You can call the DescribeDBInstanceEncryptionKey operation to check whether disk encryption is enabled for an instance that uses standard SSDs or enhanced SSDs (ESSDs). You can also call this operation to query the details of the encryption key. This operation is supported for instances that run MySQL, SQL Server, or PostgreSQL.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeDBInstanceEncryptionKey

The operation that you want to perform. Set the value to DescribeDBInstanceEncryptionKey.

RegionId String No cn-hangzhou

The region ID of the instance. You can call the DescribeRegions operation to query the most recent region list.

DBInstanceId String Yes rm-uf6wjk5xxxxxxx

The ID of the instance. You can call the DescribeDBInstances operation to query the ID of the instance.

EncryptionKey String No 749c1df7-xxxx-xxxx-xxxx-xxxxxxxxxxxx

The ID of the custom key.

TargetRegionId String No cn-qingdao

The ID of the destination region. You can call the DescribeRegions operation to query the most recent region list.

Response parameters

Parameter Type Example Description
DeleteDate String 2022-05-08T08:14:16Z

The scheduled time at which the key is deleted. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC.

RequestId String 3BC2768E-DEDA-40FC-BBE9-6B884F3626AF

The ID of the request.

Description String Description of the key

The description of the key.

Origin String Aliyun_KMS

The source of the key.

MaterialExpireTime String 2021-10-18T08:14:16Z

The time at which the key expires. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC.

EncryptionKeyStatus String Enabled

The status of the key. Valid values:

  • Enabled
  • Disabled
KeyUsage String ENCRYPT/DECRYPT

The purpose of the key.

EncryptionKey String 5306d1b6-7fd3-42d9-9511-xxxxxxx

The ID of the key.

Creator String 1443*****9604

The user who created the key.

EncryptionKeyList Array of EncryptionKeyInfo

The details about the key.

KeyType String ALIAS

The type of the key.

EncryptionKey String 5306d1b6-7fd3-42d9-9511-xxxxxxx

The ID of the key.

Description String Description of the key

The description of the key.

KeyUsage String ENCRYPT/DECRYPT

The purpose of the key.

DeleteDate String 2022-05-08T08:14:16Z

The scheduled time at which the key is deleted. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC.

Creator String 1443*****9604

The user who created the key.

EncryptionKeyStatus String Enabled

The status of the key. Valid values:

  • Enabled
  • Disabled
Origin String Aliyun_KMS

The source of the key.

MaterialExpireTime String 2021-10-18T08:14:16Z

The time at which the key expires. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC.

AliasName String alias/xxx

The alias of the key.

UsedBy String master

The role of the instance. Valid values:

  • Master: primary instance
  • slave: read-only instance

Examples

Sample requests

http(s)://rds.aliyuncs.com/?Action=DescribeDBInstanceEncryptionKey
&RegionId=cn-hangzhou
&DBInstanceId=rm-uf6wjk5xxxxxxx
&EncryptionKey=749c1df7-xxxx-xxxx-xxxx-xxxxxxxxxxxx
&TargetRegionId=cn-qingdao
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<DescribeDBInstanceEncryptionKeyResponse>
    <DeleteDate>2022-05-08T08:14:16Z</DeleteDate>
    <RequestId>3BC2768E-DEDA-40FC-BBE9-6B884F3626AF</RequestId>
    <Description>Description of the key</Description>
    <Origin>Aliyun_KMS</Origin>
    <MaterialExpireTime>2021-10-18T08:14:16Z</MaterialExpireTime>
    <EncryptionKeyStatus>Enabled</EncryptionKeyStatus>
    <KeyUsage>ENCRYPT/DECRYPT</KeyUsage>
    <EncryptionKey>5306d1b6-7fd3-42d9-9511-xxxxxxx</EncryptionKey>
    <Creator>1443*****9604</Creator>
    <EncryptionKeyList>
        <KeyType>ALIAS</KeyType>
        <EncryptionKey>5306d1b6-7fd3-42d9-9511-xxxxxxx</EncryptionKey>
        <Description>Description of the key</Description>
        <KeyUsage>ENCRYPT/DECRYPT</KeyUsage>
        <DeleteDate>2022-05-08T08:14:16Z</DeleteDate>
        <Creator>1443*****9604</Creator>
        <EncryptionKeyStatus>Enabled</EncryptionKeyStatus>
        <Origin>Aliyun_KMS</Origin>
        <MaterialExpireTime>2021-10-18T08:14:16Z</MaterialExpireTime>
        <AliasName>alias/xxx</AliasName>
        <UsedBy>master</UsedBy>
    </EncryptionKeyList>
</DescribeDBInstanceEncryptionKeyResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "DeleteDate" : "2022-05-08T08:14:16Z",
  "RequestId" : "3BC2768E-DEDA-40FC-BBE9-6B884F3626AF",
  "Description" : "Description of the key",
  "Origin" : "Aliyun_KMS",
  "MaterialExpireTime" : "2021-10-18T08:14:16Z",
  "EncryptionKeyStatus" : "Enabled",
  "KeyUsage" : "ENCRYPT/DECRYPT",
  "EncryptionKey" : "5306d1b6-7fd3-42d9-9511-xxxxxxx",
  "Creator" : "1443*****9604",
  "EncryptionKeyList" : [ {
    "KeyType" : "ALIAS",
    "EncryptionKey" : "5306d1b6-7fd3-42d9-9511-xxxxxxx",
    "Description" : "Description of the key",
    "KeyUsage" : "ENCRYPT/DECRYPT",
    "DeleteDate" : "2022-05-08T08:14:16Z",
    "Creator" : "1443*****9604",
    "EncryptionKeyStatus" : "Enabled",
    "Origin" : "Aliyun_KMS",
    "MaterialExpireTime" : "2021-10-18T08:14:16Z",
    "AliasName" : "alias/xxx",
    "UsedBy" : "master"
  } ]
}

Error codes

HTTP status code Error code Error message Description
403 NoActiveBYOK This custins no active byok. The error message returned because Bring Your Own Key (BYOK) is disabled for the instance.

For a list of error codes, see Service error codes.