Yandex Cloud
  • Сервисы
  • Решения
  • Почему Yandex Cloud
  • Сообщество
  • Тарифы
  • Документация
  • Связаться с нами
Подключиться
Language / Region
© 2022 ООО «Яндекс.Облако»
Yandex Key Management Service
  • Начало работы
  • Пошаговые инструкции
    • Все инструкции
    • Ключ
    • Версия ключа
    • Шифрование данных
  • Концепции
    • Обзор
    • Ключ
    • Версия ключа
    • Шифрование
    • Шифрование по схеме envelope encryption
    • Консистентность ключей
    • Аппаратный модуль безопасности (HSM)
    • Квоты и лимиты
  • Практические руководства
    • Все руководства
    • Шифрование данных
      • Какой способ шифрования выбрать?
      • Шифрование с помощью CLI и API Yandex Cloud
      • Шифрование с помощью SDK Yandex Cloud
      • Шифрование с помощью AWS Encryption SDK
      • Шифрование с помощью Google Tink
    • Шифрование секретов в Managed Service for Kubernetes
    • Управление ключами KMS с Hashicorp Terraform
    • Шифрование секретов в Hashicorp Terraform
    • Auto Unseal в Hashicorp Vault
  • Управление доступом
  • Правила тарификации
  • Справочник API
    • Аутентификация в API
    • gRPC (англ.)
      • Overview
      • SymmetricCryptoService
      • SymmetricKeyService
      • OperationService
    • REST (англ.)
      • Overview
      • SymmetricCrypto
        • Overview
        • decrypt
        • encrypt
        • generateDataKey
        • reEncrypt
      • SymmetricKey
        • Overview
        • cancelVersionDestruction
        • create
        • delete
        • get
        • list
        • listAccessBindings
        • listOperations
        • listVersions
        • rotate
        • scheduleVersionDestruction
        • setAccessBindings
        • setPrimaryVersion
        • update
        • updateAccessBindings
  • Вопросы и ответы
  1. Справочник API
  2. REST (англ.)
  3. SymmetricKey
  4. list

Method list

Статья создана
Yandex Cloud
  • HTTP request
  • Query parameters
  • Response

Returns the list of symmetric KMS keys in the specified folder.

HTTP request

GET https://kms.api.cloud.yandex.net/kms/v1/keys

Query parameters

Parameter Description
folderId

Required. ID of the folder to list symmetric KMS keys in.

The maximum string length in characters is 50.

pageSize

The maximum number of results per page to return. If the number of available results is larger than pageSize, the service returns a nextPageToken that can be used to get the next page of results in subsequent list requests. Default value: 100.

The maximum value is 1000.

pageToken

Page token. To get the next page of results, set pageToken to the nextPageToken returned by a previous list request.

The maximum string length in characters is 100.

Response

HTTP Code: 200 - OK

{
  "keys": [
    {
      "id": "string",
      "folderId": "string",
      "createdAt": "string",
      "name": "string",
      "description": "string",
      "labels": "object",
      "status": "string",
      "primaryVersion": {
        "id": "string",
        "keyId": "string",
        "status": "string",
        "algorithm": "string",
        "createdAt": "string",
        "primary": true,
        "destroyAt": "string",
        "hostedByHsm": true
      },
      "defaultAlgorithm": "string",
      "rotatedAt": "string",
      "rotationPeriod": "string",
      "deletionProtection": true
    }
  ],
  "nextPageToken": "string"
}
Field Description
keys[] object

List of symmetric KMS keys in the specified folder.

keys[].
id
string

ID of the key.

keys[].
folderId
string

ID of the folder that the key belongs to.

keys[].
createdAt
string (date-time)

Time when the key was created.

String in RFC3339 text format.

keys[].
name
string

Name of the key.

keys[].
description
string

Description of the key.

keys[].
labels
object

Custom labels for the key as key:value pairs. Maximum 64 per key.

keys[].
status
string

Current status of the key.

  • CREATING: The key is being created.
  • ACTIVE: The key is active and can be used for encryption and decryption. Can be set to INACTIVE using the update method.
  • INACTIVE: The key is inactive and unusable. Can be set to ACTIVE using the update method.
keys[].
primaryVersion
object

Primary version of the key, used as the default for all encrypt/decrypt operations, when no version ID is specified.

Symmetric KMS key version: metadata about actual cryptographic data.

keys[].
primaryVersion.
id
string

ID of the key version.

keys[].
primaryVersion.
keyId
string

ID of the symmetric KMS key that the version belongs to.

keys[].
primaryVersion.
status
string

Status of the key version.

Possible version status.

  • ACTIVE: The version is active and can be used for encryption and decryption.
  • SCHEDULED_FOR_DESTRUCTION: The version is scheduled for destruction, the time when it will be destroyed is specified in the destroyAt field.
  • DESTROYED: The version is destroyed and cannot be recovered.
keys[].
primaryVersion.
algorithm
string

Encryption algorithm that should be used when using the key version to encrypt plaintext.

Supported symmetric encryption algorithms.

  • AES_128: AES algorithm with 128-bit keys.
  • AES_192: AES algorithm with 192-bit keys.
  • AES_256: AES algorithm with 256-bit keys.
  • AES_256_HSM: AES algorithm with 256-bit keys hosted by HSM
keys[].
primaryVersion.
createdAt
string (date-time)

Time when the key version was created.

String in RFC3339 text format.

keys[].
primaryVersion.
primary
boolean (boolean)

Indication of a primary version, that is to be used by default for all cryptographic operations that don't have a key version explicitly specified.

keys[].
primaryVersion.
destroyAt
string (date-time)

Time when the key version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION.

String in RFC3339 text format.

keys[].
primaryVersion.
hostedByHsm
boolean (boolean)

Indication of the version that is hosted by HSM.

keys[].
defaultAlgorithm
string

Default encryption algorithm to be used with new versions of the key.

Supported symmetric encryption algorithms.

  • AES_128: AES algorithm with 128-bit keys.
  • AES_192: AES algorithm with 192-bit keys.
  • AES_256: AES algorithm with 256-bit keys.
  • AES_256_HSM: AES algorithm with 256-bit keys hosted by HSM
keys[].
rotatedAt
string (date-time)

Time of the last key rotation (time when the last version was created). Empty if the key does not have versions yet.

String in RFC3339 text format.

keys[].
rotationPeriod
string

Time period between automatic key rotations.

keys[].
deletionProtection
boolean (boolean)

Flag that inhibits deletion of the key

nextPageToken string

This token allows you to get the next page of results for list requests. If the number of results is greater than the specified pageSize, use the nextPageToken as the value for the pageToken query parameter in the next list request. Each subsequent list request will have its own nextPageToken to continue paging through the results.

Была ли статья полезна?

Language / Region
© 2022 ООО «Яндекс.Облако»
В этой статье:
  • HTTP request
  • Query parameters
  • Response