KMS services only support HTTP protocol access, and the request method of API is POST.
Description of KeyMetadata and KeyListEntry Data Type
Name
Type
Description
keyId
String
CMK ID
creationDate
String
Time to create master key, UTC time
keyState
String
The status of CMK is one out of enabled, disabled and pendingDeletion.
description
String
Description information of CMK
deletionDate
String
The deletion time that CMK is set with, only when CMK is under PendingDeletion, can this field be used.
keyUsage
String
Use of CMK
region
String
Region where CMK is located
Name
Type
Description
keyId
String
CMK ID
CancelKeyDeletion Interface
Plan to cancel the deletion of CMK.
Name
Type
Description
Required or not
keyId
String
CMK ID
Yes
POST /?action=CancelKeyDeletion
host: bkm.bj.baidubce.com
Authorization: bce-auth-v1/96b66fd0b5ed44bd9d9b9d1597a50516/2018-11-05T09:10:38Z/1800//9b0dde4c69046b3f9e3533273b015d8b145de950ef14548364bbabbabaca4e61
Content-Length: 35
Content-type: application/json
{
"keyId": "5be45b47-38ba-f055-e892-25ff66c91adc"
}
HTTP/1.1 200 OK
X-Bce-Request-Id: b2fabd38-69d9-ff68-8437-5506a3567f24
Date: Mon, 05 Nov 2018 09:10:38 GMT
Content-Length: 0
Connection: keep-alive
Server: BceKms
CreateKey Interface
Create a CMK
{
"description": "string",
"keyUsage": "string"
}
Name
Type
Description
Required or not
Default value
description
String
Description information of CMK
No
-
keyUsage
String
For the use of CMK, it only supports ENCRYPT_DECRYPT at present
No
ENCRYPT_DECRYPT
{
"keyMetadata": {
"keyId":"string",
"creationDate": "string",
"keyState": "string",
"description": "string",
"deletionDate": "string",
"keyUsage": "string",
"region": "string"
}
}
Name
Type
Description
keyMetadata
[KeyMetadata](#KeyMetadata and KeyListEntry Data Type Description)
Detailed information of CMK
POST /?action=CreateKey
host: bkm.bj.baidubce.com
Authorization: bce-auth-v1/96b66fd0b5ed44bd9d9b9d1597a50516/2018-11-05T09:10:38Z/1800//9b0dde4c69046b3f9e3533273b015d8b145de950ef14548364bbabbabaca4e61
Content-Length: 35
Content-type: application/json
HTTP/1.1 200 OK
X-Bce-Request-Id: b2fabd38-69d9-ff68-8437-5506a3567f24
Date: Mon, 05 Nov 2018 09:10:38 GMT
Content-Length: 123
Connection: keep-alive
Server: BceKms
{
"keyMetadata": {
"keyId": "5be45b47-38ba-f055-e892-25ff66c91adc",
"creationDate": "2018-08-13T13:58:18Z",
"keyState": "enabled",
"description": "test",
"deletionDate": "2018-09-15T13:20:14Z",
"keyUsage": "ENCRYPT_DECRYPT",
"region": "bj"
}
}
Decrypt Interface
Decrypt data.
{
"ciphertext": "string"
}
Name
Type
Description
Required or not
ciphertext
String
Ciphertext to be decrypted, with the format of base64
Yes
{
"keyId": "string",
"plaintext": "string"
}
Name
Type
Description
plaintext
String
Decrypted plaintext, with the format of base64
keyId
String
CMK ID
POST /?action=Decrypt
host: bkm.bj.baidubce.com
Authorization: bce-auth-v1/96b66fd0b5ed44bd9d9b9d1597a50516/2018-11-05T09:10:38Z/1800//9b0dde4c69046b3f9e3533273b015d8b145de950ef14548364bbabbabaca4e61
Content-Length: 35
Content-type: application/json
{
"ciphertext": "Y2lwaGVydGV4dCBjaXBoZXJ0ZXh0IGNpcGhlcnRleHQgaW5mbwo",
}
HTTP/1.1 200 OK
X-Bce-Request-Id: b2fabd38-69d9-ff68-8437-5506a3567f24
Date: Mon, 05 Nov 2018 09:10:38 GMT
Content-Length: 0
Connection: keep-alive
Server: BceKms
{
"keyId": "ab0cc017-c50f-f4c4-e125-2779a4d969de"
"plaintext": "cGxhaW50ZXh0IHBsYWludGV4dCBwbGFpbnRleHQK"
}
DescribeKey Interface
Access the detailed information of specified CMK.
Name
Type
Description
Required or not
keyId
String
CMK ID
Yes
{
"keyMetadata": {
"keyId":"string",
"creationDate": "string",
"keyState": "string",
"description": "string",
"deletionDate": "string",
"keyUsage": "string",
"region": "string",
}
}
Name
Type
Description
keyMetadata
[KeyMetadata](#KeyMetadata and KeyListEntry Data Type Description)
Detailed information of CMK
POST /?action=DescribeKey
host: bkm.bj.baidubce.com
Authorization: bce-auth-v1/96b66fd0b5ed44bd9d9b9d1597a50516/2018-11-05T09:10:38Z/1800//9b0dde4c69046b3f9e3533273b015d8b145de950ef14548364bbabbabaca4e61
Content-Length: 35
Content-type: application/json
{
"keyId": "5be45b47-38ba-f055-e892-25ff66c91adc"
}
HTTP/1.1 200 OK
X-Bce-Request-Id: b2fabd38-69d9-ff68-8437-5506a3567f24
Date: Mon, 05 Nov 2018 09:10:38 GMT
Content-Length: 123
Connection: keep-alive
Server: BceKms
{
"keyMetadata": {
"keyId": "5be45b47-38ba-f055-e892-25ff66c91adc",
"creationDate": "2018-08-13T13:58:18Z",
"keyState": "enabled",
"description": "test",
"deletionDate": "2018-09-15T13:20:14Z",
"keyUsage": "ENCRYPT_DECRYPT",
"region": "bj"
}
}
DisableKey Interface
Set the status of CMK to disabled status.
Name
Type
Description
Required or not
keyId
String
CMK ID
Yes
POST /?action=DisableKey
host: bkm.bj.baidubce.com
Authorization: bce-auth-v1/96b66fd0b5ed44bd9d9b9d1597a50516/2018-11-05T09:10:38Z/1800//9b0dde4c69046b3f9e3533273b015d8b145de950ef14548364bbabbabaca4e61
Content-Length: 35
Content-type: application/json
{
"keyId": "5be45b47-38ba-f055-e892-25ff66c91adc"
}
HTTP/1.1 200 OK
X-Bce-Request-Id: <request-id>
Date: Mon, 05 Nov 2018 09:10:38 GMT
Content-Length: 0
Connection: keep-alive
Server: BceKms
EnableKey Interface
Set the status of CMK to be enabled status.
Name
Type
Description
Required or not
keyId
String
CMK ID
Yes
POST /?action=EnableKey
host: bkm.bj.baidubce.com
Authorization: bce-auth-v1/96b66fd0b5ed44bd9d9b9d1597a50516/2018-11-05T09:10:38Z/1800//9b0dde4c69046b3f9e3533273b015d8b145de950ef14548364bbabbabaca4e61
Content-Length: 35
Content-type: application/json
{
"keyId": "5be45b47-38ba-f055-e892-25ff66c91adc"
}
HTTP/1.1 200 OK
X-Bce-Request-Id: b2fabd38-69d9-ff68-8437-5506a3567f24
Date: Mon, 05 Nov 2018 09:10:38 GMT
Content-Length: 0
Connection: keep-alive
Server: BceKms
Encrypt Interface
Use the enciphered data of specified CMK.
{
"keyId": "string",
"plaintext": "string"
}
Name
Type
Description
Required or not
keyId
String
CMK ID
Yes
plaintext
String
The plaintext to be encrypted needs to be encoded with base64, with the length limit of: 1-4096 bytes
Yes
{
"ciphertext": "string",
"keyId": "string"
}
Name
Type
Description
ciphertext
String
Encrypted ciphertext, with the format of base64
keyId
String
CMK ID
POST /?action=Encrypt
host: bkm.bj.baidubce.com
Authorization: bce-auth-v1/96b66fd0b5ed44bd9d9b9d1597a50516/2018-11-05T09:10:38Z/1800//9b0dde4c69046b3f9e3533273b015d8b145de950ef14548364bbabbabaca4e61
Content-Length: 35
Content-type: application/json
{
"keyId": "ab0cc017-c50f-f4c4-e125-2779a4d969de"
"plaintext": "cGxhaW50ZXh0IHBsYWludGV4dCBwbGFpbnRleHQK"
}
HTTP/1.1 200 OK
X-Bce-Request-Id: b2fabd38-69d9-ff68-8437-5506a3567f24
Date: Mon, 05 Nov 2018 09:10:38 GMT
Content-Length: 0
Connection: keep-alive
Server: BceKms
{
"keyId": "ab0cc017-c50f-f4c4-e125-2779a4d969de"
"ciphertext": "Y2lwaGVydGV4dCBjaXBoZXJ0ZXh0IGNpcGhlcnRleHQgaW5mbwo",
}
GenerateDataKey Interface
Use specified CMK to generate Data Key.
{
"keyId": "string",
"keySpec": "string",
"numberOfBytes": number
}
Name
Type
Description
Required or not
keyId
String
CMK ID
Yes
keySpec
String
The length of data key, with two optional values, AES_128 and AES_256, represents 128 bytes and 256 bytes respectively
No
numberOfBytes
Integer
Length of data key, 4096 bytes
No
Note: when numberOfBytes and keySpec are set, the numberOfBytes shall prevail.
{
"ciphertext": "string",
"keyId": "string",
"plaintext": "string"
}
Name
Type
Description
keyId
String
CMK ID
plaintext
String
Decrypted plaintext, with the format of base64
ciphertext
String
Encrypted ciphertext, with the format of base64
POST /?action=GenerateDataKey
host: bkm.bj.baidubce.com
Authorization: bce-auth-v1/96b66fd0b5ed44bd9d9b9d1597a50516/2018-11-05T09:10:38Z/1800//9b0dde4c69046b3f9e3533273b015d8b145de950ef14548364bbabbabaca4e61
Content-Length: 35
Content-type: application/json
{
"keyId": "5be45b47-38ba-f055-e892-25ff66c91adc",
"numberOfBytes": 32
}
HTTP/1.1 200 OK
X-Bce-Request-Id: b2fabd38-69d9-ff68-8437-5506a3567f24
Date: Mon, 05 Nov 2018 09:10:38 GMT
Content-Length: 0
Connection: keep-alive
Server: BceKms
{
"ciphertext": "Y2lwaGVydGV4dCBjaXBoZXJ0ZXh0IGNpcGhlcnRleHQgaW5mbwo",
"keyId": "5be45b47-38ba-f055-e892-25ff66c91adc",
"plaintext": "cGxhaW50ZXh0IHBsYWludGV4dCBwbGFpbnRleHQK"
}
ListKeys Interface
Enumerate the CMK owned by the users in this region.
{
"limit": number,
"marker": "string"
}
Name
Type
Description
Required or not
Default value
limit
Integer
Specify the number of KeyId returned, which defaults to be 100, with the value ranging 1-1000; if the number of eligible keys is less than the value of limit, the number of KeyId meeting the conditions is returned
No
100
marker
String
Sign for CMK location
No
""
{
"keys": [
{
"keyId": "string"
},
{
"keyId": "string"
}
],
"nextMarker": "string",
"truncated": boolean
}
Name
Type
Description
keys
[KeyListEntry Array](#KeyMetadata and KeyListEntry Data Type Description)
CMK List
nextMarker
String
Next location of CMK Id list
truncated
Boolean
Indicating whether more master key ids have not been returned
POST /?action=ListKeys
host: bkm.bj.baidubce.com
Authorization: bce-auth-v1/96b66fd0b5ed44bd9d9b9d1597a50516/2018-11-05T09:10:38Z/1800//9b0dde4c69046b3f9e3533273b015d8b145de950ef14548364bbabbabaca4e61
Content-Length: 35
Content-type: application/json
HTTP/1.1 200 OK
X-Bce-Request-Id: b2fabd38-69d9-ff68-8437-5506a3567f24
Date: Mon, 05 Nov 2018 09:10:38 GMT
Content-Length: 0
Connection: keep-alive
Server: BceKms
{
"keys": [
{
"keyId": "df0cc217-c50f-f4c4-e125-2779b4d94rt6"
},
{
"keyId": "ab0cc217-c50f-f4c4-e125-2779b4d969de"
}
],
"truncated": false
}
ScheduleKeyDeletion Interface
Plan to delete a CMK, which is scheduled to be deleted within 24 hours after the specified time.
{
"keyId": "string"
"pendingWindowInDays": number
}
Name
Type
Description
Required or not
Default value
keyId
String
CMK ID
Yes
-
pendingWindowInDays
Integer
The time to wait for deletion shall be at least 7 days, with a maximum of 30 days and default to 30 days
No
30
Name
Type
Description
keyId
String
CMK ID
deletionDate
String
Scheduled time for deletion
POST /?action=ScheduleKeyDeletion
host: bkm.bj.baidubce.com
Authorization: bce-auth-v1/96b66fd0b5ed44bd9d9b9d1597a50516/2018-11-05T09:10:38Z/1800//9b0dde4c69046b3f9e3533273b015d8b145de950ef14548364bbabbabaca4e61
Content-Length: 35
Content-type: application/json
{
"keyId": "5be45b47-38ba-f055-e892-25ff66c91adc"
"pendingWindowInDays": 10
}
HTTP/1.1 200 OK
X-Bce-Request-Id: b2fabd38-69d9-ff68-8437-5506a3567f24
Date: Mon, 05 Nov 2018 09:10:38 GMT
Content-Length: 0
Connection: keep-alive
Server: BceKms
{
"deletionDate": "2018-08-15T13:58:18Z",
"keyId": "5be45b47-38ba-f055-e892-25ff66c91adc"
}