1.0 Overview
Metadata for security objects, including their name, description, enabled operations, and custom metadata may be altered. The UUID of the Security-object, the group it belongs to, and the security object cryptographic material cannot be changed.
2.0 Prerequisites
Modifying security objects metadata requires a Fortanix-Data-Security-Manager (DSM) account, a group, and a user or application configured in that group, and a security object to update. See the Fortanix Data Security Manager Getting Started Guide for more details.
3.0 Authorization and Configuration
You must first authenticate and optionally configure a default API client as described in Configure API Client and Client Authentication. You may authenticate as a user or as an app. Both users and applications may modify security objects.
4.0 Create a SecurityObjectsApi Client Object
Modifying security objects is performed with a SecurityObjectsApi object.
import com.fortanix.sdkms.v1.api.SecurityObjectsApi();
SecurityObjectsApi sobjectsApi = new SecurityObjectsApi();
5.0 Construct an SobjectRequest Object
The new properties are passed via properties of an SobjectRequest object. The properties that may be updated are:
customMetadata
description
enabled
keyOps
name
Properties provided in the update request will be updated. Properties not provided will be not be updated.
Enabled operations may be deleted from a security object but may not be added. The keyOps field of the SobjectRequest is a list of the operations that will be enabled in the object after the update request succeeds.
For example, to update the name and description of a key, use the following SobjectRequest:
import com.fortanix.sdkms.v1.model.SobjectRequest;
SobjectRequest updateRequest = new SobjectRequest().name("New key name").description("New key description");
For example, to update a security object so it only has the Encrypt and Decrypt operations, use the following SobjectRequest:
import java.util.Arrays;
import com.fortanix.sdkms.v1.model.KeyOperations;
import com.fortanix.sdkms.v1.model.SobjectRequest;
SobjectRequest updateRequest = new SobjectRequest().keyOps(Arrays.asList(KeyOperations.ENCRYPT, KeyOperations.DECRYPT));
Note that the above update will fail if the object does not currently have at least the Encrypt and Decrypt operations enabled, since operations can only be removed and not added.
6.0 Make the Update Security Object Call
The security object is updated by calling the updateSecurityObject() method of the SecurityObjectsApi object with the UUID of the key to update and the SobjectRequest. This method returns a KeyObject with the new metadatda of the security object.
KeyObject newKeyDetails = sobjectsApi.updateSecurityObject(<UUID of object to update>, updateRequest);