Encryption Key Management¶
API | API Function | Permission |
|---|---|---|
POST /v1.0/{project_id}/kms/create-key | Creates a CMK. | kms:cmk:create |
POST /v1.0/{project_id}/kms/enable-key | Enables a CMK. | kms:cmk:enable |
POST /v1.0/{project_id}/kms/disable-key | Disables a CMK. | kms:cmk:disable |
POST /v1.0/{project_id}/kms/schedule-key-deletion | Schedules the deletion of a CMK. | kms:cmk:update |
POST /v1.0/{project_id}/kms/cancel-key-deletion | Cancels the scheduled deletion of a CMK. | kms:cmk:update |
POST /v1.0/{project_id}/kms/list-keys | Queries the list of CMKs. | kms:cmk:list |
POST /v1.0/{project_id}/kms/describe-key | Queries the CMK information. | kms:cmk:get |
POST /v1.0/{project_id}/kms/gen-random | Generates a random number. | kms:cmk:generate |
POST /v1.0/{project_id}/kms/create-datakey | Creates a DEK. | kms:dek:create |
POST /v1.0/{project_id}/kms/create-datakey-without-plaintext | Creates a plaintext-free DEK. | kms:dek:create |
POST /v1.0/{project_id}/kms/encrypt-datakey | Encrypts a DEK. | kms:dek:crypto |
POST /v1.0/{project_id}/kms/decrypt-datakey | Decrypts a DEK. | kms:dek:crypto |
GET /v1.0/{project_id}/kms/user-instances | Queries the number of instances. | kms:cmk:getInstance |
GET /v1.0/{project_id}/kms/user-quotas | Queries the user quota. | kms:cmk:getQuota |
POST /v1.0/{project_id}/kms/update-key-alias | Modifies the CMK alias. | kms:cmk:update |
POST /v1.0/{project_id}/kms/update-key-description | Modifies the description of a CMK. | kms:cmk:update |
POST /v1.0/{project_id}/kms/create-grant | Creates a grant. | kms:grant:create |
POST /v1.0/{project_id}/kms/revoke-grant | Revokes a grant. | kms:grant:revoke |
POST /v1.0/{project_id}/kms/retire-grant | Retires a grant. | kms:grant:retire |
POST /v1.0/{project_id}/kms/list-grants | Queries the grant list of a CMK. | kms:grant:list |
POST /v1.0/{project_id}/kms/list-retirable-grants | Queries the list of grants that can be retired. | kms:grant:list |
POST /v1.0/{project_id}/kms/encrypt-data | Encrypts data. | kms:cmk:crypto |
POST /v1.0/{project_id}/kms/decrypt-data | Decrypts data. | kms:cmk:crypto |
POST /v1.0/{project_id}/kms/get-parameters-for-import | Obtains parameters for importing a key. | kms:cmk:getMaterial |
POST /v1.0/{project_id}/kms/import-key-material | Imports key material. | kms:cmk:importMaterial |
POST /v1.0/{project_id}/kms/delete-imported-key-material | Deletes key material. | kms:cmk:deleteMaterial |
POST /v1.0/{project_id}/kms/enable-key-rotation | Enables key rotation. | kms:cmk:enableRotation |
POST /v1.0/{project_id}/kms/update-key-rotation-interval | Modifies the rotation interval. | kms:cmk:updateRotation |
POST /v1.0/{project_id}/kms/disable-key-rotation | Disables key rotation. | kms:cmk:disableRotation |
POST /v1.0/{project_id}/kms/get-key-rotation-status | Queries the key rotation status. | kms:cmk:getRotation |
POST /v1.0/{project_id}/kms/resource_instances/action | Queries key resource instances. | kms:cmkTag:listInstance |
GET /v1.0/{project_id}/kms/{key_id}/tags | Queries tags of a key. | kms:cmkTag:list |
GET /v1.0/{project_id}/kms/tags | Queries the project tags. | kms:cmkTag:list |
POST /v1.0/{project_id}/kms/{key_id}/tags/action | Adds or deletes key tags in batches. | kms:cmkTag:batch |
POST /v1.0/{project_id}/kms/{key_id}/tags | Adds tags to a key. | kms:cmkTag:create |
POST /v1.0/{project_id}/kms/{ key_id }/tags/{key} | Deletes tags of a key. | kms:cmkTag:delete |