ListKeys - Key Management Service - Alibaba Cloud Documentation Center

Operation description

For more information about the access policy required by a RAM user or RAM role to call this API, see Resource Access Management.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Request parameters

Parameter	Type	Required	Description	Example
PageNumber	integer	No	The page number. Valid values: greater than 0. Default value: 1.	1
PageSize	integer	No	The number of entries to return on each page. Valid values: 1 to 100. Default value: 10.	10
Filters	string	No	A filter for master keys. The filter consists of 0 to 10 key-value pairs. Key Description: The property to filter. Type: String. Values Description: The value to be included after filtering. Type: String array. Length: 0 to 10. Valid values: If `Key` is set to `KeyState`, it specifies the key status. Valid values for `Value` are `Enabled`, `Disabled`, `PendingDeletion`, and `PendingImport`. If `Key` is set to `KeySpec`, it specifies the key type. Valid values for `Value` are `Aliyun_AES_256`, `Aliyun_SM4`, `RSA_2048`, `EC_P256`, `EC_P256K`, `EC_SM2`, and `Aliyun_SM4`. Note: You can create keys of the `EC_SM2` and `Aliyun_SM4` types only in regions that support managed HSMs and have passed the compliance assessment of the Office of State Commercial Cryptography Administration (OSCCA). For more information about the supported regions, see Supported regions. If you specify `EC_SM2` or `Aliyun_SM4` in a region that does not support these key types, the parameters are ignored. If `Key` is set to `KeyUsage`, it specifies the key usage. Valid values for `Value` are `ENCRYPT/DECRYPT` (for data encryption and decryption) and `SIGN/VERIFY` (for generating and verifying digital signatures). If `Key` is set to `ProtectionLevel`, it specifies the protection level of the key. Valid values for `Value` are `SOFTWARE` and `HSM`. Note: The HSM protection level is supported only in specific regions. For more information about the supported regions, see Supported regions. If you specify `HSM` in a region that does not support it, the parameter is ignored. If `Key` is set to `CreatorType`, it specifies the creator type. Valid values for `Value` are `User` (returns master keys created by users) and `Service` (returns master keys that are automatically created by other Alibaba Cloud services based on your authorization). If `Key` is set to `DKMSInstanceId`, it specifies the ID of the KMS instance. Set `Value` as needed. If `Key` is set to `keyId`, it specifies the key ID. Set `Value` as needed. If `Key` is set to `AliasName`, it specifies the key alias. Set `Value` as needed. If `Key` is set to `Creator`, it specifies the key creator. Set `Value` as needed. If `Key` is set to `TagKey`, it specifies the key of a key tag. Set `Value` as needed. If `Key` is set to `TagValue`, it specifies the value of a key tag. Set `Value` as needed. The logical relationship between different keys in `Filters` is `AND`. The logical relationship between multiple values for the same key is `OR`. For example, if you enter `[ {"Key":"KeyState", "Values":["Enabled","Disabled"]}, {"Key":"KeyState", "Values":["PendingDeletion"]}, {"Key":"KeySpec", "Values":["Aliyun_AES_256"]} ]`, the semantics are: `(KeyState=Enabled OR KeyState=Disabled OR KeyState=PendingDeletion) AND (KeySpec=Aliyun_AES_256)`.	[{"Key":"KeyState", "Values":["Enabled","Disabled"]}]

Response elements

Parameter	Type	Description	Example
	object
PageNumber	integer	The page number.	1
PageSize	integer	The number of entries returned per page.	10
RequestId	string	The ID of the request. It is a globally unique identifier (GUID) generated by Alibaba Cloud. You can use the request ID to troubleshoot issues.	8252db58-2036-408c-a3d5-56e656dc2551
TotalCount	integer	The total number of master keys.	3
Keys	object
Key	array<object>	The master keys.
	object	The master key.
KeyId	string	The globally unique identifier of the master key.	08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****
KeyArn	string	The Alibaba Cloud Resource Name (ARN) of the master key.	acs:kms:cn-hangzhou:123456:key/80e9409f-78fa-42ab-84bd-83f40c81****

Examples

Success response

JSON format

{
  "PageNumber": 1,
  "PageSize": 10,
  "RequestId": "8252db58-2036-408c-a3d5-56e656dc2551",
  "TotalCount": 3,
  "Keys": {
    "Key": [
      {
        "KeyId": "08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****",
        "KeyArn": "acs:kms:cn-hangzhou:123456:key/80e9409f-78fa-42ab-84bd-83f40c81****"
      }
    ]
  }
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.