Query the key list
Function
This API is used to query the key list.
Calling Method
For details, see Calling APIs.
URI
POST /v1.0/{project_id}/kms/list-keys
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
limit |
No |
String |
Number of returned records. The default value is 2000. The value should be no larger than the maximum number of keys, for example, 20. If the number of retrieved results is greater than this value, true is returned for the response parameter truncated, indicating that multiple pages of results are returned. |
|
marker |
No |
String |
Start position of pagination query. If truncated is true in the response, you can send consecutive requests to obtain more records. Set marker to the value of next_marker in the response. Example: 10 |
|
key_state |
No |
String |
Key status which matches the regular expression ^[1-5]{1}$. Possible values are as follows: 1: To be activated 2: Enabled 3: Disabled 4: To be deleted 5: To be imported |
|
key_spec |
No |
String |
Key generation algorithm. The default value is AES_256. Set this parameter to ALL to query all the keys (including asymmetric keys). Possible values are as follows: AES_256 SM4 RSA_2048 RSA_3072 RSA_4096 EC_P256 EC_P384 SM2 ALL |
|
enterprise_project_id |
No |
String |
Enterprise project ID. If you haven't created any enterprise project, do not configure this field. If you have created an enterprise project, configure this field for resource querying. If you do not configure this field, all resources of enterprise projects that are granted are queried by default. If the value of "enterprise_project_id" is all. The value must meet one of the following requirements: The value is all. The value is 0. The value matches the regular expression ^[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}$. |
|
sequence |
No |
String |
A 36-byte serial number of a request message, for example, 919c82d4-8046-4722-9094-35c3c6524cff |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
keys |
Array of strings |
Key ID list. |
|
key_details |
Array of KeyDetails objects |
List of key details. For details, see KeyDetails. |
|
next_marker |
String |
Value of marker used for obtaining the next page of results. If truncated is false, next_marker is left blank. |
|
truncated |
String |
Whether there is another page. true: There is more data on the next page. false: This is the last page. |
|
total |
Integer |
Total number of keys. |
|
Parameter |
Type |
Description |
|---|---|---|
|
key_id |
String |
Key ID. |
|
domain_id |
String |
User domain ID. |
|
key_alias |
String |
Key alias. |
|
realm |
String |
Key realm. |
|
key_spec |
String |
Key generation algorithm. Possible values are as follows: AES_256 SM4 RSA_2048 RSA_3072 RSA_4096 EC_P256 EC_P384 SM2 |
|
key_usage |
String |
Key usage. Possible values are as follows: ENCRYPT_DECRYPT SIGN_VERIFY |
|
key_description |
String |
Key description. |
|
creation_date |
String |
Time when the key was created. The timestamp indicates the total seconds past the start of the epoch date (January 1, 1970). |
|
scheduled_deletion_date |
String |
Time when the key was scheduled to be deleted. The timestamp indicates the total seconds past the start of the epoch date (January 1, 1970). |
|
key_state |
String |
Key status which matches the regular expression ^[1-5]{1}$. Possible values are as follows: 1: To be activated 2: Enabled 3: Disabled 4: To be deleted 5: To be imported |
|
default_key_flag |
String |
Master key identifier. The value is 1 for Default Master Keys and 0 for non-default master keys. |
|
key_type |
String |
Key type. |
|
expiration_time |
String |
Time when the key material expires. The timestamp indicates the total seconds past the start of the epoch date (January 1, 1970). |
|
origin |
String |
Key source. The default value is kms. Possible values are as follows: kms: The key is generated by KMS. external: The key is imported. |
|
key_rotation_enabled |
String |
Key rotation status. The default value is false, indicating that key rotation is disabled. |
|
sys_enterprise_project_id |
String |
Enterprise project ID. The default value is 0. If you have created an enterprise project, the resources are listed in the default enterprise project. If you haven't created an enterprise project, the resources are not listed in the enterprise project. |
|
keystore_id |
String |
Keystore ID |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 401
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 403
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 404
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 500
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 502
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 504
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Example Requests
Query the keys whose aliases start with 1. At most two keys are returned.
{
"limit" : "2",
"marker" : "1"
}
Example Responses
Status code: 200
Request succeeded.
{
"keys" : [ "0d0466b0-e727-4d9c-b35d-f84bb474a37f", "2e258389-bb1e-4568-a1d5-e1f50adf70ea" ],
"key_details" : [ {
"key_id" : "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
"domain_id" : "00074811d5c27c4f8d48bb91e4a1dcfd",
"key_alias" : "test",
"realm" : "cn-north-7",
"key_description" : "key_description",
"creation_date" : "1502799822000",
"scheduled_deletion_date" : "",
"key_spec" : "AES_256",
"key_usage" : "ENCRYPT_DECRYPT",
"key_state" : "2",
"default_key_flag" : "0",
"key_type" : "1",
"expiration_time" : "1501578672000",
"origin" : "kms",
"key_rotation_enabled" : "true",
"sys_enterprise_project_id" : "0"
}, {
"key_id" : "2e258389-bb1e-4568-a1d5-e1f50adf70ea",
"domain_id" : "00074811d5c27c4f8d48bb91e4a1dcfd",
"key_alias" : "test",
"realm" : "realm",
"key_description" : "key_description",
"creation_date" : "1502799822000",
"scheduled_deletion_date" : "",
"key_spec" : "AES_256",
"key_usage" : "ENCRYPT_DECRYPT",
"key_state" : "2",
"default_key_flag" : "0",
"key_type" : "1",
"expiration_time" : "1501578672000",
"origin" : "kms",
"key_rotation_enabled" : "true",
"sys_enterprise_project_id" : "0"
} ],
"next_marker" : "",
"truncated" : "false",
"total" : 2
}
SDK Sample Code
The SDK sample code is as follows.
Query the keys whose aliases start with 1. At most two keys are returned.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.kms.v2.region.KmsRegion; import com.huaweicloud.sdk.kms.v2.*; import com.huaweicloud.sdk.kms.v2.model.*; public class ListKeysSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); KmsClient client = KmsClient.newBuilder() .withCredential(auth) .withRegion(KmsRegion.valueOf("<YOUR REGION>")) .build(); ListKeysRequest request = new ListKeysRequest(); ListKeysRequestBody body = new ListKeysRequestBody(); body.withMarker("1"); body.withLimit("2"); request.withBody(body); try { ListKeysResponse response = client.listKeys(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
Query the keys whose aliases start with 1. At most two keys are returned.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkkms.v2.region.kms_region import KmsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkkms.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] credentials = BasicCredentials(ak, sk) client = KmsClient.new_builder() \ .with_credentials(credentials) \ .with_region(KmsRegion.value_of("<YOUR REGION>")) \ .build() try: request = ListKeysRequest() request.body = ListKeysRequestBody( marker="1", limit="2" ) response = client.list_keys(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
Query the keys whose aliases start with 1. At most two keys are returned.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" kms "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/kms/v2" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/kms/v2/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/kms/v2/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). Build() client := kms.NewKmsClient( kms.KmsClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.ListKeysRequest{} markerListKeysRequestBody:= "1" limitListKeysRequestBody:= "2" request.Body = &model.ListKeysRequestBody{ Marker: &markerListKeysRequestBody, Limit: &limitListKeysRequestBody, } response, err := client.ListKeys(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Request succeeded. |
|
400 |
Invalid request parameters. |
|
401 |
Username and password are required for the requested page. |
|
403 |
Authentication failed. |
|
404 |
The resource does not exist. |
|
500 |
Internal service error. |
|
502 |
Failed to complete the request. The server receives an invalid response from the upstream server. |
|
504 |
Gateway timed out. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
