The following tables list the API operations available for use in Key Management Service (KMS).
Queries a list of available regions for the current Alibaba Cloud account.
Activates KMS for the current Alibaba Cloud account.
Queries the status of KMS for the current Alibaba Cloud account.
Enables a KMS instance.
Queries the details of a KMS instance.
Queries a list of KMS instances.
Updates the virtual private cloud (VPC) that is associated with a KMS instance.
You can call API operations to manage keys and aliases. For example, you can create and delete keys and aliases.
Creates a key. You can use key material that is generated by KMS or import your own key material. Importing your own key material is known as Bring Your Own Key (BYOK).
Queries the parameters that are used to import key material to a key.
Imports key material to a key.
Changes the status of a key to Enabled.
Changes the status of a key to Disabled.
Queries the information about a key.
Queries all keys within an Alibaba Cloud account in the current region.
Updates the description of a key.
Creates an alias and binds it to a key.
Updates the ID of a key that is bound to an alias.
Deletes an alias.
Queries all aliases within an Alibaba Cloud account in the current region.
Queries aliases that are bound to a key.
Enables or disables deletion protection.
Schedules the deletion of a key. After you call this operation, the key enters the Pending Deletion state. The key is automatically deleted after the specified waiting period elapses.
Cancels the scheduled deletion of a key. You can cancel the scheduled deletion of a key before the specified waiting period elapses. After the scheduled deletion is canceled, the key re-enters the Enabled state.
Deletes key material.
You can only delete external key material of the customer master key (CMK) that is used as a default key.
Creates a new version for a key. Symmetric keys in KMS instances of the software key management type support this operation.
Asymmetric keys outside KMS support this operation.
Queries the information about a key version.
Queries all versions of a key.
Updates the rotation policy of a key. If automatic rotation is enabled for a key, KMS automatically generates a key version for the key on a regular basis.
You can perform cryptographic operations on data. For example, you can use KMS keys to encrypt data, generate data keys, decrypt data, and calculate signatures.
To use a key in a KMS instance to perform cryptographic operations, call KMS Instance API operations. For more information, see List of operations by function.
You can call API operations to manage, protect, distribute, and rotate secrets.
Creates a secret and stores the secret value in the initial version.
Queries all secrets within an Alibaba Cloud account in the current region.
Queries the metadata of a secret.
Updates the metadata of a secret.
Stores the secret value of a new version into a secret.Note
Only generic secrets support this operation.
Updates the stage label that marks a secret version.Note
Only generic secrets support this operation.
Schedules deletion of a secret or deletes a secret.
Restores a secret that is scheduled to be deleted.
Queries all versions of a secret.
Queries a random password string.
Manually rotates a secret.
Updates the rotation policy of a secret.
You can add multiple tags to a key or secret. Each tag consists of a tag key (TagKey) and a tag value (TagValue).
Adds a tag to a key or a secret
Removes a tag from a key or a secret.
Queries all tags of a key.
Adds tags to multiple keys or secrets.
Removes tags from multiple keys or secrets at a time.
Queries all tags or specific tags of multiple keys or secrets at a time.
Creates a network access rule to configure the private IP addresses or CIDR blocks that are allowed to access a KMS instance.
Deletes a network access rule.
Queries the details of a network access rule.
Queries a list of network access rules.
Updates a network access rule.
Creates a permission policy to configure the keys and secrets that are allowed to access.
Deletes a permission policy.
Queries the details of a permission policy.
Updates a permission policy.
Queries a list of permission policies.
Creates an application access point (AAP)
Deletes an AAP.
Queries the details of an AAP.
Queries a list of AAPs.
Updates the information about an AAP.
Creates a client key.
Deletes a client key.
Queries a list of client keys
Queries the information about a client key.