DescribeKey - Key Management Service - Alibaba Cloud Documentation Center

Queries the information about a key.

Operation description

You can query the information about the CMK 05754286-3ba2-4fa6-8d41-4323aca6**** by using parameter settings provided in this topic. The information includes the creator, creation time, status, and deletion protection status of the CMK.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
KeyId	string	Yes	The ID of the CMK. The ID must be globally unique. You can also set this parameter to an alias that is bound to the CMK. For more information, see Overview of aliases.	05754286-3ba2-4fa6-8d41-4323aca6****

Response parameters

Parameter	Type	Description	Example
	object
RequestId	string	The ID of the request, which is used to locate and troubleshoot issues.	f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f
KeyMetadata	object	The metadata of the CMK.
DeletionProtection	string	Indicates whether deletion protection is enabled. Valid values: Enabled Disabled	Enabled
KeyId	string	The ID of the CMK. The ID must be globally unique.	05754286-3ba2-4fa6-8d41-4323aca6****
NextRotationDate	string	The time when the next rotation will be performed. Note This parameter is returned only when the value of the AutomaticRotation parameter is Enabled or Suspended.	2021-07-06T18:22:03Z
KeyState	string	The status of the CMK. For more information, see Impact of CMK status on API operations.	Enabled
RotationInterval	string	The interval for automatic key rotation. Unit: seconds. For example, if the value is 604800s, automatic key rotation is performed at a 7-day interval. Note This parameter is returned only when the value of the AutomaticRotation parameter is Enabled or Suspended.	31536000s
Arn	string	The Alibaba Cloud Resource Name (ARN) of the CMK.	acs:kms:cn-hangzhou:154035569884**:key/05754286-3ba2-4fa6-8d41-4323aca6**
Creator	string	The Alibaba Cloud account that is used to create the CMK.	154035569884****
LastRotationDate	string	The time when the last rotation was performed. The time is displayed in UTC. For a new CMK, the value of this parameter is the time when the initial version of the CMK was generated.	2021-05-20T06:34:21Z
DeleteDate	string	The time at which the CMK is scheduled for deletion. The time is displayed in UTC. For more information, see ScheduleKeyDeletion . Note This parameter is returned only when the value of the KeyState parameter is PendingDeletion.	2021-05-26T18:22:03Z
PrimaryKeyVersion	string	The ID of the current primary key version for the symmetric CMK.	515e0b0a-624f-45ab-92b5-54f9b551****
Description	string	The description of the CMK.	key description example
KeySpec	string	The type of the CMK.	Aliyun_AES_256
Origin	string	The source of the key material for the CMK.	Aliyun_KMS
MaterialExpireTime	string	The time when the key material expires. The time is displayed in UTC. If this parameter value is empty, the key material does not expire.	2021-07-06T18:22:03Z
DeletionProtectionDescription	string	The description of deletion protection.	The CMK is being used by XXX. Deletion protection is set.
AutomaticRotation	string	Indicates whether automatic key rotation is enabled. Valid values: Enabled Disabled Suspended For more information, see Automatic key rotation. Note Only symmetric CMKs support automatic key rotation.	Disabled
ProtectionLevel	string	The protection level of the CMK.	HSM
KeyUsage	string	The usage of the CMK.	ENCRYPT/DECRYPT
CreationDate	string	The time when the CMK was created. The time is displayed in UTC.	2021-05-20T06:34:21Z
DKMSInstanceId	string	The ID of the dedicated KMS instance.	kst-bjj62d8f5e0sgtx8h****

Examples

Sample success responses

JSONformat

{
  "RequestId": "f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f",
  "KeyMetadata": {
    "DeletionProtection": "Enabled",
    "KeyId": "05754286-3ba2-4fa6-8d41-4323aca6****",
    "NextRotationDate": "2021-07-06T18:22:03Z",
    "KeyState": "Enabled",
    "RotationInterval": "31536000s",
    "Arn": "acs:kms:cn-hangzhou:154035569884****:key/05754286-3ba2-4fa6-8d41-4323aca6****",
    "Creator": "154035569884****",
    "LastRotationDate": "2021-05-20T06:34:21Z",
    "DeleteDate": "2021-05-26T18:22:03Z",
    "PrimaryKeyVersion": "515e0b0a-624f-45ab-92b5-54f9b551****",
    "Description": "key description example",
    "KeySpec": "Aliyun_AES_256",
    "Origin": "Aliyun_KMS",
    "MaterialExpireTime": "2021-07-06T18:22:03Z",
    "DeletionProtectionDescription": "The CMK is being used by XXX. Deletion protection is set.",
    "AutomaticRotation": "Disabled",
    "ProtectionLevel": "HSM",
    "KeyUsage": "ENCRYPT/DECRYPT",
    "CreationDate": "2021-05-20T06:34:21Z",
    "DKMSInstanceId": "kst-bjj62d8f5e0sgtx8h****"
  }
}

Error codes

HTTP status code	Error code	Error message	Description
400	InvalidParameter	The specified parameter is not valid.	An invalid value is specified for the parameter.
404	Forbidden.KeyNotFound	The specified Key is not found.	The error message returned because the specified CMK does not exist.
404	Forbidden.AliasNotFound	The specified Alias is not found.	The error message returned because the specified alias does not exist.
404	InvalidAccessKeyId.NotFound	The Access Key ID provided does not exist in our records.	-

For a list of error codes, visit the Service error codes.