Creating a CMK
Function
This API is used to create customer master keys (CMKs).
-
Symmetric CMKs contain a 256-bit symmetric keyIt can be used to encrypt and decrypt small amounts of data or data encryption keys (DEKs).
-
Asymmetric CMKs can contain an RSA key pair or an Elliptic Curve (ECC) key pair. It can be used to sign and verify messages
Constraints
Default Master Keys are created by services integrated with KMS. Names of Default Master Keys end with /default. Do not end your CMK names with /default. Enterprise project users' Default Master Keys belong to their default enterprise projects and cannot be moved to other enterprise projects. Default Master Keys provide basic cloud-based encryption functions to meet compliance requirements and can be used by non-default enterprise projects. You can also create and use your own keys as needed.
URI
POST /v1.0/{project_id}/kms/create-key
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
User token. The token can be obtained by calling the IAM API (value of X-Subject-Token in the response header). |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
key_alias |
Yes |
String |
Alias of a non-default master key. The value is a string of 1 to 255 characters that match the regular expression ^[a-zA-Z0-9:/_-]{1,255}$ and must be different from the alias of the Default Master Key. |
|
key_spec |
No |
String |
CMK algorithm type, default is "AES_256".It can be:
|
|
key_usage |
No |
String |
Determines the cryptographic operations for which you can use the CMK. The default value for symmetric key is ENCRYPT_DECRYPT and for asymmetric key is SIGN_VERIFY.
|
|
key_description |
No |
String |
Key description. It can contain 0 to 255 characters. |
|
origin |
No |
String |
CMK source. It can be:
|
|
enterprise_project_id |
No |
String |
Enterprise project ID.
|
|
sequence |
No |
String |
36-byte sequence number of a request message. Example: 919c82d4-8046-4722-9094-35c3c6524cff |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
key_info |
KeKInfo object |
Key details. |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error information. |
Status code: 403
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code. |
|
error_msg |
String |
Error information. |
Example Requests
{
"key_alias" : "test"
}
Example Responses
Status code: 200
Request processing succeeded.
{
"key_info" : {
"key_id" : "bb6a3d22-dc93-47ac-b5bd-88df7ad35f1e",
"domain_id" : "b168fe00ff56492495a7d22974df2d0b"
}
}
Status code: 400
Invalid request parameters.
{
"error" : {
"error_code" : "KMS.XXX",
"error_msg" : "XXX"
}
}
Status code: 403
Authentication failed.
{
"error" : {
"error_code" : "KMS.XXX",
"error_msg" : "XXX"
}
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Request processing succeeded. |
|
400 |
Invalid request parameters. |
|
403 |
Authentication failed. |
Error Codes
See Error Codes.
Last Article: Lifecycle Management
Next Article: Enabling a CMK
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.