This topic lists the APIs in KMS. For more information, see related documentation.
Alibaba Cloud also provides a command line tool for you to learn APIs and for the purpose of command line automation. For more information about how to install and use the command line tool, see Alibaba Cloud CLI
Key management APIs
Key management APIs are used to create and modify keys and manage their lifecycle.
|CreateKey||Creates a CMK. You can also choose to let KMS generate key material, or upload your own key material. CreateKey is the first step to create a BYOK (Bring Your Own Key).|
|GetParametersForImport||Obtains the key material, which is the second step to create a BYOK.|
|ImportKeyMaterial||Imports the key material to the CMK, which is the final step to create a BYOK.|
|EnableKey||Modifies the key status to enabled.|
|DisableKey||Modifies the key status to disabled.|
|ScheduleKeyDeletion||Schedules key deletion. The key status changes to PendingDeletion. A CMK in the PendingDeletion state will be deleted when the scheduled period expires.|
|CancelKeyDeletion||Cancels the scheduled deletion of a CMK. You can cancel a scheduled deletion request after it is submitted and before the end of the scheduled period. After the scheduled deletion is canceled, the CMK returns to the enabled state.|
|DeleteKeyMaterial||Deletes the key material of a CMK. You can directly delete the key material of BYOK. After the key material is deleted, the BYOK is in the PendingImport state.|
|DescribeKey||Queries detailed information about a specified CMK.|
|ListKeys||Lists all CMKs within the current region that belong to the current Alibaba Cloud account.|
Key operation APIs
Key operation APIs are used to perform data operations involving keys such as encryption and decryption.
|Encrypt||Uses a specified CMK to encrypt data. The API is used for online encryption of data of no more than 6 KB.|
|GenerateDataKey||Generates a random number. After the random number is encrypted with the specified CMK, its ciphertext and plaintext are returned. The random number can be used as a data key to encrypt or decrypt a large amount of data locally.|
|Decrypt||Decrypts ciphertexts generated with the Encrypt or GenerateDataKey API. You do not need to specify the CMK for decryption.|
Alias management APIs
An alias is an independent object that must be bound to a unique CMK. Then it can be used to indicate the CMK replaced instead of KeyId.
|CreateAlias||Creates an alias and binds it to a CMK.|
|UpdateAlias||Binds a specified alias to the new CMK.|
|DeleteAlias||Deletes a specified alias.|
|ListAliases||Lists all aliases of an Alibaba Cloud account in the current region.|
|ListAliasesByKeyId||Lists all aliases bound to the specified CMK.|
Tag management APIs
CMKs support tags. You can add multiple tags to a CMK. A tag is defined by a pair of TagKey and TagValue.
|TagResource||Adds or modifies the tags of a CMK.|
|UntagResource||Deletes the specified tag of a CMK.|
|ListResourceTags||Lists all tags of a CMK.|