The following tables list API operations available for use in KMS. For more information, see OpenAPI Explorer.
Alibaba Cloud also provides a command line tool for you to learn APIs and for the purpose of command line automation. For more information about how to install and use the command line tool, see Alibaba Cloud CLI.
Key management API operations are used to create and modify keys and manage their lifecycle.
|CreateKey||Creates a CMK. You can also choose to let KMS generate key materials, or upload your own key materials. CreateKey is the first step to create a Bring Your Own Key (BYOK).|
|GetParametersForImport||Obtains key materials, which is the second step to create a BYOK.|
|ImportKeyMaterial||Imports key materials to the CMK, which is the final step to create a BYOK.|
|EnableKey||Modifies the key status to Enabled.|
|DisableKey||Modifies the key status to Disabled.|
|ScheduleKeyDeletion||Schedules key deletion. The key status changes to PendingDeletion. A CMK in the PendingDeletion state will be deleted when the scheduled period expires.|
|CancelKeyDeletion||Cancels the scheduled deletion of a CMK. You can cancel a scheduled deletion request after it is submitted and before the end of the scheduled period. After the scheduled deletion is canceled, the CMK returns to the Enabled state.|
|DeleteKeyMaterial||Deletes key materials of a CMK. You can directly delete key materials of a BYOK. After key materials are deleted, the BYOK is in the PendingImport state.|
|DescribeKey||Queries detailed information about a specified CMK.|
|ListKeys||Lists all CMKs within the current region that belong to the current Alibaba Cloud account.|
|UpdateKeyDescription||Updates the description of a CMK.|
Key version management
Key version management API operations are used for CMK rotation.
|DescribeKeyVersion||Queries a key version.|
|ListKeyVersions||Lists all key versions of a specified CMK.|
|UpdateRotationPolicy||Updates the CMK rotation policy. If automatic rotation is enabled, KMS automatically generates a new key version on a periodic basis.|
Key operation API operations are used to perform data operations involving keys such as encryption and decryption.
|Encrypt||Uses a specified CMK to encrypt data. This operation is used for online encryption of data of no more than 6 KB.|
|GenerateDataKey||Generates a random number. After the random number is encrypted with the specified CMK, its ciphertext and plaintext are returned. The random number can be used as a data key to encrypt or decrypt a large amount of data locally.|
|GenerateDataKeyWithoutPlaintext||Generates a random number. After the random number is encrypted with the specified CMK, its ciphertext is returned. The random number can be used as a data key to encrypt or decrypt a large amount of data locally.|
|Decrypt||Decrypts ciphertexts generated with the Encrypt or GenerateDataKey API operation. You do not need to specify the CMK for decryption.|
An alias is an independent object that must be bound to a unique CMK. Then it can be used to replace the KeyId of the CMK.
|CreateAlias||Creates an alias and binds it to a CMK.|
|UpdateAlias||Binds a specified alias to a new CMK.|
|DeleteAlias||Deletes a specified alias.|
|ListAliases||Lists all aliases of an Alibaba Cloud account in the current region.|
|ListAliasesByKeyId||Lists all aliases bound to a specified CMK.|
CMKs support tags. You can add multiple tags to a CMK. A tag is defined by a pair of TagKey and TagValue.
|TagResource||Adds or modifies the tags of a CMK.|
|UntagResource||Deletes the specified tag of a CMK.|
|ListResourceTags||Lists all tags of a CMK.|