Queries all CMKs of the current Alibaba Cloud account in the current region.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes ListKeys

The operation that you want to perform. Set the value to ListKeys.
PageNumber Integer No 1

The number of the page to return.

Pages start from page 1.

Default value: 1.
PageSize Integer No 10

The number of entries to return on each page.

Valid values: 1 to 100.

Default value: 10.
Filters String No [{"Key":"KeyState", "Values":["Enabled","Disabled"]}]

The CMK filter. The filter consists of one or more key-values pairs. You can specify a maximum of 10 key-values pairs.

  • Key
    • Description: the property that you want to filter.
    • Type: string.
    • Valid values:
      • KeyState: the status of a key.
      • KeySpec: the type of a key.
      • KeyUsage: the usage of a key.
      • ProtectionLevel: the protection level.
      • CreatorType: the type of the creator.
  • Values
    • Description: the value to be included after filtering.
    • Format: string array.
    • Length: 0 to 10.
    • Valid values:
      • When Key is set to KeyState, the value can be Enabled, Disabled, PendingDeletion, or PendingImport.

      • When Key is set to KeySpec, the value can be Aliyun_AES_256, Aliyun_SM4, RSA_2048, EC_P256, EC_P256K, or EC_SM2.

        Note: You can create the keys of the EC_SM2 or Aliyun_SM4 type only in regions that support Managed HSMs and pass the State Cryptography Administration (SCA) certification. For more information about the regions, see Supported regions. If your region does not support EC_SM2 and Aliyun_SM4, the two values are ignored if they are specified.

      • When Key is set to KeyUsage, the value can be ENCRYPT/DECRYPT (data encryption and decryption), or SIGN/VERIFY (digital signature generation and verification).

      • When Key is set to ProtectionLevel, the value can be SOFTWARE (software) or HSM (hardware).

        Only certain regions support HSM. For more information about the regions, see Supported regions . If your region does not support HSM, the value is ignored if it is specified.

      • If Key is set to CreatorType, the value can be User (used to obtain the CMK created by the current account) or Service (used to obtain the CMK created by other cloud products authorized by the current account).

The logical relationship between different keys is AND, and the logical relationship between multiple values in the same key is OR. Example:

[ {"Key":"KeyState", "Values":["Enabled","Disabled"]}, {"Key":"KeyState", "Values":["PendingDeletion"]}, {"Key":"KeySpec", "Values":["Aliyun_AES_256"]} ]. In this example, the semantics are: (KeyState=Enabled OR KeyState=Disabled OR KeyState=PendingDeletion) AND (KeySpec=Aliyun_AES_ 256).

Response parameters

Parameter Type Example Description
Keys Array of Key

The CMK.
Key
KeyArn String acs:kms:cn-hangzhou:123456:key/80e9409f-78fa-42ab-84bd-83f40c81****

The Alibaba Cloud Resource Name (ARN) of the CMK.
KeyId String 08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****

The ID of the CMK.
PageNumber Integer 1

The page number of the returned page.
PageSize Integer 10

The number of entries returned per page.
RequestId String 1050b8f1-b264-496d-a782-6299cbaf15f8

The ID of the request.
TotalCount Integer 3

The total number of CMKs.

Examples

Sample requests

https://kms.cn-hangzhou.aliyuncs.com/?Action=ListKeys
&PageNumber=1
&PageSize=10
&Filters=[{"Key":"KeyState", "Values":["Enabled","Disabled"]}]
&<Common request parameters>

Sample success responses

XML format 

<KMS>
          <Keys>
                    <Key>
                              <KeyId>80e9409f-78fa-42ab-84bd-83f40c81****</KeyId>
                              <KeyArn>acs:kms:cn-hangzhou:123456:key/80e9409f-78fa-42ab-84bd-83f40c81****</KeyArn>
                    </Key>
                    <Key>
                              <KeyId>8fbb1226-a06f-4c57-8887-daa5b627****</KeyId>
                              <KeyArn>acs:kms:cn-hangzhou:123456:key/8fbb1226-a06f-4c57-8887-daa5b627****</KeyArn>
                    </Key>
                      </Keys>
          <TotalCount>3</TotalCount>
          <PageNumber>1</PageNumber>
          <PageSize>10</PageSize>
          <RequestId>bc29ec35-3373-48d1-8202-520fd78d****</RequestId>
</KMS>

JSON format 

{
        "Keys": {
                "Key": [
                        {
                                "KeyId": "80e9409f-78fa-42ab-84bd-83f40c81****",
				                "KeyArn": "acs:kms:cn-hangzhou:123456:key/80e9409f-78fa-42ab-84bd-83f40c81****"                        
                        },
                        {
                                "KeyId": "8fbb1226-a06f-4c57-8887-daa5b627****",
				                "KeyArn": "acs:kms:cn-hangzhou:123456:key/8fbb1226-a06f-4c57-8887-daa5b627****"
                        }
                    ],
                "TotalCount": 3,
        "PageNumber": 1,
        "PageSize": 10,
        "RequestId": "bc29ec35-3373-48d1-8202-520fd78d****"
}

Error codes

For a list of error codes, visit the API Error Center.