Queries the information about a customer master key (CMK).

You can query the information about the CMK 05754286-3ba2-4fa6-8d41-4323aca6**** by using parameter settings provided in this topic. The information includes the creator, creation time, status, and deletion protection status of the CMK.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeKey

The operation that you want to perform. Set the value to DescribeKey.

KeyId String Yes 05754286-3ba2-4fa6-8d41-4323aca6****

The ID of the CMK. The ID must be globally unique.

You can also set this parameter to an alias that is bound to the CMK. For more information, see Overview of aliases.

Response parameters

Parameter Type Example Description
RequestId String f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f

The ID of the request, which is used to locate and troubleshoot issues.

KeyMetadata Object

The metadata of the CMK.

DeletionProtection String Enabled

Indicates whether deletion protection is enabled. Valid values:

  • Enabled
  • Disabled
KeyId String 05754286-3ba2-4fa6-8d41-4323aca6****

The ID of the CMK. The ID must be globally unique.

NextRotationDate String 2021-07-06T18:22:03Z

The time when the next rotation will be performed.

Note This parameter is returned only when the value of the AutomaticRotation parameter is Enabled or Suspended.
KeyState String Enabled

The status of the CMK.

For more information, see Impact of CMK status on API operations.

RotationInterval String 31536000s

The interval for automatic key rotation.

Unit: seconds.

For example, if the value is 604800s, automatic key rotation is performed at a 7-day interval.

Note This parameter is returned only when the value of the AutomaticRotation parameter is Enabled or Suspended.
Arn String acs:kms:cn-hangzhou:154035569884****:key/05754286-3ba2-4fa6-8d41-4323aca6****

The Alibaba Cloud Resource Name (ARN) of the CMK.

Creator String 154035569884****

The Alibaba Cloud account that is used to create the CMK.

LastRotationDate String 2021-05-20T06:34:21Z

The time when the last rotation was performed. The time is displayed in UTC. For a new CMK, the value of this parameter is the time when the initial version of the CMK was generated.

DeleteDate String 2021-05-26T18:22:03Z

The time at which the CMK is scheduled for deletion. The time is displayed in UTC.

For more information, see ScheduleKeyDeletion.

Note This parameter is returned only when the value of the KeyState parameter is PendingDeletion.
PrimaryKeyVersion String 515e0b0a-624f-45ab-92b5-54f9b551****

The ID of the current primary key version for the symmetric CMK.

Description String key description example

The description of the CMK.

KeySpec String Aliyun_AES_256

The type of the CMK.

Origin String Aliyun_KMS

The source of the key material for the CMK.

MaterialExpireTime String 2021-07-06T18:22:03Z

The time when the key material expires. The time is displayed in UTC. If this parameter value is empty, the key material does not expire.

DeletionProtectionDescription String The CMK is being used by XXX. Deletion protection is set.

The description of deletion protection.

AutomaticRotation String Disabled

Indicates whether automatic key rotation is enabled. Valid values:

  • Enabled
  • Disabled
  • Suspended

For more information, see Automatic key rotation.

Note Only symmetric CMKs support automatic key rotation.
ProtectionLevel String HSM

The protection level of the CMK.

KeyUsage String ENCRYPT/DECRYPT

The usage of the CMK.

CreationDate String 2021-05-20T06:34:21Z

The time when the CMK was created. The time is displayed in UTC.

DKMSInstanceId String kst-bjj62d8f5e0sgtx8h****

The ID of the dedicated KMS instance.

Examples

Sample requests

http(s)://[Endpoint]/?Action=DescribeKey
&KeyId=05754286-3ba2-4fa6-8d41-4323aca6****
&Common request parameters

Sample success responses

XML format 

HTTP/1.1 200 OK
Content-Type:application/xml

<DescribeKeyResponse>
    <RequestId>f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f</RequestId>
    <KeyMetadata>
        <DeletionProtection>Enabled</DeletionProtection>
        <KeyId>05754286-3ba2-4fa6-8d41-4323aca6****</KeyId>
        <NextRotationDate>2021-07-06T18:22:03Z</NextRotationDate>
        <KeyState>Enabled</KeyState>
        <RotationInterval>31536000s</RotationInterval>
        <Arn>acs:kms:cn-hangzhou:154035569884****:key/05754286-3ba2-4fa6-8d41-4323aca6****</Arn>
        <Creator>154035569884****</Creator>
        <LastRotationDate>2021-05-20T06:34:21Z</LastRotationDate>
        <DeleteDate>2021-05-26T18:22:03Z</DeleteDate>
        <PrimaryKeyVersion>515e0b0a-624f-45ab-92b5-54f9b551****</PrimaryKeyVersion>
        <Description>key description example</Description>
        <KeySpec>Aliyun_AES_256</KeySpec>
        <Origin>Aliyun_KMS</Origin>
        <MaterialExpireTime>2021-07-06T18:22:03Z</MaterialExpireTime>
        <DeletionProtectionDescription>The CMK is being used by XXX. Deletion protection is set. </DeletionProtectionDescription>
        <AutomaticRotation>Disabled</AutomaticRotation>
        <ProtectionLevel>HSM</ProtectionLevel>
        <KeyUsage>ENCRYPT/DECRYPT</KeyUsage>
        <CreationDate>2021-05-20T06:34:21Z</CreationDate>
        <DKMSInstanceId>kst-bjj62d8f5e0sgtx8h****</DKMSInstanceId>
    </KeyMetadata>
</DescribeKeyResponse>

JSON format 

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f",
  "KeyMetadata" : {
    "DeletionProtection" : "Enabled",
    "KeyId" : "05754286-3ba2-4fa6-8d41-4323aca6****",
    "NextRotationDate" : "2021-07-06T18:22:03Z",
    "KeyState" : "Enabled",
    "RotationInterval" : "31536000s",
    "Arn" : "acs:kms:cn-hangzhou:154035569884****:key/05754286-3ba2-4fa6-8d41-4323aca6****",
    "Creator" : "154035569884****",
    "LastRotationDate" : "2021-05-20T06:34:21Z",
    "DeleteDate" : "2021-05-26T18:22:03Z",
    "PrimaryKeyVersion" : "515e0b0a-624f-45ab-92b5-54f9b551****",
    "Description" : "key description example",
    "KeySpec" : "Aliyun_AES_256",
    "Origin" : "Aliyun_KMS",
    "MaterialExpireTime" : "2021-07-06T18:22:03Z",
    "DeletionProtectionDescription" : "The CMK is being used by XXX. Deletion protection is set.",
    "AutomaticRotation" : "Disabled",
    "ProtectionLevel" : "HSM",
    "KeyUsage" : "ENCRYPT/DECRYPT",
    "CreationDate" : "2021-05-20T06:34:21Z",
    "DKMSInstanceId" : "kst-bjj62d8f5e0sgtx8h****"
  }
}

Error codes

HTTP status code Error code Error message Description
404 Forbidden.KeyNotFound The specified Key is not found. The error message returned because the specified CMK is not found.
404 Forbidden.AliasNotFound The specified Alias is not found. The error message returned because the specified alias is not found.

For a list of error codes, visit the API Error Center.