Encryption

Language:

Note - Encryption is a licensed feature for certain models. For details, refer to the "Oracle Software License Agreement ("SLA") and Entitlement for Hardware Systems with Integrated Software Options" and the Licensing Information User Manual for the software release.

Oracle ZFS Storage Appliance offers transparent data encryption at the project as well as the individual share (filesystems and LUNs) level. The appliance includes a built-in local keystore and also can connect to the Oracle Key Manager (OKM) system. Each encrypted project or share requires a wrapping key from either the local or OKM keystores. The data encryption keys are managed by the storage appliance and are stored persistently encrypted by the wrapping key from the local or OKM keystore.

The following tables describe the RESTful API requests available to manage local and OKM encryption.

Table 82 Local Encryption

Request	Append to Path /api/storage/v1	Description
GET	/encryption/local	Get local keystore properties
PUT	/encryption/local	Modify local keystore properties
GET	/encryption/local/keys	Get local keys
GET	/encryption/local/keys/`key`	Get local key details
POST	/encryption/local/keys	Create a local key
DELETE	/encryption/local/keys/`key`	Destroy a local key
GET	/encryption/local/keys/`key`/dependents	List the shares dependent on this key

Table 83 OKM Encryption

Request	Append to Path /api/storage/v1	Description
GET	/encryption/okm	Get OKM keystore properties
PUT	/encryption/okm	Modify OKM keystore properties
GET	/encryption/okm/keys	Get OKM keys
GET	/encryption/okm/keys/`key`	Get OKM key details
POST	/encryption/okm/keys	Create an OKM key
DELETE	/encryption/okm/keys/`key`	Destroy an OKM key
GET	/encryption/okm/keys/`key`/dependents	List the shares dependent on this key

List All LOCAL Keys

Output:

{
    "keys": [{
            "cipher": "AES",
            "keyname": "key-1",
            "href": "/api/storage/v1/encryption/local/keys/key-000"
        },{
            "cipher": "AES",
            "keyname": "key-2",
            "href": "/api/storage/v1/encryption/local/keys/key-001"
        },{
            "cipher": "AES",
            "keyname": "key-3",
            "href": "/api/storage/v1/encryption/local/keys/key-002"
        }]
}

List a LOCAL Key

Output:

{
    "key": {
        "href": "/api/storage/v1/encryption/local/keys/key-000",
        "cipher": "AES",
        "keyname": "key-1"
    }
}

List All OKM Keys

Output:

{
    "keys": [{
            "cipher": "AES",
            "keyname": "okm-key-1",
            "href": "/api/storage/v1/encryption/local/keys/key-000"
        },{
            "cipher": "AES",
            "keyname": "okm-key-2",
            "href": "/api/storage/v1/encryption/local/keys/key-001"
        },{
            "cipher": "AES",
            "keyname": "okm-key-3",
            "href": "/api/storage/v1/encryption/local/keys/key-002"
        }]
}