type":"string","description":"Name of the file."},"hash_value":{"type":"string","description":"Hash value of the file."}}}}},"example":{"signatures":[{"file_name":"/bin/cat","hash_value":"05A9E97F7B0D5638A2FFBC1E53A31E44D36251BA35BA8A1556E569D3C8D9B497"}]}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the signature set.","type":"string"},"type":{"description":"Type of the signature set.","type":"string"},"source_list":{"description":"Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.","type":"array","items":{"type":"string"}}}}]},"examples":{"application/json":{"id":"d94ef496-5e43-4424-a6e7-f4213c108415","uri":"kylo:kylo:henry:signatureset:TestSignSet","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-02-24T11:15:58.103355313Z","updatedAt":"2019-02-24T11:15:58.103355313Z","name":"TestSignSet","type":"Application","description":"","reference_version":0,"source_list":["/usr/bin/","/usr/sbin/"],"signing_status":"UNSIGNED","percentage_complete":0,"updated_by":"","docker_img_id":"","docker_cont_id":""}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{signatureSetId}/signatures/upload-list":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"signatureSetId","in":"path","type":"string","description":"An identifier of the signature set.\nThis can be the ID (a UUIDv4), URI, or name of the signature set.\n","required":true}],"post":{"summary":"Upload","description":"Creates signatures in a signature set using a CSV file. You must set content type to multipart/form-data and provide `signaturefile` as the form-data.","tags":["CTE/SignatureSets"],"x-permissions":["UpdatePolicyElementsCTE","ReadSignatureSetCTE","UpdateSignatureSetCTE","ReadSignatureCTE","CreateSignatureCTE","UpdateSignatureCTE","ReadSecurityRuleCTE","ReadProcessSetCTE","ReadSignatureRuleCTE","ReadGuardPointCTE","ReadClientCTE"],"x-resource-type":"SignatureSet","x-product":"CTE","consumes":["multipart/form-data"],"parameters":[{"name":"signaturefile","in":"formData","type":"file","description":"Create Signatures parameters, for example: \"/bin/cat,05A9E97F7B0D5638A2FFBC1E53A31E44D36251BA35BA8A1556E569D3C8D9B497\"\n"}],"responses":{"200":{"description":"OK"},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{signatureSetId}/signatures/{signatureId}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"signatureSetId","in":"path","type":"string","description":"An identifier of the Signature set.\nThis can be the ID (a UUIDv4), URI, or name of the Signature set.\n","required":true},{"name":"signatureId","in":"path","type":"string","description":"An identifier of the Signature.\nThis can be either the ID (a UUIDv4) or URI of the signature.\n","required":true}],"delete":{"summary":"Delete","description":"Deletes a signature from a signature set with the given id.","tags":["CTE/SignatureSets"],"x-permissions":["ReadSignatureSetCTE","UpdatePolicyElementsCTE","ReadSignatureCTE","DeleteSignatureCTE","ReadSecurityRuleCTE","ReadProcessSetCTE","ReadSignatureRuleCTE","ReadGuardPointCTE","ReadClientCTE"],"x-resource-type":"SignatureSet","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{id}/signapp/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Send Sign Request","description":"Sends a signature signing request to the client.","tags":["CTE/SignatureSets"],"x-permissions":["ReadSignatureSetCTE","ReadClientCTE"],"x-resource-type":"SignatureSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE Signature Signing parameters.","schema":{"type":"object","title":"Send Signature Sign Request","required":["client_id"],"properties":{"client_id":{"description":"ID of the client where the signing request is to be sent.","type":"string"}},"example":{"client_id":"Client1"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"status":{"description":"Initial status of LongPoll request.","type":"string"},"reference_id":{"description":"Reference ID where response will be posted.","type":"integer"},"reason":{"description":"Reason of failure.","type":"string"}}}]},"examples":{"application/json":{"status":"OK","reference_id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","reason":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{id}/querysignapp/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Query Sign Request.","description":"Checks the status of the signature signing request sent to the client.","tags":["CTE/SignatureSets"],"x-permissions":["ReadSignatureSetCTE","ReadClientCTE"],"x-resource-type":"SignatureSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE Query Signature Signing parameters.","schema":{"type":"object","title":"Send Query Signature Sign Request","required":["client_id"],"properties":{"client_id":{"description":"ID of the client where the signing request is to be checked.","type":"string"}},"example":{"client_id":"Client1"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"status":{"description":"Initial status of LongPoll request.","type":"string"},"reference_id":{"description":"Reference ID where response will be posted.","type":"integer"},"reason":{"description":"Reason of failure.","type":"string"}}}]},"examples":{"application/json":{"status":"OK","reference_id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","reason":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{id}/cancelsignapp/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Cancel Sign Request","description":"Requests a client to cancel the signature signing request.","tags":["CTE/SignatureSets"],"x-permissions":["ReadSignatureSetCTE","ReadClientCTE"],"x-resource-type":"SignatureSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE Cancel Signature Signing parameters.","schema":{"type":"object","title":"Cancel Signature Sign Request","required":["client_id"],"properties":{"client_id":{"description":"ID of the client where the signing request is to be canceled.","type":"string"}},"example":{"client_id":"Client1"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"status":{"description":"Initial status of LongPoll request.","type":"string"},"reference_id":{"description":"Reference ID where response will be posted.","type":"integer"},"reason":{"description":"Reason of failure.","type":"string"}}}]},"examples":{"application/json":{"status":"OK","reference_id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","reason":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{signatureSetId}/upload-yaml":{"x-feature":"FF_CTE_CSI","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"signatureSetId","in":"path","type":"string","description":"An identifier of the signature set.\nThis can be the ID (a UUIDv4), URI, or name of the signature set.\n","required":true}],"post":{"summary":"Upload YAML","description":"Extracts the container image name from the uploaded YAML file and sets it to the source list of the CTE signature sets. You must set content type to multipart/form-data and provide `yamlFile` as the form-data.","tags":["CTE/SignatureSets"],"x-permissions":["ReadSignatureSetCTE","UpdatePolicyElementsCTE","UpdateSignatureSetCTE","ReadSignatureRuleCTE","ReadClientAndResourceMappingReadCTE","ReadPolicyCTE","ReadUserSetCTE","ReadProcessSetCTE","ReadResourceSetCTE","UpdatePolicyCTE","ReadClientCTE","ReadProcessSetSignatureSetAssociationCTE"],"x-resource-type":"SignatureSet","x-product":"CTE","consumes":["multipart/form-data"],"parameters":[{"name":"yamlFile","in":"formData","type":"file","description":"Upload YAML file\n"}],"responses":{"200":{"description":"OK"},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/usersets/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Adds a new user set to the CipherTrust Manager. Every user set can be linked to multiple policies.","tags":["CTE/UserSets"],"x-permissions":["CreateUserSetCTE"],"x-resource-type":"UserSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE User set creation parameters.","schema":{"type":"object","title":"Create User set","required":["name"],"properties":{"name":{"description":"Name of the user set.","type":"string"},"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}},"labels":{"x-feature":"FF_CTE_FAM","type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Labels are key/value pairs used to group resources.\nThey are based on Kubernetes Labels, see \nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/. \n\nTo add a label, set the label's value as follows.\n```\n \"labels\": {\n \"key1\": \"value1\",\n \"key2\": \"value2\"\n }\n```\n"}},"example":{"name":"UserSet1","description":"Test User set","users":[{"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"uname":"test1234","uid":1234,"gname":"testGroup","gid":1234,"os_domain":""}]}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:userset:U5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-07-05T09:06:16.16117433Z","name":"UserSet1","updatedAt":"0001-01-01T00:00:00Z","description":"Test User set","users":[{"index":0,"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"index":1,"uname":"test","uid":1234,"gname":"testGroup","gid":1234,"os_domain":"Admin"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of user sets added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/UserSets"],"x-permissions":["ReadUserSetCTE"],"x-resource-type":"UserSet","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the user set name."},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"labels","in":"query","type":"string","description":"Filters results that match label selector expressions. Multiple\nvalues are logically ANDed. \n\nFor example, to select resources that have the label `{\"region\": \"noram\"}` but do not \nhave `{\"team\": \"sales\"}` use `region=noram,team!=sales`.\n\nTo select resources whose labels contain the key called region, use `region`.\n\nTo select resources whose labels do not contain the key called region, use `!region`.\n\nTo select resources in the sales and engineering teams, use `team in (sales,engineering)`.\n\nTo select resources that are not in the sales and engineering teams, or do not have a key called `team`, use `team notin (sales,engineering)`.\n\nTo select resources that are not in the sales and engineering teams, and have a key called `team`, use `team,team notin (sales,engineering)`.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:userset:U5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-07-05T09:06:16.16117433Z","name":"UserSet1","updatedAt":"0001-01-01T00:00:00Z","description":"Test User set","users":[{"index":0,"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"index":1,"uname":"test","uid":1234,"gname":"testGroup","gid":1234,"os_domain":"Admin"}]}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/usersets/{id}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modifies the user set parameters. The parameters to be modified are placed in the body parameters. New users/groups will override the existing users/groups.\nSo, to add a new user/group, the request should contain all the existing users/groups and the new user/group.\n","tags":["CTE/UserSets"],"x-permissions":["ReadUserSetCTE","UpdateUserSetCTE"],"x-resource-type":"UserSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE userset parameters.","schema":{"type":"object","title":"Modify User Set","properties":{"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}},"labels":{"x-feature":"FF_CTE_FAM","type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Labels are key/value pairs used to group resources.\nThey are based on Kubernetes Labels, see \nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/. \n\nWhen labels are provided they are merged with the resource's existing labels.\n\nTo remove a label, set the label's value to `null`.\n```\n \"labels\": {\n \"critical\": null\n }\n```\n\nTo remove all labels, set `labels` to `null`.\n```\n \"labels\": null\n```\n"}},"example":{"users":[{"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"uname":"test12","uid":1234,"gname":"testGroup","gid":1234,"os_domain":""}]}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:userset:U5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-07-05T09:06:16.16117433Z","name":"UserSet1","updatedAt":"0001-01-01T00:00:00Z","description":"Test User set","users":[{"index":0,"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"index":1,"uname":"test","uid":1234,"gname":"testGroup","gid":1234,"os_domain":"Admin"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a user set with the given id.\n","tags":["CTE/UserSets"],"x-permissions":["ReadUserSetCTE"],"x-resource-type":"UserSet","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:userset:U5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-07-05T09:06:16.16117433Z","name":"UserSet1","updatedAt":"0001-01-01T00:00:00Z","description":"Test User set","users":[{"index":0,"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"index":1,"uname":"test","uid":1234,"gname":"testGroup","gid":1234,"os_domain":"Admin"}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a user set with the given id. User sets being used by clients cannot be deleted.","tags":["CTE/UserSets"],"x-permissions":["ReadUserSetCTE","DeleteUserSetCTE"],"x-resource-type":"UserSet","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/usersets/{id}/addusers":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modify userset parameters.The parameters contains list of user that to be added in userset.New users will be added to the previous users.\n","tags":["CTE/UserSets"],"x-permissions":["UpdatePolicyElementsCTE","ReadUserSetCTE","UpdateUserSetCTE"],"x-resource-type":"UserSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE userset parameters.","schema":{"type":"object","title":"Modify User Set","properties":{"users":{"description":"users list which needs to be part of the userset","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user which shall be added in user-set"},"uid":{"type":"integer","description":"User id of the user which shall be added in user-set"},"gname":{"type":"string","description":"Group name of the user which shall be added in user-set"},"gid":{"type":"integer","description":"Group id of the user which shall be added in user-set"},"os_domain":{"type":"string","description":"OS domain name in case of windows environment"}}}}},"example":{"users":[{"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"uname":"test12","uid":1234,"gname":"testGroup","gid":1234,"os_domain":""}]}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:userset:U5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-07-05T09:06:16.16117433Z","name":"UserSet1","updatedAt":"0001-01-01T00:00:00Z","description":"Test User set","users":[{"index":0,"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"index":1,"uname":"test","uid":1234,"gname":"testGroup","gid":1234,"os_domain":"Admin"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/usersets/{id}/delusers":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"delete":{"summary":"Delete","description":"Delete users from userset with a given user index list.","tags":["CTE/UserSets"],"x-permissions":["UpdatePolicyElementsCTE","ReadUserSetCTE","UpdateUserSetCTE"],"x-resource-type":"UserSet","x-product":"CTE","parameters":[{"in":"query","name":"userIndexList","description":"Comma-separated list of user indexes. For example 2,4,6.","required":true,"type":"string"}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"delete_success":{"description":"List of successfully deleted user.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted user.","type":"integer"},"status_code":{"description":"Status code for deleted user.","type":"integer"}}}},"delete_failed":{"description":"List of users which are failed to delete.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted user.","type":"integer"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code for deleted user.","type":"integer"}}}}}}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/usersets/{id}/updateuser/{userIndex}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"userIndex","in":"path","type":"integer","description":"An index of user in userset.This should be number.","required":true}],"patch":{"summary":"Update","description":"Modify user in userset parameters.The parameter contain user that to be updated in userset.\n","tags":["CTE/UserSets"],"x-permissions":["UpdatePolicyElementsCTE","ReadUserSetCTE","UpdateUserSetCTE"],"x-resource-type":"UserSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE user parameters.","schema":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user which shall be added in user-set"},"uid":{"type":"integer","description":"User id of the user which shall be added in user-set"},"gname":{"type":"string","description":"Group name of the user which shall be added in user-set"},"gid":{"type":"integer","description":"Group id of the user which shall be added in user-set"},"os_domain":{"type":"string","description":"OS domain name in case of windows environment"}},"example":{"uname":"root","uid":1000,"gname":"rootGroup","gid":1001,"os_domain":"dm1"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:userset:U5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-07-05T09:06:16.16117433Z","name":"UserSet1","updatedAt":"0001-01-01T00:00:00Z","description":"Test User set","users":[{"index":0,"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"index":1,"uname":"test","uid":1234,"gname":"testGroup","gid":1234,"os_domain":"Admin"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/usersets/{id}/users":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List","description":"Returns the list of users from user set. The results can be filtered using the query parameters.\n","tags":["CTE/UserSets"],"x-permissions":["ReadUserSetCTE"],"x-resource-type":"UserSet","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"search","in":"query","required":false,"type":"string","description":"Filter result usings the user uname, gname and os_domain."},{"name":"sort","in":"query","required":false,"type":"string","description":"The fields to sort results by index, uname, gname, or os_domain. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n-uname\n...will sort the results by `uname` in descending order.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"index":0,"uname":"root1234","uid":"1000,","gname":"rootGroup","gid":1000,"os_domain":""},{"index":1,"uname":"root1234","uid":"1000,","gname":"rootGroup","gid":1000,"os_domain":""}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/usersets/{id}/policies":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List","description":"Returns the association between a policy and a user set. The results can be filtered using the query parameters.\n","tags":["CTE/UserSets"],"x-permissions":["ReadUserSetCTE","ReadClientAndResourceMappingReadCTE"],"x-resource-type":"UserSet","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. The valid values are “Standard”, “LDT”, “Cloud_Object_Storage\"{{FF_CTE_CSI|, and \"CSI\"}}.","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"},"never_deny":{"description":"Flag to always permit operations in policy. By default it is disabled, enabled on learn mode activation","type":"boolean"},"policy_key_version":{"description":"Version of the policy key.","type":"string"},"never_deny_enabled_at":{"description":"Timestamp when learn mode was enabled.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"RecordEncryptPolicy","description":"","policy_type":"LDT","policy_version":"0","never_deny":false,"policy_key_version":"0","updated_by":null,"migrated_policy_id":"","metadata":{"restrict_update":false}}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/processsets/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Adds a new process set to the CipherTrust Manager. Every process set can be linked to multiple policies.","tags":["CTE/ProcessSets"],"x-permissions":["CreateProcessSetCTE","ReadSignatureSetCTE","ReadProcessSetSignatureSetAssociationCTE","CreateProcessSetSignatureSetAssociationCTE","ReadProcessSetResourceSetAssociationCTE","CreateProcessSetResourceSetAssociationCTE"],"x-resource-type":"ProcessSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE processset creation parameters.","schema":{"type":"object","title":"Create Process Set","required":["name"],"properties":{"name":{"description":"Name of the process set.","type":"string"},"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"object","title":"Process","properties":{"signature":{"type":"string","description":"ID or name of the signature set to link to the process set."},"directory":{"type":"string","description":"Directory of the process to be added to the process set."},"file":{"type":"string","description":"File name of the process to be added to the process set."},"resource_set_id":{"type":"string","description":"ID or name of the resource set to link to the process set. It is used for ransomware clients as a resources exempt."}}}},"labels":{"x-feature":"FF_CTE_FAM","type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Labels are key/value pairs used to group resources.\nThey are based on Kubernetes Labels, see \nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/. \n\nTo add a label, set the label's value as follows.\n```\n \"labels\": {\n \"key1\": \"value1\",\n \"key2\": \"value2\"\n }\n```\n"}},"example":{"name":"TestProcessSet","description":"","processes":[{"signature":"TestSignSet","directory":"/home/testUser","file":"*","resource_set_id":"RS1"},{"signature":"TestSignSet","directory":"/home/kyloTest","file":"kylo.bin"}]}}}],"responses":{"201":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"signature":{"description":"Name of signature set.","type":"string"},"directory":{"description":"Name of directory of process","type":"string"},"file":{"description":"Name of process.","type":"string"}}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:processset:P3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ProcessSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Process set","processes":[{"index":0,"signature":"TestSign","directory":"/usr/bin/","file":"testBinary","resource_set_id":"RS1"},{"index":1,"signature":"TestSign1","directory":"/usr/bin/","file":"testBinary1"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of process sets added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/ProcessSets"],"x-permissions":["ReadProcessSetCTE","ReadProcessSetSignatureSetAssociationCTE"],"x-resource-type":"ProcessSet","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the process set name."},{"name":"withsignatureset","in":"query","required":false,"type":"boolean","description":"Filter those processsets which contain or do not contain signature set."},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"labels","in":"query","type":"string","description":"Filters results that match label selector expressions. Multiple\nvalues are logically ANDed. \n\nFor example, to select resources that have the label `{\"region\": \"noram\"}` but do not \nhave `{\"team\": \"sales\"}` use `region=noram,team!=sales`.\n\nTo select resources whose labels contain the key called region, use `region`.\n\nTo select resources whose labels do not contain the key called region, use `!region`.\n\nTo select resources in the sales and engineering teams, use `team in (sales,engineering)`.\n\nTo select resources that are not in the sales and engineering teams, or do not have a key called `team`, use `team notin (sales,engineering)`.\n\nTo select resources that are not in the sales and engineering teams, and have a key called `team`, use `team,team notin (sales,engineering)`.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"signature":{"description":"Name of signature set.","type":"string"},"directory":{"description":"Name of directory of process","type":"string"},"file":{"description":"Name of process.","type":"string"}}}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:processset:P3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ProcessSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Process set","processes":[{"index":0,"signature":"TestSign","directory":"/usr/bin/","file":"testBinary","resource_set_id":"RS1"},{"index":1,"signature":"TestSign1","directory":"/usr/bin/","file":"testBinary1"}]}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/processsets/{id}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modifies the process set parameters. The parameters to be modified are placed in the body parameters.\nNew processes will override the existing processes. So, to add a new process, the request should contain all the existing processes and the new process.\n","tags":["CTE/ProcessSets"],"x-permissions":["UpdatePolicyElementsCTE","ReadProcessSetCTE","UpdateProcessSetCTE","ReadSignatureSetCTE","ReadProcessSetSignatureSetAssociationCTE","CreateProcessSetSignatureSetAssociationCTE","ReadProcessSetResourceSetAssociationCTE","CreateProcessSetResourceSetAssociationCTE"],"x-resource-type":"ProcessSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE processset parameters.","schema":{"type":"object","title":"Modify Process Set","properties":{"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"object","title":"Process","properties":{"signature":{"type":"string","description":"ID or name of the signature set to link to the process set."},"directory":{"type":"string","description":"Directory of the process to be added to the process set."},"file":{"type":"string","description":"File name of the process to be added to the process set."},"resource_set_id":{"type":"string","description":"ID or name of the resource set to link to the process set. It is used for ransomware clients as a resources exempt."}}}},"labels":{"x-feature":"FF_CTE_FAM","type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Labels are key/value pairs used to group resources.\nThey are based on Kubernetes Labels, see \nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/. \n\nWhen labels are provided they are merged with the resource's existing labels.\n\nTo remove a label, set the label's value to `null`.\n```\n \"labels\": {\n \"critical\": null\n }\n```\n\nTo remove all labels, set `labels` to `null`.\n```\n \"labels\": null\n```\n"}},"example":{"processes":[{"signature":"","directory":"/home/testUser","file":"*","resource_set_id":"RS1"},{"signature":"TestSignSet","directory":"/home/kyloTest","file":"kylo.bin"}]}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"signature":{"description":"Name of signature set.","type":"string"},"directory":{"description":"Name of directory of process","type":"string"},"file":{"description":"Name of process.","type":"string"}}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:processset:P3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ProcessSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Process set","processes":[{"index":0,"signature":"TestSign","directory":"/usr/bin/","file":"testBinary","resource_set_id":"RS1"},{"index":1,"signature":"TestSign1","directory":"/usr/bin/","file":"testBinary1"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a process set with the given id.\n","tags":["CTE/ProcessSets"],"x-permissions":["ReadProcessSetCTE"],"x-resource-type":"ProcessSet","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"signature":{"description":"Name of signature set.","type":"string"},"directory":{"description":"Name of directory of process","type":"string"},"file":{"description":"Name of process.","type":"string"}}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:processset:P3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ProcessSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Process set","processes":[{"index":0,"signature":"TestSign","directory":"/usr/bin/","file":"testBinary","resource_set_id":"RS1"},{"index":1,"signature":"TestSign1","directory":"/usr/bin/","file":"testBinary1"}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a process set with the given id. Processes being used by clients cannot be deleted.","tags":["CTE/ProcessSets"],"x-permissions":["DeletePolicyElementsCTE","ReadProcessSetCTE","DeleteProcessSetCTE"],"x-resource-type":"ProcessSet","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/processsets/{id}/addprocesses":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modify processset parameters.The parameters contains list of process that to be added in processset.New processes will be added to the previous processes.\n","tags":["CTE/ProcessSets"],"x-permissions":["UpdatePolicyElementsCTE","ReadProcessSetCTE","UpdateProcessSetCTE","ReadSignatureSetCTE","ReadProcessSetSignatureSetAssociationCTE","CreateProcessSetSignatureSetAssociationCTE","ReadProcessSetResourceSetAssociationCTE","CreateProcessSetResourceSetAssociationCTE"],"x-resource-type":"ProcessSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE processset parameters.","schema":{"type":"object","title":"Modify Process Set","properties":{"processes":{"description":"processes list which needs to be part of the process set","type":"array","items":{"type":"object","title":"Process","properties":{"signature":{"type":"string","description":"Signature-set ID or Name which shall be associated with the process-set"},"directory":{"type":"string","description":"directory path of the process which shall be associated with the process-set"},"file":{"type":"string","description":"file name of the process which shall be associated with the process-set"},"resource_set_id":{"type":"string","description":"ID or name of the resource which shall be associated with the process set. It is used for ransomware clients as a resources exempt."}}}}},"example":{"processes":[{"signature":"","directory":"/home/testUser","file":"*","resource_set_id":"RS1"},{"signature":"TestSignSet","directory":"/home/kyloTest","file":"kylo.bin"}]}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"signature":{"description":"Name of signature set.","type":"string"},"directory":{"description":"Name of directory of process","type":"string"},"file":{"description":"Name of process.","type":"string"}}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:processset:P3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ProcessSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Process set","processes":[{"index":0,"signature":"TestSign","directory":"/usr/bin/","file":"testBinary","resource_set_id":"RS1"},{"index":1,"signature":"TestSign1","directory":"/usr/bin/","file":"testBinary1"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/processsets/{id}/delprocesses":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"delete":{"summary":"Delete","description":"Delete processes from processset with a given process index list.","tags":["CTE/ProcessSets"],"x-permissions":["UpdatePolicyElementsCTE","ReadProcessSetCTE","UpdateProcessSetCTE","ReadProcessSetCTE","ReadSignatureSetCTE"],"x-resource-type":"ProcessSet","x-product":"CTE","parameters":[{"in":"query","name":"processIndexList","description":"Comma-separated list of process indexes. For example 2,4,6.","required":true,"type":"string"}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"delete_success":{"description":"List of successfully deleted process.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted process.","type":"integer"},"status_code":{"description":"Status code for deleted process.","type":"integer"}}}},"delete_failed":{"description":"List of processes which are failed to delete.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted process.","type":"integer"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code for deleted process.","type":"integer"}}}}}}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/processsets/{id}/updateprocess/{processIndex}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"processIndex","in":"path","type":"integer","description":"An index of process in processset.This should be number.","required":true}],"patch":{"summary":"Update","description":"Modify process parameters.The parameters contains process that to be updated in processset.\n","tags":["CTE/ProcessSets"],"x-permissions":["UpdatePolicyElementsCTE","ReadProcessSetCTE","UpdateProcessSetCTE","ReadProcessSetCTE","ReadSignatureSetCTE","ReadProcessSetSignatureSetAssociationCTE","CreateProcessSetSignatureSetAssociationCTE","ReadProcessSetResourceSetAssociationCTE","CreateProcessSetResourceSetAssociationCTE"],"x-resource-type":"ProcessSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE process parameters.","schema":{"type":"object","title":"Modify Process","properties":{"signature":{"type":"string","description":"Signature-set ID or Name which shall be associated with the process-set"},"directory":{"type":"string","description":"directory path of the process which shall be associated with the process-set"},"file":{"type":"string","description":"file name of the process which shall be associated with the process-set"},"resource_set_id":{"type":"string","description":"ID or name of the resource which shall be associated with the process set. It is used for ransomware clients as a resources exempt."}},"example":{"signature":"","directory":"/home/testUser","file":"*","resource_set_id":"RS1"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"signature":{"description":"Name of signature set.","type":"string"},"directory":{"description":"Name of directory of process","type":"string"},"file":{"description":"Name of process.","type":"string"}}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:processset:P3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ProcessSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Process set","processes":[{"index":0,"signature":"TestSign","directory":"/usr/bin/","file":"testBinary","resource_set_id":"RS1"},{"index":1,"signature":"TestSign1","directory":"/usr/bin/","file":"testBinary1"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/processsets/{id}/processes":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List","description":"Returns the list of processes from process set. The results can be filtered using the query parameters.\n","tags":["CTE/ProcessSets"],"x-permissions":["ReadProcessSetCTE"],"x-resource-type":"ProcessSet","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"search","in":"query","required":false,"type":"string","description":"Filter results using the process signature, directory and file name."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"signature":{"description":"Name of signature set.","type":"string"},"directory":{"description":"Name of directory of process","type":"string"},"file":{"description":"Name of process.","type":"string"}}}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"index":0,"signature":"TestSign","directory":"/usr/bin/","file":"testBinary","resource_set_id":"RS1"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/processsets/{id}/policies":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List","description":"Returns the association between a policy and a process set. The results can be filtered using the query parameters.\n","tags":["CTE/ProcessSets"],"x-permissions":["ReadProcessSetCTE","ReadClientAndResourceMappingReadCTE","ReadPolicyCTE"],"x-resource-type":"ProcessSet","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. The valid values are “Standard”, “LDT”, “Cloud_Object_Storage\"{{FF_CTE_CSI|, and \"CSI\"}}.","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"},"never_deny":{"description":"Flag to always permit operations in policy. By default it is disabled, enabled on learn mode activation","type":"boolean"},"policy_key_version":{"description":"Version of the policy key.","type":"string"},"never_deny_enabled_at":{"description":"Timestamp when learn mode was enabled.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"RecordEncryptPolicy","description":"","policy_type":"LDT","policy_version":"0","never_deny":false,"policy_key_version":"0","updated_by":null,"migrated_policy_id":"","metadata":{"restrict_update":false}}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/resourcesets/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Adds a new resource set to the CipherTrust Manager. Every resource set can be linked to multiple policies.","tags":["CTE/ResourceSets"],"x-permissions":["CreateResourceSetCTE"],"x-resource-type":"ResourceSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE resourceset creation parameters.","schema":{"type":"object","title":"Create Resource Set","required":["name"],"properties":{"name":{"description":"Name of the resource set.","type":"string"},"description":{"description":"Description of the resource set.","type":"string"},"type":{"description":"Type of the resource set. The valid options is Directory. The default value is `Directory`.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."},"hdfs":{"type":"boolean","description":"Whether the specified path is a HDFS path."}}}},"labels":{"x-feature":"FF_CTE_FAM","type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Labels are key/value pairs used to group resources.\nThey are based on Kubernetes Labels, see \nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/. \n\nTo add a label, set the label's value as follows.\n```\n \"labels\": {\n \"key1\": \"value1\",\n \"key2\": \"value2\"\n }\n```\n"}},"example":{"name":"TestResourceSet","description":"","type":"Directory","resources":[{"directory":"/home/testUser","file":"*","include_subfolders":true},{"directory":"/home/kyloTest","file":"kylo.bin","include_subfolders":false}]}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:resourceset:R5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ResourceSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Resource set","type":"Directory","resources":[{"index":0,"directory":"/test/dir1/","file":"*","include_subfolders":false,"hdfs":false},{"index":1,"directory":"/test/dir2/","file":"*","include_subfolders":true,"hdfs":false}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of resource sets added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/ResourceSets"],"x-permissions":["ReadResourceSetCTE"],"x-resource-type":"ResourceSet","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the resource set name."},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"labels","in":"query","type":"string","description":"Filters results that match label selector expressions. Multiple\nvalues are logically ANDed. \n\nFor example, to select resources that have the label `{\"region\": \"noram\"}` but do not \nhave `{\"team\": \"sales\"}` use `region=noram,team!=sales`.\n\nTo select resources whose labels contain the key called region, use `region`.\n\nTo select resources whose labels do not contain the key called region, use `!region`.\n\nTo select resources in the sales and engineering teams, use `team in (sales,engineering)`.\n\nTo select resources that are not in the sales and engineering teams, or do not have a key called `team`, use `team notin (sales,engineering)`.\n\nTo select resources that are not in the sales and engineering teams, and have a key called `team`, use `team,team notin (sales,engineering)`.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:resourceset:R5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ResourceSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Resource set","type":"Directory","resources":[{"index":0,"directory":"/test/dir1/","file":"*","include_subfolders":false,"hdfs":false},{"index":1,"directory":"/test/dir2/","file":"*","include_subfolders":true,"hdfs":false}]}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/resourcesets/{id}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modifies the resource set parameters. The parameters to be modified are placed in the body parameters. New resources will override the existing resources.\nSo, to add a new resource, the request should contain all the existing resources and the new resource.\n","tags":["CTE/ResourceSets"],"x-permissions":["ReadResourceSetCTE","UpdatePolicyElementsCTE","UpdateResourceSetCTE"],"x-resource-type":"ResourceSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE resource-set parameters.","schema":{"type":"object","title":"Modify Resource Set","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"Resource list which needs to be part of the resource-set","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"directory path of the Resource which shall be associated with the resource-set"},"file":{"type":"string","description":"file name of the Resource which shall be associated with the resource-set"},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."},"hdfs":{"type":"boolean","description":"Whether the specified path is a HDFS path."}}}},"labels":{"x-feature":"FF_CTE_FAM","type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Labels are key/value pairs used to group resources.\nThey are based on Kubernetes Labels, see \nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/. \n\nWhen labels are provided they are merged with the resource's existing labels.\n\nTo remove a label, set the label's value to `null`.\n```\n \"labels\": {\n \"critical\": null\n }\n```\n\nTo remove all labels, set `labels` to `null`.\n```\n \"labels\": null\n```\n"}},"example":{"resources":[{"directory":"/home/testUser","file":"*","include_subfolders":true},{"directory":"/home/kyloTest","file":"kylo.bin","include_subfolders":false}]}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:resourceset:R5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ResourceSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Resource set","type":"Directory","resources":[{"index":0,"directory":"/test/dir1/","file":"*","include_subfolders":false,"hdfs":false},{"index":1,"directory":"/test/dir2/","file":"*","include_subfolders":true,"hdfs":false}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a resource set with the given id.\n","tags":["CTE/ResourceSets"],"x-permissions":["ReadResourceSetCTE"],"x-resource-type":"ResourceSet","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:resourceset:R5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ResourceSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Resource set","type":"Directory","resources":[{"index":0,"directory":"/test/dir1/","file":"*","include_subfolders":false,"hdfs":false},{"index":1,"directory":"/test/dir2/","file":"*","include_subfolders":true,"hdfs":false}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a resource set with the given id. Resource sets being used by clients cannot be deleted.","tags":["CTE/ResourceSets"],"x-permissions":["DeletePolicyElementsCTE","ReadResourceSetCTE","DeleteResourceSetCTE"],"x-resource-type":"ResourceSet","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/resourcesets/{id}/addresources":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modify resourceset parameters.The parameters contains list of resource that to be added in resourceset.New resources will be added to the previous resources.\n","tags":["CTE/ResourceSets"],"x-permissions":["UpdatePolicyElementsCTE","ReadResourceSetCTE","UpdateResourceSetCTE"],"x-resource-type":"ResourceSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE resource-set parameters.","schema":{"type":"object","title":"Modify Resource Set","properties":{"resources":{"description":"Resource list which needs to be part of the resource-set","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"directory path of the Resource which shall be associated with the resource-set"},"file":{"type":"string","description":"file name of the Resource which shall be associated with the resource-set"},"include_subfolders":{"type":"boolean","description":"Flag to include subfolders in the Resource."},"hdfs":{"type":"boolean","description":"Whether the specified path is a HDFS path."}}}}},"example":{"resources":[{"directory":"/home/testUser","file":"*","hdfs":false,"include_subfolders":true},{"directory":"/home/kyloTest","file":"kylo.bin","hdfs":false,"include_subfolders":false}]}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:resourceset:R5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ResourceSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Resource set","type":"Directory","resources":[{"index":0,"directory":"/test/dir1/","file":"*","include_subfolders":false,"hdfs":false},{"index":1,"directory":"/test/dir2/","file":"*","include_subfolders":true,"hdfs":false}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/resourcesets/{id}/delresources":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"delete":{"summary":"Delete","description":"Delete resources from resourceset with a given resource index list.","tags":["CTE/ResourceSets"],"x-permissions":["UpdatePolicyElementsCTE","ReadResourceSetCTE","UpdateResourceSetCTE"],"x-resource-type":"ResourceSet","x-product":"CTE","parameters":[{"in":"query","name":"resourceIndexList","description":"Comma-separated list of resource indexes. For example 2,4,6.","required":true,"type":"string"}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"delete_success":{"description":"List of successfully deleted resource.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted resource.","type":"integer"},"status_code":{"description":"Status code for deleted resource.","type":"integer"}}}},"delete_failed":{"description":"List of resources which are failed to delete.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted resource.","type":"integer"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code for deleted resource.","type":"integer"}}}}}}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/resourcesets/{id}/updateresource/{resourceIndex}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"resourceIndex","in":"path","type":"integer","description":"An index of resource in resourceset.This should be number.","required":true}],"patch":{"summary":"Update","description":"Modify resource parameters.The parameters contain resource that to be updated in resourceset.\n","tags":["CTE/ResourceSets"],"x-permissions":["UpdatePolicyElementsCTE","ReadResourceSetCTE","UpdateResourceSetCTE"],"x-resource-type":"ResourceSet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE resource parameters.","schema":{"type":"object","title":"Modify Resource","properties":{"directory":{"type":"string","description":"directory path of the Resource which shall be associated with the resource-set"},"file":{"type":"string","description":"file name of the Resource which shall be associated with the resource-set"},"include_subfolders":{"type":"boolean","description":"Flag to include subfolders in the Resource."},"hdfs":{"type":"boolean","description":"Whether the specified path is a HDFS path."}},"example":{"directory":"/home/testUser","file":"*","include_subfolders":"true,","hdfs":false}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:resourceset:R5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ResourceSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Resource set","type":"Directory","resources":[{"index":0,"directory":"/test/dir1/","file":"*","include_subfolders":false,"hdfs":false},{"index":1,"directory":"/test/dir2/","file":"*","include_subfolders":true,"hdfs":false}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/resourcesets/{id}/resources":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List","description":"Returns the list of resources from resource set. The results can be filtered using the query parameters.\n","tags":["CTE/ResourceSets"],"x-permissions":["ReadResourceSetCTE"],"x-resource-type":"ResourceSet","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"search","in":"query","required":false,"type":"string","description":"Filter results using the resource directory and file name."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"index":0,"directory":"/test/dir1/","file":"*","include_subfolders":false,"hdfs":false}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/resourcesets/{id}/policies":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List","description":"Returns the association between a policy and a resource set. The results can be filtered using the query parameters.\n","tags":["CTE/ResourceSets"],"x-permissions":["ReadResourceSetCTE","ReadClientAndResourceMappingReadCTE","ReadPolicyCTE"],"x-resource-type":"ResourceSet","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. The valid values are “Standard”, “LDT”, “Cloud_Object_Storage\"{{FF_CTE_CSI|, and \"CSI\"}}.","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"},"never_deny":{"description":"Flag to always permit operations in policy. By default it is disabled, enabled on learn mode activation","type":"boolean"},"policy_key_version":{"description":"Version of the policy key.","type":"string"},"never_deny_enabled_at":{"description":"Timestamp when learn mode was enabled.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"RecordEncryptPolicy","description":"","policy_type":"LDT","policy_version":"0","never_deny":false,"policy_key_version":"0","updated_by":null,"metadata":{"restrict_update":false}}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/profiles/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Adds a new CTE profile to the CipherTrust Manager.","tags":["CTE/Profiles"],"x-permissions":["CreateProfileCTE"],"x-resource-type":"Profile","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE profile creation parameters.","schema":{"type":"object","title":"CreateProfile","required":["name"],"properties":{"name":{"description":"Name of the CTE profile.","type":"string"},"description":{"description":"Description of the profile resource.","type":"string"},"management_service_logger":{"description":"Logger configurations for the management service.","type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"syslog_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"x-feature":"FF_CTE_CLIENT_LOG_UPLOAD","description":"Whether to enable log upload to the URL.","type":"boolean"}}},"policy_evaluation_logger":{"description":"Logger configurations for policy evaluation.","type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"syslog_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"x-feature":"FF_CTE_CLIENT_LOG_UPLOAD","description":"Whether to enable log upload to the URL.","type":"boolean"}}},"security_admin_logger":{"description":"Logger configurations for security administrators.","type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"syslog_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"x-feature":"FF_CTE_CLIENT_LOG_UPLOAD","description":"Whether to enable log upload to the URL.","type":"boolean"}}},"system_admin_logger":{"description":"Logger configurations for the System administrator.","type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"syslog_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"x-feature":"FF_CTE_CLIENT_LOG_UPLOAD","description":"Whether to enable log upload to the URL.","type":"boolean"}}},"file_settings":{"description":"File settings for the profile.","type":"object","properties":{"allow_purge":{"description":"Allows purge. By default, it is enabled.","type":"boolean"},"max_old_files":{"description":"Maximum number of old files allowed. The valid range is from 1 to 100, with a default value of 25.","type":"integer"},"max_file_size":{"description":"Maximum file size(bytes) 1,000 - 1,000,000,000 (1KB to 1GB).","type":"integer"},"file_threshold":{"description":"Applicable file threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}},"syslog_settings":{"description":"Parameters to configure the Syslog server.","type":"object","properties":{"local":{"description":"Whether the Syslog server is local.","type":"boolean"},"syslog_threshold":{"description":"Applicable threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"servers":{"description":"Configuration of the Syslog server.","type":"array","items":{"type":"object","title":"SyslogServers","properties":{"name":{"description":"Name of the Syslog server.","type":"string"},"protocol":{"description":"Protocol of the Syslog server, TCP, UDP and TLS.","type":"string"},"message_format":{"description":"Format of the message on the Syslog server. Valid values are:\n-\tCEF\n-\tLEEF\n-\tRFC5424\n-\tPLAIN\n","type":"string"},"port":{"description":"Port for syslog server. Valid values are 1 to 65535.\n","type":"integer"},"caCertificate":{"type":"string","description":"CA certificate for syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Client certificate for syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Client certificate for syslog application provided by the client.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"}}}}}},"upload_settings":{"x-feature":"FF_CTE_CLIENT_LOG_UPLOAD","description":"Configure log upload to the Syslog server.","type":"object","properties":{"min_interval":{"description":"Minimum interval value. Valid values are 1 to 30.","type":"integer"},"max_interval":{"description":"Maximum interval value. Valid values are 1 to 120.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. Valid values are 100 to 10000.","type":"integer"},"connection_timeout":{"description":"Connection timeout value. Valid value are from 1 to 60.","type":"integer"},"job_completion_timeout":{"description":"Job completion timeout value. Valid values are 1 to 900.","type":"integer"},"drop_if_busy":{"description":"Whether to drop the log upload if the server is busy.","type":"boolean"},"upload_threshold":{"description":"Threshold to upload logs to the URL. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}},"duplicate_settings":{"description":"Duplicate setting parameters.","type":"object","properties":{"suppress_threshold":{"description":"Suppress threshold. Valid values are 1 to 100.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Valid values are 1 to 1000.","type":"integer"}}},"cache_settings":{"description":"Cache settings for the server.","type":"object","properties":{"max_space":{"description":"Max Space. Minimum value is 100 MB.","type":"integer"},"max_files":{"description":"Maximum number of files. Minimum value is 200.","type":"integer"}}},"ldt_qos_rekey_option":{"description":"Rekey option and applicable options are RekeyRate and CPU.","type":"string"},"ldt_qos_rekey_rate":{"description":"Rekey rate in terms of MB/s. Valid values are 0 to 32767.","type":"integer"},"ldt_qos_cpu_percent":{"description":"CPU application percentage if ldt_qos_cap_cpu_allocation is true. Valid values are 0 to 100.","type":"integer"},"ldt_qos_cap_cpu_allocation":{"description":"Whether to allow CPU allocation for Quality of Service (QoS) capabilities.","type":"boolean"},"ldt_qos_status_check_rate":{"description":"Frequency to check and update the LDT status on the CipherTrust Manager. The valid value ranges from 600 to 86400 seconds. The default value is 3600 seconds.","type":"integer"},"concise_logging":{"description":"Whether to allow concise logging.","type":"boolean"},"connect_timeout":{"description":"Connect timeout in seconds. Valid values are 5 to 150.","type":"integer"},"ldt_qos_schedule":{"description":"Type of QoS schedule. Valid values are:\n-\tCUSTOM\n-\tCUSTOM_WITH_OVERWRITE\n-\tANY_TIME\n-\tWEEKNIGHTS\n-\tWEEKENDS\n","type":"string"},"qos_schedules":{"description":"Schedule of QoS capabilities.","type":"array","items":{"type":"object","title":"QosSchedules","properties":{"start_weekday":{"description":"QoS start day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"start_time_hour":{"description":"QOS start hour. Valid values are 1 to 23.","type":"integer"},"start_time_min":{"description":"QOS start minute. Valid values are 0 to 59.","type":"integer"},"end_weekday":{"description":"QoS end day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"end_time_hour":{"description":"QoS end hour. Valid values are 1 to 23.","type":"integer"},"end_time_min":{"description":"QoS end minute. Valid values are 0 to 59.","type":"integer"}}}},"server_settings":{"x-feature":"FF_CTE_CLUSTER_SERVER_SETTINGS","description":"Server configuration of cluster nodes. These settings are allowed only in cluster environment.","type":"array","items":{"type":"object","title":"serverSettings","properties":{"hostName":{"description":"Host name of the cluster node.","type":"string"},"priority":{"description":"Priority of the cluster node. Valid values are 1 to 100.","type":"integer"}}}},"oidc_connection_id":{"description":"ID of the OIDC connection.","type":"string"},"mfa_exempt_user_set_id":{"description":"ID of the user set to be exempted from MFA. MFA will not be enforced on the users of this set.","type":"string"},"rwp_operation":{"description":"Applicable to the Ransomware clients only. The valid values are permit(for Audit), deny(for Block), and disable. The default value is deny.","type":"string"},"rwp_process_set":{"description":"ID of the process set to be whitelisted.","type":"string"},"server_response_rate":{"description":"the percentage value of successful API calls to the server, for which the agent will consider the server to be working fine. If the value is set to 75 then, if the server responds to 75% of the calls it is considered OK & no update is sent by agent. Valid values are between 0 to 100, both inclusive. Default value is 0.","type":"integer"},"attestation_frequency":{"description":"Frequency in hours to represents how often attestation needs to be performed. Valid values are 1 to 720. Default value of attestation frequency is 1 hour. Attestation frequency should be less than 24 hours or align to full-day intervals (e.g., 24 hours, 48 hours).","type":"integer"},"re_attestation_enable":{"description":"Whether to enable/disable reattestation of client","type":"boolean"},"reattestation_failure_retry_duration":{"description":"Duration in minutes to retry attestation after failed reattestation attempt. Default value of retry duration is 10 minutes. Retry interval should not be more than attestation frequency.","type":"integer"},"reattestation_failure_retries":{"description":"Number of retry attempts allowed after re-attestation failure. Valid values are 3 to 10. Default value of retry attempts is 3.","type":"integer"},"ransomware_alarm":{"description":"Enables CM to generate Alarms for ransomware activities on agents associated with client profile.","type":"boolean"},"csi_auto_cleanup_enable":{"x-feature":"FF_CTE_CSI_CLUSTER_ID_SUPPORT","description":"Enables CM to support automatic cleanup of nodes and release licenses during a Kubernetes Solution upgrade (Kubernetes version upgrade, Kubernetes node image upgrade, CTE-CSI solution upgrade).","type":"boolean"},"labels":{"x-feature":"FF_ADD_LABELS_TO_CTE_CLIENT_PROFILES","type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Labels are key/value pairs used to group resources.\nThey are based on Kubernetes Labels, see \nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/. \n\nTo add a label, set the label's value as follows.\n```\n \"labels\": {\n \"key1\": \"value1\",\n \"key2\": \"value2\"\n }\n```\n"}},"example":{"name":"TestProfile"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of the profile resource.","type":"string"},"management_service_logger":{"description":"Logger configurations for the management service.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"policy_evaluation_logger":{"description":"Logger configurations for policy evaluation.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"security_admin_logger":{"description":"Logger configurations for security administrators.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"system_admin_logger":{"description":"Logger configurations for the System administrator.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"file_settings":{"description":"File settings for the profile.","type":"object","items":{"type":"object","properties":{"allow_purge":{"description":"Allow purge(true or false (boolean)). By default, it is enabled.","type":"boolean"},"max_old_files":{"description":"Maximum number of old files allowed. The valid range is from 1 to 100, with a default value of 25.","type":"integer"},"max_file_size":{"description":"Maximum file size(bytes) 1,000 - 1,000,000,000 (1KB to 1GB).","type":"integer"},"file_threshold":{"description":"Applicable file threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"syslog_settings":{"description":"Parameters to configure the Syslog server.","type":"object","items":{"type":"object","properties":{"local":{"description":"Whether the Syslog server is local.","type":"boolean"},"syslog_threshold":{"description":"Applicable threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"servers":{"description":"Configuration of the Syslog server.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the Syslog server.","type":"string"},"protocol":{"description":"Protocol of the Syslog server, TCP, UDP and TLS.","type":"string"},"message_format":{"description":"Format of the message on the Syslog server. Valid values are:\n-\tCEF\n-\tLEEF\n-\tRFC5424\n-\tPLAIN\n","type":"string"},"port":{"description":"Port for Syslog server. Valid values are 1 to 65535.\n","type":"integer"},"caCertificate":{"type":"string","description":"CA certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"}}}}}}}},"upload_settings":{"description":"Configure log upload settings.","type":"object","items":{"type":"object","properties":{"url":{"description":"URL value.","type":"string"},"min_interval":{"description":"Minimum interval value. Valid values are 1 to 30.","type":"integer"},"max_interval":{"description":"Maximum interval value. Valid values are 1 to 120.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. Valid values are 100 to 10000.","type":"integer"},"connection_timeout":{"description":"Connection timeout value. Valid value are from 1 to 60.","type":"integer"},"job_completion_timeout":{"description":"Job completion timeout value. Valid values are 1 to 900.","type":"integer"},"drop_if_busy":{"description":"Whether to drop the log upload if the server is busy.","type":"boolean"},"upload_threshold":{"description":"Threshold to upload logs to the URL. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"duplicate_settings":{"description":"Duplicate setting parameters.","type":"object","items":{"type":"object","properties":{"suppress_threshold":{"description":"Suppress threshold. Valid values are 1 to 100.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Valid values are 1 to 1000.","type":"integer"}}}},"cache_settings":{"description":"Cache settings for the server.","type":"object","items":{"type":"object","properties":{"max_space":{"description":"Max Space. Valid values are 1-100 MB.","type":"integer"},"max_files":{"description":"Maximum number of files. Valid values are 1-200.","type":"integer"}}}},"ldt_qos_rekey_option":{"description":"Rekey option and applicable options are RekeyRate and CPU.","type":"string"},"ldt_qos_rekey_rate":{"description":"Rekey rate in terms of MB/s. Valid values are 0 to 32767.","type":"integer"},"ldt_qos_cpu_percent":{"description":"CPU application percentage if ldt_qos_cap_cpu_allocation is true. Valid values are 0 to 100.","type":"integer"},"ldt_qos_cap_cpu_allocation":{"description":"Whether to allow CPU allocation for Quality of Service (QoS) capabilities.","type":"boolean"},"ldt_qos_status_check_rate":{"description":"Frequency to check and update the LDT status on the CipherTrust Manager. The valid value ranges from 600 to 86400 seconds. The default value is 3600 seconds.","type":"integer"},"concise_logging":{"description":"Wheather to allow concise logging.","type":"boolean"},"connect_timeout":{"description":"Connect timeout in seconds. Valid values are 5 to 150.","type":"integer"},"ldt_qos_schedule":{"description":"Type of QoS schedule. Valid values are:\n-\tCUSTOM\n-\tCUSTOM_WITH_OVERWRITE\n-\tANY_TIME\n-\tWEEKNIGHTS\n-\tWEEKENDS\n","type":"string"},"qos_schedules":{"description":"Schedule of QoS capabilities.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"start_weekday":{"description":"QoS start day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"start_time_hour":{"description":"QOS start hour. Valid values are 1 to 23.","type":"integer"},"start_time_min":{"description":"QOS start minute. Valid values are 0 to 59.","type":"integer"},"end_weekday":{"description":"QoS end day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"end_time_hour":{"description":"QoS end hour. Valid values are 0 to 23.","type":"integer"},"end_time_min":{"description":"QoS end minute. Valid values are 0 to 59.","type":"integer"}}}}},"server_settings":{"x-feature":"FF_CTE_CLUSTER_SERVER_SETTINGS","description":"Server configuration of all the Cluster nodes.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"hostName":{"description":"Host name of the cluster node.","type":"string"},"priority":{"description":"Priority of the cluster node. Valid values are 1 to 100.","type":"integer"}}}}},"oidc_connection_id":{"description":"ID of the OIDC connection.","type":"string"},"oidc_connection_name":{"description":"Name of the OIDC connection.","type":"string"},"mfa_exempt_user_set_id":{"description":"ID of the user set to be exempted from Multi-Factor Authentication (MFA). MFA will not be enforced on the users of this set.","type":"string"},"mfa_exempt_user_set_name":{"description":"Name of the user set to be exempted from MFA. MFA will not be enforced on the users of this set.","type":"string"},"attestation_frequency":{"description":"Frequency in hours to represents how often attestation needs to be performed. Valid values are 1 to 720. Default value of attestation frequency is 1 hour. Attestation frequency should be less than 24 hours or align to full-day intervals (e.g., 24 hours, 48 hours).","type":"integer"},"re_attestation_enable":{"description":"Whether to enable/disable reattestation of client","type":"boolean"},"reattestation_failure_retry_duration":{"description":"Duration in minutes to retry attestation after failed reattestation attempt. Default value of retry duration is 10 minutes. Retry interval should not be more than attestation frequency.","type":"integer"},"reattestation_failure_retries":{"description":"Number of retry attempts allowed after re-attestation failure. Valid values are 3 to 10. Default value of retry attempts is 3.","type":"integer"},"ransomware_alarm":{"description":"Enables CM to generate Alarms for ransomware activities on agents associated with client profile.","type":"boolean"},"csi_auto_cleanup_enable":{"x-feature":"FF_CTE_CSI_CLUSTER_ID_SUPPORT","description":"Enables CM to support automatic cleanup of nodes and release licenses during a Kubernetes Solution upgrade (Kubernetes version upgrade, Kubernetes node image upgrade, CTE-CSI solution upgrade).","type":"boolean"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"testProfile","description":"testProfile-Description","management_service_logger":{},"policy_evaluation_logger":{},"security_admin_logger":{},"system_admin_logger":{},"file_settings":{},"syslog_settings":{},"upload_settings":{},"duplicate_settings":{},"cache_settings":{},"ldt_qos_rekey_option":"RekeyRate","ldt_qos_rekey_rate":0,"ldt_qos_cpu_percent":0,"ldt_qos_cap_cpu_allocation":false,"concise_logging":false,"connect_timeout":40,"ldt_qos_schedule":"ANY_TIME","qos_schedules":[{"start_weekday":"Sunday","start_time_hour":0,"start_time_minute":0,"end_weekday":"Saturday","end_time_hour":23,"end_time_minute":59}],"ldt_qos_status_check_rate":3600,"server_settings":null,"oidc_connection_id":"","oidc_connection_name":"","mfa_exempt_user_set_id":"","mfa_exempt_user_set_name":"","rwp_operation":"permit","rwp_process_set":"","server_response_rate":75,"labels":null,"attestation_frequency":12,"re_attestation_enable":true,"reattestation_failure_retry_duration":15,"reattestation_failure_retries":5,"ransomware_alarm":true,"csi_auto_cleanup_enable":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of CTE profiles. The results can be filtered using the query parameters.\n","tags":["CTE/Profiles"],"x-permissions":["ReadProfileCTE"],"x-resource-type":"Profile","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the profile name."},{"name":"labels","in":"query","type":"string","description":"Filters results that match label selector expressions. Multiple\nvalues are logically ANDed. \n\nFor example, to select resources that have the label `{\"region\": \"noram\"}` but do not \nhave `{\"team\": \"sales\"}` use `region=noram,team!=sales`.\n\nTo select resources whose labels contain the key called region, use `region`.\n\nTo select resources whose labels do not contain the key called region, use `!region`.\n\nTo select resources in the sales and engineering teams, use `team in (sales,engineering)`.\n\nTo select resources that are not in the sales and engineering teams, or do not have a key called `team`, use `team notin (sales,engineering)`.\n\nTo select resources that are not in the sales and engineering teams, and have a key called `team`, use `team,team notin (sales,engineering)`.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of the profile resource.","type":"string"},"management_service_logger":{"description":"Logger configurations for the management service.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"policy_evaluation_logger":{"description":"Logger configurations for policy evaluation.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"security_admin_logger":{"description":"Logger configurations for security administrators.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"system_admin_logger":{"description":"Logger configurations for the System administrator.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"file_settings":{"description":"File settings for the profile.","type":"object","items":{"type":"object","properties":{"allow_purge":{"description":"Allow purge(true or false (boolean)). By default, it is enabled.","type":"boolean"},"max_old_files":{"description":"Maximum number of old files allowed. The valid range is from 1 to 100, with a default value of 25.","type":"integer"},"max_file_size":{"description":"Maximum file size(bytes) 1,000 - 1,000,000,000 (1KB to 1GB).","type":"integer"},"file_threshold":{"description":"Applicable file threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"syslog_settings":{"description":"Parameters to configure the Syslog server.","type":"object","items":{"type":"object","properties":{"local":{"description":"Whether the Syslog server is local.","type":"boolean"},"syslog_threshold":{"description":"Applicable threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"servers":{"description":"Configuration of the Syslog server.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the Syslog server.","type":"string"},"protocol":{"description":"Protocol of the Syslog server, TCP, UDP and TLS.","type":"string"},"message_format":{"description":"Format of the message on the Syslog server. Valid values are:\n-\tCEF\n-\tLEEF\n-\tRFC5424\n-\tPLAIN\n","type":"string"},"port":{"description":"Port for Syslog server. Valid values are 1 to 65535.\n","type":"integer"},"caCertificate":{"type":"string","description":"CA certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"}}}}}}}},"upload_settings":{"description":"Configure log upload settings.","type":"object","items":{"type":"object","properties":{"url":{"description":"URL value.","type":"string"},"min_interval":{"description":"Minimum interval value. Valid values are 1 to 30.","type":"integer"},"max_interval":{"description":"Maximum interval value. Valid values are 1 to 120.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. Valid values are 100 to 10000.","type":"integer"},"connection_timeout":{"description":"Connection timeout value. Valid value are from 1 to 60.","type":"integer"},"job_completion_timeout":{"description":"Job completion timeout value. Valid values are 1 to 900.","type":"integer"},"drop_if_busy":{"description":"Whether to drop the log upload if the server is busy.","type":"boolean"},"upload_threshold":{"description":"Threshold to upload logs to the URL. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"duplicate_settings":{"description":"Duplicate setting parameters.","type":"object","items":{"type":"object","properties":{"suppress_threshold":{"description":"Suppress threshold. Valid values are 1 to 100.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Valid values are 1 to 1000.","type":"integer"}}}},"cache_settings":{"description":"Cache settings for the server.","type":"object","items":{"type":"object","properties":{"max_space":{"description":"Max Space. Valid values are 1-100 MB.","type":"integer"},"max_files":{"description":"Maximum number of files. Valid values are 1-200.","type":"integer"}}}},"ldt_qos_rekey_option":{"description":"Rekey option and applicable options are RekeyRate and CPU.","type":"string"},"ldt_qos_rekey_rate":{"description":"Rekey rate in terms of MB/s. Valid values are 0 to 32767.","type":"integer"},"ldt_qos_cpu_percent":{"description":"CPU application percentage if ldt_qos_cap_cpu_allocation is true. Valid values are 0 to 100.","type":"integer"},"ldt_qos_cap_cpu_allocation":{"description":"Whether to allow CPU allocation for Quality of Service (QoS) capabilities.","type":"boolean"},"ldt_qos_status_check_rate":{"description":"Frequency to check and update the LDT status on the CipherTrust Manager. The valid value ranges from 600 to 86400 seconds. The default value is 3600 seconds.","type":"integer"},"concise_logging":{"description":"Wheather to allow concise logging.","type":"boolean"},"connect_timeout":{"description":"Connect timeout in seconds. Valid values are 5 to 150.","type":"integer"},"ldt_qos_schedule":{"description":"Type of QoS schedule. Valid values are:\n-\tCUSTOM\n-\tCUSTOM_WITH_OVERWRITE\n-\tANY_TIME\n-\tWEEKNIGHTS\n-\tWEEKENDS\n","type":"string"},"qos_schedules":{"description":"Schedule of QoS capabilities.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"start_weekday":{"description":"QoS start day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"start_time_hour":{"description":"QOS start hour. Valid values are 1 to 23.","type":"integer"},"start_time_min":{"description":"QOS start minute. Valid values are 0 to 59.","type":"integer"},"end_weekday":{"description":"QoS end day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"end_time_hour":{"description":"QoS end hour. Valid values are 0 to 23.","type":"integer"},"end_time_min":{"description":"QoS end minute. Valid values are 0 to 59.","type":"integer"}}}}},"server_settings":{"x-feature":"FF_CTE_CLUSTER_SERVER_SETTINGS","description":"Server configuration of all the Cluster nodes.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"hostName":{"description":"Host name of the cluster node.","type":"string"},"priority":{"description":"Priority of the cluster node. Valid values are 1 to 100.","type":"integer"}}}}},"oidc_connection_id":{"description":"ID of the OIDC connection.","type":"string"},"oidc_connection_name":{"description":"Name of the OIDC connection.","type":"string"},"mfa_exempt_user_set_id":{"description":"ID of the user set to be exempted from Multi-Factor Authentication (MFA). MFA will not be enforced on the users of this set.","type":"string"},"mfa_exempt_user_set_name":{"description":"Name of the user set to be exempted from MFA. MFA will not be enforced on the users of this set.","type":"string"},"attestation_frequency":{"description":"Frequency in hours to represents how often attestation needs to be performed. Valid values are 1 to 720. Default value of attestation frequency is 1 hour. Attestation frequency should be less than 24 hours or align to full-day intervals (e.g., 24 hours, 48 hours).","type":"integer"},"re_attestation_enable":{"description":"Whether to enable/disable reattestation of client","type":"boolean"},"reattestation_failure_retry_duration":{"description":"Duration in minutes to retry attestation after failed reattestation attempt. Default value of retry duration is 10 minutes. Retry interval should not be more than attestation frequency.","type":"integer"},"reattestation_failure_retries":{"description":"Number of retry attempts allowed after re-attestation failure. Valid values are 3 to 10. Default value of retry attempts is 3.","type":"integer"},"ransomware_alarm":{"description":"Enables CM to generate Alarms for ransomware activities on agents associated with client profile.","type":"boolean"},"csi_auto_cleanup_enable":{"x-feature":"FF_CTE_CSI_CLUSTER_ID_SUPPORT","description":"Enables CM to support automatic cleanup of nodes and release licenses during a Kubernetes Solution upgrade (Kubernetes version upgrade, Kubernetes node image upgrade, CTE-CSI solution upgrade).","type":"boolean"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"RecordEncryptProfile","description":"RecordEncryptProfile_Description","management_service_logger":{},"policy_evaluation_logger":{},"security_admin_logger":{},"system_admin_logger":{},"file_settings":{},"syslog_settings":{},"upload_settings":{},"duplicate_settings":{},"cache_settings":{},"ldt_qos_rekey_option":"RekeyRate","ldt_qos_rekey_rate":0,"ldt_qos_cpu_percent":0,"ldt_qos_cap_cpu_allocation":false,"concise_logging":false,"connect_timeout":40,"ldt_qos_schedule":"ANY_TIME","qos_schedules":[{"start_weekday":"Sunday","start_time_hour":0,"start_time_minute":0,"end_weekday":"Saturday","end_time_hour":23,"end_time_minute":59}],"ldt_qos_status_check_rate":3600,"server_settings":null,"oidc_connection_id":"","oidc_connection_name":"","mfa_exempt_user_set_id":"","mfa_exempt_user_set_name":"","rwp_operation":"deny","rwp_process_set":"","labels":null,"attestation_frequency":12,"re_attestation_enable":true,"reattestation_failure_retry_duration":15,"reattestation_failure_retries":5,"ransomware_alarm":true,"csi_auto_cleanup_enable":true}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/profiles/{id}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a profile with the given id.\n","tags":["CTE/Profiles"],"x-permissions":["ReadProfileCTE"],"x-resource-type":"Profile","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of the profile resource.","type":"string"},"management_service_logger":{"description":"Logger configurations for the management service.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"policy_evaluation_logger":{"description":"Logger configurations for policy evaluation.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"security_admin_logger":{"description":"Logger configurations for security administrators.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"system_admin_logger":{"description":"Logger configurations for the System administrator.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"file_settings":{"description":"File settings for the profile.","type":"object","items":{"type":"object","properties":{"allow_purge":{"description":"Allow purge(true or false (boolean)). By default, it is enabled.","type":"boolean"},"max_old_files":{"description":"Maximum number of old files allowed. The valid range is from 1 to 100, with a default value of 25.","type":"integer"},"max_file_size":{"description":"Maximum file size(bytes) 1,000 - 1,000,000,000 (1KB to 1GB).","type":"integer"},"file_threshold":{"description":"Applicable file threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"syslog_settings":{"description":"Parameters to configure the Syslog server.","type":"object","items":{"type":"object","properties":{"local":{"description":"Whether the Syslog server is local.","type":"boolean"},"syslog_threshold":{"description":"Applicable threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"servers":{"description":"Configuration of the Syslog server.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the Syslog server.","type":"string"},"protocol":{"description":"Protocol of the Syslog server, TCP, UDP and TLS.","type":"string"},"message_format":{"description":"Format of the message on the Syslog server. Valid values are:\n-\tCEF\n-\tLEEF\n-\tRFC5424\n-\tPLAIN\n","type":"string"},"port":{"description":"Port for Syslog server. Valid values are 1 to 65535.\n","type":"integer"},"caCertificate":{"type":"string","description":"CA certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"}}}}}}}},"upload_settings":{"description":"Configure log upload settings.","type":"object","items":{"type":"object","properties":{"url":{"description":"URL value.","type":"string"},"min_interval":{"description":"Minimum interval value. Valid values are 1 to 30.","type":"integer"},"max_interval":{"description":"Maximum interval value. Valid values are 1 to 120.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. Valid values are 100 to 10000.","type":"integer"},"connection_timeout":{"description":"Connection timeout value. Valid value are from 1 to 60.","type":"integer"},"job_completion_timeout":{"description":"Job completion timeout value. Valid values are 1 to 900.","type":"integer"},"drop_if_busy":{"description":"Whether to drop the log upload if the server is busy.","type":"boolean"},"upload_threshold":{"description":"Threshold to upload logs to the URL. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"duplicate_settings":{"description":"Duplicate setting parameters.","type":"object","items":{"type":"object","properties":{"suppress_threshold":{"description":"Suppress threshold. Valid values are 1 to 100.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Valid values are 1 to 1000.","type":"integer"}}}},"cache_settings":{"description":"Cache settings for the server.","type":"object","items":{"type":"object","properties":{"max_space":{"description":"Max Space. Valid values are 1-100 MB.","type":"integer"},"max_files":{"description":"Maximum number of files. Valid values are 1-200.","type":"integer"}}}},"ldt_qos_rekey_option":{"description":"Rekey option and applicable options are RekeyRate and CPU.","type":"string"},"ldt_qos_rekey_rate":{"description":"Rekey rate in terms of MB/s. Valid values are 0 to 32767.","type":"integer"},"ldt_qos_cpu_percent":{"description":"CPU application percentage if ldt_qos_cap_cpu_allocation is true. Valid values are 0 to 100.","type":"integer"},"ldt_qos_cap_cpu_allocation":{"description":"Whether to allow CPU allocation for Quality of Service (QoS) capabilities.","type":"boolean"},"ldt_qos_status_check_rate":{"description":"Frequency to check and update the LDT status on the CipherTrust Manager. The valid value ranges from 600 to 86400 seconds. The default value is 3600 seconds.","type":"integer"},"concise_logging":{"description":"Wheather to allow concise logging.","type":"boolean"},"connect_timeout":{"description":"Connect timeout in seconds. Valid values are 5 to 150.","type":"integer"},"ldt_qos_schedule":{"description":"Type of QoS schedule. Valid values are:\n-\tCUSTOM\n-\tCUSTOM_WITH_OVERWRITE\n-\tANY_TIME\n-\tWEEKNIGHTS\n-\tWEEKENDS\n","type":"string"},"qos_schedules":{"description":"Schedule of QoS capabilities.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"start_weekday":{"description":"QoS start day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"start_time_hour":{"description":"QOS start hour. Valid values are 1 to 23.","type":"integer"},"start_time_min":{"description":"QOS start minute. Valid values are 0 to 59.","type":"integer"},"end_weekday":{"description":"QoS end day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"end_time_hour":{"description":"QoS end hour. Valid values are 0 to 23.","type":"integer"},"end_time_min":{"description":"QoS end minute. Valid values are 0 to 59.","type":"integer"}}}}},"server_settings":{"x-feature":"FF_CTE_CLUSTER_SERVER_SETTINGS","description":"Server configuration of all the Cluster nodes.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"hostName":{"description":"Host name of the cluster node.","type":"string"},"priority":{"description":"Priority of the cluster node. Valid values are 1 to 100.","type":"integer"}}}}},"oidc_connection_id":{"description":"ID of the OIDC connection.","type":"string"},"oidc_connection_name":{"description":"Name of the OIDC connection.","type":"string"},"mfa_exempt_user_set_id":{"description":"ID of the user set to be exempted from Multi-Factor Authentication (MFA). MFA will not be enforced on the users of this set.","type":"string"},"mfa_exempt_user_set_name":{"description":"Name of the user set to be exempted from MFA. MFA will not be enforced on the users of this set.","type":"string"},"attestation_frequency":{"description":"Frequency in hours to represents how often attestation needs to be performed. Valid values are 1 to 720. Default value of attestation frequency is 1 hour. Attestation frequency should be less than 24 hours or align to full-day intervals (e.g., 24 hours, 48 hours).","type":"integer"},"re_attestation_enable":{"description":"Whether to enable/disable reattestation of client","type":"boolean"},"reattestation_failure_retry_duration":{"description":"Duration in minutes to retry attestation after failed reattestation attempt. Default value of retry duration is 10 minutes. Retry interval should not be more than attestation frequency.","type":"integer"},"reattestation_failure_retries":{"description":"Number of retry attempts allowed after re-attestation failure. Valid values are 3 to 10. Default value of retry attempts is 3.","type":"integer"},"ransomware_alarm":{"description":"Enables CM to generate Alarms for ransomware activities on agents associated with client profile.","type":"boolean"},"csi_auto_cleanup_enable":{"x-feature":"FF_CTE_CSI_CLUSTER_ID_SUPPORT","description":"Enables CM to support automatic cleanup of nodes and release licenses during a Kubernetes Solution upgrade (Kubernetes version upgrade, Kubernetes node image upgrade, CTE-CSI solution upgrade).","type":"boolean"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"TestProfile","description":"","management_service_logger":{},"policy_evaluation_logger":{},"security_admin_logger":{},"system_admin_logger":{},"file_settings":{},"syslog_settings":{},"upload_settings":{},"duplicate_settings":{},"cache_settings":{},"ldt_qos_rekey_option":"RekeyRate","ldt_qos_rekey_rate":0,"ldt_qos_cpu_percent":0,"ldt_qos_cap_cpu_allocation":false,"concise_logging":false,"connect_timeout":40,"ldt_qos_schedule":"ANY_TIME","qos_schedules":[{"start_weekday":"Sunday","start_time_hour":0,"start_time_minute":0,"end_weekday":"Saturday","end_time_hour":23,"end_time_minute":59}],"ldt_qos_status_check_rate":3600,"server_settings":null,"oidc_connection_id":"","oidc_connection_name":"","mfa_exempt_user_set_id":"","mfa_exempt_user_set_name":"","rwp_operation":"permit","rwp_process_set":"","server_response_rate":75,"attestation_frequency":12,"re_attestation_enable":true,"reattestation_failure_retry_duration":15,"reattestation_failure_retries":5,"ransomware_alarm":true,"csi_auto_cleanup_enable":true}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a profile with the given id.","tags":["CTE/Profiles"],"x-permissions":["ReadProfileCTE","DeleteProfileCTE"],"x-resource-type":"Profile","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"patch":{"summary":"Update","description":"Modifies the profile parameters. The parameters to be modified are placed in the body parameters.\n","tags":["CTE/Profiles"],"x-permissions":["UpdateProfileCTE","ReadProfileCTE","ReadUserSetCTE","ReadProcessSetCTE"],"x-resource-type":"Profile","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE profile parameters.","schema":{"type":"object","title":"Modify Profile","properties":{"description":{"description":"Description of the profile resource.","type":"string"},"management_service_logger":{"description":"Logger configurations for the management service.","type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"syslog_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"x-feature":"FF_CTE_CLIENT_LOG_UPLOAD","description":"Whether to enable log upload to the URL.","type":"boolean"}}},"policy_evaluation_logger":{"description":"Logger configurations for policy evaluation.","type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"syslog_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"x-feature":"FF_CTE_CLIENT_LOG_UPLOAD","description":"Whether to enable log upload to the URL.","type":"boolean"}}},"security_admin_logger":{"description":"Logger configurations for security administrators.","type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"syslog_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"x-feature":"FF_CTE_CLIENT_LOG_UPLOAD","description":"Whether to enable log upload to the URL.","type":"boolean"}}},"system_admin_logger":{"description":"Logger configurations for the System administrator.","type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"syslog_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"x-feature":"FF_CTE_CLIENT_LOG_UPLOAD","description":"Whether to enable log upload to the URL.","type":"boolean"}}},"file_settings":{"description":"File settings for the profile.","type":"object","properties":{"allow_purge":{"description":"Allow purge(true or false).","type":"boolean"},"max_old_files":{"description":"Maximum number of old files allowed. Valid values are 1 to 100.","type":"integer"},"max_file_size":{"description":"Maximum file size(bytes) 1,000 - 1,000,000,000 (1KB to 1GB).","type":"integer"},"file_threshold":{"description":"Applicable file threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}},"syslog_settings":{"description":"Parameters to configure the Syslog server.","type":"object","properties":{"local":{"description":"Whether the Syslog server is local.","type":"boolean"},"syslog_threshold":{"description":"Applicable threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"servers":{"description":"Configuration of the Syslog server.","type":"array","items":{"type":"object","title":"SyslogServers","properties":{"name":{"description":"Name of the Syslog server.","type":"string"},"protocol":{"description":"Protocol of the Syslog server, TCP, UDP and TLS.","type":"string"},"message_format":{"description":"Format of the message on the Syslog server. Valid values are:\n-\tCEF\n-\tLEEF\n-\tRFC5424\n-\tPLAIN\n","type":"string"},"port":{"description":"Port for syslog server. Valid values are 1 to 65535.\n","type":"integer"},"caCertificate":{"type":"string","description":"CA certificate for syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Client certificate for syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Client certificate for syslog application provided by the client.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"}}}}}},"upload_settings":{"x-feature":"FF_CTE_CLIENT_LOG_UPLOAD","description":"Configure log upload to the URL.","type":"object","properties":{"min_interval":{"description":"Minimum interval value. Valid values are 1 to 30.","type":"integer"},"max_interval":{"description":"Maximum interval value. Valid values are 1 to 120.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. Valid values are 100 to 10000.","type":"integer"},"connection_timeout":{"description":"Connection timeout value. Valid value are from 1 to 60.","type":"integer"},"job_completion_timeout":{"description":"Job completion timeout value. Valid values are 1 to 900.","type":"integer"},"drop_if_busy":{"description":"Whether to drop the log upload if the server is busy.","type":"boolean"},"upload_threshold":{"description":"Threshold to upload logs to the URL. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}},"duplicate_settings":{"description":"Duplicate setting parameters.","type":"object","properties":{"suppress_threshold":{"description":"Suppress threshold. Valid values are 1 to 100.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Valid values are 1 to 1000.","type":"integer"}}},"cache_settings":{"description":"Cache settings for the server.","type":"object","properties":{"max_space":{"description":"Max Space. Minimum values is 100 MB.","type":"integer"},"max_files":{"description":"Maximum number of files. Minimum values is 200.","type":"integer"}}},"ldt_qos_rekey_option":{"description":"Rekey option and applicable options are RekeyRate and CPU.","type":"string"},"ldt_qos_rekey_rate":{"description":"Rekey rate in terms of MB/s. Valid values are 0 to 32767.","type":"integer"},"ldt_qos_cpu_percent":{"description":"CPU application percentage if ldt_qos_cap_cpu_allocation is true. Valid values are 0 to 100.","type":"integer"},"ldt_qos_cap_cpu_allocation":{"description":"Whether to allow CPU allocation for Quality of Service (QoS) capabilities.","type":"boolean"},"ldt_qos_status_check_rate":{"description":"Frequency to check and update the LDT status on the CipherTrust Manager. The valid value ranges from 600 to 86400 seconds. The default value is 3600 seconds.","type":"integer"},"concise_logging":{"description":"Whether to allow concise logging.","type":"boolean"},"connect_timeout":{"description":"Connect timeout in seconds. Valid values are 5 to 150.","type":"integer"},"ldt_qos_schedule":{"description":"Type of QoS schedule. Valid values are:\n-\tCUSTOM\n-\tCUSTOM_WITH_OVERWRITE\n-\tANY_TIME\n-\tWEEKNIGHTS\n-\tWEEKENDS\n","type":"string"},"qos_schedules":{"description":"Schedule of QoS capabilities.","type":"array","items":{"type":"object","title":"QosSchedules","properties":{"start_weekday":{"description":"QoS start day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"start_time_hour":{"description":"Start time hour. Valid values are 1 to 23.","type":"integer"},"start_time_min":{"description":"QOS start minute. Valid values are 0 to 59.","type":"integer"},"end_weekday":{"description":"QoS end day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"end_time_hour":{"description":"QoS end hour. Valid values are 1 to 23.","type":"integer"},"end_time_min":{"description":"QoS end minute. Valid values are 0 to 59.","type":"integer"}}}},"server_settings":{"x-feature":"FF_CTE_CLUSTER_SERVER_SETTINGS","description":"Server configuration of cluster nodes. These settings are allowed only in cluster environment.","type":"array","items":{"type":"object","title":"serverSettings","properties":{"hostName":{"description":"Host name of the cluster node.","type":"string"},"priority":{"description":"Priority of the cluster node. Valid values are 1 to 100.","type":"integer"}}}},"oidc_connection_id":{"description":"ID of the OIDC connection.","type":"string"},"mfa_exempt_user_set_id":{"description":"ID of the user set to be exempted from MFA. MFA will not be enforced on the users of this set.","type":"string"},"rwp_operation":{"description":"Applicable to the Ransomware clients only. The valid values are permit(for Audit), deny(for Block), and disable. The default value is deny.","type":"string"},"rwp_process_set":{"description":"ID of the process set to be whitelisted.","type":"string"},"server_response_rate":{"description":"the percentage value of successful API calls to the server, for which the agent will consider the server to be working fine. If the value is set to 75 then, if the server responds to 75% of the calls it is considered OK & no update is sent by agent. Valid values are between 0 to 100, both inclusive.","type":"integer"},"attestation_frequency":{"description":"Frequency in hours to represents how often attestation needs to be performed. Valid values are 1 to 720. Default value of attestation frequency is 1 hour. Attestation frequency should be less than 24 hours or align to full-day intervals (e.g., 24 hours, 48 hours).","type":"integer"},"re_attestation_enable":{"description":"Whether to enable/disable reattestation of client","type":"boolean"},"reattestation_failure_retry_duration":{"description":"Duration in minutes to retry attestation after failed reattestation attempt. Default value of retry duration is 10 minutes. Retry interval should not be more than attestation frequency.","type":"integer"},"reattestation_failure_retries":{"description":"Number of retry attempts allowed after re-attestation failure. Valid values are 3 to 10. Default value of retry attempts is 3.","type":"integer"},"ransomware_alarm":{"description":"Enables CM to generate Alarms for ransomware activities on agents associated with client profile.","type":"boolean"},"csi_auto_cleanup_enable":{"x-feature":"FF_CTE_CSI_CLUSTER_ID_SUPPORT","description":"Enables CM to support automatic cleanup of nodes and release licenses during a Kubernetes Solution upgrade (Kubernetes version upgrade, Kubernetes node image upgrade, CTE-CSI solution upgrade).","type":"boolean"},"labels":{"x-feature":"FF_ADD_LABELS_TO_CTE_CLIENT_PROFILES","type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Labels are key/value pairs used to group resources.\nThey are based on Kubernetes Labels, see \nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/. \n\nWhen labels are provided they are merged with the resource's existing labels.\n\nTo remove a label, set the label's value to `null`.\n```\n \"labels\": {\n \"critical\": null\n }\n```\n\nTo remove all labels, set `labels` to `null`.\n```\n \"labels\": null\n```\n"}},"example":{"description":"updated description"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of the profile resource.","type":"string"},"management_service_logger":{"description":"Logger configurations for the management service.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"policy_evaluation_logger":{"description":"Logger configurations for policy evaluation.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"security_admin_logger":{"description":"Logger configurations for security administrators.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"system_admin_logger":{"description":"Logger configurations for the System administrator.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"file_settings":{"description":"File settings for the profile.","type":"object","items":{"type":"object","properties":{"allow_purge":{"description":"Allow purge(true or false (boolean)). By default, it is enabled.","type":"boolean"},"max_old_files":{"description":"Maximum number of old files allowed. The valid range is from 1 to 100, with a default value of 25.","type":"integer"},"max_file_size":{"description":"Maximum file size(bytes) 1,000 - 1,000,000,000 (1KB to 1GB).","type":"integer"},"file_threshold":{"description":"Applicable file threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"syslog_settings":{"description":"Parameters to configure the Syslog server.","type":"object","items":{"type":"object","properties":{"local":{"description":"Whether the Syslog server is local.","type":"boolean"},"syslog_threshold":{"description":"Applicable threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"servers":{"description":"Configuration of the Syslog server.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the Syslog server.","type":"string"},"protocol":{"description":"Protocol of the Syslog server, TCP, UDP and TLS.","type":"string"},"message_format":{"description":"Format of the message on the Syslog server. Valid values are:\n-\tCEF\n-\tLEEF\n-\tRFC5424\n-\tPLAIN\n","type":"string"},"port":{"description":"Port for Syslog server. Valid values are 1 to 65535.\n","type":"integer"},"caCertificate":{"type":"string","description":"CA certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"}}}}}}}},"upload_settings":{"description":"Configure log upload settings.","type":"object","items":{"type":"object","properties":{"url":{"description":"URL value.","type":"string"},"min_interval":{"description":"Minimum interval value. Valid values are 1 to 30.","type":"integer"},"max_interval":{"description":"Maximum interval value. Valid values are 1 to 120.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. Valid values are 100 to 10000.","type":"integer"},"connection_timeout":{"description":"Connection timeout value. Valid value are from 1 to 60.","type":"integer"},"job_completion_timeout":{"description":"Job completion timeout value. Valid values are 1 to 900.","type":"integer"},"drop_if_busy":{"description":"Whether to drop the log upload if the server is busy.","type":"boolean"},"upload_threshold":{"description":"Threshold to upload logs to the URL. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"duplicate_settings":{"description":"Duplicate setting parameters.","type":"object","items":{"type":"object","properties":{"suppress_threshold":{"description":"Suppress threshold. Valid values are 1 to 100.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Valid values are 1 to 1000.","type":"integer"}}}},"cache_settings":{"description":"Cache settings for the server.","type":"object","items":{"type":"object","properties":{"max_space":{"description":"Max Space. Valid values are 1-100 MB.","type":"integer"},"max_files":{"description":"Maximum number of files. Valid values are 1-200.","type":"integer"}}}},"ldt_qos_rekey_option":{"description":"Rekey option and applicable options are RekeyRate and CPU.","type":"string"},"ldt_qos_rekey_rate":{"description":"Rekey rate in terms of MB/s. Valid values are 0 to 32767.","type":"integer"},"ldt_qos_cpu_percent":{"description":"CPU application percentage if ldt_qos_cap_cpu_allocation is true. Valid values are 0 to 100.","type":"integer"},"ldt_qos_cap_cpu_allocation":{"description":"Whether to allow CPU allocation for Quality of Service (QoS) capabilities.","type":"boolean"},"ldt_qos_status_check_rate":{"description":"Frequency to check and update the LDT status on the CipherTrust Manager. The valid value ranges from 600 to 86400 seconds. The default value is 3600 seconds.","type":"integer"},"concise_logging":{"description":"Wheather to allow concise logging.","type":"boolean"},"connect_timeout":{"description":"Connect timeout in seconds. Valid values are 5 to 150.","type":"integer"},"ldt_qos_schedule":{"description":"Type of QoS schedule. Valid values are:\n-\tCUSTOM\n-\tCUSTOM_WITH_OVERWRITE\n-\tANY_TIME\n-\tWEEKNIGHTS\n-\tWEEKENDS\n","type":"string"},"qos_schedules":{"description":"Schedule of QoS capabilities.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"start_weekday":{"description":"QoS start day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"start_time_hour":{"description":"QOS start hour. Valid values are 1 to 23.","type":"integer"},"start_time_min":{"description":"QOS start minute. Valid values are 0 to 59.","type":"integer"},"end_weekday":{"description":"QoS end day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"end_time_hour":{"description":"QoS end hour. Valid values are 0 to 23.","type":"integer"},"end_time_min":{"description":"QoS end minute. Valid values are 0 to 59.","type":"integer"}}}}},"server_settings":{"x-feature":"FF_CTE_CLUSTER_SERVER_SETTINGS","description":"Server configuration of all the Cluster nodes.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"hostName":{"description":"Host name of the cluster node.","type":"string"},"priority":{"description":"Priority of the cluster node. Valid values are 1 to 100.","type":"integer"}}}}},"oidc_connection_id":{"description":"ID of the OIDC connection.","type":"string"},"oidc_connection_name":{"description":"Name of the OIDC connection.","type":"string"},"mfa_exempt_user_set_id":{"description":"ID of the user set to be exempted from Multi-Factor Authentication (MFA). MFA will not be enforced on the users of this set.","type":"string"},"mfa_exempt_user_set_name":{"description":"Name of the user set to be exempted from MFA. MFA will not be enforced on the users of this set.","type":"string"},"attestation_frequency":{"description":"Frequency in hours to represents how often attestation needs to be performed. Valid values are 1 to 720. Default value of attestation frequency is 1 hour. Attestation frequency should be less than 24 hours or align to full-day intervals (e.g., 24 hours, 48 hours).","type":"integer"},"re_attestation_enable":{"description":"Whether to enable/disable reattestation of client","type":"boolean"},"reattestation_failure_retry_duration":{"description":"Duration in minutes to retry attestation after failed reattestation attempt. Default value of retry duration is 10 minutes. Retry interval should not be more than attestation frequency.","type":"integer"},"reattestation_failure_retries":{"description":"Number of retry attempts allowed after re-attestation failure. Valid values are 3 to 10. Default value of retry attempts is 3.","type":"integer"},"ransomware_alarm":{"description":"Enables CM to generate Alarms for ransomware activities on agents associated with client profile.","type":"boolean"},"csi_auto_cleanup_enable":{"x-feature":"FF_CTE_CSI_CLUSTER_ID_SUPPORT","description":"Enables CM to support automatic cleanup of nodes and release licenses during a Kubernetes Solution upgrade (Kubernetes version upgrade, Kubernetes node image upgrade, CTE-CSI solution upgrade).","type":"boolean"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"TestProfile","description":"updated description","management_service_logger":{},"policy_evaluation_logger":{},"security_admin_logger":{},"system_admin_logger":{},"file_settings":{},"syslog_settings":{},"upload_settings":{},"duplicate_settings":{},"cache_settings":{},"ldt_qos_rekey_option":"RekeyRate","ldt_qos_rekey_rate":0,"ldt_qos_cpu_percent":0,"ldt_qos_cap_cpu_allocation":false,"concise_logging":false,"connect_timeout":40,"ldt_qos_schedule":"ANY_TIME","qos_schedules":[{"start_weekday":"Sunday","start_time_hour":0,"start_time_minute":0,"end_weekday":"Saturday","end_time_hour":23,"end_time_minute":59}],"ldt_qos_status_check_rate":3600,"server_settings":null,"oidc_connection_id":"","oidc_connection_name":"","mfa_exempt_user_set_id":"","mfa_exempt_user_set_name":"","rwp_operation":"permit","rwp_process_set":"","server_response_rate":75,"attestation_frequency":12,"re_attestation_enable":true,"reattestation_failure_retry_duration":15,"reattestation_failure_retries":5,"ransomware_alarm":true,"csi_auto_cleanup_enable":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/profiles/{id}/syslogserver/{name}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"name","in":"path","type":"string","description":"Syslog server name.\n","required":true}],"delete":{"summary":"Delete","description":"Deletes a syslog server from a given profile id.","tags":["CTE/Profiles"],"x-permissions":["UpdateProfileCTE","ReadProfileCTE"],"x-resource-type":"Profile","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Adds a new CTE policy to the CipherTrust Manager.","tags":["CTE/Policies"],"x-permissions":["ReadResourceSetCTE","CreatePolicyCTE","ReadPolicyCTE","ReadGuardPointCTE","CreateSecurityRuleCTE","ReadSecurityRuleCTE","ReadUserSetCTE","ReadProcessSetCTE","UpdatePolicyCTE"],"x-resource-type":"Policy","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE policy creation parameters.","schema":{"type":"object","title":"Create Policy","required":["name","policy_type"],"properties":{"name":{"description":"Name of the policy.","type":"string"},"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. Valid values are:\n-\tStandard\n-\tLDT\n-\tIDT\n-\tCloud_Object_Storage\n{{FF_CTE_CSI|- CSI}}\n","type":"string"},"never_deny":{"description":"Whether to always allow operations in the policy. By default, it is disabled, that is, operations are not allowed.\nSupported for Standard, LDT, and Cloud_Object_Storage policies. For Learn Mode activations, `never_deny` is set to `true`, by default.\n","type":"boolean"},"security_rules":{"description":"Security rules to link with the policy.","type":"array","items":{"type":"object","title":"SecurityRule","properties":{"effect":{"description":"Effects applicable to the rule. Separate multiple effects by commas. The valid values are:\n - permit\n - deny\n - audit\n - applykey\n","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set to link to the policy.","type":"string"},"exclude_user_set":{"description":"User set to exclude. Supported for Standard, LDT and IDT policies.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link to the policy. Supported for Standard, LDT and IDT policies.","type":"string"},"exclude_resource_set":{"description":"Resource set to exclude. Supported for Standard, LDT and IDT policies.","type":"boolean"},"process_set_id":{"description":"ID of the process set to link to the policy.","type":"string"},"exclude_process_set":{"description":"Process set to exclude. Supported for Standard, LDT and IDT policies.","type":"boolean"},"partial_match":{"description":"Whether to allow partial match operations. By default, it is disabled. Supported for Standard, LDT and IDT policies.","type":"boolean"}}}},"key_rules":{"description":"Key rules to link with the policy.","type":"array","items":{"type":"object","title":"KeyRule","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"},"resource_set_id":{"description":"ID of the resource set to link with the rule. Supported for Standard, LDT and IDT policies.","type":"string"}}}},"data_transform_rules":{"description":"Data transformation rules to link with the policy.","type":"array","items":{"type":"object","title":"KeyRule","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}},"ldt_key_rules":{"description":"LDT rules to link with the policy. Supported for LDT policies.","type":"array","items":{"type":"object","title":"LDTKeyRule","properties":{"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"is_exclusion_rule":{"description":"Whether this is an exclusion rule. If enabled, no need to specify the transformation rule.","type":"boolean"},"current_key":{"description":"Properties of the current key.","type":"object","title":"CurrentKey","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"}}},"transformation_key":{"description":"Properties of the transformation key.","type":"object","title":"TransformationKey","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"}}}}}},"idt_key_rules":{"description":"IDT rules to link with the policy.","type":"array","items":{"type":"object","title":"IDTKeyRule","properties":{"current_key":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"current_key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"},"transformation_key":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n","type":"string"},"transformation_key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"}}}},"signature_rules":{"description":"Signature rules to link with the policy.","type":"array","items":{"type":"object","title":"SignatureRule","properties":{"signature_set_id":{"description":"List of identifiers of signature sets. This identifier can be the Name, ID (a UUIDv4), URI, or slug of the signature set.","type":"string"}}}},"metadata":{"description":"Restrict policy for modification","type":"object","properties":{"restrict_update":{"description":"To restrict the policy for modification. If its value enabled means user not able to modify the guarded policy.\n","type":"boolean"}}}},"example":{"name":"TestPolicy","policy_type":"Standard","never_deny":false,"security_rules":[{"effect":"permit","action":"all_ops","partial_match":false,"resource_set_id":"TestResourceSet","exclude_resource_set":true}]}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. The valid values are “Standard”, “LDT”, “Cloud_Object_Storage\"{{FF_CTE_CSI|, and \"CSI\"}}.","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"},"never_deny":{"description":"Flag to always permit operations in policy. By default it is disabled, enabled on learn mode activation","type":"boolean"},"policy_key_version":{"description":"Version of the policy key.","type":"string"},"never_deny_enabled_at":{"description":"Timestamp when learn mode was enabled.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"Dataxform-policy","description":"","policy_type":"OFFLINE","policy_version":"0","never_deny":true,"policy_key_version":"0","updated_by":"","security_rules":[{"id":"544bd4c6-1c4b-4ea2-b7bc-e28d06e5847f","uri":"kylo:kylo:henry:securityrule:544bd4c6-1c4b-4ea2-b7bc-e28d06e5847f","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-08-24T10:17:06.127611562Z","updatedAt":"0001-01-01T00:00:00Z","policy_id":"c756c708-0e56-4074-959e-0e1c80b1380b","order_number":1,"effect":"permit","action":"all_ops","partial_match":false,"user_set_id":"","exclude_user_set":false,"process_set_id":"","exclude_process_set":false,"resource_set_id":"","exclude_resource_set":false}],"key_rules":null,"data_transform_rules":null,"ldt_key_rules":null,"idt_key_rules":null,"signature_rules":null,"metadata":{"restrict_update":false}}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of policies added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/Policies"],"x-permissions":["ReadPolicyCTE"],"x-resource-type":"Policy","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"never_deny","in":"query","type":"boolean","description":"Filters results to those learn mode enabled or disabled.\n"},{"name":"never_deny_enabled_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those learn mode enabled at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the policy name."},{"name":"policy_type","in":"query","required":false,"type":"string","description":"Filter policies by policy type.Valid values are STANDARD, LDT, IDT, CLOUD_OBJECT_STORAGE{{FF_CTE_CSI| and CSI}}."},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. The valid values are “Standard”, “LDT”, “Cloud_Object_Storage\"{{FF_CTE_CSI|, and \"CSI\"}}.","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"},"never_deny":{"description":"Flag to always permit operations in policy. By default it is disabled, enabled on learn mode activation","type":"boolean"},"policy_key_version":{"description":"Version of the policy key.","type":"string"},"never_deny_enabled_at":{"description":"Timestamp when learn mode was enabled.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"RecordEncryptPolicy","description":"","policy_type":"LDT","policy_version":"0","never_deny":false,"policy_key_version":"0","migrated_policy_id":"","metadata":{"restrict_update":false}}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{id}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modifies the policy parameters. The parameters to be modified are placed in the body parameters. There is no default value for these parameters.\n","tags":["CTE/Policies"],"x-permissions":["ReadPolicyCTE","UpdatePolicyCTE","ReadGuardPointCTE","ReadPolicyCTE","ReadClientAndResourceMappingReadCTE","ReadUserSetCTE","ReadProcessSetCTE","ReadResourceSetCTE","UpdatePolicyCTE"],"x-resource-type":"Policy","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE policy parameters.","schema":{"type":"object","title":"Modify Policy","properties":{"description":{"description":"Description of the policy.","type":"string"},"never_deny":{"description":"Whether to always allow operations in the policy. By default, it is disabled, that is, operations are not allowed.\nBy default, it is enabled on learn mode activation. Supported for Standard, LDT and Cloud_Object_Storage policies.\nApplyKey effect is automated with learn mode modification. If learn mode is enabled/disabled, the \"apply_key\" effect shall be inserted/removed from all the existing security rules having the \"deny\" effect.\n","type":"boolean"},"metadata":{"description":"Restrict policy for modification","type":"object","properties":{"restrict_update":{"description":"To restrict the policy for modification. User only able to change the parameter value when it is unguarded policy.\n","type":"boolean"}}},"force_restrict_update":{"description":"To remove restriction of policy for modification.\n","type":"boolean"}},"example":{"never_deny":true}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. The valid values are “Standard”, “LDT”, “Cloud_Object_Storage\"{{FF_CTE_CSI|, and \"CSI\"}}.","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"},"never_deny":{"description":"Flag to always permit operations in policy. By default it is disabled, enabled on learn mode activation","type":"boolean"},"policy_key_version":{"description":"Version of the policy key.","type":"string"},"never_deny_enabled_at":{"description":"Timestamp when learn mode was enabled.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","never_deny_enabled_at":"2023-08-24T10:28:03.806662Z","name":"RecordEncryptPolicy","description":"","policy_type":"LDT","policy_version":"0","never_deny":true,"policy_key_version":"0","updated_by":"","migrated_policy_id":"","metadata":{"restrict_update":false}}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns details of a policy with the given id.\n","tags":["CTE/Policies"],"x-permissions":["ReadPolicyCTE"],"x-resource-type":"Policy","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. The valid values are “Standard”, “LDT”, “Cloud_Object_Storage\"{{FF_CTE_CSI|, and \"CSI\"}}.","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"},"never_deny":{"description":"Flag to always permit operations in policy. By default it is disabled, enabled on learn mode activation","type":"boolean"},"policy_key_version":{"description":"Version of the policy key.","type":"string"},"never_deny_enabled_at":{"description":"Timestamp when learn mode was enabled.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","never_deny_enabled_at":"2023-08-24T10:28:03.806662Z","name":"RecordEncryptPolicy","description":"","policy_type":"LDT","policy_version":"0","never_deny":true,"policy_key_version":"0","updated_by":"","migrated_policy_id":"","metadata":{"restrict_update":false}}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a policy with the given id. Policies being used by clients cannot be deleted.","tags":["CTE/Policies"],"x-permissions":["DeletePolicyCTE","ReadPolicyCTE","ReadSecurityRuleCTE","ReadKeyRuleCTE","ReadLDTRuleCTE"],"x-resource-type":"Policy","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{id}/audits":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Audit Records","description":"Returns the audit records of a policy with the given id.\n","tags":["CTE/Policies"],"x-permissions":["ReadPolicyCTE"],"x-resource-type":"Policy","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"ID of the policy.","type":"string"},"policy_version":{"description":"Version number of policy.","type":"string"},"performed_by":{"description":"User who has performed operation on policy.","type":"string"},"performed_on":{"description":"Identifier of resource on which action was performed e.g. if Security Rule as created `kylo:kylo:henry:securityrule:1ae9c191-3187-43bb-902d-b17a899bcbf5`.","type":"string"},"action":{"description":"This field will provide information of what action was performed e.g. `Security Rule Created`.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":2,"resources":[{"id":"c52bd949-866e-4790-9652-f65bbd2d9101","uri":"kylo:kylo:henry:userset:c52bd949-866e-4790-9652-f65bbd2d9101","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-08-15T09:05:18.577872Z","policy_id":"49424bd0-07aa-4554-8bd9-0c382163eebc","policy_version":0,"performed_by":"ncryptify:gemalto:admin:users:admin","performed_on":"kylo:kylo:henry:policy:LxPolicy","action":"Policy Created"},{"id":"b5754455-9d7a-4d9c-9417-ec9423b253d3","uri":"kylo:kylo:henry:userset:b5754455-9d7a-4d9c-9417-ec9423b253d3","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-08-15T09:05:18.539568Z","policy_id":"49424bd0-07aa-4554-8bd9-0c382163eebc","policy_version":1,"performed_by":"ncryptify:gemalto:admin:users:admin","performed_on":"kylo:kylo:henry:securityrule:1ae9c191-3187-43bb-902d-b17a899bcbf5","action":"Security Rule Created"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/securityrules/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true}],"post":{"summary":"Add","description":"Adds a new security rule to the CipherTrust Manager.","tags":["CTE/Policies-SecurityRules"],"x-permissions":["ReadKeyRuleCTE","ReadPolicyCTE","ReadResourceSetCTE","ReadGuardPointCTE","CreateSecurityRuleCTE","ReadSecurityRuleCTE","ReadUserSetCTE","ReadProcessSetCTE","UpdatePolicyCTE"],"x-resource-type":"SecurityRule","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE security rules parameters.","schema":{"type":"object","title":"Create Security Rule","required":["effect"],"properties":{"effect":{"description":"Effects applicable to the rule. Separate multiple effects by commas. The valid values are:\n - permit\n - deny\n - audit\n - applykey\n","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set to link to the policy.","type":"string"},"exclude_user_set":{"description":"User set to exclude. Supported for Standard and LDT policies.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link to the policy. Supported for Standard and LDT policies.","type":"string"},"exclude_resource_set":{"description":"Resource set to exclude. Supported for Standard and LDT policies.","type":"boolean"},"process_set_id":{"description":"ID of the process set to link to the policy.","type":"string"},"exclude_process_set":{"description":"Process set to exclude. Supported for Standard and LDT policies.","type":"boolean"},"partial_match":{"description":"Whether to allow partial match operations. By default, it is disabled. Supported for Standard and LDT policies.","type":"boolean"}},"example":{"effect":"permit","action":"all_ops","partial_match":false,"resource_set_id":"TestResourceSet","exclude_resource_set":true}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy","type":"string"},"effect":{"description":"Effects applicable to the rule. Separate multiple effects by commas. The valid values are:\n-\tpermit\n-\tdeny\n-\taudit\n-\tapplykey\n","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set aligned with this policy.","type":"string"},"exclude_user_set":{"description":"Flag to exclude the specified user set.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set aligned with this policy.","type":"string"},"exclude_resource_set":{"description":"Flag to exclude the specified resource set.","type":"boolean"},"process_set_id":{"description":"ID of the process set aligned with this policy.","type":"string"},"exclude_process_set":{"description":"Flag to exclude the specified process set.","type":"boolean"},"partial_match":{"description":"Flag to allow partial match operations. By default enabled.","type":"boolean"},"order_number":{"description":"Precedence order of this rule in the parent policy","type":"integer"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:securityrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","effect":"permit","action":"","policy_id":"1005","order_number":0,"user_set_id":"","exclude_user_set":false,"resource_set_id":"","exclude_resource_set":false,"process_set_id":"","exclude_process_set":false,"partial_match":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of security rules added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/Policies-SecurityRules"],"x-permissions":["ReadPolicyCTE","ReadSecurityRuleCTE"],"x-resource-type":"SecurityRule","x-product":"CTE","parameters":[{"name":"action","in":"query","required":false,"type":"string","description":"Filter security rules by action.Values can be read, write, all_ops and key_op."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy","type":"string"},"effect":{"description":"Effects applicable to the rule. Separate multiple effects by commas. The valid values are:\n-\tpermit\n-\tdeny\n-\taudit\n-\tapplykey\n","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set aligned with this policy.","type":"string"},"exclude_user_set":{"description":"Flag to exclude the specified user set.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set aligned with this policy.","type":"string"},"exclude_resource_set":{"description":"Flag to exclude the specified resource set.","type":"boolean"},"process_set_id":{"description":"ID of the process set aligned with this policy.","type":"string"},"exclude_process_set":{"description":"Flag to exclude the specified process set.","type":"boolean"},"partial_match":{"description":"Flag to allow partial match operations. By default enabled.","type":"boolean"},"order_number":{"description":"Precedence order of this rule in the parent policy","type":"integer"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:securityrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","effect":"permit","action":"","policy_id":"1005","order_number":0,"user_set_id":"","exclude_user_set":false,"resource_set_id":"","exclude_resource_set":false,"process_set_id":"","exclude_process_set":false,"partial_match":true}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/securityrules/{securityRuleId}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true},{"name":"securityRuleId","in":"path","type":"string","description":"An identifier of the CTE Security Rule.\nThis can be either the ID (a UUIDv4) or URI of Policy.\n","required":true}],"patch":{"summary":"Update","description":"Modifies the security rule parameters. The parameters to be modified are placed in the body parameters. There is no default value for these parameters.\n","tags":["CTE/Policies-SecurityRules"],"x-permissions":["UpdatePolicyCTE","ReadPolicyCTE","ReadGuardPointCTE","UpdateSecurityRuleCTE","ReadSecurityRuleCTE","UpdateSecurityRuleCTE","ReadUserSetCTE","ReadProcessSetCTE","ReadResourceSetCTE","UpdatePolicyCTE"],"x-resource-type":"SecurityRule","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE security rule parameters.","schema":{"type":"object","title":"Modify security rule","properties":{"effect":{"description":"Effects applicable to the rule. Separate multiple effects by commas. The valid values are:\n - permit\n - deny\n - audit\n - applykey\n","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set to link to the policy.","type":"string"},"exclude_user_set":{"description":"User set to exclude. Supported for Standard and LDT policies.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link to the policy. Supported for Standard and LDT policies.","type":"string"},"exclude_resource_set":{"description":"Resource set to exclude. Supported for Standard and LDT policies.","type":"boolean"},"process_set_id":{"description":"ID of the process set to link to the policy.","type":"string"},"exclude_process_set":{"description":"Process set to exclude. Supported for Standard and LDT policies.","type":"boolean"},"partial_match":{"description":"Whether to allow partial match operations. By default, it is disabled. Supported for Standard and LDT policies.","type":"boolean"},"order_number":{"description":"Precedence order of the rule in the parent policy.","type":"integer"}},"example":{"effect":"Deny","user_set_id":"UserSet1","process_set_id":"ProcessSet1"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy","type":"string"},"effect":{"description":"Effects applicable to the rule. Separate multiple effects by commas. The valid values are:\n-\tpermit\n-\tdeny\n-\taudit\n-\tapplykey\n","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set aligned with this policy.","type":"string"},"exclude_user_set":{"description":"Flag to exclude the specified user set.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set aligned with this policy.","type":"string"},"exclude_resource_set":{"description":"Flag to exclude the specified resource set.","type":"boolean"},"process_set_id":{"description":"ID of the process set aligned with this policy.","type":"string"},"exclude_process_set":{"description":"Flag to exclude the specified process set.","type":"boolean"},"partial_match":{"description":"Flag to allow partial match operations. By default enabled.","type":"boolean"},"order_number":{"description":"Precedence order of this rule in the parent policy","type":"integer"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:securityrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","effect":"Deny","action":"","policy_id":"1005","order_number":0,"user_set_id":"UserSet1","exclude_user_set":false,"resource_set_id":"","exclude_resource_set":false,"process_set_id":"ProcessSet1","exclude_process_set":false,"partial_match":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a security rule with the given id.\n","x-permissions":["ReadSecurityRuleCTE"],"x-resource-type":"SecurityRule","x-product":"CTE","tags":["CTE/Policies-SecurityRules"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy","type":"string"},"effect":{"description":"Effects applicable to the rule. Separate multiple effects by commas. The valid values are:\n-\tpermit\n-\tdeny\n-\taudit\n-\tapplykey\n","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set aligned with this policy.","type":"string"},"exclude_user_set":{"description":"Flag to exclude the specified user set.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set aligned with this policy.","type":"string"},"exclude_resource_set":{"description":"Flag to exclude the specified resource set.","type":"boolean"},"process_set_id":{"description":"ID of the process set aligned with this policy.","type":"string"},"exclude_process_set":{"description":"Flag to exclude the specified process set.","type":"boolean"},"partial_match":{"description":"Flag to allow partial match operations. By default enabled.","type":"boolean"},"order_number":{"description":"Precedence order of this rule in the parent policy","type":"integer"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:securityrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","effect":"permit","action":"","policy_id":"1005","order_number":0,"user_set_id":"","exclude_user_set":false,"resource_set_id":"","exclude_resource_set":false,"process_set_id":"","exclude_process_set":false,"partial_match":true}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a security rule with the given id. Rules being used by clients cannot be deleted.","tags":["CTE/Policies-SecurityRules"],"x-permissions":["UpdatePolicyCTE","ReadPolicyCTE","ReadSecurityRuleCTE","ReadKeyRuleCTE","ReadLDTRuleCTE","DeleteSecurityRuleCTE","ReadClientAndResourceMappingReadCTE","ReadPolicyCTE","UpdatePolicyCTE","ReadUserSetCTE","ReadProcessSetCTE","ReadResourceSetCTE"],"x-resource-type":"SecurityRule","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/signaturerules":{"x-feature":"FF_CTE_CSI","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE policy.\nThis can be the ID (a UUIDv4), URI, or name of the policy.\n","required":true}],"post":{"summary":"Add Signature Rule","description":"Adds a new signature rule to the CipherTrust Manager.","tags":["CTE/Policies-SignatureRules"],"x-permissions":["UpdatePolicyCTE","ReadPolicyCTE","ReadSignatureSetCTE","CreateSignatureRuleCTE","UpdatePolicyCTE","ReadUserSetCTE","ReadProcessSetCTE","ReadResourceSetCTE"],"x-resource-type":"SignatureRule","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE signature rules parameters.","schema":{"type":"object","title":"Create Signature Rule","required":["signature_set_id_list"],"properties":{"signature_set_id_list":{"description":"List of identifiers of signature sets. The identifiers can be the Name, ID (a UUIDv4), URI, or slug of the signature sets.","type":"array","items":{"type":"string"}}},"example":{"signature_set_id_list":["TestSignSet1","TestSignSet2"]}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"success_signature_rules":{"description":"List of successful signature sets added to the Signature rule","type":"array","items":{"type":"object","title":"Resource","properties":{"id":{"type":"string","description":"UUID of Signature Rule."},"uri":{"type":"string","description":"A human readable unique identifier of the resource."},"account":{"type":"string","description":"The account which owns this resource."},"createdAt":{"type":"string","description":"Date/time the application was created."},"updatedAt":{"type":"string","description":"Date/time the application was updated."},"policy_id":{"type":"string","description":"UUID of Policy."},"signature_set_id":{"type":"string","description":"UUID of Signature Set."},"signature_set_name":{"type":"string","description":"Name of Signature Set."}}}},"failed_signature_rules":{"type":"array","description":"Failed to create signature-rule with signature-set with the reason for failure provided in a Key-Value pair with signature-set-identifier, error and status code.\nIt shall be nil in case all clients get successfully associated\n","format":"JSON"}}}]}},"207":{"description":"Multistatus","examples":{"application/json":{"success_signature_rules":[{"signature_rule":{"id":"5ca00938-8b2b-42ae-9a7b-ff7b55fc79dd","uri":"kylo:kylo:henry:signaturerule:5ca00938-8b2b-42ae-9a7b-ff7b55fc79dd","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-09-27T10:47:37.537637567Z","updatedAt":"2022-09-27T10:47:37.537637567Z","policy_id":"c5449b73-0e97-421a-860f-001756467f9d","signature_set_id":"ded6fb18-b8d4-40a9-8113-9a75e86313b9","signature_set_name":"TestSignSet1"},"status_code":201}],"failed_signature_rules":[{"signature_set_id":"TestSignSet","error":"Failed to create signature rule with signature set ID:TestSignSet in policy: TestCsiPolicy Error:could not create signaturerule as it already exists","status_code":409}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of signature rules added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/Policies-SignatureRules"],"x-permissions":["ReadPolicyCTE","ReadSignatureRuleCTE"],"x-resource-type":"SignatureRule","x-product":"CTE","parameters":[{"name":"signature_set_id","in":"query","required":false,"type":"string","description":"Filter signature rules by signature set id."},{"name":"signature_set_name","in":"query","required":false,"type":"string","description":"Filter signature rules by signature set name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"id":{"type":"string","description":"UUID of Signature Rule."},"uri":{"type":"string","description":"A human readable unique identifier of the resource."},"account":{"type":"string","description":"The account which owns this resource."},"createdAt":{"type":"string","description":"Date/time the application was created."},"updatedAt":{"type":"string","description":"Date/time the application was updated."},"policy_id":{"type":"string","description":"UUID of Policy."},"signature_set_id":{"type":"string","description":"UUID of Signature Set."},"signature_set_name":{"type":"string","description":"Name of Signature Set."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"c32c8642-494b-4abb-a7b3-a798c540dd16","uri":"kylo:kylo:henry:signaturerule:c32c8642-494b-4abb-a7b3-a798c540dd16","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-09-27T11:10:25.211962Z","updatedAt":"2022-09-27T11:10:25.211962Z","policy_id":"c5449b73-0e97-421a-860f-001756467f9d","signature_set_id":"06995e06-2691-432d-b100-52bc10d534b9","signature_set_name":"TestSignSet"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/signaturerules/{signatureRuleId}":{"x-feature":"FF_CTE_CSI","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE policy.\nThis can be the ID (a UUIDv4), URI, or name of the policy.\n","required":true},{"name":"signatureRuleId","in":"path","type":"string","description":"An identifier of the CTE signature rule.\nThis can be the ID (a UUIDv4) or URI of the signature rule.\n","required":true}],"patch":{"summary":"Update","description":"Modifies the signature rule parameters. There is no default value for the parameter.\n","tags":["CTE/Policies-SignatureRules"],"x-permissions":["UpdatePolicyCTE","ReadPolicyCTE","ReadGuardPointCTE","ReadSignatureRuleCTE","UpdateSignatureRuleCTE","ReadSignatureSetCTE","ReadUserSetCTE","ReadProcessSetCTE","ReadResourceSetCTE"],"x-resource-type":"SignatureRule","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE signature rule parameters.","schema":{"type":"object","title":"Modify signature rule","required":["signature_set_id"],"properties":{"signature_set_id":{"description":"An identifier of the signature set. \nThis can be the Name, ID (a UUIDv4), URI, or slug of the signature set.\n","type":"string"}},"example":{"signature_set_id":"TestSignSet"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"id":{"type":"string","description":"UUID of Signature Rule."},"uri":{"type":"string","description":"A human readable unique identifier of the resource."},"account":{"type":"string","description":"The account which owns this resource."},"createdAt":{"type":"string","description":"Date/time the application was created."},"updatedAt":{"type":"string","description":"Date/time the application was updated."},"policy_id":{"type":"string","description":"UUID of Policy."},"signature_set_id":{"type":"string","description":"UUID of Signature Set."},"signature_set_name":{"type":"string","description":"Name of Signature Set."}}}]},"examples":{"application/json":{"id":"c32c8642-494b-4abb-a7b3-a798c540dd16","uri":"kylo:kylo:henry:signaturerule:c32c8642-494b-4abb-a7b3-a798c540dd16","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-09-27T11:10:25.211962Z","updatedAt":"2022-09-28T08:38:03.712694015Z","policy_id":"c5449b73-0e97-421a-860f-001756467f9d","signature_set_id":"06995e06-2691-432d-b100-52bc10d534b9","signature_set_name":"TestSignSet"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a signature rule with the given id.\n","tags":["CTE/Policies-SignatureRules"],"x-permissions":["ReadPolicyCTE","ReadSignatureCTE"],"x-resource-type":"SignatureRule","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"id":{"type":"string","description":"UUID of Signature Rule."},"uri":{"type":"string","description":"A human readable unique identifier of the resource."},"account":{"type":"string","description":"The account which owns this resource."},"createdAt":{"type":"string","description":"Date/time the application was created."},"updatedAt":{"type":"string","description":"Date/time the application was updated."},"policy_id":{"type":"string","description":"UUID of Policy."},"signature_set_id":{"type":"string","description":"UUID of Signature Set."},"signature_set_name":{"type":"string","description":"Name of Signature Set."}}}]},"examples":{"application/json":{"id":"c32c8642-494b-4abb-a7b3-a798c540dd16","uri":"kylo:kylo:henry:signaturerule:c32c8642-494b-4abb-a7b3-a798c540dd16","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-09-27T11:10:25.211962Z","updatedAt":"2022-09-28T08:38:03.712694015Z","policy_id":"c5449b73-0e97-421a-860f-001756467f9d","signature_set_id":"06995e06-2691-432d-b100-52bc10d534b9","signature_set_name":"TestSignSet"}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a signature rule with the given id.","tags":["CTE/Policies-SignatureRules"],"x-permissions":["UpdatePolicyCTE","ReadPolicyCTE","ReadGuardPointCTE","ReadSignatureRuleCTE","DeleteSignatureRuleCTE","ReadUserSetCTE","ReadProcessSetCTE","ReadResourceSetCTE"],"x-resource-type":"SignatureRule","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{clientId}/guardpoints/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","type":"string","description":"An identifier of the CTE Clients.\nThis can be the ID (a UUIDv4), URI, or name of Client.\n","required":true}],"post":{"summary":"Create","description":"Adds a new GuardPoint to the CipherTrust Manager.","tags":["CTE/Clients-GuardPoints"],"x-permissions":["ReadPolicyCTE","ReadSecurityRuleCTE","ReadKeyRuleCTE","ReadLDTRuleCTE","CreatePolicyCTE","ReadClientCTE","CreateGuardPointCTE"],"x-resource-type":"Client-GuardPoint","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE GuardPoint creation parameters.","schema":{"type":"object","title":"Create Guard Point","required":["guard_paths","guard_point_params"],"properties":{"guard_paths":{"description":"List of GuardPaths to be created.","type":"array","items":{"type":"string"}},"guard_point_params":{"description":"Parameters for creating a GuardPoint.","type":"object","required":["policy_id","guard_point_type"],"properties":{"guard_point_type":{"description":"Type of the GuardPoint. The options are:\n-\tdirectory_auto\n-\tdirectory_manual\n-\trawdevice_manual\n-\trawdevice_auto\n-\tcloudstorage_auto\n-\tcloudstorage_manual\n- ransomware_protection\n","type":"string"},"automount_enabled":{"description":"Whether automount is enabled with the GuardPoint. Supported for Standard and LDT policies.","type":"boolean"},"policy_id":{"description":"ID of the policy applied with this GuardPoint.\nThis parameter is not valid for Ransomware GuardPoints as they will not be associated with any CTE policy.\n","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Whether to preserve sparse file regions. Available on LDT enabled clients only. The default value is true. If you disable the setting, it cannot be enabled again. Supported for only LDT policies.","type":"boolean"},"cifs_enabled":{"description":"Whether to enable CIFS. Available on LDT enabled windows clients only. The default value is false. If you enable the setting, it cannot be disabled. Supported for only LDT policies.","type":"boolean"},"early_access":{"description":"Whether secure start (early access) is turned on. Secure start is applicable to Windows clients only. Supported for Standard and LDT policies. The default value is false.","type":"boolean"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"network_share_credentials_id":{"description":"ID/Name of the credentials if the GuardPoint is applied to a network share. Supported for only LDT policies.","type":"string"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"}}}},"example":{"guard_paths":["/opt/path1/","/opt/path2"],"guard_point_params":{"guard_point_type":"directory_auto","policy_id":"TestPolicy","early_access":true,"preserve_sparse_regions":true}}}}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"guardpoints":{"description":"List of successfully created GuardPoints.","type":"array","items":{"type":"object","properties":{"guardpoint":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]}},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}},"failed_guard_points":{"description":"List of guard_points which are failed to create.","type":"array","items":{"type":"object","properties":{"guard_path":{"description":"path of guard_point.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Failed status code for guard_point.","type":"integer"}}}}}}]},"examples":{"application/json":{"guardpoints":[{"guardpoint":{"id":"5ac0bd83-05a0-42d8-8a26-4877f6fa91f7","uri":"kylo:kylo:henry:guardpoint:5ac0bd83-05a0-42d8-8a26-4877f6fa91f7","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-24T06:55:29.941591992Z","updatedAt":"2023-05-24T06:55:29.941591992Z","client_id":"c0e9bacf-ebde-4fc0-950a-eca624f7d401","client_group_id":"00000000-0000-0000-0000-000000000000","client_name":"10.205.101.184","client_group_name":"","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"/opt/path1","policy_id":"182f9e7e-7ec0-48af-b13e-690f14403af3","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENT","policy_name":"TestPolicy","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""},"status_code":201},{"guardpoint":{"id":"5ac0bd83-05a0-42d8-8a26-4877f6fa91f7","uri":"kylo:kylo:henry:guardpoint:5ac0bd83-05a0-42d8-8a26-4877f6fa91f7","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-24T06:55:29.941591992Z","updatedAt":"2023-05-24T06:55:29.941591992Z","client_id":"c0e9bacf-ebde-4fc0-950a-eca624f7d401","client_group_id":"00000000-0000-0000-0000-000000000000","client_name":"10.205.101.184","client_group_name":"","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"/opt/path2","policy_id":"182f9e7e-7ec0-48af-b13e-690f14403af3","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENT","policy_name":"TestPolicy","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""},"status_code":201}],"failed_guard_points":[{"guard_path":"/opt/path3","error":"Duplicate Path","status_code":409},{"guard_path":"/opt/path4","error":"Duplicate Path","status_code":409}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of GuardPoints added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/Clients-GuardPoints"],"x-permissions":["ReadClientCTE","ReadGuardPointCTE"],"x-resource-type":"Client-GuardPoint","x-product":"CTE","parameters":[{"name":"client_group_name","in":"query","required":false,"type":"string","description":"Filter the results by clientgroup name of GuardPoint."},{"name":"client_group_id","in":"query","required":false,"type":"string","description":"Filter the results by clientgroup id of GuardPoint. MUST be a UUID value."},{"name":"uri_list","in":"query","required":false,"type":"string","description":"Filter the results by uri. To fetch multiple resources provide comma-delimited list of uri."},{"name":"policy_id","in":"query","required":false,"type":"string","description":"Filter the results by policy id of GuardPoint. MUST be a UUID value."},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter the results by policy name of GuardPoint."},{"name":"pending_operation","in":"query","required":false,"type":"string","description":"Filter the results by pending operation of GuardPoint. Valid value is DELETE."},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guard enabled values of GuardPoint. Valid values are Yes/No and True/False."},{"name":"guard_path","in":"query","required":false,"type":"string","description":"Filter the results by GuardPath of GuardPoint."},{"name":"type","in":"query","required":false,"type":"string","description":"Filter the results by type of GuardPoint. Valid values are CLIENT and CLIENTGROUP."},{"name":"guard_point_state","in":"query","required":false,"type":"string","description":"Filter the results by state of GuardPoint. Valid values are UNKNOWN, ACTIVE, INACTIVE or DISABLED."},{"name":"mfa_enabled","description":"Filter GuardPoints based on MFA status - enabled or not.","in":"query","required":false,"type":"boolean"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by createdAt, guard_enabled, type, guard_point_state, policy_id and policy_name. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n -createdAt\n\n...will sort the results by `createdAt`, descending.\n"},{"name":"native_domain","in":"query","required":false,"type":"string","description":"Filter result based on the native domain, that is, the domain where the resource is created. \nIt will be relevant when some resources are shared across multiple domains.\nUse a comma-separated list to pass names of multiple domains in one go.\n"},{"name":"fetch_current_domain_resources_only","description":"Filter resources belonging to the current domain only.","in":"query","required":false,"type":"boolean"},{"name":"guard_point_type","in":"query","required":false,"type":"string","description":"Filter clients based on guard point type. Valid values are directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, and ransomware_protection."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"5ac0bd83-05a0-42d8-8a26-4877f6fa91f7","uri":"kylo:kylo:henry:guardpoint:5ac0bd83-05a0-42d8-8a26-4877f6fa91f7","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-24T06:55:29.941592Z","updatedAt":"2023-05-25T04:36:55.971263Z","client_id":"c0e9bacf-ebde-4fc0-950a-eca624f7d401","client_group_id":"00000000-0000-0000-0000-000000000000","client_name":"10.205.101.184","client_group_name":"","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"/opt/path1","policy_id":"182f9e7e-7ec0-48af-b13e-690f14403af3","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENT","policy_name":"TestPolicy","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"ACTIVE","attr":{"lock":1,"type":1,"flags":0,"usage":"free","reason":"N/A","LDT_Role":0,"Policy_Type":0,"policy_name":"TestPolicy","config_state":"guarded","statuschk_tm":"2023-05-24 06:56:04","policy_keyvers":0,"policy_version":0,"config_op_attempt_tm":"2023-05-24 06:56:04"},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"null","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}}}}},"/v1/transparent-encryption/clients/{clientId}/guardpoints/enable":{"x-feature":"FF_CTE_BULK_TOGGLE_GP","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","type":"string","description":"An identifier of the CTE Client.\nThis can be the ID (a UUIDv4), URI, or name of Client.\n","required":true}],"patch":{"summary":"Enable/disable guardpoints","description":"Enable/disable multiple guardpoints","tags":["CTE/Clients-GuardPoints"],"x-permissions":["UpdateGuardPointCTE","ReadClientCTE","ReadGuardPointCTE"],"x-resource-type":"Client-GuardPoint","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE GuardPoint bulk enable/disable parameters","schema":{"type":"object","title":"Update GuardPoints","required":["guard_enabled","guard_point_id_list"],"properties":{"guard_enabled":{"description":"Whether to enable/disable guardpoint","type":"boolean"},"guard_point_id_list":{"description":"IDs of the GuardPoints to be enabled/disabled. The IDs can be the ID (a UUIDv4), URI, or slug of the GuardPoints.","type":"array","items":{"type":"string"}}},"example":{"guard_enabled":true,"guard_point_id_list":["id1","id2"]}}}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"guardpoints":{"description":"List of successfully processed guard_points.","type":"array","items":{"type":"object","properties":{"guard_point_id":{"description":"ID of guard_point.","type":"string"},"guard_path":{"description":"Path of guard_point.","type":"string"},"status_code":{"description":"Status code for success.","type":"integer"}}}},"failed_guard_points":{"description":"List of failed guard_points","type":"array","items":{"type":"object","properties":{"guard_point_id":{"description":"ID of guard_point.","type":"string"},"guard_path":{"description":"Path of guard_point.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Failed status code for guard_point.","type":"integer"}}}}}}]},"examples":{"guardpoints":[{"guard_point_id":"b940678b-6ba1-4598-8e61-9762d2ac033f","guard_path":"/opt/path1","status_code":204}],"failed_guard_points":[{"guard_point_id":"c240678b-6ba1-4598-8e61-9762d2ac031a","error":"Validation error: Failed to get GuardPoint c240678b-6ba1-4598-8e61-9762d2ac031a","status_code":404}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{clientId}/guardpoints/upload-list":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","type":"string","description":"An identifier of the CTE Clients.\nThis can be the ID (a UUIDv4), URI, or name of Client.\n","required":true}],"post":{"summary":"Upload","description":"Create GuardPoints using CSV file. You must set content type to multipart/form-data and provide the pathfile and param as form-data.","tags":["CTE/Clients-GuardPoints"],"x-permissions":["ReadClientCTE","ReadGuardPointCTE","ReadPolicyCTE","ReadSecurityRuleCTE","ReadKeyRuleCTE","ReadLDTRuleCTE","CreatePolicyCTE","ReadClientCTE","CreateGuardPointCTE"],"x-resource-type":"Client-GuardPoint","x-product":"CTE","consumes":["multipart/form-data"],"parameters":[{"name":"pathfile","in":"formData","type":"file"},{"name":"param","in":"formData","type":"string","description":"Create GuardPoint parameters, for example: {\"guard_point_type\": \"directory_auto\",\"policy_id\": \"TestPolicy\"}\n"}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"guardpoints":{"description":"List of successfully created GuardPoints.","type":"array","items":{"type":"object","properties":{"guardpoint":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]}},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}},"failed_guard_points":{"description":"List of guard_points which are failed to create.","type":"array","items":{"type":"object","properties":{"guard_path":{"description":"path of guard_point.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Failed status code for guard_point.","type":"integer"}}}}}}]},"examples":{"application/json":{"guardpoints":[{"guardpoint":{"id":"5ac0bd83-05a0-42d8-8a26-4877f6fa91f7","uri":"kylo:kylo:henry:guardpoint:5ac0bd83-05a0-42d8-8a26-4877f6fa91f7","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-24T06:55:29.941591992Z","updatedAt":"2023-05-24T06:55:29.941591992Z","client_id":"c0e9bacf-ebde-4fc0-950a-eca624f7d401","client_group_id":"00000000-0000-0000-0000-000000000000","client_name":"10.205.101.184","client_group_name":"","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"/opt/path1","policy_id":"182f9e7e-7ec0-48af-b13e-690f14403af3","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENT","policy_name":"TestPolicy","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""},"status_code":201},{"guardpoint":{"id":"5ac0bd83-05a0-42d8-8a26-4877f6fa91f7","uri":"kylo:kylo:henry:guardpoint:5ac0bd83-05a0-42d8-8a26-4877f6fa91f7","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-24T06:55:29.941591992Z","updatedAt":"2023-05-24T06:55:29.941591992Z","client_id":"c0e9bacf-ebde-4fc0-950a-eca624f7d401","client_group_id":"00000000-0000-0000-0000-000000000000","client_name":"10.205.101.184","client_group_name":"","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"/opt/path2","policy_id":"182f9e7e-7ec0-48af-b13e-690f14403af3","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENT","policy_name":"TestPolicy","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""},"status_code":201}],"failed_guard_points":[{"guard_path":"/opt/path3","error":"Duplicate Path","status_code":409},{"guard_path":"/opt/path4","error":"Duplicate Path","status_code":409}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{clientId}/guardpoints/unguard/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","type":"string","description":"An identifier of the CTE Clients.\nThis can be the ID (a UUIDv4), URI, or name of Client.\n","required":true}],"patch":{"summary":"Unguard GuardPoints","description":"Unguards multiple GuardPoints from a client.\n","tags":["CTE/Clients-GuardPoints"],"x-permissions":["ReadClientCTE","ReadGuardPointCTE","DeleteGuardPointCTE"],"x-resource-type":"Client-GuardPoint","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE GuardPoint creation parameters.","schema":{"type":"object","title":"Unguard GuardPoints","required":["guard_point_id_list"],"properties":{"guard_point_id_list":{"description":"IDs of the GuardPoints to be dissociated from the client. The IDs can be the name, ID (a UUIDv4), URI, or slug of the GuardPoints.","type":"array","items":{"type":"string"}}},"example":{"guard_point_id_list":["id1","id2"]}}}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"guardpoints":{"description":"List of successfully processed guard_points.","type":"array","items":{"type":"object","properties":{"guard_point_id":{"description":"ID of guard_point.","type":"string"},"guard_path":{"description":"Path of guard_point.","type":"string"},"status_code":{"description":"Status code for success.","type":"integer"}}}},"failed_guard_points":{"description":"List of failed guard_points","type":"array","items":{"type":"object","properties":{"guard_point_id":{"description":"ID of guard_point.","type":"string"},"guard_path":{"description":"Path of guard_point.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Failed status code for guard_point.","type":"integer"}}}}}}]},"examples":{"guardpoints":[{"guard_point_id":"b940678b-6ba1-4598-8e61-9762d2ac033f","guard_path":"/opt/path1","status_code":204}],"failed_guard_points":[{"guard_point_id":"id2","guard_path":"","error":"record not found","status_code":404}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{clientId}/guardpoints/{guardpointId}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","type":"string","description":"An identifier of the CTE Clients.\nThis can be the ID (a UUIDv4), URI, or name of Client.\n","required":true},{"name":"guardpointId","in":"path","type":"string","description":"An identifier of the CTE GuardPoint.\nThis can be either the ID (a UUIDv4) or URI of GuardPoint.\n","required":true}],"patch":{"summary":"Update","description":"Modifies the GuardPoint parameters. The parameters to be modified are placed in the body parameters. There is no default value for these parameters.\n","tags":["CTE/Clients-GuardPoints"],"x-permissions":["UpdateGuardPointCTE","ReadClientCTE","ReadGuardPointCTE","DeleteGuardPointCTE","UpdateClientCTE","ReadProfileCTE","ReadGuardPointCTE","ReadClientGroupClientAssociationCTE","ReadClientGroupCTE","ReadPolicyCTE","CreateGuardPointCTE","ReadKernelVersionCTE"],"x-resource-type":"Client-GuardPoint","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE GuardPoint parameters.","schema":{"type":"object","title":"Modify Guard point.","properties":{"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"network_share_credentials_id":{"description":"ID/Name of the credentials if the GuardPoint is applied to a network share. Supported for only LDT policies.","type":"string"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"}},"example":{"guard_enabled":false}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]},"examples":{"application/json":{"id":"fc01d0ed-6d6f-482a-a58c-f14a36ea4441","uri":"kylo:kylo:henry:guardpoint:fc01d0ed-6d6f-482a-a58c-f14a36ea4441","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-24T06:55:29.957954Z","updatedAt":"2023-05-25T07:35:31.625344942Z","client_id":"c0e9bacf-ebde-4fc0-950a-eca624f7d401","client_group_id":"00000000-0000-0000-0000-000000000000","client_name":"10.205.101.184","client_group_name":"","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"/opt/path2","policy_id":"182f9e7e-7ec0-48af-b13e-690f14403af3","pending_operation":"DELETE","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENT","policy_name":"pol1","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"ACTIVE","attr":{"lock":1,"type":1,"flags":0,"usage":"free","reason":"N/A","LDT_Role":0,"Policy_Type":0,"policy_name":"TestPolicy","config_state":"guarded","statuschk_tm":"2023-05-25 04:37:06","policy_keyvers":0,"policy_version":0,"config_op_attempt_tm":"2023-05-25 04:37:06"},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"null","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns details of a GuardPoint with the given id.\n","tags":["CTE/Clients-GuardPoints"],"x-permissions":["ReadClientCTE","ReadGuardPointCTE"],"x-resource-type":"Client-GuardPoint","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]},"examples":{"application/json":{"id":"823b353b-272f-4f33-a67d-8e339a245b95","uri":"kylo:kylo:henry:guardpoint:823b353b-272f-4f33-a67d-8e339a245b95","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-25T09:55:11.708059Z","updatedAt":"2023-05-25T09:55:25.640279Z","client_id":"c0e9bacf-ebde-4fc0-950a-eca624f7d401","client_group_id":"00000000-0000-0000-0000-000000000000","client_name":"10.205.101.184","client_group_name":"","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"/opt/path1","policy_id":"182f9e7e-7ec0-48af-b13e-690f14403af3","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENT","policy_name":"pol1","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"ACTIVE","attr":{"lock":1,"type":1,"flags":0,"usage":"free","reason":"N/A","LDT_Role":0,"Policy_Type":0,"policy_name":"pol1","config_state":"guarded","statuschk_tm":"2023-05-25 09:55:37","policy_keyvers":0,"policy_version":0,"config_op_attempt_tm":"2023-05-25 09:55:37"},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"null","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{clientId}/guardpoints/{guardpointId}/unguard":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","type":"string","description":"An identifier of the CTE Clients.\nThis can be the ID (a UUIDv4), URI, or name of Client.\n","required":true},{"name":"guardpointId","in":"path","type":"string","description":"An identifier of the CTE GuardPoint.\nThis can be either the ID (a UUIDv4) or URI of GuardPoint.\n","required":true}],"patch":{"summary":"Unguard","description":"Unguards a GuardPoint from a client.\n","tags":["CTE/Clients-GuardPoints"],"x-permissions":["ReadClientCTE","ReadGuardPointCTE","DeleteGuardPointCTE","ReadClientCTE","UpdateClientCTE","ReadProfileCTE","ReadGuardPointCTE","ReadClientGroupClientAssociationCTE","ReadClientGroupCTE","ReadPolicyCTE","CreateGuardPointCTE","ReadKernelVersionCTE"],"x-resource-type":"Client-GuardPoint","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]},"examples":{"application/json":{"id":"823b353b-272f-4f33-a67d-8e339a245b95","uri":"kylo:kylo:henry:guardpoint:823b353b-272f-4f33-a67d-8e339a245b95","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-25T09:55:11.708059Z","updatedAt":"2023-05-25T09:55:25.640279Z","client_id":"c0e9bacf-ebde-4fc0-950a-eca624f7d401","client_group_id":"00000000-0000-0000-0000-000000000000","client_name":"10.205.101.184","client_group_name":"","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"/opt/path1","policy_id":"182f9e7e-7ec0-48af-b13e-690f14403af3","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENT","policy_name":"pol1","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"ACTIVE","attr":{"lock":1,"type":1,"flags":0,"usage":"free","reason":"N/A","LDT_Role":0,"Policy_Type":0,"policy_name":"pol1","config_state":"guarded","statuschk_tm":"2023-05-25 09:55:37","policy_keyvers":0,"policy_version":0,"config_op_attempt_tm":"2023-05-25 09:55:37"},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"null","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{clientId}/guardpoints/{guardpointId}/status":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","type":"string","description":"An identifier of the CTE Clients.\nThis can be the ID (a UUIDv4), URI, or name of Client.\n","required":true},{"name":"guardpointId","in":"path","type":"string","description":"An identifier of the CTE GuardPoint.\nThis can be either the ID (a UUIDv4) or URI of GuardPoint.\n","required":true}],"get":{"summary":"Status","description":"Provides the status of a GuardPoint.\n","tags":["CTE/Clients-GuardPoints"],"x-permissions":["ReadClientCTE","ReadGuardPointCTE"],"x-resource-type":"Client-GuardPoint","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client on which GuardPoint is applied.","type":"string"},"client_name":{"description":"Name of CTE client on which GuardPoint is applied.","type":"string"},"guard_point_id":{"description":"UUID for the Guard Point.","type":"string"},"policy_id":{"description":"UUID for the Policy","type":"string"},"policy_name":{"description":"Policy name.","type":"string"},"attrs":{"description":"Attributes of guard point status","type":"string","format":"JSON"}}}]},"examples":{"application/json":{"id":"823b353b-272f-4f33-a67d-8e339a245b95","uri":"kylo:kylo:henry:guardpoint:823b353b-272f-4f33-a67d-8e339a245b95","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-25T09:55:11.708059Z","updatedAt":"2023-05-25T09:55:25.640279Z","client_id":"c0e9bacf-ebde-4fc0-950a-eca624f7d401","client_group_id":"00000000-0000-0000-0000-000000000000","client_name":"10.205.101.184","client_group_name":"","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"/opt/path1","policy_id":"182f9e7e-7ec0-48af-b13e-690f14403af3","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENT","policy_name":"pol1","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"ACTIVE","attr":{"lock":1,"type":1,"flags":0,"usage":"free","reason":"N/A","LDT_Role":0,"Policy_Type":0,"policy_name":"pol1","config_state":"guarded","statuschk_tm":"2023-05-25 09:55:37","policy_keyvers":0,"policy_version":0,"config_op_attempt_tm":"2023-05-25 09:55:37"},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"null","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/keyrules/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true}],"post":{"summary":"Add","description":"Adds a new key rule to the CipherTrust Manager.","tags":["CTE/Policies-KeyRules"],"x-permissions":["UpdatePolicyCTE","ReadPolicyCTE","ReadSecurityRuleCTE","ReadKeyRuleCTE","ReadLDTRuleCTE","ReadResourceSetCTE","ReadGuardPointCTE","CreateKeyRuleCTE","ReadUserSetCTE","ReadProcessSetCTE","ReadResourceSetCTE"],"x-resource-type":"KeyRule","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE Key Rule parameters.","schema":{"type":"object","title":"Create Key Rule","required":["key_id"],"properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"},"resource_set_id":{"description":"ID of the resource set linked with the rule.","type":"string"}},"example":{"key_id":"TestKey","resource_set_id":"TestResourceSet"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"key_id":{"description":"ID of the key to link with the rule.","type":"string"},"new_key_rule":{"description":"Whether this rule uses the key for transformation purposes.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:keyrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","policy_id":"TestPolicy","order_number":0,"key_id":"TestKey","new_key_rule":false,"resource_set_id":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of key rules added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/Policies-KeyRules"],"x-permissions":["ReadPolicyCTE","ReadKeyRuleCTE"],"x-resource-type":"KeyRule","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"key_id":{"description":"ID of the key to link with the rule.","type":"string"},"new_key_rule":{"description":"Whether this rule uses the key for transformation purposes.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:keyrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","policy_id":"TestPolicy","order_number":0,"key_id":"TestKey","new_key_rule":false,"resource_set_id":""}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/keyrules/{keyRuleId}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true},{"name":"keyRuleId","in":"path","type":"string","description":"An identifier of the CTE Key Rule.\nThis can be either the ID (a UUIDv4) or URI of Policy.\n","required":true}],"patch":{"summary":"Update","description":"Modifies the key rule parameters. The parameters to be modified are placed in the body parameters. There is no default value for these parameters.\n","tags":["CTE/Policies-KeyRules"],"x-permissions":["UpdatePolicyCTE","ReadPolicyCTE","ReadGuardPointCTE","ReadResourceSetCTE","ReadKeyRuleCTE","UpdateKeyRuleCTE"],"x-resource-type":"KeyRule","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE Key Rule parameters.","schema":{"type":"object","title":"Modify Key Rule","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"},"resource_set_id":{"description":"ID of the resource set to link with the rule. Supported in Standard or LDT type policy.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy","type":"integer"}},"example":{"key_id":"TestKey","resource_set_id":"TestResourceSet"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"key_id":{"description":"ID of the key to link with the rule.","type":"string"},"new_key_rule":{"description":"Whether this rule uses the key for transformation purposes.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:keyrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","policy_id":"TestPolicy","order_number":0,"key_id":"TestKey","new_key_rule":false,"resource_set_id":"TestResourceSet"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a key rule with the given id.\n","tags":["CTE/Policies-KeyRules"],"x-permissions":["ReadKeyRuleCTE"],"x-resource-type":"KeyRule","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"key_id":{"description":"ID of the key to link with the rule.","type":"string"},"new_key_rule":{"description":"Whether this rule uses the key for transformation purposes.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:keyrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","policy_id":"TestPolicy","order_number":0,"key_id":"TestKey","new_key_rule":false,"resource_set_id":"TestResourceSet"}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a key rule with the given id. Rules being used by clients cannot be deleted.","tags":["CTE/Policies-KeyRules"],"x-permissions":["UpdatePolicyCTE","ReadKeyRuleCTE","ReadPolicyCTE","ReadSecurityRuleCTE","ReadLDTRuleCTE","ReadGuardPointCTE","DeleteKeyRuleCTE","ReadClientAndResourceMappingReadCTE","ReadUserSetCTE","ReadProcessSetCTE","ReadResourceSetCTE"],"x-resource-type":"KeyRule","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/datatxrules/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true}],"post":{"summary":"Add","description":"Adds a new data transformation rule to the CipherTrust Manager. Supported for Standard and LDT policies.","tags":["CTE/Policies-DataTxRules"],"x-permissions":["ReadPolicyCTE","UpdatePolicyCTE","ReadResourceSetCTE","ReadGuardPointCTE","CreateKeyRuleCTE","ReadKeyRuleCTE","ReadSecurityRuleCTE","ReadClientAndResourceMappingReadCTE","ReadUserSetCTE","ReadProcessSetCTE"],"x-resource-type":"DataTxRule","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE Data-Transformation Rule parameters.","schema":{"type":"object","title":"Create Data-Transformation Rule","required":["key_id"],"properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"},"resource_set_id":{"description":"ID of the resource set linked with the rule.","type":"string"}},"example":{"key_id":"TestKey","resource_set_id":"TestResourceSet"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"key_id":{"description":"ID of the key to link with the rule.","type":"string"},"new_key_rule":{"description":"Whether this rule uses the key for transformation purposes.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:keyrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","policy_id":"TestPolicy","order_number":0,"key_id":"TestKey","new_key_rule":false,"resource_set_id":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of data transformation rules added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/Policies-DataTxRules"],"x-permissions":["ReadPolicyCTE","ReadKeyRuleCTE"],"x-resource-type":"DataTxRule","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"key_id":{"description":"ID of the key to link with the rule.","type":"string"},"new_key_rule":{"description":"Whether this rule uses the key for transformation purposes.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:keyrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","policy_id":"TestPolicy","order_number":0,"key_id":"TestKey","new_key_rule":false,"resource_set_id":""}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/datatxrules/{dataTxRuleId}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be ethe ID (a UUIDv4), URI, or name of Policy.\n","required":true},{"name":"dataTxRuleId","in":"path","type":"string","description":"An identifier of the CTE Data-Transformation Rule.\nThis can be either the ID (a UUIDv4) or URI of Data-Transformation rule.\n","required":true}],"patch":{"summary":"Update","description":"Modifies the data transformation rule parameters. The parameters to be modified are placed in the body parameters. There is no default value for these parameters.\n","tags":["CTE/Policies-DataTxRules"],"x-permissions":["UpdatePolicyCTE","ReadKeyRuleCTE","ReadPolicyCTE","ReadSecurityRuleCTE","ReadLDTRuleCTE","ReadGuardPointCTE","DeleteKeyRuleCTE","ReadClientAndResourceMappingReadCTE","ReadUserSetCTE","ReadProcessSetCTE","ReadResourceSetCTE"],"x-resource-type":"DataTxRule","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE Data-Transformation Rule parameters.","schema":{"type":"object","title":"Modify Data-Transformation Rule","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"},"resource_set_id":{"description":"ID of the resource set linked with the rule.","type":"string"},"order_number":{"description":"Precedence order of the rule in the parent policy.","type":"integer"}},"example":{"key_id":"TestKey","resource_set_id":"TestResourceSet"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"key_id":{"description":"ID of the key to link with the rule.","type":"string"},"new_key_rule":{"description":"Whether this rule uses the key for transformation purposes.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:keyrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","policy_id":"TestPolicy","order_number":0,"key_id":"TestKey","new_key_rule":false,"resource_set_id":"TestResourceSet"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a data transformation rule with the given id.\n","tags":["CTE/Policies-DataTxRules"],"x-permissions":["ReadKeyRuleCTE"],"x-resource-type":"DataTxRule","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"key_id":{"description":"ID of the key to link with the rule.","type":"string"},"new_key_rule":{"description":"Whether this rule uses the key for transformation purposes.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:keyrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","policy_id":"TestPolicy","order_number":0,"key_id":"TestKey","new_key_rule":false,"resource_set_id":"TestResourceSet"}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a data transformation rule with the given id. Rules being used by clients cannot be deleted.","tags":["CTE/Policies-DataTxRules"],"x-permissions":["UpdatePolicyCTE","ReadKeyRuleCTE","ReadPolicyCTE","ReadGuardPointCTE","DeleteKeyRuleCTE","ReadClientAndResourceMappingReadCTE","ReadUserSetCTE","ReadProcessSetCTE","ReadResourceSetCTE"],"x-resource-type":"KeyRule","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/ldtkeyrules/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true}],"post":{"summary":"Add","description":"Adds a new LDT rule to the CipherTrust Manager. Supported for Standard and LDT policies.","tags":["CTE/Policies-LDTRules"],"x-permissions":["UpdatePolicyCTE","ReadPolicyCTE","ReadResourceSetCTE","ReadGuardPointCTE","ReadLDTRuleCTE","CreateKeyRuleCTE","ReadKeyRuleCTE","ReadClientAndResourceMappingReadCTE","ReadUserSetCTE","ReadProcessSetCTE"],"x-resource-type":"LDTRule","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE LDT Rule parameters.","schema":{"type":"object","title":"Create LDT Key Rule","required":["current_key"],"properties":{"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"is_exclusion_rule":{"description":"Whether this is an exclusion rule. If enabled, no need to specify the transformation rule.","type":"boolean"},"current_key":{"description":"Properties of the current key.","type":"object","title":"CurrentKey","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"}}},"transformation_key":{"description":"Properties of the transformation key.","type":"object","title":"TransformationKey","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"}}}},"example":{"resource_set_id":"TestResourceSet","current_key":{"key_id":"clear_key"},"transformation_key":{"key_id":"MyKey"}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"is_exclusion_rule":{"description":"Flag to specify if it is exclusion rule.","type":"boolean"},"current_key":{"description":"Properties of the current key.","type":"object","items":{"type":"object","title":"CurrentKey","properties":{"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"current_key":{"description":"Properties of the current key.","type":"object","title":"CurrentKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}},"transformation_key":{"description":"Properties of the transformation key.","type":"object","title":"TransformationKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}}}}}}}]},"examples":{"application/json":{"id":"1261e65c-4f03-428a-b14d-385a7d8e975d","policy_id":"548d8d6e-c27e-4a51-8754-b86d373e148c","order_number":3,"resource_set_id":"TestResourceSet","current_key":{"key_id":"clear_key"},"transformation_key":{"key_id":"MyKey"},"is_exclusion_rule":false}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of LDT key rules added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/Policies-LDTRules"],"x-permissions":["ReadPolicyCTE","ReadLDTRuleCTE"],"x-resource-type":"LDTRule","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"is_exclusion_rule":{"description":"Flag to specify if it is exclusion rule.","type":"boolean"},"current_key":{"description":"Properties of the current key.","type":"object","items":{"type":"object","title":"CurrentKey","properties":{"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"current_key":{"description":"Properties of the current key.","type":"object","title":"CurrentKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}},"transformation_key":{"description":"Properties of the transformation key.","type":"object","title":"TransformationKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}}}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"1261e65c-4f03-428a-b14d-385a7d8e975d","policy_id":"548d8d6e-c27e-4a51-8754-b86d373e148c","order_number":3,"resource_set_id":"TestResourceSet","current_key":{"key_id":"clear_key"},"transformation_key":{"key_id":"MyKey"},"is_exclusion_rule":false}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/ldtkeyrules/{ldtRuleId}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true},{"name":"ldtRuleId","in":"path","type":"string","description":"An identifier of the CTE LDT Key Rule.\nThis can be either the ID (a UUIDv4) or URI of Rule.\n","required":true}],"patch":{"summary":"Update","description":"Modifies the LDT rule parameters. The parameters to be modified are placed in the body parameters. There is no default value for these parameters.\n","tags":["CTE/Policies-LDTRules"],"x-permissions":["UpdatePolicyCTE","ReadPolicyCTE","ReadResourceSetCTE","ReadLDTRuleCTE","UpdateLDTRuleCTE","ReadGuardPointCTE","UpdateKeyRuleCTE","ReadClientAndResourceMappingReadCTE","ReadUserSetCTE","ReadProcessSetCTE"],"x-resource-type":"LDTRule","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE LDT Rule parameters.","schema":{"type":"object","title":"Modify LDT Rule","properties":{"resource_set_id":{"description":"ID of the resource set linked with the rule.","type":"string"},"order_number":{"description":"Precedence order of the rule in the parent policy.","type":"integer"},"is_exclusion_rule":{"description":"Whether this is an exclusion rule. If enabled, no need to specify the transformation rule.","type":"boolean"},"current_key":{"description":"Properties of the current key.","type":"object","title":"CurrentKey","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"}}},"transformation_key":{"description":"Properties of the transformation key.","type":"object","title":"TransformationKey","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"}}}},"example":{"resource_set_id":"TestResourceSet","current_key":{"key_id":"clear_key"},"transformation_key":{"key_id":"MyKey"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"is_exclusion_rule":{"description":"Flag to specify if it is exclusion rule.","type":"boolean"},"current_key":{"description":"Properties of the current key.","type":"object","items":{"type":"object","title":"CurrentKey","properties":{"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"current_key":{"description":"Properties of the current key.","type":"object","title":"CurrentKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}},"transformation_key":{"description":"Properties of the transformation key.","type":"object","title":"TransformationKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}}}}}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:keyrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","policy_id":"TestPolicy","order_number":0,"key_id":"TestKey","new_key_rule":false,"resource_set_id":"TestResourceSet"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a key rule with the given id.\n","tags":["CTE/Policies-LDTRules"],"x-permissions":["ReadLDTRuleCTE"],"x-resource-type":"LDTRule","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"is_exclusion_rule":{"description":"Flag to specify if it is exclusion rule.","type":"boolean"},"current_key":{"description":"Properties of the current key.","type":"object","items":{"type":"object","title":"CurrentKey","properties":{"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"current_key":{"description":"Properties of the current key.","type":"object","title":"CurrentKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}},"transformation_key":{"description":"Properties of the transformation key.","type":"object","title":"TransformationKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}}}}}}}]},"examples":{"application/json":{"id":"1261e65c-4f03-428a-b14d-385a7d8e975d","policy_id":"548d8d6e-c27e-4a51-8754-b86d373e148c","order_number":3,"resource_set_id":"TestResourceSet","current_key":{"key_id":"clear_key"},"transformation_key":{"key_id":"MyKey"},"is_exclusion_rule":false}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes an LDT key rule with the given id. Rules being used by clients cannot be deleted.","tags":["CTE/Policies-LDTRules"],"x-permissions":["UpdatePolicyCTE","ReadPolicyCTE","ReadSecurityRuleCTE","ReadKeyRuleCTE","ReadLDTRuleCTE","ReadLDTRuleCTE","ReadClientAndResourceMappingReadCTE","DeleteLDTRuleCTE","ReadUserSetCTE","ReadProcessSetCTE","ReadResourceSetCTE"],"x-resource-type":"LDTRule","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{clientId}/guardpoints/{guardpointId}/early-access":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","type":"string","description":"An identifier of the CTE Clients.\nThis can be the ID (a UUIDv4), URI, or name of Client.\n","required":true},{"name":"guardpointId","in":"path","type":"string","description":"An identifier of the CTE GuardPoint.\nThis can be the ID (a UUIDv4) or URI of GuardPoint.\n","required":true}],"patch":{"summary":"Update Early Access on GuardPoint","description":"Enables or disables early access on a GuardPoint. Supported for Standard and LDT policies.\n","tags":["CTE/Clients-GuardPoints"],"x-permissions":["ReadClientCTE","ReadGuardPointCTE","UpdateGuardPointCTE"],"x-resource-type":"Client-GuardPoint","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE GuardPoint Early Access value.","schema":{"type":"object","title":"Modify GuardPoint Early Access.","required":["early_access"],"properties":{"early_access":{"description":"Whether to enable early access on the GuardPoint.","type":"boolean"}},"example":{"early_access":true}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]},"examples":{"application/json":{"id":"2058e2ff-77b4-4404-a449-3d394a6913d2","uri":"kylo:kylo:henry:guardpoint:2058e2ff-77b4-4404-a449-3d394a6913d2","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-25T07:26:16.590125Z","updatedAt":"2023-05-25T07:26:36.619467957Z","client_id":"40b9c33e-bd09-4c5a-af64-591c9decddaf","client_group_id":"00000000-0000-0000-0000-000000000000","client_name":"10.205.102.144","client_group_name":"","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"E:","policy_id":"182f9e7e-7ec0-48af-13e-690f14403af3","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":true,"type":"CLIENT","policy_name":"TestPolicy","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{clientId}/guardpoints/{guardpointId}/preserve-sparse-regions-off":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","type":"string","description":"An identifier of the CTE Clients.\nThis can be the ID (a UUIDv4), URI, or name of Client.\n","required":true},{"name":"guardpointId","in":"path","type":"string","description":"An identifier of the CTE GuardPoint.\nThis can be the ID (a UUIDv4) or URI of GuardPoint.\n","required":true}],"patch":{"summary":"Turn Off Preserve Spase Region","description":"Turn off preserve sparse regions on the GuardPoint. Supported for only LDT policies.\n","tags":["CTE/Clients-GuardPoints"],"x-permissions":["ReadPolicyCTE","ReadSecurityRuleCTE","ReadKeyRuleCTE","ReadLDTRuleCTE","ReadClientCTE","ReadGuardPointCTE","UpdateGuardPointCTE"],"x-resource-type":"Client-GuardPoint","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]},"examples":{"application/json":{"id":"dfde316f-ecf5-4831-ad3b-2b87bf33b4fc","uri":"kylo:kylo:henry:guardpoint:dfde316f-ecf5-4831-ad3b-2b87bf33b4fc","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-25T07:28:57.411482Z","updatedAt":"2023-05-25T07:29:58.697601983Z","client_id":"40b9c33e-bd09-4c5a-af64-591c9decddaf","client_group_id":"00000000-0000-0000-0000-000000000000","client_name":"10.205.102.144","client_group_name":"","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"A:","policy_id":"1b0a52a9-1423-4568-9c34-c27482984bcb","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENT","policy_name":"ldt","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"INACTIVE","attr":{"lock":1,"type":1,"flags":0,"reason":"N/A","rstatus":"N/A","LDT_Role":0,"Policy_Type":0,"policy_name":"ldt","config_state":"guarded","statuschk_tm":"0-00-00 00:00:00","policy_keyvers":0,"policy_version":0,"config_op_attempt_tm":"0-00-00 00:00:00"},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"null","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/ldtgroupcommservice/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create LDT Group Communication Service","description":"Creates a CTE LDT Group communication service on the CipherTrust Manager.","tags":["CTE/LDTGroupCommServices"],"x-permissions":["CreateLDTGroupCommServiceCTE"],"x-resource-type":"LDTGroupCommService","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE LDT group communication service creation parameters.","schema":{"type":"object","title":"Create CTE LDT group communication service","required":["name"],"properties":{"name":{"description":"Name to uniquely identify the LDT group communication service. This name will be visible on the CipherTrust Manager.","type":"string"},"description":{"description":"Description to identify the LDT group communication service.","type":"string"}},"example":{"name":"LDTGroupCommService_1","description":"Test LDTGroupCommService"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of LDTGroupCommService`.","type":"string"}}}]},"examples":{"application/json":{"id":"aa360d01-2cd6-4129-b376-753f882b4e67","uri":"kylo:kylo:henry:ldtGroupCommService:LDTGroupCommService_test5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-23T08:11:30.292240179Z","name":"LDTGroupCommService_1","updatedAt":"2021-07-23T08:11:30.292240179Z","description":"Test LDTGroupCommService"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List LDT Group Communication Service","description":"Returns the list of LDT group communication services. The results can be filtered using the query parameters.\n","tags":["CTE/LDTGroupCommServices"],"x-permissions":["ReadLDTGroupCommServiceCTE"],"x-resource-type":"LDTGroupCommService","x-product":"CTE","parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter the results by name of LDT group communication service. Use wildcards to search for LDT group communication services matching the specified pattern in their names."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of LDTGroupCommService`.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"5bb9802d-5792-43a0-a207-1fb8750d7255","uri":"kylo:kylo:henry:ldtGroupCommService:LDTGroupCommService_test1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-26T03:33:03.336094Z","name":"LDTGroupCommService_1","updatedAt":"2021-07-26T03:33:03.336094Z","description":"Test LDTGroupCommService"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/ldtgroupcommservice/{id}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get LDT Group Communication Service","description":"Returns the details of an LDT group communication service with the given identifier. This identifier can be Name, ID (a UUIDv4), or URI.","tags":["CTE/LDTGroupCommServices"],"x-permissions":["ReadLDTGroupCommServiceCTE"],"x-resource-type":"LDTGroupCommService","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of LDTGroupCommService`.","type":"string"}}}]},"examples":{"application/json":[{"id":"5bb9802d-5792-43a0-a207-1fb8750d7255","uri":"kylo:kylo:henry:ldtGroupCommService:LDTGroupCommService_test1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-26T03:33:03.336094Z","name":"LDTGroupCommService_1","updatedAt":"2021-07-26T03:33:03.336094Z","description":"Test LDTGroupCommService"}]}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"patch":{"summary":"Update LDT Group Communication Service","description":"Updates the details of an LDT group communication service with the given identifier. This identifier can be Name, ID (a UUIDv4), or URI.","tags":["CTE/LDTGroupCommServices"],"x-permissions":["ReadLDTGroupCommServiceCTE","UpdateLDTGroupCommServiceCTE"],"x-resource-type":"LDTGroupCommService","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE LDT group communication service description parameters to be modified.","schema":{"type":"object","title":"Update CTE LDT group communication service","properties":{"description":{"description":"Description of the LDT group communication service.","type":"string"}},"example":{"description":"LDTGroupCommService_1 API description is updated"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of LDTGroupCommService`.","type":"string"}}}]},"examples":{"application/json":[{"id":"5bb9802d-5792-43a0-a207-1fb8750d7255","uri":"kylo:kylo:henry:ldtGroupCommService:LDTGroupCommService_test1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-26T03:33:03.336094Z","name":"LDTGroupCommService_1","updatedAt":"2021-07-26T03:33:03.336094Z","description":"LDTGroupCommService_1 API description is updated"}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete LDT Group Communication Service","description":"Deletes an LDT group communication service with the given identifier. This identifier can be Name, ID (a UUIDv4), or URI.","tags":["CTE/LDTGroupCommServices"],"x-permissions":["ReadLDTGroupCommServiceCTE","ReadLDTGroupCommServiceClientAssociationCTE","DeleteLDTGroupCommServiceCTE"],"x-resource-type":"LDTGroupCommService","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/ldtgroupcommservice/{id}/clients/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add Client to LDT Group Communication Service","description":"Adds clients to an LDT group communication service with the given identifier. This identifier can be the Name, ID (a UUIDv4), or URI.","tags":["CTE/LDTGroupCommServices"],"x-permissions":["ReadLDTGroupCommServiceCTE","ReadClientCTE","CreateLDTGroupCommServiceClientAssociationCTE","UpdateClientCTE"],"x-resource-type":"LDTGroupCommService","x-product":"CTE","parameters":[{"name":"id","in":"path","description":"An identifier of the CTE LDT group communication service. This identifier can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"CTE LDT group communication service-client association parameters.","schema":{"type":"object","title":"Add Client to LDT group communication service","required":["client_list"],"properties":{"client_list":{"description":"List of identifiers of clients to be associated with the LDT group communication service. This identifier can be the Name, ID (a UUIDv4), URI, or slug of the client.","type":"array","items":{"type":"string"}}},"example":{"client_list":["Client1","Client2"]}}}],"responses":{"201":{"description":"Client added to LDT group communication service.","schema":{"allOf":[{"type":"object","properties":{"association_response":{"description":"List of successful Client-LDTGroupCommService Association","type":"array","items":{"type":"object","title":"Resource","properties":{"ldt_group_comm_service_id":{"type":"string","description":"UUID of CTE LDTGroupCommService."},"client_id":{"type":"string","description":"UUID of CTE Client."},"ldt_group_comm_service_name":{"type":"string","description":"Name of CTE LDTGroupCommService."},"client_name":{"type":"string","description":"Name of CTE Client."}}}},"num_failed_association":{"type":"integer","description":"Number of clients failed to get associated. It shall be 0 in case all clients get successfully associated"},"failed_associations":{"type":"string","description":"Failed client with the reason for failure provided in a Key-Value pair where key is Client-Identifier and value is the failure reason along with return code.\nIt shall be nil in case all clients get successfully associated\n","format":"JSON"}}}]}},"207":{"description":"Client added to LDT group communication service.","schema":{"allOf":[{"type":"object","properties":{"association_response":{"description":"List of successful Client-LDTGroupCommService Association","type":"array","items":{"type":"object","title":"Resource","properties":{"ldt_group_comm_service_id":{"type":"string","description":"UUID of CTE LDTGroupCommService."},"client_id":{"type":"string","description":"UUID of CTE Client."},"ldt_group_comm_service_name":{"type":"string","description":"Name of CTE LDTGroupCommService."},"client_name":{"type":"string","description":"Name of CTE Client."}}}},"num_failed_association":{"type":"integer","description":"Number of clients failed to get associated. It shall be 0 in case all clients get successfully associated"},"failed_associations":{"type":"string","description":"Failed client with the reason for failure provided in a Key-Value pair where key is Client-Identifier and value is the failure reason along with return code.\nIt shall be nil in case all clients get successfully associated\n","format":"JSON"}}}]},"examples":{"application/json":{"association_response":[{"id":"7365a8df-90d5-46c0-9971-0b981d09822b","uri":"kylo:kylo:henry:ldtGroupCommServiceClientAssn:7365a8df-90d5-46c0-9971-0b981d09822b","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-26T03:34:21.694487705Z","updatedAt":"2021-07-26T03:34:21.694487705Z","ldt_group_comm_service_id":"5bb9802d-5792-43a0-a207-1fb8750d7255","client_id":"7286b730-518d-471c-8089-70536ddde34c","ldt_group_comm_service_name":"LDTGroupCommService_test1","client_name":"client1"},{"id":"9b1307be-09ee-42cb-8ad7-46e418665375","uri":"kylo:kylo:henry:ldtGroupCommServiceClientAssn:9b1307be-09ee-42cb-8ad7-46e418665375","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-26T09:44:31.259292317Z","updatedAt":"2021-07-26T09:44:31.259292317Z","ldt_group_comm_service_id":"5bb9802d-5792-43a0-a207-1fb8750d7255","client_id":"69f5890e-34cc-4365-850c-cd1231ff0329","ldt_group_comm_service_name":"LDTGroupCommService_test1","client_name":"client2"}],"num_failed_association":0,"failed_associations":null}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List Clients in LDT Group Communication Service","description":"Returns the list of clients in an LDT group communication service with the given identifier. This identifier can be the Name, ID (a UUIDv4), or URI.\n","tags":["CTE/LDTGroupCommServices"],"x-permissions":["ReadLDTGroupCommServiceCTE","ReadLDTGroupCommServiceClientAssociationCTE","ReadClientCTE"],"x-resource-type":"LDTGroupCommService","x-product":"CTE","parameters":[{"name":"id","in":"path","description":"An identifier of the CTE LDT group communication service. This identifier can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter the results by name of client."},{"name":"os_type","in":"query","required":false,"type":"string","description":"Filter clients by OS type of the client. Valid values are LINUX, WINDOWS and FREEBSD."},{"name":"profile_name","in":"query","required":false,"type":"string","description":"Filter clients by profile name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`. \n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"2,","resources":[{"id":"69f5890e-34cc-4365-850c-cd1231ff0329","uri":"kylo:kylo:henry:client:client2","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-26T06:30:59.944525Z","name":"client2","updatedAt":"2021-07-26T06:30:59.944525Z","os_type":"UNKNOWN","os_sub_type":"","os_kernel":"","uor_version":"","client_reg_id":"","server_host_name":"","description":"Test Client","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","client_version":"","min_comm_version":0,"max_comm_version":0,"registration_allowed":false,"communication_enabled":false,"auth_binaries":"","del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"","status_ref":0,"config_ref":"0001-01-01T00:00:00Z","auth_binaries_from":"client2","capabilities":"CBC","enabled_capabilities":"","attributes_from":"client2","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","warnings":"[]","errors":"[]","client_health_status":"UNREGISTERED","profile_id":"b59b30c4-a922-40ff-a1ab-2cc1d53af9a7","profile_name":"DefaultClientProfile","ldt_status":"","ldt_enabled":false,"client_errors":"","client_warnings":"","ldt_group_comm_service_id":"587b7dfa-2f01-43da-865e-38f88ce4b356","ldt_group_comm_service_name":"LDTGroupCommService_1","assigned_with_ldt_group_comm_service":true},{"id":"7286b730-518d-471c-8089-70536ddde34c","uri":"kylo:kylo:henry:client:client1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-26T03:32:43.982274Z","name":"client1","updatedAt":"2021-07-26T03:32:43.982274Z","os_type":"UNKNOWN","os_sub_type":"","os_kernel":"","uor_version":"","client_reg_id":"","server_host_name":"","description":"","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","client_version":"","min_comm_version":0,"max_comm_version":0,"registration_allowed":false,"communication_enabled":false,"auth_binaries":"","del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"","status_ref":0,"config_ref":"0001-01-01T00:00:00Z","auth_binaries_from":"client1","capabilities":"CBC","enabled_capabilities":"","attributes_from":"client1","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","warnings":"[]","errors":"[]","client_health_status":"UNREGISTERED","ldt_status":"","ldt_enabled":false,"client_errors":"","client_warnings":"","ldt_group_comm_service_id":"587b7dfa-2f01-43da-865e-38f88ce4b356","ldt_group_comm_service_name":"LDTGroupCommService_1","assigned_with_ldt_group_comm_service":true}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/ldtgroupcommservice/{id}/clients/delete/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"patch":{"summary":"Delete Bulk Client from LDT Group Communication Service","description":"Deletes a large number of clients from an LDT group communication service with the given identifier. This identifier can be the Name, ID (a UUIDv4), or URI.","tags":["CTE/LDTGroupCommServices"],"x-permissions":["ReadLDTGroupCommServiceCTE","ReadClientCTE","ReadLDTGroupCommServiceClientAssociationCTE","DeleteLDTGroupCommServiceClientAssociationCTE","UpdateClientCTE"],"x-resource-type":"LDTGroupCommService","x-product":"CTE","parameters":[{"name":"id","in":"path","description":"An identifier of the CTE LDT group communication service. This identifier can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"CTE LDT group communication service-Client association bulk delete parameters.","schema":{"type":"object","title":"Delete Bulk Client from LDT group communication service","required":["client_list"],"properties":{"client_list":{"description":"List of identifiers of clients to be deleted from the LDT group communication service. This identifier can be the Name, ID (a UUIDv4), URI, or slug of client.","type":"array","items":{"type":"string"}}},"example":{"client_list":["Client1","Client2","Client3","Client4"]}}}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"clients":{"description":"List of successfully deleted clients.","type":"array","items":{"type":"object","properties":{"client_id":{"description":"ID of deleted client.","type":"string"},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}},"failed_clients":{"description":"List of clients that failed to delete.","type":"array","items":{"type":"object","properties":{"client_id":{"description":"ID of deleted client.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}}}}]},"examples":{"application/json":{"clients":[{"client_id":"Client1","status_code":200},{"client_id":"Client2","status_code":200}],"failed_clients":[{"client_id":"Client3","error":"RemoveClientFromLDTGroupCommService: Failed to get CTE Client: record not found","status_code":404},{"client_id":"Client4","error":"RemoveClientFromLDTGroupCommService: Failed to get CTE Client: record not found","status_code":404}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/ldtgroupcommservice/{id}/clients/{client_id}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"delete":{"summary":"Remove Client from LDT Group Communication Service","description":"Removes a client with the given identifier from an LDT group communication service with the given identifier. This identifier can be the Name, ID (a UUIDv4), or URI.","tags":["CTE/LDTGroupCommServices"],"x-permissions":["ReadLDTGroupCommServiceCTE","ReadClientCTE","ReadLDTGroupCommServiceClientAssociationCTE","DeleteLDTGroupCommServiceClientAssociationCTE","UpdateClientCTE"],"x-resource-type":"LDTGroupCommService","x-product":"CTE","parameters":[{"name":"id","in":"path","description":"An identifier of the CTE LDT group communication service. This identifier can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true},{"name":"client_id","in":"path","description":"An identifier of the CTE Client. This identifer can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/fam/policies/":{"x-feature":"FF_CTE_FAM","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create FAM Policy","description":"Adds a new FAM policy to the CipherTrust Manager, with the policy type designated as FAM.","tags":["CTE/File Activity Monitoring"],"x-permissions":["CreateDSFResourceFAM"],"x-resource-type":"Policy","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"FAM Policy creation parameters.","schema":{"type":"object","title":"Create FAM Policy","required":["name"],"properties":{"name":{"description":"Name of the policy.","type":"string"},"description":{"description":"Description of the policy.","type":"string"},"security_rules":{"description":"Security rules to link with the FAM policy. A Security Rule defines granular filters for which files to audit, defined in terms of Policy Elements like resource sets, user sets, process sets, etc.","type":"array","items":{"type":"object","title":"SecurityRule","properties":{"effect":{"description":"Effect applicable to the Security rule is audit.","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set to link to the FAM policy.","type":"string"},"exclude_user_set":{"description":"User set to exclude.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link to the FAM policy.","type":"string"},"exclude_resource_set":{"description":"Resource set to exclude.","type":"boolean"},"process_set_id":{"description":"ID of the process set to link to the FAM policy.","type":"string"},"exclude_process_set":{"description":"Process set to exclude.","type":"boolean"},"partial_match":{"description":"Whether to allow partial match operations. By default, it is disabled.","type":"boolean"}}}}},"example":{"name":"FAMPolicy1","security_rules":[{"effect":"audit","action":"all_ops","resource_set_id":"TestResourceSet","exclude_resource_set":true}]}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"This indicates the type of policy, with FAM being the sole supported policy type.","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"TestPolicy","description":"","policy_type":"FAM","policy_version":"0","never_deny":false,"policy_key_version":"0","updated_by":"","security_rules":[{"id":"544bd4c6-1c4b-4ea2-b7bc-e28d06e5847f","uri":"kylo:kylo:henry:securityrule:544bd4c6-1c4b-4ea2-b7bc-e28d06e5847f","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-08-24T10:17:06.127611562Z","updatedAt":"0001-01-01T00:00:00Z","policy_id":"c756c708-0e56-4074-959e-0e1c80b1380b","order_number":1,"effect":"audit","action":"all_ops","partial_match":false,"user_set_id":"","exclude_user_set":false,"process_set_id":"","exclude_process_set":false,"resource_set_id":"","exclude_resource_set":false}],"key_rules":null,"data_transform_rules":null,"ldt_key_rules":null,"idt_key_rules":null,"signature_rules":null,"metadata":{"restrict_update":false}}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List FAM Policies","description":"Returns the list of FAM policies added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/File Activity Monitoring"],"x-permissions":["ReadDSFResourceFAM"],"x-resource-type":"Policy","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the policy name."},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"This indicates the type of policy, with FAM being the sole supported policy type.","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"TestPolicy","description":"","policy_type":"FAM","policy_version":"0","never_deny":false,"policy_key_version":"0","security_rules":[{"id":"544bd4c6-1c4b-4ea2-b7bc-e28d06e5847f","uri":"kylo:kylo:henry:securityrule:544bd4c6-1c4b-4ea2-b7bc-e28d06e5847f","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-08-24T10:17:06.127611562Z","updatedAt":"0001-01-01T00:00:00Z","policy_id":"c756c708-0e56-4074-959e-0e1c80b1380b","order_number":1,"effect":"audit","action":"all_ops","partial_match":false,"user_set_id":"","exclude_user_set":false,"process_set_id":"","exclude_process_set":false,"resource_set_id":"","exclude_resource_set":false}],"key_rules":null,"data_transform_rules":null,"ldt_key_rules":null,"idt_key_rules":null,"signature_rules":null,"metadata":{"restrict_update":false}}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/fam/policies/{id}":{"x-feature":"FF_CTE_FAM","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update FAM Policy","description":"Modifies the FAM policy parameters. The parameters to be modified are placed in the body. There is no default value for these parameters.\n","tags":["CTE/File Activity Monitoring"],"x-permissions":["ReadDSFResourceFAM","UpdateDSFResourceFAM"],"x-resource-type":"Policy","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"FAM policy update parameters.","schema":{"type":"object","title":"Modify FAM Policy","properties":{"description":{"description":"Description of the policy.","type":"string"}},"example":{"description":"Updated description"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"This indicates the type of policy, with FAM being the sole supported policy type.","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"TestPolicy","description":"Updated description","policy_type":"FAM","policy_version":"0","never_deny":false,"policy_key_version":"0","updated_by":"","security_rules":[{"id":"544bd4c6-1c4b-4ea2-b7bc-e28d06e5847f","uri":"kylo:kylo:henry:securityrule:544bd4c6-1c4b-4ea2-b7bc-e28d06e5847f","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-08-24T10:17:06.127611562Z","updatedAt":"0001-01-01T00:00:00Z","policy_id":"c756c708-0e56-4074-959e-0e1c80b1380b","order_number":1,"effect":"audit","action":"all_ops","partial_match":false,"user_set_id":"","exclude_user_set":false,"process_set_id":"","exclude_process_set":false,"resource_set_id":"","exclude_resource_set":false}],"key_rules":null,"data_transform_rules":null,"ldt_key_rules":null,"idt_key_rules":null,"signature_rules":null,"metadata":{"restrict_update":false}}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get FAM Policy","description":"Returns details of a policy with the given id.\n","tags":["CTE/File Activity Monitoring"],"x-permissions":["ReadDSFResourceFAM"],"x-resource-type":"Policy","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"This indicates the type of policy, with FAM being the sole supported policy type.","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"TestPolicy","description":"","policy_type":"FAM","policy_version":"0","never_deny":false,"policy_key_version":"0","updated_by":"","security_rules":[{"id":"544bd4c6-1c4b-4ea2-b7bc-e28d06e5847f","uri":"kylo:kylo:henry:securityrule:544bd4c6-1c4b-4ea2-b7bc-e28d06e5847f","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-08-24T10:17:06.127611562Z","updatedAt":"0001-01-01T00:00:00Z","policy_id":"c756c708-0e56-4074-959e-0e1c80b1380b","order_number":1,"effect":"audit","action":"all_ops","partial_match":false,"user_set_id":"","exclude_user_set":false,"process_set_id":"","exclude_process_set":false,"resource_set_id":"","exclude_resource_set":false}],"key_rules":null,"data_transform_rules":null,"ldt_key_rules":null,"idt_key_rules":null,"signature_rules":null,"metadata":{"restrict_update":false}}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete FAM Policy","description":"Removes FAM policy with the given id. Policies being used by clients cannot be deleted.","tags":["CTE/File Activity Monitoring"],"x-permissions":["ReadDSFResourceFAM","DeleteDSFResourceFAM"],"x-resource-type":"Policy","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/fam/policies/{policyId}/securityrules/":{"x-feature":"FF_CTE_FAM","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true}],"post":{"summary":"Create Security Rule","description":"Adds a new Security rule to the FAM Policy.","tags":["CTE/File Activity Monitoring"],"x-permissions":["CreateDSFResourceFAM"],"x-resource-type":"Policy","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE security rules parameters.","schema":{"type":"object","title":"Create Security Rule","required":["effect"],"properties":{"effect":{"description":"Effect applicable to the Security rule is audit.","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, etc.","type":"string"},"user_set_id":{"description":"ID of the user set to link to the policy.","type":"string"},"exclude_user_set":{"description":"User set to exclude.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link to the policy.","type":"string"},"exclude_resource_set":{"description":"Resource set to exclude.","type":"boolean"},"process_set_id":{"description":"ID of the process set to link to the policy.","type":"string"},"exclude_process_set":{"description":"Process set to exclude.","type":"boolean"},"partial_match":{"description":"Whether to allow partial match operations. By default, it is disabled.","type":"boolean"}},"example":{"effect":"audit","action":"all_ops","partial_match":false,"resource_set_id":"TestResourceSet","exclude_resource_set":true}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the FAM Policy","type":"string"},"effect":{"description":"Effects applicable to the rule is audit","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set aligned with this policy.","type":"string"},"exclude_user_set":{"description":"Flag to exclude the specified user set.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set aligned with this policy.","type":"string"},"exclude_resource_set":{"description":"Flag to exclude the specified resource set.","type":"boolean"},"process_set_id":{"description":"ID of the process set aligned with this policy.","type":"string"},"exclude_process_set":{"description":"Flag to exclude the specified process set.","type":"boolean"},"partial_match":{"description":"Flag to allow partial match operations. By default enabled.","type":"boolean"},"order_number":{"description":"Precedence order of this rule in the parent policy","type":"integer"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:securityrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","effect":"audit","action":"all_ops","policy_id":"dd8fc2a6-547c-49f6-828a-5e93f19fe025","order_number":0,"user_set_id":"","exclude_user_set":false,"resource_set_id":"","exclude_resource_set":false,"process_set_id":"","exclude_process_set":false,"partial_match":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List Security Rules","description":"Returns the list of Security rules added to a FAM policy. The results can be filtered using the query parameters.\n","tags":["CTE/File Activity Monitoring"],"x-permissions":["ReadDSFResourceFAM"],"x-resource-type":"Policy","x-product":"CTE","parameters":[{"name":"action","in":"query","required":false,"type":"string","description":"Filter Security rules by action.Values can be read, write, all_ops and key_op."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the FAM Policy","type":"string"},"effect":{"description":"Effects applicable to the rule is audit","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set aligned with this policy.","type":"string"},"exclude_user_set":{"description":"Flag to exclude the specified user set.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set aligned with this policy.","type":"string"},"exclude_resource_set":{"description":"Flag to exclude the specified resource set.","type":"boolean"},"process_set_id":{"description":"ID of the process set aligned with this policy.","type":"string"},"exclude_process_set":{"description":"Flag to exclude the specified process set.","type":"boolean"},"partial_match":{"description":"Flag to allow partial match operations. By default enabled.","type":"boolean"},"order_number":{"description":"Precedence order of this rule in the parent policy","type":"integer"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:securityrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","effect":"audit","action":"all_ops","policy_id":"dd8fc2a6-547c-49f6-828a-5e93f19fe025","order_number":0,"user_set_id":"","exclude_user_set":false,"resource_set_id":"","exclude_resource_set":false,"process_set_id":"","exclude_process_set":false,"partial_match":true}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/fam/policies/{policyId}/securityrules/{securityRuleId}":{"x-feature":"FF_CTE_FAM","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the FAM Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true},{"name":"securityRuleId","in":"path","type":"string","description":"An identifier of the security Rule.\nThis can be either the ID (a UUIDv4) or URI of Security Rule.\n","required":true}],"patch":{"summary":"Update Security Rule","description":"Modifies the Security rule parameters. The parameters to be modified are placed in the body.\n","tags":["CTE/File Activity Monitoring"],"x-permissions":["UpdateDSFResourceFAM","ReadDSFResourceFAM"],"x-resource-type":"Policy","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"Modify Security rule parameters.","schema":{"type":"object","title":"Modify Security rule","properties":{"effect":{"description":"Effect applicable to the rule is audit.","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, etc.","type":"string"},"user_set_id":{"description":"ID of the user set to link to the policy.","type":"string"},"exclude_user_set":{"description":"User set to exclude.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link to the policy.","type":"string"},"exclude_resource_set":{"description":"Resource set to exclude.","type":"boolean"},"process_set_id":{"description":"ID of the process set to link to the policy.","type":"string"},"exclude_process_set":{"description":"Process set to exclude.","type":"boolean"},"partial_match":{"description":"Whether to allow partial match operations. By default, it is disabled.","type":"boolean"},"order_number":{"description":"Precedence order of the rule in the parent policy.","type":"integer"}},"example":{"action":"read","user_set_id":"UserSet1","process_set_id":"ProcessSet1"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the FAM Policy","type":"string"},"effect":{"description":"Effects applicable to the rule is audit","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set aligned with this policy.","type":"string"},"exclude_user_set":{"description":"Flag to exclude the specified user set.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set aligned with this policy.","type":"string"},"exclude_resource_set":{"description":"Flag to exclude the specified resource set.","type":"boolean"},"process_set_id":{"description":"ID of the process set aligned with this policy.","type":"string"},"exclude_process_set":{"description":"Flag to exclude the specified process set.","type":"boolean"},"partial_match":{"description":"Flag to allow partial match operations. By default enabled.","type":"boolean"},"order_number":{"description":"Precedence order of this rule in the parent policy","type":"integer"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:securityrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","effect":"audit","action":"","policy_id":"1005","order_number":0,"user_set_id":"UserSet1","exclude_user_set":false,"resource_set_id":"","exclude_resource_set":false,"process_set_id":"ProcessSet1","exclude_process_set":false,"partial_match":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get Security Rule","description":"Returns the details of a Security rule with the given id.","x-permissions":["ReadSecurityRuleCTE"],"x-resource-type":"Policy","x-product":"CTE","tags":["CTE/File Activity Monitoring"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the FAM Policy","type":"string"},"effect":{"description":"Effects applicable to the rule is audit","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set aligned with this policy.","type":"string"},"exclude_user_set":{"description":"Flag to exclude the specified user set.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set aligned with this policy.","type":"string"},"exclude_resource_set":{"description":"Flag to exclude the specified resource set.","type":"boolean"},"process_set_id":{"description":"ID of the process set aligned with this policy.","type":"string"},"exclude_process_set":{"description":"Flag to exclude the specified process set.","type":"boolean"},"partial_match":{"description":"Flag to allow partial match operations. By default enabled.","type":"boolean"},"order_number":{"description":"Precedence order of this rule in the parent policy","type":"integer"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:securityrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","effect":"audit","action":"","policy_id":"1005","order_number":0,"user_set_id":"","exclude_user_set":false,"resource_set_id":"","exclude_resource_set":false,"process_set_id":"","exclude_process_set":false,"partial_match":true}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete Security Rule","description":"Deletes a Security rule with the given id. Rules being used by clients cannot be deleted.","tags":["CTE/File Activity Monitoring"],"x-permissions":["ReadDSFResourceFAM"],"x-resource-type":"Policy","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/fam/clients/{id}/policies/":{"x-feature":"FF_CTE_FAM","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add Client-FAM Policies Association","description":"Add FAM Policies to FAM enabled Client. The parameters to add FAM policy with a client are placed in the body.","tags":["CTE/File Activity Monitoring"],"x-permissions":["CreateDSFResourceFAM","ReadDSFResourceFAM","UpdateClientCTE","ReadClientCTE"],"x-resource-type":"Client-FAMPolicy-Association","x-product":"CTE","parameters":[{"name":"id","in":"path","description":"An identifier of the CTE Client. This can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"CTE Client-FAM Policy association parameters.","schema":{"type":"object","title":"Add FAM Policies to Client","required":["policy_list"],"properties":{"policy_list":{"description":"List of FAM Policy identifier which are to be associated with client. This identifier can be the Name, ID (a UUIDv4), URI, or slug.","type":"array","items":{"type":"string"}}},"example":{"policy_list":["FAMPolicy1","FAMPolicy2"]}}}],"responses":{"201":{"description":"FAM Policies added to Client.","schema":{"allOf":[{"type":"object","properties":{"association_response":{"description":"List of successful Client-FAM Policy Association","type":"array","items":{"type":"object","title":"Resource","properties":{"client_id":{"type":"string","description":"UUID of CTE Client."},"client_name":{"type":"string","description":"Name of CTE Client."},"policy_id":{"type":"string","description":"UUID of FAM Policy."},"policy_name":{"type":"string","description":"Name of FAM Policy."},"order_number":{"type":"string","description":"Precedence order of FAM policy association."}}}},"num_failed_association":{"type":"integer","description":"Number of policies failed to get associated. It shall be 0 in case all policies get successfully associated."},"failed_associations":{"type":"string","description":"Failed policies with the reason for failure provided in a Key-Value pair where key is Policy-Identifier and value is the failure reason along with return code.\nIt shall be nil in case all policies get successfully associated.\n","format":"JSON"}}}]}},"207":{"description":"FAM Policies added to Client.","schema":{"allOf":[{"type":"object","properties":{"association_response":{"description":"List of successful Client-FAM Policy Association","type":"array","items":{"type":"object","title":"Resource","properties":{"client_id":{"type":"string","description":"UUID of CTE Client."},"client_name":{"type":"string","description":"Name of CTE Client."},"policy_id":{"type":"string","description":"UUID of FAM Policy."},"policy_name":{"type":"string","description":"Name of FAM Policy."},"order_number":{"type":"string","description":"Precedence order of FAM policy association."}}}},"num_failed_association":{"type":"integer","description":"Number of policies failed to get associated. It shall be 0 in case all policies get successfully associated."},"failed_associations":{"type":"string","description":"Failed policies with the reason for failure provided in a Key-Value pair where key is Policy-Identifier and value is the failure reason along with return code.\nIt shall be nil in case all policies get successfully associated.\n","format":"JSON"}}}]},"examples":{"application/json":{"association_response":[{"id":"bb9588ad-3c18-4bb4-9571-b90caa2f6675","uri":"kylo:kylo:henry:clientfampolicyassn:bb9588ad-3c18-4bb4-9571-b90caa2f6675","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-04-04T09:57:18.490128478Z","updatedAt":"2020-04-04T09:57:18.490128478Z","client_id":"ff320fda-042f-418e-9e9a-5648ccf3bff6","client_name":"FAM_client_1","policy_id":"04f7c3a9-8cd6-4d43-9920-3c6379f4496e","policy_name":"FAMPolicy1","order_number":1}],"num_failed_association":1,"failed_associations":{"centos_vm":{"reason":"Failed to create Client-FAM Policy Association.","return_code":409}}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List FAM Policy associations","description":"Returns the list of FAM Policy association with Client.\n","tags":["CTE/File Activity Monitoring"],"x-permissions":["ReadDSFResourceFAM"],"x-resource-type":"Client-FAMPolicy-Association","x-product":"CTE","parameters":[{"name":"id","in":"path","type":"string","description":"Client Identifier","required":true},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter the results by policy name."},{"name":"policy_id","in":"query","required":false,"type":"string","description":"Filter the results by policy id."},{"name":"order_number","in":"query","required":false,"type":"integer","description":"Filter the result by policy order."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"order_number","type":"integer","description":"The fields to sort results by createdAt, updatedAt and order_number. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n order_number,-createdAt\n\n...will sort the results first by `order_number`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"type":"string","description":"UUID of CTE Client."},"client_name":{"type":"string","description":"Name of CTE Client."},"policy_id":{"type":"string","description":"UUID of FAM Policy."},"policy_name":{"type":"string","description":"Name of FAM Policy."},"order_number":{"type":"integer","description":"Precedence order of FAM policy association."}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"aa1fd3f6-17fd-4851-aefd-1fd67a20709b","uri":"kylo:kylo:henry:clientfampolicyassn:aa1fd3f6-17fd-4851-aefd-1fd67a20709b","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2024-07-16T09:25:18.441096Z","updatedAt":"2024-07-16T09:25:18.441096Z","client_id":"ff320fda-042f-418e-9e9a-5648ccf3bff6","client_name":"FAM_client_1","policy_id":"04f7c3a9-8cd6-4d43-9920-3c6379f4496e","policy_name":"TestPolicy2","order_number":1,"policy":[{"id":"04f7c3a9-8cd6-4d43-9920-3c6379f4496e","uri":"kylo:kylo:henry:policy:TestPolicy2","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2024-07-16T09:11:38.403014Z","name":"TestPolicy2","updatedAt":"2024-07-16T09:13:53.910212Z","description":"FAM TestPolicy2","policy_type":"FAM","policy_version":4,"updated_by":"","never_deny":false,"policy_key_version":0,"security_rules":[{"id":"69ccdbf5-76ce-46b4-9726-2851a9877ac3","uri":"kylo:kylo:henry:securityrule:69ccdbf5-76ce-46b4-9726-2851a9877ac3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2024-07-16T09:11:38.41016Z","updatedAt":"0001-01-01T00:00:00Z","policy_id":"04f7c3a9-8cd6-4d43-9920-3c6379f4496e","order_number":1,"effect":"audit","action":"all_ops","partial_match":false,"user_set_id":"","exclude_user_set":false,"process_set_id":"","exclude_process_set":false,"resource_set_id":"","exclude_resource_set":false}]}]}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"patch":{"summary":"Bulk remove FAM Policies association from Client","description":"Remove a large number of FAM Policy associations from a Client with the given identifier. This identifier can be the Name, ID or URI.","tags":["CTE/File Activity Monitoring"],"x-permissions":["ReadDSFResourceFAM","UpdateDSFResourceFAM"],"x-resource-type":"Client-FAMPolicy-Association","x-product":"CTE","parameters":[{"name":"id","in":"path","description":"An identifier of the CTE Client.","type":"string","required":true},{"name":"body","in":"body","description":"Bulk remove FAM policy association.","schema":{"type":"object","title":"Bulk remove FAM policy association from a client","required":["policy_id_list"],"properties":{"policy_id_list":{"description":"List of identifiers of FAM policies to be removed from a client. This identifier can be the Name or ID (a UUIDv4).","type":"array","items":{"type":"string"}}},"example":{"policy_id_list":["FAMPolicy1","FAMPolicy2"]}}}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"policies":{"description":"List of successfully removed policies.","type":"array","items":{"type":"object","properties":{"policy_id":{"description":"ID or name of removed policy.","type":"string"},"status_code":{"description":"Status code for removed policy.","type":"integer"}}}},"failed_policy":{"description":"List of policies that failed to be removed.","type":"array","items":{"type":"object","properties":{"policy":{"description":"ID of policy.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code.","type":"integer"}}}}}}]},"examples":{"application/json":{"policy":[{"policy_id":"FAMPolicy1","status_code":200}],"failed_policy":[{"client_id":"FAMPolicy2","error":"Failed to remove Client-FAM Policy Association. Error: No such FAM policy FAMPolicy2 associated with client","status_code":404}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/fam/clients/{id}/policies/{policy_id}":{"x-feature":"FF_CTE_FAM","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","type":"string","description":"An identifier of the CTE Client Policy.\nThis can be the ID (a UUIDv4), URI, or name of the Client.\n","required":true},{"name":"policy_id","in":"path","type":"string","description":"An identifier of the FAM Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true}],"patch":{"summary":"Update Client-FAM Policies Association","description":"Modifies the FAM policy association. The parameters to be modified are placed in the body. There is no default value for these parameters.\n","tags":["CTE/File Activity Monitoring"],"x-permissions":["UpdateDSFResourceFAM","ReadDSFResourceFAM"],"x-resource-type":"Client-FAMPolicy-Association","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"Modify Client-FAM Policy association parameters.","schema":{"type":"object","title":"Modify FAM policy association","required":["order_number"],"properties":{"order_number":{"description":"Precedence order of the policy in the associated client.","type":"integer"}},"example":{"order_number":1}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"type":"string","description":"UUID of CTE Client."},"client_name":{"type":"string","description":"Name of CTE Client."},"policy_id":{"type":"string","description":"UUID of FAM Policy."},"policy_name":{"type":"string","description":"Name of FAM Policy."},"order_number":{"type":"integer","description":"Precedence order of FAM policy association."}}}]},"examples":{"application/json":{"id":"bb9588ad-3c18-4bb4-9571-b90caa2f6675","uri":"kylo:kylo:henry:clientfampolicyassn:bb9588ad-3c18-4bb4-9571-b90caa2f6675","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-04-04T09:57:18.490128478Z","updatedAt":"2020-04-04T09:57:18.490128478Z","client_id":"ff320fda-042f-418e-9e9a-5648ccf3bff6","client_name":"FAM_client_1","policy_id":"04f7c3a9-8cd6-4d43-9920-3c6379f4496e","policy_name":"TestPolicy2","order_number":1}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Remove FAM Policy association from Client","description":"Removes a FAM Policy association from a Client.","tags":["CTE/File Activity Monitoring"],"x-permissions":["ReadDSFResourceFAM"],"x-resource-type":"Client-FAMPolicy-Association","x-product":"CTE","parameters":[{"name":"id","in":"path","description":"An identifier of the CTE Client. This can be either ID (a UUIDv4), the URI, or the slug.","type":"string","required":true},{"name":"policy_id","in":"path","description":"An identifier of the associated FAM Policy. This can be the ID (a UUIDv4), URI, or slug.","type":"string","required":true}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/fam/policies/{id}/clients":{"x-feature":"FF_CTE_FAM","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"delete":{"summary":"Remove FAM policy association from all the clients","description":"Execute a bulk action to detach the FAM policy from all associated client in one operation.","tags":["CTE/File Activity Monitoring"],"x-permissions":["ReadDSFResourceFAM","DeleteDSFResourceFAM"],"x-resource-type":"Client-FAMPolicy-Association","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/fam/destination/":{"x-feature":"FF_CTE_FAM","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create FAM Destination","description":"FAM Destination is the DSF gateway defining where to send audit messages.","tags":["CTE/File Activity Monitoring"],"x-permissions":["CreateDSFResourceFAM"],"x-resource-type":"Destination","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"FAM Destination creation parameters.","schema":{"type":"object","title":"CreateDestination","required":["name","type","destination_address","mode","port"],"properties":{"name":{"description":"Name of the destination.","type":"string"},"description":{"description":"Description of the destination.","type":"string"},"type":{"description":"Type of destination. Valid values are single and group.","type":"string"},"destination_address":{"description":"Address of destination.","type":"string"},"fqdn_suffix":{"description":"A fully qualified domain name (FQDN) for destination.","type":"string"},"mode":{"description":"Mode of destination. Valid values are TCP and TLS.","type":"string"},"server_ca_chain":{"type":"string","description":"CA certificate for FAM destination.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Certificate for FAM destination.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Private key for FAM destination.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"},"port":{"description":"Port for destination. Valid values are 1 to 65535.","type":"integer"},"tls_verify":{"description":"Whether to enable/disable tls verify to validate the certificate. It can only be provided with TLS mode","type":"boolean"},"compress":{"description":"Whether to enable/disable compressing data","type":"boolean"}},"example":{"name":"destination1","description":"","type":"single","destination_address":"fam-destination-sample.com","fqdn_suffix":"","mode":"TLS","port":1024,"tls_verify":true,"compress":true}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name of the FAM destination.","type":"string"},"description":{"description":"Description of the destination resource.","type":"string"},"type":{"description":"Type of destination. Valid values are single and group.","type":"string"},"destination_address":{"description":"Address of destination.","type":"string"},"fqdn_suffix":{"description":"A fully qualified domain name (FQDN) for destination.","type":"string"},"mode":{"description":"Mode of destination. Valid values are TCP and TLS.","type":"string"},"server_ca_chain":{"description":"A certificate chain for server.","type":"string"},"port":{"description":"Port for destination. Valid values are 1 to 65535.","type":"integer"},"tls_verify":{"description":"Whether to enable/disable tls verify to validate the certificate. It can only be provided with TLS mode","type":"boolean"},"compress":{"description":"Whether to enable/disable compressing data","type":"boolean"}}}]},"examples":{"application/json":{"id":"74773452-e477-4efd-b52a-0607de18cabf","uri":"kylo:kylo:henry:famdestination:destination1-74773452-e477-4efd-b52a-0607de18cabf","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2024-07-17T07:22:28.455960191Z","updatedAt":"2024-07-17T07:22:28.455960191Z","name":"destination1","description":"","type":"single","destination_address":"fam-destination-sample.com","fqdn_suffix":"","mode":"TLS","server_ca_chain":"","port":1024,"tls_verify":true,"compress":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List FAM Destination","description":"Returns the list of FAM Destination.\n","tags":["CTE/File Activity Monitoring"],"x-permissions":["ReadDSFResourceFAM"],"x-resource-type":"Destination","x-product":"CTE","parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter the result by destination name."},{"name":"type","in":"query","required":false,"type":"string","description":"Filter the result by destination type. Valida values are single and group."},{"name":"mode","in":"query","required":false,"type":"string","description":"Filter the result by destination mode. Valid values are TCP and TLS."},{"name":"destination_address","in":"query","required":false,"type":"string","description":"Filter the result by destination address."},{"name":"fqdn_suffix","in":"query","required":false,"type":"string","description":"Filter the result by FQDN suffix."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name of the FAM destination.","type":"string"},"description":{"description":"Description of the destination resource.","type":"string"},"type":{"description":"Type of destination. Valid values are single and group.","type":"string"},"destination_address":{"description":"Address of destination.","type":"string"},"fqdn_suffix":{"description":"A fully qualified domain name (FQDN) for destination.","type":"string"},"mode":{"description":"Mode of destination. Valid values are TCP and TLS.","type":"string"},"server_ca_chain":{"description":"A certificate chain for server.","type":"string"},"port":{"description":"Port for destination. Valid values are 1 to 65535.","type":"integer"},"tls_verify":{"description":"Whether to enable/disable tls verify to validate the certificate. It can only be provided with TLS mode","type":"boolean"},"compress":{"description":"Whether to enable/disable compressing data","type":"boolean"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"74773452-e477-4efd-b52a-0607de18cabf","uri":"kylo:kylo:henry:famdestination:destination1-74773452-e477-4efd-b52a-0607de18cabf","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2024-07-17T07:22:28.455960191Z","updatedAt":"2024-07-17T07:22:28.455960191Z","name":"destination1","description":"","type":"single","destination_address":"fam-destination-sample.com","fqdn_suffix":"","mode":"TLS","server_ca_chain":"","port":1024,"tls_verify":true,"compress":true}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/fam/destination/{id}":{"x-feature":"FF_CTE_FAM","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update FAM Destination","description":"Modifies the FAM destination parameters. The parameters to be modified are placed in the body.\n","tags":["CTE/File Activity Monitoring"],"x-permissions":["ReadDSFResourceFAM","UpdateDSFResourceFAM"],"x-resource-type":"Destination","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE profile parameters.","schema":{"type":"object","title":"Modify FAM destination","properties":{"description":{"description":"Description of the FAM destination resource.","type":"string"},"type":{"description":"Type of destination. Valid values are single and group.","type":"string"},"destination_address":{"description":"Address of destination.","type":"string"},"fqdn_suffix":{"description":"A fully qualified domain name (FQDN) for destination.","type":"string"},"mode":{"description":"Mode of destination. Valid values are TCP and TLS.","type":"string"},"server_ca_chain":{"type":"string","description":"CA certificate for FAM destination.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Certificate for FAM destination.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Private key for FAM destination.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"},"port":{"description":"Port for destination. Valid values are 1 to 65535.","type":"integer"},"tls_verify":{"description":"Whether to enable/disable tls verify to validate the certificate. It can only be provided with TLS mode","type":"boolean"},"compress":{"description":"Whether to enable/disable compressing data","type":"boolean"}},"example":{"fqdn_suffix":"samplesuffix"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name of the FAM destination.","type":"string"},"description":{"description":"Description of the destination resource.","type":"string"},"type":{"description":"Type of destination. Valid values are single and group.","type":"string"},"destination_address":{"description":"Address of destination.","type":"string"},"fqdn_suffix":{"description":"A fully qualified domain name (FQDN) for destination.","type":"string"},"mode":{"description":"Mode of destination. Valid values are TCP and TLS.","type":"string"},"server_ca_chain":{"description":"A certificate chain for server.","type":"string"},"port":{"description":"Port for destination. Valid values are 1 to 65535.","type":"integer"},"tls_verify":{"description":"Whether to enable/disable tls verify to validate the certificate. It can only be provided with TLS mode","type":"boolean"},"compress":{"description":"Whether to enable/disable compressing data","type":"boolean"}}}]},"examples":{"application/json":{"id":"74773452-e477-4efd-b52a-0607de18cabf","uri":"kylo:kylo:henry:famdestination:destination1-74773452-e477-4efd-b52a-0607de18cabf","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2024-07-17T07:22:28.455960191Z","updatedAt":"2024-07-17T07:24:28.455960191Z","name":"destination1","description":"Sample Desc","type":"single","destination_address":"fam-destination-sample.com","fqdn_suffix":"samplesuffix","mode":"TCP","server_ca_chain":"","port":1024,"tls_verify":false,"compress":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get FAM Destination","description":"Returns the details of a FAM destination with the given id.\n","tags":["CTE/File Activity Monitoring"],"x-permissions":["ReadDSFResourceFAM"],"x-resource-type":"Destination","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name of the FAM destination.","type":"string"},"description":{"description":"Description of the destination resource.","type":"string"},"type":{"description":"Type of destination. Valid values are single and group.","type":"string"},"destination_address":{"description":"Address of destination.","type":"string"},"fqdn_suffix":{"description":"A fully qualified domain name (FQDN) for destination.","type":"string"},"mode":{"description":"Mode of destination. Valid values are TCP and TLS.","type":"string"},"server_ca_chain":{"description":"A certificate chain for server.","type":"string"},"port":{"description":"Port for destination. Valid values are 1 to 65535.","type":"integer"},"tls_verify":{"description":"Whether to enable/disable tls verify to validate the certificate. It can only be provided with TLS mode","type":"boolean"},"compress":{"description":"Whether to enable/disable compressing data","type":"boolean"}}}]},"examples":{"application/json":{"id":"74773452-e477-4efd-b52a-0607de18cabf","uri":"kylo:kylo:henry:famdestination:destination1-74773452-e477-4efd-b52a-0607de18cabf","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2024-07-17T07:22:28.455960191Z","updatedAt":"2024-07-17T07:22:28.455960191Z","name":"destination1","description":"Sample Desc","type":"single","destination_address":"fam-destination-sample.com","fqdn_suffix":"","mode":"TCP","server_ca_chain":"","port":1024,"tls_verify":false,"compress":true}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete FAM Destination","description":"Deletes a FAM destination with the given id.","tags":["CTE/File Activity Monitoring"],"x-permissions":["ReadDSFResourceFAM","DeleteDSFResourceFAM"],"x-resource-type":"Destination","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/fam/clients/{id}/attributes":{"x-feature":"FF_CTE_FAM","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get FAM Attributes","description":"Returns the details of FAM attributes of the FAM enabled client.\n","tags":["CTE/File Activity Monitoring"],"x-permissions":["ReadDSFResourceFAM"],"x-resource-type":"Attributes","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"fam_destination_id":{"description":"ID of the FAM destination.\nProvide default uuid '00000000-0000-0000-0000-000000000000' to reset destination from attributes.\n","type":"string"},"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, it should always be set to SUPPRESS.","type":"string"},"suppress_threshold":{"description":"Suppress threshold.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Default value is 500.","type":"integer"},"min_interval":{"description":"Minimum interval value in seconds. The default value is 1 second.","type":"integer"},"max_interval":{"description":"Maximum interval value in seconds. The default value is 60 seconds.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. The default value is 1000.","type":"integer"},"max_file_size":{"description":"Limits the size of file in MB. The default parameter value is 100 MB.","type":"integer"},"connection_timeout":{"description":"Interval after which the connection attempt to the key manager expires. The default value is 59 seconds.","type":"integer"},"job_completion_timeout":{"description":"Interval after which the log upload attempt expires. The default period is 600 seconds.","type":"integer"},"max_space":{"description":"Max space for cache settings. The default value is 1GB","type":"integer"},"drop_if_busy":{"description":"The valid values are true and false. By default, the parameter is set as true.","type":"boolean"}}}]},"examples":{"application/json":{"id":"08ce06ee-a404-4c2d-aec9-a1b08b7760d8","uri":"kylo:kylo:henry:famattributes:fam-client-3-08ce06ee-a404-4c2d-aec9-a1b08b7760d8","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2024-07-17T07:59:22.27653Z","updatedAt":"2024-07-17T07:59:22.27653Z","client_id":"5556ee8e-84f5-437d-b561-8cbe6c959485","client_name":"FAM_client_3","fam_destination_id":"00000000-0000-0000-0000-000000000000","fam_destination_name":"","threshold":"ERROR","duplicates":"SUPPRESS","suppress_threshold":1,"suppress_interval":500,"min_interval":1,"max_interval":60,"max_messages":1000,"policy_version":0,"max_file_size":100,"connection_timeout":59,"job_completion_timeout":600,"max_space":1,"drop_if_busy":true}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"patch":{"summary":"Update FAM Attributes","description":"Modifies the FAM attributes. The parameters to be modified are placed in the body.\n","tags":["CTE/File Activity Monitoring"],"x-permissions":["ReadDSFResourceFAM","UpdateDSFResourceFAM"],"x-resource-type":"Attributes","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"FAM attribute parameters.","schema":{"type":"object","title":"Modify FAM attributes","properties":{"fam_destination_id":{"description":"ID of the destination to link to the FAM attributes.\nProvide default uuid '00000000-0000-0000-0000-000000000000' to reset destination from attributes.\n","type":"string"},"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"suppress_threshold":{"description":"Suppress threshold.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Default value is 500.","type":"integer"},"min_interval":{"description":"Minimum interval value in seconds. The default value is 1 second.","type":"integer"},"max_interval":{"description":"Maximum interval value in seconds. The default value is 60 seconds.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. The default value is 1000.","type":"integer"},"max_file_size":{"description":"Limits the size of file in MB. The default parameter value is 100 MB.","type":"integer"},"connection_timeout":{"description":"Interval after which the connection attempt to the key manager expires. The default value is 59 seconds.","type":"integer"},"job_completion_timeout":{"description":"Interval after which the log upload attempt expires. The default period is 600 seconds.","type":"integer"},"max_space":{"description":"Max space for cache settings. The default value is 1GB","type":"integer"},"drop_if_busy":{"description":"The valid values are true and false. By default, the parameter is set as true.","type":"boolean"}},"example":{"min_interval":5,"max_interval":65,"max_file_size":90,"connection_timeout":60,"job_completion_timeout":5,"suppress_threshold":10,"suppress_interval":600,"max_space":1,"drop_if_busy":true}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"fam_destination_id":{"description":"ID of the FAM destination.\nProvide default uuid '00000000-0000-0000-0000-000000000000' to reset destination from attributes.\n","type":"string"},"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, it should always be set to SUPPRESS.","type":"string"},"suppress_threshold":{"description":"Suppress threshold.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Default value is 500.","type":"integer"},"min_interval":{"description":"Minimum interval value in seconds. The default value is 1 second.","type":"integer"},"max_interval":{"description":"Maximum interval value in seconds. The default value is 60 seconds.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. The default value is 1000.","type":"integer"},"max_file_size":{"description":"Limits the size of file in MB. The default parameter value is 100 MB.","type":"integer"},"connection_timeout":{"description":"Interval after which the connection attempt to the key manager expires. The default value is 59 seconds.","type":"integer"},"job_completion_timeout":{"description":"Interval after which the log upload attempt expires. The default period is 600 seconds.","type":"integer"},"max_space":{"description":"Max space for cache settings. The default value is 1GB","type":"integer"},"drop_if_busy":{"description":"The valid values are true and false. By default, the parameter is set as true.","type":"boolean"}}}]},"examples":{"application/json":{"id":"08ce06ee-a404-4c2d-aec9-a1b08b7760d8","uri":"kylo:kylo:henry:famattributes:fam-client-3-08ce06ee-a404-4c2d-aec9-a1b08b7760d8","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2024-07-17T07:59:22.27653Z","updatedAt":"2024-07-17T07:59:24.27653Z","client_id":"5556ee8e-84f5-437d-b561-8cbe6c959485","client_name":"FAM_client_3","fam_destination_id":"00000000-0000-0000-0000-000000000000","fam_destination_name":"","threshold":"ERROR","duplicates":"SUPPRESS","suppress_threshold":1,"suppress_interval":600,"min_interval":2,"max_interval":65,"max_messages":1000,"policy_version":1,"max_file_size":90,"connection_timeout":60,"job_completion_timeout":600,"max_space":1,"drop_if_busy":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/fam/clients/{id}":{"x-feature":"FF_CTE_FAM","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update FAM Client","description":"Update FAM parameters for a FAM capable client.\n","tags":["CTE/File Activity Monitoring"],"x-permissions":["ReadDSFResourceFAM","UpdateDSFResourceFAM"],"x-resource-type":"Clients","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"Update FAM client parameters.","schema":{"type":"object","title":"Update FAM client parameters","required":["enable_fam"],"properties":{"enable_fam":{"description":"Parameter to update FAM support for the client. The valid values are true and false.","type":"boolean"}},"example":{"enable_fam":false}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`. \n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]},"examples":{"application/json":[{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:10.164.13.17","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","client_version":"6.3.0.88","min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":1582016251095,"config_ref":1582016258471,"capabilities":"LDT,DOCKER,EKP,RWP,FAM","enabled_capabilities":"LDT,EKP","profile_id":"3604b51e-17d7-4d85-abc5-a414114955f1","profile_name":"testProfile","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":"","client_errors":"[]","client_warnings":"[]","ldt_group_comm_service_id":"","ldt_group_comm_service_name":"","assigned_with_ldt_group_comm_service":false,"metadata":{"ekp_disabled":false,"lgcs_access_only":false},"domain_list":"[\"root\"]","account_list":"[\"kylo:kylo:admin:accounts:kylo\"]","enable_domain_sharing":false,"native_domain":"root","os_kernel":"","uor_version":"","ldt_enabled":false,"client_type":"FS","client_mfa_enabled":false,"sign_capable":false,"protection_mode":"CTE","dynamic_parameters":"[{\"name\":\"param1\",\"type\":\"SingleSelectString\",\"description\":\"Enable or disable param1 capability for CTE binaries.\",\"allowed_values\":\"enabled^disabled\",\"default_value\":\"disabled\",\"current_value\":\"enabled\"},{\"name\":\"param2\",\"type\":\"MultiSelectString\",\"description\":\"param2 that takes multiple strings as value\",\"allowed_values\":\"Option1^Option2^Option3^Option4\",\"default_value\":\"Option1^Option2^Option3\",\"current_value\":\"Option1^Option2^Option3\"}]","dps_enabled":false,"fam_enabled":false,"fam_state":"DISABLED","cc_enabled":false,"host_name":"sjdev04-rh8-spt-010","labels":null}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/permissions":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns the list of CTE permissions.\n","tags":["CTE/Permissions"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"cte_permissions":{"description":"List of CTE Permissions.","type":"array","items":{"type":"object","properties":{"type":{"description":"CTE Resource type.","type":"string"},"permissions":{"description":"List of CTE Permissions avaialble for resource type.","type":"array"}}}}}}]},"examples":{"application/json":{"cte_permissions":[{"type":"Client","permissions":["ReadClientCTE","UpdateClientCTE","DeleteClientCTE"]},{"type":"SignatureSet","permissions":["ReadSignatureSetCTE","UpdateSignatureSetCTE","DeleteSignatureSetCTE"]}]}}}}}},"/v1/transparent-encryption/clientgroups/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a CTE ClientGroup.","tags":["CTE/ClientGroups"],"x-permissions":["CreateClientGroupCTE","ReadProfileCTE"],"x-resource-type":"ClientGroup","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE ClientGroup creation parameters.","schema":{"type":"object","title":"Create CTE ClientGroup","required":["name","cluster_type"],"properties":{"name":{"description":"Name of the ClientGroup.","type":"string"},"description":{"description":"Description of the ClientGroup.","type":"string"},"cluster_type":{"description":"Cluster type of the ClientGroup, valid values are NON-CLUSTER and HDFS.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"password":{"description":"User supplied password if password_creation_method is MANUAL. The password MUST be minimum 8 characters and MUST contain one alphabet,\none number, and one of the !@#$%^&*(){}[] special characters.\n","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"ldt_designated_primary_set":{"description":"ID of the Designated Primary Set.","type":"string"}},"example":{"name":"ClientGroup1","description":"Test ClientGroup","cluster_type":"NON-CLUSTER"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"cluster_type":{"description":"Cluster Type (NON-CLUSTER).","type":"string"},"description":{"description":"Descriptive string for ClientGroup","type":"string"},"client_locked":{"description":"Is FS Agent locked ?","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.\nWhen enabled, patches to the operating system of the client will fail due to the protection of these files.\n","type":"boolean"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Currently only `RESIGN` for re-signing client settings is available.","type":"string"},"enabled_capabilities":{"description":"Comma-separated agent capabilities that are enabled. Currently, only RESIGN can be enabled for re-signing client settings.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:clientgroup:ClientGroup1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","updatedAt":"0001-01-01T00:00:00Z","name":"ClientGroup1","description":"Test ClientGroup","cluster_type":"NON-CLUSTER","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","communication_enabled":true,"auth_binaries":"","capabilities":"RESIGN","enabled_capabilities":"","profile_id":"2a23f919-b777-4e88-9baa-4bfdc1808d70","profile_name":"DefaultClientProfile","domain_list":"[]","account_list":"[\"kylo:kylo:admin:accounts:kylo\"]","enable_domain_sharing":false,"native_domain":"root","ldt_status":"Running"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of ClientGroups added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/ClientGroups"],"x-permissions":["ReadClientGroupCTE"],"x-resource-type":"ClientGroup","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the clientgroup name."},{"name":"cluster_type","in":"query","required":false,"type":"string","description":"Filter result using the clientgroup cluster type. Valid values are \"HDFS\" and \"NON-CLUSTER\"."},{"name":"native_domain","in":"query","required":false,"type":"string","description":"Filter result based on the native domain, that is, the domain where the resource is created. \nIt will be relevant when some resources are shared across multiple domains.\nUse a comma-separated list to pass names of multiple domains in one go.\n"},{"name":"enable_domain_sharing","description":"Filter resources based on whether cross-domain sharing is enabled.","in":"query","required":false,"type":"boolean"},{"name":"fetch_current_domain_resources_only","description":"Filter resources belonging to the current domain only.","in":"query","required":false,"type":"boolean"},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"cluster_type":{"description":"Cluster Type (NON-CLUSTER).","type":"string"},"description":{"description":"Descriptive string for ClientGroup","type":"string"},"client_locked":{"description":"Is FS Agent locked ?","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.\nWhen enabled, patches to the operating system of the client will fail due to the protection of these files.\n","type":"boolean"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Currently only `RESIGN` for re-signing client settings is available.","type":"string"},"enabled_capabilities":{"description":"Comma-separated agent capabilities that are enabled. Currently, only RESIGN can be enabled for re-signing client settings.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:clientgroup:ClientGroup1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","updatedAt":"0001-01-01T00:00:00Z","name":"ClientGroup1","description":"Test ClientGroup","cluster_type":"NON-CLUSTER","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","communication_enabled":true,"auth_binaries":"","capabilities":"RESIGN","enabled_capabilities":"","profile_id":"2a23f919-b777-4e88-9baa-4bfdc1808d70","profile_name":"DefaultClientProfile","domain_list":"[]","account_list":"[\"kylo:kylo:admin:accounts:kylo\"]","enable_domain_sharing":false,"native_domain":"root","ldt_status":"Running"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{id}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns details of a ClientGroup with the given id.","tags":["CTE/ClientGroups"],"x-permissions":["ReadClientGroupCTE"],"x-resource-type":"ClientGroup","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"cluster_type":{"description":"Cluster Type (NON-CLUSTER).","type":"string"},"description":{"description":"Descriptive string for ClientGroup","type":"string"},"client_locked":{"description":"Is FS Agent locked ?","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.\nWhen enabled, patches to the operating system of the client will fail due to the protection of these files.\n","type":"boolean"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Currently only `RESIGN` for re-signing client settings is available.","type":"string"},"enabled_capabilities":{"description":"Comma-separated agent capabilities that are enabled. Currently, only RESIGN can be enabled for re-signing client settings.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]},"examples":{"application/json":[{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:clientgroup:ClientGroup1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","updatedAt":"0001-01-01T00:00:00Z","name":"ClientGroup1","description":"Test ClientGroup","cluster_type":"NON-CLUSTER","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","communication_enabled":true,"auth_binaries":"","capabilities":"RESIGN","enabled_capabilities":"","profile_id":"2a23f919-b777-4e88-9baa-4bfdc1808d70","profile_name":"DefaultClientProfile","domain_list":"[]","account_list":"[\"kylo:kylo:admin:accounts:kylo\"]","enable_domain_sharing":false,"native_domain":"root","ldt_status":"Running"}]}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"patch":{"summary":"Update","description":"Updates details of a CTE ClientGroup.","tags":["CTE/ClientGroups"],"x-permissions":["ReadClientGroupCTE","UpdateClientGroupCTE","ReadProfileCTE","ReadGuardPointCTE","ReadClientGroupClientAssociationCTE","ReadClientCTE","UpdateClientCTE"],"x-resource-type":"ClientGroup","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE ClientGroup parameters to be modified.\n","schema":{"type":"object","title":"Update CTE ClientGroup","properties":{"client_locked":{"description":"Is FS Agent locked? Enables locking the configuration of the File System Agent on the client. This will prevent updates to any policies on the client. Default value is `false`.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"description":{"description":"Description of the ClientGroup.","type":"string"},"password_creation_method":{"description":"This field is **deprecated** from update client endpoint, use `/clientgroups/{id}/password` endpoint instead to update the password creation method.","type":"string"},"password":{"description":"This field is **deprecated** from update client endpoint, use `/clientgroups/{id}/password` endpoint instead to update the password.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"enabled_capabilities":{"description":"Comma-separated agent capabilities which are enabled. Currently only `RESIGN` for re-signing client settings can be enabled.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"shared_domain_list":{"x-feature":"FF_CTE_DOMAIN_SHARING","description":"List of domains with which ClientGroup needs to be shared.","type":"array","items":{"type":"string"}},"enable_domain_sharing":{"x-feature":"FF_CTE_DOMAIN_SHARING","description":"Whether to enable domain sharing for ClientGroup.","type":"boolean"},"ldt_designated_primary_set":{"description":"ID of the Designated Primary Set.","type":"string"}},"example":{"client_locked":true,"system_locked":false,"description":"Test","password_creation_method":"MANUAL","password":"Hello@1","communication_enabled":true}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"cluster_type":{"description":"Cluster Type (NON-CLUSTER).","type":"string"},"description":{"description":"Descriptive string for ClientGroup","type":"string"},"client_locked":{"description":"Is FS Agent locked ?","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.\nWhen enabled, patches to the operating system of the client will fail due to the protection of these files.\n","type":"boolean"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Currently only `RESIGN` for re-signing client settings is available.","type":"string"},"enabled_capabilities":{"description":"Comma-separated agent capabilities that are enabled. Currently, only RESIGN can be enabled for re-signing client settings.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:clientgroup:ClientGroup1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","updatedAt":"0001-01-01T00:00:00Z","name":"ClientGroup1","description":"Test ClientGroup","cluster_type":"NON-CLUSTER","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","communication_enabled":true,"auth_binaries":"","capabilities":"RESIGN","enabled_capabilities":"","profile_id":"2a23f919-b777-4e88-9baa-4bfdc1808d70","profile_name":"DefaultClientProfile","domain_list":"[]","account_list":"[\"kylo:kylo:admin:accounts:kylo\"]","enable_domain_sharing":false,"native_domain":"root","ldt_status":"Running"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a ClientGroup from the CipherTrust Manager.\n","tags":["CTE/ClientGroups"],"x-permissions":["ReadClientGroupCTE","ReadClientGroupClientAssociationCTE","ReadClientCTE","DeleteClientGroupCTE"],"x-resource-type":"ClientGroup","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{id}/password":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update Client Group Password","description":"Updates password of a CTE ClientGroup.","tags":["CTE/ClientGroups"],"x-permissions":["PermissionCTEClientPasswordRead","PermissionCTEClientPasswordUpdate"],"x-resource-type":"ClientGroup","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE ClientGroup password parameters to be modified.\n","schema":{"type":"object","title":"Update CTE ClientGroup","properties":{"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"password":{"description":"User supplied password if password_creation_method is MANUAL. The password MUST be minimum 8 characters and MUST contain one alphabet,\none number, and one of the !@#$%^&*(){}[] special characters.\n","type":"string"}},"example":{"password_creation_method":"MANUAL","password":"Hello12@"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"cluster_type":{"description":"Cluster Type (NON-CLUSTER).","type":"string"},"description":{"description":"Descriptive string for ClientGroup","type":"string"},"client_locked":{"description":"Is FS Agent locked ?","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.\nWhen enabled, patches to the operating system of the client will fail due to the protection of these files.\n","type":"boolean"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Currently only `RESIGN` for re-signing client settings is available.","type":"string"},"enabled_capabilities":{"description":"Comma-separated agent capabilities that are enabled. Currently, only RESIGN can be enabled for re-signing client settings.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:clientgroup:ClientGroup1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","updatedAt":"0001-01-01T00:00:00Z","name":"ClientGroup1","description":"Test ClientGroup","cluster_type":"NON-CLUSTER","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","communication_enabled":true,"auth_binaries":"","capabilities":"RESIGN","enabled_capabilities":"","profile_id":"2a23f919-b777-4e88-9baa-4bfdc1808d70","profile_name":"DefaultClientProfile","domain_list":"[]","account_list":"[\"kylo:kylo:admin:accounts:kylo\"]","enable_domain_sharing":false,"native_domain":"root","ldt_status":"Running"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{id}/auth-binaries":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update Client Settings","description":"Updates client settings for a ClientGroup.","tags":["CTE/ClientGroups"],"x-permissions":["ReadClientGroupCTE","UpdateClientGroupCTE","ReadSignatureSetCTE","ReadClientGroupClientAssociationCTE","ReadClientCTE"],"x-resource-type":"ClientGroup","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"Client setting parameters to be modified.\n","schema":{"type":"object","title":"Update client settings for a CTE ClientGroup.","properties":{"re_sign":{"description":"Whether to re-sign the client settings.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.\nSignature set can be provided in +sig= format.\nFor example:\n{\n \\\"privilege\\\": \\\"authenticator+sig=TestSignSet\\\",\n \\\"filename\\\": \\\"/usr/sbin/tsm\\\"\n}\n","type":"string"}},"example":{"re_sign":true,"auth_binaries":"[ { \"privilege\": \"authenticator\", \"filename\": \"/usr/sbin/tsm\" }, { \"privilege\": \"authenticator\", \"filename\": \"/usr/sbin/sshd\" }, { \"privilege\": \"authenticator\", \"filename\": \"/usr/dt/bin/dtlogin\" }, { \"privilege\": \"authenticator_euid\", \"filename\": \"/usr/sbin/ftpd\" } ]\n"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"cluster_type":{"description":"Cluster Type (NON-CLUSTER).","type":"string"},"description":{"description":"Descriptive string for ClientGroup","type":"string"},"client_locked":{"description":"Is FS Agent locked ?","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.\nWhen enabled, patches to the operating system of the client will fail due to the protection of these files.\n","type":"boolean"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Currently only `RESIGN` for re-signing client settings is available.","type":"string"},"enabled_capabilities":{"description":"Comma-separated agent capabilities that are enabled. Currently, only RESIGN can be enabled for re-signing client settings.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:clientgroup:ClientGroup1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","updatedAt":"0001-01-01T00:00:00Z","name":"ClientGroup1","description":"Test ClientGroup","cluster_type":"NON-CLUSTER","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","communication_enabled":true,"auth_binaries":"","capabilities":"RESIGN","enabled_capabilities":"","profile_id":"2a23f919-b777-4e88-9baa-4bfdc1808d70","profile_name":"DefaultClientProfile","domain_list":"[]","account_list":"[\"kylo:kylo:admin:accounts:kylo\"]","enable_domain_sharing":false,"native_domain":"root","ldt_status":"Running"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{id}/resetpassword":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Reset Password for CTE ClientGroup","description":"Resets the password for a ClientGroup.","tags":["CTE/ClientGroups"],"x-permissions":["ReadClientGroupCTE","UpdateClientGroupCTE","ReadClientGroupClientAssociationCTE","ReadClientCTE","UpdateClientCTE"],"x-resource-type":"ClientGroup","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"cluster_type":{"description":"Cluster Type (NON-CLUSTER).","type":"string"},"description":{"description":"Descriptive string for ClientGroup","type":"string"},"client_locked":{"description":"Is FS Agent locked ?","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.\nWhen enabled, patches to the operating system of the client will fail due to the protection of these files.\n","type":"boolean"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Currently only `RESIGN` for re-signing client settings is available.","type":"string"},"enabled_capabilities":{"description":"Comma-separated agent capabilities that are enabled. Currently, only RESIGN can be enabled for re-signing client settings.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:clientgroup:ClientGroup1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","updatedAt":"0001-01-01T00:00:00Z","name":"ClientGroup1","description":"Test ClientGroup","cluster_type":"NON-CLUSTER","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","communication_enabled":true,"auth_binaries":"","capabilities":"RESIGN","enabled_capabilities":"","profile_id":"2a23f919-b777-4e88-9baa-4bfdc1808d70","profile_name":"DefaultClientProfile","domain_list":"[]","account_list":"[\"kylo:kylo:admin:accounts:kylo\"]","enable_domain_sharing":false,"native_domain":"root","ldt_status":"Running"}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{id}/clients/{client_id}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"delete":{"summary":"Remove Client from ClientGroup","description":"Removes a client from the ClientGroup.","tags":["CTE/ClientGroups"],"x-permissions":["ReadClientGroupCTE","ReadClientCTE","ReadClientGroupClientAssociationCTE","DeleteClientGroupClientAssociationCTE","ReadGuardPointCTE","ReadSignatureSetCTE","UpdateClientCTE"],"x-resource-type":"ClientGroup-Client-Association","x-product":"CTE","parameters":[{"name":"id","in":"path","description":"An identifier of the CTE ClientGroup. This can be either ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"client_id","in":"path","description":"An identifier of the CTE Client. This can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get ClientGroup Client Association","description":"Returns the association between a ClientGroup and a client.","tags":["CTE/ClientGroups"],"x-permissions":["ReadClientGroupCTE","ReadClientCTE","ReadClientGroupClientAssociationCTE"],"x-resource-type":"ClientGroup-Client-Association","x-product":"CTE","parameters":[{"name":"id","in":"path","description":"An identifier of the CTE ClientGroup. This can be either ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"client_id","in":"path","description":"An identifier of the CTE Client. This can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_group_id":{"type":"string","description":"UUID of CTE ClientGroup."},"client_id":{"type":"string","description":"UUID of CTE Client."},"client_group_name":{"type":"string","description":"Name of CTE ClientGroup."},"client_name":{"type":"integer","description":"Name of CTE Client."}}}]},"examples":{"application/json":{"id":"f5d29707-6572-4ab8-8c14-aff8b7195664","uri":"kylo:kylo:henry:clientgroupclientassn:U5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-23T16:19:56.428692275Z","updatedAt":"2018-05-23T16:19:56.428692275Z","client_group_id":"79a27b89-7e02-4afa-85d2-8ac5d5677f23","client_id":"db0b7cd9-a27e-4334-bfd9-a3c375b07fde","client_group_name":"ClientGroup1","client_name":"Client_1"}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{id}/clients/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add Client to ClientGroup","description":"Adds a client to an existing ClientGroup.","tags":["CTE/ClientGroups"],"x-permissions":["ReadClientGroupCTE","UpdateClientCTE","ReadGuardPointCTE","ReadClientCTE","CreateClientGroupClientAssociationCTE","ReadSignatureSetCTE"],"x-resource-type":"ClientGroup-Client-Association","x-product":"CTE","parameters":[{"name":"id","in":"path","description":"An identifier of the CTE ClientGroup. This can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"CTE ClientGroup-Client association parameters.","schema":{"type":"object","title":"Add Client to ClientGroup","required":["inherit_attributes","client_list"],"properties":{"inherit_attributes":{"type":"boolean","description":"Whether the client should inherit attributes from the ClientGroup."},"client_list":{"description":"List of Client identifier which are to be associated with clientgroup. This identifier can be the Name, ID (a UUIDv4), URI, or slug of the client.","type":"array","items":{"type":"string"}}},"example":{"client_list":["Client1","Client2"],"inherit_attributes":true}}}],"responses":{"201":{"description":"Client added to ClientGroup.","schema":{"allOf":[{"type":"object","properties":{"association_response":{"description":"List of successful Client-ClientGroup Association","type":"array","items":{"type":"object","title":"Resource","properties":{"client_group_id":{"type":"string","description":"UUID of CTE ClientGroup."},"client_id":{"type":"string","description":"UUID of CTE Client."},"client_group_name":{"type":"string","description":"Name of CTE ClientGroup."},"client_name":{"type":"string","description":"Name of CTE Client."}}}},"num_failed_association":{"type":"integer","description":"Number of clients failed to get associated. It shall be 0 in case all clients get successfully associated"},"failed_associations":{"type":"string","description":"Failed client with the reason for failure provided in a Key-Value pair where key is Client-Identifier and value is the failure reason along with return code.\nIt shall be nil in case all clients get successfully associated\n","format":"JSON"}}}]}},"207":{"description":"Client added to ClientGroup.","schema":{"allOf":[{"type":"object","properties":{"association_response":{"description":"List of successful Client-ClientGroup Association","type":"array","items":{"type":"object","title":"Resource","properties":{"client_group_id":{"type":"string","description":"UUID of CTE ClientGroup."},"client_id":{"type":"string","description":"UUID of CTE Client."},"client_group_name":{"type":"string","description":"Name of CTE ClientGroup."},"client_name":{"type":"string","description":"Name of CTE Client."}}}},"num_failed_association":{"type":"integer","description":"Number of clients failed to get associated. It shall be 0 in case all clients get successfully associated"},"failed_associations":{"type":"string","description":"Failed client with the reason for failure provided in a Key-Value pair where key is Client-Identifier and value is the failure reason along with return code.\nIt shall be nil in case all clients get successfully associated\n","format":"JSON"}}}]},"examples":{"application/json":{"association_response":[{"id":"bb9588ad-3c18-4bb4-9571-b90caa2f6675","uri":"kylo:kylo:henry:clientgroupclientassn:bb9588ad-3c18-4bb4-9571-b90caa2f6675","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-04-04T09:57:18.490128478Z","updatedAt":"2020-04-04T09:57:18.490128478Z","client_group_id":"4687c178-5579-40f2-9a64-48cb6196fe4f","client_id":"cb68453a-234f-44f1-abf6-8e93509ae955","client_group_name":"CG1","client_name":"ubuntu_vm"}],"num_failed_association":1,"failed_associations":{"centos_vm":{"reason":"AddBulkClientToClientGroup : Failed to create Client-ClientGroup Association. Error:could not create clientgroupclientassn as it already exists","return_code":409}}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List Clients in ClientGroup","description":"Returns the list of clients in a ClientGroup.\n","tags":["CTE/ClientGroups"],"x-permissions":["ReadClientGroupCTE","ReadClientGroupClientAssociationCTE","ReadClientCTE"],"x-resource-type":"ClientGroup-Client-Association","x-product":"CTE","parameters":[{"name":"id","in":"path","description":"An identifier of the CTE ClientGroup. This can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter the results by name of client."},{"name":"num_errors","in":"query","required":false,"type":"integer","description":"Filter clients which have number of errors EQUAL to this value."},{"name":"num_gp_errors","in":"query","required":false,"type":"integer","description":"Filter clients which have number of GuardPoint errors EQUAL to this value."},{"name":"num_warnings","in":"query","required":false,"type":"integer","description":"Filter clients which have number of warnings EQUAL to this value."},{"name":"client_health_status","in":"query","required":false,"type":"string","description":"Filter clients by client health status. Valid values are UNREGISTERED, ERROR, WARNING, HEALTHY, EXPUNGED, WAITING FOR CONNECTION, NOT CONNECTED.\nTo filter clients by multiple status provide comma-delimited list of status.\nFor example: HEALTHY,WARNING\n...will filter clients which have HEALTHY or WARNING client health status.\n"},{"name":"os_type","in":"query","required":false,"type":"string","description":"Filter clients by os type of client.Valid values are LINUX, WINDOWS, FREEBSD and AIX."},{"name":"client_version","description":"Filter clients by version of client.","in":"query","required":false,"type":"string"},{"name":"profile_name","in":"query","required":false,"type":"string","description":"Filter clients by profile name."},{"name":"profile_id","in":"query","required":false,"description":"Filter clients by profile identifier.","type":"string"},{"name":"ldt_enabled","description":"Filter clients by ldt_enabled flag.","in":"query","required":false,"type":"boolean"},{"name":"assigned_with_ldt_group_comm_service","description":"Filter clients based on assignation with LDT comm group service.","in":"query","required":false,"type":"boolean"},{"name":"ldt_group_comm_service_name","in":"query","required":false,"description":"Filter clients by LDT comm group service name.","type":"string"},{"name":"ldt_group_comm_service_id","in":"query","required":false,"description":"Filter clients by LDT comm group service ID.","type":"string"},{"name":"native_domain","in":"query","required":false,"type":"string","description":"Filter result based on the native domain, that is, the domain where the resource is created. \nIt will be relevant when some resources are shared across multiple domains.\nUse a comma-separated list to pass names of multiple domains in one go.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`. \n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"2,","resources":[{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:10.164.13.17","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"one_way_communication":false,"pem_type":"fs_vmd","password_creation_method":"GENERATE","client_version":9,"min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":100536,"config_ref":78651,"capabilities":"LDT,DOCKER,ES,CBCCS1","enabled_capabilities":"LDT,ES","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":""},{"id":"3604b51e-17d7-4d85-abc5-a414114966d3","uri":"kylo:kylo:henry:client:10.164.13.18","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de5c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"one_way_communication":false,"pem_type":"fs_vmd","password_creation_method":"GENERATE","client_version":9,"min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":100536,"config_ref":78651,"capabilities":"LDT,DOCKER,ES,CBCCS1","enabled_capabilities":"LDT,ES","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":""}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{clientGroupId}/guardpoints/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientGroupId","in":"path","type":"string","description":"An identifier of the CTE ClientGroup.\nThis can be the ID (a UUIDv4), URI, or name of ClientGroup.\n","required":true}],"post":{"summary":"Create","description":"Adds a new CTE GuardPoint to the ClientGroup.","tags":["CTE/ClientGroups-GuardPoints"],"x-permissions":["ReadPolicyCTE","ReadSecurityRuleCTE","ReadKeyRuleCTE","ReadLDTRuleCTE","CreatePolicyCTE","ReadClientGroupCTE","CreateGuardPointCTE"],"x-resource-type":"ClientGroup-GuardPoint","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE GuardPoint creation parameters.","schema":{"type":"object","title":"Create GuardPoint","required":["guard_paths","guard_point_params"],"properties":{"guard_paths":{"description":"List of GuardPaths to be created.","type":"array","items":{"type":"string"}},"guard_point_params":{"description":"Parameters for creating a GuardPoint.","type":"object","required":["policy_id","guard_point_type"],"properties":{"guard_point_type":{"description":"Type of the GuardPoint. The valid values are “directory_auto”, “directory_manual”, “rawdevice_manual”,\n“rawdevice_auto”, “cloudstorage_auto”, “cloudstorage_manual”, or \"ransomware_protection\".\n","type":"string"},"automount_enabled":{"description":"Whether automount is enabled with the GuardPoint. Supported for Standard and LDT policies.","type":"boolean"},"policy_id":{"description":"ID of the policy which is applied with this GuardPoint. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Whether to preserve sparse file regions. Available on LDT enabled clients only. The default value is true. If you disable the setting, it cannot be enabled again. Supported for Standard and LDT policies.","type":"boolean"},"cifs_enabled":{"description":"Whether to enable CIFS. Available on LDT enabled windows clients only. The default value is false. If you enable the setting, it cannot be disabled. Supported for only LDT policies.","type":"boolean"},"early_access":{"description":"Whether secure start (early access) is turned on. Secure start is applicable to Windows clients only. Supported for Standard and LDT policies. The default value is false.","type":"boolean"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"network_share_credentials_id":{"description":"ID/Name of the credentials if the GuardPoint is applied to a network share. Supported for only LDT policies.","type":"string"},"mfa_enabled":{"description":"Whether to enable MFA (Multi Factor Authentication).","type":"boolean"},"dps_id":{"description":"ID/name of the Designated Primary Set.","type":"string"}}}},"example":{"guard_paths":["/opt/path1/","/opt/path2"],"guard_point_params":{"guard_point_type":"directory_auto","policy_id":"TestPolicy","early_access":true,"preserve_sparse_regions":true,"dps_id":"243b14ec-2251-449d-9ada-6fb1f8e6a414"}}}}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"guardpoints":{"description":"List of successfully created GuardPoints.","type":"array","items":{"type":"object","properties":{"guardpoint":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]}},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}},"failed_guard_points":{"description":"List of guard_points which are failed to create.","type":"array","items":{"type":"object","properties":{"guard_path":{"description":"path of guard_point.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Failed status code for guard_point.","type":"integer"}}}}}}]},"examples":{"application/json":{"guardpoints":[{"guardpoint":{"id":"0c2981d7-694a-4d67-8a8d-fad870de30c1","uri":"kylo:kylo:henry:guardpoint:0c2981d7-694a-4d67-8a8d-fad870de30c1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-25T07:39:37.936089223Z","updatedAt":"2023-05-25T07:39:37.936089223Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"66d06f0a-19a1-4943-b515-cbae4c21507b","client_name":"","client_group_name":"cg1","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/path1","policy_id":"243b14ec-2251-449d-9ada-6fb1f8e6a414","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENTGROUP","policy_name":"TestPolicy","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""},"status_code":201},{"guardpoint":{"id":"ae27a9eb-93c8-4db2-a049-475d4a076701","uri":"kylo:kylo:henry:guardpoint:ae27a9eb-93c8-4db2-a049-475d4a076701","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-25T07:39:37.945128705Z","updatedAt":"2023-05-25T07:39:37.945128705Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"66d06f0a-19a1-4943-b515-cbae4c21507b","client_name":"","client_group_name":"cg1","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/path2","policy_id":"243b14ec-2251-449d-9ada-6fb1f8e6a414","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENTGROUP","policy_name":"TestPolicy","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"","dps_id":"243b14ec-2251-449d-9ada-6fb1f8e6a415","dps_name":"DPS1"},"status_code":201}],"failed_guard_points":[{"guard_path":"/opt/path3","error":"Duplicate Path","status_code":409},{"guard_path":"/opt/path4","error":"Duplicate Path","status_code":409}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of GuardPoints added to a ClientGroup. The results can be filtered using the query parameters.\n","tags":["CTE/ClientGroups-GuardPoints"],"x-permissions":["ReadClientGroupCTE","ReadGuardPointCTE"],"x-resource-type":"ClientGroup-GuardPoint","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"uri_list","in":"query","required":false,"type":"string","description":"Filter the results by uri. To fetch multiple resources provide comma-delimited list of uri."},{"name":"policy_id","in":"query","required":false,"type":"string","description":"Filter the results by policy id of GuardPoint. MUST be a UUID value."},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter the results by policy name of GuardPoint."},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guard enabled values of GuardPoint. Valid values are Yes/No and True/False."},{"name":"guard_path","in":"query","required":false,"type":"string","description":"Filter the results by GuardPath of GuardPoint."},{"name":"mfa_enabled","description":"Filter GuardPoints based on MFA status - enabled or not.","in":"query","required":false,"type":"boolean"},{"name":"type","in":"query","required":false,"type":"string","description":"Filter the results by type of GuardPoint. Valid values are CLIENT and CLIENTGROUP."},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by createdAt, guard_enabled, type, guard_point_state, policy_id and policy_name. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n -createdAt\n\n...will sort the results by `createdAt`, descending.\n"},{"name":"native_domain","in":"query","required":false,"type":"string","description":"Filter result based on the native domain, that is, the domain where the resource is created. \nIt will be relevant when some resources are shared across multiple domains.\nUse a comma-separated list to pass names of multiple domains in one go.\n"},{"name":"fetch_current_domain_resources_only","description":"Filter resources belonging to the current domain only.","in":"query","required":false,"type":"boolean"},{"name":"guard_point_type","in":"query","required":false,"type":"string","description":"Filter clients based on guard point type. Valid values are directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, and ransomware_protection."},{"name":"dps_id","in":"query","required":false,"type":"string","description":"Filter the results by DPS ID of the GuardPoint."},{"name":"dps_name","in":"query","required":false,"type":"string","description":"Filter the results by DPS name of the GuardPoint. Value can be any string."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"193bb7eb-4219-4375-b935-a9a0f984b134","uri":"kylo:kylo:henry:guardpoint:193bb7eb-4219-4375-b935-a9a0f984b134","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-25T09:14:07.173806Z","updatedAt":"2023-05-25T09:14:07.173806Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"66d06f0a-19a1-4943-b515-cbae4c21507b","client_name":"","client_group_name":"cg1","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/path1","policy_id":"1b0a52a9-1423-4568-9c34-c27482984bcb","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENTGROUP","policy_name":"ldt","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"","dps_id":"243b14ec-2251-449d-9ada-6fb1f8e6a415","dps_name":"DPS1"},{"id":"193bb7eb-4219-4375-b935-a9a0f984b134","uri":"kylo:kylo:henry:guardpoint:193bb7eb-4219-4375-b935-a9a0f984b134","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-25T09:14:07.173806Z","updatedAt":"2023-05-25T09:14:07.173806Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"66d06f0a-19a1-4943-b515-cbae4c21507b","client_name":"","client_group_name":"cg1","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/path2","policy_id":"1b0a52a9-1423-4568-9c34-c27482984bcb","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENTGROUP","policy_name":"ldt","network_share_credentials_id":"","disabled_reason":"","guard_point_state\"":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"","dps_id":"243b14ec-2251-449d-9ada-6fb1f8e6a415","dps_name":"DPS1"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}}}}},"/v1/transparent-encryption/clientgroups/{clientGroupId}/guardpoints/enable/":{"x-feature":"FF_CTE_BULK_TOGGLE_GP","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientGroupId","in":"path","type":"string","description":"An identifier of the CTE ClientGroup.\nThis can be the ID (a UUIDv4), URI, or name of ClientGroup.\n","required":true}],"patch":{"summary":"Enable/disable guardpoints","description":"Enable/disable multiple guardpoints of client group","tags":["CTE/ClientGroups-GuardPoints"],"x-permissions":["UpdateGuardPointCTE","ReadClientCTE","ReadGuardPointCTE","ReadClientGroupClientAssociationCTE","ReadClientGroupCTE"],"x-resource-type":"ClientGroup-GuardPoint","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE GuardPoint bulk enable/disable parameters.","schema":{"type":"object","title":"Update GuardPoints","required":["guard_enabled","guard_point_id_list"],"properties":{"guard_enabled":{"description":"Whether to enable/disable guardpoint","type":"boolean"},"guard_point_id_list":{"description":"IDs of the GuardPoints to be enabled/disabled. The IDs can be the ID (a UUIDv4), URI, or slug of the GuardPoints.","type":"array","items":{"type":"string"}}},"example":{"guard_enabled":true,"guard_point_id_list":["id1","id2"]}}}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"guardpoints":{"description":"List of successfully processed guard_points.","type":"array","items":{"type":"object","properties":{"guard_point_id":{"description":"ID of guard_point.","type":"string"},"guard_path":{"description":"Path of guard_point.","type":"string"},"status_code":{"description":"Status code for success.","type":"integer"}}}},"failed_guard_points":{"description":"List of failed guard_points","type":"array","items":{"type":"object","properties":{"guard_point_id":{"description":"ID of guard_point.","type":"string"},"guard_path":{"description":"Path of guard_point.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Failed status code for guard_point.","type":"integer"}}}}}}]},"examples":{"guardpoints":[{"guard_point_id":"b940678b-6ba1-4598-8e61-9762d2ac033f","guard_path":"/opt/path1","status_code":204}],"failed_guard_points":[{"guard_point_id":"c240678b-6ba1-4598-8e61-9762d2ac031a","error":"Validation error: Failed to get GuardPoint c240678b-6ba1-4598-8e61-9762d2ac031a","status_code":404}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{clientGroupId}/guardpoints/upload-list":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientGroupId","in":"path","type":"string","description":"An identifier of the CTE ClientGroup.\nThis can be the ID (a UUIDv4), URI, or name of ClientGroup.\n","required":true}],"post":{"summary":"Upload","description":"Creates a large number of GuardPoints using a CSV file. List the required GuardPaths in the CSV file. Set the content type to multipart/form-data and provide the pathfile and param as form-data.","tags":["CTE/ClientGroups-GuardPoints"],"x-permissions":["ReadPolicyCTE","ReadSecurityRuleCTE","ReadKeyRuleCTE","ReadLDTRuleCTE","CreatePolicyCTE","ReadClientGroupCTE","CreateGuardPointCTE"],"x-resource-type":"ClientGroup-GuardPoint","x-product":"CTE","consumes":["multipart/form-data"],"parameters":[{"name":"pathfile","in":"formData","type":"file"},{"name":"param","in":"formData","type":"string","description":"Create GuardPoint parameters, for example: {\"guard_point_type\": \"directory_auto\",\"policy_id\": \"TestPolicy\"}\n"}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"guardpoints":{"description":"List of successfully created GuardPoints.","type":"array","items":{"type":"object","properties":{"guardpoint":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]}},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}},"failed_guard_points":{"description":"List of guard_points which are failed to create.","type":"array","items":{"type":"object","properties":{"guard_path":{"description":"path of guard_point.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Failed status code for guard_point.","type":"integer"}}}}}}]},"examples":{"application/json":{"guardpoints":[{"guardpoint":{"id":"0c2981d7-694a-4d67-8a8d-fad870de30c1","uri":"kylo:kylo:henry:guardpoint:0c2981d7-694a-4d67-8a8d-fad870de30c1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-25T07:39:37.936089223Z","updatedAt":"2023-05-25T07:39:37.936089223Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"66d06f0a-19a1-4943-b515-cbae4c21507b","client_name":"","client_group_name":"cg1","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/path1","policy_id":"243b14ec-2251-449d-9ada-6fb1f8e6a414","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENTGROUP","policy_name":"TestPolicy","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"","dps_id":"243b14ec-2251-449d-9ada-6fb1f8e6a415","dps_name":"DPS1"},"status_code":201},{"guardpoint":{"id":"ae27a9eb-93c8-4db2-a049-475d4a076701","uri":"kylo:kylo:henry:guardpoint:ae27a9eb-93c8-4db2-a049-475d4a076701","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-25T07:39:37.945128705Z","updatedAt":"2023-05-25T07:39:37.945128705Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"66d06f0a-19a1-4943-b515-cbae4c21507b","client_name":"","client_group_name":"cg1","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/path2","policy_id":"243b14ec-2251-449d-9ada-6fb1f8e6a414","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENTGROUP","policy_name":"TestPolicy","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"","dps_id":"243b14ec-2251-449d-9ada-6fb1f8e6a415","dps_name":"DPS1"},"status_code":201}],"failed_guard_points":[{"guard_path":"/opt/path3","error":"Duplicate Path","status_code":409},{"guard_path":"/opt/path4","error":"Duplicate Path","status_code":409}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{clientGroupId}/guardpoints/unguard/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientGroupId","in":"path","type":"string","description":"An identifier of the CTE ClientGroup.\nThis can be the ID (a UUIDv4), URI, or name of ClientGroup.\n","required":true}],"patch":{"summary":"Unguard GuardPoints","description":"Unguards multiple GuardPoints from a ClientGroup.\n","tags":["CTE/ClientGroups-GuardPoints"],"x-permissions":["ReadClientGroupCTE","ReadGuardPointCTE","DeleteGuardPointCTE"],"x-resource-type":"ClientGroup-GuardPoint","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE GuardPoint bulk unguard parameters.","schema":{"type":"object","title":"Unguard GuardPoints","required":["guard_point_id_list"],"properties":{"guard_point_id_list":{"description":"Comma-separated IDs of GuardPoints to be dissociated from a ClientGroup. The IDs can be the Name, ID (a UUIDv4), URI, or slug of the ClientGroup.","type":"array","items":{"type":"string"}}},"example":{"guard_point_id_list":["id1","id2"]}}}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"guardpoints":{"description":"List of successfully processed guard_points.","type":"array","items":{"type":"object","properties":{"guard_point_id":{"description":"ID of guard_point.","type":"string"},"guard_path":{"description":"Path of guard_point.","type":"string"},"status_code":{"description":"Status code for success.","type":"integer"}}}},"failed_guard_points":{"description":"List of failed guard_points","type":"array","items":{"type":"object","properties":{"guard_point_id":{"description":"ID of guard_point.","type":"string"},"guard_path":{"description":"Path of guard_point.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Failed status code for guard_point.","type":"integer"}}}}}}]},"examples":{"guardpoints":[{"guard_point_id":"b940678b-6ba1-4598-8e61-9762d2ac033f","guard_path":"/opt/path1","status_code":204}],"failed_guard_points":[{"guard_point_id":"id2","guard_path":"","error":"record not found","status_code":404}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{clientGroupId}/guardpoints/{guardpointId}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientGroupId","in":"path","type":"string","description":"An identifier of the CTE ClientGroup.\nThis can be the ID (a UUIDv4), URI, or name of ClientGroup.\n","required":true},{"name":"guardpointId","in":"path","type":"string","description":"An identifier of the CTE GuardPoint.\nThis can be either the ID (a UUIDv4) or URI of GuardPoint.\n","required":true}],"patch":{"summary":"Update","description":"Modify GuardPoint parameters. The parameters to be modified are placed in the body parameters. There is no default value for parameters.\n","tags":["CTE/ClientGroups-GuardPoints"],"x-permissions":["ReadClientGroupCTE","ReadGuardPointCTE","DeleteGuardPointCTE"],"x-resource-type":"ClientGroup-GuardPoint","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE GuardPoint parameters.","schema":{"type":"object","title":"Modify GuardPoint.","properties":{"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"network_share_credentials_id":{"description":"ID/Name of the credentials if the GuardPoint is applied to a network share. Supported for only LDT policies.","type":"string"},"mfa_enabled":{"description":"Whether to enable MFA (Multi Factor Authentication) or not.","type":"boolean"},"dps_id":{"description":"ID of the new Designated Primary Set.","type":"string"}},"example":{"guard_enabled":false,"network_share_credentials_id":"test-credentials"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]},"examples":{"application/json":{"id":"0c2981d7-694a-4d67-8a8d-fad870de30c1","uri":"kylo:kylo:henry:guardpoint:0c2981d7-694a-4d67-8a8d-fad870de30c1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-25T07:39:37.936089Z","updatedAt":"2023-05-25T07:41:28.740980913Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"66d06f0a-19a1-4943-b515-cbae4c21507b","client_name":"","client_group_name":"cg1","guard_point_type":"directory_auto","guard_enabled":false,"automount_enabled":false,"guard_path":"/home/path1","policy_id":"243b14ec-2251-449d-9ada-6fb1f8e6a414","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENTGROUP","policy_name":"TestPolicy","network_share_credentials_id":"","disabled_reason":"MANUAL","guard_point_state":"DISABLED","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"","dps_id":"243b14ec-2251-449d-9ada-6fb1f8e6a415","dps_name":"DPS1"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns details of a GuardPoint with the given id.\n","tags":["CTE/ClientGroups-GuardPoints"],"x-permissions":["ReadGuardPointCTE","ReadClientGroupCTE"],"x-resource-type":"ClientGroup-GuardPoint","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]},"examples":{"application/json":null,"id":"0c2981d7-694a-4d67-8a8d-fad870de30c1","uri":"kylo:kylo:henry:guardpoint:0c2981d7-694a-4d67-8a8d-fad870de30c1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-25T07:39:37.936089Z","updatedAt":"2023-05-25T07:41:28.740981Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"66d06f0a-19a1-4943-b515-cbae4c21507b","client_name":"","client_group_name":"cg1","guard_point_type":"directory_auto","guard_enabled":false,"automount_enabled":false,"guard_path":"/home/path1","policy_id":"243b14ec-2251-449d-9ada-6fb1f8e6a414","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENTGROUP","policy_name":"TestPolicy","network_share_credentials_id":"","disabled_reason":"MANUAL","guard_point_state":"DISABLED","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"","dps_id":"243b14ec-2251-449d-9ada-6fb1f8e6a415","dps_name":"DPS1"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{clientGroupId}/guardpoints/{guardpointId}/unguard":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientGroupId","in":"path","type":"string","description":"An identifier of the CTE ClientGroup.\nThis can be the ID (a UUIDv4), URI, or name of ClientGroup.\n","required":true},{"name":"guardpointId","in":"path","type":"string","description":"An identifier of the CTE GuardPoint.\nThis can be either the ID (a UUIDv4) or URI of GuardPoint.\n","required":true}],"patch":{"summary":"Unguard","description":"Unguards a GuardPoint from a ClientGroup.\n","tags":["CTE/ClientGroups-GuardPoints"],"x-permissions":["ReadClientGroupCTE","ReadGuardPointCTE","DeleteGuardPointCTE"],"x-resource-type":"ClientGroup-GuardPoint","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]},"examples":{"application/json":{"id":"193bb7eb-4219-4375-b935-a9a0f984b134","uri":"kylo:kylo:henry:guardpoint:193bb7eb-4219-4375-b935-a9a0f984b134","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-25T09:14:07.173806Z","updatedAt":"2023-05-25T09:14:46.330796Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"66d06f0a-19a1-4943-b515-cbae4c21507b","client_name":"","client_group_name":"cg1","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/path3","policy_id":"1b0a52a9-1423-4568-9c34-c27482984bcb","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENTGROUP","policy_name":"ldt","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"","dps_id":"243b14ec-2251-449d-9ada-6fb1f8e6a415","dps_name":"DPS1"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{clientGroupId}/guardpoints/{guardpointId}/early-access":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientGroupId","in":"path","type":"string","description":"An identifier of the CTE Client Group.\nThis can be the ID (a UUIDv4), URI, or name of ClientGroup.\n","required":true},{"name":"guardpointId","in":"path","type":"string","description":"An identifier of the CTE GuardPoint.\nThis can be either the ID (a UUIDv4) or URI of GuardPoint.\n","required":true}],"patch":{"summary":"Update Early Access on GuardPoint","description":"Enables or disables early access on a GuardPoint. Supported for Standard and LDT policies.\n","tags":["CTE/ClientGroups-GuardPoints"],"x-permissions":["ReadClientGroupCTE","ReadGuardPointCTE","UpdateGuardPointCTE"],"x-resource-type":"ClientGroup-GuardPoint","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE Guardpoint Early Access value.","schema":{"type":"object","title":"Modify GuardPoint Early Access.","required":["early_access"],"properties":{"early_access":{"description":"Whether to enable early access on the GuardPoint.","type":"boolean"}},"example":{"early_access":true}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]},"examples":{"application/json":{"id":"cfd39618-b5bf-4c4f-8789-b228e371bac3","uri":"kylo:kylo:henry:guardpoint:cfd39618-b5bf-4c4f-8789-b228e371bac3","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-25T09:12:21.673989Z","updatedAt":"2023-05-25T09:12:39.975525896Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"66d06f0a-19a1-4943-b515-cbae4c21507b","client_name":"","client_group_name":"cg1","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/path1","policy_id":"243b14ec-2251-449d-9ada-6fb1f8e6a414","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":true,"type":"CLIENTGROUP","policy_name":"TestPolicy","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"","dps_id":"243b14ec-2251-449d-9ada-6fb1f8e6a415","dps_name":"DPS1"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{clientGroupId}/guardpoints/{guardpointId}/preserve-sparse-regions-off":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientGroupId","in":"path","type":"string","description":"An identifier of the CTE Client Group.\nThis can be the ID (a UUIDv4), URI, or name of ClientGroup.\n","required":true},{"name":"guardpointId","in":"path","type":"string","description":"An identifier of the CTE GuardPoint.\nThis can be either the ID (a UUIDv4) or URI of GuardPoint.\n","required":true}],"patch":{"summary":"Turn Off Preserve Spase Region","description":"Turn off preserve sparse regions on the GuardPoint. Supported for Standard and LDT policies.\n","tags":["CTE/ClientGroups-GuardPoints"],"x-permissions":["ReadGuardPointCTE","ReadPolicyCTE","ReadSecurityRuleCTE","ReadKeyRuleCTE","ReadLDTRuleCTE","ReadClientGroupCTE","UpdateGuardPointCTE","ReadClientCTE"],"x-resource-type":"ClientGroup-GuardPoint","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]},"examples":{"application/json":{"id":"193bb7eb-4219-4375-b935-a9a0f984b134","uri":"kylo:kylo:henry:guardpoint:193bb7eb-4219-4375-b935-a9a0f984b134","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-05-25T09:14:07.173806Z","updatedAt":"2023-05-25T09:14:46.330796032Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"66d06f0a-19a1-4943-b515-cbae4c21507b","client_name":"","client_group_name":"cg1","guard_point_type":"directory_auto","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/path1","policy_id":"1b0a52a9-1423-4568-9c34-c27482984bcb","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CLIENTGROUP","policy_name":"ldt","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","csi_guard_status":null,"mfa_enabled":false,"native_domain":"root","gp_network_path":"","dps_id":"243b14ec-2251-449d-9ada-6fb1f8e6a415","dps_name":"DPS1"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{id}/ldtpause/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Send LDT Suspend/Resume Request to CTE ClientGroup","description":"Creates and sends an LDT suspend/resume request to all clients of a CTE ClientGroup.","tags":["CTE/ClientGroups"],"x-permissions":["ReadClientGroupCTE","ReadClientGroupClientAssociationCTE","UpdateClientGroupCTE"],"x-resource-type":"ClientGroup-GuardPoint","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE ClientGroup LDT Suspend/Resume parameters.","schema":{"type":"object","title":"CTE ClientGroup LDT Suspend/Resume parameters","required":["paused"],"properties":{"paused":{"description":"Suspend/resume the rekey operation on an LDT GuardPoint. Set the value to true to pause (suspend) the rekey. Set the value to false to resume rekey.","type":"boolean"}},"example":{"paused":true}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"cluster_type":{"description":"Cluster Type (NON-CLUSTER).","type":"string"},"description":{"description":"Descriptive string for ClientGroup","type":"string"},"client_locked":{"description":"Is FS Agent locked ?","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.\nWhen enabled, patches to the operating system of the client will fail due to the protection of these files.\n","type":"boolean"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Currently only `RESIGN` for re-signing client settings is available.","type":"string"},"enabled_capabilities":{"description":"Comma-separated agent capabilities that are enabled. Currently, only RESIGN can be enabled for re-signing client settings.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:clientgroup:ClientGroup1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","updatedAt":"0001-01-01T00:00:00Z","name":"ClientGroup1","description":"Test ClientGroup","cluster_type":"NON-CLUSTER","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","communication_enabled":true,"auth_binaries":"","capabilities":"RESIGN","enabled_capabilities":"","profile_id":"2a23f919-b777-4e88-9baa-4bfdc1808d70","profile_name":"DefaultClientProfile","domain_list":"[]","account_list":"[\"kylo:kylo:admin:accounts:kylo\"]","enable_domain_sharing":false,"native_domain":"root","ldt_status":"Running"}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/ldtpause/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Send LDT Suspend/Resume Request to CTE Client","description":"Creates and sends an LDT suspend/resume request to a client.","tags":["CTE/Clients"],"x-permissions":["ReadClientCTE"],"x-resource-type":"Client-GuardPoint","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE Client LDT Suspend/Resume parameters.","schema":{"type":"object","title":"CTE Client LDT Suspend/Resume parameters","required":["paused"],"properties":{"paused":{"description":"Suspend/resume the rekey operation on an LDT GuardPoint. Set the value to true to pause (suspend) the rekey. Set the value to false to resume rekey.","type":"boolean"}},"example":{"paused":true}}}],"responses":{"201":{"description":"OK","schema":{"type":"object","properties":{"status":{"description":"Status of Request (OK or FAIL).","type":"string"},"reference_id":{"description":"Reference ID for the request.","type":"string"}}},"examples":{"status":"OK","reference_id":"kCLyiYReaBVPfyIN"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/validatecosparams/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Validate Cloud Object Storage","description":"Validates the AWS S3 bucket before creating a GuardPoint for it.","tags":["CTE/CloudObjectStorage"],"parameters":[{"name":"body","in":"body","description":"CTE AWS S3 Bucket validation parameters","schema":{"type":"object","title":"Validate AWS S3 bucket","required":["access_key_id","secret_access_key","bucket_url"],"properties":{"access_key_id":{"type":"string","description":"ID of the AWS access key."},"secret_access_key":{"type":"string","description":"AWS secret access key."},"bucket_url":{"type":"string","description":"Complete URL of the S3 bucket."},"bucket_region":{"type":"string","description":"Region of the bucket. Specify if the bucket URL does not contain the region."}},"example":{"access_key_id":"AKUIYYHDNJ6574HKDJ","secret_access_key":"Jvxhd34fpvnrunjn+jfmmkGTVVgnh0ZUU","bucket_url":"https://s3.amazonaws.com/henrytest","bucket_region":"us-east-1"}}}],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/challenge-response/{challenge}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"challenge","in":"path","type":"string","description":"The challenge string generated on CTE client.","required":true}],"get":{"summary":"Get Challenge-Response","description":"Returns a response for the password challenge.\nWhen the CipherTrust Manager is unreachable from a protected client, the data stored in GuardPoints on the client cannot be accessed without the challenge-response.\nSpecify the client `id` and the `challenge` generated on that client when making the API call.\n","tags":["CTE/Clients"],"x-permissions":["ReadClientCTE"],"x-resource-type":"Clients","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"challenge_response":{"description":"When the CipherTrust Manager is unreachable from a protected client, the data stored in GuardPoints on the client cannot be accessed without the challenge-response.","type":"object","items":{"type":"object","properties":{"response_part1":{"description":"challenge response part 1.","type":"string"},"response_part2":{"description":"challenge response part 2.","type":"string"},"response_part3":{"description":"challenge response part 3.","type":"string"},"response_part4":{"description":"challenge response part 4.","type":"string"}}}}}}]},"examples":{"challenge_response":{"response_part1":"LVH3-4FWX-SROO-IL5X","response_part2":"45VH-WOWY-N5NW-SFIC","response_part3":"RMVC-OEMG-L5FL-TV2K","response_part4":"Z7Z7-WJ2G-EQIF-ROOT"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/compatibility-matrix":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Upload","description":"Upload the kernel Compatibility Matrix (only .tgz files). Set the content type to multipart/form-data and provide the file as form-data.\nThe CipherTrust Manager uses the Compatibility Matrix to automatically match the kernels running on the registered clients.\nIf a client is running an incompatible kernel, its status becomes Warning on the GUI.\n","tags":["CTE/Clients"],"x-permissions":["ReadKernelVersionCTE","CreateKernelVersionCTE"],"x-resource-type":"Clients","x-product":"CTE","consumes":["multipart/form-data"],"parameters":[{"name":"kernelJSONFile","in":"formData","type":"file"}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"75d386c3-c58d-4def-98b6-63b02838bdb5","uri":"kylo:kylo:henry:kernelversion:75d386c3-c58d-4def-98b6-63b02838bdb5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-11-02T12:36:56.46491092Z","updatedAt":"2020-11-02T12:36:56.46491092Z","MAPPING":{"MAPPING":[{"OS":"AL2017.09","KERNEL":[{"NUM":"4.9.51-10.52.amzn1.x86_64","START":"6.0.3.18","END":"0"},{"NUM":"4.9.58-18.51.amzn1.x86_64","START":"6.0.3.18","END":"0"},{"NUM":"4.9.58-18.55.amzn1.x86_64","START":"6.0.3.18","END":"0"}]}]}}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}}}},"get":{"summary":"Get","description":"Get a kernel compatibility-matrix.","produces":["text/plain"],"tags":["CTE/Clients"],"x-permissions":["ReadKernelVersionCTE"],"x-resource-type":"Clients","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"type":"file"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Delete a kernel compatibility-matrix.","tags":["CTE/Clients"],"x-permissions":["ReadKernelVersionCTE","DeleteKernelVersionCTE"],"x-resource-type":"Clients","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/idtkeyrules/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true}],"get":{"summary":"List","description":"Returns the list of IDT key rules added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/Policies-IDTRules"],"x-permissions":["ReadPolicyCTE","ReadSecurityRuleCTE","ReadKeyRuleCTE","ReadLDTRuleCTE","ReadIDTRuleCTE"],"x-resource-type":"IDTRule","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"current_key":{"description":"ID of the key currently linked with the rule.","type":"string"},"transformation_key":{"description":"ID of the transformation key to link with the rule.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"1261e65c-4f03-428a-b14d-385a7d8e975d","policy_id":"548d8d6e-c27e-4a51-8754-b86d373e148c","current_key":"clear_key","transformation_key":"MyKey"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/idtkeyrules/{idtRuleId}":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true},{"name":"idtRuleId","in":"path","type":"string","description":"An identifier of the CTE IDT Key Rule.\nThis can be either the ID (a UUIDv4) or URI of Rule.\n","required":true}],"patch":{"summary":"Update","description":"Modifies the IDT rule parameters. The parameters to be modified are placed in the body parameters. There is no default value for these parameters.\n","tags":["CTE/Policies-IDTRules"],"x-permissions":["ReadPolicyCTE","UpdatePolicyCTE","ReadSecurityRuleCTE","ReadKeyRuleCTE","ReadLDTRuleCTE","ReadGuardPointCTE","ReadIDTRuleCTE","UpdateIDTRuleCTE","ReadClientAndResourceMappingReadCTE","ReadUserSetCTE","ReadProcessSetCTE","ReadResourceSetCTE"],"x-resource-type":"IDTRule","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE IDT Rule parameters.","schema":{"type":"object","title":"Modify IDT Rule","properties":{"current_key":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"current_key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"},"transformation_key":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid or key_id.\n","type":"string"},"transformation_key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"}},"example":{"transformation_key":"MyKey"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"current_key":{"description":"ID of the key currently linked with the rule.","type":"string"},"transformation_key":{"description":"ID of the transformation key to link with the rule.","type":"string"}}}]},"examples":{"application/json":{"id":"1261e65c-4f03-428a-b14d-385a7d8e975d","policy_id":"548d8d6e-c27e-4a51-8754-b86d373e148c","current_key":"clear_key","transformation_key":"MyKey"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a key rule with the given id.\n","tags":["CTE/Policies-IDTRules"],"x-permissions":["ReadIDTRuleCTE"],"x-resource-type":"IDTRule","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"current_key":{"description":"ID of the key currently linked with the rule.","type":"string"},"transformation_key":{"description":"ID of the transformation key to link with the rule.","type":"string"}}}]},"examples":{"application/json":{"id":"1261e65c-4f03-428a-b14d-385a7d8e975d","policy_id":"548d8d6e-c27e-4a51-8754-b86d373e148c","current_key":"clear_key","transformation_key":"MyKey"}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the Client Health report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"x-permissions":["ReadClientsReportCTE"],"x-resource-type":"Reports","x-product":"CTE","parameters":[{"name":"domain_name","x-feature":"FF_DOMAINS","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS{{FF_CTE_CSI|, CSI,}}{{FF_CTE_USERSPACE| CTE-U}}."},{"name":"status","in":"query","required":false,"type":"string","description":"Filter clients by client health status. Valid values are UNREGISTERED, ERROR, WARNING, HEALTHY, EXPUNGED, WAITING FOR CONNECTION, NOT CONNECTED.\nTo filter clients by multiple status provide comma-delimited list of status.\nFor example: HEALTHY,WARNING\n...will filter clients which have HEALTHY or WARNING client health status.\n"},{"name":"os_type","in":"query","required":false,"type":"string","description":"Filter clients by os type of client.Valid values are LINUX, WINDOWS, AIX, FREEBSD and UNKNOWN. To filter clients by multiple os provide comma-delimited list of os."},{"name":"exclude_domain_sharing_data","x-feature":"FF_CTE_DOMAIN_SHARING","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,status,os_type,total_gp,enabled_gp.\nFor example:\n\n client_name,-status\n\n...will sort the results first by `client_name`, ascending, then by `status`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of Operation System. Ex. RHEL, Windows 7","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED or UNREGISTERED","type":"string"},"total_gp":{"description":"Number of GuardPoint on client.","type":"integer"},"enabled_gp":{"description":"Number of enabled GuardPoint on client.","type":"integer"},"client_group_name":{"x-feature":"FF_CTE_REPORT_CG_ASSN","description":"Name of the client group client is part of.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"domain_name":"domain_1","client_name":"Client_1","account":"kylo:kylo:admin:accounts:kylo","os_type":"UNKNOWN","os_sub_type":"","os_kernel":"","client_version":"","status":"UNREGISTERED","total_gp":1,"enabled_gp":0,"client_description":"Client_1 Description","client_group_name":"client_group_1"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients/download/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download Report","description":"Returns the Client Health report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"x-permissions":["ReadClientsReportCTE"],"x-resource-type":"Reports","x-product":"CTE","produces":["application/pdf","text/plain"],"parameters":[{"name":"domain_name","x-feature":"FF_DOMAINS","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"report_type","in":"query","required":true,"type":"string","description":"Type of Report. Valid values are csv and pdf."},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS{{FF_CTE_CSI|, CSI,}}{{FF_CTE_USERSPACE| CTE-U}}."},{"name":"status","in":"query","required":false,"type":"string","description":"Filter clients by client health status. Valid values are UNREGISTERED, ERROR, WARNING, HEALTHY, EXPUNGED, WAITING FOR CONNECTION, NOT CONNECTED.\nTo filter clients by multiple status provide comma-delimited list of status.\nFor example: HEALTHY,WARNING\n...will filter clients which have HEALTHY or WARNING client health status.\n"},{"name":"os_type","in":"query","required":false,"type":"string","description":"Filter clients by os type of client.Valid values are LINUX, WINDOWS, AIX, FREEBSD and UNKNOWN. To filter clients by multiple os provide comma-delimited list of os."},{"name":"addon_fields","in":"query","required":false,"type":"string","description":"Fields to be added in the downloaded report. Valid values are client_type, os_type, os_sub_type, os_kernel, client_version, total_gp, enabled_gp{{FF_CTE_REPORT_CG_ASSN|, client_group_name}} and client_description."},{"name":"exclude_domain_sharing_data","x-feature":"FF_CTE_DOMAIN_SHARING","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,status,os_type,total_gp,enabled_gp.\nFor example:\n\n client_name,-status\n\n...will sort the results first by `client_name`, ascending, then by `status`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"file"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients-keys/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the Client Keys report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"x-permissions":["ReadClientsKeysReportCTE"],"x-resource-type":"Reports","x-product":"CTE","parameters":[{"name":"domain_name","x-feature":"FF_DOMAINS","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS{{FF_CTE_CSI|, CSI,}}{{FF_CTE_USERSPACE| CTE-U}}."},{"name":"key_name","in":"query","required":false,"type":"string","description":"Filter report by Key name."},{"name":"exclude_domain_sharing_data","x-feature":"FF_CTE_DOMAIN_SHARING","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,key_name.\nFor example:\n\n client_name,-key_name\n\n...will sort the results first by `client_name`, ascending, then by `key_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"keys_name":{"description":"Name of configured Key.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"domain_name":"domain_1","client_name":"Client_1","client_type":"FS","account":"kylo:kylo:admin:accounts:kylo","uri":"kylo:kylo:henry:keyrule:f03faa3a-4617-4808-87fa-94f4392fdd83","key_name":"MyKey","client_description":"Client_1 Description"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients-keys/download/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download Report","description":"Download the Client Keys report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"x-permissions":["ReadClientsKeysReportCTE"],"x-resource-type":"Reports","x-product":"CTE","produces":["application/pdf","text/plain"],"parameters":[{"name":"domain_name","x-feature":"FF_DOMAINS","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"report_type","in":"query","required":true,"type":"string","description":"Type of Report. Valid values are csv and pdf."},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS{{FF_CTE_CSI|, CSI,}}{{FF_CTE_USERSPACE| CTE-U}}."},{"name":"key_name","in":"query","required":false,"type":"string","description":"Filter report by Key name."},{"name":"addon_fields","in":"query","required":false,"type":"string","description":"Fields to be added in the downloaded report. Valid value is client_description."},{"name":"exclude_domain_sharing_data","x-feature":"FF_CTE_DOMAIN_SHARING","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,key_name.\nFor example:\n\n client_name,-key_name\n\n...will sort the results first by `client_name`, ascending, then by `key_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"file"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients-profiles/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the Client Profile report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"x-permissions":["ReadClientsProfileReportCTE"],"x-resource-type":"Reports","x-product":"CTE","parameters":[{"name":"domain_name","x-feature":"FF_DOMAINS","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS{{FF_CTE_CSI|, CSI,}}{{FF_CTE_USERSPACE| CTE-U}}."},{"name":"profile_name","in":"query","required":false,"type":"string","description":"Filter report by Profile name."},{"name":"exclude_domain_sharing_data","x-feature":"FF_CTE_DOMAIN_SHARING","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,profile_name.\nFor example:\n\n client_name,-profile_name\n\n...will sort the results first by `client_name`, ascending, then by `profile_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"domain_name":"domain_1","client_name":"Client_1","client_type":"FS","account":"kylo:kylo:admin:accounts:kylo","uri":"kylo:kylo-c216dcc9-c239-4b16-82b0-2c3237bbc99a:henry:client:10.131.237.101","profile_name":"MyProfile","description":"Client_1 Description"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients-profiles/download/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download Report","description":"Download the Client Profiles report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"x-permissions":["ReadClientsProfileReportCTE"],"x-resource-type":"Reports","x-product":"CTE","produces":["application/pdf","text/plain"],"parameters":[{"name":"domain_name","x-feature":"FF_DOMAINS","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"report_type","in":"query","required":true,"type":"string","description":"Type of Report. Valid values are csv and pdf."},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS{{FF_CTE_CSI|, CSI,}}{{FF_CTE_USERSPACE| CTE-U}}."},{"name":"profile_name","in":"query","required":false,"type":"string","description":"Filter report by Profile name."},{"name":"addon_fields","in":"query","required":false,"type":"string","description":"Fields to be added in the downloaded report. Valid value is profile_description."},{"name":"exclude_domain_sharing_data","x-feature":"FF_CTE_DOMAIN_SHARING","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,profile_name.\nFor example:\n\n client_name,-profile_name\n\n...will sort the results first by `client_name`, ascending, then by `profile_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"file"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients-policies/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the Clients Policies report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"x-permissions":["ReadClientsPoliciesReportCTE"],"x-resource-type":"Reports","x-product":"CTE","parameters":[{"name":"domain_name","x-feature":"FF_DOMAINS","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS{{FF_CTE_CSI|, CSI,}}{{FF_CTE_USERSPACE| CTE-U}}."},{"name":"os_type","in":"query","required":false,"type":"string","description":"Filter clients by os type of client.Valid values are LINUX, WINDOWS, AIX, FREEBSD and UNKNOWN. To filter clients by multiple os provide comma-delimited list of os."},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter report by Policy name."},{"name":"policy_type","in":"query","required":false,"type":"string","description":"Filter report by Policy type. Valid values are “Standard”, “LDT”, \"IDT\" and “Cloud_Object_Storage”."},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guardpath enable state i.e. True or False"},{"name":"exclude_domain_sharing_data","x-feature":"FF_CTE_DOMAIN_SHARING","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"never_deny","in":"query","required":false,"type":"boolean","description":"Filter the results by learn mode enable state i.e. True or False"},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,policy_name,policy_type,os_type,guard_enabled,client_type,never_deny,last_policy_update.\nFor example:\n\n client_name,-policy_name\n\n...will sort the results first by `client_name`, ascending, then by `policy_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"policy_name":{"description":"Name of CTE Policy.","type":"string"},"policy_type":{"description":"HostName or IP Address of Client.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"domain_name":"domain_1","client_name":"Client_1","client_type":"FS","account":"kylo:kylo:admin:accounts:kylo","uri":"kylo:kylo:henry:guardpoint:823b353b-272f-4f33-a67d-8e339a245b95","os_type":"LINUX","policy_name":"MyPolicy","policy_type":"STANDARD","never_deny":false,"guard_enabled":true,"policy_description":"MyPolicy Description","last_policy_update":"2024-06-25T07:50:21.81278Z","transformation_policy":true}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients-policies/download/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download Report","description":"Download the Clients Policies report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"x-permissions":["ReadClientsPoliciesReportCTE"],"x-resource-type":"Reports","x-product":"CTE","produces":["application/pdf","text/plain"],"parameters":[{"name":"domain_name","x-feature":"FF_DOMAINS","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"report_type","in":"query","required":true,"type":"string","description":"Type of Report. Valid values are csv and pdf."},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS{{FF_CTE_CSI|, CSI,}}{{FF_CTE_USERSPACE| CTE-U}}."},{"name":"os_type","in":"query","required":false,"type":"string","description":"Filter clients by os type of client.Valid values are LINUX, WINDOWS, AIX, FREEBSD and UNKNOWN. To filter clients by multiple os provide comma-delimited list of os."},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter report by Policy name."},{"name":"policy_type","in":"query","required":false,"type":"string","description":"Filter report by Policy type. Valid values are “Standard”, “LDT”, \"IDT\" and “Cloud_Object_Storage”."},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guardpath enable state i.e. True or False"},{"name":"omit_fields","in":"query","required":false,"type":"string","description":"Fields to be omitted from the report. Valid values are os_type, policy_type, guard_enabled, never_deny, policy_description{{FF_CTE_CLIENT_POLICIES_REPORT_UPDATE|, transformation_policy and last_policy_update}}."},{"name":"exclude_domain_sharing_data","x-feature":"FF_CTE_DOMAIN_SHARING","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"never_deny","in":"query","required":false,"type":"boolean","description":"Filter the results by learn mode enable state i.e. True or False"},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,policy_name,policy_type,os_type,guard_enabled,client_type,never_deny,last_policy_update.\nFor example:\n\n client_name,-policy_name\n\n...will sort the results first by `client_name`, ascending, then by `policy_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"file"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/policies-keys/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the Policies Keys report for the resources available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"x-permissions":["ReadPolicyKeysReportCTE"],"x-resource-type":"Reports","x-product":"CTE","parameters":[{"name":"domain_name","x-feature":"FF_DOMAINS","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter report by Policy name."},{"name":"policy_type","in":"query","required":false,"type":"string","description":"Filter report by Policy type. Valid values are “Standard”, “LDT”, \"IDT\" and “Cloud_Object_Storage”."},{"name":"key_name","in":"query","required":false,"type":"string","description":"Filter the results by Key Name."},{"name":"sort","in":"query","default":"policy_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are policy_name,policy_type,key_name.\nFor example:\n\n key_name,-policy_name\n\n...will sort the results first by `key_name`, ascending, then by `policy_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"policy_name":{"description":"Name of CTE Policy.","type":"string"},"policy_type":{"description":"HostName or IP Address of Client.","type":"string"},"keys_name":{"description":"Name of configured Key.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"domain_name":"domain_1","account":"kylo:kylo:admin:accounts:kylo","uri":"kylo:kylo:henry:policy:STANDARD","policy_name":"MyPolicy","policy_type":"STANDARD","key_name":"MyKey","policy_description":"MyPolicy Description"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/policies-keys/download/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download Report","description":"Download the Policies Keys report for the resources available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"x-permissions":["ReadPolicyKeysReportCTE"],"x-resource-type":"Reports","x-product":"CTE","produces":["application/pdf","text/plain"],"parameters":[{"name":"domain_name","x-feature":"FF_DOMAINS","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"report_type","in":"query","required":true,"type":"string","description":"Type of Report. Valid values are csv and pdf."},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter report by Policy name."},{"name":"policy_type","in":"query","required":false,"type":"string","description":"Filter report by Policy type. Valid values are “Standard”, “LDT”, \"IDT\" and “Cloud_Object_Storage”."},{"name":"key_name","in":"query","required":false,"type":"string","description":"Filter the results by Key Name."},{"name":"addon_fields","in":"query","required":false,"type":"string","description":"Fields to be added in the downloaded report. Valid value is policy_description."},{"name":"sort","in":"query","default":"policy_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are policy_name,policy_type,key_name.\nFor example:\n\n key_name,-policy_name\n\n...will sort the results first by `key_name`, ascending, then by `policy_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"file"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/guardpoints/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the GuardPoints report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"x-permissions":["ReadGuardPointsReportCTE"],"x-resource-type":"Reports","x-product":"CTE","parameters":[{"name":"domain_name","x-feature":"FF_DOMAINS","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS{{FF_CTE_CSI|, CSI,}}{{FF_CTE_USERSPACE| CTE-U}}."},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter report by Policy name."},{"name":"guard_point_type","in":"query","required":false,"type":"string","description":"Filter report by GuardPoint type. To filter using multiple values, provide comma-delimited list of type. The options are - directory_auto - directory_manual - rawdevice_manual - rawdevice_auto - cloudstorage_auto - cloudstorage_manual"},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guardpath enable state i.e. True or False"},{"name":"guard_path","in":"query","required":false,"type":"string","description":"Filter the results by guard path of Guardpoint."},{"name":"exclude_domain_sharing_data","x-feature":"FF_CTE_DOMAIN_SHARING","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,policy_name,guard_point_type,guard_path,guard_enabled.\nFor example:\n\n client_name,-policy_name\n\n...will sort the results first by `client_name`, ascending, then by `policy_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"policy_name":{"description":"Name of CTE Policy.","type":"string"},"guard_point_type":{"description":"Type of the GuardPoint, that is, directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"domain_name":"domain_1","client_name":"Client_1","client_type":"FS","account":"kylo:kylo:admin:accounts:kylo","uri":"kylo:kylo:henry:guardpoint:e3bdb9f6-3f39-41a0-a396-b3f76249ef2a","policy_name":"MyPolicy","guard_path":"/opt/path1","guard_enabled":true,"guard_point_type":"directory_auto"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/guardpoints/download/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download Report","description":"Download the GuardPoints report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"x-permissions":["ReadGuardPointsReportCTE"],"x-resource-type":"Reports","x-product":"CTE","produces":["application/pdf","text/plain"],"parameters":[{"name":"domain_name","x-feature":"FF_DOMAINS","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"report_type","in":"query","required":true,"type":"string","description":"Type of Report. Valid values are csv and pdf."},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS{{FF_CTE_CSI|, CSI,}}{{FF_CTE_USERSPACE| CTE-U}}."},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter report by Policy name."},{"name":"guard_point_type","in":"query","required":false,"type":"string","description":"Filter report by GuardPoint type. To filter using multiple values, provide comma-delimited list of type. The options are - directory_auto - directory_manual - rawdevice_manual - rawdevice_auto - cloudstorage_auto - cloudstorage_manual"},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guardpath enable state i.e. True or False"},{"name":"guard_path","in":"query","required":false,"type":"string","description":"Filter the results by guard path of Guardpoint."},{"name":"omit_fields","in":"query","required":false,"type":"string","description":"Fields to be omitted from the report. Valid values are guard_point_type and guard_enabled."},{"name":"exclude_domain_sharing_data","x-feature":"FF_CTE_DOMAIN_SHARING","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,policy_name,guard_point_type,guard_path,guard_enabled.\nFor example:\n\n client_name,-policy_name\n\n...will sort the results first by `client_name`, ascending, then by `policy_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"file"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients-guard-status/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the Clients GuardPoint Status report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"x-permissions":["ReadClientsGuardStatusReportCTE"],"x-resource-type":"Reports","x-product":"CTE","parameters":[{"name":"domain_name","x-feature":"FF_DOMAINS","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS{{FF_CTE_CSI|, CSI,}}{{FF_CTE_USERSPACE| CTE-U}}."},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter report by Policy name."},{"name":"guard_point_state","in":"query","required":false,"type":"string","description":"Filter the results by state of Guardpoint. Valid values are ACTIVE, INACTIVE, UNKNOWN or DISABLED. To filter using multiple values, provide comma-delimited list."},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guardpath enable state i.e. True or False"},{"name":"guard_path","in":"query","required":false,"type":"string","description":"Filter the results by guard path of Guardpoint."},{"name":"exclude_domain_sharing_data","x-feature":"FF_CTE_DOMAIN_SHARING","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,policy_name,guard_point_state,guard_path,guard_enabled.\nFor example:\n\n client_name,-policy_name\n\n...will sort the results first by `client_name`, ascending, then by `policy_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"policy_name":{"description":"Name of CTE Policy.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"guard_point_state":{"description":"Current state of GuardPoint e.g. UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"rekey_status":{"description":"Status of the rekey operation at CTE.","type":"string"},"est_rekey_time":{"description":"Estimated Rekey time in Day:Hour:Min.","type":"string"},"rekey_start_time":{"description":"Rekey start time.","type":"string"},"rekey_end_time":{"description":"Rekey end time.","type":"string"},"total_file":{"description":"Total files to be Transformed.","type":"integer"},"file_rekeyed":{"description":"Total files Transformed.","type":"integer"},"file_deleted":{"description":"Total Number of Files Deleted.","type":"integer"},"file_skipped":{"description":"Total files skipped.","type":"integer"},"total_size":{"description":"Total bytes to be Transformed.","type":"integer"},"byte_rekeyed":{"description":"Total bytes Transformed.","type":"integer"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"domain_name":"domain_1","client_name":"Client_1","client_type":"FS","account":"kylo:kylo:admin:accounts:kylo","guard_path":"/opt/pqr","policy_name":"MyPolicy","key_name":"MyKey","guard_point_state":"ACTIVE","guard_enabled":true,"rekey_status":"REKEYED","est_rekey_time":"000:00:00","rekey_start_time":"2020-10-30 07:56:31","rekey_end_time":"2020-10-30 07:56:32","total_file":10,"file_rekeyed":10,"file_deleted":0,"file_skipped":0,"total_size":204800,"byte_rekeyed":204800}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients-guard-status/download/":{"x-feature":"FF_CTE","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download Report","description":"Download the Clients GuardPoint Status report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"x-permissions":["ReadClientsGuardStatusReportCTE"],"x-resource-type":"Reports","x-product":"CTE","produces":["application/pdf","text/plain"],"parameters":[{"name":"domain_name","x-feature":"FF_DOMAINS","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"report_type","in":"query","required":true,"type":"string","description":"Type of Report. Valid values are csv and pdf."},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS{{FF_CTE_CSI|, CSI,}}{{FF_CTE_USERSPACE| CTE-U}}."},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter report by Policy name."},{"name":"guard_point_state","in":"query","required":false,"type":"string","description":"Filter the results by state of Guardpoint. Valid values are ACTIVE, INACTIVE, UNKNOWN or DISABLED. To filter using multiple values, provide comma-delimited list."},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guardpath enable state i.e. True or False"},{"name":"guard_path","in":"query","required":false,"type":"string","description":"Filter the results by guard path of Guardpoint."},{"name":"addon_fields","in":"query","required":false,"type":"string","description":"Additional fields that can be added to the report. Maximum of 2 additional fields can be added for PDF reports. Valid values are guard_enabled, client_type, key_name, rekey_status, est_rekey_time, rekey_start_time, rekey_end_time, total_file, file_deleted, file_skipped, total_size, byte_rekeyed, file_rekeyed"},{"name":"exclude_domain_sharing_data","x-feature":"FF_CTE_DOMAIN_SHARING","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,policy_name,guard_point_state,guard_path,guard_enabled.\nFor example:\n\n client_name,-policy_name\n\n...will sort the results first by `client_name`, ascending, then by `policy_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"file"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{clientGroupId}/dps/":{"x-feature":"FF_CTE_DPS","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientGroupId","in":"path","type":"string","description":"An identifier of the CTE client group.\nThis can be the ID (a UUIDv4), URI, or name of the client group.\n","required":true}],"post":{"summary":"Create","description":"Adds a new Designated Primary Set to the client group.","tags":["CTE/ClientGroups-DesignatedPrimarySet"],"x-permissions":["CreateClientGroupCTE","ReadClientGroupCTE"],"x-resource-type":"ClientGroup-DesignatedPrimarySet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"Designated Primary Set creation parameters","schema":{"type":"object","title":"Create Designated Primary Set","required":["name","ldt_comm_group_service_id","client_list"],"properties":{"name":{"description":"Name for the Designated Primary Set to be created.","type":"string"},"ldt_comm_group_service_id":{"description":"An identifier of the LDT communication group (common to all associated clients of the client group).","type":"string"},"client_list":{"description":"Comma-separated IDs (only) of the clients already associated with the client group.","type":"string"}},"example":{"name":"DPS1","ldt_comm_group_service_id":"testLDT","client_list":"testClient"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"ldt_comm_group_service_id":{"description":"ID of the LDT communication group associated with the CTE clients using the Designated Primary Set.","type":"string"},"primary_client_id_list":{"description":"List of comma-separated IDs of primary clients.","type":"string"},"primary_client_name_list":{"description":"List of comma-separated names of primary clients.","type":"string"}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:clientgroup:ClientGroup1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","updatedAt":"0001-01-01T00:00:00Z","name":"DPS1","client_group_id":"s0nf478d-baf6-41a6-b00e-92efbf2bd5c3","ldt_comm_group_service_id":"dauf478d-baf6-41a6-b00e-92efbf2bd5c3","primary_client_id_list":"dauf478d-baf6-41a6-b00e-92efbf2bd5c3,dadf478d-baf6-41a6-b00e-92efbf2bd5c3","primary_client_name_list":"client1,client2"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Gets details of all Designated Primary Sets associated with the client group.","tags":["CTE/ClientGroups-DesignatedPrimarySet"],"x-permissions":["ReadGuardPointCTE","ReadClientGroupCTE"],"x-resource-type":"ClientGroup-DesignatedPrimarySet","x-product":"CTE","parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"id","in":"query","required":false,"type":"string","description":"Filter result using the DPS id."},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the DPS name."}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"ldt_comm_group_service_id":{"description":"ID of the LDT communication group associated with the CTE clients using the Designated Primary Set.","type":"string"},"primary_client_id_list":{"description":"List of comma-separated IDs of primary clients.","type":"string"},"primary_client_name_list":{"description":"List of comma-separated names of primary clients.","type":"string"}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:clientgroup:ClientGroup1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","updatedAt":"0001-01-01T00:00:00Z","name":"DPS1","client_group_id":"s0nf478d-baf6-41a6-b00e-92efbf2bd5c3","ldt_comm_group_service_id":"dauf478d-baf6-41a6-b00e-92efbf2bd5c3","primary_client_id_list":"dauf478d-baf6-41a6-b00e-92efbf2bd5c3,dadf478d-baf6-41a6-b00e-92efbf2bd5c3","primary_client_name_list":"client1,client2"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{clientGroupId}/dps/{dpsId}":{"x-feature":"FF_CTE_DPS","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientGroupId","in":"path","type":"string","description":"An identifier of the CTE ClientGroup.\nThis can be the ID (a UUIDv4), URI, or name of the client group.\n","required":true},{"name":"dpsId","in":"path","type":"string","description":"An identifier of the associated Designated Primary Set.\n","required":true}],"patch":{"summary":"Update","description":"Modifies existing Designated Primary Set parameters. The parameters to be modified are placed in the body parameters. There is no default value for parameters.\n","tags":["CTE/ClientGroups-DesignatedPrimarySet"],"x-permissions":["ReadClientGroupCTE","UpdateClientGroupCTE"],"x-resource-type":"ClientGroup-DesignatedPrimarySet","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"Designated Primary Set modification parameters","schema":{"type":"object","title":"Modify Designated Primary Set","properties":{"client_list":{"description":"Comma-separated IDs (only) of the clients already associated with the client group.","type":"string"}},"example":{"client_list":"testClient"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"ldt_comm_group_service_id":{"description":"ID of the LDT communication group associated with the CTE clients using the Designated Primary Set.","type":"string"},"primary_client_id_list":{"description":"List of comma-separated IDs of primary clients.","type":"string"},"primary_client_name_list":{"description":"List of comma-separated names of primary clients.","type":"string"}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:clientgroup:ClientGroup1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","updatedAt":"0001-01-01T00:00:00Z","name":"DPS1","client_group_id":"s0nf478d-baf6-41a6-b00e-92efbf2bd5c3","ldt_comm_group_service_id":"dauf478d-baf6-41a6-b00e-92efbf2bd5c3","primary_client_id_list":"dauf478d-baf6-41a6-b00e-92efbf2bd5c3,dadf478d-baf6-41a6-b00e-92efbf2bd5c3","primary_client_name_list":"client1,client2"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Gets details of the existing Designated Primary Set associated with the client group.","tags":["CTE/ClientGroups-DesignatedPrimarySet"],"x-permissions":["ReadGuardPointCTE","ReadClientGroupCTE"],"x-resource-type":"ClientGroup-DesignatedPrimarySet","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"ldt_comm_group_service_id":{"description":"ID of the LDT communication group associated with the CTE clients using the Designated Primary Set.","type":"string"},"primary_client_id_list":{"description":"List of comma-separated IDs of primary clients.","type":"string"},"primary_client_name_list":{"description":"List of comma-separated names of primary clients.","type":"string"}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:clientgroup:ClientGroup1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","updatedAt":"0001-01-01T00:00:00Z","name":"DPS1","client_group_id":"s0nf478d-baf6-41a6-b00e-92efbf2bd5c3","ldt_comm_group_service_id":"dauf478d-baf6-41a6-b00e-92efbf2bd5c3","primary_client_id_list":"dauf478d-baf6-41a6-b00e-92efbf2bd5c3,dadf478d-baf6-41a6-b00e-92efbf2bd5c3","primary_client_name_list":"client1,client2"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes the existing Designated Primary Set associated with the client group (to be used with CIFS GuardPoint).","tags":["CTE/ClientGroups-DesignatedPrimarySet"],"x-permissions":["ReadSignatureSetCTE","ReadClientCTE","ReadClientGroupCTE","DeletePolicyElementsCTE","DeleteSignatureSetCTE"],"x-resource-type":"ClientGroup-DesignatedPrimarySet","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/csigroups/":{"x-feature":"FF_CTE_CSI","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a CTE CSI storage group on the CipherTrust Manager.","tags":["CTE/CSIStorageGroups"],"x-permissions":["ReadCSIStorageGroupCTE","CreateCSIStorageGroupCTE"],"x-resource-type":"CSIStorageGroups","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CTE CSI storage group creation parameters.","schema":{"type":"object","title":"Create CTE CSI Storage Group","required":["name","k8s_namespace","k8s_storage_class"],"properties":{"name":{"description":"Name to uniquely identify the CSI storage group. This name will be visible on the CipherTrust Manager.","type":"string"},"k8s_namespace":{"description":"Name of the K8s namespace.","type":"string"},"k8s_storage_class":{"description":"Name of the K8s StorageClass.","type":"string"},"description":{"description":"Optional description for the storage group.","type":"string"},"client_profile":{"description":"Optional Client Profile for the storage group. If not provided, the default profile will be used.","type":"string"}},"example":{"name":"CSIStorageGroup_1","k8s_namespace":"K8sNamespace_1","k8s_storage_class":"K8sStorageClass_1","description":"Test CSIStorageGroup","client_profile":"DefaultClientProfile"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"k8s_namespace":{"description":"k8s_namespace name.","type":"string"},"k8s_storage_class":{"description":"k8s_storage_class name.","type":"string"},"description":{"description":"Description of CSI Storage Group.","type":"string"},"client_profile_id":{"description":"Client Profile ID of CSI Storage Group.","type":"string"},"client_profile_name":{"description":"Client Profile Name of CSI Storage Group.","type":"string"}}}]},"examples":{"application/json":{"id":"aa360d01-2cd6-4129-b376-753f882b4e67","uri":"kylo:kylo:henry:storagegroup:csistoragegroup_1:aa360d01-2cd6-4129-b376-753f882b4e67","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-20T08:11:30.292240179Z","updatedAt":"2021-09-20T08:11:30.292240179Z","name":"CSIStorageGroup_1","k8s_namespace":"K8sNamespace_1","k8s_storage_class":"K8sStorageClass_1","description":"Test CSIStorageGroup","client_profile_name":"DefaultClientProfile","client_profile_id":"bb360d01-2cd6-4129-b376-753f882b4e676"}}}}},"get":{"summary":"List","description":"Returns the list of CSI storage groups. The results can be filtered using the query parameters. The sorting can be done by `name`, `k8s_namespace`, and `k8s_storage_class`.\n","tags":["CTE/CSIStorageGroups"],"x-permissions":["ReadCSIStorageGroupCTE"],"x-resource-type":"CSIStorageGroups","x-product":"CTE","parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter the results by name of CSI storage groups. Use wildcards to search for CSI storage groups matching the specified pattern in their names."},{"name":"k8s_namespace","in":"query","required":false,"type":"string","description":"Filter the results by namespace of CSI storage groups. Use wildcards to search for CSI storage groups matching the specified pattern in their namespaces."},{"name":"k8s_storage_class","in":"query","required":false,"type":"string","description":"Filter the results by StorageClass of CSI storage groups. Use wildcards to search for CSI storage groups matching the specified pattern in their StorageClasses."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"k8s_namespace":{"description":"k8s_namespace name.","type":"string"},"k8s_storage_class":{"description":"k8s_storage_class name.","type":"string"},"description":{"description":"Description of CSI Storage Group.","type":"string"},"client_profile_id":{"description":"Client Profile ID of CSI Storage Group.","type":"string"},"client_profile_name":{"description":"Client Profile Name of CSI Storage Group.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"5bb9802d-5792-43a0-a207-1fb8750d7255","uri":"kylo:kylo:henry:storagegroup:csistoragegroup_1-5bb9802d-5792-43a0-a207-1fb8750d7255","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-20T03:33:03.336094Z","updatedAt":"2021-09-20T03:34:03.336094Z","name":"CSIStorageGroup_1","k8s_namespace":"K8sNamespace_1","k8s_storage_class":"K8sStorageClass_1","description":"Test CSIStorageGroup","client_profile_name":"DefaultClientProfile","client_profile_id":"bb360d01-2cd6-4129-b376-753f882b4e676"}]}}}}}},"/v1/transparent-encryption/csigroups/{id}":{"x-feature":"FF_CTE_CSI","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a CSI storage group with the given id.","tags":["CTE/CSIStorageGroups"],"x-permissions":["ReadCSIStorageGroupCTE"],"x-resource-type":"CSIStorageGroups","x-product":"CTE","responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"k8s_namespace":{"description":"k8s_namespace name.","type":"string"},"k8s_storage_class":{"description":"k8s_storage_class name.","type":"string"},"description":{"description":"Description of CSI Storage Group.","type":"string"},"client_profile_id":{"description":"Client Profile ID of CSI Storage Group.","type":"string"},"client_profile_name":{"description":"Client Profile Name of CSI Storage Group.","type":"string"}}}]},"examples":{"application/json":[{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:storagegroup:csi_sg1-dadf478d-baf6-41a6-b00e-92efbf2bd5c3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-20T09:06:16.16117433Z","updatedAt":"2021-09-20T10:00:00Z","name":"csi_sg1","k8s_namespace":"K8sNamespace_1","k8s_storage_class":"K8sStorageClass_1","description":"Test CSI StorageGroup","client_profile_name":"DefaultClientProfile","client_profile_id":"bb360d01-2cd6-4129-b376-753f882b4e676"}]}},"404":{"description":"CSI storage group not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Updates the details of a CSI storage group with the given id.","tags":["CTE/CSIStorageGroups"],"x-permissions":["ReadCSIStorageGroupCTE","ReadProfileCTE","UpdateCSIStorageGroupCTE"],"x-resource-type":"CSIStorageGroups","x-product":"CTE","parameters":[{"name":"body","in":"body","description":"CSI storage group parameters to be modified.\n","schema":{"type":"object","title":"Update CSI StorageGroup","properties":{"description":{"description":"Description of the storage group.","type":"string"},"client_profile":{"description":"Client profile for the storage group.","type":"string"}},"example":{"description":"Test"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"k8s_namespace":{"description":"k8s_namespace name.","type":"string"},"k8s_storage_class":{"description":"k8s_storage_class name.","type":"string"},"description":{"description":"Description of CSI Storage Group.","type":"string"},"client_profile_id":{"description":"Client Profile ID of CSI Storage Group.","type":"string"},"client_profile_name":{"description":"Client Profile Name of CSI Storage Group.","type":"string"}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:storagegroup:csi_sg1-dadf478d-baf6-41a6-b00e-92efbf2bd5c3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-20T09:06:16.16117433Z","updatedAt":"2021-09-20T10:00:00Z","name":"csi_sg1","k8s_namespace":"K8sNamespace_1","k8s_storage_class":"K8sStorageClass_1","description":"Test CSI StorageGroup","client_profile_name":"DefaultClientProfile","client_profile_id":"bb360d01-2cd6-4129-b376-753f882b4e676"}}},"404":{"description":"CSI StorageGroup not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a CSI storage group with the given id from the CipherTrust Manager.\n","tags":["CTE/CSIStorageGroups"],"x-permissions":["ReadCSIStorageGroupCTE","ReadCSIStorageGroupClientAssnCTE","ReadClientCTE","ReadGuardPointCTE","DeleteCSIStorageGroupCTE"],"x-resource-type":"CSIStorageGroups","x-product":"CTE","responses":{"204":{"description":"OK","schema":{"type":"string"}},"404":{"description":"CSI storage group not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/transparent-encryption/csigroups/{id}/clients/":{"x-feature":"FF_CTE_CSI","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add Clients to Storage Group","description":"Adds CSI clients to an existing storage group.","tags":["CTE/CSIStorageGroups"],"x-permissions":["ReadCSIStorageGroupCTE","ReadClientCTE","ReadCSIStorageGroupClientAssnCTE","CreateCSIStorageGroupClientAssnCTE","ReadGuardPointCTE"],"x-resource-type":"CSIStorageGroups","x-product":"CTE","parameters":[{"name":"id","in":"path","description":"An identifier of the CTE storage group. This identifier can be the name or UUID.","type":"string","required":true},{"name":"body","in":"body","description":"CTE storage group and client association parameters.","schema":{"type":"object","title":"Add Clients to Storage Group","required":["client_list"],"properties":{"client_list":{"description":"List of identifiers of clients to be associated with the client group. This identifier can be the name or UUID.","type":"array","items":{"type":"string"}}},"example":{"client_list":["Client1","Client2"]}}}],"responses":{"201":{"description":"Client added to storage group.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"storage_group_id":{"type":"string","description":"UUID of CTE Storage Group."},"client_id":{"type":"string","description":"UUID of CTE Client."},"storage_group_name":{"type":"string","description":"Name of CTE Storage Group."},"client_name":{"type":"integer","description":"Name of CTE Client."}}}]}},"207":{"description":"Client added to storage group.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"storage_group_id":{"type":"string","description":"UUID of CTE Storage Group."},"client_id":{"type":"string","description":"UUID of CTE Client."},"storage_group_name":{"type":"string","description":"Name of CTE Storage Group."},"client_name":{"type":"integer","description":"Name of CTE Client."}}}]},"examples":{"application/json":{"association_response":[{"id":"bb9588ad-3c18-4bb4-9571-b90caa2f6675","uri":"kylo:kylo:henry:storagegroupclientassn:bb9588ad-3c18-4bb4-9571-b90caa2f6675","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-04-04T09:57:18.490128478Z","updatedAt":"2020-04-04T09:57:18.490128478Z","storage_group_id":"4687c178-5579-40f2-9a64-48cb6196fe4f","client_id":"cb68453a-234f-44f1-abf6-8e93509ae955","storage_group_name":"SG1","client_name":"ubuntu_vm"}],"num_failed_association":1,"failed_associations":{"centos_vm":{"reason":"Failed to attach client to group","return_code":422}}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List Clients in Storage Group","description":"Returns the list of clients in a storage group. The sorting can be done by `name`, `id`, `num_errors`, `num_gp_errors`, `num_warnings`, `client_health_status`, `profile_id`, `profile_name`, `updatedAt`, `createdAt`, and `client_type`.\n","tags":["CTE/CSIStorageGroups"],"x-permissions":["ReadCSIStorageGroupCTE","ReadClientCTE","ReadCSIStorageGroupClientAssnCTE"],"x-resource-type":"CSIStorageGroups","x-product":"CTE","parameters":[{"name":"id","in":"path","description":"An identifier of the CTE storage group. This identifier can be the name or UUID.","type":"string","required":true},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter the results by name of client."},{"name":"client_id","in":"query","required":false,"type":"string","description":"Filter the results by UUID of client."},{"name":"client_health_status","in":"query","required":false,"type":"string","description":"Filter the results by health status of client. Multiple values can be provided separated by comma. Health status can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma-separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`. \n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"2,","resources":[{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:10.164.13.17","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"one_way_communication":false,"password_creation_method":"GENERATE","client_version":9,"min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":100536,"config_ref":78651,"capabilities":"LDT,DOCKER,ES,CBCCS1","enabled_capabilities":"LDT,ES","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":""},{"id":"3604b51e-17d7-4d85-abc5-a414114966d3","uri":"kylo:kylo:henry:client:10.164.13.18","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de5c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"one_way_communication":false,"password_creation_method":"GENERATE","client_version":9,"min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":100536,"config_ref":78651,"capabilities":"LDT,DOCKER,ES,CBCCS1","enabled_capabilities":"LDT,ES","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":""}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/csigroups/{id}/clients/{client_id}":{"x-feature":"FF_CTE_CSI","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"delete":{"summary":"Remove Client from Storage Group","description":"Removes a client with the given id from a storage group with the given id.","tags":["CTE/CSIStorageGroups"],"x-permissions":["ReadCSIStorageGroupCTE","ReadClientCTE","ReadGuardPointCTE","ReadCSIStorageGroupClientAssnCTE","DeleteCSIStorageGroupClientAssnCTE"],"x-resource-type":"CSIStorageGroups","x-product":"CTE","parameters":[{"name":"id","in":"path","description":"An identifier of the CTE storage group. This identifier can be the name or UUID.","type":"string","required":true},{"name":"client_id","in":"path","description":"An identifier of the CTE client. This identifier can be the name or UUID.","type":"string","required":true}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get StorageGroup Client Association","description":"Returns the association between a storage group and a client.","tags":["CTE/CSIStorageGroups"],"x-permissions":["ReadCSIStorageGroupCTE","ReadClientCTE","ReadCSIStorageGroupClientAssnCTE"],"x-resource-type":"CSIStorageGroups","x-product":"CTE","parameters":[{"name":"id","in":"path","description":"An identifier of the CTE storage group. This identifier can be the name or UUID.","type":"string","required":true},{"name":"client_id","in":"path","description":"An identifier of the CTE client. This identifier can be the name or UUID.","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"storage_group_id":{"type":"string","description":"UUID of CTE Storage Group."},"client_id":{"type":"string","description":"UUID of CTE Client."},"storage_group_name":{"type":"string","description":"Name of CTE Storage Group."},"client_name":{"type":"integer","description":"Name of CTE Client."}}}]},"examples":{"application/json":{"id":"f5d29707-6572-4ab8-8c14-aff8b7195664","uri":"kylo:kylo:henry:storagegroupclientassn:U5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-23T16:19:56.428692275Z","updatedAt":"2018-05-23T16:19:56.428692275Z","storage_group_id":"79a27b89-7e02-4afa-85d2-8ac5d5677f23","client_id":"db0b7cd9-a27e-4334-bfd9-a3c375b07fde","storage_group_name":"StorageGroup1","client_name":"Client_1"}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/csigroups/{id}/guardpoints/":{"x-feature":"FF_CTE_CSI","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add GuardPolicy to Storage Group","description":"Adds GuardPolicies to an existing storage group.","tags":["CTE/CSIStorageGroups"],"x-permissions":["ReadCSIStorageGroupCTE","ReadGuardPointCTE","ReadPolicyCTE","CreateGuardPointCTE"],"x-resource-type":"CSIStorageGroups","x-product":"CTE","parameters":[{"name":"id","in":"path","description":"An identifier of the CTE storage group. This identifier can be the name or UUID.","type":"string","required":true},{"name":"body","in":"body","description":"CSI storage group and guard policy association parameters.","schema":{"type":"object","title":"Add GuardPolicies to StorageGroup","required":["policy_list"],"properties":{"policy_list":{"description":"List of CSI policy identifiers to be associated with the storage group. This identifier can be the name or UUID.","type":"array","items":{"type":"string"}}},"example":{"policy_list":["CSI_Policy_1","CSI_Policy_2"]}}}],"responses":{"201":{"description":"Policy added to StorageGroup.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]},"examples":{"application/json":{"guardpoints":[{"guardpoint":{"id":"dc763c13-b1a5-42ad-abe3-b11978a978c9","uri":"kylo:kylo:henry:guardpoint:dc763c13-b1a5-42ad-abe3-b11978a978c9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-11-02T09:37:14.764655844Z","updatedAt":"2021-11-02T09:37:14.764655844Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"5f33954e-b518-4425-b251-6e536b227c38","client_name":"","client_group_name":"SG_1","guard_point_type":"directory_manual","guard_enabled":true,"automount_enabled":false,"guard_path":"/CSI_Policy_7","policy_id":"92472414-8a7f-4bb8-8160-c47cd8a4430d","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CSIGROUP","data_classification_enabled":false,"data_lineage_enabled":false,"policy_name":"CSI_Policy_7","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""},"status_code":201},{"guardpoint":{"id":"1bb66909-82a2-4aec-b262-20eecd392da7","uri":"kylo:kylo:henry:guardpoint:1bb66909-82a2-4aec-b262-20eecd392da7","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-11-02T09:37:14.773016061Z","updatedAt":"2021-11-02T09:37:14.773016061Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"5f33954e-b518-4425-b251-6e536b227c38","client_name":"","client_group_name":"SG_1","guard_point_type":"directory_manual","guard_enabled":true,"automount_enabled":false,"guard_path":"/CSI_Policy_8","policy_id":"a4063732-5573-43ba-a5d5-ba66dae1da1f","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CSIGROUP","data_classification_enabled":false,"data_lineage_enabled":false,"policy_name":"CSI_Policy_8","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""},"status_code":201}]}}},"207":{"description":"Policies added to storage group.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]},"examples":{"application/json":{"guardpoints":[{"guardpoint":{"id":"476e5245-172a-47e8-bd5c-9adc5d535e1d","uri":"kylo:kylo:henry:guardpoint:476e5245-172a-47e8-bd5c-9adc5d535e1d","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-11-02T09:39:28.310494007Z","updatedAt":"2021-11-02T09:39:28.310494007Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"5f33954e-b518-4425-b251-6e536b227c38","client_name":"","client_group_name":"SG_1","guard_point_type":"directory_manual","guard_enabled":true,"automount_enabled":false,"guard_path":"/CSI_Policy_9","policy_id":"49ca4c8d-295e-40ad-a221-65ef1b9e3daf","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CSIGROUP","data_classification_enabled":false,"data_lineage_enabled":false,"policy_name":"CSI_Policy_9","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""},"status_code":201}],"failed_guard_points":[{"guard_path":"Non_CSI_Policy","error":"invalid policy type","status_code":400}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List GuardPolicies in Storage Group","description":"Returns the list of GuardPolicies in a storage group. The results can be sorted by `updatedAt`, `createdAt`, `guard_enabled`, `type`, `guard_point_state`, `policy_id`, and `policy_name`.\n","tags":["CTE/CSIStorageGroups"],"x-permissions":["ReadCSIStorageGroupCTE","ReadGuardPointCTE"],"x-resource-type":"CSIStorageGroups","x-product":"CTE","parameters":[{"name":"id","in":"path","description":"An identifier of the CTE storage group. This identifier can be the name or UUID.","type":"string","required":true},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter the results by name of CSI GuardPolicy."},{"name":"policy_id","in":"query","required":false,"type":"string","description":"Filter the results by id of CSI GuardPolicy."},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by state of GuardPolicy."},{"name":"guard_point_state","in":"query","required":false,"type":"string","description":"Filter the results by state of CSI GuardPolicy."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"2,","resources":[{"id":"476e5245-172a-47e8-bd5c-9adc5d535e1d","uri":"kylo:kylo:henry:guardpoint:476e5245-172a-47e8-bd5c-9adc5d535e1d","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-11-02T09:39:28.310494Z","updatedAt":"2021-11-02T09:39:28.310494Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"5f33954e-b518-4425-b251-6e536b227c38","client_name":"","client_group_name":"SG_1","guard_point_type":"directory_manual","guard_enabled":true,"automount_enabled":false,"guard_path":"/CSI_Policy_9","policy_id":"49ca4c8d-295e-40ad-a221-65ef1b9e3daf","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CSIGROUP","data_classification_enabled":false,"data_lineage_enabled":false,"policy_name":"CSI_Policy_9","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""},{"id":"1bb66909-82a2-4aec-b262-20eecd392da7","uri":"kylo:kylo:henry:guardpoint:1bb66909-82a2-4aec-b262-20eecd392da7","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-11-02T09:37:14.773016Z","updatedAt":"2021-11-02T09:37:14.773016Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"5f33954e-b518-4425-b251-6e536b227c38","client_name":"","client_group_name":"SG_1","guard_point_type":"directory_manual","guard_enabled":true,"automount_enabled":false,"guard_path":"/CSI_Policy_8","policy_id":"a4063732-5573-43ba-a5d5-ba66dae1da1f","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CSIGROUP","data_classification_enabled":false,"data_lineage_enabled":false,"policy_name":"CSI_Policy_8","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/csigroups/guardpoints/{gp_id}":{"x-feature":"FF_CTE_CSI","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get GuardPolicy from Storage Group","description":"Gets a GuardPolicy with the given gp_id.","tags":["CTE/CSIStorageGroups"],"x-permissions":["ReadGuardPointCTE"],"x-resource-type":"CSIStorageGroups","x-product":"CTE","parameters":[{"name":"gp_id","in":"path","description":"UUID of the CSI GuardPolicy.","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]},"examples":{"application/json":{"id":"13858f5a-cca6-46a1-b483-3f1463ebff14","uri":"kylo:kylo:henry:guardpoint:13858f5a-cca6-46a1-b483-3f1463ebff14","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-11-01T14:21:13.803782Z","updatedAt":"2021-11-01T14:21:13.803782Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"5f33954e-b518-4425-b251-6e536b227c38","client_name":"","client_group_name":"SG_1","guard_point_type":"directory_manual","guard_enabled":true,"automount_enabled":false,"guard_path":"/CSI_Client_Policy_1","policy_id":"e2c4473c-292c-4fd1-8793-cfae4ce4338d","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CSIGROUP","data_classification_enabled":false,"data_lineage_enabled":false,"policy_name":"CSI_Client_Policy_1","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"Not found","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"patch":{"summary":"Update GuardPolicy in Storage Group","description":"Updates a GuardPolicy attached to a storage group.\n","tags":["CTE/CSIStorageGroups"],"x-permissions":["ReadGuardPointCTE","ReadCSIStorageGroupCTE","ReadCSIStorageGroupClientAssnCTE","ReadClientCTE","UpdateGuardPointCTE"],"x-resource-type":"CSIStorageGroups","x-product":"CTE","parameters":[{"name":"gp_id","in":"path","description":"UUID of the CSI GuardPolicy.","type":"string","required":true},{"name":"body","in":"body","description":"GuardPolicy parameters to be modified.\n","schema":{"type":"object","title":"Update GuardPolicy for a CSI Storage Group.","properties":{"guard_enabled":{"description":"Enable or disable the GuardPolicy. Set to `true` to enable, `false` to disable.","type":"boolean"}},"example":{"guard_enabled":false}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware_protection.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ACTIVE, INACTIVE or DISABLED.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"dps_id":{"description":"ID of the Designated Primary Set (DPS) that is applied to this GuardPoint.","type":"string"}}}]},"examples":{"application/json":{"id":"1bb66909-82a2-4aec-b262-20eecd392da7","uri":"kylo:kylo:henry:guardpoint:1bb66909-82a2-4aec-b262-20eecd392da7","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-11-02T09:37:14.773016Z","updatedAt":"2021-11-02T09:37:14.773016Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"5f33954e-b518-4425-b251-6e536b227c38","client_name":"","client_group_name":"SG_1","guard_point_type":"directory_manual","guard_enabled":false,"automount_enabled":false,"guard_path":"/CSI_Policy_8","policy_id":"a4063732-5573-43ba-a5d5-ba66dae1da1f","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CSIGROUP","data_classification_enabled":false,"data_lineage_enabled":false,"policy_name":"CSI_Policy_8","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"metadata":"{}","dps_id":"00000000-0000-0000-0000-000000000000","dps_name":""}}},"400":{"description":"Bad request","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"Not found","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"Unprocessable entity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Remove GuardPolicy from CSI Storage Group","description":"Removes a GuardPolicy from a storage group with the given gp_id.","tags":["CTE/CSIStorageGroups"],"x-permissions":["ReadGuardPointCTE","ReadCSIStorageGroupCTE","ReadCSIStorageGroupClientAssnCTE","ReadClientCTE","DeleteGuardPointCTE"],"x-resource-type":"CSIStorageGroups","x-product":"CTE","parameters":[{"name":"gp_id","in":"path","description":"UUID of the CSI GuardPolicy.","type":"string","required":true}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"Not found","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/protectdb/databases":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns the list of databases added for migration.","tags":["CDP/Database"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","name":"mydbname","database_type":"Oracle","host":"1.1.1.1","connection_protocol":"TCP","ddatabase_name":"mydb","database_user":"admin","database_password":"asdf1234","metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","port":"7896","schema":"qwerty","success":true}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"post":{"summary":"Add","description":"Adds a new database for migration.","tags":["CDP/Database"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}}}],"responses":{"202":{"description":"Successfully added database.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}}]},"examples":{"application/json":{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2016-08-22T15:19:46.61956217Z","name":"mydbname","database_type":"Oracle","host":"1.1.1.1","connectionProtocol":"TCP","databaseName":"mydb","databaseUser":"admin","databasePassword":"asdf1234","metaDbName":"mydbmeta","metaPassword":"asdf1234","metaUser":"metauser","port":"7896","schema":"qwerty","success":true}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/cert":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Upload","description":"Uploads a new database certificate for SSL connection.","tags":["CDP/Database"],"parameters":[{"name":"body","in":"body","description":"CA certificate parameters.","schema":{"type":"object","title":"Uploads CA Request.","required":["name","cert"],"properties":{"name":{"type":"string","description":"Unique name for the certificate to be uploaded."},"cert":{"type":"string","description":"External CA certificate in PEM format."}},"example":{"name":"myCert","cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----"}}}],"responses":{"201":{"description":"Successfully uploaded database certificate.","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","uri":"kylo:kylo:naboo:external_ca:58212a4b-81f5-4de2-aeae-60b8b6f1091e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-09-29T14:46:38.1078Z","updatedAt":"2017-09-29T14:46:38.1078Z","cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----"}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/request/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"GetRequest","description":"Returns details of the requestID with the given id.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"data":"Object","type":"requestType","status":"status","resources":"","error":""}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns details of the database with the given id.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}}]},"examples":{"application/json":{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2016-08-22T15:19:46.61956217Z","name":"mydbname","database_type":"Oracle","host":"1.1.1.1","connectionProtocol":"TCP","databaseName":"mydb","databaseUser":"admin","databasePassword":"asdf1234","metaDbName":"mydbmeta","metaPassword":"asdf1234","metaUser":"metauser","port":"7896","schema":"qwerty","success":true}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"patch":{"summary":"Update","description":"Updates the parameters of the specified database.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"Database information to be updated.","required":true,"schema":{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}}}],"responses":{"201":{"description":"Successfully updated database parameters.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}}]},"examples":{"application/json":{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2016-08-22T15:19:46.61956217Z","name":"mydbname","database_type":"Oracle","host":"1.1.1.1","connectionProtocol":"TCP","databaseName":"mydb","databaseUser":"admin","databasePassword":"asdf1234","metaDbName":"mydbmeta","metaPassword":"asdf1234","metaUser":"metauser","port":"7896","schema":"qwerty","success":true}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"delete":{"summary":"Delete","description":"Deletes Database.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successfully deleted database."},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/tables":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Tables","description":"Returns the list of tables inside the specified database.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"skip","in":"query","description":"Specify the tables to skip for listing.","type":"integer","default":0},{"name":"limit","in":"query","description":"Specify the tables for which the detail is to be listed.","type":"integer","default":10},{"name":"schema","in":"query","description":"(optional) Specify the schema name to list empty table.","type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Table","properties":{"tableName":{"type":"string","description":"Name of the table."}},"example":{"tableName":"CUSTOMERS"}}}}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Table","properties":{"tableName":{"type":"string","description":"Name of the table."}},"example":{"tableName":"CUSTOMERS"}}}}}]},"examples":{"application/json":{"data":{"type":"getTableList","status":"Success","skip":0,"limit":10,"total":10,"resources":{"PlainTables":[{"tableName":"tableName1"},{"tableName":"tableName2"}],"EncTables":[{"tableName":"tableName1"},{"tableName":"tableName2"}]},"error":""}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/table":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get Table","description":"Returns the details of a table with the given id.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"table","in":"query","description":"Specify the table name for which information is required.","type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Table","properties":{"tableName":{"type":"string","description":"Name of the table."}},"example":{"tableName":"CUSTOMERS"}}}}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Table","properties":{"tableName":{"type":"string","description":"Name of the table."}},"example":{"tableName":"CUSTOMERS"}}}}}]},"examples":{"application/json":{"data":{"type":"getTableInfo","status":"Success","resources":{"oldDataExists":"true","owner":"INGRIAN","tableName":"TBLTEST","tableSpaceName":"","tableStatus":"Encrypted","viewCreated":"true"}}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/column":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get Column","description":"Returns the details of columns inside the specified table.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"table","in":"query","description":"Specify the table name which holds columns.","type":"string"},{"name":"column","in":"query","description":"Specify the column name.","type":"string"},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Column","required":["encType","colName","key","algorithm","mode","ivType","errorType"],"properties":{"encType":{"type":"string","description":"Type of the encryption. Allowed types are Standard and FPE."},"colName":{"type":"string","description":"Name of the column to be encrypted."},"algorithm":{"type":"string","description":"Algorithm to encrypt column. Allowed algorithms are AES (128, 192 or 256) and FPE."},"key":{"type":"string","description":"Name of the key used to encrypt column."},"mode":{"type":"string","description":"The mode in which the encryption is to be peformed. Allowed modes are ECB and CBC.\nIt is recommended to use ECB mode for stronger encryption.\n"},"ivType":{"type":"string","description":"Initialization vector used for column encryption."},"fpeFormat":{"type":"string","description":"Select if encryption is to be performed on well formatted data without affecting its format post encryption.\nAllowed formats are:
— FIRST_SIX
— FIRST_SIX_LAST_FOUR
—FIRST_TWO_LAST_FOUR
—LAST_FOUR\n"},"tweakAlgo":{"type":"string","description":"(Optional)Tweak algotithm to be used. Possible values are:
— SHA1
— SHA256
— None(default)\n"},"tweakData":{"type":"string","description":"Required when tweak algorithm is used.\n"},"errorType":{"type":"string","description":"Replacement value type ,`None`,`ErrorReplacementValue`, `NullValue`, `EncryptedValue`."},"errorRepValue":{"type":"string","description":"Replacement value to be used as error."}}}}}}]},"examples":{"application/json":{"data":{"type":"getColumn","status":"Success","resources":{"algorithm":"AES","attributes":"nullable","attributesFlag":[{"checkedColumn":"false","computedColumn":"false","default":"false","foriegnKey":"false","index":"false","isIdentity":"false","isUnique":"false","nullable":"true","partitioningKey":"false","priKey":"false","referenced":"false"}],"colName":"colName","colType":"colType","colWidth":"16","columnIv":"55BFB0F95532C03AC879D047BE2CCDB1","encType":"Standard","ivType":"column","key":"keyName","migrated":"false","mode":"CBC","newName":"colName_NEW","newType":"RAW","newWidth":"16","padding":"NoPadding","triggerPresent":"false"}}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/columns":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Columns","description":"Returns the lsit columns inside the specified database table.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"table","in":"query","description":"Specify the table name which holds the columns.","type":"string"},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string"}],"responses":{"201":{"description":"Successfully updated column.","schema":{"type":"object","allOf":[{"type":"object","properties":{"table":{"type":"object","title":"Table","properties":{"tableName":{"type":"string","description":"Name of the table."}},"example":{"tableName":"CUSTOMERS"}},"database":{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}},"resources":{"type":"array","items":{"type":"object","title":"Column","required":["encType","colName","key","algorithm","mode","ivType","errorType"],"properties":{"encType":{"type":"string","description":"Type of the encryption. Allowed types are Standard and FPE."},"colName":{"type":"string","description":"Name of the column to be encrypted."},"algorithm":{"type":"string","description":"Algorithm to encrypt column. Allowed algorithms are AES (128, 192 or 256) and FPE."},"key":{"type":"string","description":"Name of the key used to encrypt column."},"mode":{"type":"string","description":"The mode in which the encryption is to be peformed. Allowed modes are ECB and CBC.\nIt is recommended to use ECB mode for stronger encryption.\n"},"ivType":{"type":"string","description":"Initialization vector used for column encryption."},"fpeFormat":{"type":"string","description":"Select if encryption is to be performed on well formatted data without affecting its format post encryption.\nAllowed formats are:
— FIRST_SIX
— FIRST_SIX_LAST_FOUR
—FIRST_TWO_LAST_FOUR
—LAST_FOUR\n"},"tweakAlgo":{"type":"string","description":"(Optional)Tweak algotithm to be used. Possible values are:
— SHA1
— SHA256
— None(default)\n"},"tweakData":{"type":"string","description":"Required when tweak algorithm is used.\n"},"errorType":{"type":"string","description":"Replacement value type ,`None`,`ErrorReplacementValue`, `NullValue`, `EncryptedValue`."},"errorRepValue":{"type":"string","description":"Replacement value to be used as error."}}}}}}]},"examples":{"application/json":{"data":{"type":"getColumnList","status":"Success","resources":{"algorithm":"AES","attributes":"nullable","attributesFlag":[{"checkedColumn":"false","computedColumn":"false","default":"false","foriegnKey":"false","index":"false","isIdentity":"false","isUnique":"false","nullable":"true","partitioningKey":"false","priKey":"false","referenced":"false"}],"colName":"colName","colType":"colType","colWidth":"16","columnIv":"55BFB0F95532C03AC879D047BE2CCDB1","encType":"Standard","ivType":"column","key":"keyName","migrated":"false","mode":"CBC","newName":"colName_NEW","newType":"RAW","newWidth":"16","padding":"NoPadding","triggerPresent":"false"}}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"patch":{"summary":"Update Column","description":"Updates column with encyption parameters.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"table","in":"query","description":"Specify the table name for which columns are to be updated.","type":"string"},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string"},{"name":"body","in":"body","description":"Column details to be updated.","required":true,"schema":{"type":"object","title":"Column","required":["encType","colName","key","algorithm","mode","ivType","errorType"],"properties":{"encType":{"type":"string","description":"Type of the encryption. Allowed types are Standard and FPE."},"colName":{"type":"string","description":"Name of the column to be encrypted."},"algorithm":{"type":"string","description":"Algorithm to encrypt column. Allowed algorithms are AES (128, 192 or 256) and FPE."},"key":{"type":"string","description":"Name of the key used to encrypt column."},"mode":{"type":"string","description":"The mode in which the encryption is to be peformed. Allowed modes are ECB and CBC.\nIt is recommended to use ECB mode for stronger encryption.\n"},"ivType":{"type":"string","description":"Initialization vector used for column encryption."},"fpeFormat":{"type":"string","description":"Select if encryption is to be performed on well formatted data without affecting its format post encryption.\nAllowed formats are:
— FIRST_SIX
— FIRST_SIX_LAST_FOUR
—FIRST_TWO_LAST_FOUR
—LAST_FOUR\n"},"tweakAlgo":{"type":"string","description":"(Optional)Tweak algotithm to be used. Possible values are:
— SHA1
— SHA256
— None(default)\n"},"tweakData":{"type":"string","description":"Required when tweak algorithm is used.\n"},"errorType":{"type":"string","description":"Replacement value type ,`None`,`ErrorReplacementValue`, `NullValue`, `EncryptedValue`."},"errorRepValue":{"type":"string","description":"Replacement value to be used as error."}}}}],"responses":{"201":{"description":"Successfully updated column.","schema":{"type":"object","properties":{"database":{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}},"table":{"type":"object","title":"Table","properties":{"tableName":{"type":"string","description":"Name of the table."}},"example":{"tableName":"CUSTOMERS"}}},"allOf":[{"type":"object","title":"Column","required":["encType","colName","key","algorithm","mode","ivType","errorType"],"properties":{"encType":{"type":"string","description":"Type of the encryption. Allowed types are Standard and FPE."},"colName":{"type":"string","description":"Name of the column to be encrypted."},"algorithm":{"type":"string","description":"Algorithm to encrypt column. Allowed algorithms are AES (128, 192 or 256) and FPE."},"key":{"type":"string","description":"Name of the key used to encrypt column."},"mode":{"type":"string","description":"The mode in which the encryption is to be peformed. Allowed modes are ECB and CBC.\nIt is recommended to use ECB mode for stronger encryption.\n"},"ivType":{"type":"string","description":"Initialization vector used for column encryption."},"fpeFormat":{"type":"string","description":"Select if encryption is to be performed on well formatted data without affecting its format post encryption.\nAllowed formats are:
— FIRST_SIX
— FIRST_SIX_LAST_FOUR
—FIRST_TWO_LAST_FOUR
—LAST_FOUR\n"},"tweakAlgo":{"type":"string","description":"(Optional)Tweak algotithm to be used. Possible values are:
— SHA1
— SHA256
— None(default)\n"},"tweakData":{"type":"string","description":"Required when tweak algorithm is used.\n"},"errorType":{"type":"string","description":"Replacement value type ,`None`,`ErrorReplacementValue`, `NullValue`, `EncryptedValue`."},"errorRepValue":{"type":"string","description":"Replacement value to be used as error."}}}]},"examples":{"application/json":{"data":{"status":"Processing","id":"37228fbb-0e5d-4d3b-a306-59c389e917db"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/domainIndex":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"CreateDomainIndex","description":"Creates domain index for Oracle database.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"Creates domain index.","required":true,"schema":{"type":"object","title":"CreateDomainIndex","required":["table","column","viewSqlOnly"],"properties":{"table":{"type":"string","description":"Name of the table on which domain Index is to be created."},"schema":{"type":"string","description":"Owner/schema of the table."},"column":{"type":"string","description":"Column name on which domain index is needed."},"indexName":{"type":"string","description":"Name of the index."},"dIXName":{"type":"string","description":"Name of the domain index."},"userspace":{"type":"string","description":"Userspace used for domain index."},"viewSqlOnly":{"type":"boolean","description":"Specify true if you just want to see the queries that will be performed."}},"example":{"table":"myTable","schema":"","column":"","indexName":"","dIXName":"","userspace":"","viewSqlOnly":true}}}],"responses":{"200":{"description":"OK"},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"delete":{"summary":"DeleteDomainIndex","description":"Deletes domain index from a column in Oracle database.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"table","in":"query","description":"Specify the table name from which domain index is to be dropped.","type":"string","required":true},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string","required":false},{"name":"column","in":"query","description":"Specify the column name from which domain index is to be dropped.","type":"string","required":true},{"name":"viewSqlOnly","in":"query","type":"boolean","description":"True or False"}],"responses":{"200":{"description":"OK"},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/user":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"ListMap","description":"Returns the list of user mappings for database and NAE users.","tags":["CDP/UserMapping"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"PatchUser","required":["dbUser"],"properties":{"dbUser":{"type":"string","description":"Database user to be mapped to NAE user."},"naeUser":{"type":"string","description":"NAE user with whom database user is to be mapped."},"naePassword":{"type":"string","description":"Password for NAE user."}}}}}}]},"examples":{"application/json":{"data":"Object","type":"getUserMap","status":"success","resources":[{"dbUser":"user1","naeUser":"naeUser"}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"patch":{"summary":"UpdateMap","description":"Creates or updates user mappings.","tags":["CDP/UserMapping"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"User mapping to be updated.","required":true,"schema":{"type":"object","title":"PatchUser","required":["dbUser"],"properties":{"dbUser":{"type":"string","description":"Database user to be mapped to NAE user."},"naeUser":{"type":"string","description":"NAE user with whom database user is to be mapped."},"naePassword":{"type":"string","description":"Password for NAE user."}}}}],"responses":{"201":{"description":"Successfully updated user mapping.","schema":{"type":"object"},"examples":{"application/json":{"data":{"status":"Processing","id":"37228fbb-0e5d-4d3b-a306-59c389e917db"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/dbusers":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"ListDBUsers","description":"Returns the list database users that are not mapped to NAE user.","tags":["CDP/UserMapping"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"PatchUser","required":["dbUser"],"properties":{"dbUser":{"type":"string","description":"Database user to be mapped to NAE user."},"naeUser":{"type":"string","description":"NAE user with whom database user is to be mapped."},"naePassword":{"type":"string","description":"Password for NAE user."}}}}}}]},"examples":{"application/json":{"data":"Object","type":"getDBUser","status":"success","resources":[{"dbUser":"user1"}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/view":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create Views and Trigger","description":"Creates views and triggers.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"Creates views and triggers.","required":true,"schema":{"type":"object","title":"CreateView","required":["alias","table","viewSqlOnly"],"properties":{"alias":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"table":{"type":"string","description":"Name of the table on which views and trigger are to be created."},"schema":{"type":"string","description":"The owner/schema name who owns the table if its other then used in connection."},"newtable":{"type":"string","description":"Name of the new table that holds the encrypted data. The default value is tablename_new."},"view":{"type":"string","description":"User specified view name. It is recommnded to use the default value which is same as the name of the table."},"insTrigger":{"type":"string","description":"Name of the insert trigger. The default trigger is tablename_ins_trig."},"updTrigger":{"type":"string","description":"Name of the updated trigger. The default value is tablename_upd_trig."},"viewSqlOnly":{"type":"boolean","description":"Specify true if you just want to see the queries that will be performed."}},"example":{"alias":"mydbname","table":"myTable","schema":"","newtable":"","view":"","insTrigger":"","updTrigger":"","viewSqlOnly":true}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","title":"Jobs","required":["table","schema"],"properties":{"table":{"type":"string","description":"Name of the table for which the job is to be listed.\n"},"schema":{"type":"string","description":"Name of the schema."}},"example":{"table":"mytable","schema":"owner"}},"examples":{"application/json":{"data":{"type":"createView","status":"Success"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"delete":{"summary":"Delete Views and Trigger","description":"Deletes views and triggers.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"table","in":"query","description":"Specify the table name from which views and triggers are to be deleted.","type":"string","required":true},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string"},{"name":"viewSqlOnly","in":"query","type":"boolean","description":"True or False"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Jobs","required":["table","schema"],"properties":{"table":{"type":"string","description":"Name of the table for which the job is to be listed.\n"},"schema":{"type":"string","description":"Name of the schema."}},"example":{"table":"mytable","schema":"owner"}}}}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Jobs","required":["table","schema"],"properties":{"table":{"type":"string","description":"Name of the table for which the job is to be listed.\n"},"schema":{"type":"string","description":"Name of the schema."}},"example":{"table":"mytable","schema":"owner"}}}}}]},"examples":{"application/json":{"data":{"type":"DeleteView","status":"Success"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/jobs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Jobs","description":"Returns the list of jobs inside table with the given id.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"table","in":"query","description":"Specify the table name for which jobs are to be listed.","type":"string","required":true},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Jobs","required":["table","schema"],"properties":{"table":{"type":"string","description":"Name of the table for which the job is to be listed.\n"},"schema":{"type":"string","description":"Name of the schema."}},"example":{"table":"mytable","schema":"owner"}}}}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Jobs","required":["table","schema"],"properties":{"table":{"type":"string","description":"Name of the table for which the job is to be listed.\n"},"schema":{"type":"string","description":"Name of the schema."}},"example":{"table":"mytable","schema":"owner"}}}}}]},"examples":{"application/json":{"data":{"type":"getJobList","status":"Success","resources":{"job_type":[{"tableName":"tableName1"},{"tableName":"tableName2"}],"job_id":[{"tableName":"tableName1"},{"tableName":"tableName2"}]},"error":""}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/job-detail":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Job Details","description":"Returns the status of job with the given id.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"jobId","in":"query","description":"Specify the job id for which the status is to be checked.","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Jobs","required":["table","schema"],"properties":{"table":{"type":"string","description":"Name of the table for which the job is to be listed.\n"},"schema":{"type":"string","description":"Name of the schema."}},"example":{"table":"mytable","schema":"owner"}}}}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Jobs","required":["table","schema"],"properties":{"table":{"type":"string","description":"Name of the table for which the job is to be listed.\n"},"schema":{"type":"string","description":"Name of the schema."}},"example":{"table":"mytable","schema":"owner"}}}}}]},"examples":{"application/json":{"data":{"type":"getJobStatus","status":"Job Success","resources":{"columns_affected":[{"columnName":"column1"},{"columnName":"column2"}],"rows_modified":"2","start_time":"Thu Jun 30 11:30:39","end_time":"Thu Jun 30 11:30:40","operation":"Delete Old Data"},"error":""}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/deleteData":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"delete":{"summary":"DeleteOldData","description":"Deletes old data.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"table","in":"query","description":"Specify the table name from which the old data is to be deleted.","type":"string","required":true},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string","required":false},{"name":"batch","in":"query","description":"Specify the batch size in which the old data is to be deleted.","type":"string","required":false},{"name":"viewSqlOnly","in":"query","type":"boolean","description":"True or False"}],"responses":{"200":{"description":"OK","examples":{"application/json":{"data":{"type":"DeleteData","status":"Success"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/auth":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"AuthorizeUser","description":"Verify whether the database user is authorized.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"Authorizes the user.","required":true,"schema":{"type":"object","title":"GetAuth","required":["database_user","database_password"],"properties":{"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."}},"example":{"database_user":"admin","database_password":"asdf1234"}}}],"responses":{"201":{"description":"Successfully authorized user.","schema":{"type":"object"},"examples":{"application/json":{"data":{"status":"Processing","id":"37228fbb-0e5d-4d3b-a306-59c389e917db"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/migration-server":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Add","description":"Creates migration server.","tags":["CDP/Migration Server"],"parameters":[{"name":"body","in":"body","description":"The migration server to be added.\n","required":true,"schema":{"example":{"host":"","port":"","naeuser":"","naepassword":""},"type":"object","title":"PostMigrationServer","required":["host","port","naeuser","naepassword"],"properties":{"host":{"type":"string","description":"Host IP of the migration server."},"port":{"type":"string","description":"Port of the migration server."},"naeuser":{"type":"string","description":"Nae user name to be used for encryption."},"naepassword":{"type":"string","description":"Nae user password"}}}}],"responses":{"202":{"description":"Successfully added migration server.","examples":{"application/json":{"data":{"type":"CreateMigrationServer","status":"Processing","resources":""}}}},"401":{"description":"Bad Request | The provided JWT is missing required claims."},"409":{"description":"The migration server is already added for this connection."}}},"patch":{"summary":"Update","description":"Updates the migration server parameters.","tags":["CDP/Migration Server"],"parameters":[{"name":"body","in":"body","description":"The migration server to be updated.\n","schema":{"example":{"host":"","port":"","naeuser":"","naepassword":""},"type":"object","title":"PostMigrationServer","properties":{"host":{"type":"string","description":"Host IP of the migration server."},"port":{"type":"string","description":"Port of the migration server."},"naeuser":{"type":"string","description":"Nae user name to be used for encryption."},"naepassword":{"type":"string","description":"Nae user password"}}}}],"responses":{"202":{"description":"Successfully updated the migration server.","examples":{"application/json":{"data":{"type":"UpdateMigrationServer","status":"Processing","resources":""}}}},"400":{"description":"The user and password are required."},"401":{"description":"Bad Request | The provided JWT is missing required claims."}}},"get":{"summary":"Get","description":"Returns the lsit of the migration server.","tags":["CDP/Migration Server"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","title":"PostMigrationServer","required":["host","port","naeuser","naepassword"],"properties":{"host":{"type":"string","description":"Host IP of the migration server."},"port":{"type":"string","description":"Port of the migration server."},"naeuser":{"type":"string","description":"Nae user name to be used for encryption."},"naepassword":{"type":"string","description":"Nae user password"}}},{"type":"object","properties":{"resources":{"type":"array"}}}]},"examples":{"application/json":{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","createdAt":"2016-08-22T15:19:46.61956217Z","name":"mydbname","host":"1.1.1.1","port":"7896","naeuser":"username","success":true}}},"401":{"description":"Bad Request | The provided JWT is missing required claims."},"404":{"description":"The migration server does not exist for this connection."}}},"delete":{"summary":"Delete","description":"Deletes the migration server.","tags":["CDP/Migration Server"],"responses":{"200":{"description":"Successfully deleted the migrationn server."},"401":{"description":"Bad Request | The provided JWT is missing required claims."},"404":{"description":"The migration server does not exist for this connection."}}}},"/v1/protectdb/databases/{id}/encrypt":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Encrypt table","description":"Encrypts a table.","tags":["CDP/Migration Server"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"Initiates encryption on table.","required":true,"schema":{"type":"object","title":"Perform Encryption","required":["table","viewSqlOnly"],"properties":{"table":{"type":"string","description":"Name of the table to be encrypted"},"schema":{"type":"string","description":"Name of owner/schema of the table."},"newtable":{"type":"string","description":"Name of the new table which will hold encrypted data (default is tablename_new)"},"viewname":{"type":"string","description":"User specified view Name"},"insTrigger":{"type":"string","description":"Name of the insert trigger default will be tablename_ins_trig"},"updTrigger":{"type":"string","description":"Name of the update trigger default will be \"tablename_upd_trig\""},"viewSqlOnly":{"type":"boolean","description":"Specify true if you just want to see the queries that will be performed."},"batchSize":{"type":"integer","description":"Specify the batch size in which encryption is to be deleted."}},"example":{"table":"myTable","newtable":"","viewname":"","insTrigger":"","updTrigger":"","viewSqlOnly":true,"batchsize":1000}}}],"responses":{"202":{"description":"OK","examples":{"application/json":{"data":{"type":"EncryptOpeartion","status":"Processing"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/table/{name}/restore-job":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Restore Job","description":"Restores a failed or cancelled job.","tags":["CDP/Migration Server"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"name","in":"path","description":"Table name.","type":"string","required":true},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string","required":false}],"responses":{"202":{"description":"OK","examples":{"application/json":{"data":{"type":"RestoreOperation","status":"Processing"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/table/{name}/resume-job":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Resume Job","description":"Resumes a failed or cancelled job.","tags":["CDP/Migration Server"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"name","in":"path","description":"Table name.","type":"string","required":true},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string","required":false}],"responses":{"202":{"description":"OK","examples":{"application/json":{"data":{"type":"ResumeOperation","status":"Processing"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/table/{name}/cancel-job":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Cancel Job","description":"Cancels a processing job.","tags":["CDP/Migration Server"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"name","in":"path","description":"Table name.","type":"string","required":true},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string","required":false}],"responses":{"202":{"description":"OK","examples":{"application/json":{"data":{"type":"CancelOperation","status":"Processing"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/decrypt":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Decrypt table","description":"Decrypts a table.","tags":["CDP/Migration Server"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"Decrypts a table.","required":true,"schema":{"type":"object","title":"Perform Decryption","required":["table","columnNames"],"properties":{"table":{"type":"string","description":"Name of the table to be unmigrated."},"schema":{"type":"string","description":"Name of owner/schema of the table."},"viewSqlOnly":{"type":"boolean","description":"Specify true if you just want to see the queries that will be performed."},"batchSize":{"type":"integer","description":"Specify the batch size in which decryption is to be performed."},"columnNames":{"type":"array","items":{"type":"string"}}},"example":{"table":"myTable","batchsize":1000,"columnNames":["col1","col2"],"viewSqlOnly":true}}}],"responses":{"202":{"description":"OK","examples":{"application/json":{"data":{"type":"DecryptOperation","status":"Processing"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/ddc/reports/{id}/summary":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get summary","description":"Get all summary information of a report (Total Data Objects Scanned,\nSensitive Data Objects Found, Sensitive Items Found, Infotypes Discovered).\n","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"scansDataObjectCount":{"type":"integer","format":"int64"},"scansSensitiveDataObjectCount":{"type":"integer","format":"int64"},"scansSensitiveItemsCount":{"type":"integer","format":"int64"},"scansTotalInfotypesCount":{"type":"object","properties":{"detected":{"type":"integer","format":"int64"},"total":{"type":"integer","format":"int64"}}}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/{id}/infotypes/summary":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get all infotypes summary","description":"Get all summary information of the infotypes of all the scans in the report.","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"infotypesByCategory":{"type":"array","items":{"type":"object","properties":{"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}},"infotypesDistribution":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get the report info","description":"Get the report info with name of the scans","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"reportTemplateName":{"description":"Name of ReportTemplate.","type":"string"},"scans":{"description":"Array of scan names.","type":"array","items":{"type":"object","properties":{"executionDate":{"description":"Date of scan launch.","type":"string","format":"date-time"},"scanName":{"description":"Name of the scan.","type":"string"}}}},"report":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"reportTemplateId":{"description":"ID of ReportTemplate.","type":"string"},"reportTemplateVersion":{"description":"Version of ReportTemplate.","type":"integer"},"path":{"description":"Path of Report.","type":"string"},"status":{"description":"Status of the Report.","type":"string"},"new":{"description":"Schedule Report Template.","type":"boolean"},"startTimestamp":{"description":"Start of the process report.","type":"string","format":"date-time"},"endTimestamp":{"description":"End of the Report to be ready.","type":"string","format":"date-time"},"version":{"x-feature":"FF_REPORT_REGENERATION","description":"Report version.","type":"string","format":"date-time"},"error":{"description":"Error of the report.","type":"string"}}}]}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports":{"x-feature":"FF_REPORT_REGENERATION","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List all","description":"Get the list of aggregated report executions associated to the given reportTemplateID.","tags":["DDC/Report"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","type":"string","format":"string","default":"startTimestamp","description":"This field can be used to sort results on the basis of its value. This should be a comma-delimited list of properties. Sort order is ascending by default. To have a descending sort for a field, precede the field name with a minus sign (\"-\")."},{"name":"reportTemplateID","in":"query","required":false,"type":"string","format":"UUID","description":"Filter by the Report Template ID."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"x-feature":"FF_REPORT_REGENERATION","type":"object","properties":{"id":{"description":"Report ID.","type":"string"},"ddcVersion":{"description":"DDC version in which the report was executed.","type":"string"},"version":{"description":"Report version.","type":"string","format":"date-time"},"startTimestamp":{"description":"Start of the process report.","type":"string","format":"date-time"},"new":{"description":"Whether the reports is new or not.","type":"boolean"},"status":{"description":"Status of the Report.","type":"string"}}}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/{id}/data-objects/summary":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get all data objects summary","description":"Get all summary information of the data objects of all the scans in the report.","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"sensitiveDataObjectsByCategory":{"type":"array","items":{"type":"object","properties":{"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}},"sensitiveDataObjects":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/{id}/scans/details":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List All.","description":"List all the scans of the report. Results can be sorted by Scan Name.","tags":["DDC/Report"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"name":{"description":"Scan Name.","type":"string"},"execution":{"description":"Timestamp of the execution of the scan","type":"string","format":"date-time","x-nullable":true},"duration":{"description":"Duration of the execution of the scan","type":"integer"},"datastores":{"description":"Names of the datastores included in the scan.","type":"array","items":{"type":"string"}},"classificationProfiles":{"description":"Object classification profiles included in the scan.","type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the classification profile.","type":"string"},"deletedAt":{"description":"timestamp when classification profile was deleted.","type":"string","format":"date-time"}}}},"infotypes":{"description":"Infotypes included in the scan.","type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the infotype","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the infotype","type":"integer"},"name":{"description":"Name of the infotype","type":"string"},"riskWeight":{"description":"Weight for each match in the risk formula","type":"integer"},"family":{"description":"info type family","type":"object","properties":{"id":{"description":"family id","type":"string","format":"UUIDv4"},"name":{"description":"name of the family","type":"string"},"category":{"description":"info type category","type":"object","properties":{"id":{"description":"category id","type":"string","format":"UUIDv4"},"name":{"description":"name of the category","type":"string"}}}}}}}},"infotypesFound":{"description":"Number of found infotypes","type":"integer","format":"int64"},"totalDataObjects":{"description":"Total Data Objects included in the scan.","type":"integer"},"sensitiveDataObjects":{"description":"Sensitive Data Objects found in the scan.","type":"integer"},"filters":{"description":"Filters used in the scan","type":"array","items":{"type":"object","properties":{"filter":{"type":"string","description":"Type of filter to apply"},"expression":{"description":"Expression for the filter","type":"string"},"toDate":{"description":"Starting date for the include_date_range filter","type":"string","format":"date"},"fromDate":{"description":"Ending date for the include_date_range filter","type":"string","format":"date"},"days":{"description":"Days to include for the include_recent filter","type":"integer"},"size":{"description":"Max data object size for the exclude_max_size in MB","type":"integer"}}}}}}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/{id}/datastores/details":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List All.","description":"List all the datastores of the report.\n","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the datastore.","type":"string"},"risk":{"description":"Value of the risk detected in the datastore.","type":"integer","format":"int64"},"warning":{"description":"True if the risk in high.","type":"boolean"},"sensitivityLevel":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Sentivity Level.","type":"string"},"color":{"description":"Color associated to the Sentivity Level.","type":"string"},"level":{"description":"Level associated to the Sentivity Level.","type":"integer"},"internal":{"description":"Indicates if the Sensivity Level is used only internally by the backend.","type":"boolean"}}}]},"scanName":{"description":"Name of the scan wich includes the datastore.","type":"string"},"lastScan":{"description":"Date of the last scan using the datastore.","type":"integer","format":"date-time"},"branchLocation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"city":{"description":"City of Branch Location.","type":"string"},"countryId":{"description":"Country ID of Branch Location.","type":"string"},"stateId":{"description":"State ID of Branch Location.","type":"string"},"country":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"code":{"description":"Country Code.","type":"string"},"latitude":{"description":"Latitude.","type":"number"},"longitude":{"description":"Longitude.","type":"number"}}}]},"state":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"countryCode":{"description":"Country Code associated to the State.","type":"string"}}}]}}}]},"totalDataObject":{"description":"Total of dataobjects of the datastore.","type":"integer","format":"int64"},"sensitiveDataObject":{"description":"Number of sensitive data objects in the datastore.","type":"integer","format":"int64"},"infotypesTotal":{"description":"Names of the infotypes included in the datastore.","type":"array","items":{"type":"string"}},"infotypesTop5":{"description":"Array of the infotypes Top 5.","type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}},"extensionsTop5":{"description":"Array of the infotypes Top 5.","type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}},"classificationProfileTop5":{"description":"Array of the infotypes Top 5.","type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}}}}},"total":{"type":"integer","description":"The amount of datastores in the report."}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/{id}/dynamic/data-objects":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Create new dynamic query for data objects","description":"Create a new dynamic query with the filters in the body. The request returns a dynamic query ID that can be used\nto retrieve the generated report\n","tags":["DDC/Report"],"parameters":[{"name":"body","in":"body","description":"Parameters used to filter the request","schema":{"allOf":[{"type":"object","properties":{"id":{"description":"UUID of the dynamic query to create (optional)","type":"string","format":"uuid"},"filter":{"description":"Generic text filter to search in the name and path columns","type":"string"},"datastores":{"description":"Datastores to include in the query","type":"array","items":{"type":"string","format":"uuid"}},"types":{"description":"Types of data objects to include (File, Table, Attachment, Email, Record)","type":"array","items":{"type":"string"}},"sort":{"description":"Column to use for sorting (name, -name, risk, -risk, type, -type, path, -path)","type":"string"}}}]}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"type":"object","properties":{"reportId":{"description":"ID of the report for the dynamic query","type":"string","format":"uuid"},"startTimestamp":{"description":"timestamp when the query execution started","type":"string","format":"date-time"},"endTimestamp":{"description":"timestamp when the query execution finished","type":"string","format":"date-time"},"status":{"description":"status of the dynamic query (RUNNING, COMPLETED, FAILED)","type":"string"},"error":{"description":"Error of the dynamic query if it failed","type":"string","format":"json"}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/{id}/data-objects/details":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List All.","description":"List all the data objects of the report. Results can be sorted by Risk, Name, Scan Name, Last Scan,\nBranch, Total Data Objects, Sensitive Objects.\n","tags":["DDC/Report"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"reportId","in":"query","type":"string","description":"Filters result to the rows based on reportID.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"scanExecutionId":{"description":"Id of the scan execution","type":"string"},"scanId":{"description":"ID of the scan","type":"string"},"datastoreId":{"description":"ID of the datastore","type":"string"},"name":{"description":"Name of the dataobject.","type":"string"},"risk":{"description":"Value of the risk detected in the data object.","type":"integer","format":"int64"},"path":{"description":"Localization of the data object.","type":"string"},"datastoreName":{"description":"Name of the datastore which includes the data object.","type":"string"},"owner":{"description":"Name of the owner.","type":"string"},"type":{"description":"Type of the data object. File or Table","type":"string"},"partialScanResults":{"description":"Indicates if there are partial scan results","type":"boolean"},"matches":{"description":"Number of sensitive items found.","type":"integer","format":"int64"},"modified":{"description":"Date of last modification.","type":"string","format":"date-time"},"infoTypesTotal":{"description":"Number of distinct infotypes found.","type":"integer","format":"int64"},"infotypesDistribution":{"description":"array of infotypes found in the data object.","type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"infotype name"},"category":{"type":"string","description":"infotype category"},"value":{"type":"integer","format":"int64","description":"number of matches"},"searchPrecision":{"type":"string","format":"string","description":"Search precission for the infotype","enum":["HIGH","LOW","N/A"]},"riskWeight":{"type":"integer","description":"weight of each match in the risk formula"}}}},"DatastoreDeletedAt":{"description":"Date of deletion","type":"string","format":"date-time"},"classificationProfiles":{"description":"Classification profiles","type":"array","items":{"type":"string"}},"Metadata":{"description":"object of metadata details for the data object.","type":"object","properties":{"catalog":{"description":"array that contains the value of catalogs.","type":"array","items":{"description":"value of catalog.","type":"string"}},"classificationStatus":{"description":"array that contains the value of classification status.","type":"array","items":{"description":"value of classification status.","type":"string"}},"clientModified":{"description":"array that contains the value of client modified date.","type":"array","items":{"description":"value of client modified date.","type":"string"}},"date":{"description":"array that contains the value of date.","type":"array","items":{"description":"value of date.","type":"string"}},"dateModified":{"description":"array that contains the value of modified date.","type":"array","items":{"description":"value of modified date.","type":"string"}},"documentCreated":{"description":"array that contains the value of document created date.","type":"array","items":{"description":"value of document created date.","type":"string"}},"documentCreator":{"description":"array that contains the value of document creators.","type":"array","items":{"description":"value of document creator.","type":"string"}},"documentModified":{"description":"array that contains the value of document modified date.","type":"array","items":{"description":"value of document modified date.","type":"string"}},"documentModifier":{"description":"array that contains the value of document modifiers.","type":"array","items":{"description":"value of document modifiers.","type":"string"}},"encoding":{"description":"array that contains the value of encoding.","type":"array","items":{"description":"value of encoding.","type":"string"}},"fileCreated":{"description":"array that contains the value of file created date.","type":"array","items":{"description":"value of file created date.","type":"string"}},"fileModified":{"description":"array that contains the value of file modified date.","type":"array","items":{"description":"value of file modified date.","type":"string"}},"fileOwner":{"description":"array that contains the value of file owners.","type":"array","items":{"description":"value of file owners.","type":"string"}},"filename":{"description":"array that contains the value of filename.","type":"array","items":{"description":"value of filename.","type":"string"}},"folder":{"description":"array that contains the value of folder name.","type":"array","items":{"description":"value of folder name.","type":"string"}},"instance":{"description":"array that contains the value of instance.","type":"array","items":{"description":"value of instance.","type":"string"}},"keyColumns":{"description":"array that contains the value of key columns.","type":"array","items":{"description":"value of key column.","type":"string"}},"keySource":{"description":"array that contains the value of key sources.","type":"array","items":{"description":"value of key source.","type":"string"}},"mipLabelDescription":{"description":"array that contains the value of mip label descriptions.","type":"array","items":{"description":"value of mip label descriptions.","type":"string"}},"mipLabelName":{"description":"array that contains the value of mip label names.","type":"array","items":{"description":"value of mip label names.","type":"string"}},"mipLabelUID":{"description":"array that contains the value of mip label UID.","type":"array","items":{"description":"value of mip label UID.","type":"string"}},"mipLabelSensitivity":{"description":"array that contains the value of mip label sensitivities.","type":"array","items":{"description":"value of mip label sensitivities.","type":"string"}},"objectCreated":{"description":"array that contains the value of object created date.","type":"array","items":{"description":"value of object created date.","type":"string"}},"objectModified":{"description":"array that contains the value of object modified date.","type":"array","items":{"description":"value of object modified date.","type":"string"}},"permissionExecute":{"description":"array that contains the value of execution permissions.","type":"array","items":{"description":"value of execution permissions.","type":"string"}},"permissionFull":{"description":"array that contains the value of full permissions.","type":"array","items":{"description":"value of full permissions.","type":"string"}},"permissionModify":{"description":"array that contains the value of modify permissions.","type":"array","items":{"description":"value of modify permissions.","type":"string"}},"permissionRead":{"description":"array that contains the value of read permissions.","type":"array","items":{"description":"value of read permissions.","type":"string"}},"permissionSpecial":{"description":"array that contains the value of special permissions.","type":"array","items":{"description":"value of special permissions.","type":"string"}},"permissionWrite":{"description":"array that contains the values of write permissions.","type":"array","items":{"description":"value of write permissions.","type":"string"}},"processedRows":{"description":"array that contains the value of processed rows.","type":"array","items":{"description":"value of processed rows.","type":"integer","format":"int64"}},"schema":{"description":"array that contains the value of schema.","type":"array","items":{"description":"value of schema.","type":"string"}},"serverModified":{"description":"array that contains the value of server modified date.","type":"array","items":{"description":"value of server modified date.","type":"string"}},"table":{"description":"array that contains the value of table.","type":"array","items":{"description":"value of table.","type":"string"}},"track1":{"description":"array that contains the value of track1.","type":"array","items":{"description":"value of track1.","type":"string"}},"track2":{"description":"array that contains the value of track2.","type":"array","items":{"description":"value of track2.","type":"string"}}}},"ExtraMetadata":{"description":"metadata referred to columns information for datastores whose kind is data base.","type":"array","items":{"description":"object that contains the information about column matches.","type":"object","properties":{"columnName":{"description":"name of column.","type":"string"},"MatchesInfo":{"description":"array with matches information.","type":"array","items":{"description":"object that contains the information per match.","type":"object","properties":{"count":{"description":"number of matches.","type":"integer"},"infoTypeID":{"description":"identifier of infotype.","type":"string"},"infoTypeVersion":{"description":"version of infotype.","type":"integer"}}}}}}}}}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/{id}/inaccessible-data-objects/details":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List All.","description":"List all the inaccessible data objects of the report.\n","tags":["DDC/Report"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"reportId","in":"query","type":"string","description":"Filters result to the rows based on reportID.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"scanExecutionId":{"description":"Id of the scan execution","type":"string"},"scanId":{"description":"ID of the scan","type":"string"},"datastoreId":{"description":"ID of the datastore","type":"string"},"datastoreName":{"description":"Name of the datastore","type":"string"},"datastoreDeleteAt":{"description":"Date when datastore was deleted.","type":"string","format":"date-time"},"name":{"description":"Name of the dataobject.","type":"string"},"Path":{"description":"Path of the dat object","type":"string"},"timestamp":{"description":"Data object timestamp.","type":"string","format":"date-time"},"inaccessibleDetails":{"description":"array of infotypes found in the data object.","type":"object","properties":{"description":{"description":"reason explaining the error","type":"string"},"severity":{"description":"severity level of the error","type":"string"}}}}}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/{id}/data-objects/export":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List All.","description":"Writes all the data objects of the report in streaming.\n","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"type":"object","properties":{"scanExecutionId":{"description":"Id of the scan execution","type":"string"},"scanId":{"description":"ID of the scan","type":"string"},"datastoreId":{"description":"ID of the datastore","type":"string"},"name":{"description":"Name of the dataobject.","type":"string"},"risk":{"description":"Value of the risk detected in the data object.","type":"integer","format":"int64"},"path":{"description":"Localization of the data object.","type":"string"},"datastoreName":{"description":"Name of the datastore which includes the data object.","type":"string"},"owner":{"description":"Name of the owner.","type":"string"},"type":{"description":"Type of the data object. File or Table","type":"string"},"partialScanResults":{"description":"Indicates if there are partial scan results","type":"boolean"},"matches":{"description":"Number of sensitive items found.","type":"integer","format":"int64"},"modified":{"description":"Date of last modification.","type":"string","format":"date-time"},"infoTypesTotal":{"description":"Number of distinct infotypes found.","type":"integer","format":"int64"},"infotypesDistribution":{"description":"array of infotypes found in the data object.","type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"infotype name"},"category":{"type":"string","description":"infotype category"},"value":{"type":"integer","format":"int64","description":"number of matches"},"searchPrecision":{"type":"string","format":"string","description":"Search precission for the infotype","enum":["HIGH","LOW","N/A"]},"riskWeight":{"type":"integer","description":"weight of each match in the risk formula"}}}},"DatastoreDeletedAt":{"description":"Date of deletion","type":"string","format":"date-time"},"classificationProfiles":{"description":"Classification profiles","type":"array","items":{"type":"string"}},"Metadata":{"description":"object of metadata details for the data object.","type":"object","properties":{"catalog":{"description":"array that contains the value of catalogs.","type":"array","items":{"description":"value of catalog.","type":"string"}},"classificationStatus":{"description":"array that contains the value of classification status.","type":"array","items":{"description":"value of classification status.","type":"string"}},"clientModified":{"description":"array that contains the value of client modified date.","type":"array","items":{"description":"value of client modified date.","type":"string"}},"date":{"description":"array that contains the value of date.","type":"array","items":{"description":"value of date.","type":"string"}},"dateModified":{"description":"array that contains the value of modified date.","type":"array","items":{"description":"value of modified date.","type":"string"}},"documentCreated":{"description":"array that contains the value of document created date.","type":"array","items":{"description":"value of document created date.","type":"string"}},"documentCreator":{"description":"array that contains the value of document creators.","type":"array","items":{"description":"value of document creator.","type":"string"}},"documentModified":{"description":"array that contains the value of document modified date.","type":"array","items":{"description":"value of document modified date.","type":"string"}},"documentModifier":{"description":"array that contains the value of document modifiers.","type":"array","items":{"description":"value of document modifiers.","type":"string"}},"encoding":{"description":"array that contains the value of encoding.","type":"array","items":{"description":"value of encoding.","type":"string"}},"fileCreated":{"description":"array that contains the value of file created date.","type":"array","items":{"description":"value of file created date.","type":"string"}},"fileModified":{"description":"array that contains the value of file modified date.","type":"array","items":{"description":"value of file modified date.","type":"string"}},"fileOwner":{"description":"array that contains the value of file owners.","type":"array","items":{"description":"value of file owners.","type":"string"}},"filename":{"description":"array that contains the value of filename.","type":"array","items":{"description":"value of filename.","type":"string"}},"folder":{"description":"array that contains the value of folder name.","type":"array","items":{"description":"value of folder name.","type":"string"}},"instance":{"description":"array that contains the value of instance.","type":"array","items":{"description":"value of instance.","type":"string"}},"keyColumns":{"description":"array that contains the value of key columns.","type":"array","items":{"description":"value of key column.","type":"string"}},"keySource":{"description":"array that contains the value of key sources.","type":"array","items":{"description":"value of key source.","type":"string"}},"mipLabelDescription":{"description":"array that contains the value of mip label descriptions.","type":"array","items":{"description":"value of mip label descriptions.","type":"string"}},"mipLabelName":{"description":"array that contains the value of mip label names.","type":"array","items":{"description":"value of mip label names.","type":"string"}},"mipLabelUID":{"description":"array that contains the value of mip label UID.","type":"array","items":{"description":"value of mip label UID.","type":"string"}},"mipLabelSensitivity":{"description":"array that contains the value of mip label sensitivities.","type":"array","items":{"description":"value of mip label sensitivities.","type":"string"}},"objectCreated":{"description":"array that contains the value of object created date.","type":"array","items":{"description":"value of object created date.","type":"string"}},"objectModified":{"description":"array that contains the value of object modified date.","type":"array","items":{"description":"value of object modified date.","type":"string"}},"permissionExecute":{"description":"array that contains the value of execution permissions.","type":"array","items":{"description":"value of execution permissions.","type":"string"}},"permissionFull":{"description":"array that contains the value of full permissions.","type":"array","items":{"description":"value of full permissions.","type":"string"}},"permissionModify":{"description":"array that contains the value of modify permissions.","type":"array","items":{"description":"value of modify permissions.","type":"string"}},"permissionRead":{"description":"array that contains the value of read permissions.","type":"array","items":{"description":"value of read permissions.","type":"string"}},"permissionSpecial":{"description":"array that contains the value of special permissions.","type":"array","items":{"description":"value of special permissions.","type":"string"}},"permissionWrite":{"description":"array that contains the values of write permissions.","type":"array","items":{"description":"value of write permissions.","type":"string"}},"processedRows":{"description":"array that contains the value of processed rows.","type":"array","items":{"description":"value of processed rows.","type":"integer","format":"int64"}},"schema":{"description":"array that contains the value of schema.","type":"array","items":{"description":"value of schema.","type":"string"}},"serverModified":{"description":"array that contains the value of server modified date.","type":"array","items":{"description":"value of server modified date.","type":"string"}},"table":{"description":"array that contains the value of table.","type":"array","items":{"description":"value of table.","type":"string"}},"track1":{"description":"array that contains the value of track1.","type":"array","items":{"description":"value of track1.","type":"string"}},"track2":{"description":"array that contains the value of track2.","type":"array","items":{"description":"value of track2.","type":"string"}}}},"ExtraMetadata":{"description":"metadata referred to columns information for datastores whose kind is data base.","type":"array","items":{"description":"object that contains the information about column matches.","type":"object","properties":{"columnName":{"description":"name of column.","type":"string"},"MatchesInfo":{"description":"array with matches information.","type":"array","items":{"description":"object that contains the information per match.","type":"object","properties":{"count":{"description":"number of matches.","type":"integer"},"infoTypeID":{"description":"identifier of infotype.","type":"string"},"infoTypeVersion":{"description":"version of infotype.","type":"integer"}}}}}}}}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/{id}/inaccessible-data-objects/export":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List All.","description":"Writes all the inaccessible data objects of the report in streaming.\n","tags":["DDC/Report"],"parameters":[{"name":"reportId","in":"query","type":"string","description":"Filters result to the rows based on reportID.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"type":"object","properties":{"scanExecutionId":{"description":"Id of the scan execution","type":"string"},"scanId":{"description":"ID of the scan","type":"string"},"datastoreId":{"description":"ID of the datastore","type":"string"},"datastoreName":{"description":"Name of the datastore","type":"string"},"datastoreDeleteAt":{"description":"Date when datastore was deleted.","type":"string","format":"date-time"},"name":{"description":"Name of the dataobject.","type":"string"},"Path":{"description":"Path of the dat object","type":"string"},"timestamp":{"description":"Data object timestamp.","type":"string","format":"date-time"},"inaccessibleDetails":{"description":"array of infotypes found in the data object.","type":"object","properties":{"description":{"description":"reason explaining the error","type":"string"},"severity":{"description":"severity level of the error","type":"string"}}}}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/dynamic/data-objects/{id}/report":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List All.","description":"Lists all the dataobjects of the scan given the dynamic query id.\nThe applied filters where selected when creating the dynamic query.\n","tags":["DDC/Report"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"scanExecutionId":{"description":"Id of the scan execution","type":"string"},"scanId":{"description":"ID of the scan","type":"string"},"datastoreId":{"description":"ID of the datastore","type":"string"},"name":{"description":"Name of the dataobject.","type":"string"},"risk":{"description":"Value of the risk detected in the data object.","type":"integer","format":"int64"},"path":{"description":"Localization of the data object.","type":"string"},"datastoreName":{"description":"Name of the datastore which includes the data object.","type":"string"},"owner":{"description":"Name of the owner.","type":"string"},"type":{"description":"Type of the data object. File or Table","type":"string"},"partialScanResults":{"description":"Indicates if there are partial scan results","type":"boolean"},"matches":{"description":"Number of sensitive items found.","type":"integer","format":"int64"},"modified":{"description":"Date of last modification.","type":"string","format":"date-time"},"infoTypesTotal":{"description":"Number of distinct infotypes found.","type":"integer","format":"int64"},"infotypesDistribution":{"description":"array of infotypes found in the data object.","type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"infotype name"},"category":{"type":"string","description":"infotype category"},"value":{"type":"integer","format":"int64","description":"number of matches"},"searchPrecision":{"type":"string","format":"string","description":"Search precission for the infotype","enum":["HIGH","LOW","N/A"]},"riskWeight":{"type":"integer","description":"weight of each match in the risk formula"}}}},"DatastoreDeletedAt":{"description":"Date of deletion","type":"string","format":"date-time"},"classificationProfiles":{"description":"Classification profiles","type":"array","items":{"type":"string"}},"Metadata":{"description":"object of metadata details for the data object.","type":"object","properties":{"catalog":{"description":"array that contains the value of catalogs.","type":"array","items":{"description":"value of catalog.","type":"string"}},"classificationStatus":{"description":"array that contains the value of classification status.","type":"array","items":{"description":"value of classification status.","type":"string"}},"clientModified":{"description":"array that contains the value of client modified date.","type":"array","items":{"description":"value of client modified date.","type":"string"}},"date":{"description":"array that contains the value of date.","type":"array","items":{"description":"value of date.","type":"string"}},"dateModified":{"description":"array that contains the value of modified date.","type":"array","items":{"description":"value of modified date.","type":"string"}},"documentCreated":{"description":"array that contains the value of document created date.","type":"array","items":{"description":"value of document created date.","type":"string"}},"documentCreator":{"description":"array that contains the value of document creators.","type":"array","items":{"description":"value of document creator.","type":"string"}},"documentModified":{"description":"array that contains the value of document modified date.","type":"array","items":{"description":"value of document modified date.","type":"string"}},"documentModifier":{"description":"array that contains the value of document modifiers.","type":"array","items":{"description":"value of document modifiers.","type":"string"}},"encoding":{"description":"array that contains the value of encoding.","type":"array","items":{"description":"value of encoding.","type":"string"}},"fileCreated":{"description":"array that contains the value of file created date.","type":"array","items":{"description":"value of file created date.","type":"string"}},"fileModified":{"description":"array that contains the value of file modified date.","type":"array","items":{"description":"value of file modified date.","type":"string"}},"fileOwner":{"description":"array that contains the value of file owners.","type":"array","items":{"description":"value of file owners.","type":"string"}},"filename":{"description":"array that contains the value of filename.","type":"array","items":{"description":"value of filename.","type":"string"}},"folder":{"description":"array that contains the value of folder name.","type":"array","items":{"description":"value of folder name.","type":"string"}},"instance":{"description":"array that contains the value of instance.","type":"array","items":{"description":"value of instance.","type":"string"}},"keyColumns":{"description":"array that contains the value of key columns.","type":"array","items":{"description":"value of key column.","type":"string"}},"keySource":{"description":"array that contains the value of key sources.","type":"array","items":{"description":"value of key source.","type":"string"}},"mipLabelDescription":{"description":"array that contains the value of mip label descriptions.","type":"array","items":{"description":"value of mip label descriptions.","type":"string"}},"mipLabelName":{"description":"array that contains the value of mip label names.","type":"array","items":{"description":"value of mip label names.","type":"string"}},"mipLabelUID":{"description":"array that contains the value of mip label UID.","type":"array","items":{"description":"value of mip label UID.","type":"string"}},"mipLabelSensitivity":{"description":"array that contains the value of mip label sensitivities.","type":"array","items":{"description":"value of mip label sensitivities.","type":"string"}},"objectCreated":{"description":"array that contains the value of object created date.","type":"array","items":{"description":"value of object created date.","type":"string"}},"objectModified":{"description":"array that contains the value of object modified date.","type":"array","items":{"description":"value of object modified date.","type":"string"}},"permissionExecute":{"description":"array that contains the value of execution permissions.","type":"array","items":{"description":"value of execution permissions.","type":"string"}},"permissionFull":{"description":"array that contains the value of full permissions.","type":"array","items":{"description":"value of full permissions.","type":"string"}},"permissionModify":{"description":"array that contains the value of modify permissions.","type":"array","items":{"description":"value of modify permissions.","type":"string"}},"permissionRead":{"description":"array that contains the value of read permissions.","type":"array","items":{"description":"value of read permissions.","type":"string"}},"permissionSpecial":{"description":"array that contains the value of special permissions.","type":"array","items":{"description":"value of special permissions.","type":"string"}},"permissionWrite":{"description":"array that contains the values of write permissions.","type":"array","items":{"description":"value of write permissions.","type":"string"}},"processedRows":{"description":"array that contains the value of processed rows.","type":"array","items":{"description":"value of processed rows.","type":"integer","format":"int64"}},"schema":{"description":"array that contains the value of schema.","type":"array","items":{"description":"value of schema.","type":"string"}},"serverModified":{"description":"array that contains the value of server modified date.","type":"array","items":{"description":"value of server modified date.","type":"string"}},"table":{"description":"array that contains the value of table.","type":"array","items":{"description":"value of table.","type":"string"}},"track1":{"description":"array that contains the value of track1.","type":"array","items":{"description":"value of track1.","type":"string"}},"track2":{"description":"array that contains the value of track2.","type":"array","items":{"description":"value of track2.","type":"string"}}}},"ExtraMetadata":{"description":"metadata referred to columns information for datastores whose kind is data base.","type":"array","items":{"description":"object that contains the information about column matches.","type":"object","properties":{"columnName":{"description":"name of column.","type":"string"},"MatchesInfo":{"description":"array with matches information.","type":"array","items":{"description":"object that contains the information per match.","type":"object","properties":{"count":{"description":"number of matches.","type":"integer"},"infoTypeID":{"description":"identifier of infotype.","type":"string"},"infoTypeVersion":{"description":"version of infotype.","type":"integer"}}}}}}}}}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"460":{"description":"Error, see code in the error:\n- DDCDynamicQueryExecutionRunningError - The dynamic query is still running\n- DDCDynamicQueryExecutionFailedError - The dynamic query failed. The cause is included as the error context.\n- DDCError - Unexpected error\n","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/dynamic/data-objects/{id}/status":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get dynamic query report status.","description":"Get dynamic query report status.\n","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"startTimestamp":{"description":"timestamp when the query execution started","type":"string","format":"date-time"},"endTimestamp":{"description":"timestamp when the query execution finished","type":"string","format":"date-time"},"status":{"description":"status of the dynamic query (RUNNING, COMPLETED, FAILED)","type":"string"},"error":{"description":"Error of the dynamic query if it failed","type":"string","format":"json"}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scan-trend-reports/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get the scan trend report info","description":"Get the scan trend report info with the name of the scan","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"type":"object","properties":{"reportTemplateId":{"description":"ID of the report template that generated the report","type":"string","format":"UUIDv4"},"reportTemplateVersion":{"description":"Version of the report template that generated the report","type":"integer"},"status":{"description":"Status of the report","type":"string","enum":["RUNNING","COMPLETED","FAILED"]},"new":{"description":"Marks if the report has been viewed or if it's new","type":"boolean"},"startTimestamp":{"description":"Timestamp when the report generation started","type":"string","format":"date-time"},"endTimestamp":{"description":"Timestamp when the report generation finished","type":"string","format":"date-time"},"error":{"description":"Error of the report generation if it failed","type":"string","format":"json"},"scans":{"description":"Scan executions contained in the report","type":"array","items":{"allOf":[{"type":"object","properties":{"id":{"description":"id of the scan","type":"string","format":"UUIDv4"},"executionDate":{"description":"timestamp for the scan execution","type":"string","format":"date-time"},"scanVersion":{"description":"version of the scan when it was executed","type":"integer"},"scanExecutionId":{"description":"id for the scan execution","type":"string","format":"UUIDv4"},"scanName":{"description":"name of the scan","type":"string"}}}]}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scan-trend-reports/{id}/data-objects-trend":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get the data objects info trend","description":"Get the data objects info trend","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"type":"object","properties":{"date":{"description":"Date of scan launch.","type":"string","format":"date-time"},"scanID":{"description":"ID of the scan.","type":"string"},"scanVersion":{"description":"Version of the scan.","type":"integer"},"modified":{"description":"Whether or not the scan has been modified.","type":"boolean"},"dataObjectScanned":{"description":"Scanned data objects.","type":"integer"},"sensitiveDataObjects":{"description":"Sensitive data objects.","type":"integer"},"infoTypesFoundCount":{"description":"Count of the infotypes found.","type":"integer"}}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scan-trend-reports/{id}/average-risk-trend":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get the data objects average risk","description":"Get the data objects average risk","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"type":"object","properties":{"date":{"description":"Date of scan launch.","type":"string","format":"date-time"},"scanID":{"description":"ID of the scan.","type":"string"},"scanExecutionID":{"description":"Scan Execution ID.","type":"string"},"scanVersion":{"description":"Version of the scan.","type":"integer"},"modified":{"description":"Whether or not the scan has been modified.","type":"boolean"},"averageRisk":{"description":"Average risk.","type":"integer"}}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scan-trend-reports/{id}/infotypes-trend":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get the infotypes info trend","description":"Get the infotypes info trend","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"type":"object","properties":{"date":{"description":"Date of scan launch.","type":"string","format":"date-time"},"infoTypesCount":{"description":"Count of the infotypes found.","type":"integer"},"scanID":{"description":"ID of the scan.","type":"string"},"scanVersion":{"description":"Version of the scan.","type":"integer"},"modified":{"description":"Whether or not the scan has been modified.","type":"boolean"},"infoTypesFound":{"description":"Array of infotypes found.","type":"array","items":{"type":"object","properties":{"infoTypeFamily":{"description":"Family of the infotype.","type":"string"},"name":{"description":"Name of the infotype.","type":"string"},"count":{"description":"Count of occurencies of this infotype found.","type":"integer"}}}}}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scan-trend-reports/{id}/data-objects/details/{scanExecutionId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List All.","description":"List all the dataobject details of the report. Results can be sorted by Risk, Name, Scan Name, Last Scan,\nBranch, Total Data Objects, Sensitive Objects.\n","tags":["DDC/Report"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"scanExecutionId","in":"path","required":true,"type":"string","description":"Filters result to the rows that contains all the values within this parameters split by Scan Execution ID.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"scanId":{"description":"ID of the scan","type":"string"},"scanVersion":{"description":"Scan version","type":"integer","format":"int64"},"scanExecutionId":{"description":"Id of the scan execution","type":"string"},"name":{"description":"Name of the dataobject.","type":"string"},"risk":{"description":"Value od the risk detected in the data object.","type":"integer","format":"int64"},"path":{"description":"Localization of the data object.","type":"string"},"datastoreID":{"description":"ID of the datastore.","type":"string"},"datastoreName":{"description":"Name of the datastore","type":"string"},"profiles":{"description":"Profiles.","type":"integer","format":"int64"},"infoTypesTotal":{"description":"Infotypes.","type":"integer","format":"int64"},"matches":{"description":"Number of sensitive items found.","type":"integer","format":"int64"}}}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/agents":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List all","description":"Lists all agents. Results can be refined with query params.","tags":["DDC/Agent"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name\n\n...will sort the results first by `name`.\n"},{"name":"filter","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any row with all the values present in the name column\n"},{"name":"name","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any row with all the values present in the name column\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"localStorageOnly":{"description":"If set to true the agent won't be used in automatic agent selection except for local storage datastores","type":"boolean"},"agentLabels":{"description":"Labels assigned to the agent","type":"array","items":{"type":"object","properties":{"id":{"description":"Label ID","type":"string","format":"UUIDv4"},"name":{"description":"Label name","type":"string"}}}},"platformCompatibility":{"description":"Platform family of the agent","type":"string"},"status":{"description":"Status of the agent - the possible values are 'CONNECTED' or 'NOT_CONNECTED'","type":"string","enum":["CONNECTED","NOT_CONNECTED"]},"connectedIp":{"description":"IP of the interface the agent used to connect to DDC","type":"string"},"timeDifference":{"description":"Difference between the agent and the server clocks in seconds.","type":"integer"},"version":{"description":"Version of the installed agent","type":"string"},"datastores":{"description":"Number of datastores associated with the agent","type":"integer"},"networkInterfaces":{"description":"List of network devices present on Agent system","type":"array","items":{"type":"object","properties":{"ip":{"description":"IP address of the connected network device","type":"string"}}}},"mountpoints":{"description":"List of mounted shares or devices on Agent host system","type":"array","items":{"type":"object","properties":{"path":{"description":"Path for the mount point / mount directory","type":"string"},"source":{"description":"Path for the source device","type":"string"},"network":{"description":"Returns true for network shares or network devices, returns false for local devices","type":"boolean"}}}}}}]}}}}]}}}}},"/v1/ddc/agents/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an agent with the given 'id'.","tags":["DDC/Agent"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"localStorageOnly":{"description":"If set to true the agent won't be used in automatic agent selection except for local storage datastores","type":"boolean"},"agentLabels":{"description":"Labels assigned to the agent","type":"array","items":{"type":"object","properties":{"id":{"description":"Label ID","type":"string","format":"UUIDv4"},"name":{"description":"Label name","type":"string"}}}},"platformCompatibility":{"description":"Platform family of the agent","type":"string"},"status":{"description":"Status of the agent - the possible values are 'CONNECTED' or 'NOT_CONNECTED'","type":"string","enum":["CONNECTED","NOT_CONNECTED"]},"connectedIp":{"description":"IP of the interface the agent used to connect to DDC","type":"string"},"timeDifference":{"description":"Difference between the agent and the server clocks in seconds.","type":"integer"},"version":{"description":"Version of the installed agent","type":"string"},"datastores":{"description":"Number of datastores associated with the agent","type":"integer"},"networkInterfaces":{"description":"List of network devices present on Agent system","type":"array","items":{"type":"object","properties":{"ip":{"description":"IP address of the connected network device","type":"string"}}}},"mountpoints":{"description":"List of mounted shares or devices on Agent host system","type":"array","items":{"type":"object","properties":{"path":{"description":"Path for the mount point / mount directory","type":"string"},"source":{"description":"Path for the source device","type":"string"},"network":{"description":"Returns true for network shares or network devices, returns false for local devices","type":"boolean"}}}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"put":{"summary":"Update","description":"Updates the details of an Agent.","tags":["DDC/Agent"],"parameters":[{"name":"body","in":"body","description":"The Agent properties to change.\n","schema":{"required":["localStorageOnly"],"properties":{"localStorageOnly":{"description":"If set to true the agent won't be used in automatic agent selection except for local storage datastores","type":"boolean"},"agentLabels":{"description":"Labels to assign to the agent","type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the label. If it doesn't exist it will be created.","type":"string"}}}}}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"localStorageOnly":{"description":"If set to true the agent won't be used in automatic agent selection except for local storage datastores","type":"boolean"},"agentLabels":{"description":"Labels assigned to the agent","type":"array","items":{"type":"object","properties":{"id":{"description":"Label ID","type":"string","format":"UUIDv4"},"name":{"description":"Label name","type":"string"}}}},"platformCompatibility":{"description":"Platform family of the agent","type":"string"},"status":{"description":"Status of the agent - the possible values are 'CONNECTED' or 'NOT_CONNECTED'","type":"string","enum":["CONNECTED","NOT_CONNECTED"]},"connectedIp":{"description":"IP of the interface the agent used to connect to DDC","type":"string"},"timeDifference":{"description":"Difference between the agent and the server clocks in seconds.","type":"integer"},"version":{"description":"Version of the installed agent","type":"string"},"datastores":{"description":"Number of datastores associated with the agent","type":"integer"},"networkInterfaces":{"description":"List of network devices present on Agent system","type":"array","items":{"type":"object","properties":{"ip":{"description":"IP address of the connected network device","type":"string"}}}},"mountpoints":{"description":"List of mounted shares or devices on Agent host system","type":"array","items":{"type":"object","properties":{"path":{"description":"Path for the mount point / mount directory","type":"string"},"source":{"description":"Path for the source device","type":"string"},"network":{"description":"Returns true for network shares or network devices, returns false for local devices","type":"boolean"}}}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/ml-agents":{"x-feature":"FF_DDC_ML","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List all","description":"Lists all agents. Results can be refined with query params.","tags":["DDC/Agent"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name\n\n...will sort the results first by `name`.\n"},{"name":"filter","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any row with all the values present in the name column\n"},{"name":"name","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any row with all the values present in the name column\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"localStorageOnly":{"description":"If set to true the agent won't be used in automatic agent selection except for local storage datastores","type":"boolean"},"agentLabels":{"description":"Labels assigned to the agent","type":"array","items":{"type":"object","properties":{"id":{"description":"Label ID","type":"string","format":"UUIDv4"},"name":{"description":"Label name","type":"string"}}}},"platformCompatibility":{"description":"Platform family of the agent","type":"string"},"status":{"description":"Status of the agent - the possible values are 'CONNECTED' or 'NOT_CONNECTED'","type":"string","enum":["CONNECTED","NOT_CONNECTED"]},"connectedIp":{"description":"IP of the interface the agent used to connect to DDC","type":"string"},"timeDifference":{"description":"Difference between the agent and the server clocks in seconds.","type":"integer"},"version":{"description":"Version of the installed agent","type":"string"},"datastores":{"description":"Number of datastores associated with the agent","type":"integer"},"mlAgentID":{"description":"Client ID of the agent","type":"string"},"configProfileID":{"description":"Config profile ID of the agent","type":"string"},"configProfileName":{"description":"Config profile name of the agent","type":"string"},"type":{"description":"Type of agent","type":"string"},"platform":{"description":"OS platform of the agent","type":"string"},"accessedAt":{"description":"Latest access time of the agent","type":"string"},"connectivity":{"description":"Various connectivity errors of the ml-agent in a string map. For example,\n```\n\"connectivity\": {\n \"apiError\": \"e30=\",\n \"streamError\": \"e30=\",\n \"systemError\": \"e30=\"\n}\n```\nRefer to ML Agent documentation for the list of available options.\n","type":"object"},"proxy":{"description":"Check if it is a proxy agent","type":"boolean"},"networks":{"description":"List of network devices present on Agent system","type":"array","items":{"type":"object","properties":{"ip":{"description":"IP address of the connected network device","type":"string"}}}},"publicKey":{"description":"Public key of the agent","type":"string"}}}]}}}}]}}}}},"/v1/ddc/ml-agents/{id}":{"x-feature":"FF_DDC_ML","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an agent with the given 'id'.","tags":["DDC/Agent"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"localStorageOnly":{"description":"If set to true the agent won't be used in automatic agent selection except for local storage datastores","type":"boolean"},"agentLabels":{"description":"Labels assigned to the agent","type":"array","items":{"type":"object","properties":{"id":{"description":"Label ID","type":"string","format":"UUIDv4"},"name":{"description":"Label name","type":"string"}}}},"platformCompatibility":{"description":"Platform family of the agent","type":"string"},"status":{"description":"Status of the agent - the possible values are 'CONNECTED' or 'NOT_CONNECTED'","type":"string","enum":["CONNECTED","NOT_CONNECTED"]},"connectedIp":{"description":"IP of the interface the agent used to connect to DDC","type":"string"},"timeDifference":{"description":"Difference between the agent and the server clocks in seconds.","type":"integer"},"version":{"description":"Version of the installed agent","type":"string"},"datastores":{"description":"Number of datastores associated with the agent","type":"integer"},"mlAgentID":{"description":"Client ID of the agent","type":"string"},"configProfileID":{"description":"Config profile ID of the agent","type":"string"},"configProfileName":{"description":"Config profile name of the agent","type":"string"},"type":{"description":"Type of agent","type":"string"},"platform":{"description":"OS platform of the agent","type":"string"},"accessedAt":{"description":"Latest access time of the agent","type":"string"},"connectivity":{"description":"Various connectivity errors of the ml-agent in a string map. For example,\n```\n\"connectivity\": {\n \"apiError\": \"e30=\",\n \"streamError\": \"e30=\",\n \"systemError\": \"e30=\"\n}\n```\nRefer to ML Agent documentation for the list of available options.\n","type":"object"},"proxy":{"description":"Check if it is a proxy agent","type":"boolean"},"networks":{"description":"List of network devices present on Agent system","type":"array","items":{"type":"object","properties":{"ip":{"description":"IP address of the connected network device","type":"string"}}}},"publicKey":{"description":"Public key of the agent","type":"string"}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"put":{"summary":"Update","description":"Updates the details of an Agent.","tags":["DDC/Agent"],"parameters":[{"name":"body","in":"body","description":"The Agent properties to change.","schema":{"type":"object","properties":{"agentLabels":{"description":"Labels to assign to the agent","type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the label. If it doesn't exist it will be created.","type":"string"}}}}}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"localStorageOnly":{"description":"If set to true the agent won't be used in automatic agent selection except for local storage datastores","type":"boolean"},"agentLabels":{"description":"Labels assigned to the agent","type":"array","items":{"type":"object","properties":{"id":{"description":"Label ID","type":"string","format":"UUIDv4"},"name":{"description":"Label name","type":"string"}}}},"platformCompatibility":{"description":"Platform family of the agent","type":"string"},"status":{"description":"Status of the agent - the possible values are 'CONNECTED' or 'NOT_CONNECTED'","type":"string","enum":["CONNECTED","NOT_CONNECTED"]},"connectedIp":{"description":"IP of the interface the agent used to connect to DDC","type":"string"},"timeDifference":{"description":"Difference between the agent and the server clocks in seconds.","type":"integer"},"version":{"description":"Version of the installed agent","type":"string"},"datastores":{"description":"Number of datastores associated with the agent","type":"integer"},"mlAgentID":{"description":"Client ID of the agent","type":"string"},"configProfileID":{"description":"Config profile ID of the agent","type":"string"},"configProfileName":{"description":"Config profile name of the agent","type":"string"},"type":{"description":"Type of agent","type":"string"},"platform":{"description":"OS platform of the agent","type":"string"},"accessedAt":{"description":"Latest access time of the agent","type":"string"},"connectivity":{"description":"Various connectivity errors of the ml-agent in a string map. For example,\n```\n\"connectivity\": {\n \"apiError\": \"e30=\",\n \"streamError\": \"e30=\",\n \"systemError\": \"e30=\"\n}\n```\nRefer to ML Agent documentation for the list of available options.\n","type":"object"},"proxy":{"description":"Check if it is a proxy agent","type":"boolean"},"networks":{"description":"List of network devices present on Agent system","type":"array","items":{"type":"object","properties":{"ip":{"description":"IP address of the connected network device","type":"string"}}}},"publicKey":{"description":"Public key of the agent","type":"string"}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/ml-agents/{id}/config-profile":{"x-feature":"FF_DDC_ML","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a Config Profile associated with the given agent 'id'.","tags":["DDC/Agent"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of the Config Profile.","type":"string"},"dataEngineConfig":{"description":"Data Engine configuration of the Config Profile.","type":"object","properties":{"serverURI":{"description":"URI for the Data Engine server in Hadoop service.","type":"string"}}},"knoxConfig":{"description":"Knox configuration of the Config Profile.","type":"object","properties":{"name":{"description":"Name of the Hadoop connection as in Connection Manager.","type":"string"},"service":{"description":"Name of the Hadoop connection service as in Connection Manager.","type":"string"},"username":{"description":"Username of the HDFS account","type":"string"},"topology":{"description":"Topology for the Hadoop connection.","type":"string","example":"default"},"nodes":{"description":"List of Knox nodes for the Hadoop connection service.","type":"array","items":{"type":"object","properties":{"hostname":{"description":"Hostname of the Knox node.","type":"string"},"port":{"description":"Port of the Knox node.","type":"integer"},"protocol":{"description":"Communication protocol of the Knox node.","type":"string","example":"https"},"serverCertificate":{"description":"Certificate for the Knox node.","type":"string"}}}}}},"metaConfig":{"description":"All other configurations of a Config Profile in a string map. For example,\n```\n{\n \"ddc_prediction_report_threshold\": \"5\",\n \"ddc_prediction_batch_number\": \"4\"\n}\n```\n\nRefer to ML Agent documentation for the list of available options.\n","type":"object"}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/config-profiles":{"x-feature":"FF_DDC_ML","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Config Profile for agents.","tags":["DDC/ConfigProfile"],"parameters":[{"name":"body","in":"body","description":"Config Profile properties","schema":{"allOf":[{"type":"object","required":["name","kafkaConfig","dataEngineConfig"],"properties":{"name":{"description":"Name of the Config Profile.","type":"string"},"description":{"description":"Description of Config Profile.","type":"string"},"dataEngineConfig":{"description":"Data Engine configuration of the Config Profile.","type":"object","properties":{"serverURI":{"description":"URI for the Data Engine server in Hadoop service.","type":"string"}}},"metaConfig":{"description":"All other configurations of a Config Profile in a string map. For example,\n```\n{ \n \"ddc_prediction_report_threshold\": \"5\",\n \"ddc_prediction_batch_number\": \"4\"\n}\n```\n\nRefer to ML Agent documentation for the list of available options.\n","type":"object"}}}]}}],"responses":{"200":{"description":"Successful Config Profile creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of the Config Profile.","type":"string"},"dataEngineConfig":{"description":"Data Engine configuration of the Config Profile.","type":"object","properties":{"serverURI":{"description":"URI for the Data Engine server in Hadoop service.","type":"string"}}},"knoxConfig":{"description":"Knox configuration of the Config Profile.","type":"object","properties":{"name":{"description":"Name of the Hadoop connection as in Connection Manager.","type":"string"},"service":{"description":"Name of the Hadoop connection service as in Connection Manager.","type":"string"},"username":{"description":"Username of the HDFS account","type":"string"},"topology":{"description":"Topology for the Hadoop connection.","type":"string","example":"default"},"nodes":{"description":"List of Knox nodes for the Hadoop connection service.","type":"array","items":{"type":"object","properties":{"hostname":{"description":"Hostname of the Knox node.","type":"string"},"port":{"description":"Port of the Knox node.","type":"integer"},"protocol":{"description":"Communication protocol of the Knox node.","type":"string","example":"https"},"serverCertificate":{"description":"Certificate for the Knox node.","type":"string"}}}}}},"metaConfig":{"description":"All other configurations of a Config Profile in a string map. For example,\n```\n{\n \"ddc_prediction_report_threshold\": \"5\",\n \"ddc_prediction_batch_number\": \"4\"\n}\n```\n\nRefer to ML Agent documentation for the list of available options.\n","type":"object"}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"get":{"summary":"List all","description":"Lists all Config Profiles for agents. Results can be refined with query params.","tags":["DDC/ConfigProfile"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name\n\n...will sort the results first by `name`.\n"},{"name":"filter","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any row with all the values present in the name column\n"},{"name":"name","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any row with all the values present in the name column\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of the Config Profile.","type":"string"},"dataEngineConfig":{"description":"Data Engine configuration of the Config Profile.","type":"object","properties":{"serverURI":{"description":"URI for the Data Engine server in Hadoop service.","type":"string"}}},"knoxConfig":{"description":"Knox configuration of the Config Profile.","type":"object","properties":{"name":{"description":"Name of the Hadoop connection as in Connection Manager.","type":"string"},"service":{"description":"Name of the Hadoop connection service as in Connection Manager.","type":"string"},"username":{"description":"Username of the HDFS account","type":"string"},"topology":{"description":"Topology for the Hadoop connection.","type":"string","example":"default"},"nodes":{"description":"List of Knox nodes for the Hadoop connection service.","type":"array","items":{"type":"object","properties":{"hostname":{"description":"Hostname of the Knox node.","type":"string"},"port":{"description":"Port of the Knox node.","type":"integer"},"protocol":{"description":"Communication protocol of the Knox node.","type":"string","example":"https"},"serverCertificate":{"description":"Certificate for the Knox node.","type":"string"}}}}}},"metaConfig":{"description":"All other configurations of a Config Profile in a string map. For example,\n```\n{\n \"ddc_prediction_report_threshold\": \"5\",\n \"ddc_prediction_batch_number\": \"4\"\n}\n```\n\nRefer to ML Agent documentation for the list of available options.\n","type":"object"}}}]}}}}]}}}}},"/v1/ddc/config-profiles/{id}":{"x-feature":"FF_DDC_ML","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a Config Profile with the given 'id'.","tags":["DDC/ConfigProfile"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of the Config Profile.","type":"string"},"dataEngineConfig":{"description":"Data Engine configuration of the Config Profile.","type":"object","properties":{"serverURI":{"description":"URI for the Data Engine server in Hadoop service.","type":"string"}}},"knoxConfig":{"description":"Knox configuration of the Config Profile.","type":"object","properties":{"name":{"description":"Name of the Hadoop connection as in Connection Manager.","type":"string"},"service":{"description":"Name of the Hadoop connection service as in Connection Manager.","type":"string"},"username":{"description":"Username of the HDFS account","type":"string"},"topology":{"description":"Topology for the Hadoop connection.","type":"string","example":"default"},"nodes":{"description":"List of Knox nodes for the Hadoop connection service.","type":"array","items":{"type":"object","properties":{"hostname":{"description":"Hostname of the Knox node.","type":"string"},"port":{"description":"Port of the Knox node.","type":"integer"},"protocol":{"description":"Communication protocol of the Knox node.","type":"string","example":"https"},"serverCertificate":{"description":"Certificate for the Knox node.","type":"string"}}}}}},"metaConfig":{"description":"All other configurations of a Config Profile in a string map. For example,\n```\n{\n \"ddc_prediction_report_threshold\": \"5\",\n \"ddc_prediction_batch_number\": \"4\"\n}\n```\n\nRefer to ML Agent documentation for the list of available options.\n","type":"object"}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"put":{"summary":"Update","description":"Updates the details of a Config Profile.","tags":["DDC/ConfigProfile"],"parameters":[{"name":"body","in":"body","description":"Config Profile properties to change.","schema":{"allOf":[{"type":"object","properties":{"name":{"description":"Name of the Config Profile.","type":"string"},"description":{"description":"Description of Config Profile.","type":"string"},"dataEngineConfig":{"description":"Data Engine configuration of the Config Profile.","type":"object","properties":{"serverURI":{"description":"URI for the Data Engine server in Hadoop service.","type":"string"}}},"metaConfig":{"description":"All other configurations of a Config Profile in a string map. For example, \n```\n{\n \"ddc_prediction_report_threshold\": \"5\",\n \"ddc_prediction_batch_number\": \"4\"\n}\n```\n\nRefer to ML Agent documentation for the list of available options.\n","type":"object"}}}]}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of the Config Profile.","type":"string"},"dataEngineConfig":{"description":"Data Engine configuration of the Config Profile.","type":"object","properties":{"serverURI":{"description":"URI for the Data Engine server in Hadoop service.","type":"string"}}},"knoxConfig":{"description":"Knox configuration of the Config Profile.","type":"object","properties":{"name":{"description":"Name of the Hadoop connection as in Connection Manager.","type":"string"},"service":{"description":"Name of the Hadoop connection service as in Connection Manager.","type":"string"},"username":{"description":"Username of the HDFS account","type":"string"},"topology":{"description":"Topology for the Hadoop connection.","type":"string","example":"default"},"nodes":{"description":"List of Knox nodes for the Hadoop connection service.","type":"array","items":{"type":"object","properties":{"hostname":{"description":"Hostname of the Knox node.","type":"string"},"port":{"description":"Port of the Knox node.","type":"integer"},"protocol":{"description":"Communication protocol of the Knox node.","type":"string","example":"https"},"serverCertificate":{"description":"Certificate for the Knox node.","type":"string"}}}}}},"metaConfig":{"description":"All other configurations of a Config Profile in a string map. For example,\n```\n{\n \"ddc_prediction_report_threshold\": \"5\",\n \"ddc_prediction_batch_number\": \"4\"\n}\n```\n\nRefer to ML Agent documentation for the list of available options.\n","type":"object"}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Sets the Config Profile with the given `id` to the deleted status.","tags":["DDC/ConfigProfile"],"responses":{"204":{"description":"The Config Profile was successfully set to the deleted status."},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Unprocessable entity - The supplied ID has an incorrect format","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"460":{"description":"The current Config Profile status doesn't allow the delete operation.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/local-storage":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new local storage Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"local storage datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/local-storage/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"update a new local storage Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"local storage datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/ibm-db2":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new IBM db2 Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"IBM db2 datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/ibm-db2/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a IBM db2 Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"IBM db2 datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/oracle-db":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Oracle db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"IBM db2 datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/oracle-db/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a Oracle db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"IBM db2 datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/microsoft-sql-db":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Microsoft SQL db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Microsoft SQL db datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/microsoft-sql-db/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a Microsoft SQL db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Microsoft SQL db datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/postgresql-db":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new PostgresSQL db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Postgres SQL datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/postgresql-db/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a PostgresSQL db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Postgres SQL datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/sap-hana-db":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new SAP HANA db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"SAP Hana DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/sap-hana-db/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a SAP HANA db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"SAP Hana DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/mysql-db":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new MySQL db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"MySQL datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/mysql-db/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a MySQL db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"MySQL datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/teradata-db":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Teradata db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Teradata DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/teradata-db/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a Teradata db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Teradata DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/mongo-db":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Mongo db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Mongo DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"authDatabase":{"type":"string","description":"Authorization database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/mongo-db/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a Teradata db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Mongo DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"authDatabase":{"type":"string","description":"Authorization database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/windows-share":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Windows Share Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Windows Share datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."},"path":{"type":"string","description":"Shared folder name."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/windows-share/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a Windows Share Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Windows Share datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"},"path":{"type":"string","description":"Shared folder name."}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/unix-file-share":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Unix file Share Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Unix File Share datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"path":{"type":"string","description":"Shared folder path."},"proxyHostname":{"type":"string","description":"hostname of the agent when the shared folder is mounted"},"proxyPath":{"type":"string","description":"mount point in the agent"}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/unix-file-share/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a Unix file Share Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Unix File Share datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"path":{"type":"string","description":"Shared folder path."},"proxyHostname":{"type":"string","description":"hostname of the agent when the shared folder is mounted"},"proxyPath":{"type":"string","description":"mount point in the agent"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/hadoop-cluster":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a Hadoop cluster Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Hadoop Cluster datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"hdfs port"}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/hadoop-cluster/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a Hadoop cluster Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Hadoop Cluster datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"hdfs port"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/amazon-s3":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an Amazon s3 Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Amazon s3 datastore connection.","type":"object","properties":{"accessKeyId":{"type":"string","description":"access key ID"},"secretAccessKey":{"type":"string","description":"secret access key"}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/amazon-s3/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a Amazon s3 Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Amazon s3 datastore connection.","type":"object","properties":{"accessKeyId":{"type":"string","description":"access key ID"},"secretAccessKey":{"type":"string","description":"secret access key"},"editSecretAccessKey":{"type":"boolean","description":"set to true to edit the secret access key"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/azure-blob":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an Azure Blob datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure blob datastore connection.","type":"object","properties":{"accountName":{"type":"string","description":"azure account name"},"username":{"type":"string","description":"azure username"},"password":{"type":"string","description":"password to access the datastore"}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/azure-blob/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Azure Blob Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure blob datastore connection.","type":"object","properties":{"accountName":{"type":"string","description":"azure account name"},"username":{"type":"string","description":"azure username"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/azure-table":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an Azure Table datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure table datastore connection.","type":"object","properties":{"accountName":{"type":"string","description":"azure account name"},"username":{"type":"string","description":"azure username"},"password":{"type":"string","description":"password to access the datastore"}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/azure-table/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Azure Table Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure table datastore connection.","type":"object","properties":{"accountName":{"type":"string","description":"azure account name"},"username":{"type":"string","description":"azure username"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/office365-sharepoint-online":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an Office365 Sharepoint datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure Office365 Sharepoint Online datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"sharepoint domain"},"clientId":{"type":"string","description":"sharepoint client id"},"tenantId":{"type":"string","description":"sharepoint tenant id"},"clientSecretKey":{"type":"string","description":"client secret key."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/office365-sharepoint-online/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Office365 Sharepoint Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure Office365 Sharepoint Online datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"sharepoint domain"},"clientId":{"type":"string","description":"sharepoint client id"},"tenantId":{"type":"string","description":"sharepoint tenant id"},"clientSecretKey":{"type":"string","description":"client secret key. Only fill with editClientSecretKey=true"},"editClientSecretKey":{"type":"boolean","description":"set to true to edit the client secret key"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/office365-exchange-online":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an Office365 Exchange datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Office365 Exchange Online datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"exchange domain"},"clientId":{"type":"string","description":"exchange client id"},"tenantId":{"type":"string","description":"exchange tenant id"},"clientSecretKey":{"type":"string","description":"client secret key."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/office365-exchange-online/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Office365 Exchage Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Office365 Exchange Online datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"exchange domain"},"clientId":{"type":"string","description":"exchange client id"},"tenantId":{"type":"string","description":"exchange tenant id"},"clientSecretKey":{"type":"string","description":"client secret key. Only fill with editClientSecretKey=true"},"editClientSecretKey":{"type":"boolean","description":"set to true to edit the client secret key"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/office365-onedrive-business":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an Office365 OneDrive Business datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Office365 OneDrive Business datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"OneDrive Business domain"},"clientId":{"type":"string","description":"OneDrive Business client id"},"tenantId":{"type":"string","description":"OneDrive Business tenant id"},"clientSecretKey":{"type":"string","description":"client secret key."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/office365-onedrive-business/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Office365 OneDrive Business Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Office365 OneDrive Business datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"OneDrive Business domain"},"clientId":{"type":"string","description":"OneDrive Business client id"},"tenantId":{"type":"string","description":"OneDrive Business tenant id"},"clientSecretKey":{"type":"string","description":"client secret key. Only fill with editClientSecretKey=true"},"editClientSecretKey":{"type":"boolean","description":"set to true to edit the client secret key"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/exchange-server":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an Exchange Server datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Exchange Server datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"Exchange Server domain"},"username":{"type":"string","description":"Exchange Server username"},"password":{"type":"string","description":"Exchange Server password."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/exchange-server/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Exchange Server Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Exchange Server datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"Exchange Server domain"},"username":{"type":"string","description":"Exchange Server username"},"password":{"type":"string","description":"password for exchange server. Only fill with editPassword=true"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/google-mail":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a Google Mail datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Mail datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"google domain"},"username":{"type":"string","description":"google username"},"serviceAccountID":{"type":"string","description":"service account id."},"privateKey":{"type":"string","description":"private key."},"privateKeyFilename":{"type":"string","description":"private key file name."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/google-mail/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Google Mail Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Mail datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"google domain"},"username":{"type":"string","description":"google username"},"serviceAccountID":{"type":"string","description":"service account id. Only set with editServiceAccountID=true"},"editServiceAccountID":{"type":"boolean","description":"set to true to edit the service account id"},"privateKey":{"type":"string","description":"private key. Only set with editPrivateKey=true"},"editPrivateKey":{"type":"boolean","description":"set to true to edit the private key"},"privateKeyFilename":{"type":"string","description":"private key file name."}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/google-drive":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a Google Drive datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Drive datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"google domain"},"username":{"type":"string","description":"google username"},"serviceAccountID":{"type":"string","description":"service account id."},"privateKey":{"type":"string","description":"private key."},"privateKeyFilename":{"type":"string","description":"private key file name."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/google-drive/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Google Drive Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Drive datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"google domain"},"username":{"type":"string","description":"google username"},"serviceAccountID":{"type":"string","description":"service account id. Only set with editServiceAccountID=true"},"editServiceAccountID":{"type":"boolean","description":"set to true to edit the service account id"},"privateKey":{"type":"string","description":"private key. Only set with editPrivateKey=true"},"editPrivateKey":{"type":"boolean","description":"set to true to edit the private key"},"privateKeyFilename":{"type":"string","description":"private key file name."}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/sharepoint-server":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a Sharepoint Server datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Drive datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"share point server hostname"},"username":{"type":"string","description":"username"},"password":{"type":"string","description":"password"},"apiPassword":{"type":"string","description":"api password."},"apiPasswordsFilename":{"type":"string","description":"api password file name."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/sharepoint-server/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Sharepoint Server Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Drive datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"share point server hostname"},"username":{"type":"string","description":"username"},"password":{"type":"string","description":"password. Only set with editPassword=true"},"editPassword":{"type":"boolean","description":"set to true to edit the password"},"apiPassword":{"type":"string","description":"api password. Only set with editAPIPasswords=true"},"editApiPassword":{"type":"boolean","description":"set to true to edit the api password"},"apiPasswordsFilename":{"type":"string","description":"api password file name."}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/salesforce":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a Salesforce datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Salesforce datastore connection.","type":"object","required":["privateKeyFilename"],"properties":{"salesforceAccount":{"type":"string","description":"salesforce account"},"consumerKey":{"type":"string","description":"consumer key"},"privateKey":{"type":"string","description":"private key"},"privateKeyFilename":{"type":"string","description":"filename private key"}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/salesforce/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Sharepoint Server Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Salesforce datastore connection.","type":"object","required":["privateKeyFilename"],"properties":{"salesforceAccount":{"type":"string","description":"salesforce account"},"consumerKey":{"type":"string","description":"consumer key. Only set with editConsumerKey=true"},"editConsumerKey":{"type":"string","description":"set to true to edit the consumer key"},"privateKey":{"type":"string","description":"private key. Only set with editPrivateKey=true"},"editPrivateKey":{"type":"boolean","description":"set to true to edit the private key"},"privateKeyFilename":{"type":"string","description":"filename private key"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List all","description":"Lists all datastores. Results can be refined with query params.","tags":["DDC/DataStore"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"filter","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any column with all the values present in any of these columns:\nname, description, type, branch location name, sensitivity level name.\n"},{"name":"id","in":"query","type":"string","description":"Filter by ID\n"},{"name":"type","in":"query","type":"string","description":"Returns the rows that contains any of the types of the filter split by commas.\nValid values: LOCAL_STORAGE, HADOOP_CLUSTER, IBM_DB2, ORACLE_DB, MICROSOFT_SQL_DB, UNIX_FILE_SHARE, WINDOWS_SHARE\n"},{"name":"agentStatus","in":"query","type":"string","description":"Returns the rows that contains any of the agent status of the filter split by commas.\nValid values: VALIDATING, FAILED, READY\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}}}}]}}}},"post":{"summary":"Create","description":"Creates a new Datastore (this endpoint is deprecated, please use the specific datastore connection for the create, like /datastore/local-storage).\n","tags":["DDC/DataStore","deprecated"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","properties":{"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a Datastore with the given `id`.","tags":["DDC/DataStore"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}}}},"put":{"summary":"Update","description":"Updates the details of a Datastore. (this endpoint is deprecated, please use the specific datastore connection for the update, like /datastore/local-storage/{id}).","tags":["DDC/DataStore","deprecated"],"parameters":[{"name":"body","in":"body","description":"The Datastore properties to change. The properties will be merged\nwith the Datastore resource.\n","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object"},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","properties":{"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n - editSecretAccessKey:\n - type: boolean\n - description: set to true to edit the secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key. Only fill with editClientSecretKey=true\n - editClientSecretKey:\n - type: boolean\n - description: set to true to edit the client secret key\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key. Only fill with editClientSecretKey=true\n - editClientSecretKey:\n - type: boolean\n - description: set to true to edit the client secret key\n-EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password. Only fill with editPassword=true\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id. Only set with editServiceAccountID=true\n - editServiceAccountID:\n - type: boolean\n - description: set to true to edit the service account id\n - privateKey:\n - type: string\n - description: private key. Only set with editPrivateKey=true\n - editPrivateKey:\n - type: boolean\n - description: set to true to edit the private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id. Only set with editServiceAccountID=true\n - editServiceAccountID:\n - type: boolean\n - description: set to true to edit the service account id\n - privateKey:\n - type: string\n - description: private key. Only set with editPrivateKey=true\n - editPrivateKey:\n - type: boolean\n - description: set to true to edit the private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password. Only set with editPassword=true \n - editPassword:\n - type: string\n - description: set to true to edit the passowrd\n - apiPassword:\n - type: string\n - description: api password. Only set with editAPIPasswords=true\n - editAPIPasswords:\n - type: string\n - description: set to true to edit the api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"}}}]}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Sets the datastore with the given `id` to the deleted status.","tags":["DDC/DataStore"],"responses":{"204":{"description":"The datastore was successfully set to the deleted status."},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Unprocessable entity - The supplied ID has an incorrect format","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"460":{"description":"The current datastore status doesn't allow the delete operation.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/by-type":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Lists datastore types and the number of datastores.","tags":["DDC/DataStore"],"responses":{"200":{"description":"Successful retrieval of resource list.","schema":{"type":"array","items":{"type":"object","properties":{"type":{"description":"Datastore type.","type":"string"},"count":{"description":"Number of datastores by type.","type":"integer"}}}}}}}},"/v1/ddc/datastores/group-by-type":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Lists of datastores grouped by type, each type is encapsulated in an object that contains the type and the array of datastores.","tags":["DDC/DataStore"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"filter","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any column with all the values present in the name column.\n"},{"name":"name","in":"query","type":"string","description":"Filters results to those with matching names. The '?' and '*' wildcard characters may be used."},{"name":"duration","in":"query","type":"string","description":"Filters results to those with matching ranges in hours. The ranges are separated by commas. Each range is a pair of numbers separated by the '-' character. n- range will search for durations from n hours. -n range will search for durations up to n hours. NA range will search for rows with the column set to null. Example - 0-2,4-8,12-,NA"},{"name":"lastScanAfter","in":"query","type":"string","format":"date","description":"Filters scans executed after the specified Date/time\n"},{"name":"status","in":"query","type":"string","format":"string","description":"Valid types: RUNNING, COMPLETED, DISABLED, FAILED, PAUSED, N/A\n"},{"name":"lastScanBefore","in":"query","type":"string","format":"date","description":"Filters scans executed before the specified Date/time\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"type":{"description":"Datastores group type.","type":"string"},"dataStores":{"description":"datastores of previous type.","type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}}}}}}}]}}}}},"/v1/ddc/datastores/scanned":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Get the percentage of datastores scanned.","tags":["DDC/DataStore"],"parameters":[{"name":"date","in":"query","type":"string","format":"date","description":"Filters results with datastores scanned after the date received as parameter.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"totalDatastores":{"description":"Total number of datastores.","type":"integer"},"scannedDatastores":{"description":"Total number of scanned datastores.","type":"integer"},"sensitiveDatastores":{"description":"number of datastores with sensitive data.","type":"integer"}}}}}}},"/v1/ddc/datastores/sensitive-percentage":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Get the percentege of datastores with sensitive data. (Deprecated. Use /datastores/scanned instead)","tags":["DDC/DataStore","deprecated"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"totalDatastores":{"description":"Total number of datastores.","type":"integer"},"scannedDatastores":{"description":"Total number of scanned datastores.","type":"integer"},"sensitiveDatastores":{"description":"number of datastores with sensitive data.","type":"integer"}}}}}}},"/v1/ddc/datastores/{id}/status":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Updates the status of the Datastore.","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"The Datastore status you want to update\n","schema":{"type":"object","properties":{"status":{"description":"Status of Datastore.","type":"boolean"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"TBD","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/{id}/agent-search":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Launches the search for a target.","tags":["DDC/DataStore"],"responses":{"200":{"description":"OK"}}}},"/v1/ddc/datastores/{id}/connection-test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Launches connectivity test of datastore with agent.","tags":["DDC/DataStore"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"status":{"description":"Connection status.","type":"string","enum":["RUNNING","COMPLETED"]},"processID":{"description":"Process ID","type":"string","format":"uuid"}}}}}}},"/v1/ddc/datastores/connection-test/{processID}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns RUNNING/COMPLETED status based on connectivity test state of agents with Datastore.","tags":["DDC/DataStore"],"parameters":[{"name":"processID","in":"path","description":"An identifier of get datastore connection status with agent.","type":"string","format":"UUID","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"status":{"description":"Connection status.","type":"string","enum":["RUNNING","COMPLETED"]},"processID":{"description":"Process ID","type":"string","format":"uuid"}}}},"404":{"description":"Resource Not Found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/report-template":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Report Aggregated Template (this endpoint is deprecated please use /report-template/scan/aggregated).\n","tags":["DDC/ReportTemplate","deprecated"],"parameters":[{"name":"body","in":"body","description":"Report Template configuration","schema":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["source","analysis","scans"],"properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"source":{"description":"Source of ReportTemplate.","type":"string"},"analysis":{"description":"Analysis of ReportTemplate.","type":"string"},"scans":{"description":"Array Scans of the reportTemplate","type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the scan selected for the report.","type":"string"},"scanExecutionId":{"description":"ScanExecutionID is the execution ID of the scan (Set to empty to use latest).","type":"string"},"scanName":{"description":"ScanName of the scan selected for the report.","type":"string"},"latest":{"description":"True for last execution.","type":"boolean"},"executionDate":{"description":"ExecutionDate of the scan selected for the report.","format":"date-time"}}}]}},"autoGenerateReport":{"x-feature":"FF_REPORT_REGENERATION","description":"Whether regenerate the report once new executions of associated scans are available.","type":"boolean"}}}]}}],"responses":{"201":{"description":"Successful Report Template creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"meta":{"description":"Meta data of ReportTemplate.","type":"object"},"source":{"description":"Source of the Report Template.","type":"string"},"analysis":{"description":"Source of the Report Template.","type":"string"},"schedule":{"description":"Schedule Report Template.","type":"string"},"lastRun":{"description":"Last Run Report Template.","type":"string","format":"date-time"},"status":{"description":"Status od the Report Template.","type":"string"},"scans":{"type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the execution selected for the report.","type":"string"},"scanName":{"description":"scanName of the execution selected for the report.","type":"string"},"scanExecutionId":{"description":"scanExecutionId of the execution selected for the report.","type":"string"},"latest":{"description":"True for LastExecution.","type":"boolean"},"executionDate":{"description":"ExecutionDate selected by user.","type":"string","format":"date-time"}}}]}},"autoGenerateReport":{"x-feature":"FF_REPORT_REGENERATION","description":"Whether regenerate the report once new executions of associated scans are available.","type":"boolean"}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"get":{"summary":"List all","description":"Lists all Report Templates . Results can be refined with query params.","tags":["DDC/ReportTemplate"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name\n\n...will sort the results first by `name`.\n"},{"name":"filter","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any column with all the values present in any of these columns:\nname.\n"},{"name":"type","in":"query","type":"string","description":"This filter allows you to retrieve only the report templates with the selected type: scans, datastores.\n"},{"name":"analysis","in":"query","type":"string","description":"This filter allows you to retrieve only the report templates with the selected analysis: aggregated, trend, etc.\n"},{"name":"schedule","in":"query","type":"string","description":"This filter allows you to retrieve only the report templates with the selected schedule date or manual schedule.\n"},{"name":"status","in":"query","type":"string","description":"This filter allows you to retrieve only the report templates with the selected status: completed, in progess, etc.\n"},{"name":"includeDeleted","in":"query","type":"boolean","description":"Adds the scans with the deleted status in the response\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"meta":{"description":"Meta data of ReportTemplate.","type":"object"},"source":{"description":"Source of the Report Template.","type":"string"},"analysis":{"description":"Source of the Report Template.","type":"string"},"schedule":{"description":"Schedule Report Template.","type":"string"},"lastRun":{"description":"Last Run Report Template.","type":"string","format":"date-time"},"status":{"description":"Status od the Report Template.","type":"string"},"scans":{"type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the execution selected for the report.","type":"string"},"scanName":{"description":"scanName of the execution selected for the report.","type":"string"},"scanExecutionId":{"description":"scanExecutionId of the execution selected for the report.","type":"string"},"latest":{"description":"True for LastExecution.","type":"boolean"},"executionDate":{"description":"ExecutionDate selected by user.","type":"string","format":"date-time"}}}]}},"autoGenerateReport":{"x-feature":"FF_REPORT_REGENERATION","description":"Whether regenerate the report once new executions of associated scans are available.","type":"boolean"}}}]}}}}]}}}}},"/v1/ddc/report-template/{id}/auto-generate":{"x-feature":"FF_REPORT_REGENERATION","parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Updates the autogeneration report flag.","tags":["DDC/ReportTemplate"],"parameters":[{"name":"body","in":"body","description":"Report Template autogeneration configuration.","schema":{"type":"object","required":["autoGenerateReport"],"properties":{"autoGenerateReport":{"description":"Whether regenerate the report once new executions of associated scans are available.","type":"boolean"}}}}],"responses":{"200":{"description":"Successful autogeneration configuration update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Whether the datastore is enabled or not for scans. If set to false it will be ignored when executing a scan.","type":"boolean"},"datastoreProcess":{"description":"Contains information regarding the agent selection status for different agents for a given datastore.","type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"Same ID as the datastore it belongs to."},"lastName":{"type":"string","description":"Last name of the datastore."},"lastAgentSelectionTimestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status was modified."},"agentStatus":{"type":"string","description":"Current agent selection status.","enum":["VALIDATING","READY","FAILED","WARNING"]},"regexAgentStatus":{"type":"object","properties":{"status":{"type":"string","description":"Current agent selection status for regex agents.","enum":["VALIDATING","READY","FAILED"]},"timestamp":{"type":"string","format":"date-time","description":"Timestamp of the last time the agent selection status for regex agents was modified."},"error":{"description":"Error of the agent selection when it fails.","type":"string","format":"json"}}},"sensitiveData":{"type":"boolean","description":"Whether the datastore contains sensitive data or not."},"sensitiveObjects":{"type":"integer","description":"Number of sensitive objects detected in the Datastore."},"totalObjects":{"type":"integer","description":"Total number of object into the Datastore."},"lastProcessDate":{"type":"string","format":"date-time","description":"Date of the last time the datastore was scanned."},"lastError":{"type":"string","format":"json","description":"Last error given by a process related to the datastore, for example, agent selection."},"indexTimestamp":{"x-feature":"FF_DDC_ML","type":"string","format":"date-time","description":"Date of the last time the datastore was indexed."}}},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/report-template/scan/aggregated":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Report Aggregated Template.\n","tags":["DDC/ReportTemplate"],"parameters":[{"name":"body","in":"body","description":"Report Template configuration","schema":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["source","analysis","scans"],"properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"source":{"description":"Source of ReportTemplate.","type":"string"},"analysis":{"description":"Analysis of ReportTemplate.","type":"string"},"scans":{"description":"Array Scans of the reportTemplate","type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the scan selected for the report.","type":"string"},"scanExecutionId":{"description":"ScanExecutionID is the execution ID of the scan (Set to empty to use latest).","type":"string"},"scanName":{"description":"ScanName of the scan selected for the report.","type":"string"},"latest":{"description":"True for last execution.","type":"boolean"},"executionDate":{"description":"ExecutionDate of the scan selected for the report.","format":"date-time"}}}]}},"autoGenerateReport":{"x-feature":"FF_REPORT_REGENERATION","description":"Whether regenerate the report once new executions of associated scans are available.","type":"boolean"}}}]}}],"responses":{"201":{"description":"Successful Report Template creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"meta":{"description":"Meta data of ReportTemplate.","type":"object"},"source":{"description":"Source of the Report Template.","type":"string"},"analysis":{"description":"Source of the Report Template.","type":"string"},"schedule":{"description":"Schedule Report Template.","type":"string"},"lastRun":{"description":"Last Run Report Template.","type":"string","format":"date-time"},"status":{"description":"Status od the Report Template.","type":"string"},"scans":{"type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the execution selected for the report.","type":"string"},"scanName":{"description":"scanName of the execution selected for the report.","type":"string"},"scanExecutionId":{"description":"scanExecutionId of the execution selected for the report.","type":"string"},"latest":{"description":"True for LastExecution.","type":"boolean"},"executionDate":{"description":"ExecutionDate selected by user.","type":"string","format":"date-time"}}}]}},"autoGenerateReport":{"x-feature":"FF_REPORT_REGENERATION","description":"Whether regenerate the report once new executions of associated scans are available.","type":"boolean"}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/report-template/scan/trend":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Report Trend Template.\n","tags":["DDC/ReportTemplate"],"parameters":[{"name":"body","in":"body","description":"Report Template configuration","schema":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"scanId":{"description":"Scan Id of the desired scan","type":"string"},"scanExecutionId":{"description":"Scan Execution Id of the desired scan","type":"string"},"scanExecutions":{"description":"Number of scan executions desired for the report","type":"integer"}}}]}}],"responses":{"201":{"description":"Successful Report Template creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"meta":{"description":"Meta data of ReportTemplate.","type":"object"},"source":{"description":"Source of the Report Template.","type":"string"},"analysis":{"description":"Source of the Report Template.","type":"string"},"schedule":{"description":"Schedule Report Template.","type":"string"},"lastRun":{"description":"Last Run Report Template.","type":"string","format":"date-time"},"status":{"description":"Status od the Report Template.","type":"string"},"scans":{"type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the execution selected for the report.","type":"string"},"scanName":{"description":"scanName of the execution selected for the report.","type":"string"},"scanExecutionId":{"description":"scanExecutionId of the execution selected for the report.","type":"string"},"latest":{"description":"True for LastExecution.","type":"boolean"},"executionDate":{"description":"ExecutionDate selected by user.","type":"string","format":"date-time"}}}]}},"autoGenerateReport":{"x-feature":"FF_REPORT_REGENERATION","description":"Whether regenerate the report once new executions of associated scans are available.","type":"boolean"}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/report-template/{id}":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns information about a Report Template.\n","tags":["DDC/ReportTemplate"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"meta":{"description":"Meta data of ReportTemplate.","type":"object"},"source":{"description":"Source of the Report Template.","type":"string"},"analysis":{"description":"Source of the Report Template.","type":"string"},"schedule":{"description":"Schedule Report Template.","type":"string"},"lastRun":{"description":"Last Run Report Template.","type":"string","format":"date-time"},"status":{"description":"Status od the Report Template.","type":"string"},"scans":{"type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the execution selected for the report.","type":"string"},"scanName":{"description":"scanName of the execution selected for the report.","type":"string"},"scanExecutionId":{"description":"scanExecutionId of the execution selected for the report.","type":"string"},"latest":{"description":"True for LastExecution.","type":"boolean"},"executionDate":{"description":"ExecutionDate selected by user.","type":"string","format":"date-time"}}}]}},"autoGenerateReport":{"x-feature":"FF_REPORT_REGENERATION","description":"Whether regenerate the report once new executions of associated scans are available.","type":"boolean"}}}]}},"409":{"description":"Resource conflict.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Sets the report template with the given `id` to the deleted status.","tags":["DDC/ReportTemplate"],"responses":{"204":{"description":"The report template was successfully set to the deleted status."},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Unprocessable entity - The supplied ID has an incorrect format","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"460":{"description":"The current scan status doesn't allow the delete operation.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/report-template/{id}/run":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Run Report Template","description":"Changes the last run attribute in report template model.\n","parameters":[{"name":"body","in":"body","description":"Optional, the id to create the report template","schema":{"type":"object","required":["reportId"],"properties":{"reportId":{"type":"string"}}}}],"tags":["DDC/ReportTemplate"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"meta":{"description":"Meta data of ReportTemplate.","type":"object"},"source":{"description":"Source of the Report Template.","type":"string"},"analysis":{"description":"Source of the Report Template.","type":"string"},"schedule":{"description":"Schedule Report Template.","type":"string"},"lastRun":{"description":"Last Run Report Template.","type":"string","format":"date-time"},"status":{"description":"Status od the Report Template.","type":"string"},"scans":{"type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the execution selected for the report.","type":"string"},"scanName":{"description":"scanName of the execution selected for the report.","type":"string"},"scanExecutionId":{"description":"scanExecutionId of the execution selected for the report.","type":"string"},"latest":{"description":"True for LastExecution.","type":"boolean"},"executionDate":{"description":"ExecutionDate selected by user.","type":"string","format":"date-time"}}}]}},"autoGenerateReport":{"x-feature":"FF_REPORT_REGENERATION","description":"Whether regenerate the report once new executions of associated scans are available.","type":"boolean"}}}]}},"404":{"description":"TBD","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"TBD","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/classification-profiles":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List all","description":"Lists all Classification Profiles. Results can be refined with query params.","tags":["DDC/ClassificationProfile"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The returned resources may be truncated to less than the requested limit in some cases (endpoint dependent).","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"filter","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any column with all the values present in any of these columns:\nname.\n"},{"name":"template","in":"query","type":"string","description":"This filter allows you to retrieve only the classification profiles that are created by default.\n"},{"name":"sensitivityLevel","in":"query","type":"string","format":"string","description":"Returns the rows that contains any of the values of the filter split by commas.\n"},{"name":"infotype","in":"query","type":"string","format":"string","description":"Returns the rows that contains any of the values of the filter split by commas. Infotype ID filter.\n"},{"name":"id","in":"query","type":"string","description":"Filter by id\n"},{"name":"skipInfotypes","in":"query","type":"string","format":"string","description":"Returns the rows with the classification profiles without the infotype information.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Classification Profile.","type":"string"},"template":{"description":"Indicates if the Classification Profile is a pre-loaded template.","type":"boolean"},"sensitivityLevel":{"description":"Sensitivity level of the Classification Profile.","type":"object","properties":{"id":{"type":"string","description":"Sensitivity level id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Sensitivity level version","format":"uint64"},"name":{"type":"string","description":"Sensitivity level name"},"color":{"type":"string","description":"Preferred color shown in the UI"},"level":{"type":"integer","description":"Level of sensitivity."}}},"tags":{"description":"Classification profile tags","type":"array","items":{"type":"object","properties":{"id":{"type":"string","description":"Tag id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Tag version","format":"uint64"},"name":{"type":"string","description":"Tag name"}}}},"infoTypes":{"description":"Classification profile info types","type":"array","items":{"type":"object","properties":{"min":{"type":"integer","description":"min attribute, default 1"},"infoTypeId":{"type":"string","description":"id of the info type","format":"UUIDv4"},"infoType":{"type":"object","description":"Info type details","properties":{"id":{"type":"string","description":"Info type ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type version","format":"uint64"},"name":{"type":"string","description":"Info type name"},"type":{"description":"System info type or user created","type":"string","enum":["BUILTIN","CUSTOM"]},"region":{"type":"string","description":"Info type region"},"family":{"type":"object","description":"Info type family","properties":{"id":{"type":"string","description":"Info type family ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type family version","format":"uint64"},"name":{"type":"string","description":"Info type family name"},"category":{"type":"object","description":"Info type category","properties":{"id":{"type":"string","description":"Info type category ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type category version","format":"uint64"},"name":{"type":"string","description":"Info type category name"}}}}}}}}}}}}]}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"post":{"summary":"Create","description":"Creates a new Classification Profile\n","tags":["DDC/ClassificationProfile"],"parameters":[{"name":"body","in":"body","description":"Classification Profile configuration","schema":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["sensitivityLevel","infoTypes"],"properties":{"id":{"description":"ID of the new classification profile. If not supplied a random UUID will be used","type":"string","format":"UUIDv4"},"description":{"description":"Description of Classification Profile.","type":"string"},"sensitivityLevel":{"description":"Sensitivity Level ID of Classification Profile.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}},"infoTypes":{"type":"array","items":{"type":"object","properties":{"infoTypeId":{"description":"ID of the info type","type":"string","format":"UUIDv4"},"infoTypeMin":{"description":"Min matches of the infotype","type":"integer"}}}}}}]}}],"responses":{"201":{"description":"Successful classification profile creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Classification Profile.","type":"string"},"template":{"description":"Indicates if the Classification Profile is a pre-loaded template.","type":"boolean"},"sensitivityLevel":{"description":"Sensitivity level of the Classification Profile.","type":"object","properties":{"id":{"type":"string","description":"Sensitivity level id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Sensitivity level version","format":"uint64"},"name":{"type":"string","description":"Sensitivity level name"},"color":{"type":"string","description":"Preferred color shown in the UI"},"level":{"type":"integer","description":"Level of sensitivity."}}},"tags":{"description":"Classification profile tags","type":"array","items":{"type":"object","properties":{"id":{"type":"string","description":"Tag id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Tag version","format":"uint64"},"name":{"type":"string","description":"Tag name"}}}},"infoTypes":{"description":"Classification profile info types","type":"array","items":{"type":"object","properties":{"min":{"type":"integer","description":"min attribute, default 1"},"infoTypeId":{"type":"string","description":"id of the info type","format":"UUIDv4"},"infoType":{"type":"object","description":"Info type details","properties":{"id":{"type":"string","description":"Info type ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type version","format":"uint64"},"name":{"type":"string","description":"Info type name"},"type":{"description":"System info type or user created","type":"string","enum":["BUILTIN","CUSTOM"]},"region":{"type":"string","description":"Info type region"},"family":{"type":"object","description":"Info type family","properties":{"id":{"type":"string","description":"Info type family ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type family version","format":"uint64"},"name":{"type":"string","description":"Info type family name"},"category":{"type":"object","description":"Info type category","properties":{"id":{"type":"string","description":"Info type category ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type category version","format":"uint64"},"name":{"type":"string","description":"Info type category name"}}}}}}}}}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/classification-profiles/{id}":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","parameters":[{"name":"includeDeleted","in":"query","type":"boolean","description":"Adds the scans with the deleted status in the response\n"}],"description":"Returns information about a Classification Profile.\n","tags":["DDC/ClassificationProfile"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Classification Profile.","type":"string"},"template":{"description":"Indicates if the Classification Profile is a pre-loaded template.","type":"boolean"},"sensitivityLevel":{"description":"Sensitivity level of the Classification Profile.","type":"object","properties":{"id":{"type":"string","description":"Sensitivity level id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Sensitivity level version","format":"uint64"},"name":{"type":"string","description":"Sensitivity level name"},"color":{"type":"string","description":"Preferred color shown in the UI"},"level":{"type":"integer","description":"Level of sensitivity."}}},"tags":{"description":"Classification profile tags","type":"array","items":{"type":"object","properties":{"id":{"type":"string","description":"Tag id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Tag version","format":"uint64"},"name":{"type":"string","description":"Tag name"}}}},"infoTypes":{"description":"Classification profile info types","type":"array","items":{"type":"object","properties":{"min":{"type":"integer","description":"min attribute, default 1"},"infoTypeId":{"type":"string","description":"id of the info type","format":"UUIDv4"},"infoType":{"type":"object","description":"Info type details","properties":{"id":{"type":"string","description":"Info type ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type version","format":"uint64"},"name":{"type":"string","description":"Info type name"},"type":{"description":"System info type or user created","type":"string","enum":["BUILTIN","CUSTOM"]},"region":{"type":"string","description":"Info type region"},"family":{"type":"object","description":"Info type family","properties":{"id":{"type":"string","description":"Info type family ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type family version","format":"uint64"},"name":{"type":"string","description":"Info type family name"},"category":{"type":"object","description":"Info type category","properties":{"id":{"type":"string","description":"Info type category ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type category version","format":"uint64"},"name":{"type":"string","description":"Info type category name"}}}}}}}}}}}}]}},"409":{"description":"Resource conflict.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"put":{"summary":"Update","description":"Updates the details of a Classification Profile.","tags":["DDC/ClassificationProfile"],"parameters":[{"name":"body","in":"body","description":"The Classification properties to change. The properties will be merged\nwith the ClassificationProfile resource.\n","schema":{"allOf":[{"type":"object","required":["name","sensitivityLevel","infoTypes"],"properties":{"name":{"description":"name of Classification Profile.","type":"string"},"description":{"description":"Description of Classification Profile.","type":"string"},"sensitivityLevel":{"description":"Sensitivity Level ID of Classification Profile.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}},"infoTypes":{"type":"array","items":{"type":"object","properties":{"infoTypeId":{"description":"ID of the info type","type":"string","format":"UUIDv4"},"infoTypeMin":{"description":"Min matches of the infotype","type":"integer"}}}}}}]}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Classification Profile.","type":"string"},"template":{"description":"Indicates if the Classification Profile is a pre-loaded template.","type":"boolean"},"sensitivityLevel":{"description":"Sensitivity level of the Classification Profile.","type":"object","properties":{"id":{"type":"string","description":"Sensitivity level id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Sensitivity level version","format":"uint64"},"name":{"type":"string","description":"Sensitivity level name"},"color":{"type":"string","description":"Preferred color shown in the UI"},"level":{"type":"integer","description":"Level of sensitivity."}}},"tags":{"description":"Classification profile tags","type":"array","items":{"type":"object","properties":{"id":{"type":"string","description":"Tag id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Tag version","format":"uint64"},"name":{"type":"string","description":"Tag name"}}}},"infoTypes":{"description":"Classification profile info types","type":"array","items":{"type":"object","properties":{"min":{"type":"integer","description":"min attribute, default 1"},"infoTypeId":{"type":"string","description":"id of the info type","format":"UUIDv4"},"infoType":{"type":"object","description":"Info type details","properties":{"id":{"type":"string","description":"Info type ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type version","format":"uint64"},"name":{"type":"string","description":"Info type name"},"type":{"description":"System info type or user created","type":"string","enum":["BUILTIN","CUSTOM"]},"region":{"type":"string","description":"Info type region"},"family":{"type":"object","description":"Info type family","properties":{"id":{"type":"string","description":"Info type family ID","format":"UUIDv4"},"chainedVersion":{"type":"integ