Function
- This API is used to use the private key of an asymmetric key to digitally sign a message or digest.
+
+
Constraints
- Only the asymmetric key whose key_usage is SIGN_VERIFY can be used for signature.
+
+
URI
POST /v1.0/{project_id}/kms/sign
+
+
Table 1 URI parametersParameter
+ |
+Mandatory
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+project_id
+ |
+Yes
+ |
+String
+ |
+Project ID
+ |
+
+
+
+
+
+
Request Parameters
+
+
+
+
Table 3 Request body parameterParameter
+ |
+Mandatory
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+key_id
+ |
+Yes
+ |
+String
+ |
+36-byte ID of a CMK that matches the regular expression ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ Example: 0d0466b0-e727-4d9c-b35d-f84bb474a37f
+ |
+
+message
+ |
+Yes
+ |
+String
+ |
+Message digest or message to be signed. The message must be encoded using Base64 and be less than 4096 bytes.
+ |
+
+signing_algorithm
+ |
+Yes
+ |
+String
+ |
+Signature algorithm. Its value can be:
+- RSASSA_PSS_SHA_256
- RSASSA_PSS_SHA_384
- RSASSA_PSS_SHA_512
- RSASSA_PKCS1_V1_5_SHA_256
- RSASSA_PKCS1_V1_5_SHA_384
- RSASSA_PKCS1_V1_5_SHA_512
- ECDSA_SHA_256
- ECDSA_SHA_384
- ECDSA_SHA_512
- SM2DSA_SM3
+ |
+
+message_type
+ |
+No
+ |
+String
+ |
+Message type. The default value is DIGEST. Its value can be:
+- DIGEST (message digest)
- RAW (original message)
+ |
+
+sequence
+ |
+No
+ |
+String
+ |
+36-byte serial number of a request message. Example: 919c82d4-8046-4722-9094-35c3c6524cff
+ |
+
+
+
+
+
+
Response Parameters
Status code: 200
+
+
Table 4 Response body parametersParameter
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+key_id
+ |
+String
+ |
+CMK ID
+ |
+
+signature
+ |
+String
+ |
+Signature value, which is encoded using Base64
+ |
+
+
+
+
+
Status code: 400
+
+
Table 5 Response body parametersParameter
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+error
+ |
+Object
+ |
+Error message.
+ |
+
+
+
+
+
+
Table 6 ErrorDetailParameter
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+error_code
+ |
+String
+ |
+Error code
+ |
+
+error_msg
+ |
+String
+ |
+Error information
+ |
+
+
+
+
+
Status code: 401
+
+
Table 7 Response body parametersParameter
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+error
+ |
+Object
+ |
+Error message.
+ |
+
+
+
+
+
+
Table 8 ErrorDetailParameter
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+error_code
+ |
+String
+ |
+Error code
+ |
+
+error_msg
+ |
+String
+ |
+Error information
+ |
+
+
+
+
+
Status code: 403
+
+
Table 9 Response body parameterParameter
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+error
+ |
+Object
+ |
+Error message.
+ |
+
+
+
+
+
+
Table 10 ErrorDetailParameter
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+error_code
+ |
+String
+ |
+Error code
+ |
+
+error_msg
+ |
+String
+ |
+Error information
+ |
+
+
+
+
+
Status code: 404
+
+
Table 11 Response body parameterParameter
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+error
+ |
+Object
+ |
+Error message.
+ |
+
+
+
+
+
+
Table 12 ErrorDetailParameter
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+error_code
+ |
+String
+ |
+Error code
+ |
+
+error_msg
+ |
+String
+ |
+Error information
+ |
+
+
+
+
+
Status code: 500
+
+
Table 13 Response body parametersParameter
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+error
+ |
+Object
+ |
+Error message.
+ |
+
+
+
+
+
+
Table 14 ErrorDetailParameter
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+error_code
+ |
+String
+ |
+Error code
+ |
+
+error_msg
+ |
+String
+ |
+Error information
+ |
+
+
+
+
+
Status code: 502
+
+
Table 15 Response body parametersParameter
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+error
+ |
+Object
+ |
+Error message.
+ |
+
+
+
+
+
+
Table 16 ErrorDetailParameter
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+error_code
+ |
+String
+ |
+Error code
+ |
+
+error_msg
+ |
+String
+ |
+Error information
+ |
+
+
+
+
+
Status code: 504
+
+
Table 17 Response body parameterParameter
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+error
+ |
+Object
+ |
+Error message.
+ |
+
+
+
+
+
+
Table 18 ErrorDetailParameter
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+error_code
+ |
+String
+ |
+Error code
+ |
+
+error_msg
+ |
+String
+ |
+Error information
+ |
+
+
+
+
+
+
Example Request
The following uses the RSASSA_PKCS1_V1_5_SHA_256 signature algorithm to sign the raw message.
+
{
+ "key_id": "968d6cf0-feb6-42c6-bb30-d69f74f2d5f9",
+ "message": "aGVsbG8g",
+ "signing_algorithm": "RSASSA_PSS_SHA_256",
+ "message_type": "RAW"
+}
+
+
+
The following uses the RSASSA_PKCS1_V1_5_SHA_256 signature algorithm to sign the digest message.
+
{
+ "key_id": "968d6cf0-feb6-42c6-bb30-d69f74f2d5f9",
+ "message": "iNQmb9TmM40TuEX88olXnSCciXgjuSF9o+Fhk28DFYK=",
+ "signing_algorithm": "RSASSA_PSS_SHA_256",
+ "message_type": "DIGEST"
+}
+
Example Response
Status code: 200
+
The following shows that the request for signing the raw message using the RSASSA_PKCS1_V1_5_SHA_256 signature algorithm is successful.
+
{
+ "key_id": "968d6cf0-feb6-42c6-bb30-d69f74f2d5f9",
+ "signature": "BqhL4PFPMNIXyEld3qviF7uqqnqlm9TcVCUN9FTRCr6KGreHIvwE4YuAc+eLWVSCGRd3bQHhDOQ9GlWjixGengwBix1RPP0qxtn2p7kQxkC2j76VjKCwqAsAy4MyxjN8RNOdnVCpOObDGoLxPHxUwNvSqZ6GxQKZ4cHPXVH0r/jH9csgk6IUr6ATyto+IcNWSvD03LfaNRQ+Rvc5tOzNFpFrMnVl319UG9ANscq1ne67VW2uQIf74Osg9DYzbJTf/xqW5GFi3ZoeQUu+gMxwgQp3pkuYhygjw6a8Qy9ZNMHmWnY199SzHrxgIq3ymQzUU5zrikKMColX2goPXf5fxQ=="
+}
+
+
+
The following shows that the request for signing the digest message using the RSASSA_PKCS1_V1_5_SHA_256 signature algorithm is successful.
+
{
+ "key_id": "968d6cf0-feb6-42c6-bb30-d69f74f2d5f9",
+ "signature": "M8Gqrm7EyyCPckMs90D7IOlUPCMHhoBh+nz9ySvdbOi7JMrl0ei+2lb+CQ2ZJN+pu7mftotq7/sHt0wWsDl8IOywYSBtWEmLW6AHnEPMykG/A9/Dp3kRuuKFoouCzWXeZyhIrzRUunAK5j5njcY/yTf6T8M+zBy1nAApb8WcHUen9/j7+X348iOnsSuWNVfXxy3NX41v9kLn6x115UDA/798VLSoMbsjcXKgdf/3GoZRYjcHxiX6s71/RWsQYme68qQN2B0q8Y9lk6rQxrw/AXHFoeaphYb7PriURRx0GxhOEEHb/9Tcr39Zlh3bbl/2aF3ytJORWIqatLtqgJ4uEA=="
+}
+
Status Code
+
Status Code
+ |
+Description
+ |
+
|---|
+
+200
+ |
+The request has succeeded.
+ |
+
+400
+ |
+Invalid request parameters.
+ |
+
+401
+ |
+Username and password are required to access the page requested.
+ |
+
+403
+ |
+Authentication failed.
+ |
+
+404
+ |
+The requested resource does not exist or is not found.
+ |
+
+500
+ |
+Internal service error.
+ |
+
+502
+ |
+Failed to complete the request. The server receives an invalid response from the upstream server.
+ |
+
+504
+ |
+Gateway timed out.
+ |
+
+
+
+
+
+
This section describes the structure of a REST API request, and uses the IAM API for obtaining a user token as an example to demonstrate how to call an API. The obtained token can then be used to authenticate the calling of other APIs.
+
Request URI
A request URI is in the following format:
+
{URI-scheme} :// {Endpoint} / {resource-path} ? {query-string}
+
Although a request URI is included in the request header, most programming languages or frameworks require the request URI to be transmitted separately.
+
- URI-scheme:
Protocol used to transmit requests. All APIs use HTTPS.
+ - Endpoint:
Domain name or IP address of the server bearing the REST service. The endpoint varies between services in different regions. It can be obtained from the administrator.
+ - resource-path:
Access path of an API for performing a specified operation. Obtain the path from the URI of an API. For example, the resource-path of the API used to obtain a user token is /v3/auth/tokens.
+ - query-string:
Query parameter, which is optional. Ensure that a question mark (?) is included before each query parameter that is in the format of "Parameter name=Parameter value". For example, ?limit=10 indicates that a maximum of 10 data records will be displayed.
+
+
To simplify the URI display in this document, each API is provided only with a resource-path and a request method. The URI-scheme of all APIs is HTTPS, and the endpoints of all APIs in the same region are identical.
+
+
+
Request Methods
The HTTP protocol defines the following request methods that can be used to send a request to the server:
+
- GET: requests the server to return specified resources.
- PUT: requests the server to update specified resources.
- POST: requests the server to add resources or perform special operations.
- DELETE: requests the server to delete specified resources, for example, an object.
- HEAD: same as GET except that the server must return only the response header.
- PATCH: requests the server to update partial content of a specified resource. If the resource does not exist, a new resource will be created.
+
For example, in the case of the API used to obtain a user token, the request method is POST. The request is as follows:
+
POST https://{{endpoint}}/v3/auth/tokens
+
+
Request Header
You can also add additional header fields to a request, such as the fields required by a specified URI or HTTP method. For example, to request for the authentication information, add Content-Type, which specifies the request body type.
+
Common request header fields are as follows:
+
- Content-Type: specifies the request body type or format. This field is mandatory and its default value is application/json. Other values of this field will be provided for specific APIs if any.
- X-Auth-Token: specifies a user token only for token-based API authentication. The user token is a response to the API used to obtain a user token. This API is the only one that does not require authentication.
In addition to supporting token-based authentication, APIs also support authentication using access key ID/secret access key (AK/SK). During AK/SK-based authentication, an SDK is used to sign the request, and the Authorization (signature information) and X-Sdk-Date (time when the request is sent) header fields are automatically added to the request.
+
For more information, see .
+
+
+
The API used to obtain a user token does not require authentication. Therefore, only the Content-Type field needs to be added to requests for calling the API. An example of such requests is as follows:
+
POST https://{{endpoint}}/v3/auth/tokens
+Content-Type: application/json
+
+
Request Body
The body of a request is often sent in a structured format as specified in the Content-Type header field. The request body transfers content except the request header.
+
The request body varies between APIs. Some APIs do not require the request body, such as the APIs requested using the GET and DELETE methods.
+
In the case of the API used to obtain a user token, the request parameters and parameter description can be obtained from the API request. The following provides an example request with a body included. Set username to the name of a user, domainname to the name of the account that the user belongs to, ******** to the user's login password, and xxxxxxxxxxxxxxxxxx to the project name. You can learn more information about projects from .
+
The scope parameter specifies where a token takes effect. You can set scope to an account or a project under an account. In the following example, the token takes effect only for the resources in a specified project. For more information about this API, see Obtaining a User Token.
+
+
+POST https://{{endpoint}}/v3/auth/tokens
+Content-Type: application/json
+{
+ "auth": {
+ "identity": {
+ "methods": [
+ "password"
+ ],
+ "password": {
+ "user": {
+ "name": "username",
+ "password": "********",
+ "domain": {
+ "name": "domainname"
+ }
+ }
+ }
+ },
+ "scope": {
+ "project": {
+ "name": "xxxxxxxxxxxxxxxxxx"
+ }
+ }
+ }
+}
+
If all data required for the API request is available, you can send the request to call the API through curl, Postman, or coding. In the response to the API used to obtain a user token, x-subject-token is the desired user token. This token can then be used to authenticate the calling of other APIs.
+
+
datakey_length
@@ -171,7 +171,7 @@
diff --git a/docs/kms/api-ref/kms_02_0021.html b/docs/kms/api-ref/kms_02_0021.html
index 6b273e55..9d80c167 100644
--- a/docs/kms/api-ref/kms_02_0021.html
+++ b/docs/kms/api-ref/kms_02_0021.html
@@ -32,7 +32,7 @@
Requests
- Table 2 Request parametersParameter
+Table 2 Request parametersParameter
|
Mandatory
|
@@ -60,7 +60,7 @@
Key-value pairs with a maximum length of 8192 characters. This parameter is used to record resource context information, excluding sensitive information, to ensure data integrity.
If this parameter is specified during encryption, it is also required for decryption.
-Example: {"Key1":"Value1","Key2":"Value2"}
+Example: {"Key1":"Value1","Key2":"Value2"}
|
|---|
datakey_length
@@ -87,7 +87,7 @@
Responses
- Table 3 Response parametersParameter
+Table 3 Response parametersParameter
|
Mandatory
|
@@ -162,7 +162,7 @@
diff --git a/docs/kms/api-ref/kms_02_0022.html b/docs/kms/api-ref/kms_02_0022.html
index 1b134023..7f35e2fb 100644
--- a/docs/kms/api-ref/kms_02_0022.html
+++ b/docs/kms/api-ref/kms_02_0022.html
@@ -32,7 +32,7 @@
Requests
- Table 2 Request parametersParameter
+Table 2 Request parametersParameter
|
Mandatory
|
@@ -60,7 +60,7 @@
Key-value pairs with a maximum length of 8192 characters. This parameter is used to record resource context information, excluding sensitive information, to ensure data integrity.
If this parameter is specified during encryption, it is also required for decryption.
-Example: {"Key1":"Value1","Key2":"Value2"}
+Example: {"Key1":"Value1","Key2":"Value2"}
|
|---|
plain_text
@@ -97,7 +97,7 @@
Responses
- Table 3 Response parametersParameter
+Table 3 Response parametersParameter
|
Mandatory
|
@@ -201,7 +201,7 @@ public static String bytesToHexString(byte[] digest) {
diff --git a/docs/kms/api-ref/kms_02_0023.html b/docs/kms/api-ref/kms_02_0023.html
index d6b67f49..30c6f05f 100644
--- a/docs/kms/api-ref/kms_02_0023.html
+++ b/docs/kms/api-ref/kms_02_0023.html
@@ -33,7 +33,7 @@
Requests
- Table 2 Request parametersParameter
+Table 2 Request parametersParameter
|
Mandatory
|
@@ -61,7 +61,7 @@
Key-value pairs with a maximum length of 8192 characters. This parameter is used to record resource context information, excluding sensitive information, to ensure data integrity.
If this parameter is specified during encryption, it is also required for decryption.
-Example: {"Key1":"Value1","Key2":"Value2"}
+Example: {"Key1":"Value1","Key2":"Value2"}
|
|---|
cipher_text
@@ -97,7 +97,7 @@
Responses
- Table 3 Response parametersParameter
+Table 3 Response parametersParameter
|
Mandatory
|
@@ -184,7 +184,7 @@
diff --git a/docs/kms/api-ref/kms_02_0024.html b/docs/kms/api-ref/kms_02_0024.html
index 4b7f6a45..83bbefce 100644
--- a/docs/kms/api-ref/kms_02_0024.html
+++ b/docs/kms/api-ref/kms_02_0024.html
@@ -95,7 +95,7 @@
diff --git a/docs/kms/api-ref/kms_02_0025.html b/docs/kms/api-ref/kms_02_0025.html
index 7abab325..d295c9c9 100644
--- a/docs/kms/api-ref/kms_02_0025.html
+++ b/docs/kms/api-ref/kms_02_0025.html
@@ -175,7 +175,7 @@
diff --git a/docs/kms/api-ref/kms_02_0026.html b/docs/kms/api-ref/kms_02_0026.html
index c02624dd..8e1e0ea3 100644
--- a/docs/kms/api-ref/kms_02_0026.html
+++ b/docs/kms/api-ref/kms_02_0026.html
@@ -176,7 +176,7 @@
diff --git a/docs/kms/api-ref/kms_02_0027.html b/docs/kms/api-ref/kms_02_0027.html
index 81e8680c..bf02a748 100644
--- a/docs/kms/api-ref/kms_02_0027.html
+++ b/docs/kms/api-ref/kms_02_0027.html
@@ -176,7 +176,7 @@
diff --git a/docs/kms/api-ref/kms_02_0028.html b/docs/kms/api-ref/kms_02_0028.html
index 9e1f94f4..1a76da2e 100644
--- a/docs/kms/api-ref/kms_02_0028.html
+++ b/docs/kms/api-ref/kms_02_0028.html
@@ -32,9 +32,9 @@
Requests
- Table 2 Request parametersParameter
+Table 2 Request parametersParameter
|
-Mandatory
+ | Mandatory
|
Type
|
@@ -92,6 +92,16 @@
Example: 0d0466b00d0466b00d0466b00d0466b0
|---|
+grantee_principal_type
+ |
+No
+ |
+String
+ |
+Authorization type
+Values: user, domain. The default value is user.
+ |
+
sequence
|
No
@@ -107,9 +117,9 @@
Responses
- Table 3 Response parametersParameter
+Table 3 Response parametersParameter
|
-Mandatory
+ | Mandatory
|
Type
|
@@ -179,7 +189,7 @@
diff --git a/docs/kms/api-ref/kms_02_0029.html b/docs/kms/api-ref/kms_02_0029.html
index aa22324f..7d295523 100644
--- a/docs/kms/api-ref/kms_02_0029.html
+++ b/docs/kms/api-ref/kms_02_0029.html
@@ -119,7 +119,7 @@
diff --git a/docs/kms/api-ref/kms_02_0030.html b/docs/kms/api-ref/kms_02_0030.html
index b2be476f..dc788b64 100644
--- a/docs/kms/api-ref/kms_02_0030.html
+++ b/docs/kms/api-ref/kms_02_0030.html
@@ -121,7 +121,7 @@
diff --git a/docs/kms/api-ref/kms_02_0031.html b/docs/kms/api-ref/kms_02_0031.html
index 9c716de7..79b9aade 100644
--- a/docs/kms/api-ref/kms_02_0031.html
+++ b/docs/kms/api-ref/kms_02_0031.html
@@ -286,7 +286,7 @@
diff --git a/docs/kms/api-ref/kms_02_0032.html b/docs/kms/api-ref/kms_02_0032.html
index d47aad4d..28c2c270 100644
--- a/docs/kms/api-ref/kms_02_0032.html
+++ b/docs/kms/api-ref/kms_02_0032.html
@@ -182,7 +182,7 @@
diff --git a/docs/kms/api-ref/kms_02_0033.html b/docs/kms/api-ref/kms_02_0033.html
new file mode 100644
index 00000000..0664d3bb
--- /dev/null
+++ b/docs/kms/api-ref/kms_02_0033.html
@@ -0,0 +1,169 @@
+
+
+Encrypting Data
+FunctionThis API enables you to encrypt data using a specified CMK.
+ By default, the performance threshold for encrypting data is 1000 TPS per customer. To apply for higher performance, submit a service ticket.
+
+
+
+ Requests
+ Table 2 Request parametersParameter
+ |
+Mandatory
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+key_id
+ |
+Yes
+ |
+String
+ |
+36-byte ID of a CMK that matches the regular expression ^[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}$
+Example: 0d0466b0-e727-4d9c-b35d-f84bb474a37f
+ |
+
+encryption_context
+ |
+No
+ |
+Object
+ |
+Key-value pairs with a maximum length of 8192 characters. This parameter is used to record resource context information, excluding sensitive information, to ensure data integrity.
+If this parameter is specified during encryption, it is also required for decryption.
+Example: {"Key1":"Value1","Key2":"Value2"}
+ |
+
+plain_text
+ |
+Yes
+ |
+String
+ |
+Plaintext data which is 1 to 4096 bytes in length and matches the regular expression ^.{1,4096}$. After being converted into a byte array, it is still 1 to 4096 bytes in length.
+ |
+
+sequence
+ |
+No
+ |
+String
+ |
+36-byte serial number of a request message
+Example: 919c82d4-8046-4722-9094-35c3c6524cff
+ |
+
+
+
+
+
+ Responses
+ Table 3 Response parametersParameter
+ |
+Mandatory
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+key_id
+ |
+Yes
+ |
+String
+ |
+CMK ID
+ |
+
+cipher_text
+ |
+Yes
+ |
+String
+ |
+Ciphertext data in Base64 format
+ |
+
+
+
+
+
+ ExamplesThe following example describes how to use a CMK (ID: 0d0466b0-e727-4d9c-b35d-f84bb474a37f) to encrypt data (plaintext: 12345678).
+
+ - Example response
{
+ "key_id": "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
+ "cipher_text": "AgDoAG7EsEc2OHpQxz4gDFDH54CqwaelpTdEl+RFPjbKn5klPTvOywYIeZX60kPbFsYOpXJwkL32HUM50MY22Eb1fOSpZK7WJpYjx66EWOkJvO+Ey3r1dLdNAjrZrYzQlxRwNS05CaNKoX5rr3NoDnmv+UNobaiS25muLLiqOt6UrStaWow9AUyOHSzl+BrX2Vu0whv74djK+3COO6cXT2CBO6WajTJsOgYdxMfv24KWSKw0TqvHe8XDKASQGKdgfI74hzI1YWJlNjlmLWFlMTAtNDRjZC1iYzg3LTFiZGExZGUzYjdkNwAAAACdcfNpLXwDUPH3023MvZK8RPHe129k6VdNIi3zNb0eFQ=="
+}
+or
+{
+ "error": {
+ "error_code": "KMS.XXXX",
+ "error_msg": "XXX"
+ }
+}
+
+
+ Status CodesTable 4 lists the normal status code returned by the response.
+ Table 4 Status codesStatus Code
+ |
+Status
+ |
+Description
+ |
+
|---|
+
+200
+ |
+OK
+ |
+Request processed successfully.
+ |
+
+
+
+
+
+ Exception status code. For details, see Status Codes.
+
+ Decrypting Data
+FunctionThis API enables you to decrypt data.
+ By default, the performance threshold for decrypting data is 1000 TPS per customer. To apply for higher performance, submit a service ticket.
+
+
+
+ Requests
+ Table 2 Request parametersParameter
+ |
+Mandatory
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+cipher_text
+ |
+Yes
+ |
+String
+ |
+Ciphertext of encrypted data. The value is the cipher_text value in the data encryption result that matches the regular expression ^[0-9a-zA-Z+/=]{188,5648}$.
+ |
+
+encryption_context
+ |
+No
+ |
+Object
+ |
+Key-value pairs with a maximum length of 8192 characters. This parameter is used to record resource context information, excluding sensitive information, to ensure data integrity.
+If this parameter is specified during encryption, it is also required for decryption.
+Example: {"Key1":"Value1","Key2":"Value2"}
+ |
+
+sequence
+ |
+No
+ |
+String
+ |
+36-byte serial number of a request message
+Example: 919c82d4-8046-4722-9094-35c3c6524cff
+ |
+
+
+
+
+
+ Responses
+ Table 3 Response parametersParameter
+ |
+Mandatory
+ |
+Type
+ |
+Description
+ |
+
|---|
+
+key_id
+ |
+Yes
+ |
+String
+ |
+CMK ID
+ |
+
+plain_text
+ |
+Yes
+ |
+String
+ |
+Plaintext
+ |
+
+
+
+
+
+ ExamplesThe following example describes how to decrypt data (ciphertext: AgDoAG7EsEc2OHpQxz4gDFDH54CqwaelpTdEl+RFPjbKn5klPTvOywYIeZX60kPbFsYOpXJwkL32HUM50MY22Eb1fOSpZK7WJpYjx66EWOkJvO+Ey3r1dLdNAjrZrYzQlxRwNS05CaNKoX5rr3NoDnmv+UNobaiS25muLLiqOt6UrStaWow9AUyOHSzl+BrX2Vu0whv74djK+3COO6cXT2CBO6WajTJsOgYdxMfv24KWSKw0TqvHe8XDKASQGKdgfI74hzI1YWJlNjlmLWFlMTAtNDRjZC1iYzg3LTFiZGExZGUzYjdkNwAAAACdcfNpLXwDUPH3023MvZK8RPHe129k6VdNIi3zNb0eFQ==).
+ - Example request
{
+ "cipher_text": "AgDoAG7EsEc2OHpQxz4gDFDH54CqwaelpTdEl+RFPjbKn5klPTvOywYIeZX60kPbFsYOpXJwkL32HUM50MY22Eb1fOSpZK7WJpYjx66EWOkJvO+Ey3r1dLdNAjrZrYzQlxRwNS05CaNKoX5rr3NoDnmv+UNobaiS25muLLiqOt6UrStaWow9AUyOHSzl+BrX2Vu0whv74djK+3COO6cXT2CBO6WajTJsOgYdxMfv24KWSKw0TqvHe8XDKASQGKdgfI74hzI1YWJlNjlmLWFlMTAtNDRjZC1iYzg3LTFiZGExZGUzYjdkNwAAAACdcfNpLXwDUPH3023MvZK8RPHe129k6VdNIi3zNb0eFQ=="
+}
+ - Example response
{
+ "key_id": "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
+ "plain_text": "12345678"
+}
+or
+{
+ "error": {
+ "error_code": "KMS.XXXX",
+ "error_msg": "XXX"
+ }
+}
+
+
+ Status CodesTable 4 lists the normal status code returned by the response.
+ Table 4 Status codesStatus Code
+ |
+Status
+ |
+Description
+ |
+
|---|
+
+200
+ |
+OK
+ |
+Request processed successfully.
+ |
+
+
+
+
+
+ Exception status code. For details, see Status Codes.
+
+ Requests
- Table 2 Request parametersParameter
+Table 2 Request parametersParameter
|
Mandatory
|
@@ -58,7 +58,7 @@
String
|
-Encryption algorithm for CMK material. The following values are enumerated: - RSAES_PKCS1_V1_5
- RSAES_OAEP_SHA_1
- RSAES_OAEP_SHA_256
+ Cryptographic algorithm for CMK material. The following values are enumerated: - RSAES_PKCS1_V1_5
- RSAES_OAEP_SHA_1
- RSAES_OAEP_SHA_256
|
|
|---|
@@ -77,7 +77,7 @@
Responses
- Table 3 Response parametersParameter
+Table 3 Response parametersParameter
|
Mandatory
|
@@ -127,7 +127,7 @@
|---|
ExamplesThe following example describes how to obtain the imported parameter of a CMK (ID: bb6a3d22-dc93-47ac-b5bd-88df7ad35f1e; encryption algorithm: RSAES_OAEP_SHA_1).
+ ExamplesThe following example describes how to obtain the imported parameter of a CMK (ID: bb6a3d22-dc93-47ac-b5bd-88df7ad35f1e; algorithm: RSAES_OAEP_SHA_1).
- Example request
{
"key_id": "bb6a3d22-dc93-47ac-b5bd-88df7ad35f1e",
"wrapping_algorithm":"RSAES_OAEP_SHA_1"
@@ -172,7 +172,7 @@
diff --git a/docs/kms/api-ref/kms_02_0036.html b/docs/kms/api-ref/kms_02_0036.html
index e3a2fcf4..588c1ae5 100644
--- a/docs/kms/api-ref/kms_02_0036.html
+++ b/docs/kms/api-ref/kms_02_0036.html
@@ -137,7 +137,7 @@
Before You Start
+
+
+
diff --git a/docs/kms/api-ref/kms_02_0051.html b/docs/kms/api-ref/kms_02_0051.html
new file mode 100644
index 00000000..aa4fb12e
--- /dev/null
+++ b/docs/kms/api-ref/kms_02_0051.html
@@ -0,0 +1,11 @@
+
+
+API Calling
+KMS supports Representational State Transfer (REST) APIs, allowing you to call APIs using HTTPS requests. For details about API calling, see Calling APIs.
+ Endpoints
+An endpoint is the request address for calling an API. Endpoints vary depending on services and regions. For the endpoints of all services, see Regions and Endpoints.
+ Constraints
+
+ For more constraints, see the descriptions of specific APIs.
+ Concepts
+- Account
An account has full access permissions for all the resources and cloud services under it. It can reset user passwords and grant users permissions. The account is a payment entity and should not be used to perform routine management. For security purposes, create IAM users and grant them permissions for routine management.
+ - User
An IAM user is created by an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
+The account name, username, and password wll be required for API authentication.
+ - Region
Regions are divided based on geographical location and network latency. Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region. Regions are classified as universal regions and dedicated regions. A universal region provides universal cloud services for common tenants. A dedicated region provides services of the same type only or for specific tenants.
+ - Availability Zone (AZ)
An AZ comprises one or multiple physical data centers equipped with independent ventilation, fire, water, and electricity facilities. Compute, network, storage, and other resources in an AZ are logically divided into multiple clusters. AZs within a region are interconnected using high-speed optical fibers to support cross-AZ high-availability systems.
+ - Project
Projects group and isolate resources (including compute, storage, and network resources) across physical regions. A default project is provided for each region, and subprojects can be created under each default project. Users can be granted permissions to access all resources in a specific project. For more refined access control, create subprojects under a project and create resources in the subprojects. Users can then be assigned permissions to access only specific resources in the subprojects.
+Figure 1 Project isolation model
+
+ Returned Values
+Status CodeAfter sending a request, you will receive a response containing the status code, response header, and response body.
+ A status code is a group of digits ranging from 1xx to 5xx. It indicates the status of a response. For more information, see Status Code.
+ For example, if status code 201 is returned for calling the API used to obtain a user token, the request is successful.
+
+ Response HeaderA response header corresponds to a request header, for example, Content-Type.
+ Figure 1 shows the response header for the API of obtaining a user token, in which x-subject-token is the desired user token. Then, you can use the token to authenticate the calling of other APIs.
+ Figure 1 Header of the response to the request for obtaining a user token
+
+ (Optional) Response BodyA response body is generally returned in a structured format, corresponding to the Content-Type in the response header, and is used to transfer content other than the response header.
+ The following shows part of the response body for the API to obtain a user token. For the sake of space, only part of the content is displayed here.
+ {
+ "token": {
+ "expires_at": "2019-02-13T06:52:13.855000Z",
+ "methods": [
+ "password"
+ ],
+ "catalog": [
+ {
+ "endpoints": [
+ {
+ "region_id": "xxxxxxxx",
+......
+ If an error occurs during API calling, the system returns an error code and a message to you. The following shows the format of an error response body:
+ {
+ "error": {
+ "message": "The request you have made requires authentication.",
+ "title": "Unauthorized"
+ }
+}
+ In the preceding information, error_code is an error code, and error_msg describes the error.
+
+ API Overview
+You can use all functions of by calling its APIs.
+
+ Overview
+Key Management Service (KMS) is a secure, reliable, and easy-to-use service for managing your keys on the cloud. It helps you easily create, manage, and protect keys.
+ You can use the APIs described in this document to perform operations on keys, such as creating, querying, and deleting keys. For details about all supported operations, see API Overview.
+ Before calling KMS APIs, ensure that you have understood the concepts related to KMS. For more information, see section "Overview" in the Key Management Service User Guide.
+ API Usage Guidelines
+Cloud service APIs comply with the RESTful API design principles. REST-based Web services are organized into resources. Each resource is identified by one or more Uniform Resource Identifiers (URIs). An application accesses a resource based on the resource's Unified Resource Locator (URL). A URL is usually in the following format: https://Endpoint/uri. In the URL, uri indicates the resource path, that is, the API access path.
+ Cloud service APIs use HTTPS as the transmission protocol. Requests/Responses are transmitted by using JSON messages, with media type represented by Application/json.
+ For details about how to use APIs, see API Usage Guidelines.
+ |
|---|
-2022-09-30
+ | 2024-03-25
+ |
+This is the sixteenth official release.
+- Optimized the description of the parameter grantee_principal_type in section "Creating a Grant".
- Added an example of the message_type in section "Signing Data".
+ |
+
+2023-11-29
+ |
+This is the fifteenth official release.
+Modified the description of some API request parameters in section "API Description".
+ |
+
+2023-10-20
+ |
+This is the fourteenth official release.
+- Added the section "Signing Data".
- Added the section "Authenticating a Signature".
+ |
+
+2022-09-30
|
This issue is the thirteenth official release.
Optimized descriptions in sections "Permissions Policies and Supported Actions".
@@ -60,7 +78,7 @@
| 2017-10-30
|
This is the fifth official release.
-- Added the section "Creating a Grant".
- Added the section "Revoking a Grant".
- Added the section "Retiring a Grant".
- Added the section "Querying Grants on a CMK".
- Added the section "Querying Grants That Can Be Retired".
- Optimized request parameter description in the section "Creating a CMK".
- Optimized request and response parameter description in the section "Querying the List of CMKs".
- Optimized response parameter description in the section "Querying the Information About a CMK".
- Optimized response parameter description in the section "Creating a Random Number".
- Optimized response parameter description in the section "Querying the Quota of a User".
- Optimized error codes and modified the section "Error Codes".
- Added public error code KMS.0308 and its description.
- Added error codes and their description for creating a grant.
- Added error codes and their description for querying grants on a CMK.
- Added error codes and their description for querying grants that can be retired.
- Added error codes and their description for revoking a grant.
- Added error codes and their description for retiring a grant.
+- Added the section "Creating a Grant".
- Added the section "Revoking a Grant".
- Added the section "Retiring a Grant".
- Added the section "Querying Grants on a CMK".
- Added the section "Querying Grants that Can Be Retired".
- Optimized request parameter description in the section "Creating a CMK".
- Optimized request and response parameter description in the section "Querying the List of CMKs".
- Optimized response parameter description in the section "Querying the Information About a CMK".
- Optimized response parameter description in the section "Creating a Random Number".
- Optimized response parameter description in the section "Querying the Quota of a User".
- Optimized error codes and modified the section "Error Codes".
- Added public error code KMS.0308 and its description.
- Added error codes and their description for creating a grant.
- Added error codes and their description for querying grants on a CMK.
- Added error codes and their description for querying grants that can be retired.
- Added error codes and their description for revoking a grant.
- Added error codes and their description for retiring a grant.
|
diff --git a/docs/kms/api-ref/dew_02_0307.html b/docs/kms/api-ref/kms_02_0307.html
similarity index 54%
rename from docs/kms/api-ref/dew_02_0307.html
rename to docs/kms/api-ref/kms_02_0307.html
index 94f0572b..5b97f02f 100644
--- a/docs/kms/api-ref/dew_02_0307.html
+++ b/docs/kms/api-ref/kms_02_0307.html
@@ -1,12 +1,12 @@
-
+
Permissions Policies and Supported Actions
diff --git a/docs/kms/api-ref/dew_02_0308.html b/docs/kms/api-ref/kms_02_0308.html
similarity index 59%
rename from docs/kms/api-ref/dew_02_0308.html
rename to docs/kms/api-ref/kms_02_0308.html
index b22a2ebf..3a02d9a6 100644
--- a/docs/kms/api-ref/dew_02_0308.html
+++ b/docs/kms/api-ref/kms_02_0308.html
@@ -1,23 +1,23 @@
-
+
Introduction
-This chapter describes fine-grained permissions management for your KMS. If your account does not need individual IAM users, then you may skip over this chapter.
- By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.
- You can grant users permissions by using roles and policies. Roles are a type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. Policies define API-based permissions for operations on specific resources under certain conditions, allowing for more fine-grained, secure access control of cloud resources.
- Policy-based authorization is useful if you want to allow or deny the access to an API.
+ This chapter describes fine-grained permissions management for your KMS. If your account does not need individual IAM users, you may skip over this chapter.
+ By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.
+ You can grant permissions to users by using roles and policies. Roles are a type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. Policies define API-based permissions for operations on specific resources under certain conditions, allowing for more fine-grained, secure access control of cloud resources.
+ Policy-based authorization is useful if you want to allow or deny the access to an API.
- An account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. The permissions required for calling an API are determined by the actions supported by the API. Only users who have been granted permissions allowing the actions can call the API successfully.
- Supported ActionsYou can use system-defined policies provided in IAM, or create custom policies to supplement the system-defined policies, implementing refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies:
- - Permission: A statement in a policy that allows or denies certain operations.
- APIs: REST APIs that can be called in a custom policy.
- Actions: Added to a custom policy to control permissions for specific operations.
- Dependent actions: When assigning an action to users, you also need to assign dependent permissions for that action to take effect.
- IAM projects or enterprise project: Scope of users a permission is granted to. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management. Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect in IAM. Such policies will not take effect if they are assigned to user groups in Enterprise Project.
√: supported; x: not supported
+ An account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. The permissions required for calling an API are determined by the actions supported by the API. Only users who have been granted permissions allowing the actions can call the API successfully.
+ Supported ActionsYou can use system-defined policies provided in IAM, or create custom policies to supplement the system-defined policies, implementing refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies:
+ - Permission: A statement in a policy that allows or denies certain operations.
- APIs: REST APIs that can be called in a custom policy.
- Actions: Added to a custom policy to control permissions for specific operations.
- Dependent actions: When assigning an action to users, you also need to assign dependent permissions for that action to take effect.
- IAM projects or enterprise project: Scope of users a permission is granted to. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management. Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect in IAM. Such policies will not take effect if they are assigned to user groups in Enterprise Project.
√: supported; x: not supported
- KMS supports the following actions that can be defined in custom policies:
- Manage keys, such as creating keys and querying keys.
+ KMS supports the following actions that can be defined in custom policies:
+ Manage keys, such as creating keys and querying keys.
diff --git a/docs/kms/api-ref/dew_02_0309.html b/docs/kms/api-ref/kms_02_0309.html
similarity index 59%
rename from docs/kms/api-ref/dew_02_0309.html
rename to docs/kms/api-ref/kms_02_0309.html
index c552d939..76f78675 100644
--- a/docs/kms/api-ref/dew_02_0309.html
+++ b/docs/kms/api-ref/kms_02_0309.html
@@ -1,490 +1,490 @@
-
+
Encryption Key Management
- Permission
+Permission
|
-API
+ | API
|
-Action
+ | Action
|
-Dependent Permission
-
+ | Dependent Permission
+
|
-IAM Project
-(Project)
+ | IAM Project
+(Project)
|
-Enterprise Project
-(Enterprise Project)
+ | Enterprise Project
+(Enterprise Project)
|
|---|
-Creating a CMK
+ | Creating a CMK
|
-POST /v1.0/{project_id}/kms/create-key
+ | POST /v1.0/{project_id}/kms/create-key
|
-kms:cmk:create
+ | kms:cmk:create
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Enabling a CMK
+ | Enabling a CMK
|
-POST /v1.0/{project_id}/kms/enable-key
+ | POST /v1.0/{project_id}/kms/enable-key
|
-kms:cmk:enable
+ | kms:cmk:enable
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Disabling a CMK
+ | Disabling a CMK
|
-POST /v1.0/{project_id}/kms/disable-key
+ | POST /v1.0/{project_id}/kms/disable-key
|
-kms:cmk:disable
+ | kms:cmk:disable
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Scheduling the deletion of a CMK
+ | Scheduling the deletion of a CMK
|
-POST /v1.0/{project_id}/kms/schedule-key-deletion
+ | POST /v1.0/{project_id}/kms/schedule-key-deletion
|
-kms:cmk:update
+ | kms:cmk:update
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Canceling the scheduled deletion of a CMK
+ | Canceling the scheduled deletion of a CMK
|
-POST /v1.0/{project_id}/kms/cancel-key-deletion
+ | POST /v1.0/{project_id}/kms/cancel-key-deletion
|
-kms:cmk:update
+ | kms:cmk:update
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Querying the list of CMKs
+ | Querying the list of CMKs
|
-POST /v1.0/{project_id}/kms/list-keys
+ | POST /v1.0/{project_id}/kms/list-keys
|
-kms:cmk:list
+ | kms:cmk:list
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Queries the CMK information.
+ | Queries the CMK information.
|
-POST /v1.0/{project_id}/kms/describe-key
+ | POST /v1.0/{project_id}/kms/describe-key
|
-kms:cmk:get
+ | kms:cmk:get
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Generating a random number
+ | Generating a random number
|
-POST /v1.0/{project_id}/kms/gen-random
+ | POST /v1.0/{project_id}/kms/gen-random
|
-kms:cmk:generate
+ | kms:cmk:generate
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Creating a DEK
+ | Creating a DEK
|
-POST /v1.0/{project_id}/kms/create-datakey
+ | POST /v1.0/{project_id}/kms/create-datakey
|
-kms:dek:create
+ | kms:dek:create
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Creating a plaintext-free DEK
+ | Creating a plaintext-free DEK
|
-POST /v1.0/{project_id}/kms/create-datakey-without-plaintext
+ | POST /v1.0/{project_id}/kms/create-datakey-without-plaintext
|
-kms:dek:create
+ | kms:dek:create
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Encrypting a DEK
+ | Encrypting a DEK
|
-POST /v1.0/{project_id}/kms/encrypt-datakey
+ | POST /v1.0/{project_id}/kms/encrypt-datakey
|
-kms:dek:crypto
+ | kms:dek:crypto
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Decrypting a DEK
+ | Decrypting a DEK
|
-POST /v1.0/{project_id}/kms/decrypt-datakey
+ | POST /v1.0/{project_id}/kms/decrypt-datakey
|
-kms:dek:crypto
+ | kms:dek:crypto
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Querying the number of instances
+ | Querying the number of instances
|
-GET /v1.0/{project_id}/kms/user-instances
+ | GET /v1.0/{project_id}/kms/user-instances
|
-kms:cmk:getInstance
+ | kms:cmk:getInstance
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Querying the user quota
+ | Querying the user quota
|
-GET /v1.0/{project_id}/kms/user-quotas
+ | GET /v1.0/{project_id}/kms/user-quotas
|
-kms:cmk:getQuota
+ | kms:cmk:getQuota
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Modifying the CMK alias
+ | Modifying the CMK alias
|
-POST /v1.0/{project_id}/kms/update-key-alias
+ | POST /v1.0/{project_id}/kms/update-key-alias
|
-kms:cmk:update
+ | kms:cmk:update
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Modifying the description of a CMK
+ | Modifying the description of a CMK
|
-POST /v1.0/{project_id}/kms/update-key-description
+ | POST /v1.0/{project_id}/kms/update-key-description
|
-kms:cmk:update
+ | kms:cmk:update
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Creating a grant
+ | Creating a grant
|
-POST /v1.0/{project_id}/kms/create-grant
+ | POST /v1.0/{project_id}/kms/create-grant
|
-kms:grant:create
+ | kms:grant:create
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Revoking a grant
+ | Revoking a grant
|
-POST /v1.0/{project_id}/kms/revoke-grant
+ | POST /v1.0/{project_id}/kms/revoke-grant
|
-kms:grant:revoke
+ | kms:grant:revoke
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Retiring a grant
+ | Retiring a grant
|
-POST /v1.0/{project_id}/kms/retire-grant
+ | POST /v1.0/{project_id}/kms/retire-grant
|
-kms:grant:retire
+ | kms:grant:retire
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Querying the grant list of a CMK
+ | Querying the grant list of a CMK
|
-POST /v1.0/{project_id}/kms/list-grants
+ | POST /v1.0/{project_id}/kms/list-grants
|
-kms:grant:list
+ | kms:grant:list
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Querying the list of grants that can be retired
+ | Querying the list of grants that can be retired
|
-POST /v1.0/{project_id}/kms/list-retirable-grants
+ | POST /v1.0/{project_id}/kms/list-retirable-grants
|
-kms:grant:list
+ | kms:grant:list
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Encrypting data
+ | Encrypting data
|
-POST /v1.0/{project_id}/kms/encrypt-data
+ | POST /v1.0/{project_id}/kms/encrypt-data
|
-kms:cmk:crypto
+ | kms:cmk:crypto
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Decrypting data
+ | Decrypting data
|
-POST /v1.0/{project_id}/kms/decrypt-data
+ | POST /v1.0/{project_id}/kms/decrypt-data
|
-kms:cmk:crypto
+ | kms:cmk:crypto
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Obtaining parameters for importing a key
+ | Obtaining parameters for importing a key
|
-POST /v1.0/{project_id}/kms/get-parameters-for-import
+ | POST /v1.0/{project_id}/kms/get-parameters-for-import
|
-kms:cmk:getMaterial
+ | kms:cmk:getMaterial
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Importing key material
+ | Importing key material
|
-POST /v1.0/{project_id}/kms/import-key-material
+ | POST /v1.0/{project_id}/kms/import-key-material
|
-kms:cmk:importMaterial
+ | kms:cmk:importMaterial
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Deleting key material
+ | Deleting key material
|
-POST /v1.0/{project_id}/kms/delete-imported-key-material
+ | POST /v1.0/{project_id}/kms/delete-imported-key-material
|
-kms:cmk:deleteMaterial
+ | kms:cmk:deleteMaterial
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Enabling key rotation
+ | Enabling key rotation
|
-POST /v1.0/{project_id}/kms/enable-key-rotation
+ | POST /v1.0/{project_id}/kms/enable-key-rotation
|
-kms:cmk:enableRotation
+ | kms:cmk:enableRotation
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Modifying the rotation interval
+ | Modifying the rotation interval
|
-POST /v1.0/{project_id}/kms/update-key-rotation-interval
+ | POST /v1.0/{project_id}/kms/update-key-rotation-interval
|
-kms:cmk:updateRotation
+ | kms:cmk:updateRotation
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Disabling key rotation
+ | Disabling key rotation
|
-POST /v1.0/{project_id}/kms/disable-key-rotation
+ | POST /v1.0/{project_id}/kms/disable-key-rotation
|
-kms:cmk:disableRotation
+ | kms:cmk:disableRotation
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Querying the key rotation status
+ | Querying the key rotation status
|
-POST /v1.0/{project_id}/kms/get-key-rotation-status
+ | POST /v1.0/{project_id}/kms/get-key-rotation-status
|
-kms:cmk:getRotation
+ | kms:cmk:getRotation
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Querying key resource instances
+ | Querying key resource instances
|
-POST /v1.0/{project_id}/kms/resource_instances/action
+ | POST /v1.0/{project_id}/kms/resource_instances/action
|
-kms:cmkTag:listInstance
+ | kms:cmkTag:listInstance
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Querying tags of a key
+ | Querying tags of a key
|
-GET /v1.0/{project_id}/kms/{key_id}/tags
+ | GET /v1.0/{project_id}/kms/{key_id}/tags
|
-kms:cmkTag:list
+ | kms:cmkTag:list
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Querying the project tags
+ | Querying the project tags
|
-GET /v1.0/{project_id}/kms/tags
+ | GET /v1.0/{project_id}/kms/tags
|
-kms:cmkTag:list
+ | kms:cmkTag:list
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Adding or deleting key tags in batches
+ | Adding or deleting key tags in batches
|
-POST /v1.0/{project_id}/kms/{key_id}/tags/action
+ | POST /v1.0/{project_id}/kms/{key_id}/tags/action
|
-kms:cmkTag:batch
+ | kms:cmkTag:batch
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Adding tags to a key
+ | Adding tags to a key
|
-POST /v1.0/{project_id}/kms/{key_id}/tags
+ | POST /v1.0/{project_id}/kms/{key_id}/tags
|
-kms:cmkTag:create
+ | kms:cmkTag:create
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
-Deleting tags of a key
+ | Deleting tags of a key
|
-POST /v1.0/{project_id}/kms/{ key_id }/tags/{key}
+ | POST /v1.0/{project_id}/kms/{ key_id }/tags/{key}
|
-kms:cmkTag:delete
+ | kms:cmkTag:delete
|
--
+ | -
|
-√
+ | √
|
-√
+ | √
|
@@ -493,7 +493,7 @@
diff --git a/docs/kms/api-ref/kms_02_8888.html b/docs/kms/api-ref/kms_02_8888.html
deleted file mode 100644
index 96786b22..00000000
--- a/docs/kms/api-ref/kms_02_8888.html
+++ /dev/null
@@ -1,950 +0,0 @@
-
-
-Error Code
-
- Status Code
- |
-Error Code
- |
-Error Message
- |
-Description
- |
-Measure
- |
-
|---|
-
-400
- |
-KMS.0201
- |
-Invalid request URL.
- |
-Invalid request URL.
- |
-Enter a valid URL.
- |
-
-400
- |
-KMS.0202
- |
-Invalid JSON format of the request message.
- |
-Invalid JSON format of the request message.
- |
-Enter a valid message.
- |
-
-400
- |
-KMS.0203
- |
-Request message too long.
- |
-Request message too long.
- |
-Enter a valid message.
- |
-
-400
- |
-KMS.0204
- |
-Parameters missing in the request message.
- |
-Parameters missing in the request message.
- |
-Enter a valid message.
- |
-
-400
- |
-KMS.0205
- |
-Invalid key ID.
- |
-Invalid key ID.
- |
-Enter a valid key ID.
- |
-
-400
- |
-KMS.0206
- |
-Invalid sequence number.
- |
-Invalid sequence number.
- |
-Enter a valid sequence number.
- |
-
-400
- |
-KMS.0208
- |
-Invalid value of value encryption_context.
- |
-Invalid value of value encryption_context.
- |
-Enter a valid value of encryption_context.
- |
-
-400
- |
-KMS.0209
- |
-The key has been disabled.
- |
-The key has been disabled.
- |
-Enable the key.
- |
-
-400
- |
-KMS.0210
- |
-The key is in Scheduled deletion state and cannot be used.
- |
-The key is in Pending deletion state and cannot be used.
- |
-Enable the key.
- |
-
-400
- |
-KMS.0211
- |
-Cannot perform this operation on Default Master Keys.
- |
-Cannot perform this operation on Default Master Keys.
- |
-Perform this operation on a common CMK.
- |
-
-400
- |
-KMS.0308
- |
-Invalid parameter.
- |
-Invalid parameter.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.0309
- |
-External keys required.
- |
-External keys required.
- |
-Use an imported key.
- |
-
-400
- |
-KMS.0310
- |
-The key is not in Pending import state.
- |
-The key is not in Pending import state.
- |
-Ensure the key is in Pending import state.
- |
-
-400
- |
-KMS.0401
- |
-Tag list cannot be empty.
- |
-Tag list cannot be empty.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.0402
- |
-Invalid match value.
- |
-Invalid match value.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.0403
- |
-Invalid match key.
- |
-Invalid match key.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.0201
- |
-Invalid request URL.
- |
-Invalid request URL.
- |
-Enter a valid URL.
- |
-
-400
- |
-KMS.0202
- |
-Invalid JSON format of the request message.
- |
-Invalid JSON format of the request message.
- |
-Enter a valid message.
- |
-
-400
- |
-KMS.0203
- |
-Request message too long.
- |
-Request message too long.
- |
-Enter a valid message.
- |
-
-400
- |
-KMS.0204
- |
-Parameters missing in the request message.
- |
-Parameters missing in the request message.
- |
-Enter a valid message.
- |
-
-400
- |
-KMS.0205
- |
-Invalid key ID.
- |
-Invalid key ID.
- |
-Enter a valid key ID.
- |
-
-400
- |
-KMS.0206
- |
-Invalid sequence number.
- |
-Invalid sequence number.
- |
-Enter a valid sequence number.
- |
-
-400
- |
-KMS.0208
- |
-Invalid value of value encryption_context.
- |
-Invalid value of value encryption_context.
- |
-Enter a valid value of encryption_context.
- |
-
-400
- |
-KMS.0209
- |
-The key has been disabled.
- |
-The key has been disabled.
- |
-Enable the key.
- |
-
-400
- |
-KMS.0210
- |
-The key is in Scheduled deletion state and cannot be used.
- |
-The key is in Pending deletion state and cannot be used.
- |
-Enable the key.
- |
-
-400
- |
-KMS.0211
- |
-Cannot perform this operation on Default Master Keys.
- |
-Cannot perform this operation on Default Master Keys.
- |
-Perform this operation on a common CMK.
- |
-
-400
- |
-KMS.0308
- |
-Invalid parameter.
- |
-Invalid parameter.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.0309
- |
-External keys required.
- |
-External keys required.
- |
-Use an imported key.
- |
-
-400
- |
-KMS.0310
- |
-The key is not in Pending import state.
- |
-The key is not in Pending import state.
- |
-Ensure the key is in Pending import state.
- |
-
-400
- |
-KMS.0311
- |
-Failed to decrypt data using the RSA private key.
- |
-Failed to decrypt data using the RSA private key.
- |
-Ensure the input ciphertext is correct and try again, or contact customer service.
- |
-
-400
- |
-KMS.0312
- |
-External keys cannot be rotated.
- |
-External keys cannot be rotated.
- |
-Use a common CMK.
- |
-
-400
- |
-KMS.0313
- |
-Key rotation is not enabled.
- |
-Key rotation is not enabled.
- |
-Enable key rotation.
- |
-
-400
- |
-KMS.0401
- |
-Tag list cannot be empty.
- |
-Tag list cannot be empty.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.0402
- |
-Invalid match value.
- |
-Invalid match value.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.0403
- |
-Invalid match key.
- |
-Invalid match key.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.0404
- |
-Invalid action.
- |
-Invalid action.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.0405
- |
-Invalid tag value.
- |
-Invalid tag value.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.0406
- |
-Invalid tag key.
- |
-Invalid tag key.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.0407
- |
-Invalid tag list size.
- |
-Invalid tag list size.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.0408
- |
-Invalid resourceType.
- |
-Invalid resourceType.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.0409
- |
-Too many tags.
- |
-Too many tags.
- |
-Delete unnecessary tags and try again.
- |
-
-400
- |
-KMS.0410
- |
-Invalid tag value length.
- |
-Invalid tag value length.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.0411
- |
-Invalid tag key length.
- |
-Invalid tag key length.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.0412
- |
-Invalid tag list.
- |
-Invalid tag list.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.0413
- |
-Too many tag values.
- |
-Too many tag values.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.0415
- |
-Invalid matches.
- |
-Invalid matches.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.0417
- |
-Invalid offset.
- |
-Invalid offset.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.1101
- |
-Invalid key_alias.
- |
-Invalid key_alias.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.1102
- |
-Invalid realm.
- |
-Invalid realm.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.1103
- |
-Invalid key_description.
- |
-Invalid key_description.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.1104
- |
-Duplicate key aliases.
- |
-Duplicate key aliases.
- |
-Use another alias.
- |
-
-400
- |
-KMS.1105
- |
-Too many keys.
- |
-Too many keys.
- |
-Increase key quota or delete unnecessary keys.
- |
-
-400
- |
-KMS.1201
- |
-The key is not disabled.
- |
-The key is not disabled.
- |
-Disable the key.
- |
-
-400
- |
-KMS.1301
- |
-The key is not enabled.
- |
-The key is not enabled.
- |
-Enable the key.
- |
-
-400
- |
-KMS.1401
- |
-Set the pending deletion period between 7 to 1096 days.
- |
-Set the pending deletion period between 7 to 1096 days.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.1402
- |
-The key is already in Pending deletion state.
- |
-The key is already in Pending deletion state.
- |
-No further operation required.
- |
-
-400
- |
-KMS.1501
- |
-The key is not in Pending deletion state.
- |
-The key is not in Pending deletion state.
- |
-Schedule deletion the key.
- |
-
-400
- |
-KMS.1601
- |
-Invalid limit.
- |
-Invalid limit.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.1602
- |
-marker must be greater than or equals 0.
- |
-marker must be greater than or equals 0.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.1801
- |
-random_data_length must be 512 bits.
- |
-random_data_length must be 512 bits.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.1901
- |
-datakey_length must be in the range 8 bits to 8,192 bits.
- |
-datakey_length must be in the range 8 bits to 8,192 bits.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.2001
- |
-datakey_length must be 512 bits.
- |
-datakey_length must be 512 bits.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.2101
- |
-Invalid plain_text.
- |
-Invalid plain_text.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.2102
- |
-datakey_plain_length must be 64 bytes.
- |
-datakey_plain_length must be 64 bytes.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.2103
- |
-Failed to verify the DEK hash.
- |
-Failed to verify the DEK hash.
- |
-Ensure the DEK is valid and try again, or contact customer service.
- |
-
-400
- |
-KMS.2201
- |
-Invalid cipher_text.
- |
-invalid cipher_text.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.2202
- |
-datakey_cipher_length must be 64 bytes.
- |
-datakey_cipher_length must be 64 bytes.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.2203
- |
-Failed to verify the DEK hash.
- |
-Failed to verify the DEK hash.
- |
-Ensure the DEK is valid and try again, or contact customer service.
- |
-
-400
- |
-KMS.2401
- |
-Specify an operation in addition to create-grant.
- |
-Specify an operation in addition to create-grant.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.2402
- |
-Invalid user ID.
- |
-Invalid user ID.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.2403
- |
-Failed to create the grant.
- |
-Failed to create the grant.
- |
-Try again later or contact customer service.
- |
-
-400
- |
-KMS.2404
- |
-Too many CMK grants.
- |
-Too many CMK grants.
- |
-Increase grant quota or delete unnecessary grants.
- |
-
-400
- |
-KMS.2405
- |
-Too many grants.
- |
-Too many grants.
- |
-Increase grant quota or delete unnecessary grants.
- |
-
-400
- |
-KMS.2501
- |
-Invalid grant ID.
- |
-Invalid grant ID.
- |
-Enter a valid grant ID.
- |
-
-400
- |
-KMS.2502
- |
-grant_id and key_id do not match.
- |
-grant_id and key_id do not match.
- |
-Ensure input grant_id matches key_id.
- |
-
-400
- |
-KMS.2601
- |
-Token expired.
- |
-Token expired.
- |
-Obtain a new token.
- |
-
-400
- |
-KMS.2602
- |
-Key expiration time must be later than the current time.
- |
-Key expiration time must be later than the current time.
- |
-Set a valid key expiration time.
- |
-
-400
- |
-KMS.2603
- |
-Key IDs in the imported key and token do not match.
- |
-Key IDs in the imported key and token do not match.
- |
-Ensure the key ID in the imported key matches that in the token.
- |
-
-400
- |
-KMS.2604
- |
-The external key plaintext length must be 32 bits.
- |
-The external key plaintext length must be 32 bits.
- |
-Enter valid parameters.
- |
-
-400
- |
-KMS.2605
- |
-Token verification failed.
- |
-Token verification failed.
- |
-Obtain a new token.
- |
-
-400
- |
-KMS.2606
- |
-You are importing a deleted key again. The imported plaintext must be the same as the deleted key plaintext.
- |
-You are importing a deleted key again. The imported plaintext must be the same as the deleted key plaintext.
- |
-Ensure the plaintext of the imported key is the same as that of the deleted key.
- |
-
-400
- |
-KMS.2701
- |
-Key material is not in Enabled or Disabled state and cannot be deleted.
- |
-Key material is not in Enabled or Disabled state and cannot be deleted.
- |
-Ensure that the key is in Enabled or Disabled state.
- |
-
-500
- |
-KMS.0101
- |
-KMS error.
- |
-KMS error.
- |
-Try again later or contact customer service.
- |
-
-500
- |
-KMS.0102
- |
-Abnormal KMS I/O.
- |
-Abnormal KMS I/O.
- |
-Try again later or contact customer service.
- |
-
-
-
-
-
|
|---|
|
|---|
|---|
|
|---|
| |
|---|
|---|
|
|---|
| |
|---|
|---|
|
|---|
| |
|---|
|---|
|
|---|
| |
|---|
|