Help Center/ Data Encryption Workshop/ API Reference/ APIs/ Key Management APIs/ Lifecycle Management/ Creating a CMK

Updated on 2022-09-15 GMT+08:00

View PDF

Creating a CMK

Function

This API is used to create customer master keys (CMKs).

Symmetric CMKs contain a 256-bit symmetric keyIt can be used to encrypt and decrypt small amounts of data or data encryption keys (DEKs).
Asymmetric CMKs can contain an RSA key pair or an Elliptic Curve (ECC) key pair. It can be used to sign and verify messages

Constraints

Default Master Keys are created by services integrated with KMS. Names of Default Master Keys end with /default. Do not end your CMK names with /default. Enterprise project users' Default Master Keys belong to their default enterprise projects and cannot be moved to other enterprise projects. Default Master Keys provide basic cloud-based encryption functions to meet compliance requirements and can be used by non-default enterprise projects. You can also create and use your own keys as needed.

URI

POST /v1.0/{project_id}/kms/create-key

**Table 1** Path parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. The token can be obtained by calling the IAM API (value of X-Subject-Token in the response header).

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
key_alias	Yes	String	Alias of a non-default master key. The value is a string of 1 to 255 characters that match the regular expression ^[a-zA-Z0-9:/_-]{1,255}$ and must be different from the alias of the Default Master Key.
key_description	No	String	Key description. It can contain 0 to 255 characters.
sequence	No	String	36-byte sequence number of a request message. Example: 919c82d4-8046-4722-9094-35c3c6524cff

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
key_info	KeKInfo object	Key details.

**Table 5** KeKInfo
Parameter	Type	Description
key_id	String	CMK ID.
domain_id	String	User domain ID.

Status code: 400

**Table 6** Response body parameters
Parameter	Type	Description
error	Object	Error message.

**Table 7** ErrorDetail
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error information.

Status code: 403

**Table 8** Response body parameters
Parameter	Type	Description
error	Object	Error message.

**Table 9** ErrorDetail
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error information.

Example Requests

{
  "key_alias" : "test"
}

Example Responses

Status code: 200

Request processing succeeded.

{
  "key_info" : {
    "key_id" : "bb6a3d22-dc93-47ac-b5bd-88df7ad35f1e",
    "domain_id" : "b168fe00ff56492495a7d22974df2d0b"
  }
}

Status code: 400

Invalid request parameters.

{
  "error" : {
    "error_code" : "KMS.XXX",
    "error_msg" : "XXX"
  }
}

Status code: 403

Authentication failed.

{
  "error" : {
    "error_code" : "KMS.XXX",
    "error_msg" : "XXX"
  }
}

Status Codes

Status Code	Description
200	Request processing succeeded.
400	Invalid request parameters.
403	Authentication failed.

Error Codes

See Error Codes.

Parent topic: Lifecycle Management

Previous topic: Lifecycle Management

Next topic: Enabling a CMK

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel