产品概述
产品优势
应用场景
基本概念
Algorithm name and ID
Used by actions: ListAlgorithms.
| Name | Type | Description |
|---|---|---|
| KeyUsage | String | Algorithm ID |
| Algorithm | String | Algorithm name |
Specifies the data key attribute.
Used by actions: ListDataKeys.
| Name | Type | Required | Description |
|---|---|---|---|
| DataKeyId | String | No | Globally unique id of DataKey. |
Specifies the data key attribute information.
Used by actions: DescribeDataKey, DescribeDataKeys, ListDataKeyDetail.
| Name | Type | Description |
|---|---|---|
| DataKeyId | String | DataKey globally unique id. |
| KeyId | String | Globally unique id of the CMK. |
| KeyName | String | CMK name. |
| DataKeyName | String | Key name as a more recognizable and understandable data key. |
| NumberOfBytes | Integer | Specifies the length of the data key in bytes. |
| CreateTime | Integer | Key key creation time. |
| Description | String | DataKey description. |
| KeyState | String | DataKey status. valid values: Enabled, Disabled, PendingDelete. |
| CreatorUin | Integer | Creator. |
| Owner | String | Specifies the creator of the data key. valid values: user (user-created) or product name (auto-created by authorized cloud services). |
| DeletionDate | Integer | The time when schedule deletion. |
| Origin | String | Specifies the key material type of DataKey. valid values: TENCENT_KMS (created by KMS), EXTERNAL (user import). |
| HsmClusterId | String | HSM cluster ID (only applicable to KMS exclusive/managed service instance). |
| ResourceId | String | Resource ID in the format of creatorUin/$creatorUin/$dataKeyId. |
| IsSyncReplica | Integer | Whether the key is a primary replica. valid values: 0 (primary), 1 (synced replica). |
| SourceRegion | String | Synchronous original region. |
| SyncStatus | Integer | The state of key synchronization. valid values: 0 (unsynced), 1 (synchronization successful), 2 (synchronization failed), 3 (synchronizing). |
| SyncMessages | String | Sresult description}. |
| SyncStartTime | Integer | Start time of synchronization. |
| SyncEndTime | Integer | Specifies the synchronous end time. |
| SourceHsmClusterId | String | Synchronous original cluster. if empty, it is a public cloud public cluster. |
| AccountAppId | Integer | Member account appId. |
| AccountUin | Integer | Member account UIN |
| AccountName | String | Member account name. |
Target region list of the sync task, including region and cluster information. if the cluster is empty, it means public cloud shared cluster. if the cluster is not empty, it means dedicated cluster.
Used by actions: GetServiceStatus.
| Name | Type | Required | Description |
|---|---|---|---|
| DestinationRegion | String | No | Specifies the target region of the synchronization task. |
| HsmClusterId | String | No | HsmClusterId being empty indicates public cloud shared version. if not empty, it indicates exclusive edition cluster in the region. |
Device fingerprint
Used by actions: DescribeWhiteBoxDeviceFingerprints, OverwriteWhiteBoxDeviceFingerprints.
| Name | Type | Required | Description |
|---|---|---|---|
| Identity | String | Yes | Fingerprint information collected by device fingerprint collector. Its format must be in the following regular expression: ^[0-9a-f]{8}[-][0-9a-f]{14}[-][0-9a-f]{14}[-][0-9a-f]{14}[-][0-9a-f]{16}$ |
| Description | String | No | Description information, such as IP and device name, with a maximum of 1024 bytes. |
Exclusive edition cluster.
Used by actions: GetServiceStatus.
| Name | Type | Description |
|---|---|---|
| HsmClusterId | String | Dedicated cluster Id. |
| HsmClusterName | String | Dedicated cluster name. |
Returned CMK list information
Used by actions: ListKeys.
| Name | Type | Description |
|---|---|---|
| KeyId | String | Globally unique CMK ID. |
CMK attribute information
Used by actions: DescribeKey, DescribeKeys, ListKeyDetail.
| Name | Type | Description |
|---|---|---|
| KeyId | String | Globally unique CMK ID |
| Alias | String | Alias that makes a key more recognizable and understandable |
| CreateTime | Integer | Key creation time |
| Description | String | CMK description |
| KeyState | String | CMK status. Valid values: Enabled, Disabled, PendingDelete, PendingImport, Archived. |
| KeyUsage | String | CMK purpose. Valid values: ENCRYPT_DECRYPT, ASYMMETRIC_DECRYPT_RSA_2048, ASYMMETRIC_DECRYPT_SM2, ASYMMETRIC_SIGN_VERIFY_SM2, ASYMMETRIC_SIGN_VERIFY_RSA_2048, and ASYMMETRIC_SIGN_VERIFY_ECC. |
| Type | Integer | CMK type. 2: FIPS-compliant; 4: SM-CRYPTO |
| CreatorUin | Integer | Creator |
| KeyRotationEnabled | Boolean | Whether key rotation is enabled |
| Owner | String | CMK creator. The value of this parameter is user if the CMK is created by the user, or the corresponding service name if it is created automatically by an authorized Tencent Cloud service. |
| NextRotateTime | Integer | Time of next rotation if key rotation is enabled |
| DeletionDate | Integer | The time when scheduled deletion occurs. |
| Origin | String | CMK key material type. the type created by KMS is TENCENT_KMS. the user-imported type is EXTERNAL. |
| ValidTo | Integer | Valid when Origin is EXTERNAL. indicates the validity date of the key material. 0 means no expiration. |
| ResourceId | String | Resource ID in the format of creatorUin/$creatorUin/$keyId. |
| HsmClusterId | String | HSM cluster ID (valid only for exclusive or managed version KMS service instances). |
| RotateDays | Integer | Key rotation period (days). |
| LastRotateTime | Integer | Last disorderly rotation time (Unix timestamp). |
| IsSyncReplica | Integer | Specifies whether the key is a primary replica. valid values: 0 (primary replica), 1 (synced replica). |
| SourceRegion | String | Synchronous original region. |
| SyncStatus | Integer | The state of key synchronization. valid values: 0 (unsynced), 1 (synchronization successful), 2 (synchronization failed), 3 (synchronizing). |
| SyncMessages | String | Describes the synchronous result. |
| SyncStartTime | Integer | Start time of synchronization. |
| SyncEndTime | Integer | Specifies the synchronous end time. |
| SourceHsmClusterId | String | Synchronous original cluster. if empty, it is a public cloud public cluster. |
| AccountAppId | Integer | Member account appId. |
| AccountUin | Integer | Member account UIN |
| AccountName | String | Member account name. |
Shared member account information.
Used by actions: ArchiveKey, CancelDataKeyDeletion, CancelKeyArchive, CancelKeyDeletion, DescribeDataKey, DescribeDataKeys, DescribeKey, DescribeKeys, DisableDataKey, DisableDataKeys, DisableKey, DisableKeyRotation, DisableKeys, EnableDataKey, EnableDataKeys, EnableKey, EnableKeyRotation, EnableKeys, GetDataKeyCiphertextBlob, GetKeyRotationStatus, ListDataKeyDetail, ListKeyDetail, ScheduleDataKeyDeletion, ScheduleKeyDeletion, UpdateAlias, UpdateDataKeyDescription, UpdateDataKeyName, UpdateKeyDescription.
| Name | Type | Required | Description |
|---|---|---|---|
| MemberAppId | Integer | No | Member account appid. |
| MemberUin | Integer | No | Member account UIN |
Tag key and tag value
Used by actions: CreateKey, CreateWhiteBoxKey, GenerateDataKey, ImportDataKey.
| Name | Type | Required | Description |
|---|---|---|---|
| TagKey | String | Yes | Tag key |
| TagValue | String | Yes | Tag value |
Tag filter
Used by actions: DescribeWhiteBoxKeyDetails, ListDataKeyDetail, ListKeyDetail.
| Name | Type | Required | Description |
|---|---|---|---|
| TagKey | String | Yes | Tag key |
| TagValue | Array of String | No | Tag value |
White-box key information
Used by actions: DescribeWhiteBoxKey, DescribeWhiteBoxKeyDetails.
| Name | Type | Description |
|---|---|---|
| KeyId | String | Globally unique white-box key ID |
| Alias | String | Unique alias that makes a key more recognizable and understandable. This parameter cannot be empty, can contain 1 to 60 letters, digits, hyphens (-), and underscores (_), and must begin with a letter or digit. |
| CreatorUin | Integer | Creator |
| Description | String | Key description information |
| CreateTime | Integer | Key creation time in Unix timestamp |
| Status | String | White-box key status. Valid values: Enabled, Disabled |
| OwnerUin | Integer | Creator |
| Algorithm | String | Key algorithm type |
| EncryptKey | String | Base64-encoded white-box encryption key |
| DecryptKey | String | Base64-encoded white-box decryption key |
| ResourceId | String | Resource ID in the format of creatorUin/$creatorUin/$keyId |
| DeviceFingerprintBind | Boolean | Specifies whether there is a device fingerprint bound to the current key. |
文档反馈