Oracle ZFS Storage Appliance offers transparent data encryption at the project as well as the individual share (filesystems and LUNs) level. The appliance includes a built-in local keystore and also can connect to the Oracle Key Manager (OKM) system. Each encrypted project or share requires a wrapping key from either the local or OKM keystores. The data encryption keys are managed by the storage appliance and are stored persistently encrypted by the wrapping key from the local or OKM keystore.
The following tables describe the RESTful API requests available to manage local and OKM encryption.
|
|
Output:
{ "keys": [{ "cipher": "AES", "keyname": "key-1", "href": "/api/storage/v1/encryption/local/keys/key-000" },{ "cipher": "AES", "keyname": "key-2", "href": "/api/storage/v1/encryption/local/keys/key-001" },{ "cipher": "AES", "keyname": "key-3", "href": "/api/storage/v1/encryption/local/keys/key-002" }] }
Output:
{ "key": { "href": "/api/storage/v1/encryption/local/keys/key-000", "cipher": "AES", "keyname": "key-1" } }
Output:
{ "keys": [{ "cipher": "AES", "keyname": "okm-key-1", "href": "/api/storage/v1/encryption/local/keys/key-000" },{ "cipher": "AES", "keyname": "okm-key-2", "href": "/api/storage/v1/encryption/local/keys/key-001" },{ "cipher": "AES", "keyname": "okm-key-3", "href": "/api/storage/v1/encryption/local/keys/key-002" }] }