Encryption Key Management

API

API Function

Permission

POST /v1.0/{project_id}/kms/create-key

Creates a CMK.

kms:cmk:create

POST /v1.0/{project_id}/kms/enable-key

Enables a CMK.

kms:cmk:enable

POST /v1.0/{project_id}/kms/disable-key

Disables a CMK.

kms:cmk:disable

POST /v1.0/{project_id}/kms/schedule-key-deletion

Schedules the deletion of a CMK.

kms:cmk:update

POST /v1.0/{project_id}/kms/cancel-key-deletion

Cancels the scheduled deletion of a CMK.

kms:cmk:update

POST /v1.0/{project_id}/kms/list-keys

Queries the list of CMKs.

kms:cmk:list

POST /v1.0/{project_id}/kms/describe-key

Queries the CMK information.

kms:cmk:get

POST /v1.0/{project_id}/kms/gen-random

Generates a random number.

kms:cmk:generate

POST /v1.0/{project_id}/kms/create-datakey

Creates a DEK.

kms:dek:create

POST /v1.0/{project_id}/kms/create-datakey-without-plaintext

Creates a plaintext-free DEK.

kms:dek:create

POST /v1.0/{project_id}/kms/encrypt-datakey

Encrypts a DEK.

kms:dek:crypto

POST /v1.0/{project_id}/kms/decrypt-datakey

Decrypts a DEK.

kms:dek:crypto

GET /v1.0/{project_id}/kms/user-instances

Queries the number of instances.

kms:cmk:getInstance

GET /v1.0/{project_id}/kms/user-quotas

Queries the user quota.

kms:cmk:getQuota

POST /v1.0/{project_id}/kms/update-key-alias

Modifies the CMK alias.

kms:cmk:update

POST /v1.0/{project_id}/kms/update-key-description

Modifies the description of a CMK.

kms:cmk:update

POST /v1.0/{project_id}/kms/create-grant

Creates a grant.

kms:grant:create

POST /v1.0/{project_id}/kms/revoke-grant

Revokes a grant.

kms:grant:revoke

POST /v1.0/{project_id}/kms/retire-grant

Retires a grant.

kms:grant:retire

POST /v1.0/{project_id}/kms/list-grants

Queries the grant list of a CMK.

kms:grant:list

POST /v1.0/{project_id}/kms/list-retirable-grants

Queries the list of grants that can be retired.

kms:grant:list

POST /v1.0/{project_id}/kms/encrypt-data

Encrypts data.

kms:cmk:crypto

POST /v1.0/{project_id}/kms/decrypt-data

Decrypts data.

kms:cmk:crypto

POST /v1.0/{project_id}/kms/get-parameters-for-import

Obtains parameters for importing a key.

kms:cmk:getMaterial

POST /v1.0/{project_id}/kms/import-key-material

Imports key material.

kms:cmk:importMaterial

POST /v1.0/{project_id}/kms/delete-imported-key-material

Deletes key material.

kms:cmk:deleteMaterial

POST /v1.0/{project_id}/kms/enable-key-rotation

Enables key rotation.

kms:cmk:enableRotation

POST /v1.0/{project_id}/kms/update-key-rotation-interval

Modifies the rotation interval.

kms:cmk:updateRotation

POST /v1.0/{project_id}/kms/disable-key-rotation

Disables key rotation.

kms:cmk:disableRotation

POST /v1.0/{project_id}/kms/get-key-rotation-status

Queries the key rotation status.

kms:cmk:getRotation

POST /v1.0/{project_id}/kms/resource_instances/action

Queries key resource instances.

kms:cmkTag:listInstance

GET /v1.0/{project_id}/kms/{key_id}/tags

Queries tags of a key.

kms:cmkTag:list

GET /v1.0/{project_id}/kms/tags

Queries the project tags.

kms:cmkTag:list

POST /v1.0/{project_id}/kms/{key_id}/tags/action

Adds or deletes key tags in batches.

kms:cmkTag:batch

POST /v1.0/{project_id}/kms/{key_id}/tags

Adds tags to a key.

kms:cmkTag:create

POST /v1.0/{project_id}/kms/{ key_id }/tags/{key}

Deletes tags of a key.

kms:cmkTag:delete