Key Management Service API, REST: SymmetricKey.get
Returns the specified symmetric KMS key.
To get the list of available symmetric KMS keys, make a list request.
HTTP request
GET https://kms.api.cloud.yandex.net/kms/v1/keys/{keyId}
Path parameters
Parameter | Description |
---|---|
keyId | Required. ID of the symmetric KMS key to return. To get the ID of a symmetric KMS key use a list request. The maximum string length in characters is 50. |
Response
HTTP Code: 200 - OK
{
"id": "string",
"folderId": "string",
"createdAt": "string",
"name": "string",
"description": "string",
"labels": "object",
"status": "string",
"primaryVersion": {
"id": "string",
"keyId": "string",
"status": "string",
"algorithm": "string",
"createdAt": "string",
"primary": true,
"destroyAt": "string",
"hostedByHsm": true
},
"defaultAlgorithm": "string",
"rotatedAt": "string",
"rotationPeriod": "string",
"deletionProtection": true
}
A symmetric KMS key that may contain several versions of the cryptographic material.
Field | Description |
---|---|
id | string ID of the key. |
folderId | string ID of the folder that the key belongs to. |
createdAt | string (date-time) Time when the key was created. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits). |
name | string Name of the key. |
description | string Description of the key. |
labels | object Custom labels for the key as |
status | string Current status of the key. |
primaryVersion | object Primary version of the key, used as the default for all encrypt/decrypt operations, when no version ID is specified. Symmetric KMS key version: metadata about actual cryptographic data. |
primaryVersion. id |
string ID of the key version. |
primaryVersion. keyId |
string ID of the symmetric KMS key that the version belongs to. |
primaryVersion. status |
string Status of the key version. Possible version status.
|
primaryVersion. algorithm |
string Encryption algorithm that should be used when using the key version to encrypt plaintext. Supported symmetric encryption algorithms.
|
primaryVersion. createdAt |
string (date-time) Time when the key version was created. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits). |
primaryVersion. primary |
boolean (boolean) Indication of a primary version, that is to be used by default for all cryptographic operations that don't have a key version explicitly specified. |
primaryVersion. destroyAt |
string (date-time) Time when the key version is going to be destroyed. Empty unless the status is String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits). |
primaryVersion. hostedByHsm |
boolean (boolean) Indication of the version that is hosted by HSM. |
defaultAlgorithm | string Default encryption algorithm to be used with new versions of the key. Supported symmetric encryption algorithms.
|
rotatedAt | string (date-time) Time of the last key rotation (time when the last version was created). Empty if the key does not have versions yet. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits). |
rotationPeriod | string Time period between automatic key rotations. |
deletionProtection | boolean (boolean) Flag that inhibits deletion of the key |