You can call the DescribeDBInstanceEncryptionKey operation to check whether disk encryption is enabled for an instance that uses standard SSDs or enhanced SSDs (ESSDs). You can also call this operation to query the details of the encryption key. This operation is supported for instances that run MySQL, SQL Server, or PostgreSQL.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | DescribeDBInstanceEncryptionKey | The operation that you want to perform. Set the value to DescribeDBInstanceEncryptionKey. |
RegionId | String | No | cn-hangzhou | The region ID of the instance. You can call the DescribeRegions operation to query the most recent region list. |
DBInstanceId | String | Yes | rm-uf6wjk5xxxxxxx | The ID of the instance. You can call the DescribeDBInstances operation to query the ID of the instance. |
EncryptionKey | String | No | 749c1df7-xxxx-xxxx-xxxx-xxxxxxxxxxxx | The ID of the custom key. |
TargetRegionId | String | No | cn-qingdao | The ID of the destination region. You can call the DescribeRegions operation to query the most recent region list. |
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
DeleteDate | String | 2022-05-08T08:14:16Z | The scheduled time at which the key is deleted. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC. |
RequestId | String | 3BC2768E-DEDA-40FC-BBE9-6B884F3626AF | The ID of the request. |
Description | String | Description of the key | The description of the key. |
Origin | String | Aliyun_KMS | The source of the key. |
MaterialExpireTime | String | 2021-10-18T08:14:16Z | The time at which the key expires. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC. |
EncryptionKeyStatus | String | Enabled | The status of the key. Valid values:
|
KeyUsage | String | ENCRYPT/DECRYPT | The purpose of the key. |
EncryptionKey | String | 5306d1b6-7fd3-42d9-9511-xxxxxxx | The ID of the key. |
Creator | String | 1443*****9604 | The user who created the key. |
EncryptionKeyList | Array of EncryptionKeyInfo | The details about the key. |
|
KeyType | String | ALIAS | The type of the key. |
EncryptionKey | String | 5306d1b6-7fd3-42d9-9511-xxxxxxx | The ID of the key. |
Description | String | Description of the key | The description of the key. |
KeyUsage | String | ENCRYPT/DECRYPT | The purpose of the key. |
DeleteDate | String | 2022-05-08T08:14:16Z | The scheduled time at which the key is deleted. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC. |
Creator | String | 1443*****9604 | The user who created the key. |
EncryptionKeyStatus | String | Enabled | The status of the key. Valid values:
|
Origin | String | Aliyun_KMS | The source of the key. |
MaterialExpireTime | String | 2021-10-18T08:14:16Z | The time at which the key expires. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC. |
AliasName | String | alias/xxx | The alias of the key. |
UsedBy | String | master | The role of the instance. Valid values:
|
Examples
Sample requests
http(s)://rds.aliyuncs.com/?Action=DescribeDBInstanceEncryptionKey
&RegionId=cn-hangzhou
&DBInstanceId=rm-uf6wjk5xxxxxxx
&EncryptionKey=749c1df7-xxxx-xxxx-xxxx-xxxxxxxxxxxx
&TargetRegionId=cn-qingdao
&Common request parameters
Sample success responses
XML
format
HTTP/1.1 200 OK
Content-Type:application/xml
<DescribeDBInstanceEncryptionKeyResponse>
<DeleteDate>2022-05-08T08:14:16Z</DeleteDate>
<RequestId>3BC2768E-DEDA-40FC-BBE9-6B884F3626AF</RequestId>
<Description>Description of the key</Description>
<Origin>Aliyun_KMS</Origin>
<MaterialExpireTime>2021-10-18T08:14:16Z</MaterialExpireTime>
<EncryptionKeyStatus>Enabled</EncryptionKeyStatus>
<KeyUsage>ENCRYPT/DECRYPT</KeyUsage>
<EncryptionKey>5306d1b6-7fd3-42d9-9511-xxxxxxx</EncryptionKey>
<Creator>1443*****9604</Creator>
<EncryptionKeyList>
<KeyType>ALIAS</KeyType>
<EncryptionKey>5306d1b6-7fd3-42d9-9511-xxxxxxx</EncryptionKey>
<Description>Description of the key</Description>
<KeyUsage>ENCRYPT/DECRYPT</KeyUsage>
<DeleteDate>2022-05-08T08:14:16Z</DeleteDate>
<Creator>1443*****9604</Creator>
<EncryptionKeyStatus>Enabled</EncryptionKeyStatus>
<Origin>Aliyun_KMS</Origin>
<MaterialExpireTime>2021-10-18T08:14:16Z</MaterialExpireTime>
<AliasName>alias/xxx</AliasName>
<UsedBy>master</UsedBy>
</EncryptionKeyList>
</DescribeDBInstanceEncryptionKeyResponse>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"DeleteDate" : "2022-05-08T08:14:16Z",
"RequestId" : "3BC2768E-DEDA-40FC-BBE9-6B884F3626AF",
"Description" : "Description of the key",
"Origin" : "Aliyun_KMS",
"MaterialExpireTime" : "2021-10-18T08:14:16Z",
"EncryptionKeyStatus" : "Enabled",
"KeyUsage" : "ENCRYPT/DECRYPT",
"EncryptionKey" : "5306d1b6-7fd3-42d9-9511-xxxxxxx",
"Creator" : "1443*****9604",
"EncryptionKeyList" : [ {
"KeyType" : "ALIAS",
"EncryptionKey" : "5306d1b6-7fd3-42d9-9511-xxxxxxx",
"Description" : "Description of the key",
"KeyUsage" : "ENCRYPT/DECRYPT",
"DeleteDate" : "2022-05-08T08:14:16Z",
"Creator" : "1443*****9604",
"EncryptionKeyStatus" : "Enabled",
"Origin" : "Aliyun_KMS",
"MaterialExpireTime" : "2021-10-18T08:14:16Z",
"AliasName" : "alias/xxx",
"UsedBy" : "master"
} ]
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
403 | NoActiveBYOK | This custins no active byok. | The error message returned because Bring Your Own Key (BYOK) is disabled for the instance. |
For a list of error codes, see Service error codes.