DescribeKey - Key Management Service - Alibaba Cloud Documentation Center

Queries the metadata of a CMK, such as the key state, usage, and rotation configuration.

Operation description

You can query the information about the CMK 05754286-3ba2-4fa6-8d41-4323aca6**** by using parameter settings provided in this topic. The information includes the creator, creation time, status, and deletion protection status of the CMK.

For more information about the access policy required by a RAM user or RAM role to call this API, see Resource Access Management.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Request parameters

Parameter	Type	Required	Description	Example
KeyId	string	Yes	The ID of the CMK. The ID must be globally unique. You can also set this parameter to an alias that is bound to the CMK. For more information, see Overview of aliases.	05754286-3ba2-4fa6-8d41-4323aca6****

Response elements

Element	Type	Description	Example
	object
RequestId	string	The request ID.	f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f
KeyMetadata	object	The metadata of the CMK.
DeletionProtection	string	Indicates whether deletion protection is enabled. Valid values: Enabled Disabled	Enabled
KeyId	string	The ID of the CMK. The ID must be globally unique.	05754286-3ba2-4fa6-8d41-4323aca6****
NextRotationDate	string	The time when the next rotation will be performed. Note This parameter is returned only when the value of the AutomaticRotation parameter is Enabled or Suspended.	2021-07-06T18:22:03Z
KeyState	string	The status of the CMK. For more information, see Impact of CMK status on API operations.	Enabled
RotationInterval	string	The interval for automatic key rotation. Unit: seconds. For example, if the value is 604800s, automatic key rotation is performed at a 7-day interval. Note This parameter is returned only when the value of the AutomaticRotation parameter is Enabled or Suspended.	31536000s
Arn	string	The Alibaba Cloud Resource Name (ARN) of the CMK.	acs:kms:cn-hangzhou:154035569884**:key/05754286-3ba2-4fa6-8d41-4323aca6**
Creator	string	The Alibaba Cloud account that is used to create the CMK.	154035569884****
LastRotationDate	string	The time when the last rotation was performed. The time is displayed in UTC. For a new CMK, the value of this parameter is the time when the initial version of the CMK was generated.	2021-05-20T06:34:21Z
DeleteDate	string	The time at which the CMK is scheduled for deletion. The time is displayed in UTC. For more information, see ScheduleKeyDeletion. Note This parameter is returned only when the value of the KeyState parameter is PendingDeletion.	2021-05-26T18:22:03Z
PrimaryKeyVersion	string	The ID of the current primary key version for the symmetric CMK.	515e0b0a-624f-45ab-92b5-54f9b551****
Description	string	The description of the CMK.	key description example
KeySpec	string	The type of the CMK.	Aliyun_AES_256
Origin	string	The source of the key material for the CMK.	Aliyun_KMS
MaterialExpireTime	string	The time when the key material expires. The time is displayed in UTC. If this parameter value is empty, the key material does not expire.	2021-07-06T18:22:03Z
DeletionProtectionDescription	string	The description of deletion protection.	The CMK is being used by XXX. Deletion protection is set.
AutomaticRotation	string	Indicates whether automatic key rotation is enabled. Valid values: Enabled Disabled Suspended For more information, see Automatic key rotation. Note Only symmetric CMKs support automatic key rotation.	Disabled
ProtectionLevel	string	The protection level of the CMK.	HSM
KeyUsage	string	The usage of the CMK.	ENCRYPT/DECRYPT
CreationDate	string	The time when the CMK was created. The time is displayed in UTC.	2021-05-20T06:34:21Z
DKMSInstanceId	string	The ID of the dedicated KMS instance.	kst-bjj62d8f5e0sgtx8h****

Examples

Success response

JSON format

{
  "RequestId": "f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f",
  "KeyMetadata": {
    "DeletionProtection": "Enabled",
    "KeyId": "05754286-3ba2-4fa6-8d41-4323aca6****",
    "NextRotationDate": "2021-07-06T18:22:03Z",
    "KeyState": "Enabled",
    "RotationInterval": "31536000s",
    "Arn": "acs:kms:cn-hangzhou:154035569884****:key/05754286-3ba2-4fa6-8d41-4323aca6****",
    "Creator": "154035569884****",
    "LastRotationDate": "2021-05-20T06:34:21Z",
    "DeleteDate": "2021-05-26T18:22:03Z",
    "PrimaryKeyVersion": "515e0b0a-624f-45ab-92b5-54f9b551****",
    "Description": "key description example",
    "KeySpec": "Aliyun_AES_256",
    "Origin": "Aliyun_KMS",
    "MaterialExpireTime": "2021-07-06T18:22:03Z",
    "DeletionProtectionDescription": "The CMK is being used by XXX. Deletion protection is set.",
    "AutomaticRotation": "Disabled",
    "ProtectionLevel": "HSM",
    "KeyUsage": "ENCRYPT/DECRYPT",
    "CreationDate": "2021-05-20T06:34:21Z",
    "DKMSInstanceId": "kst-bjj62d8f5e0sgtx8h****"
  }
}

Error codes

HTTP status code	Error code	Error message	Description
400	InvalidParameter	The specified parameter is not valid.	An invalid value is specified for the parameter.
404	Forbidden.KeyNotFound	The specified Key is not found.	The error message returned because the specified CMK does not exist.
404	Forbidden.AliasNotFound	The specified Alias is not found.	The error message returned because the specified alias does not exist.
404	InvalidAccessKeyId.NotFound	The Access Key ID provided does not exist in our records.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.