Docs Menu
Docs Home
/
MongoDB Ops Manager
/
API
/
Resources
/
Backup Administration
/
Backup Encryption Keys

Rotate the KMIP Master Key ID

On this page

  • Resource
  • Request Parameters
  • Request Path Parameters
  • Request Query Parameters
  • Request Body Parameters
  • Response
  • Example Request
  • Example Response
  • Response Header
  • Response Body

Note

Groups and projects are synonymous terms. Your {PROJECT-ID} is the same as your project id. For existing groups, your group/project id remains the same. This page uses the more familiar term group when referring to descriptions. The endpoint remains as stated in the document.

Important

Backups of MongoDB databases use the deployment's encryption setting.

Use the PUT HTTP method with the following endpoint to rotate the KMIP master key. Issue one PUT request for each shard and another PUT request for the config server replica set.

Base URL: https://{OPSMANAGER-HOST}:{PORT}/api/public/v1.0

Resource

PUT /groups/{PROJECT-ID}/backupConfigs/{CLUSTER-ID}/encryptionKey

Request Parameters

Request Path Parameters

Name
Type
Necessity
Description

{GROUP-ID}

string

Required

Unique identifier of the project to which the encryption key belongs.

{CLUSTER-ID}

string

Required

Unique identifier of the cluster to which the encryption keys belongs.

Request Query Parameters

The following query parameters are optional:

Name
Type
Necessity
Description
Default

pretty

boolean

Optional

Flag indicating whether the response body should be in a prettyprint format.

false

envelope

boolean

Optional

Flag that indicates whether or not to wrap the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

For endpoints that return one result, the response body includes:

Name
Description

status

HTTP response code

content

Expected response body

false

Request Body Parameters

This endpoint doesn't use HTTP request body parameters.

Response

Name
Type
Description

groupId

string

Unique identifier of the project to which the encryption key belongs.

clusterId

string

Unique identifier of the cluster to which the encryption keys belongs.

encryptionKeyUUID

string

Unique identifier of the KMIP master key. This key encrypts and restores the head databases for an encrypted backup.

FCV 4.2 and later use backup cursors instead of head databases. For more information, see Backup Daemon Service.

For more information on backup encryption for FCV 4.2 or later, see Encrypted Backup Snapshots.

Example Request

curl --user '{PUBLIC-KEY}:{PRIVATE-KEY}' --digest \
     --header 'Accept: application/json' \
     --header 'Content-Type: application/json' \
     --include \
     --request PUT "https://<OpsManagerHost>:<Port>/api/public/v1.0/groups/{PROJECT-ID}/backupConfigs/{CLUSTER-ID}/encryptionKey"

Example Response

Response Header

HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=ISO-8859-1
Date: {dateInUnixFormat}
WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false
Content-Length: {requestLengthInBytes}
Connection: keep-alive
HTTP/1.1 201 Created
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}

Response Body

This endpoint returns an empty JSON object.

Back

Retrieve KMIP Master Key ID

Next

Migrate to MongoDB Atlas