All Products
Search

This Product

    Key Management Service:ListKeys

    Document Center

    Key Management Service:ListKeys

    Last Updated:Dec 15, 2023

    Queries all keys of the current Alibaba Cloud account in the current region.

    Debugging

    OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

    Request parameters

    Parameter

    Type

    Required

    Example

    Description

    Action

    String

    Yes

    ListKeys

    The operation that you want to perform. Set the value to ListKeys.

    PageNumber

    Integer

    No

    1

    The page number.

    Pages start from page 1.

    Default value: 1.

    PageSize

    Integer

    No

    10

    The number of entries per page.

    Valid values: 1 to 100.

    Default value: 10.

    Filters

    String

    No

    [{"Key":"KeyState", "Values":["Enabled","Disabled"]}]

    The key filter. The filter consists of one or more key-values pairs. You can specify a maximum of 10 key-values pairs.

    • Key

      • Description: the property that you want to filter.

      • Type: string.

      • Valid values:

        • KeyState: the status of the key.

        • KeySpec: the type of the key.

        • KeyUsage: the usage of the key.

        • ProtectionLevel: the protection level.

        • CreatorType: the type of the creator.

        • DKMSInstanceId: the ID of the KMS instance.

    • Values

      • Description: the value to be included after filtering.

      • Format: string array.

      • Length: 0 to 10.

      • Valid values:

        • If Key is set to KeyState, the value can be Enabled, Disabled, PendingDeletion, or PendingImport.

        • If Key is set to KeySpec, the value can be Aliyun_AES_256, Aliyun_SM4, RSA_2048, EC_P256, EC_P256K, or EC_SM2.

          Note: You can create EC_SM2 or Aliyun_SM4 keys only in regions where State Cryptography Administration (SCA)-certified managed hardware security modules (HSMs) reside. For more information about the regions, see Supported regions. If your region does not support EC_SM2 and Aliyun_SM4, the two values are ignored if they are specified.

        • If Key is set to KeyUsage, the value can be ENCRYPT/DECRYPT or SIGN/VERIFY. ENCRYPT/DECRYPT indicates that the key is used to encrypt and decrypt data. SIGN/VERIFY indicates that the key is used to sign data and verify digital signatures.

        • If Key is set to ProtectionLevel, the value can be SOFTWARE (software) or HSM (hardware).

          You can set ProtectionLevel to HSM in only specific regions. For more information about the regions, see Supported regions. If the region does not support HSM, the value is ignored if the value is specified.

        • If Key is set to CreatorType, the value can be User or Service. User indicates that keys created by the current account are queried. Service indicates that keys automatically created by other cloud services authorized by the current account are queried.

        • If Key is set to DKMSInstanceId, the value is the ID of the KMS instance and is in the kst-xxx format.

    The logical relationship between different keys is AND. The logical relationship between values of the Values field in a key-value pair is OR. Example:

    [ {"Key":"KeyState", "Values":["Enabled","Disabled"]}, {"Key":"KeyState", "Values":["PendingDeletion"]}, {"Key":"KeySpec", "Values":["Aliyun_AES_256"]} ]. In this example, the semantics are:

    (KeyState=Enabled OR KeyState=Disabled OR KeyState=PendingDeletion) AND (KeySpec=Aliyun_AES_ 256).

    Response parameters

    Parameter

    Type

    Example

    Description

    PageNumber

    Integer

    1

    The page number.

    PageSize

    Integer

    10

    The number of entries per page.

    RequestId

    String

    8252db58-2036-408c-a3d5-56e656dc2551

    The ID of the request, which is used to locate and troubleshoot issues.

    TotalCount

    Integer

    3

    The total number of keys.

    Keys

    Array of Key

    An array that consists of keys.

    Key

    KeyId

    String

    08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****

    The ID of the key. The ID must be globally unique.

    KeyArn

    String

    acs:kms:cn-hangzhou:123456:key/80e9409f-78fa-42ab-84bd-83f40c81****

    The Alibaba Cloud Resource Name (ARN) of the key.

    Examples

    Sample requests

    http(s)://[Endpoint]/?Action=ListKeys
&PageNumber=1
&PageSize=10
&Filters=[{"Key":"KeyState", "Values":["Enabled","Disabled"]}]
&<Common request parameters>

    Sample success responses

    XML format

    HTTP/1.1 200 OK
Content-Type:application/xml

<ListKeysResponse>
    <PageNumber>1</PageNumber>
    <PageSize>10</PageSize>
    <RequestId>8252db58-2036-408c-a3d5-56e656dc2551</RequestId>
    <TotalCount>3</TotalCount>
    <Keys>
        <KeyId>08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****</KeyId>
        <KeyArn>acs:kms:cn-hangzhou:123456:key/80e9409f-78fa-42ab-84bd-83f40c81****</KeyArn>
    </Keys>
</ListKeysResponse>

    JSON format

    HTTP/1.1 200 OK
Content-Type:application/json

{
  "PageNumber" : 1,
  "PageSize" : 10,
  "RequestId" : "8252db58-2036-408c-a3d5-56e656dc2551",
  "TotalCount" : 3,
  "Keys" : [ {
    "KeyId" : "08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****",
    "KeyArn" : "acs:kms:cn-hangzhou:123456:key/80e9409f-78fa-42ab-84bd-83f40c81****"
  } ]
}

    Error codes

    For a list of error codes, see Service error codes.