Key Management Service API, REST: SymmetricCrypto.ReEncrypt

Статья создана

Обновлена 9 декабря 2025 г.

Re-encrypts a ciphertext with the specified KMS key.

HTTP request

POST https://dpl.kms.api.yandexcloud.kz/kms/v1/keys/{keyId}:reEncrypt

Field

Description

keyId

string

Required field. ID of the new key to be used for encryption.

The maximum string length in characters is 50.

{
  "versionId": "string",
  "aadContext": "string",
  "sourceKeyId": "string",
  "sourceAadContext": "string",
  "ciphertext": "string"
}

Field	Description
versionId	string ID of the version of the new key to be used for encryption. Defaults to the primary version if not specified. The maximum string length in characters is 50.
aadContext	string (bytes) Additional authenticated data to be required for decryption. Should be encoded with base64. The maximum string length in characters is 8192.
sourceKeyId	string Required field. ID of the key that the ciphertext is currently encrypted with. May be the same as for the new key. The maximum string length in characters is 50.
sourceAadContext	string (bytes) Additional authenticated data provided with the initial encryption request. Should be encoded with base64. The maximum string length in characters is 8192.
ciphertext	string (bytes) Required field. Ciphertext to re-encrypt. Should be encoded with base64.

HTTP Code: 200 - OK

{
  "keyId": "string",
  "versionId": "string",
  "sourceKeyId": "string",
  "sourceVersionId": "string",
  "ciphertext": "string"
}

Field	Description
keyId	string ID of the key that the ciphertext is encrypted with now.
versionId	string ID of key version that was used for encryption.
sourceKeyId	string ID of the key that the ciphertext was encrypted with previously.
sourceVersionId	string ID of the key version that was used to decrypt the re-encrypted ciphertext.
ciphertext	string (bytes) Resulting re-encrypted ciphertext.