- Product Introduction
- Purchase Guide
- Console Guide
- TCCLI Management Guide
- Best Practices
- API documentation
- Release History
- API Category
- Making API Requests
- Key APIs
- UpdateKeyDescription
- UpdateAlias
- ReEncrypt
- ListKeys
- ListKeyDetail
- GetServiceStatus
- GetKeyRotationStatus
- GenerateDataKey
- Encrypt
- EnableKeys
- EnableKeyRotation
- EnableKey
- DisableKeys
- DisableKeyRotation
- DisableKey
- DescribeKeys
- DescribeKey
- Decrypt
- CreateKey
- ScheduleKeyDeletion
- CancelKeyDeletion
- ImportKeyMaterial
- GetParametersForImport
- DeleteImportedKeyMaterial
- GenerateRandom
- ListAlgorithms
- UnbindCloudResource
- BindCloudResource
- GetRegions
- CancelKeyArchive
- ArchiveKey
- Asymmetric Key APIs
- White-Box Key APIs
- Data Types
- Error Codes
- Service Level Agreement
- FAQS
- Contact Us
- Glossary
- Product Introduction
- Purchase Guide
- Console Guide
- TCCLI Management Guide
- Best Practices
- API documentation
- Release History
- API Category
- Making API Requests
- Key APIs
- UpdateKeyDescription
- UpdateAlias
- ReEncrypt
- ListKeys
- ListKeyDetail
- GetServiceStatus
- GetKeyRotationStatus
- GenerateDataKey
- Encrypt
- EnableKeys
- EnableKeyRotation
- EnableKey
- DisableKeys
- DisableKeyRotation
- DisableKey
- DescribeKeys
- DescribeKey
- Decrypt
- CreateKey
- ScheduleKeyDeletion
- CancelKeyDeletion
- ImportKeyMaterial
- GetParametersForImport
- DeleteImportedKeyMaterial
- GenerateRandom
- ListAlgorithms
- UnbindCloudResource
- BindCloudResource
- GetRegions
- CancelKeyArchive
- ArchiveKey
- Asymmetric Key APIs
- White-Box Key APIs
- Data Types
- Error Codes
- Service Level Agreement
- FAQS
- Contact Us
- Glossary
1. API Description
Domain name for API request: kms.tencentcloudapi.com.
Create a master key CMK (Custom Master Key) for user management data keys
A maximum of 100 requests can be initiated per second for this API.
We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.
2. Input Parameters
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common parameter. The value used for this API: CreateKey. |
| Version | Yes | String | Common parameter. The value used for this API: 2019-01-18. |
| Region | Yes | String | Common parameter. For more information, please see the list of regions supported by the product. |
| Alias | Yes | String | Unique alias that makes a key more recognizable and understandable. This parameter cannot be empty, can contain 1-60 letters, digits, -, and _, and must begin with a letter or digit. The kms- prefix is used for Tencent Cloud products. |
| Description | No | String | CMK description of up to 1,024 bytes in length |
| KeyUsage | No | String | Key purpose. Valid values: ENCRYPT_DECRYPT (default value; creating a symmetric key for encryption and decryption), ASYMMETRIC_DECRYPT_RSA_2048 (creating an RSA2048 asymmetric key for encryption and decryption), ASYMMETRIC_DECRYPT_SM2 (creating an SM2 asymmetric key for encryption and decryption), and ASYMMETRIC_SIGN_VERIFY_SM2 (creating an SM2 asymmetric key for signature verification). |
| Type | No | Integer | Specifies the key type. Default value: 1. Valid value: 1 - default type, indicating that the CMK is created by KMS; 2 - EXTERNAL type, indicating that you need to import key material. For more information, please see the GetParametersForImport and ImportKeyMaterial API documents. |
| Tags.N | No | Array of Tag | Tag list |
3. Output Parameters
| Parameter Name | Type | Description |
|---|---|---|
| KeyId | String | Globally unique CMK ID |
| Alias | String | Alias that makes a key more recognizable and understandable |
| CreateTime | Integer | Key creation time in UNIX timestamp format |
| Description | String | CMK description |
| KeyState | String | CMK status |
| KeyUsage | String | CMK usage |
| TagCode | Integer | Tag operation return code. 0: success; 1: internal error; 2: business processing error |
| TagMsg | String | Tag operation return information |
| RequestId | String | The unique request ID, which is returned for each request. RequestId is required for locating a problem. |
4. Example
Example1 Creating a CMK
This example shows you how to create a CMK for data encryption key management. The CMK can be used in other APIs to create data encryption keys, perform encryption and decryption, and do more.
Input Example
https://kms.tencentcloudapi.com/?Action=CreateKey
&Alias=mykey
&KeyUsage=ENCRYPT_DECRYPT
&Description=test
&<Common request parameters>Output Example
{
"Response": {
"KeyId": "9999aed0-4956-11e9-bc70-5254005e86b4",
"Alias": "alias-0001",
"CreateTime": 1552897190,
"Description": "test cmk",
"TagMsg": "Success",
"TagCode": 1,
"KeyState": "Enabled",
"KeyUsage": "ENCRYPT_DECRYPT",
"RequestId": "850bf779-2249-4995-8c55-b3966daf0a8c"
}
}5. Developer Resources
SDK
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
- Tencent Cloud SDK 3.0 for Python
- Tencent Cloud SDK 3.0 for Java
- Tencent Cloud SDK 3.0 for PHP
- Tencent Cloud SDK 3.0 for Go
- Tencent Cloud SDK 3.0 for NodeJS
- Tencent Cloud SDK 3.0 for .NET
- Tencent Cloud SDK 3.0 for C++
Command Line Interface
6. Error Code
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| InternalError | Internal error. |
| InvalidParameter | Invalid parameter. |
| InvalidParameterValue.AliasAlreadyExists | The alias already exists. |
| InvalidParameterValue.InvalidAlias | Incorrect alias format |
| InvalidParameterValue.InvalidKeyUsage | Incorrect KeyUsage parameter. |
| InvalidParameterValue.InvalidType | Incorrect Type parameter. |
| InvalidParameterValue.TagKeysDuplicated | Duplicate tag key. |
| InvalidParameterValue.TagsNotExisted | The tag key or tag value does not exist. |
| LimitExceeded.CmkLimitExceeded | The number of CMKs has reached the upper limit. |
| UnauthorizedOperation | Unauthorized operation. |
| UnsupportedOperation.ServiceTemporaryUnavailable | The service is temporarily unavailable. |
| UnsupportedOperation.UnsupportedKeyUsageInCurrentRegion | The encryption method is not supported in the current region. |
Yes
No
Was this page helpful?