加密密钥管理
权限 |
对应API接口 |
授权项(Action) |
依赖的授权项 |
IAM项目 (Project) |
企业项目 (Enterprise Project) |
---|---|---|---|---|---|
创建密钥 |
POST /v1.0/{project_id}/kms/create-key |
kms:cmk:create |
- |
√ |
√ |
启用密钥 |
POST /v1.0/{project_id}/kms/enable-key |
kms:cmk:enable |
- |
√ |
√ |
禁用密钥 |
POST /v1.0/{project_id}/kms/disable-key |
kms:cmk:disable |
- |
√ |
√ |
计划删除密钥 |
POST /v1.0/{project_id}/kms/schedule-key-deletion |
kms:cmk:update |
- |
√ |
√ |
取消计划删除密钥 |
POST /v1.0/{project_id}/kms/cancel-key-deletion |
kms:cmk:update |
- |
√ |
√ |
查询密钥列表 |
POST /v1.0/{project_id}/kms/list-keys |
kms:cmk:list |
- |
√ |
√ |
查询密钥信息 |
POST /v1.0/{project_id}/kms/describe-key |
kms:cmk:get |
- |
√ |
√ |
创建随机数 |
POST /v1.0/{project_id}/kms/gen-random |
kms:cmk:generate |
- |
√ |
× |
创建数据密钥 |
POST /v1.0/{project_id}/kms/create-datakey |
kms:dek:create |
- |
√ |
√ |
创建不含明文数据密钥 |
POST /v1.0/{project_id}/kms/create-datakey-without-plaintext |
kms:dek:create |
- |
√ |
√ |
加密数据密钥 |
POST /v1.0/{project_id}/kms/encrypt-datakey |
kms:dek:crypto |
- |
√ |
√ |
解密数据密钥 |
POST /v1.0/{project_id}/kms/decrypt-datakey |
kms:dek:crypto |
- |
√ |
√ |
查询实例数 |
GET /v1.0/{project_id}/kms/user-instances |
kms:cmk:getInstance |
- |
√ |
× |
查询配额 |
GET /v1.0/{project_id}/kms/user-quotas |
kms:cmk:getQuota |
- |
√ |
× |
修改密钥别名 |
POST /v1.0/{project_id}/kms/update-key-alias |
kms:cmk:update |
- |
√ |
√ |
修改密钥描述 |
POST /v1.0/{project_id}/kms/update-key-description |
kms:cmk:update |
- |
√ |
√ |
创建授权 |
POST /v1.0/{project_id}/kms/create-grant |
kms:grant:create |
- |
√ |
√ |
撤销授权 |
POST /v1.0/{project_id}/kms/revoke-grant |
kms:grant:revoke |
- |
√ |
√ |
退役授权 |
POST /v1.0/{project_id}/kms/retire-grant |
kms:grant:retire |
- |
√ |
√ |
查询授权列表 |
POST /v1.0/{project_id}/kms/list-grants |
kms:grant:list |
- |
√ |
× |
查询可退役授权列表 |
POST /v1.0/{project_id}/kms/list-retirable-grants |
kms:grant:list |
- |
√ |
× |
加密数据 |
POST /v1.0/{project_id}/kms/encrypt-data |
kms:cmk:crypto |
- |
√ |
√ |
解密数据 |
POST /v1.0/{project_id}/kms/decrypt-data |
kms:cmk:crypto |
- |
√ |
√ |
获取密钥导入参数 |
POST /v1.0/{project_id}/kms/get-parameters-for-import |
kms:cmk:getMaterial |
- |
√ |
√ |
导入密钥材料 |
POST /v1.0/{project_id}/kms/import-key-material |
kms:cmk:importMaterial |
- |
√ |
√ |
删除密钥材料 |
POST /v1.0/{project_id}/kms/delete-imported-key-material |
kms:cmk:deleteMaterial |
- |
√ |
√ |
开启密钥轮换 |
POST /v1.0/{project_id}/kms/enable-key-rotation |
kms:cmk:enableRotation |
- |
√ |
√ |
修改密钥轮换周期 |
POST /v1.0/{project_id}/kms/update-key-rotation-interval |
kms:cmk:updateRotation |
- |
√ |
√ |
关闭密钥轮换 |
POST /v1.0/{project_id}/kms/disable-key-rotation |
kms:cmk:disableRotation |
- |
√ |
√ |
查询密钥轮换状态 |
POST /v1.0/{project_id}/kms/get-key-rotation-status |
kms:cmk:getRotation |
- |
√ |
√ |
查询密钥实例 |
POST /v1.0/{project_id}/kms/resource_instances/action |
kms:cmkTag:listInstance |
- |
√ |
√ |
查询密钥标签 |
GET /v1.0/{project_id}/kms/{key_id}/tags |
kms:cmkTag:list |
- |
√ |
√ |
查询项目标签 |
GET /v1.0/{project_id}/kms/tags |
kms:cmkTag:list |
- |
√ |
× |
批量添加删除密钥标签 |
POST /v1.0/{project_id}/kms/{key_id}/tags/action |
kms:cmkTag:batch |
- |
√ |
√ |
添加密钥标签 |
POST /v1.0/{project_id}/kms/{key_id}/tags |
kms:cmkTag:create |
- |
√ |
√ |
删除密钥标签 |
POST /v1.0/{project_id}/kms/{key_id}/tags/{key} |
kms:cmkTag:delete |
- |
√ |
√ |
创建专属密钥库 |
/v1.0/{project_id}/keystores/ |
kms:keystore:create |
- |
√ |
× |
删除专属密钥库 |
/v1.0/{project_id}/keystores/{keystore_id} |
kms:keystore:delete |
- |
√ |
× |
启用专属密钥库 |
/v1.0/{project_id}/keystores/{keystore_id}/enable |
kms:keystore:enable |
- |
√ |
× |
禁用专属密钥库 |
/v1.0/{project_id}/keystores/{keystore_id}/disable |
kms:keystore:disable |
- |
√ |
× |
查询专属密钥库列表 |
/v1.0/{project_id}/keystores/ |
kms:keystore:list |
- |
√ |
× |
获取专属密钥库 |
/v1.0/{project_id}/keystores/{keystore_id} |
kms:keystore:get |
- |
√ |
× |