Creating a Replica Key for a Custom Key
A replica key is a key generated by replicating the master key in DEW. The replica key and the master key share the same key materials. It can be used for cross-region data encryption and decryption. It ensures flexibility and high availability in DEW, but requires proper management to ensure security and compliance.
Constraints
- A replica key can be created only for a custom key.
- Replica keys can be created only in CN North-Beijing4, CN South-Guangzhou, CN Southwest-Guiyang1, CN East-Shanghai1, AP-Singapore, and ME-Riyadh.
For each master key, multiple replica keys can be created in different regions. However, only one replica key can be created for a master key in each region.
Table 1 Regions of master keys and replica keys Master Key Region
Replica Key Region
CN North-Beijing4
- CN East-Shanghai1
- CN South-Guangzhou
- CN Southwest-Guiyang1
CN South-Guangzhou
- CN North-Beijing4
- CN East-Shanghai1
- CN Southwest-Guiyang1
CN Southwest-Guiyang1
- CN East-Shanghai1
- CN South-Guangzhou
- CN North-Beijing4
CN East-Shanghai1
- CN North-Beijing4
- CN South-Guangzhou
- CN Southwest-Guiyang1
AP-Singapore
ME-Riyadh
ME-Riyadh
AP-Singapore
- The billing modes are the same for CMKs and replica keys. Keys are charged based on key instances or API calls. For details, see Billing Items.
- Replica keys do not support key rotation. The rotation of replica keys needs to be initiated by CMKs.
Creating a Replica Key for a Custom Key
- Log in to the DEW console.
- Click
in the upper left corner and select a region or project.
- Click the target custom key name to access it details page.
- Click the Region Attributes tab.
- In the displayed tab, click Create Replica Key.
Figure 1 Creating a replica key
- In the displayed dialog box, select a region for the replica key to be created, and enter key alias. For details about the parameters, see Table 2.
Table 2 Parameters of a replica key Parameter
Description
Region
Region where a replica key is created
Name
Alias of the key to be created
Enterprise Project
Enterprise ID bound to the created replica key
NOTE:If you are an enterprise user and have created an enterprise project, select the required enterprise project from the drop-down list. The default project is default.
If there are no Enterprise Management options displayed, you do not need to configure it.
Description
Description of the replica key
Tag
(Optional) Add tags to the custom key as needed, and enter the tag key and tag value.
- Click OK. Wait for one minute and refresh the region where the replica key is located to check the created replica key.
Viewing a Replica Key
View the information on the console.
- Log in to the DEW console.
- Click
in the upper left corner and select the region where the replica key is located.
- Click the target key in the list to view the key information.
Check in the region where the CMK is located.
- Click the target custom key name to access it details page.
- Click the Region Attributes tab.
- Click the ID of the target key to access its details page.
Figure 2 Access by ID
Using a Replica Key
The CMK and replica key are used the same way. For details, see Creating a Custom Key.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
