Подключиться
Yandex Key Management Service

Method create

Статья создана
,
улучшена

Creates a symmetric KMS key in the specified folder.

HTTP request

POST https://kms.api.cloud.yandex.net/kms/v1/keys

Body parameters

{
  "folderId": "string",
  "name": "string",
  "description": "string",
  "labels": "object",
  "defaultAlgorithm": "string",
  "rotationPeriod": "string",
  "deletionProtection": true
}
Field Description
folderId string

Required. ID of the folder to create a symmetric KMS key in.

The maximum string length in characters is 50.
name string

Name of the key.

The maximum string length in characters is 100.
description string

Description of the key.

The maximum string length in characters is 1024.
labels object

Custom labels for the symmetric KMS key as key:value pairs. Maximum 64 per key. For example, "project": "mvp" or "source": "dictionary".

No more than 64 per resource. The maximum string length in characters for each key is 63. Each key must match the regular expression [a-z][-_0-9a-z]*. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]*.
defaultAlgorithm string

Encryption algorithm to be used with a new key version, generated with the next rotation.

Supported symmetric encryption algorithms.

  • AES_128: AES algorithm with 128-bit keys.
  • AES_192: AES algorithm with 192-bit keys.
  • AES_256: AES algorithm with 256-bit keys.
  • AES_256_HSM: AES algorithm with 256-bit keys hosted by HSM
rotationPeriod string

Interval between automatic rotations. To disable automatic rotation, don't include this field in the creation request.
deletionProtection boolean (boolean)

Flag that inhibits deletion of the symmetric KMS key

Response

HTTP Code: 200 - OK

{
  "id": "string",
  "description": "string",
  "createdAt": "string",
  "createdBy": "string",
  "modifiedAt": "string",
  "done": true,
  "metadata": "object",

  //  includes only one of the fields `error`, `response`
  "error": {
    "code": "integer",
    "message": "string",
    "details": [
      "object"
    ]
  },
  "response": "object",
  // end of the list of possible fields

}

An Operation resource. For more information, see Operation.

Field Description
id string

ID of the operation.
description string

Description of the operation. 0-256 characters long.
createdAt string (date-time)

Creation timestamp.

String in RFC3339 text format.
createdBy string

ID of the user or service account who initiated the operation.
modifiedAt string (date-time)

The time when the Operation resource was last modified.

String in RFC3339 text format.
done boolean (boolean)

If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata object

Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
error object
The error result of the operation in case of failure or cancellation.
includes only one of the fields error, response

The error result of the operation in case of failure or cancellation.
error.
code		 integer (int32)

Error code. An enum value of google.rpc.Code.
error.
message		 string

An error message.
error.
details[]		 object

A list of messages that carry the error details.
response object
includes only one of the fields error, response

The normal response of the operation in case of success. If the original method returns no data on success, such as Delete, the response is google.protobuf.Empty. If the original method is the standard Create/Update, the response should be the target resource of the operation. Any method that returns a long-running operation should document the response type, if any.
В этой статье: