Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

Connection Manager

SAP Data Custodian

search

SAP Data Custodian

SAP Data Custodian connections to the CipherTrust Manager can be configured using the following:

Managing SAP Data Custodian Connections using GUI

  • API Endpoint - this is the KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it. Only v2 version of the KMS API is supported. To get the SAP API endpoint:

    1. Create a temporary technical user (TU).

    2. Generate its credentials and download them.

    The downloaded file "API Endpoints.txt" contains ISM and KMS API endpoints. Use the KMS API endpoint to make the connection.

  • Username - provide username to access the SAP data custodian server.

  • Secret - provide secret (password).

  • Tenant - provide tenant.

The username, secret, and tenant are standard user credentials for SAP data custodian. Currently, the CipherTrust Manager only supports standard user credentials for authentication.

Click the Test Credentials button to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.

You can proceed with adding the SAP connection even if clicking the Test Credentials returns an error message. You can test the connection after adding the connection. To test the connection, click the Test Connection button corresponding to the newly added connection, on the Connections page.

Click Next to move to the next step.

Currently, the only product supported for SAP Data Custodian connection is Cloud Key Manager.

Managing SAP Data Custodian Connections using ksctl

The following operations can be performed:

  • Create/Get/Update/Delete an SAP Data Custodian connection

  • List all SAP Data Custodian connections

  • Test an existing SAP Data Custodian connection

  • Test parameters for a SAP Data Custodian connection

Creating a SAP Data Custodian Connection

To create a SAP Data Custodian connection, run:

Syntax


ksctl connectionmgmt sap-dc create --name <Connection-Name> --products <Products-Names> --api-endpoint <SAPDataCustodian-API-Endpoint> --user-creds <user,secret,tenant-JSON-Format-String>

Here, --api-endpoint is the KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it. Only v2 version of the KMS API is supported. To get the SAP API endpoint:

  1. Create a temporary technical user (TU).

  2. Generate its credentials and download them.

The downloaded file "API Endpoints.txt" contains ISM and KMS API endpoints. Use the KMS API endpoint to make the connection.

Example Request


ksctl connectionmgmt sap-dc create --name test-conn --products "cckm" --api-endpoint "https://test-endpoint.com" --user-creds '{"user":"testuser","secret":"testsecret","tenant":"testtenant"}'

Example Response


{
    "id": "d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
    "uri": "kylo:kylo:connectionmgmt:connections:test-conn-d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-10-27T07:21:22.77127493Z",
    "updatedAt": "2021-10-27T07:21:22.770209257Z",
    "service": "sap-data-custodian",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "test-conn",
    "products": [
        "cckm"
    ],
    "api_endpoint": "https://test-endpoint.com",
    "user_credentials": {
        "tenant": "testtenant",
        "user": "testuser"
    }
}

Getting Details of a SAP Data Custodian Connection

To get details of a SAP Data Custodian connection, run:

Syntax


ksctl connectionmgmt sap-dc get --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt sap-dc get --id d2e25ea2-de0f-488a-94f4-d3c925cd5d18

Example Response


{
    "id": "d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
    "uri": "kylo:kylo:connectionmgmt:connections:test-conn-d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-10-27T07:21:22.771275Z",
    "updatedAt": "2021-10-27T07:21:22.770209Z",
    "service": "sap-data-custodian",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "test-conn",
    "products": [
        "cckm"
    ],
    "api_endpoint": "https://test-endpoint.com",
    "user_credentials": {
        "tenant": "testtenant",
        "user": "testuser"
    }
}

Updating a SAP Data Custodian Connection

To update a SAP Data Custodian connection, run:

Syntax


ksctl connectionmgmt sap-dc modify --id <Connection-Name/ID> --products <Products-Names> --api-endpoint <SAPDataCustodian-API-Endpoint> --user-creds <user,secret,tenant-JSON-Format-String> --meta <Key:Values>

Example Request


ksctl connectionmgmt sap-dc modify --id d2e25ea2-de0f-488a-94f4-d3c925cd5d18 --products "cckm" --api-endpoint "https://test2-endpoint.com" --user-creds '{"user":"testuser2","secret":"testsecret2","tenant":"testtenant2"}'

Example Response


{
    "id": "d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
    "uri": "kylo:kylo:connectionmgmt:connections:test-conn-d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2021-10-27T07:21:22.771275Z",
    "updatedAt": "2021-10-27T07:26:11.431339116Z",
    "service": "sap-data-custodian",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "test-conn",
    "products": [
        "cckm"
    ],
    "api_endpoint": "https://test2-endpoint.com",
    "user_credentials": {
        "tenant": "testtenant2",
        "user": "testuser2"
    }
}

Deleting a SAP Data Custodian Connection

To delete a SAP Data Custodian connection, run:

Syntax


ksctl connectionmgmt sap-dc delete --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt sap-dc delete --id d2e25ea2-de0f-488a-94f4-d3c925cd5d18

Example Response

There will be no response if SAP Data Custodian connection is deleted successfully.

Getting List of SAP Data Custodian Connections

To list all the SAP Data Custodian connections, run:

Syntax


ksctl connectionmgmt sap-dc list

Example Request


ksctl connectionmgmt sap-dc list

Example Response


{
    "skip": 0,
    "limit": 10,
    "total": 1,
    "resources": [
        {
            "id": "d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
            "uri": "kylo:kylo:connectionmgmt:connections:test-conn-d2e25ea2-de0f-488a-94f4-d3c925cd5d18",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2021-10-27T07:21:22.771275Z",
            "updatedAt": "2021-10-27T07:21:22.770209Z",
            "service": "sap-data-custodian",
            "category": "cloud",
            "last_connection_ok": null,
            "last_connection_at": "0001-01-01T00:00:00Z",
            "name": "test-conn",
            "products": [
                "cckm"
            ],
            "api_endpoint": "https://test-endpoint.com",
            "user_credentials": {
                "tenant": "testtenant",
                "user": "testuser"
            }
        }
    ]
}

Testing an Existing SAP Data Custodian Connection

To test an existing SAP Data Custodian connection, run:

Syntax


ksctl connectionmgmt sap-dc test --id <Connection-Name/ID>

Example Request


ksctl connectionmgmt sap-dc test --id d2e25ea2-de0f-488a-94f4-d3c925cd5d18

Example Response


{
    "connection_ok": true
}

Testing Parameters for a SAP Data Custodian Connection

To test parameters for a SAP Data Custodian connection, run:

Syntax


ksctl connectionmgmt sap-dc test --api-endpoint <SAPDataCustodian-API-Endpoint> --user-creds <user,secret,tenant-JSON-Format-String>

Example Request


ksctl connectionmgmt sap-dc test --api-endpoint "https://test-endpoint.com" --user-creds '{"user":"testuser","secret":"testsecret","tenant":"testtenant"}'

Example Response


{
    "connection_ok": true
}