• Key Management Service

kms
  1. Help Center
  2. Key Management Service
  3. API Reference
  4. APIs
  5. Creating a CMK

Creating a CMK

Function

This API is used to create customer master keys (CMKs) used to encrypt data encryption keys (DEKs).

NOTE:

Default Master Keys are created by services integrated with KMS. Names of Default Master Keys end with /default. Therefore, in naming your CMKs, do not choose those ending with /default.

URI

  • URI format

    POST /v1.0/{project_id}/kms/create-key

  • Parameter description

    Parameter

    Mandatory

    Type

    Description

    project_id

    Yes

    String

    Project ID

Requests

Request parameters

Parameter

Type

Mandatory

Description

key_alias

String

Yes

Alias of a non-default master key (The alias's length ranges from 1 to 255 characters and matches the regular expression ^[a-zA-Z0-9:/_-]{1,255}$. In addition, it must be different from the alias of a Default Master Key created by the system.)

key_description

String

No

CMK description (The value ranges from 0 to 255 characters.)

origin

string

No

Origin of a CMK. The default value is kms. The following values are enumerated:
  • kms indicates that the CMK material is generated by KMS.
  • external indicates that the CMK material is imported.

sequence

String

No

36-byte serial number of a request message

Example: 919c82d4-8046-4722-9094-35c3c6524cff

Responses

Response parameters

Parameter

Type

Mandatory

Description

key_id

String

Yes

CMK ID

domain_id

String

Yes

User domain ID

Examples

The following example describes how to create a CMK with an alias of test.

  • Example request
    {
        "key_alias": "test"
    }
  • Example response
    {
        "key_info": {
            "key_id": "bb6a3d22-dc93-47ac-b5bd-88df7ad35f1e",
            "domain_id": "b168fe00ff56492495a7d22974df2d0b"
        }
    }

    or

    {
        "error": {
            "error_code": "KMS.XXXX",
            "error_msg": "XXX"
        }
    }

Status Codes

Table 1 lists the normal status code returned by the response.
Table 1 Status codes

Status Code

Status

Description

200

OK

Request processed successfully.

Exception status code. For details, see Status Codes.