Creating a Key

Updated on 2025-05-20 GMT+08:00

View PDF

Function

This API is used to create a CMK, which can be symmetric or asymmetric.

A symmetric key is a 256-bit AES key. It can be used to encrypt a small amount of data or encrypt DEKs.
An asymmetric key can be an RSA key pair or an ECC key pair, which can be used for data encryption and decryption, digital signature, and signature verification.

Constraints

Default master keys are created by services integrated with KMS. Names of default master keys end with /default. Do not end your CMK names with /default. Enterprise project users' default master keys belong to their default enterprise projects. The keys and cannot be moved to other enterprise projects. Default master keys provide basic cloud-based encryption functions to meet compliance requirements and can be used by non-default enterprise projects. You can also create and use your own keys as needed.

URI

POST /v1.0/{project_id}/kms/create-key

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API that is used for obtaining a user token. The value of X-Subject-Token in the response header is the user token.

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
key_alias	Yes	String	Alias of a non-default master key. The value can contain 1 to 255 characters that match the regular expression ^[a-zA-Z0-9:/_-]{1,255}$ and must be different from the alias of the default master key.
key_spec	No	String	Key generation algorithm. The default value is AES_256. Its value can be: AES_256 RSA_2048 RSA_3072 RSA_4096 EC_P256 EC_P384
key_usage	No	String	Key usage. The default value is ENCRYPT_DECRYPT for a symmetric key and SIGN_VERIFY for an asymmetric key. Its value can be: ENCRYPT_DECRYPT SIGN_VERIFY
key_description	No	String	Key description. It can contain 0 to 255 characters.
origin	No	String	Key source. It can be: kms: The key material was generated by KMS. external: The key material was imported.
enterprise_project_id	No	String	Enterprise project ID. If the enterprise project function is not enabled, you do not need to set this parameter. If the enterprise project function is enabled, you can set this parameter when creating a resource. If this parameter is not specified, the resource you create will be put under the default enterprise project (whose project ID is 0). If you do not have the permission to create resources under the default enterprise project, an error will be reported.
sequence	No	String	36-byte sequence number of a request message. Example: 919c82d4-8046-4722-9094-35c3c6524cff
keystore_id	No	String	keystore id,default value is the KMS default keystore id

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
key_info	KeKInfo object	Key details.

**Table 5** KeKInfo
Parameter	Type	Description
key_id	String	Key ID.
domain_id	String	User domain ID.

Status code: 400

**Table 6** Response body parameters
Parameter	Type	Description
error	Object	Error message.

**Table 7** ErrorDetail
Parameter	Type	Description
error_code	String	Error code returned for an error request.
error_msg	String	Error information returned for an error request.

Status code: 401

**Table 8** Response body parameters
Parameter	Type	Description
error	Object	Error message.

**Table 9** ErrorDetail
Parameter	Type	Description
error_code	String	Error code returned for an error request.
error_msg	String	Error information returned for an error request.

Status code: 403

**Table 10** Response body parameters
Parameter	Type	Description
error	Object	Error message.

**Table 11** ErrorDetail
Parameter	Type	Description
error_code	String	Error code returned for an error request.
error_msg	String	Error information returned for an error request.

Status code: 404

**Table 12** Response body parameters
Parameter	Type	Description
error	Object	Error message.

**Table 13** ErrorDetail
Parameter	Type	Description
error_code	String	Error code returned for an error request.
error_msg	String	Error information returned for an error request.

Status code: 500

**Table 14** Response body parameters
Parameter	Type	Description
error	Object	Error message.

**Table 15** ErrorDetail
Parameter	Type	Description
error_code	String	Error code returned for an error request.
error_msg	String	Error information returned for an error request.

Status code: 502

**Table 16** Response body parameters
Parameter	Type	Description
error	Object	Error message.

**Table 17** ErrorDetail
Parameter	Type	Description
error_code	String	Error code returned for an error request.
error_msg	String	Error information returned for an error request.

Status code: 504

**Table 18** Response body parameters
Parameter	Type	Description
error	Object	Error message.

**Table 19** ErrorDetail
Parameter	Type	Description
error_code	String	Error code returned for an error request.
error_msg	String	Error information returned for an error request.

Example Requests

{
  "key_alias" : "test"
}

Example Responses

Status code: 200

Request processing succeeded.

{
  "key_info" : {
    "key_id" : "bb6a3d22-dc93-47ac-b5bd-88df7ad35f1e",
    "domain_id" : "b168fe00ff56492495a7d22974df2d0b"
  }
}

Status Codes


Status Code	Description
200	Request processing succeeded.
400	Invalid request parameters.
401	You must enter a username and password to access the requested page.
403	Authentication failed.
404	The requested resource does not exist or is not found.
500	Internal service error.
502	Failed to complete the request. The server received an invalid response.
504	Gateway timed out.