You can call the DescribeDBInstanceEncryptionKey operation to query whether disk encryption is enabled for an ApsaraDB RDS instance and the details about the key that is used for disk encryption. This operation is supported for ApsaraDB RDS instances that run MySQL, SQL Server, or PostgreSQL.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeDBInstanceEncryptionKey

The operation that you want to perform. Set the value to DescribeDBInstanceEncryptionKey.

DBInstanceId String Yes rm-uf6wjk5xxxxxxx

The ID of the instance. You can call the DescribeDBInstances operation to query the IDs of instances.

RegionId String No cn-hangzhou

The region ID of the instance. You can call the DescribeRegions operation to query the most recent region list.

TargetRegionId String No cn-qingdao

The ID of the destination region. You can call the DescribeRegions operation to query the most recent region list.

EncryptionKey String No 749c1df7-xxxx-xxxx-xxxx-xxxxxxxxxxxx

The ID of the custom key that is used for disk encryption.

Response parameters

Parameter Type Example Description
Creator String 1443*****9604

The user who created the key.

DeleteDate String 2022-05-08T08:14:16Z

The scheduled time at which the key is deleted. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC.

Description String Description of the key

The description of the key.

EncryptionKey String 5306d1b6-7fd3-42d9-9511-xxxxxxx

The ID of the key.

EncryptionKeyStatus String Enabled

The status of the key. Valid values:

  • Enabled
  • Disabled
KeyUsage String ENCRYPT/DECRYPT

The purpose of the key.

MaterialExpireTime String 2021-10-18T08:14:16Z

The time at which the key expires. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC.

Origin String Aliyun_KMS

The source of the key.

RequestId String 3BC2768E-DEDA-40FC-BBE9-6B884F3626AF

The ID of the request.

Examples

Sample requests

http(s)://rds.aliyuncs.com/?Action=DescribeDBInstanceEncryptionKey
&DBInstanceId=rm-uf6wjk5xxxxxxx
&<Common request parameters>

Sample success responses

XML format

<DescribeDBInstanceEncryptionKeyResponse>
      <Origin>Aliyun_KMS</Origin>
      <Description>Description of the key</Description>
      <EncryptionKeyStatus>Enabled</EncryptionKeyStatus>
      <RequestId>3BC2768E-DEDA-40FC-BBE9-6B884F3626AF</RequestId>
      <MaterialExpireTime>2021-10-18T08:14:16Z</MaterialExpireTime>
      <KeyUsage>ENCRYPT/DECRYPT</KeyUsage>
      <EncryptionKey>5306d1b6-7fd3-42d9-9511-xxxxxxx</EncryptionKey>
      <Creator>1443*****9604</Creator>
      <DeleteDate>2022-05-08T08:14:16Z</DeleteDate>
</DescribeDBInstanceEncryptionKeyResponse>

JSON format

{
    "Origin": "Aliyun_KMS",
    "Description": "Description of the key",
    "EncryptionKeyStatus": "Enabled",
    "RequestId": "3BC2768E-DEDA-40FC-BBE9-6B884F3626AF",
    "MaterialExpireTime": "2021-10-18T08:14:16Z",
    "KeyUsage": "ENCRYPT/DECRYPT",
    "EncryptionKey": "5306d1b6-7fd3-42d9-9511-xxxxxxx",
    "Creator": "1443*****9604",
    "DeleteDate": "2022-05-08T08:14:16Z"
}

Error codes

For a list of error codes, visit the API Error Center.