Membuat kunci klien.
Deskripsi operasi
To perform cryptographic operations and retrieve secret values, self-managed applications must use a client key to access a Key Management Service (KMS) instance. The following process shows how to create a client key-based application access point (AAP):
1.Create an access control rule: You can configure the private IP addresses or private CIDR blocks that are allowed to access a KMS instance. For more information, see CreateNetworkRule.
2.Create a permission policy: You can configure the keys and secrets that are allowed to access and bind access control rules to the keys and secrets. For more information, see CreatePolicy.
3.Create an AAP: You can configure an authentication method and bind a permission policy to an AAP. For more information, see CreateApplicationAccessPoint.
4.Create a client key: You can configure the encryption password and validity period of a client key and bind the client key to an AAP.
Precautions
A client key has a validity period. After a client key expires, applications into which the client key is integrated cannot access the required KMS instance. You must replace the client key before the client key expires. We recommend that you delete the expired client key in KMS after the new client key is used.
Coba sekarang
Test
RAM authorization
Parameter permintaan
|
Parameter |
Type |
Required |
Description |
Example |
| AapName |
string |
Yes |
Operasi yang ingin Anda lakukan. Tetapkan nilai ke CreateClientKey. |
aap_test |
| Password |
string |
Yes |
Nama AAP. |
bcfefe15-46f0**** |
| NotAfter |
string |
No |
Kata sandi enkripsi kunci klien. Kata sandi harus terdiri dari 8 hingga 64 karakter dan harus mengandung setidaknya dua dari tipe berikut: digit, huruf, dan karakter khusus. Karakter khusus mencakup |
2028-08-31T17:14:33Z |
| NotBefore |
string |
No |
Akhir periode validitas kunci klien. Tentukan pengatur waktu dalam standar ISO 8601. Pengatur waktu harus dalam UTC. Pengatur waktu harus dalam format yyyy-MM-ddTHH:mm:ssZ. Catatan
|
2023-08-31T17:14:33Z |
Elemen respons
|
Element |
Type |
Description |
Example |
|
object |
|||
| RequestId |
string |
The beginning of the validity period of the client key. Specify the time in the ISO 8601 standard. The time must be in UTC. The time must be in the yyyy-MM-ddTHH:mm:ssZ format. Catatan
|
2312e45f-b2fa-4c34-ad94-3eca50932916 |
| ClientKeyId |
string |
The ID of the request, which is used to locate and troubleshoot issues. |
KAAP.66abf237-63f6-4625-b8cf-47e1086e**** |
| KeyAlgorithm |
string |
The ID of the client key. |
RSA_2048 |
| PrivateKeyData |
string |
The algorithm that is used to encrypt the private key of the client key. Currently, only RSA_2048 is supported. |
MIIJqwIBAzCCCXcGCSqGSIb3DQEHAaCCCWgEgglkMIIJYDCCBBcGCSqGSIb3DQEHBqCCBAgwgg****** |
| NotBefore |
string |
The private key of the client key. |
2023-08-31T17:14:33Z |
| NotAfter |
string |
The beginning of the validity period of the client key. |
2028-08-31T17:14:33Z |
Contoh
Respons sukses
JSONformat
{
"RequestId": "2312e45f-b2fa-4c34-ad94-3eca50932916",
"ClientKeyId": "KAAP.66abf237-63f6-4625-b8cf-47e1086e****",
"KeyAlgorithm": "RSA_2048",
"PrivateKeyData": "MIIJqwIBAzCCCXcGCSqGSIb3DQEHAaCCCWgEgglkMIIJYDCCBBcGCSqGSIb3DQEHBqCCBAgwgg******",
"NotBefore": "2023-08-31T17:14:33Z",
"NotAfter": "2028-08-31T17:14:33Z"
}Kode kesalahan
Lihat Error Codes untuk daftar lengkap.
Catatan rilis
Lihat Release Notes untuk daftar lengkap.