All Products
Search
Document Center

Key Management Service:DescribeKey

Last Updated:Jun 14, 2024

Queries the information about a key.

In the following example, a key whose ID is key-hzz630494463ejqjx**** is queried.The information about the key includes the creator, creation time, key status, and deletion protection status.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter

Type

Required

Example

Description

Action String Yes DescribeKey

The operation that you want to perform. Set the value to DescribeKey.

KeyId String Yes key-hzz630494463ejqjx****

The ID, alias, or Alibaba Cloud Resource Name (ARN) of the key. For more information, see Manage a key alias.

Note When you access a key within another Alibaba Cloud account, you must enter the ARN of the key. The key ARN is in the acs:kms:${region}:${account}:key/${keyid} format.

Response parameters

Parameter

Type

Example

Description

RequestId String f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f

The ID of the request, which is used to locate and troubleshoot issues.

KeyMetadata Object

The metadata of the key.

DeletionProtection String Enabled

Indicates whether deletion protection is enabled. Valid values:

  • Enabled
  • Disabled
KeyId String key-hzz630494463ejqjx****

The ID of the key. If KeyId is set to the alias or ARN of the key, the ID of the key is returned.

NextRotationDate String 2021-07-06T18:22:03Z

The time when the next rotation is performed.

Note This parameter is returned only when the value of AutomaticRotation is Enabled or Suspended.
KeyState String Enabled

The status of the key.

For more information, see Impacts of key status on API operations.

RotationInterval String 31536000s

The interval for automatic rotation.

Unit: seconds.

For example, if the value is 604800s, automatic key rotation is performed at a 7-day interval.

Note This parameter is returned only when the value of AutomaticRotation is Enabled or Suspended.
Arn String acs:kms:cn-hangzhou:154035569884****:key/key-hzz630494463ejqjx****

The ARN of the key.

Creator String 154035569884****

The Alibaba Cloud account that is used to create the key.

LastRotationDate String 2024-05-20T06:34:21Z

The time when the last rotation is performed. The time is in UTC. For a new key, the value of this parameter is the time when the initial version of the key is generated.

DeleteDate String 2024-05-26T18:22:03Z

The time at which the key is scheduled for deletion. The time is displayed in UTC.

For more information, see ScheduleKeyDeletion.

Note This parameter is returned only when the value of KeyState is PendingDeletion.
PrimaryKeyVersion String 515e0b0a-624f-45ab-92b5-54f9b551****

The ID of the current primary key version for the symmetric key.

Description String key description example

The description of the key.

KeySpec String Aliyun_AES_256

The type of the key.

Origin String Aliyun_KMS

The key material origin.

MaterialExpireTime String 2024-07-06T18:22:03Z

The time when the key material expires. The time is in UTC. If the value is empty, the key material does not expire.

DeletionProtectionDescription String The key is being used by XXX. Deletion protection is set.

The description of deletion protection.

AutomaticRotation String Disabled

Indicates whether automatic key rotation is enabled. Valid values:

  • Enabled
  • Disabled
  • Suspended

For more information, see Automatic key rotation.

Note Only symmetric keys support automatic key rotation.
ProtectionLevel String HSM

The protection level of the key.

KeyUsage String ENCRYPT/DECRYPT

The usage of the key.

CreationDate String 2024-05-20T06:34:21Z

The time when the key is created. The time is displayed in UTC.

DKMSInstanceId String kst-bjj62d8f5e0sgtx8h****

The ID of the Key Management Service (KMS) instance.

Examples

Sample requests

http(s)://[Endpoint]/?Action=DescribeKey
&KeyId=key-hzz630494463ejqjx****
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<DescribeKeyResponse>
    <RequestId>f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f</RequestId>
    <KeyMetadata>
        <DeletionProtection>Enabled</DeletionProtection>
        <KeyId>key-hzz630494463ejqjx****</KeyId>
        <NextRotationDate>2021-07-06T18:22:03Z</NextRotationDate>
        <KeyState>Enabled</KeyState>
        <RotationInterval>31536000s</RotationInterval>
        <Arn>acs:kms:cn-hangzhou:154035569884****:key/key-hzz630494463ejqjx****</Arn>
        <Creator>154035569884****</Creator>
        <LastRotationDate>2024-05-20T06:34:21Z</LastRotationDate>
        <DeleteDate>2024-05-26T18:22:03Z</DeleteDate>
        <PrimaryKeyVersion>515e0b0a-624f-45ab-92b5-54f9b551****</PrimaryKeyVersion>
        <Description>key description example</Description>
        <KeySpec>Aliyun_AES_256</KeySpec>
        <Origin>Aliyun_KMS</Origin>
        <MaterialExpireTime>2024-07-06T18:22:03Z</MaterialExpireTime>
        <DeletionProtectionDescription>The key is being used by XXX. Deletion protection is set. </DeletionProtectionDescription>
        <AutomaticRotation>Disabled</AutomaticRotation>
        <ProtectionLevel>HSM</ProtectionLevel>
        <KeyUsage>ENCRYPT/DECRYPT</KeyUsage>
        <CreationDate>2024-05-20T06:34:21Z</CreationDate>
        <DKMSInstanceId>kst-bjj62d8f5e0sgtx8h****</DKMSInstanceId>
    </KeyMetadata>
</DescribeKeyResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f",
  "KeyMetadata" : {
    "DeletionProtection" : "Enabled",
    "KeyId" : "key-hzz630494463ejqjx****",
    "NextRotationDate" : "2021-07-06T18:22:03Z",
    "KeyState" : "Enabled",
    "RotationInterval" : "31536000s",
    "Arn" : "acs:kms:cn-hangzhou:154035569884****:key/key-hzz630494463ejqjx****",
    "Creator" : "154035569884****",
    "LastRotationDate" : "2024-05-20T06:34:21Z",
    "DeleteDate" : "2024-05-26T18:22:03Z",
    "PrimaryKeyVersion" : "515e0b0a-624f-45ab-92b5-54f9b551****",
    "Description" : "key description example",
    "KeySpec" : "Aliyun_AES_256",
    "Origin" : "Aliyun_KMS",
    "MaterialExpireTime" : "2024-07-06T18:22:03Z",
    "DeletionProtectionDescription" : "The key is being used by XXX. Deletion protection is set.",
    "AutomaticRotation" : "Disabled",
    "ProtectionLevel" : "HSM",
    "KeyUsage" : "ENCRYPT/DECRYPT",
    "CreationDate" : "2024-05-20T06:34:21Z",
    "DKMSInstanceId" : "kst-bjj62d8f5e0sgtx8h****"
  }
}

Error codes

HTTP status code

Error code

Error message

Description

400 InvalidParameter The specified parameter is not valid. The specified parameter is invalid.
404 Forbidden.KeyNotFound The specified Key is not found. The key does not exist.
404 Forbidden.AliasNotFound The specified Alias is not found. The specified alias is not found.

For a list of error codes, see Service error codes.