All Products
Search
Document Center

MaxCompute:ROTATE_KEYSET

最終更新日:Nov 23, 2023

Allows the system to automatically produce a new key and configures the new key as the master key.

Syntax

binary ROTATE_KEYSET(binary <keyset>, string <key_type>, [string <description> ])

Parameters

  • keyset: required. A value of the BINARY type. This parameter specifies the keyset that you want to update.

  • key_type: required. This parameter specifies the algorithm type of the new key. Valid values: AES-GCM-256, AES-SIV-CMAC-128, and AES-SIV-CMAC-256.

  • description: optional. This parameter provides a description of the new data key.

Return value

A keyset of the BINARY type is returned.

Note

You can use HEX to convert the BINARY type into the STRING type or use UNHEX to convert the STRING type into the BINARY type based on your business requirements.

Examples

select ROTATE_KEYSET(unhex ('0A1072384D715A414541385044643351534C12580A330A0B4145532D47434D2D323536122026A8FB1126DF4F5B5DD03C180E6919565D7716CBB291815EFB5BBF30F8BEF9AF1801200210011A1072384D715A414541385044643351534C20022A0B68656C6C6F20776F726C64'), 'AES-SIV-CMAC-256', 'hello world') ;

The following result is returned:

+------------+
| _c0        |
+------------+
| =0A=10BVIuZQEAcHHPLfn1=12X=0A3=0A=0BAES-GCM-256=12=20&=A8=FB=11&=DFO[]=D0<=18=0Ei=19V]w=16=CB=B2=91=81^=FB[=BF0=F8=BE=F9=AF=18=01=20=02=10=01=1A=10r8MqZAEA8PDd3QSL=20=02*=0Bhello=20world=12}=0AX=0A=10AES-SIV-CMAC-256=12@=9D=AD=B7=D6=AF=01=B2=9D=CE=C3=02y=A9=DB=E1=17q>'F=DC=F5=EF=FFI=7F=F0w)=95F=07>=9C=EDqn=DF=0E=1E=16bP&=D3=7F>gV=CBl=8AGJCm=93=FF=F9=96=AD=1A=C0=BC=18=01=20=02=10=01=1A=10BVIuZQEAcHHPLfn1=20=02*=0Bhello=20world |
+-----------

References

References

Description

Use keysets

Describes how to use keyset-related encryption and decryption functions.

NEW_KEYSET

Describes the NEW_KEYSET function. The function is used to create a keyset based on a specified algorithm type.

ADD_KEY_TO_KEYSET

Describes the ADD_KEY_TO_KEYSET function. The function is used to add a key to a keyset and configure the key as the master key.

KEYSET_TO_JSON

Describes the KEYSET_TO_JSON function. The function is used to convert a keyset of the BINARY type into a readable JSON string. After the conversion, you can view the details of the keyset.

KEYSET_FROM_JSON

Describes the KEYSET_FROM_JSON function. The function is used to convert a keyset of the JSON type into a keyset of the BINARY type.

NEW_WRAPPED_KEYSET

Describes the NEW_WRAPPED_KEYSET function. The function is used to assume the Alibaba Cloud Resource Name (ARN) of a role that can use Key Management Service (KMS) customer master key (CMK) ARNs to MaxCompute and create a wrapped keyset. The role ARN is specified by role_arn. The KMS CMK ARN is specified by kms_cmk_arn. The function is also used to grant other Alibaba Cloud accounts the permissions to decrypt a keyset based on role_chain.

REWRAP_KEYSET

Describes the REWRAP_KEYSET function. The function is used to encrypt a wrapped keyset based on a specified KMS key.

ROTATE_WRAPPED_KEYSET

Describes the ROTATE_WRAPPED_KEYSET function. The function is used to decrypt a wrapped keyset, implement key rotation, and use a new key to encrypt data.

USE_WRAPPED_KEYSET

Describes the USE_WRAPPED_KEYSET function. The function is used to convert a wrapped keyset into a basic keyset that is used as a parameter in the encryption or decryption function. You can also use the USE_WRAPPED_KEYSET function to obtain information about a wrapped keyset and save the information for subsequent keyset maintenance.

ENHANCED_SYM_ENCRYPT

Describes the ENHANCED_SYM_ENCRYPT function. The function is used to encrypt data by using a specified keyset.

ENHANCED_SYM_DECRYPT

Describes the ENHANCED_SYM_DECRYPT function. The function is used to decrypt data by using a specified keyset.