Queries the information about a customer master key (CMK).
You can query the information about the CMK 05754286-3ba2-4fa6-8d41-4323aca6****
by using parameter settings provided in this topic. The information includes the
creator, creation time, status, and deletion protection status of the CMK.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | DescribeKey |
The operation that you want to perform. Set the value to DescribeKey. |
KeyId | String | Yes | 05754286-3ba2-4fa6-8d41-4323aca6**** |
The ID of the CMK. The ID must be globally unique. You can also set this parameter to an alias that is bound to the CMK. For more information, see Overview of aliases. |
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
RequestId | String | f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f |
The ID of the request, which is used to locate and troubleshoot issues. |
KeyMetadata | Object |
The metadata of the CMK. |
|
DeletionProtection | String | Enabled |
Indicates whether deletion protection is enabled. Valid values:
|
KeyId | String | 05754286-3ba2-4fa6-8d41-4323aca6**** |
The ID of the CMK. The ID must be globally unique. |
NextRotationDate | String | 2021-07-06T18:22:03Z |
The time when the next rotation will be performed. Note This parameter is returned only when the value of the AutomaticRotation parameter
is Enabled or Suspended.
|
KeyState | String | Enabled |
The status of the CMK. For more information, see Impact of CMK status on API operations. |
RotationInterval | String | 31536000s |
The interval for automatic key rotation. Unit: seconds. For example, if the value is 604800s, automatic key rotation is performed at a 7-day interval. Note This parameter is returned only when the value of the AutomaticRotation parameter
is Enabled or Suspended.
|
Arn | String | acs:kms:cn-hangzhou:154035569884****:key/05754286-3ba2-4fa6-8d41-4323aca6**** |
The Alibaba Cloud Resource Name (ARN) of the CMK. |
Creator | String | 154035569884**** |
The Alibaba Cloud account that is used to create the CMK. |
LastRotationDate | String | 2021-05-20T06:34:21Z |
The time when the last rotation was performed. The time is displayed in UTC. For a new CMK, the value of this parameter is the time when the initial version of the CMK was generated. |
DeleteDate | String | 2021-05-26T18:22:03Z |
The time at which the CMK is scheduled for deletion. The time is displayed in UTC. For more information, see ScheduleKeyDeletion. Note This parameter is returned only when the value of the KeyState parameter is PendingDeletion.
|
PrimaryKeyVersion | String | 515e0b0a-624f-45ab-92b5-54f9b551**** |
The ID of the current primary key version for the symmetric CMK. |
Description | String | key description example |
The description of the CMK. |
KeySpec | String | Aliyun_AES_256 |
The type of the CMK. |
Origin | String | Aliyun_KMS |
The source of the key material for the CMK. |
MaterialExpireTime | String | 2021-07-06T18:22:03Z |
The time when the key material expires. The time is displayed in UTC. If this parameter value is empty, the key material does not expire. |
DeletionProtectionDescription | String | The CMK is being used by XXX. Deletion protection is set. |
The description of deletion protection. |
AutomaticRotation | String | Disabled |
Indicates whether automatic key rotation is enabled. Valid values:
For more information, see Automatic key rotation. Note Only symmetric CMKs support automatic key rotation.
|
ProtectionLevel | String | HSM |
The protection level of the CMK. |
KeyUsage | String | ENCRYPT/DECRYPT |
The usage of the CMK. |
CreationDate | String | 2021-05-20T06:34:21Z |
The time when the CMK was created. The time is displayed in UTC. |
DKMSInstanceId | String | kst-bjj62d8f5e0sgtx8h**** |
The ID of the dedicated KMS instance. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=DescribeKey
&KeyId=05754286-3ba2-4fa6-8d41-4323aca6****
&Common request parameters
Sample success responses
XML
format
HTTP/1.1 200 OK
Content-Type:application/xml
<DescribeKeyResponse>
<RequestId>f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f</RequestId>
<KeyMetadata>
<DeletionProtection>Enabled</DeletionProtection>
<KeyId>05754286-3ba2-4fa6-8d41-4323aca6****</KeyId>
<NextRotationDate>2021-07-06T18:22:03Z</NextRotationDate>
<KeyState>Enabled</KeyState>
<RotationInterval>31536000s</RotationInterval>
<Arn>acs:kms:cn-hangzhou:154035569884****:key/05754286-3ba2-4fa6-8d41-4323aca6****</Arn>
<Creator>154035569884****</Creator>
<LastRotationDate>2021-05-20T06:34:21Z</LastRotationDate>
<DeleteDate>2021-05-26T18:22:03Z</DeleteDate>
<PrimaryKeyVersion>515e0b0a-624f-45ab-92b5-54f9b551****</PrimaryKeyVersion>
<Description>key description example</Description>
<KeySpec>Aliyun_AES_256</KeySpec>
<Origin>Aliyun_KMS</Origin>
<MaterialExpireTime>2021-07-06T18:22:03Z</MaterialExpireTime>
<DeletionProtectionDescription>The CMK is being used by XXX. Deletion protection is set. </DeletionProtectionDescription>
<AutomaticRotation>Disabled</AutomaticRotation>
<ProtectionLevel>HSM</ProtectionLevel>
<KeyUsage>ENCRYPT/DECRYPT</KeyUsage>
<CreationDate>2021-05-20T06:34:21Z</CreationDate>
<DKMSInstanceId>kst-bjj62d8f5e0sgtx8h****</DKMSInstanceId>
</KeyMetadata>
</DescribeKeyResponse>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"RequestId" : "f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f",
"KeyMetadata" : {
"DeletionProtection" : "Enabled",
"KeyId" : "05754286-3ba2-4fa6-8d41-4323aca6****",
"NextRotationDate" : "2021-07-06T18:22:03Z",
"KeyState" : "Enabled",
"RotationInterval" : "31536000s",
"Arn" : "acs:kms:cn-hangzhou:154035569884****:key/05754286-3ba2-4fa6-8d41-4323aca6****",
"Creator" : "154035569884****",
"LastRotationDate" : "2021-05-20T06:34:21Z",
"DeleteDate" : "2021-05-26T18:22:03Z",
"PrimaryKeyVersion" : "515e0b0a-624f-45ab-92b5-54f9b551****",
"Description" : "key description example",
"KeySpec" : "Aliyun_AES_256",
"Origin" : "Aliyun_KMS",
"MaterialExpireTime" : "2021-07-06T18:22:03Z",
"DeletionProtectionDescription" : "The CMK is being used by XXX. Deletion protection is set.",
"AutomaticRotation" : "Disabled",
"ProtectionLevel" : "HSM",
"KeyUsage" : "ENCRYPT/DECRYPT",
"CreationDate" : "2021-05-20T06:34:21Z",
"DKMSInstanceId" : "kst-bjj62d8f5e0sgtx8h****"
}
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
404 | Forbidden.KeyNotFound | The specified Key is not found. | The error message returned because the specified CMK is not found. |
404 | Forbidden.AliasNotFound | The specified Alias is not found. | The error message returned because the specified alias is not found. |
For a list of error codes, visit the API Error Center.