加密密钥管理
|
权限 |
对应API接口 |
授权项(Action) |
依赖的授权项 |
IAM项目 (Project) |
企业项目 (Enterprise Project) |
|---|---|---|---|---|---|
|
创建密钥 |
POST /v1.0/{project_id}/kms/create-key |
kms:cmk:create |
- |
√ |
√ |
|
启用密钥 |
POST /v1.0/{project_id}/kms/enable-key |
kms:cmk:enable |
- |
√ |
√ |
|
禁用密钥 |
POST /v1.0/{project_id}/kms/disable-key |
kms:cmk:disable |
- |
√ |
√ |
|
计划删除密钥 |
POST /v1.0/{project_id}/kms/schedule-key-deletion |
kms:cmk:update |
- |
√ |
√ |
|
取消计划删除密钥 |
POST /v1.0/{project_id}/kms/cancel-key-deletion |
kms:cmk:update |
- |
√ |
√ |
|
查询密钥列表 |
POST /v1.0/{project_id}/kms/list-keys |
kms:cmk:list |
- |
√ |
√ |
|
查询密钥信息 |
POST /v1.0/{project_id}/kms/describe-key |
kms:cmk:get |
- |
√ |
√ |
|
创建随机数 |
POST /v1.0/{project_id}/kms/gen-random |
kms:cmk:generate |
- |
√ |
× |
|
创建数据密钥 |
POST /v1.0/{project_id}/kms/create-datakey |
kms:dek:create |
- |
√ |
√ |
|
创建不含明文数据密钥 |
POST /v1.0/{project_id}/kms/create-datakey-without-plaintext |
kms:dek:create |
- |
√ |
√ |
|
加密数据密钥 |
POST /v1.0/{project_id}/kms/encrypt-datakey |
kms:dek:crypto或 kms:dek:encrypt |
- |
√ |
√ |
|
解密数据密钥 |
POST /v1.0/{project_id}/kms/decrypt-datakey |
kms:dek:crypto或 kms:dek:decrypt |
- |
√ |
√ |
|
查询实例数 |
GET /v1.0/{project_id}/kms/user-instances |
kms:cmk:getInstance |
- |
√ |
× |
|
查询配额 |
GET /v1.0/{project_id}/kms/user-quotas |
kms:cmk:getQuota |
- |
√ |
× |
|
修改密钥别名 |
POST /v1.0/{project_id}/kms/update-key-alias |
kms:cmk:update |
- |
√ |
√ |
|
修改密钥描述 |
POST /v1.0/{project_id}/kms/update-key-description |
kms:cmk:update |
- |
√ |
√ |
|
创建授权 |
POST /v1.0/{project_id}/kms/create-grant |
kms:grant:create |
- |
√ |
√ |
|
撤销授权 |
POST /v1.0/{project_id}/kms/revoke-grant |
kms:grant:revoke |
- |
√ |
√ |
|
退役授权 |
POST /v1.0/{project_id}/kms/retire-grant |
kms:grant:retire |
- |
√ |
√ |
|
查询授权列表 |
POST /v1.0/{project_id}/kms/list-grants |
kms:grant:list |
- |
√ |
× |
|
查询可退役授权列表 |
POST /v1.0/{project_id}/kms/list-retirable-grants |
kms:grant:list |
- |
√ |
× |
|
加密数据 |
POST /v1.0/{project_id}/kms/encrypt-data |
kms:cmk:crypto或kms:cmk:encrypt |
- |
√ |
√ |
|
解密数据 |
POST /v1.0/{project_id}/kms/decrypt-data |
kms:cmk:crypto或kms:cmk:decrypt |
- |
√ |
√ |
|
获取密钥导入参数 |
POST /v1.0/{project_id}/kms/get-parameters-for-import |
kms:cmk:getMaterial |
- |
√ |
√ |
|
导入密钥材料 |
POST /v1.0/{project_id}/kms/import-key-material |
kms:cmk:importMaterial |
- |
√ |
√ |
|
删除密钥材料 |
POST /v1.0/{project_id}/kms/delete-imported-key-material |
kms:cmk:deleteMaterial |
- |
√ |
√ |
|
开启密钥轮换 |
POST /v1.0/{project_id}/kms/enable-key-rotation |
kms:cmk:enableRotation |
- |
√ |
√ |
|
修改密钥轮换周期 |
POST /v1.0/{project_id}/kms/update-key-rotation-interval |
kms:cmk:updateRotation |
- |
√ |
√ |
|
关闭密钥轮换 |
POST /v1.0/{project_id}/kms/disable-key-rotation |
kms:cmk:disableRotation |
- |
√ |
√ |
|
查询密钥轮换状态 |
POST /v1.0/{project_id}/kms/get-key-rotation-status |
kms:cmk:getRotation |
- |
√ |
√ |
|
查询密钥实例 |
POST /v1.0/{project_id}/kms/resource_instances/action |
kms:cmkTag:listInstance |
- |
√ |
√ |
|
查询密钥标签 |
GET /v1.0/{project_id}/kms/{key_id}/tags |
kms:cmkTag:list |
- |
√ |
√ |
|
查询项目标签 |
GET /v1.0/{project_id}/kms/tags |
kms:cmkTag:list |
- |
√ |
× |
|
批量添加删除密钥标签 |
POST /v1.0/{project_id}/kms/{key_id}/tags/action |
kms:cmkTag:batch |
- |
√ |
√ |
|
添加密钥标签 |
POST /v1.0/{project_id}/kms/{key_id}/tags |
kms:cmkTag:create |
- |
√ |
√ |
|
删除密钥标签 |
POST /v1.0/{project_id}/kms/{key_id}/tags/{key} |
kms:cmkTag:delete |
- |
√ |
√ |
