Updated on 2022-09-15 GMT+08:00

Encryption Key Management

Permission

API

Action

Dependent Permission

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Creating a CMK

POST /v1.0/{project_id}/kms/create-key

kms:cmk:create

-

Enabling a CMK

POST /v1.0/{project_id}/kms/enable-key

kms:cmk:enable

-

Disabling a CMK

POST /v1.0/{project_id}/kms/disable-key

kms:cmk:disable

-

Scheduling the deletion of a CMK

POST /v1.0/{project_id}/kms/schedule-key-deletion

kms:cmk:update

-

Canceling the scheduled deletion of a CMK

POST /v1.0/{project_id}/kms/cancel-key-deletion

kms:cmk:update

-

Querying the list of CMKs

POST /v1.0/{project_id}/kms/list-keys

kms:cmk:list

-

Queries the CMK information.

POST /v1.0/{project_id}/kms/describe-key

kms:cmk:get

-

Generating a random number

POST /v1.0/{project_id}/kms/gen-random

kms:cmk:generate

-

Creating a DEK

POST /v1.0/{project_id}/kms/create-datakey

kms:dek:create

-

Creating a plaintext-free DEK

POST /v1.0/{project_id}/kms/create-datakey-without-plaintext

kms:dek:create

-

Encrypting a DEK

POST /v1.0/{project_id}/kms/encrypt-datakey

kms:dek:crypto

-

Decrypting a DEK

POST /v1.0/{project_id}/kms/decrypt-datakey

kms:dek:crypto

-

Querying the number of instances

GET /v1.0/{project_id}/kms/user-instances

kms:cmk:getInstance

-

Querying the user quota

GET /v1.0/{project_id}/kms/user-quotas

kms:cmk:getQuota

-

Modifying the CMK alias

POST /v1.0/{project_id}/kms/update-key-alias

kms:cmk:update

-

Modifying the description of a CMK

POST /v1.0/{project_id}/kms/update-key-description

kms:cmk:update

-

Creating a grant

POST /v1.0/{project_id}/kms/create-grant

kms:grant:create

-

Revoking a grant

POST /v1.0/{project_id}/kms/revoke-grant

kms:grant:revoke

-

Retiring a grant

POST /v1.0/{project_id}/kms/retire-grant

kms:grant:retire

-

Querying the grant list of a CMK

POST /v1.0/{project_id}/kms/list-grants

kms:grant:list

-

Querying the list of grants that can be retired

POST /v1.0/{project_id}/kms/list-retirable-grants

kms:grant:list

-

Encrypting data

POST /v1.0/{project_id}/kms/encrypt-data

kms:cmk:crypto

-

Decrypting data

POST /v1.0/{project_id}/kms/decrypt-data

kms:cmk:crypto

-

Obtaining parameters for importing a key

POST /v1.0/{project_id}/kms/get-parameters-for-import

kms:cmk:getMaterial

-

Importing key material

POST /v1.0/{project_id}/kms/import-key-material

kms:cmk:importMaterial

-

Deleting key material

POST /v1.0/{project_id}/kms/delete-imported-key-material

kms:cmk:deleteMaterial

-

Enabling key rotation

POST /v1.0/{project_id}/kms/enable-key-rotation

kms:cmk:enableRotation

-

Modifying the rotation interval

POST /v1.0/{project_id}/kms/update-key-rotation-interval

kms:cmk:updateRotation

-

Disabling key rotation

POST /v1.0/{project_id}/kms/disable-key-rotation

kms:cmk:disableRotation

-

Querying the key rotation status

POST /v1.0/{project_id}/kms/get-key-rotation-status

kms:cmk:getRotation

-

Querying key resource instances

POST /v1.0/{project_id}/kms/resource_instances/action

kms:cmkTag:listInstance

-

Querying tags of a key

GET /v1.0/{project_id}/kms/{key_id}/tags

kms:cmkTag:list

-

Querying the project tags

GET /v1.0/{project_id}/kms/tags

kms:cmkTag:list

-

Adding or deleting key tags in batches

POST /v1.0/{project_id}/kms/{key_id}/tags/action

kms:cmkTag:batch

-

Adding tags to a key

POST /v1.0/{project_id}/kms/{key_id}/tags

kms:cmkTag:create

-

Deleting tags of a key

POST /v1.0/{project_id}/kms/{key_id}/tags/{key}

kms:cmkTag:delete

-