Encryption Key Management
Permission | API | Action | Dependent Permission | IAM Project (Project) | Enterprise Project (Enterprise Project) |
|---|---|---|---|---|---|
Creating a CMK | POST /v1.0/{project_id}/kms/create-key | kms:cmk:create | - | √ | √ |
Enabling a CMK | POST /v1.0/{project_id}/kms/enable-key | kms:cmk:enable | - | √ | √ |
Disabling a CMK | POST /v1.0/{project_id}/kms/disable-key | kms:cmk:disable | - | √ | √ |
Scheduling the deletion of a CMK | POST /v1.0/{project_id}/kms/schedule-key-deletion | kms:cmk:update | - | √ | √ |
Canceling the scheduled deletion of a CMK | POST /v1.0/{project_id}/kms/cancel-key-deletion | kms:cmk:update | - | √ | √ |
Querying the list of CMKs | POST /v1.0/{project_id}/kms/list-keys | kms:cmk:list | - | √ | √ |
Queries the CMK information. | POST /v1.0/{project_id}/kms/describe-key | kms:cmk:get | - | √ | √ |
Generating a random number | POST /v1.0/{project_id}/kms/gen-random | kms:cmk:generate | - | √ | × |
Creating a DEK | POST /v1.0/{project_id}/kms/create-datakey | kms:dek:create | - | √ | √ |
Creating a plaintext-free DEK | POST /v1.0/{project_id}/kms/create-datakey-without-plaintext | kms:dek:create | - | √ | √ |
Encrypting a DEK | POST /v1.0/{project_id}/kms/encrypt-datakey | kms:dek:crypto or kms:dek:encrypt | - | √ | √ |
Decrypting a DEK | POST /v1.0/{project_id}/kms/decrypt-datakey | kms:dek:crypto or kms:dek:decrypt | - | √ | √ |
Querying the number of instances | GET /v1.0/{project_id}/kms/user-instances | kms:cmk:getInstance | - | √ | × |
Querying the user quota | GET /v1.0/{project_id}/kms/user-quotas | kms:cmk:getQuota | - | √ | × |
Modifying the CMK alias | POST /v1.0/{project_id}/kms/update-key-alias | kms:cmk:update | - | √ | √ |
Modifying the description of a CMK | POST /v1.0/{project_id}/kms/update-key-description | kms:cmk:update | - | √ | √ |
Creating a grant | POST /v1.0/{project_id}/kms/create-grant | kms:grant:create | - | √ | √ |
Revoking a grant | POST /v1.0/{project_id}/kms/revoke-grant | kms:grant:revoke | - | √ | √ |
Retiring a grant | POST /v1.0/{project_id}/kms/retire-grant | kms:grant:retire | - | √ | √ |
Querying the grant list of a CMK | POST /v1.0/{project_id}/kms/list-grants | kms:grant:list | - | √ | × |
Querying the list of grants that can be retired | POST /v1.0/{project_id}/kms/list-retirable-grants | kms:grant:list | - | √ | × |
Encrypting data | POST /v1.0/{project_id}/kms/encrypt-data | kms:cmk:crypto or kms:cmk:encrypt | - | √ | √ |
Decrypting data | POST /v1.0/{project_id}/kms/decrypt-data | kms:cmk:crypto or kms:cmk:decrypt | - | √ | √ |
Obtaining parameters for importing a key | POST /v1.0/{project_id}/kms/get-parameters-for-import | kms:cmk:getMaterial | - | √ | √ |
Importing key material | POST /v1.0/{project_id}/kms/import-key-material | kms:cmk:importMaterial | - | √ | √ |
Deleting key material | POST /v1.0/{project_id}/kms/delete-imported-key-material | kms:cmk:deleteMaterial | - | √ | √ |
Enabling key rotation | POST /v1.0/{project_id}/kms/enable-key-rotation | kms:cmk:enableRotation | - | √ | √ |
Modifying the rotation interval | POST /v1.0/{project_id}/kms/update-key-rotation-interval | kms:cmk:updateRotation | - | √ | √ |
Disabling key rotation | POST /v1.0/{project_id}/kms/disable-key-rotation | kms:cmk:disableRotation | - | √ | √ |
Querying the key rotation status | POST /v1.0/{project_id}/kms/get-key-rotation-status | kms:cmk:getRotation | - | √ | √ |
Querying key resource instances | POST /v1.0/{project_id}/kms/resource_instances/action | kms:cmkTag:listInstance | - | √ | √ |
Querying tags of a key | GET /v1.0/{project_id}/kms/{key_id}/tags | kms:cmkTag:list | - | √ | √ |
Querying the project tags | GET /v1.0/{project_id}/kms/tags | kms:cmkTag:list | - | √ | × |
Adding or deleting key tags in batches | POST /v1.0/{project_id}/kms/{key_id}/tags/action | kms:cmkTag:batch | - | √ | √ |
Adding tags to a key | POST /v1.0/{project_id}/kms/{key_id}/tags | kms:cmkTag:create | - | √ | √ |
Deleting tags of a key | POST /v1.0/{project_id}/kms/{key_id}/tags/{key} | kms:cmkTag:delete | - | √ | √ |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
