Updating Security Objects

Updated: August 9, 2017

Metadata for security objects, including their name, description, enabled operations, and custom metadata may be altered. The UUID of the security object, the group it belongs to, and the security object cryptographic material cannot be changed.


Modifying security objects metadata requires an SmartKey account, a group, and a user or application configured in that group, and a security object to update. See the SmartKey Developer’s Guide for more details.

Authorization and Configuration

You must first authenticate and optionally configure a default API client as described in Configure API Client and Client Authentication. You may authenticate as a user or as an app. Both users and applications may modify security objects.

Create a SecurityObjectsApi Client Object

Modifying security objects is performed with a SecurityObjectsApi object.

import com.fortanix.sdkms.v1.api.SecurityObjectsApi();

SecurityObjectsApi sobjectsApi = new SecurityObjectsApi();

Construct an SobjectRequest Object

The new properties are passed via properties of an SobjectRequest object. The properties that may be updated are:

  • customMetadata
  • description
  • enabled
  • keyOps
  • name

Properties provided in the update request will be updated. Properties not provided will be not be updated.

Enabled operations may be deleted from a security object but may not be added. The keyOps field of the SobjectRequest is a list of the operations that will be enabled in the object after the update request succeeds.

For example, to update the name and description of a key, use the following SobjectRequest:

import com.fortanix.sdkms.v1.model.SobjectRequest;

SobjectRequest updateRequest = new SobjectRequest().name("New key name").description("New key description");

For example, to update a security object so it only has the Encrypt and Decrypt operations, use the following SobjectRequest:

import java.util.Arrays;
import com.fortanix.sdkms.v1.model.KeyOperations;
import com.fortanix.sdkms.v1.model.SobjectRequest;

SobjectRequest updateRequest = new SobjectRequest().keyOps(Arrays.asList(KeyOperations.ENCRYPT,  KeyOperations.DECRYPT));

Note that the above update will fail if the object does not currently have at least the Encrypt and Decrypt operations enabled, since operations can only be removed and not added.

Make the Update Security Object Call

The security object is updated by calling the updateSecurityObject() method of the SecurityObjectsApi object with the UUID of the key to update and the SobjectRequest. This method returns a KeyObject with the new metadatda of the security object.

KeyObject newKeyDetails = sobjectsApi.updateSecurityObject(<UUID of object to update>, updateRequest);