Your suggested change has been received. Thank you.

Suggest A Change

Please Note:

Administration
CipherTrust Manager Administration
- Authentication
  - Authentication Settings for NAE, KMIP, and Web Interfaces
  - Users
  - Certificate Based Authentication for Users
  - Authentication Tokens
  - Client Management
  - Authenticating to the REST API
- Attribute-based Access Control Permissions for Resources
  - Backup
  - Certificate Authority
  - Client Management
  - Cluster
  - Keys
  - Connection Managers
  - Proxies & Allowed Proxies
  - DNS Hosts
  - Domains
  - Groups & Groupmaps
  - Interfaces
  - Connections
  - Logs
  - Log Forwarders
  - Quorum
  - Records
  - Users
  - Scheduler
  - Servers
  - SNMP
  - Policies
  - Migrations
  - Licensing
  - HSM
  - Miscellaneous
  - Network
  - ProtectApp
  - Secrets
- Password Policy
- Key Policies
- Changing Passwords
- Domain Management
- Groups
- Group Mapping
- Services
- Root of Trust Hardware Security Module
- Clusters and Nodes
- CipherTrust Manager System Monitoring
  - Records
  - Alarms
  - Syslogs
  - Debug Logs
  - Log Forwarding
  - Prometheus Metrics Endpoint
- Policies
- Banners
- Basic Interface Configuration
- Proxy Configuration
- Quorums
- SNMP
- SMTP
- Backups
- Scheduling Backups
- Disk Encryption After Initial Deployment
- Scheduler
- Connection Manager
  - Connections
  - Amazon Web Services (AWS)
  - Google Cloud Platform (GCP)
  - Secure Copy Protocol (SCP)
  - Microsoft Azure
  - Hadoop Knox
  - Loki
  - Salesforce
  - Luna Network HSM
  - Elasticsearch
  - SAP Data Custodian
  - CIFS/SMB
  - Syslog
  - Oracle Cloud Infrastructure (OCI)
  - DSM Connection
  - OIDC
  - LDAP
  - CM Connection/External CM
    - Managing CM Connections using GUI
    - Configuring CM Connections using ksctl
  - Akeyless Gateway
- Browsing LDAP Users and Groups
- System Upgrade/Downgrade
- Configuring DNS Hosts
- CLI Toolkit
  - CLI Toolkit Installation
  - Batching Commands with Tokens
  - Example CLI User Set Up
  - Support CLI
- Keys
- Key Rotation
- Crypto Operations
- MKEK Rotation
- Certificate Authority
- System Info
- System Properties
- Network Diagnostics
- Integrating Logging with Splunk App
- Return Material Authorization (RMA) Guidance
Application Data Protection Administration
- Overview
- Interfaces
- Managing Applications
  - Defining Applications
  - Modifying Applications
  - Deleting Applications
  - Viewing Application Details
  - Viewing Registration Token
  - Cleaning Application
  - DPG Policies
- Managing Character Sets
  - Creating Character Sets
  - Deleting Character Sets
- Managing Protection Policy
  - Viewing protection policy
  - Creating protection policy
  - Modifying protection policy
  - Deleting protection policy
- Managing Access Policy
  - Viewing access policy
  - Creating access policy
  - Modifying access policy
  - Deleting access policy
- Managing User Set
  - Viewing user set
  - Creating user set
  - Deleting user set
- Managing Masking Formats
  - Viewing masking format
  - Creating masking formats
  - Deleting masking format
  - Modifying masking format
- Single Pane of Glass
- Heartbeat Configuration
- FPE/AES/UNICODE Cardinality Block-Size Table
- Auto Renewal of Client Certificates
- Fetch Latest Data from CipherTrust Manager
- Frequently Asked Questions
BDT Administration
- Protection Profiles
- BDT Policies
- BDT Containers
CCKM Administration
- Overview
- AWS Resources
  - Managing AWS Accounts
  - Managing AWS Keys
  - Scheduling Operations
  - Managing AWS Reports
  - Managing Policies
  - Managing AWS Templates
  - Migrating to IAM Roles Anywhere Connections
  - Downloading AWS Metadata
- Azure Resources
  - Prerequisites
    - Prerequisites for Azure Cloud
    - Prerequisites for Azure Stack Cloud with Azure AD
    - Prerequisites for Azure Stack Cloud with Azure ADFS
  - Managing Azure Vaults
  - Managing Azure Keys
  - Managing Azure Certificates
  - Managing Azure Secrets
  - Scheduling Operations
  - Managing Azure Reports
  - Viewing Azure Subscriptions
  - Performance Summary
  - Allowing AD Users to Manage Azure Vaults
  - Configuring Connection to Azure Using Private Link
  - Downloading Azure Metadata
- AWS External Key Store Resources
  - Managing External Key Store Resources
  - AWS XKS Performance Summary
- External CipherTrust Resources
  - Managing External CipherTrust Domains
  - Managing External CipherTrust Keys
- AWS CloudHSM Key Store Resources
  - Managing an AWS CloudHSM Key Store from CCKM
- Luna HSM Resources
  - Managing Luna HSM Partitions
  - Managing Luna HSM Keys
  - Scheduling Operations
- DSM Resources
  - Managing DSM Domains
  - Managing DSM Keys
  - Scheduling Operations
- Google Cloud Resources
  - Google Cloud Projects
  - Google Cloud Key Rings
  - Google Cloud Keys
  - Google Cloud Reports
  - Scheduling Operations
  - Performance Summary
  - Downloading Google Metadata
- Google Cloud External Key Manager Resources
  - Managing Google EKM Endpoints
  - Managing Google EKM Endpoint Policies
  - Google EKM Performance Summary
  - Managing Google EKM Cryptospaces
  - Managing Google EKM Cryptospace Endpoints
- Google Workspace CSE Resources
  - Access Policies
  - Prerequisites
  - High Level Architecture
  - Licensing
  - Communication with KACLS
  - Clustering for Google Workspace
  - Encrypting Data Encryption Keys
  - Decrypting Data Encryption Keys
  - Endpoints
  - Identity Providers
  - Viewing Google Workspace CSE Records
  - Performance Summary
    - Google Calendar
    - Google Drive
    - Google Meet
- Salesforce Resources
  - Managing Salesforce Organizations
  - Managing Salesforce Tenant Secrets
  - Scheduling Operations
  - Managing Salesforce Reports
  - Managing Salesforce Cache-Only Key Endpoints
  - Managing Certificates from Salesforce Organizations
- SAP Resources
  - Managing SAP Groups
  - Managing SAP Keys
  - Scheduling Operations
  - Managing SAP Reports
  - Viewing Linked SAP Applications
  - Performance Summary
- Oracle Cloud Resources
  - Managing Oracle Vaults
  - Managing Oracle Keys
  - Managing Oracle Tenancies
  - Scheduling Operations
  - Managing Oracle Reports
  - Managing Oracle Compartments
- OCI External Resources
  - Managing Identity Providers
  - Managing External Vaults
  - Managing External Keys
- Migrate from CCKM Appliance
- Backup and Restore
- Key Material Export and Upload
CDP Administration
- Interfaces
- Concepts
- Configuring Oracle Databases
- Configuring DB2 Databases
- Configuring SQL Server Databases
- Configuring Teradata Databases
- Tasks
  - View Job History
  - Delete Views and Triggers
  - Create Views and Trigger
  - Delete Old Data
  - Create Domain Index
  - Encrypt a Column
  - Decrypt a Column
  - Configure Migration Server
- SSL Connection Over JDBC
  - SSL Connection Over JDBC for Oracle
  - SSL Connection Over JDBC for DB2
- Troubleshooting
CipherTrust Intelligent Protection
- Overview
- Configuration
- Concepts
- Scans
- Reports
- CTE Policies
- File Operations with CIP
- Backup and Restore
- Troubleshooting
CTE UserSpace Administration
- Overview
- Interfaces
- Concepts
- Data Transformation
- Managing Profiles
- Managing Clients
  - Client Settings
  - Changing Client Password
  - Managing Membership
  - Deleting Clients
  - Collecting Agent Information
- Managing Client Groups
- Managing Signature Sets
- Managing Policies
  - Creating Policy Elements
  - Viewing Policy Elements
  - Creating Policies
  - Modifying Policies and Rules
- Managing GuardPoints
  - Considerations Before Creating GuardPoints
  - Creating GuardPoints
    - Creating Standard GuardPoints
  - Automatic and Manual GuardPoints
  - Viewing GuardPoints
  - Viewing GuardPoint Status
  - Removing GuardPoints
  - Disabling GuardPoints
  - Enabling GuardPoints
- Sharing Resources Across Domains
- Communication with CipherTrust Manager
- Configuring Cluster Node Preference
- Backup and Restore
- Integrating CTE Logging with Splunk
- Permissions
- Quorum Control
- Load Balancer
- Operations
- Certificate Renewal
- Common Scenarios
- Reports
  - Clients Health Report
  - Clients Keys Report
  - Clients Profiles Report
  - Clients Policies Report
  - Policies Keys Report
  - GuardPoints Report
  - Clients GuardPoint Status Report
- Troubleshooting
- API Examples
  - Creating Keys
  - Creating Policy Elements
  - Creating Policies
  - Creating GuardPoints
- API Response Codes
CTE Administration
- Overview
- Interfaces
- Concepts
- Data Transformation
- Managing Profiles
- Managing Clients
  - Enabling Live Data Transformation
  - Setting Client Locks
  - Client Settings
  - CTE Linux Authentication and Client Settings
  - Changing Client Password
  - Managing Membership
  - Deleting Clients
  - Kernel Compatibility Matrix
  - Collecting Agent Information
- Managing LDT Communication Groups
- Managing Client Groups
- Managing Signature Sets
- Managing Policies
  - Creating Policy Elements
  - Viewing Policy Elements
  - Creating Policies
  - Modifying Policies and Rules
- Managing GuardPoints
  - Secure Start GuardPoints
  - Considerations Before Creating GuardPoints
  - Creating GuardPoints
    - Creating Standard GuardPoints
    - Creating LDT GuardPoints
    - Creating Cloud Object Storage GuardPoints
    - Creating IDT GuardPoints
    - Creating Ransomware Protection GuardPoints
  - Enabling Secure Start for GuardPoints
  - Protecting Teradata Appliances
  - Automatic and Manual GuardPoints
  - Viewing GuardPoints
  - Viewing GuardPoint Status
  - Changing SMB Connection
  - Removing GuardPoints
  - Disabling GuardPoints
  - Enabling GuardPoints
  - Enabling and Disabling MFA on GuardPoints
- Managing Kubernetes Storage Groups and Clients
  - Managing Kubernetes Storage Groups
  - Managing Kubernetes Clients
  - Protecting Kubernetes Clients
- Sharing Resources Across Domains
- Multifactor Authentication
- Communication with CipherTrust Manager
- Configuring Cluster Node Preference
- Backup and Restore
- Integrating CTE Logging with Splunk
- Migrating CTE Configuration from Data Security Manager
- Migration Summary
- Permissions
- Quorum Control
- Ransomware Protection
- Unique to Client Keys
- Load Balancer
- Operations
- Certificate Renewal
- Common Scenarios
- Reports
  - Clients Health Report
  - Clients Keys Report
  - Clients Profiles Report
  - Clients Policies Report
  - Policies Keys Report
  - GuardPoints Report
  - Clients GuardPoint Status Report
- Troubleshooting
- API Examples
  - Creating Keys
  - Creating Policy Elements
  - Creating Policies
  - LDT Use Cases
  - Creating GuardPoints
- API Response Codes
DDC Administration
- Solution Architecture
- Interfaces
- Concepts
- User Groups
- Managing Branch Locations
- Managing Information Types
- Managing Classification Profiles
- Managing Data Stores
- Local Data Stores
- Network Storage Data Stores
- Database Data Stores
- Big Data Data Stores
- Cloud Data Stores
- AWS S3
- Office365: Exchange Online
- G-Suite
- Server Data Stores
- Managing Scans
- Managing Reports
- Managing Agents
- Logging
- Operations
- Troubleshooting
- Appendix
- Deployment Security
ProtectFile Administration
- Interfaces
- Client Profiles
- Clients
- Access
- Keys
- Rules
- Client-Rule Associations
- Network Shares
- Clusters
- Operations
- Migration from KeySecure Classic to CipherTrust Manager
- Migrating ProtectFile to CipherTrust Transparent Encryption
Secrets Management Administration
- Configure Secrets Management
- Create and Protect Akeyless Secrets
- Configuring Hashicorp Vault Proxy with CSM

Creating GuardPoints

This section describes steps to protect create GuardPoints using the CTE APIs.

To create a GuardPoint:

Create keys (non-versioned and/or versioned keys) required for your policy. Standard policies require one key. Refer to Creating Keys for details.
Create a policy with the key created in the previous step. Refer to Creating Policies for details.
Create a GuardPoint using the policy.

Refer to the following sections for the API and sample for creating a GuardPoint. Also, for creating GuardPoints for supported CTE capabilities, refer to GuardPoint Features.

API

/v1/transparent-encryption/clients/{clientId}/guardpoints

Sample

{
    "guard_paths": [
        <GuardPath_Name>
        ],
    "guard_point_params": {
        "guard_point_type": "directory_auto"/"directory_manual",
        "policy_id": <policy_name>
    }
}

Refer to Creating Policies for information on creating GuardPoints for different policy types.