- Product Introduction
- Purchase Guide
- Console Guide
- TCCLI Management Guide
- Best Practices
- API documentation
- Release History
- API Category
- Making API Requests
- Key APIs
- UpdateKeyDescription
- UpdateAlias
- ReEncrypt
- ListKeys
- ListKeyDetail
- GetServiceStatus
- GetKeyRotationStatus
- GenerateDataKey
- Encrypt
- EnableKeys
- EnableKeyRotation
- EnableKey
- DisableKeys
- DisableKeyRotation
- DisableKey
- DescribeKeys
- DescribeKey
- Decrypt
- CreateKey
- ScheduleKeyDeletion
- CancelKeyDeletion
- ImportKeyMaterial
- GetParametersForImport
- DeleteImportedKeyMaterial
- GenerateRandom
- ListAlgorithms
- UnbindCloudResource
- BindCloudResource
- GetRegions
- CancelKeyArchive
- ArchiveKey
- Asymmetric Key APIs
- White-Box Key APIs
- Data Types
- Error Codes
- Service Level Agreement
- FAQS
- Contact Us
- Glossary
- Product Introduction
- Purchase Guide
- Console Guide
- TCCLI Management Guide
- Best Practices
- API documentation
- Release History
- API Category
- Making API Requests
- Key APIs
- UpdateKeyDescription
- UpdateAlias
- ReEncrypt
- ListKeys
- ListKeyDetail
- GetServiceStatus
- GetKeyRotationStatus
- GenerateDataKey
- Encrypt
- EnableKeys
- EnableKeyRotation
- EnableKey
- DisableKeys
- DisableKeyRotation
- DisableKey
- DescribeKeys
- DescribeKey
- Decrypt
- CreateKey
- ScheduleKeyDeletion
- CancelKeyDeletion
- ImportKeyMaterial
- GetParametersForImport
- DeleteImportedKeyMaterial
- GenerateRandom
- ListAlgorithms
- UnbindCloudResource
- BindCloudResource
- GetRegions
- CancelKeyArchive
- ArchiveKey
- Asymmetric Key APIs
- White-Box Key APIs
- Data Types
- Error Codes
- Service Level Agreement
- FAQS
- Contact Us
- Glossary
1. API Description
Domain name for API request: kms.tencentcloudapi.com.
Create a master key CMK (Custom Master Key) for user management data keys
A maximum of 100 requests can be initiated per second for this API.
We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.
2. Input Parameters
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
This document describes the parameters for Signature V1. It's recommended to use the V3 signature, which provides higher security. Note that for Signature V3, the common parameters need to be placed in the HTTP Header. See details.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common parameter. The value used for this API: CreateKey. |
| Version | Yes | String | Common parameter. The value used for this API: 2019-01-18. |
| Region | Yes | String | Common parameter. For more information, please see the list of regions supported by the product. |
| Alias | Yes | String | Unique alias that makes a key more recognizable and understandable. This parameter cannot be empty, can contain 1-60 letters, digits, -, and _, and must begin with a letter or digit. The kms- prefix is used for Tencent Cloud products. |
| Description | No | String | CMK description of up to 1,024 bytes in length |
| KeyUsage | No | String | Defines the purpose of the key. The valid values are as follows: ENCRYPT_DECRYPT (default): creates a symmetric encryption/decryption key; ASYMMETRIC_DECRYPT_RSA_2048: creates an asymmetric encryption/decryption 2048-bit RSA key; ASYMMETRIC_DECRYPT_SM2: creates an asymmetric encryption/decryption SM2 key; ASYMMETRIC_SIGN_VERIFY_SM2: creates an asymmetric SM2 key for signature verification; ASYMMETRIC_SIGN_VERIFY_ECC: creates an asymmetric 2048-bit RSA key for signature verification; ASYMMETRIC_SIGN_VERIFY_ECDSA384: creates an asymmetric ECDSA384 key for signature verification. You can get a full list of supported key purposes and algorithms using the ListAlgorithms API. |
| Type | No | Integer | Specifies the key type. Default value: 1. Valid value: 1 - default type, indicating that the CMK is created by KMS; 2 - EXTERNAL type, indicating that you need to import key material. For more information, please see the GetParametersForImport and ImportKeyMaterial API documents. |
| Tags.N | No | Array of Tag | Tag list |
3. Output Parameters
| Parameter Name | Type | Description |
|---|---|---|
| KeyId | String | Globally unique CMK ID |
| Alias | String | Alias that makes a key more recognizable and understandable |
| CreateTime | Integer | Key creation time in UNIX timestamp format |
| Description | String | CMK description |
| KeyState | String | CMK status |
| KeyUsage | String | CMK usage |
| TagCode | Integer | Tag operation return code. 0: success; 1: internal error; 2: business processing error |
| TagMsg | String | Tag operation return information |
| RequestId | String | The unique request ID, which is returned for each request. RequestId is required for locating a problem. |
4. Example
Example1 Creating a CMK
This example shows you how to create a CMK for data encryption key management. The CMK can be used in other APIs to create data encryption keys, perform encryption and decryption, and do more.
Input Example
https://kms.tencentcloudapi.com/?Action=CreateKey
&Alias=mykey
&KeyUsage=ENCRYPT_DECRYPT
&Description=test
&<Common request parameters>
Output Example
{
"Response": {
"KeyId": "9999aed0-4956-11e9-bc70-5254005e86b4",
"Alias": "alias-0001",
"CreateTime": 1552897190,
"Description": "test cmk",
"TagMsg": "Success",
"TagCode": 0,
"KeyState": "Enabled",
"KeyUsage": "ENCRYPT_DECRYPT",
"RequestId": "850bf779-2249-4995-8c55-b3966daf0a8c"
}
}
5. Developer Resources
SDK
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
- Tencent Cloud SDK 3.0 for Python
- Tencent Cloud SDK 3.0 for Java
- Tencent Cloud SDK 3.0 for PHP
- Tencent Cloud SDK 3.0 for Go
- Tencent Cloud SDK 3.0 for NodeJS
- Tencent Cloud SDK 3.0 for .NET
- Tencent Cloud SDK 3.0 for C++
Command Line Interface
6. Error Code
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| InternalError | Internal error. |
| InvalidParameter | Invalid parameter. |
| InvalidParameterValue.AliasAlreadyExists | The alias already exists. |
| InvalidParameterValue.InvalidAlias | Incorrect alias format |
| InvalidParameterValue.InvalidKeyUsage | Incorrect KeyUsage parameter. |
| InvalidParameterValue.InvalidType | Incorrect Type parameter. |
| InvalidParameterValue.TagKeysDuplicated | Duplicate tag key. |
| InvalidParameterValue.TagsNotExisted | The tag key or tag value does not exist. |
| LimitExceeded.CmkLimitExceeded | The number of CMKs has reached the upper limit. |
| UnauthorizedOperation | Unauthorized operation. |
| UnsupportedOperation.ServiceTemporaryUnavailable | The service is temporarily unavailable. |
| UnsupportedOperation.UnsupportedKeyUsageInCurrentRegion | The encryption method is not supported in the current region. |
Yes
No
Was this page helpful?