Class pki:ExportEncryptionKey (CONCRETE)

Class ID:7286
Class Label: AES Encryption Passphrase and Keys for Config Export (and Import)
Encrypted: true - Exportable: false - Persistent: true - Configurable: true - Subject to Quota: Disabled
Write Access: [admin]
Read Access: [admin]
Creatable/Deletable: no (see Container Mos for details)
Semantic Scope: Fabric
Semantic Scope Evaluation Rule: Parent
Monitoring Policy Source: Parent
Monitoring Flags : [ IsObservable: false, HasStats: false, HasFaults: false, HasHealth: false, HasEventRules: false ]

Config Export Encryption Key policies

Naming Rules
RN FORMAT: exportcryptkey

    [1] PREFIX=exportcryptkey


DN FORMAT: 

[1] uni/exportcryptkey

                


Diagram

Super Mo: pki:Definition,
Container Mos: pol:Uni (deletable:no),
Relations From: pki:ExportEncryptionKeyRelnHolder,
Relations: pki:RtExportEncryptionKey,


Containers Hierarchies
[V] top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.
 ├
[V] fabric:Topology The root for IFC topology.
 
 ├
[V] fabric:Pod A pod.
 
 
 ├
[V] fabric:Node The root node for the APIC.
 
 
 
 ├
[V] ctx:Local The local Context.
 
 
 
 
 ├
[V] ctx:Application The context application.
 
 
 
 
 
 ├
[V] pol:Uni Represents policy definition/resolution universe.
 
 
 
 
 
 
 ├
[V] pki:ExportEncryptionKey  Config Export Encryption Key policies
[V] top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.
 ├
[V] pol:Uni Represents policy definition/resolution universe.
 
 ├
[V] pki:ExportEncryptionKey  Config Export Encryption Key policies


Contained Hierarchy
[V] pki:ExportEncryptionKey  Config Export Encryption Key policies
 ├
[V] fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.
 ├
[V] pki:RtExportEncryptionKey 


Inheritance
[V] naming:NamedObject An abstract base class for an object that contains a name.
 ├
[V] pol:Obj Represents a generic policy object.
 
 ├
[V] pol:Def Represents self-contained policy document.
 
 
 ├
[V] pki:Definition This is an abstract class and cannot be instantiated.
 
 
 
 ├
[V] pki:ExportEncryptionKey  Config Export Encryption Key policies


Events
                pki:ExportEncryptionKey:creation__pki_ExportEncryptionKey
pki:ExportEncryptionKey:modification__pki_ExportEncryptionKey
pki:ExportEncryptionKey:deletion__pki_ExportEncryptionKey


Faults
                


Fsms
                


Properties Summary
Defined in: pki:ExportEncryptionKey
scalar:Bool clearEncryptionKey  (pki:ExportEncryptionKey:clearEncryptionKey)
           Setting this property to true will trigger the clearing of all fields in this mo, set the strongEncryptionEnabled policy to False and keyConfigured to False. There is no method to recover the previous passphrase before the clear operation.
string:Basic cryptedPassphrase  (pki:ExportEncryptionKey:cryptedPassphrase)
           We never allow the passphrase to be returned via REST or seen again but the *salted* hash can be returned via REST to the user so that they can check if their passphrase is the same as configured in the system.
pki:AES256Key
          string:Password
encryptionKey  (pki:ExportEncryptionKey:encryptionKey)
           AES 256 Encryption Key
pki:AES256IV
          string:Password
initializationVector  (pki:ExportEncryptionKey:initializationVector)
           AES 256 Encryption Initialization Vector
scalar:Bool keyConfigured  (pki:ExportEncryptionKey:keyConfigured)
           Flag indicating if a passphrase/key is configured
pki:exportPassphraseType
          string:Password
passphrase  (pki:ExportEncryptionKey:passphrase)
           The encryption parameters cannot be modified by a client request - only via a passphrase change Setting this passphrase to blank/empty will trigger the clearing of all fields in this mo, set the strongEncryptionEnabled policy to False and keyConfigured to False. There is no method to recover the previous passphrase before the clear operation.
pki:passphraseKeyDerivationVersionType
          scalar:Enum8
passphraseKeyDerivationVersion  (pki:ExportEncryptionKey:passphraseKeyDerivationVersion)
           Version of the algorithm used - used for forward compatibility
pki:exportEncryptionPolicyType
          scalar:Bool
strongEncryptionEnabled  (pki:ExportEncryptionKey:strongEncryptionEnabled)
           Toggle to choose between weak and strong encryption - this flag can be set to True only when keyConfigured=True
scalar:Date timeGenerated  (pki:ExportEncryptionKey:timeGenerated)
           Ignore
Defined in: pki:Definition
naming:Name
          string:Basic
name  (pki:Definition:name)
           Overrides:pol:Obj:name | naming:NamedObject:name
          
Defined in: pol:Def
naming:Descr
          string:Basic
descr  (pol:Def:descr)
           Specifies a description of the policy definition.
naming:Descr
          string:Basic
ownerKey  (pol:Def:ownerKey)
           The key for enabling clients to own their data for entity correlation.
naming:Descr
          string:Basic
ownerTag  (pol:Def:ownerTag)
           A tag for enabling clients to add their own data. For example, to indicate who created this object.
Defined in: naming:NamedObject
naming:NameAlias
          string:Basic
nameAlias  (naming:NamedObject:nameAlias)
           NO COMMENTS
Defined in: mo:TopProps
mo:ModificationChildAction
          scalar:Bitmask32
childAction  (mo:TopProps:childAction)
           Delete or ignore. For internal use only.
reference:BinRef dn  (mo:TopProps:dn)
           A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.
reference:BinRN rn  (mo:TopProps:rn)
           Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.
mo:ModificationStatus
          scalar:Bitmask32
status  (mo:TopProps:status)
           The upgrade status. This property is for internal use only.
Defined in: mo:Ownable
scalar:Uint16 uid  (mo:Ownable:uid)
           A unique identifier for this object.
Defined in: mo:Resolvable
mo:Owner
          scalar:Enum8
lcOwn  (mo:Resolvable:lcOwn)
           A value that indicates how this object was created. For internal use only.
Defined in: mo:Modifiable
mo:TStamp
          scalar:Date
modTs  (mo:Modifiable:modTs)
           The time when this object was last modified.
Properties Detail

childAction

Type: mo:ModificationChildAction
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelChildAction
    Comments:
Delete or ignore. For internal use only.
Constants
deleteAll 16384u deleteAll NO COMMENTS
ignore 4096u ignore NO COMMENTS
deleteNonPresent 8192u deleteNonPresent NO COMMENTS
DEFAULT 0 --- This type is used to





clearEncryptionKey

Type: scalar:Bool

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Comments:
Setting this property to true will trigger the clearing of all fields in this mo, set the strongEncryptionEnabled policy to False and keyConfigured to False. There is no method to recover the previous passphrase before the clear operation.
Constants
no false --- NO COMMENTS
yes true --- NO COMMENTS
DEFAULT no(false) --- NO COMMENTS





cryptedPassphrase

Type: string:Basic

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
We never allow the passphrase to be returned via REST or seen again but the *salted* hash can be returned via REST to the user so that they can check if their passphrase is the same as configured in the system.



descr

Type: naming:Descr
Primitive Type: string:Basic

Like: naming:Described:descr
Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "128"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+
    Comments:
Specifies a description of the policy definition.



dn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelDn
    Comments:
A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.



encryptionKey

Type: pki:AES256Key
Primitive Type: string:Password

Units: null
Encrypted: true
Access: implicit
Category: TopLevelRegular
    Comments:
AES 256 Encryption Key



initializationVector

Type: pki:AES256IV
Primitive Type: string:Password

Units: null
Encrypted: true
Access: implicit
Category: TopLevelRegular
    Comments:
AES 256 Encryption Initialization Vector



keyConfigured

Type: scalar:Bool

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Flag indicating if a passphrase/key is configured
Constants
no false --- NO COMMENTS
yes true --- NO COMMENTS
DEFAULT no(false) --- NO COMMENTS





lcOwn

Type: mo:Owner
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
A value that indicates how this object was created. For internal use only.
Constants
local 0 Local NO COMMENTS
policy 1 Policy NO COMMENTS
replica 2 Replica NO COMMENTS
resolveOnBehalf 3 ResolvedOnBehalf NO COMMENTS
implicit 4 Implicit NO COMMENTS
DEFAULT local(0) Local NO COMMENTS





modTs

Type: mo:TStamp
Primitive Type: scalar:Date

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The time when this object was last modified.
Constants
never 0ull never NO COMMENTS
DEFAULT never(0ull) never NO COMMENTS





name

Type: naming:Name
Primitive Type: string:Basic

Overrides:pol:Obj:name  |  naming:NamedObject:name
Units: null Encrypted: false Access: create Category: TopLevelRegular Property Validators: Range: min: "0" max: "64" Allowed Chars: Regex: [a-zA-Z0-9_.:-]+
    Comments:



nameAlias

Type: naming:NameAlias
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "63"
        Allowed Chars:
            Regex: [a-zA-Z0-9_.-]+
    Comments:
NO COMMENTS



ownerKey

Type: naming:Descr
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "128"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+
    Comments:
The key for enabling clients to own their data for entity correlation.



ownerTag

Type: naming:Descr
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "64"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+
    Comments:
A tag for enabling clients to add their own data. For example, to indicate who created this object.



passphrase

Type: pki:exportPassphraseType
Primitive Type: string:Password

Units: null
Encrypted: true
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "32"
    Comments:
The encryption parameters cannot be modified by a client request - only via a passphrase change Setting this passphrase to blank/empty will trigger the clearing of all fields in this mo, set the strongEncryptionEnabled policy to False and keyConfigured to False. There is no method to recover the previous passphrase before the clear operation.



passphraseKeyDerivationVersion

Type: pki:passphraseKeyDerivationVersionType
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Comments:
Version of the algorithm used - used for forward compatibility
Constants
v1 0 PBKDF2 Version 1 Only one value possible today, but will allow new enum definitions in the future
DEFAULT v1(0) PBKDF2 Version 1 Only one value possible today, but will allow new enum definitions in the future





rn

Type: reference:BinRN

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRn
    Comments:
Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.



status

Type: mo:ModificationStatus
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelStatus
    Comments:
The upgrade status. This property is for internal use only.
Constants
created 2u created In a setter method: specifies that an object should be created. An error is returned if the object already exists.
In the return value of a setter method: indicates that an object has been created.
modified 4u modified In a setter method: specifies that an object should be modified
In the return value of a setter method: indicates that an object has been modified.
deleted 8u deleted In a setter method: specifies that an object should be deleted.
In the return value of a setter method: indicates that an object has been deleted.
DEFAULT 0 --- This type controls the life cycle of objects passed in the XML API.

When used in a setter method (such as configConfMo), the ModificationStatus specifies whether an object should be created, modified, deleted or removed.
In the return value of a setter method, the ModificationStatus indicates the actual operation that was performed. For example, the ModificationStatus is set to "created" if the object was created. The ModificationStatus is not set if the object was neither created, modified, deleted or removed.

When invoking a setter method, the ModificationStatus is optional:
If a setter method such as configConfMo is invoked and the ModificationStatus is not set, the system automatically determines if the object should be created or modified.






strongEncryptionEnabled

Type: pki:exportEncryptionPolicyType
Primitive Type: scalar:Bool

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Comments:
Toggle to choose between weak and strong encryption - this flag can be set to True only when keyConfigured=True
Constants
no false --- NO COMMENTS
yes true --- NO COMMENTS
DEFAULT no(false) --- NO COMMENTS





timeGenerated

Type: scalar:Date

Units: date
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Ignore



uid

Type: scalar:Uint16

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
A unique identifier for this object.