Powered by Zoomin Software. For more details please contactZoomin

Secure MarkLogic Server

Filters

Clear All Filters
Product
Format
Clear All Filters
Current publication
Table of Contents
HomeSecure MarkLogic Server...Encryption at RestAPIs for Encryption at RestREST Management APIs for EncryptionCurrent page
Table of Contents

REST Management APIs for Encryption

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Feedback
Print
  • Last Updated:April 10, 2025
  • 1 minute read
    • MarkLogic Server
    • Version 11.0
    • Documentation

You can manage encryption using the REST Management APIs. Some of the tasks you can do with these APIs include:

  • Encryption configuration

  • Keystore configuration

  • Database configuration

  • Database status, including database encryption (encrypted size, total size)

  • Cluster status

  • Forest status

  • Security

  • Backups, status (encrypted or not)

  • Restore (with property for using private key)

The REST Management APIs that are used to query and manage the cluster security properties include encryption information for database, cluster, and forest.

Below is an XML payload example for the security endpoint:

<security-properties xmlns="http://marklogic.com/manage/security/properties"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://marklogic.com/manage/security/properties
manage-security-properties.xsd"> 
<keystore> 
<data-encryption>default-off</data-encryption>
<config-encryption>off</config-encryption>
<logs-encryption>off</logs-encryption>
<kms-type>internal</kms-type>
<host-name>localhost</host-name>
<port>9056</port>
<data-encryption-key-id>92ed7360-458a-427e-abad-c6595b192cb7</data-encryption-key-id>
<config-encryption-key-id>8b9a9bdb-7b0e-41eb-9aa6-ed6e8cb23ad5</config-encryption-key-id>
<logs-encryption-key-id>01c50d02-b43f-46bc-bbe5-6d4111d1180b</logs-encryption-key-id>
</keystore>
</security-properties>

And here is a JSON payload example for the security endpoint:

{
  "keystore": {
    "data-encryption": "default-off",
    "config-encryption": "off",
    "logs-encryption": "off",
    "kms-type": "internal",
    "host-name": "localhost",
    "port": 9056,
    "data-encryption-key-id": 
      "92ed7360-458a-427e-abad-c6595b192cb7",
    "config-encryption-key-id": 
      "8b9a9bdb-7b0e-41eb-9aa6-ed6e8cb23ad5",
    "logs-encryption-key-id": 
      "01c50d02-b43f-46bc-bbe5-6d4111d1180b"
  }
}

These operations are available for encryption key rotation:

curl -v -X POST --anyauth --user admin:admin \
  --header "Content-Type:application/json" -d \
  '{"operation":"rotate-config-encryption-key"}' \
  http://localhost:8002/manage/v2/security

curl -v -X POST --anyauth --user admin:admin \
  --header "Content-Type:application/json" -d \
  '{"operation":"rotate-data-encryption-key"}' \
  http://localhost:8002/manage/v2/security

curl -v -X POST --anyauth --user admin:admin \
  --header "Content-Type:application/json" -d \
  '{"operation":"rotate-logs-encryption-key"}' \
  http://localhost:8002/manage/v2/security
LikeDislike
TitleResults for “How to create a CRG?”Also Available inAlert