Oracle^® ZFS Storage Appliance RESTful API 指南，发行版 OS8.8.0

加密

Oracle ZFS Storage Appliance 提供了项目级别以及单个共享资源（文件系统和 LUN）级别的透明数据加密。该设备包括一个内置的本地密钥库，并且还可连接到 Oracle Key Manager (OKM) 系统。每个加密的项目或共享资源都需要一个来自本地或 OKM 密钥库的包装密钥。数据加密密钥由存储设备管理，并使用本地或 OKM 密钥库提供的包装密钥永久加密存储。

下表介绍了可用于管理本地和 OKM 加密的 RESTful API 请求。

表 82  本地加密

请求 附加到路径 /api/storage/v1 说明 GET /encryption/local 获取本地密钥库属性 PUT /encryption/local 修改本地密钥库属性 GET /encryption/local/keys 获取本地密钥 GET /encryption/local/keys/key 获取本地密钥详细信息 POST /encryption/local/keys 创建本地密钥 DELETE /encryption/local/keys/key 销毁本地密钥 GET /encryption/local/keys/key/dependents 列出依赖于此密钥的共享资源

表 83  OKM 加密

请求 附加到路径 /api/storage/v1 说明 GET /encryption/okm 获取 OKM 密钥库属性 PUT /encryption/okm 修改 OKM 密钥库属性 GET /encryption/okm/keys 获取 OKM 密钥 GET /encryption/okm/keys/key 获取 OKM 密钥详细信息 POST /encryption/okm/keys 创建 OKM 密钥 DELETE /encryption/okm/keys/key 销毁 OKM 密钥 GET /encryption/okm/keys/key/dependents 列出依赖于此密钥的共享资源

列出所有本地密钥

输出：

{
    "keys": [{
            "cipher": "AES",
            "keyname": "key-1",
            "href": "/api/storage/v1/encryption/local/keys/key-000"
        },{
            "cipher": "AES",
            "keyname": "key-2",
            "href": "/api/storage/v1/encryption/local/keys/key-001"
        },{
            "cipher": "AES",
            "keyname": "key-3",
            "href": "/api/storage/v1/encryption/local/keys/key-002"
        }]
}

列出一个本地密钥

输出：

{
    "key": {
        "href": "/api/storage/v1/encryption/local/keys/key-000",
        "cipher": "AES",
        "keyname": "key-1"
    }
}

列出所有 OKM 密钥

输出：

{
    "keys": [{
            "cipher": "AES",
            "keyname": "okm-key-1",
            "href": "/api/storage/v1/encryption/local/keys/key-000"
        },{
            "cipher": "AES",
            "keyname": "okm-key-2",
            "href": "/api/storage/v1/encryption/local/keys/key-001"
        },{
            "cipher": "AES",
            "keyname": "okm-key-3",
            "href": "/api/storage/v1/encryption/local/keys/key-002"
        }]
}