SAP Data Custodian
SAP Data Custodian connections to the CipherTrust Manager can be configured using the following:
Managing SAP Data Custodian Connections using GUI
API Endpoint - this is the KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it. Only v2 version of the KMS API is supported. To get the SAP API endpoint:
Create a temporary technical user (TU).
Generate its credentials and download them.
The downloaded file "API Endpoints.txt" contains ISM and KMS API endpoints. Use the KMS API endpoint to make the connection.
Username - provide username to access the SAP data custodian server.
Secret - provide secret (password).
Tenant - provide tenant.
Note
The username, secret, and tenant are standard user credentials for SAP data custodian. Currently, the CipherTrust Manager only supports standard user credentials for authentication.
Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK
else the status is Fail
.
Click Next to move to the next step.
Note
Currently, the only product supported for SAP Data Custodian connection is Cloud Key Manager.
Managing SAP Data Custodian Connections using ksctl
The following operations can be performed:
Create/Get/Update/Delete an SAP Data Custodian connection
List all SAP Data Custodian connections
Test an existing SAP Data Custodian connection
Test parameters for a SAP Data Custodian connection
Creating a SAP Data Custodian Connection
To create a SAP Data Custodian connection, run:
Syntax
ksctl connectionmgmt sap-dc create --name <Connection-Name> --products <Products-Names> --api-endpoint <SAPDataCustodian-API-Endpoint> --user-creds <user,secret,tenant-JSON-Format-String>
Here, --api-endpoint
is the KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it. Only v2 version of the KMS API is supported. To get the SAP API endpoint:
Create a temporary technical user (TU).
Generate its credentials and download them.
The downloaded file "API Endpoints.txt" contains ISM and KMS API endpoints. Use the KMS API endpoint to make the connection.
Example Request
ksctl connectionmgmt sap-dc create --name test-conn --products "cckm" --api-endpoint "https://test-endpoint.com" --user-creds '{"user":"testuser","secret":"testsecret","tenant":"testtenant"}'
Example Response
{
"id": "d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
"uri": "kylo:kylo:connectionmgmt:connections:test-conn-d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-10-27T07:21:22.77127493Z",
"updatedAt": "2021-10-27T07:21:22.770209257Z",
"service": "sap-data-custodian",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "test-conn",
"products": [
"cckm"
],
"api_endpoint": "https://test-endpoint.com",
"user_credentials": {
"tenant": "testtenant",
"user": "testuser"
}
}
Getting Details of a SAP Data Custodian Connection
To get details of a SAP Data Custodian connection, run:
Syntax
ksctl connectionmgmt sap-dc get --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt sap-dc get --id d2e25ea2-de0f-488a-94f4-d3c925cd5d18
Example Response
{
"id": "d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
"uri": "kylo:kylo:connectionmgmt:connections:test-conn-d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-10-27T07:21:22.771275Z",
"updatedAt": "2021-10-27T07:21:22.770209Z",
"service": "sap-data-custodian",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "test-conn",
"products": [
"cckm"
],
"api_endpoint": "https://test-endpoint.com",
"user_credentials": {
"tenant": "testtenant",
"user": "testuser"
}
}
Updating a SAP Data Custodian Connection
To update a SAP Data Custodian connection, run:
Syntax
ksctl connectionmgmt sap-dc modify --id <Connection-Name/ID> --products <Products-Names> --api-endpoint <SAPDataCustodian-API-Endpoint> --user-creds <user,secret,tenant-JSON-Format-String> --meta <Key:Values>
Example Request
ksctl connectionmgmt sap-dc modify --id d2e25ea2-de0f-488a-94f4-d3c925cd5d18 --products "cckm" --api-endpoint "https://test2-endpoint.com" --user-creds '{"user":"testuser2","secret":"testsecret2","tenant":"testtenant2"}'
Example Response
{
"id": "d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
"uri": "kylo:kylo:connectionmgmt:connections:test-conn-d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-10-27T07:21:22.771275Z",
"updatedAt": "2021-10-27T07:26:11.431339116Z",
"service": "sap-data-custodian",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "test-conn",
"products": [
"cckm"
],
"api_endpoint": "https://test2-endpoint.com",
"user_credentials": {
"tenant": "testtenant2",
"user": "testuser2"
}
}
Deleting a SAP Data Custodian Connection
To delete a SAP Data Custodian connection, run:
Syntax
ksctl connectionmgmt sap-dc delete --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt sap-dc delete --id d2e25ea2-de0f-488a-94f4-d3c925cd5d18
Example Response
There will be no response if SAP Data Custodian connection is deleted successfully.
Getting List of SAP Data Custodian Connections
To list all the SAP Data Custodian connections, run:
Syntax
ksctl connectionmgmt sap-dc list
Example Request
ksctl connectionmgmt sap-dc list
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
"uri": "kylo:kylo:connectionmgmt:connections:test-conn-d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2021-10-27T07:21:22.771275Z",
"updatedAt": "2021-10-27T07:21:22.770209Z",
"service": "sap-data-custodian",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "test-conn",
"products": [
"cckm"
],
"api_endpoint": "https://test-endpoint.com",
"user_credentials": {
"tenant": "testtenant",
"user": "testuser"
}
}
]
}
Testing an Existing SAP Data Custodian Connection
To test an existing SAP Data Custodian connection, run:
Syntax
ksctl connectionmgmt sap-dc test --id <Connection-Name/ID>
Example Request
ksctl connectionmgmt sap-dc test --id d2e25ea2-de0f-488a-94f4-d3c925cd5d18
Example Response
{
"connection_ok": true
}
Testing Parameters for a SAP Data Custodian Connection
To test parameters for a SAP Data Custodian connection, run:
Syntax
ksctl connectionmgmt sap-dc test --api-endpoint <SAPDataCustodian-API-Endpoint> --user-creds <user,secret,tenant-JSON-Format-String>
Example Request
ksctl connectionmgmt sap-dc test --api-endpoint "https://test-endpoint.com" --user-creds '{"user":"testuser","secret":"testsecret","tenant":"testtenant"}'
Example Response
{
"connection_ok": true
}