Querying the Key List

Function

This API is used to query the key list.

Calling Method

For details, see Calling APIs.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
If you are using identity policy-based authorization, the following identity policy-based permissions are required.

Action

Access Level

Resource Type (*: required)

Condition Key

Alias

Dependencies

kms:cmk:list

List

KeyId *

-

-

-

-

g:EnterpriseProjectId

Action	Access Level	Resource Type (*: required)	Condition Key	Alias	Dependencies
kms:cmk:list	List	KeyId *	-	-	-
-	g:EnterpriseProjectId

URI

POST /v1.0/{project_id}/kms/list-keys

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition Project ID. For details, see Obtaining a Project ID. Constraints N/A Range The value returned by the IAM API is used, which contains 32 characters. Default Value N/A

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition User token. It can be obtained by calling the IAM API. The value of X-Subject-Token in the response header is the user token. Constraints N/A Range Obtain the value by calling the IAM API for obtaining the user token. Default Value N/A

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
limit	No	String	Definition Number of returned records Constraints The value of limit must be an integer. Range 1 to 2000 Default Value 2000
marker	No	String	Definition Start position of pagination query. Set marker to the value of next_marker in the response body of the previous page. Constraints Parameters marker and limit must be used together. If the number of records returned on the last page is less than the value of limit, the query ends. Range N/A Default Value N/A
key_state	No	String	Definition Key status Constraints The value must match the regular expression ^[1-5]{1}$. Range 1: To be activated 2: Enabled 3: Disabled 4: Pending deletion 5: Pending import Default Value N/A
key_spec	No	String	Definition Key generation algorithm. To query all keys (including asymmetric keys), set the parameter to ALL. Constraints N/A Range AES_256 SM4 RSA_2048 RSA_3072 RSA_4096 EC_P256 EC_P384 SM2 ALL Default Value AES_256
enterprise_project_id	No	String	Definition Enterprise multi-project ID Constraints If enterprise multi-project is not enabled, you do not need to set this field. If enterprise multi-project is enabled, you can set this field when querying resources. Range The value must meet either of the following conditions: Be all Be 0 Match the regular expression ^[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}$ Default Value By default, all resources in the enterprise multi-project with allowed permissions are queried. In this case, the value is all.
keystore_type	No	String	Definition Dedicated keystore cluster type Constraints N/A Range DEFAULT: original KMS cluster DHSM: DHSM cluster CDMS: CDMS cluster Default Value N/A
sequence	No	String	Definition A 36-byte serial number of a request message, for example, 919c82d4-8046-4722-9094-35c3c6524cff. Constraints N/A Range N/A Default Value N/A

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
keys	Array of strings	Definition Key ID list Range N/A
key_details	Array of KeyDetails objects	Definition Key details list Range N/A
next_marker	String	Definition Value of marker used for obtaining the next page of results. If truncated is false, next_marker is left blank. Range N/A
truncated	String	Definition Whether there is a next page Range true: There are more pages. false: This is the last page.
total	Integer	Definition Total number of keys Range N/A

**Table 5** KeyDetails
Parameter	Type	Description
key_id	String	Definition Key ID Range N/A
domain_id	String	Definition User domain ID Range N/A
key_alias	String	Definition Key alias Range N/A
realm	String	Definition Region to which the key belongs Range N/A
key_spec	String	Definition Key generation algorithm Range AES_256 SM4 RSA_2048 RSA_3072 RSA_4096 EC_P256 EC_P384 SM2
key_usage	String	Definition Key usage Range ENCRYPT_DECRYPT SIGN_VERIFY
key_description	String	Definition Key description Range N/A
creation_date	String	Definition Timestamp when a key was created, that is, the total number of seconds since January 1, 1970. Range N/A
scheduled_deletion_date	String	Definition Timestamp when a key is to be deleted as scheduled, that is, the total number of seconds since January 1, 1970. Range N/A
key_state	String	Definition Key status Range 1: To be activated 2: Enabled 3: Disabled 4: Pending deletion 5: Pending import
default_key_flag	String	Definition Master key identifier. The value is 1 for default master keys and 0 for non-default master keys. Range N/A
key_type	String	Definition Key type Range N/A
expiration_time	String	Definition Timestamp when the key material expires, that is, the total number of seconds since January 1, 1970. Range N/A
origin	String	Definition Key source Range kms: The key material is generated by KMS. external: The key material is imported.
key_rotation_enabled	String	Definition Key rotation status Range true false
sys_enterprise_project_id	String	Definition Enterprise project ID For users who have enabled the enterprise project, the resources are in the default enterprise project. For users who have not enabled the enterprise project, the resources are not in the enterprise project. Range N/A
keystore_id	String	Definition Keystore ID Range N/A
keystore_type	String	Definition Dedicated keystore cluster type Range DHSM: DHSM cluster CDMS: CDMS cluster DEFAULT: original KMS cluster

Example Requests

Query the keys whose aliases start with 1. At most two keys are returned.

{
  "limit" : "2",
  "marker" : "1"
}

Example Responses

Status code: 200

Request succeeded.

{
  "keys" : [ "0d0466b0-e727-4d9c-b35d-f84bb474a37f", "2e258389-bb1e-4568-a1d5-e1f50adf70ea" ],
  "key_details" : [ {
    "key_id" : "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
    "domain_id" : "00074811d5c27c4f8d48bb91e4a1dcfd",
    "key_alias" : "test",
    "realm" : "cn-north-7",
    "key_description" : "key_description",
    "creation_date" : "1502799822000",
    "scheduled_deletion_date" : "",
    "key_spec" : "AES_256",
    "key_usage" : "ENCRYPT_DECRYPT",
    "key_state" : "2",
    "default_key_flag" : "0",
    "key_type" : "1",
    "expiration_time" : "1501578672000",
    "origin" : "kms",
    "key_rotation_enabled" : "true",
    "sys_enterprise_project_id" : "0"
  }, {
    "key_id" : "2e258389-bb1e-4568-a1d5-e1f50adf70ea",
    "domain_id" : "00074811d5c27c4f8d48bb91e4a1dcfd",
    "key_alias" : "test",
    "realm" : "realm",
    "key_description" : "key_description",
    "creation_date" : "1502799822000",
    "scheduled_deletion_date" : "",
    "key_spec" : "AES_256",
    "key_usage" : "ENCRYPT_DECRYPT",
    "key_state" : "2",
    "default_key_flag" : "0",
    "key_type" : "1",
    "expiration_time" : "1501578672000",
    "origin" : "kms",
    "key_rotation_enabled" : "true",
    "sys_enterprise_project_id" : "0"
  } ],
  "next_marker" : "",
  "truncated" : "false",
  "total" : 2
}

SDK Sample Code

The SDK sample code is as follows.

Query the keys whose aliases start with 1. At most two keys are returned.

     package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.kms.v2.region.KmsRegion;
import com.huaweicloud.sdk.kms.v2.*;
import com.huaweicloud.sdk.kms.v2.model.*;


public class ListKeysSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        KmsClient client = KmsClient.newBuilder()
                .withCredential(auth)
                .withRegion(KmsRegion.valueOf("<YOUR REGION>"))
                .build();
        ListKeysRequest request = new ListKeysRequest();
        ListKeysRequestBody body = new ListKeysRequestBody();
        body.withMarker("1");
        body.withLimit("2");
        request.withBody(body);
        try {
            ListKeysResponse response = client.listKeys(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}
 
 
  

Query the keys whose aliases start with 1. At most two keys are returned.

     # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkkms.v2.region.kms_region import KmsRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkkms.v2 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = KmsClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(KmsRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListKeysRequest()
        request.body = ListKeysRequestBody(
            marker="1",
            limit="2"
        )
        response = client.list_keys(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
 
 
  

Query the keys whose aliases start with 1. At most two keys are returned.

     package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    kms "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/kms/v2"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/kms/v2/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/kms/v2/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth, err := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        SafeBuild()

    if err != nil {
        fmt.Println(err)
        return
    }

    hcClient, err := kms.KmsClientBuilder().
         WithRegion(region.ValueOf("<YOUR REGION>")).
         WithCredential(auth).
         SafeBuild()


    if err != nil {
        fmt.Println(err)
        return
    }

    client := kms.NewKmsClient(hcClient)

    request := &model.ListKeysRequest{}
	markerListKeysRequestBody:= "1"
	limitListKeysRequestBody:= "2"
	request.Body = &model.ListKeysRequestBody{
		Marker: &markerListKeysRequestBody,
		Limit: &limitListKeysRequestBody,
	}
	response, err := client.ListKeys(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}
 
 
  