Li, Qiao
dfe65b9551
Reviewed-by: Belejkanic, Lukas <lukas.belejkanic@t-systems.com> Co-authored-by: Li, Qiao <qiaoli@huawei.com> Co-committed-by: Li, Qiao <qiaoli@huawei.com>
20 KiB
Creating a CMK
Function
This API is used to create customer master keys (CMKs) used to encrypt data encryption keys (DEKs).
Default Master Keys are created by services integrated with KMS. Names of Default Master Keys end with /default. Therefore, in naming your CMKs, do not choose those ending with /default.
URI
Requests
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
key_alias |
Yes |
String |
Alias of a non-default master key (The alias's length ranges from 1 to 255 characters and matches the regular expression ^[a-zA-Z0-9:/_-]{1,255}$. In addition, it must be different from the alias of a Default Master Key created by the system.) |
key_spec |
No |
String |
Key generation algorithm. The default value is AES_256. Its value can be:
|
key_usage |
No |
String |
Key usage. The default value is ENCRYPT_DECRYPT for a symmetric key and SIGN_VERIFY for an asymmetric key. Its value can be:
|
key_description |
No |
String |
CMK description (The value ranges from 0 to 255 characters.) |
origin |
No |
String |
Origin of a CMK. The default value is kms. The following values are enumerated:
|
sequence |
No |
String |
36-byte serial number of a request message Example: 919c82d4-8046-4722-9094-35c3c6524cff |
Responses
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
key_info |
Yes |
Array of objects |
Information about keys. For details, see Table 4. |
Examples
The following example describes how to create a CMK with an alias of test.
- Example request
{ "key_alias": "test" } - Example response
{ "key_info": { "key_id": "bb6a3d22-dc93-47ac-b5bd-88df7ad35f1e", "domain_id": "b168fe00ff56492495a7d22974df2d0b" } }or
{ "error": { "error_code": "KMS.XXXX", "error_msg": "XXX" } }
Status Codes
Exception status code. For details, see Status Codes.