Queries the details of a custom key for an ApsaraDB for Redis instance to use transparent data encryption (TDE).

Before you call this operation, TDE must be enabled for the ApsaraDB for Redis instance by using a custom key. For more information, see ModifyInstanceTDE.

Note For more information about TDE and the usage notes of TDE, see Enable TDE.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeEncryptionKey

The operation that you want to perform. Set the value to DescribeEncryptionKey.

InstanceId String Yes r-bp1zxszhcgatnx****

The ID of the ApsaraDB for Redis instance. You can call the DescribeInstances operation to query instance IDs.

RegionId String No cn-hangzhou

The region ID of the instance. You can call the DescribeInstances operation to query the region IDs of instances.

EncryptionKey String No ad463061-992d-4195-8a94-ed63********

The ID of the custom key. You can call the DescribeEncryptionKeyList operation to query key IDs.

Response parameters

Parameter Type Example Description
Creator String 17649847********

The ID of the Alibaba Cloud account that is used to create the custom key.

DeleteDate String 2021-09-24T18:22:03Z

The time when the custom key is expected to be deleted. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC.

Note If the return value is an empty string, the custom key cannot be automatically deleted.
Description String testkey

The description of the custom key. By default, an empty string was returned.

EncryptionKey String ad463061-992d-4195-8a94-ed63********

The ID of the custom key.

EncryptionKeyStatus String Enabled

The status of the custom key for the instance. Valid values:

  • Enabled: The custom key is available.
  • Disabled: The custom key is not available.
KeyUsage String ENCRYPT/DECRYPT

The purpose of the custom key for the instance. A value of ENCRYPT/DECRYPT indicates encryption and decryption.

MaterialExpireTime String 2021-09-24T18:22:03Z

The time when the custom key expires. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC.

Note If the return value is an empty string, the custom key does not expire.
Origin String Aliyun_KMS

The source of the custom key. A value of Aliyun_KMS indicates Key Management Service (KMS) of Alibaba Cloud.

RequestId String 9A931CE5-C926-5E09-B0EC-6299C4A6****

The ID of the request.

Examples

Sample requests

http(s)://r-kvstore.aliyuncs.com/?Action=DescribeEncryptionKey
&InstanceId=r-bp1zxszhcgatnx****
&<Common request parameters>

Sample success responses

XML format

<DescribeEncryptionKeyResponse>
      <Origin>Aliyun_KMS</Origin>
      <Description>testkey</Description>
      <EncryptionKeyStatus>Enabled</EncryptionKeyStatus>
      <RequestId>9A931CE5-C926-5E09-B0EC-6299C4A6****</RequestId>
      <MaterialExpireTime>2021-09-24T18:22:03Z</MaterialExpireTime>
      <KeyUsage>ENCRYPT/DECRYPT</KeyUsage>
      <EncryptionKey>ad463061-992d-4195-8a94-ed63********</EncryptionKey>
      <Creator>17649847********</Creator>
      <DeleteDate>2021-09-24T18:22:03Z</DeleteDate>
</DescribeEncryptionKeyResponse>

JSON format

{
    "Origin": "Aliyun_KMS",
    "Description": "testkey",
    "EncryptionKeyStatus": "Enabled",
    "RequestId": "9A931CE5-C926-5E09-B0EC-6299C4A6****",
    "MaterialExpireTime": "2021-09-24T18:22:03Z",
    "KeyUsage": "ENCRYPT/DECRYPT",
    "EncryptionKey": "ad463061-992d-4195-8a94-ed63********",
    "Creator": "17649847********",
    "DeleteDate": "2021-09-24T18:22:03Z"
}

Error codes

For a list of error codes, visit the API Error Center.