Creating GuardPoints
This section describes steps to protect create GuardPoints using the CTE APIs.
To create a GuardPoint:
-
Create keys (non-versioned and/or versioned keys) required for your policy. Standard and COS policies require one key while LDT and IDT policies require two keys. Refer to Creating Keys for details.
-
Create a policy with the keys created in the previous step. Refer to Creating Policies for details.
-
Create a GuardPoint using the policy.
Refer to the following sections for the API and sample for creating a GuardPoint. Also, for creating GuardPoints for supported CTE capabilities, refer to GuardPoint Features.
API
/v1/transparent-encryption/clients/{clientId}/guardpoints
Sample
{
"guard_paths": [
<GuardPath_Name>
],
"guard_point_params": {
"guard_point_type": "directory_auto"/"directory_manual",
"policy_id": <policy_name>
}
}
Refer to Creating Policies for information on creating GuardPoints for different policy types.
GuardPoint Features
Depending on the capabilities enabled on the LDT client, you can use Preserve Sparse Region, Secure Start, and LDT over CIFS when creating GuardPoints. The following table lists the platforms and policies they are supported with.
Feature | Supported Platform | Supported Policies |
---|---|---|
Preserve Sparse Region | Windows, Linux | LDT |
Secure Start | Windows | Standard, LDT |
LDT over CIFS | Windows | LDT |
Click the following tabs for samples to create GuardPoints with these features.
The default value is True
.
Note
The value cannot be changed to True
if you have set it False
for a GuardPoint.
{
"guard_paths": [
<GuardPath_Name>
],
"guard_point_params": {
"guard_point_type": "directory_auto"/"directory_manual",
"policy_id": <policy_name>,
"preserve_sparse_regions": True/False
}
}
{
"guard_paths": [
<GuardPath_Name>
],
"guard_point_params": {
"guard_point_type": "directory_auto"/"rawdevice_auto",
"policy_id": <policy_name>,
"early_access": True/False
}
}
{
"guard_paths": [
<GuardPath_Name>
],
"guard_point_params": {
"guard_point_type": "directory_auto",
"policy_id": <policy_name>,
"cifs_enabled": True/False,
"network_share_credentials_id":<CIFS connection manager name> (Applicable if 'cifs_enabled' parameter is TRUE)
}
}