pull_external_stap_keystore

This command moves the External S-TAP® keystore between a central manager and its managed units.

This API is available in Guardium V10.6 and later.

The External S-TAP pull_external_stap_keystore command provides a mechanism to populate the External S-TAP keystore from either a central manager or a managed unit.

To pull the External S-TAP keystore from the central manager to a managed unit, run this API on the managed unit.
To pull the External S-TAP keystore from the central manager to one or all of the associated managed units, run this API on the central manager.

GuardAPI syntax

pull_external_stap_keystore parameter=value

Parameters

Parameter Value type Description

Parameter	Value type	Description
api_target_host	String	Specifies the target hosts where the API executes. Valid values: `all_managed`: execute on all managed units but not the central manager `all`: execute on all managed units and the central manager `group:<group name>`: execute on all managed units identified by `<group name>` host name or IP address of a managed unit: specified from the central manager to execute on a managed unit. For example, `api_target_host=10.0.1.123`. host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, `api_target_host=10.0.1.123`. IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.

api_target_host

String

Specifies the target hosts where the API executes. Valid values:

all_managed: execute on all managed units but not the central manager
all: execute on all managed units and the central manager
group:<group name>: execute on all managed units identified by <group name>
host name or IP address of a managed unit: specified from the central manager to execute on a managed unit. For example, api_target_host=10.0.1.123.
host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.

GuardAPI examples

To pull the keystore from a managed unit to the central manager, run the following command from the managed unit:
```
grdapi pull_external_stap_keystore
```
To pull the keystore from the central manager to all associated managed units, run the following command from the central manager:
```
grdapi pull_external_stap_keystore
```
To pull the keystore from the central manager to a specific managed unit, run the following command from the central manager:
```
grdapi pull_external_stap_keystore  api_target_host=hostname
```