Encryption Key Management¶
Permission | API | Action | Dependent Permission | IAM Project (Project) | Enterprise Project (Enterprise Project) |
---|---|---|---|---|---|
Creating a CMK | POST /v1.0/{project_id}/kms/create-key | kms:cmk:create |
| Y | Y |
Enabling a CMK | POST /v1.0/{project_id}/kms/enable-key | kms:cmk:enable |
| Y | Y |
Disabling a CMK | POST /v1.0/{project_id}/kms/disable-key | kms:cmk:disable |
| Y | Y |
Scheduling the deletion of a CMK | POST /v1.0/{project_id}/kms/schedule-key-deletion | kms:cmk:update |
| Y | Y |
Canceling the scheduled deletion of a CMK | POST /v1.0/{project_id}/kms/cancel-key-deletion | kms:cmk:update |
| Y | Y |
Querying the list of CMKs | POST /v1.0/{project_id}/kms/list-keys | kms:cmk:list |
| Y | Y |
Queries the CMK information. | POST /v1.0/{project_id}/kms/describe-key | kms:cmk:get |
| Y | Y |
Generating a random number | POST /v1.0/{project_id}/kms/gen-random | kms:cmk:generate |
| Y | Y |
Creating a DEK | POST /v1.0/{project_id}/kms/create-datakey | kms:dek:create |
| Y | Y |
Creating a plaintext-free DEK | POST /v1.0/{project_id}/kms/create-datakey-without-plaintext | kms:dek:create |
| Y | Y |
Encrypting a DEK | POST /v1.0/{project_id}/kms/encrypt-datakey | kms:dek:crypto |
| Y | Y |
Decrypting a DEK | POST /v1.0/{project_id}/kms/decrypt-datakey | kms:dek:crypto |
| Y | Y |
Querying the number of instances | GET /v1.0/{project_id}/kms/user-instances | kms:cmk:getInstance |
| Y | Y |
Querying the user quota | GET /v1.0/{project_id}/kms/user-quotas | kms:cmk:getQuota |
| Y | Y |
Modifying the CMK alias | POST /v1.0/{project_id}/kms/update-key-alias | kms:cmk:update |
| Y | Y |
Modifying the description of a CMK | POST /v1.0/{project_id}/kms/update-key-description | kms:cmk:update |
| Y | Y |
Creating a grant | POST /v1.0/{project_id}/kms/create-grant | kms:grant:create |
| Y | Y |
Revoking a grant | POST /v1.0/{project_id}/kms/revoke-grant | kms:grant:revoke |
| Y | Y |
Retiring a grant | POST /v1.0/{project_id}/kms/retire-grant | kms:grant:retire |
| Y | Y |
Querying the grant list of a CMK | POST /v1.0/{project_id}/kms/list-grants | kms:grant:list |
| Y | Y |
Querying the list of grants that can be retired | POST /v1.0/{project_id}/kms/list-retirable-grants | kms:grant:list |
| Y | Y |
Encrypting data | POST /v1.0/{project_id}/kms/encrypt-data | kms:cmk:crypto |
| Y | Y |
Decrypting data | POST /v1.0/{project_id}/kms/decrypt-data | kms:cmk:crypto |
| Y | Y |
Obtaining parameters for importing a key | POST /v1.0/{project_id}/kms/get-parameters-for-import | kms:cmk:getMaterial |
| Y | Y |
Importing key material | POST /v1.0/{project_id}/kms/import-key-material | kms:cmk:importMaterial |
| Y | Y |
Deleting key material | POST /v1.0/{project_id}/kms/delete-imported-key-material | kms:cmk:deleteMaterial |
| Y | Y |
Querying key resource instances | POST /v1.0/{project_id}/kms/resource_instances/action | kms:cmkTag:listInstance |
| Y | Y |
Querying tags of a key | GET /v1.0/{project_id}/kms/{key_id}/tags | kms:cmkTag:list |
| Y | Y |
Querying the project tags | GET /v1.0/{project_id}/kms/tags | kms:cmkTag:list |
| Y | Y |
Adding or deleting key tags in batches | POST /v1.0/{project_id}/kms/{key_id}/tags/action | kms:cmkTag:batch |
| Y | Y |
Adding tags to a key | POST /v1.0/{project_id}/kms/{key_id}/tags | kms:cmkTag:create |
| Y | Y |
Deleting tags of a key | POST /v1.0/{project_id}/kms/{ key_id }/tags/{key} | kms:cmkTag:delete |
| Y | Y |