diff options
Diffstat (limited to 'data/en_us/kms')
| -rw-r--r-- | data/en_us/kms/2016-01-20/api-docs.php | 14052 |
1 files changed, 5698 insertions, 8354 deletions
diff --git a/data/en_us/kms/2016-01-20/api-docs.php b/data/en_us/kms/2016-01-20/api-docs.php index 5bafa05..94831e7 100644 --- a/data/en_us/kms/2016-01-20/api-docs.php +++ b/data/en_us/kms/2016-01-20/api-docs.php @@ -1,165 +1,59 @@ <?php return [ 'version' => '1.0', - 'info' => [ - 'style' => 'RPC', - 'product' => 'Kms', - 'version' => '2016-01-20', - ], + 'info' => ['style' => 'RPC', 'product' => 'Kms', 'version' => '2016-01-20'], 'directories' => [ [ - 'id' => 244879, - 'title' => null, + 'children' => ['DescribeAccountKmsStatus', 'OpenKmsService'], 'type' => 'directory', - 'children' => [ - 'DescribeRegions', - 'DescribeAccountKmsStatus', - 'OpenKmsService', - ], + 'title' => 'Service management', ], [ - 'id' => 244883, - 'title' => null, + 'children' => ['ListKmsInstances', 'GetKmsInstance', 'UpdateKmsInstanceBindVpc', 'ReleaseKmsInstance', 'GetDefaultKmsInstance'], 'type' => 'directory', - 'children' => [ - 'ListKmsInstances', - 'ConnectKmsInstance', - 'GetKmsInstance', - 'UpdateKmsInstanceBindVpc', - 'ReleaseKmsInstance', - 'GetDefaultKmsInstance', - ], + 'title' => 'Instance management', ], [ - 'id' => 244890, - 'title' => null, + 'children' => ['CreateKey', 'ListKeys', 'DescribeKey', 'UpdateKeyDescription', 'GetPublicKey', 'ListAliases', 'ImportKeyMaterial', 'DeleteKeyMaterial', 'SetDeletionProtection', 'UpdateRotationPolicy', 'DescribeKeyVersion', 'CreateKeyVersion', 'ListKeyVersions', 'SetKeyPolicy', 'GetKeyPolicy'], 'type' => 'directory', - 'children' => [ - 'CreateKey', - 'ListKeys', - 'DescribeKey', - 'UpdateKeyDescription', - 'EnableKey', - 'DisableKey', - 'GetPublicKey', - 'CreateAlias', - 'ListAliases', - 'ListAliasesByKeyId', - 'DeleteAlias', - 'UpdateAlias', - 'GetParametersForImport', - 'ImportKeyMaterial', - 'DeleteKeyMaterial', - 'ScheduleKeyDeletion', - 'CancelKeyDeletion', - 'SetDeletionProtection', - 'UpdateRotationPolicy', - 'DescribeKeyVersion', - 'CreateKeyVersion', - 'ListKeyVersions', - 'SetKeyPolicy', - 'GetKeyPolicy', - ], + 'title' => 'Key management', ], [ - 'id' => 244915, - 'title' => null, + 'children' => ['GenerateDataKey', 'GenerateAndExportDataKey', 'Encrypt', 'Decrypt', 'ReEncrypt', 'ExportDataKey', 'GenerateDataKeyWithoutPlaintext', 'AsymmetricSign', 'AsymmetricVerify', 'AsymmetricEncrypt', 'AsymmetricDecrypt'], 'type' => 'directory', - 'children' => [ - 'GenerateDataKey', - 'GenerateAndExportDataKey', - 'Encrypt', - 'Decrypt', - 'ReEncrypt', - 'ExportDataKey', - 'GenerateDataKeyWithoutPlaintext', - 'AsymmetricSign', - 'AsymmetricVerify', - 'AsymmetricEncrypt', - 'AsymmetricDecrypt', - ], + 'title' => 'Cryptographic operations', ], [ - 'id' => 244927, - 'title' => null, + 'children' => ['UpdateSecretVersionStage', 'ListSecretVersionIds', 'GetRandomPassword', 'PutSecretValue', 'RotateSecret', 'SetSecretPolicy', 'GetSecretPolicy'], 'type' => 'directory', - 'children' => [ - 'CreateSecret', - 'DeleteSecret', - 'UpdateSecret', - 'UpdateSecretVersionStage', - 'UpdateSecretRotationPolicy', - 'ListSecrets', - 'DescribeSecret', - 'GetSecretValue', - 'ListSecretVersionIds', - 'GetRandomPassword', - 'PutSecretValue', - 'RestoreSecret', - 'RotateSecret', - 'SetSecretPolicy', - 'GetSecretPolicy', - ], + 'title' => 'Credential management', ], [ - 'id' => 244954, - 'title' => null, + 'children' => ['GetKmsInstanceQuotaInfos', 'TagResource', 'UntagResource'], 'type' => 'directory', - 'children' => [ - 'UntagResources', - 'ListTagResources', - 'TagResources', - 'ListResourceTags', - 'TagResource', - 'UntagResource', - ], + 'title' => 'Tag management', ], [ - 'id' => 244961, - 'title' => null, + 'children' => ['ListNetworkRules', 'DescribeNetworkRule', 'UpdateNetworkRule', 'DeleteNetworkRule', 'ListPolicies', 'DescribePolicy', 'ListApplicationAccessPoints', 'DescribeApplicationAccessPoint', 'DeleteApplicationAccessPoint', 'ListClientKeys', 'GetClientKey', 'DeleteClientKey'], 'type' => 'directory', - 'children' => [ - 'CreateNetworkRule', - 'ListNetworkRules', - 'DescribeNetworkRule', - 'UpdateNetworkRule', - 'DeleteNetworkRule', - 'CreatePolicy', - 'ListPolicies', - 'DescribePolicy', - 'UpdatePolicy', - 'DeletePolicy', - 'CreateApplicationAccessPoint', - 'ListApplicationAccessPoints', - 'DescribeApplicationAccessPoint', - 'UpdateApplicationAccessPoint', - 'DeleteApplicationAccessPoint', - 'CreateClientKey', - 'ListClientKeys', - 'GetClientKey', - 'DeleteClientKey', - ], + 'title' => 'Application management', ], [ - 'id' => 0, - 'title' => '其它', - 'type' => 'directory', 'children' => [ - 'GetKmsInstanceQuotaInfos', + 'CreateSecret', 'DescribeRegions', 'GetSecretValue', 'ListSecrets', 'ListTagResources', 'TagResources', 'CancelKeyDeletion', 'ConnectKmsInstance', 'CreateAlias', 'CreateApplicationAccessPoint', 'CreateClientKey', 'CreateNetworkRule', 'CreatePolicy', 'DeleteAlias', 'DeletePolicy', 'DeleteSecret', 'DescribeSecret', 'DisableKey', 'EnableKey', 'GenerateMac', + 'GetParametersForImport', 'ListAliasesByKeyId', 'ListResourceTags', 'RestoreSecret', 'ScheduleKeyDeletion', 'UntagResources', 'UpdateAlias', 'UpdateApplicationAccessPoint', 'UpdatePolicy', 'UpdateSecret', 'UpdateSecretRotationPolicy', 'VerifyMac', ], + 'type' => 'directory', + 'title' => 'Others', ], ], 'components' => [ 'schemas' => [], ], 'apis' => [ - 'DescribeRegions' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'AsymmetricDecrypt' => [ + 'summary' => 'Decrypts data by using the private key of an asymmetric CMK.', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -169,79 +63,119 @@ 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', - 'abilityTreeCode' => '54561', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', + 'abilityTreeCode' => '54534', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], + ], + 'parameters' => [ + [ + 'name' => 'CiphertextBlob', + 'in' => 'query', + 'schema' => ['description' => 'The ciphertext to be decrypted. The ciphertext is encoded in Base64.'."\n" + ."\n" + .'> You can generate a ciphertext by calling the [AsymmetricEncrypt](~~148131~~) operation.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVsv1W****==', 'title' => ''], + ], + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => ['description' => 'The ID of the key. You can also specify the alias or Amazon Resource Name (ARN) of the key. For more information about aliases, see [Manage aliases](~~480655~~).'."\n" + ."\n" + .'> When you access a key in another Alibaba Cloud account, you must specify the ARN of the key. The ARN of a key is in the `acs:kms:${region}:${account}:key/${keyid}` format.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'key-hzz630494463ejqjx****', 'title' => ''], + ], + [ + 'name' => 'KeyVersionId', + 'in' => 'query', + 'schema' => ['description' => 'The ID of the key version. The globally unique identifier of the key version.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], + ], + [ + 'name' => 'Algorithm', + 'in' => 'query', + 'schema' => ['description' => 'The decryption algorithm.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'RSAES_OAEP_SHA_1', 'title' => ''], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => ['description' => 'Specifies whether to enable the dry run feature.'."\n" + ."\n" + .'- true: enables the dry run feature.'."\n" + ."\n" + .'- false: disables the dry run feature. This is the default value.'."\n" + ."\n" + .'The dry run feature is used to test API calls, verify the permissions on the specified resources, and check the validity of the request parameters. If you enable the dry run feature, KMS always returns a failure response and the cause of the failure. The causes of the failure include the following:'."\n" + ."\n" + .'- DryRunOperationError: The request would have succeeded if the DryRun parameter is not specified.'."\n" + ."\n" + .'- ValidationError: The specified parameter in the request is invalid.'."\n" + ."\n" + .'- AccessDeniedError: You are not authorized to perform this operation on the KMS resource.', 'type' => 'string', 'required' => false, 'example' => 'false', 'title' => ''], ], - 'tenantRelevance' => 'publicInformation', ], - 'parameters' => [], 'responses' => [ 200 => [ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request.', - 'type' => 'string', - 'example' => '815240e2-aa37-4c26-9cca-05d4df3e8fe6', - ], - 'Regions' => [ - 'type' => 'object', - 'itemNode' => true, - 'properties' => [ - 'Region' => [ - 'description' => 'The region.'."\n", - 'type' => 'array', - 'items' => [ - 'type' => 'object', - 'properties' => [ - 'RegionId' => [ - 'description' => 'The region ID.'."\n", - 'type' => 'string', - 'example' => 'cn-hangzhou', - ], - ], - ], - ], - ], - ], + 'KeyVersionId' => ['description' => 'The version of the master key that was used to encrypt the plaintext.', 'type' => 'string', 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], + 'KeyId' => ['description' => 'The ID of the key. If the KeyId parameter in the request is a key alias or key ARN, the key ID is also returned in the response.', 'type' => 'string', 'example' => 'key-hzz630494463ejqjx****', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request. This ID is a unique identifier that is generated by Alibaba Cloud for the request. You can use the ID to troubleshoot issues.', 'type' => 'string', 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', 'title' => ''], + 'Plaintext' => ['description' => 'The decrypted plaintext. The plaintext is encoded in Base64.', 'type' => 'string', 'example' => 'SGVsbG8gd29ybGQ=', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'Rejected.UnsupportedOperation', 'errorMessage' => 'Unsupported operation.', 'description' => 'The operation is not supported.'], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'Forbidden.AliasNotFound', 'errorMessage' => 'The specified Alias is not found.', 'description' => 'The error message returned because the specified alias does not exist.'], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"815240e2-aa37-4c26-9cca-05d4df3e8fe6\\",\\n \\"Regions\\": {\\n \\"Region\\": [\\n {\\n \\"RegionId\\": \\"cn-hangzhou\\"\\n }\\n ]\\n }\\n}","errorExample":"//xml response\\n<KMS>\\n\\t<Regions>\\n\\t\\t<Region>\\n\\t\\t\\t<RegionId>cn-beijing</RegionId>\\n\\t\\t</Region>\\n\\t\\t<Region>\\n\\t\\t\\t<RegionId>cn-hangzhou</RegionId>\\n\\t\\t</Region>\\n\\t</Regions>\\n\\t<RequestId>815240e2-aa37-4c26-9cca-05d4df3e8fe6</RequestId>\\n</KMS>\\n"},{"type":"xml","example":"<KMS>\\r\\n\\t<Regions>\\r\\n\\t\\t<Region>\\r\\n\\t\\t\\t<RegionId>cn-beijing</RegionId>\\r\\n\\t\\t</Region>\\r\\n\\t\\t<Region>\\r\\n\\t\\t\\t<RegionId>cn-hangzhou</RegionId>\\r\\n\\t\\t</Region>\\r\\n\\t</Regions>\\r\\n\\t<RequestId>815240e2-aa37-4c26-9cca-05d4df3e8fe6</RequestId>\\r\\n</KMS>","errorExample":"//json response\\n{\\n \\"Regions\\": {\\n \\"Region\\": [\\n {\\n \\"RegionId\\": \\"cn-beijing\\"\\n },\\n {\\n \\"RegionId\\": \\"cn-hangzhou\\"\\n }\\n ]\\n },\\n \\"RequestId\\": \\"815240e2-aa37-4c26-9cca-05d4df3e8fe6\\"\\n}\\n"}]', - 'title' => 'DescribeRegions', - 'summary' => 'Queries available regions for the current account.', - 'description' => '## Debugging'."\n" + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\",\\n \\"Plaintext\\": \\"SGVsbG8gd29ybGQ=\\"\\n}","type":"json"}]', + 'title' => 'AsymmetricDecrypt', + 'description' => '### Usage notes'."\n" ."\n" - .'[OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.](https://api.aliyun.com/#product=Kms\\&api=DescribeRegions\\&type=RPC\\&version=2016-01-20)'."\n", - 'requestParamsDescription' => ' ', + .'- For information about the access policy required for a RAM user or RAM role to call this API operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- This operation can be called through a shared gateway or a dedicated gateway. For more information, see [Alibaba Cloud SDK](~~601559~~).'."\n" + ."\n" + .' - Shared gateway: You can access KMS over the Internet or a VPC. To access KMS over the Internet, you must enable the public endpoint. For more information, see [Access keys in a KMS instance over the Internet](~~2856718~~).'."\n" + ."\n" + .' - Dedicated gateway: You can access KMS using the private endpoint of KMS (`<YOUR_KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com`).'."\n" + ."\n" + .'### QPS limits'."\n" + ."\n" + .'- If you use a shared gateway, the queries per second (QPS) limit for each Alibaba Cloud account is 200. If the QPS exceeds the limit, the API call is throttled. This can affect your business. We recommend that you plan your calls to avoid exceeding this limit.'."\n" + ."\n" + .'- If you use a dedicated gateway, the QPS limit for each Alibaba Cloud account is subject to the performance specifications of your KMS instance. For more information, see [Performance metrics](~~480120~~).'."\n" + ."\n" + .'### Description'."\n" + ."\n" + .'This operation supports only asymmetric keys for which the **Usage** parameter is set to **ENCRYPT/DECRYPT**. The following table describes the supported encryption algorithms.'."\n" + ."\n" + .'| KeySpec | Algorithm | Description | Ciphertext length (bytes) |'."\n" + .'| --------- | --------------------- | -------------------------------------------------- | ------------------------- |'."\n" + .'| RSA\\_2048 | RSAES\\_OAEP\\_SHA\\_256 | RSAES-OAEP using SHA-256 and MGF1 with SHA-256 | 256 |'."\n" + .'| RSA\\_2048 | RSAES\\_OAEP\\_SHA\\_1 | RSAES-OAEP using SHA1 and MGF1 with SHA1 | 256 |'."\n" + .'| RSA\\_3072 | RSAES\\_OAEP\\_SHA\\_256 | RSAES-OAEP using SHA-256 and MGF1 with SHA-256 | 384 |'."\n" + .'| RSA\\_3072 | RSAES\\_OAEP\\_SHA\\_1 | RSAES-OAEP using SHA1 and MGF1 with SHA1 | 384 |'."\n" + .'| EC\\_SM2 | SM2PKE | SM2 elliptic curve public key encryption algorithm | Maximum 6,144 |'."\n" + ."\n" + .'This topic provides an example of how to use the asymmetric key whose ID is `key-hzz630494463ejqjx****` and version ID is `2ab1a983-7072-4bbc-a582-584b5bd8****` to decrypt the ciphertext `BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVsv1W****==` using the `RSAES_OAEP_SHA_1` decryption algorithm.', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'DescribeAccountKmsStatus' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'AsymmetricEncrypt' => [ + 'summary' => 'Encrypts data by using the public key of an asymmetric CMK.', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -251,144 +185,251 @@ 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', - 'abilityTreeCode' => '54556', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', + 'abilityTreeCode' => '54535', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], + ], + 'parameters' => [ + [ + 'name' => 'Plaintext', + 'in' => 'query', + 'schema' => ['description' => 'The plaintext to be encrypted. The value must be Base64-encoded.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'SGVsbG8gd29ybGQ=', 'title' => ''], + ], + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => ['description' => 'The ID of the key. You can also specify the alias or the Amazon Resource Name (ARN) of the key. For more information about aliases, see [Manage aliases](~~480655~~).'."\n" + ."\n" + .'> To access a key of another Alibaba Cloud account, you must specify the ARN of the key. The key ARN is in the format of `acs:kms:${region}:${account}:key/${keyid}`.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'key-hzz630494463ejqjx****', 'title' => ''], + ], + [ + 'name' => 'KeyVersionId', + 'in' => 'query', + 'schema' => ['description' => 'The ID of the key version. The ID must be a globally unique identifier.'."\n" + ."\n" + .'> To obtain the key version ID, call the [ListKeyVersions](~~133966~~) operation.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], + ], + [ + 'name' => 'Algorithm', + 'in' => 'query', + 'schema' => ['description' => 'The encryption algorithm.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'RSAES_OAEP_SHA_1', 'title' => ''], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => ['description' => 'Specifies whether to enable the dry run feature.'."\n" + ."\n" + .'- true: enables the feature.'."\n" + ."\n" + .'- false (default): disables the feature.'."\n" + ."\n" + .'The dry run feature is used to test the API call and verify the permissions on the specified resources and the validity of the request parameters. If you enable the dry run feature, KMS always returns a failed result and a failure reason. The failure reasons include the following:'."\n" + ."\n" + .'- DryRunOperationError: The request would have succeeded if the DryRun parameter was not specified.'."\n" + ."\n" + .'- ValidationError: The specified parameters in the request are invalid.'."\n" + ."\n" + .'- AccessDeniedError: You are not authorized to perform this operation on the KMS resource.', 'type' => 'string', 'required' => false, 'example' => 'false', 'title' => ''], ], - 'tenantRelevance' => 'publicInformation', ], - 'parameters' => [], 'responses' => [ 200 => [ 'schema' => [ 'type' => 'object', 'properties' => [ - 'AccountStatus' => [ - 'description' => 'The status of KMS within your Alibaba cloud account. Valid values:'."\n" - ."\n" - .'* Enabled: KMS is enabled.'."\n" - ."\n" - .'* NotEnabled: KMS is disabled.'."\n" - ."\n" - .'* InDebt: Your account is overdue, and KMS stops providing services.'."\n" - ."\n" - .'> If your Alibaba Cloud account is overdue, top up your account at the earliest opportunity to avoid impacts on your services.'."\n" - ."\n" - .'* Suspended: KMS is suspended.', - 'type' => 'string', - 'example' => 'Enabled', - ], - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '3ac84333-d64d-4784-a8bc-997834a7ac6c', - ], + 'KeyVersionId' => ['description' => 'The version number of the master key that is used to encrypt the plaintext.', 'type' => 'string', 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], + 'KeyId' => ['description' => 'The ID of the key. If you specify an alias or an ARN of the key in the request, the ID of the key is returned.', 'type' => 'string', 'example' => 'key-hzz630494463ejqjx****', 'title' => ''], + 'CiphertextBlob' => ['description' => 'The ciphertext of the data that is encrypted. The value is Base64-encoded.', 'type' => 'string', 'example' => 'BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVsv1Wbjwg==', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request, which is a unique identifier generated by Alibaba Cloud for the request. You can use the request ID to troubleshoot issues.', 'type' => 'string', 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'Rejected.UnsupportedOperation', 'errorMessage' => 'Unsupported operation.', 'description' => 'The operation is not supported.'], ], - 403 => [ - [ - 'errorCode' => 'Forbidden.NoPermission', - 'errorMessage' => 'This operation is forbidden by permission system.', - ], - ], - [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + 404 => [ + ['errorCode' => 'Forbidden.AliasNotFound', 'errorMessage' => 'The specified Alias is not found.', 'description' => 'The error message returned because the specified alias does not exist.'], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"AccountStatus\\": \\"Enabled\\",\\n \\"RequestId\\": \\"3ac84333-d64d-4784-a8bc-997834a7ac6c\\"\\n}","errorExample":""},{"type":"xml","example":"<DescribeAccountKmsStatusResponse>\\n <AccountStatus>Enabled</AccountStatus>\\n <RequestId>3ac84333-d64d-4784-a8bc-997834a7ac6c</RequestId>\\n</DescribeAccountKmsStatusResponse>","errorExample":""}]', - 'title' => 'DescribeAccountKmsStatus', - 'summary' => 'Queries the status of Key Management Service (KMS) within your Alibaba Cloud account.', - 'requestParamsDescription' => ' ', + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"CiphertextBlob\\": \\"BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVsv1Wbjwg==\\",\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\"\\n}","type":"json"}]', + 'title' => 'AsymmetricEncrypt', + 'description' => '### Precautions'."\n" + ."\n" + .'- For information about the permissions that are required to call this operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- This operation can be called through a shared gateway or a dedicated gateway. For more information, see [Alibaba Cloud SDK](~~601559~~).'."\n" + ."\n" + .' - Shared gateway: You can access KMS over the Internet or using a VPC domain name. To access KMS over the Internet, you must enable Internet access. For more information, see [Access a key in a KMS instance over the Internet](~~2856718~~).'."\n" + ."\n" + .' - Dedicated gateway: You can access KMS using the private endpoint of KMS (`<YOUR_KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com`).'."\n" + ."\n" + .'### QPS limits'."\n" + ."\n" + .'- If you use a shared gateway: The number of queries per second (QPS) for a single user is limited to 200. If the limit is exceeded, API calls are throttled. This may affect your business. We recommend that you plan your API calls to avoid exceeding this limit.'."\n" + ."\n" + .'- If you use a dedicated gateway: The QPS limit for a single user depends on the computing performance specifications of your KMS instance. For more information, see [Performance metrics](~~480120~~).'."\n" + ."\n" + .'### Description'."\n" + ."\n" + .'This operation supports only asymmetric keys that have the **Usage** parameter set to **ENCRYPT/DECRYPT**. The following table describes the supported encryption algorithms.'."\n" + ."\n" + .'| KeySpec | Algorithm | Description | Maximum number of bytes that can be encrypted |'."\n" + .'| --------- | --------------------- | -------------------------------------------------- | --------------------------------------------- |'."\n" + .'| RSA\\_2048 | RSAES\\_OAEP\\_SHA\\_256 | RSAES-OAEP using SHA-256 and MGF1 with SHA-256 | 190 |'."\n" + .'| RSA\\_2048 | RSAES\\_OAEP\\_SHA\\_1 | RSAES-OAEP using SHA1 and MGF1 with SHA1 | 214 |'."\n" + .'| RSA\\_3072 | RSAES\\_OAEP\\_SHA\\_256 | RSAES-OAEP using SHA-256 and MGF1 with SHA-256 | 318 |'."\n" + .'| RSA\\_3072 | RSAES\\_OAEP\\_SHA\\_1 | RSAES-OAEP using SHA1 and MGF1 with SHA1 | 342 |'."\n" + .'| EC\\_SM2 | SM2PKE | SM2 elliptic curve public key encryption algorithm | 6047 |'."\n" + ."\n" + .'In this example, the plaintext `SGVsbG8gd29ybGQ=` is encrypted using an asymmetric key with the key ID `key-hzz630494463ejqjx****`, the key version ID `2ab1a983-7072-4bbc-a582-584b5bd8****`, and the `RSAES_OAEP_SHA_1` encryption algorithm.', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'OpenKmsService' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'AsymmetricSign' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'write', + 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'update', - 'abilityTreeCode' => '54596', - 'abilityTreeNodes' => [ - 'FEATUREkms586TOR', + 'operationType' => 'get', + 'abilityTreeCode' => '54536', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => ['description' => 'The globally unique identifier (GUID) of the customer master key (CMK).'."\n" + ."\n" + .'> You can also specify the alias that is bound to the CMK. For more information, see [Overview of aliases](~~68522~~).', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', 'title' => ''], + ], + [ + 'name' => 'KeyVersionId', + 'in' => 'query', + 'schema' => ['description' => 'The ID of the key version. The ID must be the GUID of the key version.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], + ], + [ + 'name' => 'Algorithm', + 'in' => 'query', + 'schema' => ['description' => 'The signature algorithm.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'RSA_PSS_SHA_256', 'title' => ''], + ], + [ + 'name' => 'Digest', + 'in' => 'query', + 'schema' => ['description' => 'The digest of the original message. The digest is generated using the hash algorithm that corresponds to the value of the Algorithm parameter.'."\n" + ."\n" + .'> - The value is Base64-encoded.'."\n" + ."\n" + .'- For information about how to calculate a message digest, see the "Pre-signing: calculate a message digest" section of the [Asymmetric digital signature](~~148146~~) topic.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiu****=', 'title' => ''], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => ['description' => 'Specifies whether to enable the dry-run feature.'."\n" + ."\n" + .'- true: enables the feature.'."\n" + ."\n" + .'- false (default): disables the feature.'."\n" + ."\n" + .'The dry-run feature is used to test API calls and verify the permissions on the resources that you have and the validity of the request parameters. If you enable the dry-run feature, KMS always returns a failure response and a failure reason. The failure reasons include the following:'."\n" + ."\n" + .'- DryRunOperationError: The request would have succeeded if the DryRun parameter is not configured.'."\n" + ."\n" + .'- ValidationError: The specified parameters in the request are invalid.'."\n" + ."\n" + .'- AccessDeniedError: You are not authorized to perform the operation on the KMS resource.', 'type' => 'string', 'required' => false, 'example' => 'false', 'title' => ''], ], - 'tenantRelevance' => 'publicInformation', ], - 'parameters' => [], 'responses' => [ 200 => [ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => '3455b9b4-95c1-419d-b310-db6a53b09a39', - ], + 'KeyVersionId' => ['description' => 'The ID of the key version. The ID is the GUID of the key version.', 'type' => 'string', 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], + 'KeyId' => ['description' => 'The GUID of the CMK.'."\n" + ."\n" + .'> If you use an alias of the CMK in the request, the ID of the CMK to which the alias is bound is returned.', 'type' => 'string', 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', 'title' => ''], + 'Value' => ['description' => 'The generated signature.'."\n" + ."\n" + .'> The value is Base64-encoded.', 'type' => 'string', 'example' => 'M2CceNZH00ZgL9ED/ZHFp21YRAvYeZHknJUc207OCZ0N9wNn9As4z2bON3FF3je+1Nu+2+/8Zj50HpMTpzYpMp2R93cYmACCmhaYoKydxylbyGzJR8y9likZRCrkD38lRoS40aBBvv/6iRKzQuo9EGYVcel36cMNg00VmYNBy3pa1rwg3gA4l3cy6kjayZja1WGPkVhrVKsrJMdbpl0ApLjXKuD8rw1n1XLCwCUEL5eLPljTZaAveqdOFQOiZnZEGI27qIiZe7I1fN8tcz6anS/gTM7xRKE++5egEvRWlTQQTJeApnPSiUPA+8ZykNdelQsOQh5SrGoyI4A5pq****==', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request, which is a unique identifier generated by Alibaba Cloud for the request. You can use the request ID to troubleshoot and locate issues.', 'type' => 'string', 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'CreateLXOrderFailed', - 'errorMessage' => 'Create order failed.', - ], - [ - 'errorCode' => 'Forbidden.NoRealNameAuthentication', - 'errorMessage' => 'Real name authentication is needed.', - ], - [ - 'errorCode' => 'Forbidden.Opened', - 'errorMessage' => 'Your kms service has been opened.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], + ], + 404 => [ + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], + ['errorCode' => 'Forbidden.AliasNotFound', 'errorMessage' => 'The specified Alias is not found.', 'description' => 'The error message returned because the specified alias does not exist.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3455b9b4-95c1-419d-b310-db6a53b09a39\\"\\n}","errorExample":""},{"type":"xml","example":"<KMS>\\n <RequestId>3455b9b4-95c1-419d-b310-db6a53b09a39</RequestId>\\n</KMS>","errorExample":""}]', - 'title' => 'OpenKmsService', - 'summary' => 'Activates Key Management Service (KMS) under your Alibaba cloud account.', - 'description' => 'When you call this operation, note that:'."\n" + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"5c438b18-05be-40ad-b6c2-3be6752c****\\",\\n \\"Value\\": \\"M2CceNZH00ZgL9ED/ZHFp21YRAvYeZHknJUc207OCZ0N9wNn9As4z2bON3FF3je+1Nu+2+/8Zj50HpMTpzYpMp2R93cYmACCmhaYoKydxylbyGzJR8y9likZRCrkD38lRoS40aBBvv/6iRKzQuo9EGYVcel36cMNg00VmYNBy3pa1rwg3gA4l3cy6kjayZja1WGPkVhrVKsrJMdbpl0ApLjXKuD8rw1n1XLCwCUEL5eLPljTZaAveqdOFQOiZnZEGI27qIiZe7I1fN8tcz6anS/gTM7xRKE++5egEvRWlTQQTJeApnPSiUPA+8ZykNdelQsOQh5SrGoyI4A5pq****==\\",\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\"\\n}","type":"json"}]', + 'title' => 'AsymmetricSign', + 'summary' => 'Generates a digital signature by using an asymmetric CMK.', + 'description' => '### Precautions'."\n" ."\n" - .'- KMS is a paid service. For more information about the billing method, see [Billing description](https://www.alibabacloud.com/help/en/key-management-service/latest/billing-billing).'."\n" - .'- An Alibaba Cloud account can activate KMS only once.'."\n" - .'- Make sure that your Alibaba Cloud account has passed real-name authentication.', - 'requestParamsDescription' => ' ', + .'- For information about the access policies that are required for a RAM user or RAM role to call this operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- This operation can be called through a shared gateway or a dedicated gateway. For more information, see [Alibaba Cloud SDK](~~601559~~).'."\n" + ."\n" + .' - Shared gateway: You can access KMS over the Internet or a VPC. This method requires you to enable Internet access. For more information, see [Access keys in a KMS instance over the Internet](~~2856718~~).'."\n" + ."\n" + .' - Dedicated gateway: You can access KMS using the private endpoint of KMS (`<YOUR_KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com`).'."\n" + ."\n" + .'### QPS limits'."\n" + ."\n" + .'- Shared gateway: This operation is limited to 200 queries per second (QPS) for each user. If the limit is exceeded, API calls are throttled, which may affect your business. We recommend that you call this operation at a reasonable rate.'."\n" + ."\n" + .'- Dedicated gateway: The QPS for each user is limited by the performance specifications of your KMS instance. For more information, see [Performance metrics](~~480120~~).'."\n" + ."\n" + .'### Description'."\n" + ."\n" + .'This operation supports only asymmetric keys for which the **Usage** parameter is set to **SIGN/VERIFY**. The following table describes the supported signature algorithms.'."\n" + ."\n" + .'| KeySpec | Algorithm | Description |'."\n" + .'| --------- | -------------------- | ---------------------------------------------------------- |'."\n" + .'| RSA\\_2048 | RSA\\_PSS\\_SHA\\_256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |'."\n" + .'| RSA\\_2048 | RSA\\_PKCS1\\_SHA\\_256 | RSASSA-PKCS1-v1\\_5 using SHA-256 |'."\n" + .'| RSA\\_3072 | RSA\\_PSS\\_SHA\\_256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |'."\n" + .'| RSA\\_3072 | RSA\\_PKCS1\\_SHA\\_256 | RSASSA-PKCS1-v1\\_5 using SHA-256 |'."\n" + .'| EC\\_P256 | ECDSA\\_SHA\\_256 | ECDSA on the P-256 Curve(secp256r1) with a SHA-256 digest |'."\n" + .'| EC\\_P256K | ECDSA\\_SHA\\_256 | ECDSA on the P-256K Curve(secp256k1) with a SHA-256 digest |'."\n" + .'| EC\\_SM2 | SM2DSA | SM2 elliptic curve digital signature algorithm |'."\n" + ."\n" + .'> According to the GB/T 32918.2 standard "Information security technology - SM2 elliptic curve public key cryptography - Part 2: Digital signature algorithm", when you calculate an SM2 signature, the value of the **Digest** parameter is not the SM3 hash value of the original message. Instead, the value is the SM3 hash value of the result of concatenating Z(A) and M. M is the original message to be signed. Z(A) is the hash value of user A, as defined in GB/T 32918.2.'."\n" + ."\n" + .'This topic provides an example of how to use an asymmetric key with the key ID `5c438b18-05be-40ad-b6c2-3be6752c****` and the key version ID `2ab1a983-7072-4bbc-a582-584b5bd8****` to sign the digest `ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiuy****=` using the `RSA_PSS_SHA_256` signature algorithm.', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'ListKmsInstances' => [ - 'summary' => 'Queries a list of Key Management Service (KMS) instances.', - 'methods' => [ - 'get', - 'post', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'AsymmetricVerify' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -397,127 +438,183 @@ 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'list', - 'abilityTreeCode' => '191383', - 'abilityTreeNodes' => [ - 'FEATUREkms586TOR', - ], - 'tenantRelevance' => 'publicInformation', + 'operationType' => 'get', + 'abilityTreeCode' => '54537', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], ], 'parameters' => [ [ - 'name' => 'PageNumber', + 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The page number. Default value: 1.', - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'example' => '1', - ], + 'schema' => ['description' => 'The globally unique identifier (GUID) of the customer master key (CMK).'."\n" + ."\n" + .'> You can also specify the alias that is bound to the CMK. For more information, see [Overview of aliases](~~68522~~).', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', 'title' => ''], ], [ - 'name' => 'PageSize', + 'name' => 'KeyVersionId', 'in' => 'query', - 'schema' => [ - 'description' => 'The number of entries per page. Valid values: 1 to 100. Default value: 20.', - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'example' => '10', - ], + 'schema' => ['description' => 'The ID of the key version. The ID must be the GUID of the key version.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], ], [ - 'name' => 'Filters', + 'name' => 'Algorithm', 'in' => 'query', - 'schema' => [ - 'type' => 'string', - ], + 'schema' => ['description' => 'The signature algorithm.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'RSA_PSS_SHA_256', 'title' => ''], + ], + [ + 'name' => 'Digest', + 'in' => 'query', + 'schema' => ['description' => 'The digest that is generated using the hash algorithm that corresponds to the value of **Algorithm** to hash the original message.'."\n" + ."\n" + .'> The value is Base64-encoded.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiuy****=', 'title' => ''], + ], + [ + 'name' => 'Value', + 'in' => 'query', + 'schema' => ['description' => 'The signature value to be verified.'."\n" + ."\n" + .'> The value is Base64-encoded.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'M2CceNZH00ZgL9ED/ZHFp21YRAvYeZHknJUc207OCZ0N9wNn9As4z2bON3FF3je+1Nu+2+/8Zj50HpMTpzYpMp2R93cYmACCmhaYoKydxylbyGzJR8y9likZRCrkD38lRoS40aBBvv/6iRKzQuo9EGYVcel36cMNg00VmYNBy3pa1rwg3gA4l3cy6kjayZja1WGPkVhrVKsrJMdbpl0ApLjXKuD8rw1n1XLCwCUEL5eLPljTZaAveqdOFQOiZnZEGI27qIiZe7I1fN8tcz6anS/gTM7xRKE++5egEvRWlTQQTJeApnPSiUPA+8ZykNdelQsOQh5SrGoyI4A5pq****==', 'title' => ''], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => ['description' => 'Specifies whether to perform a dry run.'."\n" + ."\n" + .'- true: performs a dry run.'."\n" + ."\n" + .'- false (default): does not perform a dry run.'."\n" + ."\n" + .'A dry run is used to test API calls and verify whether you have the permissions to access the specified resources and whether the request parameters are valid. If you perform a dry run, KMS always returns a failure response that indicates the cause of the failure. The following failure causes are included:'."\n" + ."\n" + .'- DryRunOperationError: The request would have succeeded if the DryRun parameter is not specified.'."\n" + ."\n" + .'- ValidationError: The specified parameters in the request are invalid.'."\n" + ."\n" + .'- AccessDeniedError: You are not authorized to perform this operation on the KMS resource.', 'type' => 'string', 'required' => false, 'example' => 'false', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ - 'title' => 'Schema of Response', - 'description' => 'Schema of Response', 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'title' => 'Id of the request', - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.', - 'type' => 'string', - 'example' => 'd3eca5c8-a856-4347-8eb6-e1898c3fda2e', - ], - 'KmsInstances' => [ - 'type' => 'object', - 'itemNode' => true, - 'properties' => [ - 'KmsInstance' => [ - 'description' => 'A list of KMS instances.', - 'type' => 'array', - 'items' => [ - 'description' => 'A list of KMS instances.', - 'type' => 'object', - 'properties' => [ - 'KmsInstanceArn' => [ - 'description' => 'The ARN of the KMS instance.', - 'type' => 'string', - 'example' => 'acs:kms:pre-hangzhou:120708975881****:keystore/kst-phzz64c9f84eo32dbs****', - ], - 'KmsInstanceId' => [ - 'description' => 'The ID of the KMS instance.', - 'type' => 'string', - 'example' => 'kst-phzz64c9f84eo32dbs****', - ], - ], - ], - ], - ], - ], - 'TotalCount' => [ - 'description' => 'The total number of KMS instances.', - 'type' => 'integer', - 'format' => 'int64', - 'example' => '1', - ], - 'PageNumber' => [ - 'description' => 'The page number.', - 'type' => 'integer', - 'format' => 'int64', - 'example' => '1', - ], - 'PageSize' => [ - 'description' => 'The number of entries per page.', - 'type' => 'integer', - 'format' => 'int64', - 'example' => '10', - ], + 'KeyVersionId' => ['description' => 'The ID of the key version that is used for signature verification.', 'type' => 'string', 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], + 'KeyId' => ['description' => 'The GUID of the CMK.'."\n" + ."\n" + .'> If you use an alias of the CMK in the request, the ID of the CMK is returned.', 'type' => 'string', 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', 'title' => ''], + 'Value' => ['description' => 'Indicates whether the signature is valid.', 'type' => 'boolean', 'example' => 'true', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request, which is a unique identifier generated by Alibaba Cloud for the request. You can use the ID to troubleshoot issues.', 'type' => 'string', 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'IllegalTimestamp', - 'errorMessage' => 'The input parameter Timestamp that is mandatory for processing this request is not supplied.', + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], + ], + 404 => [ + ['errorCode' => 'Forbidden.AliasNotFound', 'errorMessage' => 'The specified Alias is not found.', 'description' => 'The error message returned because the specified alias does not exist.'], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"5c438b18-05be-40ad-b6c2-3be6752c****\\",\\n \\"Value\\": true,\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\"\\n}","type":"json"}]', + 'title' => 'AsymmetricVerify', + 'summary' => 'Verifies a digital signature by using the public key of an asymmetric CMK.', + 'description' => '### Precautions'."\n" + ."\n" + .'- For information about the access policy required for a RAM user or RAM role to call this API operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- This operation can be called through a shared gateway or a dedicated gateway. For more information, see [Alibaba Cloud SDK](~~601559~~).'."\n" + ."\n" + .' - Shared gateway: You can access KMS over the Internet or through a VPC. To access KMS over the Internet, you must enable the public endpoint. For more information, see [Access KMS instances over the Internet](~~2856718~~).'."\n" + ."\n" + .' - Dedicated gateway: You can access KMS using the private endpoint of KMS (`<YOUR_KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com`).'."\n" + ."\n" + .'### QPS limits'."\n" + ."\n" + .'- If you use a shared gateway, the queries per second (QPS) limit for this operation is 200 for a single user. If you exceed this limit, API calls are throttled, which may impact your business. We recommend that you manage your call frequency to stay within the QPS limit.'."\n" + ."\n" + .'- If you use a dedicated gateway, the QPS limit for this operation for a single user is determined by the computing performance specifications of your KMS instance. For more information, see [Performance metrics](~~480120~~).'."\n" + ."\n" + .'### Description'."\n" + ."\n" + .'This operation supports only asymmetric keys for which the **Usage** parameter is set to **SIGN/VERIFY**. The following table lists the supported signature algorithms.'."\n" + ."\n" + .'| KeySpec | Algorithm | Description |'."\n" + .'| --------- | -------------------- | ---------------------------------------------------------- |'."\n" + .'| RSA\\_2048 | RSA\\_PSS\\_SHA\\_256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |'."\n" + .'| RSA\\_2048 | RSA\\_PKCS1\\_SHA\\_256 | RSASSA-PKCS1-v1\\_5 using SHA-256 |'."\n" + .'| RSA\\_3072 | RSA\\_PSS\\_SHA\\_256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |'."\n" + .'| RSA\\_3072 | RSA\\_PKCS1\\_SHA\\_256 | RSASSA-PKCS1-v1\\_5 using SHA-256 |'."\n" + .'| EC\\_P256 | ECDSA\\_SHA\\_256 | ECDSA on the P-256 Curve(secp256r1) with a SHA-256 digest |'."\n" + .'| EC\\_P256K | ECDSA\\_SHA\\_256 | ECDSA on the P-256K Curve(secp256k1) with a SHA-256 digest |'."\n" + .'| EC\\_SM2 | SM2DSA | SM2 elliptic curve digital signature algorithm |'."\n" + ."\n" + .'> In accordance with the GBT32918 standard, when an SM2 signature is calculated, the value of the **Digest** parameter is not the SM3 hash value of the original message. Instead, the value is the SM3 hash value of the result generated by concatenating Z(A) and M. In this formula, M is the original message to be signed, and Z(A) is the hash value of user A as defined in GBT32918.'."\n" + ."\n" + .'This topic provides an example of how to use an asymmetric key with the key ID \\`5c438b18-05be-40ad-b6c2-3be6752c\\*\\*\\*\\*\\` and the key version ID \\`2ab1a983-7072-4bbc-a582-584b5bd8\\*\\*\\*\\*\\` to verify the signature \\`M2CceNZH00ZgL9ED/ZHFp21YRAvYeZHknJUc207OCZ0N9wNn9As4z2bON3FF3je+1Nu+2+/8Zj50HpMTpzYpMp2R93cYmACCmhaYoKydxylbyGzJR8y9likZRCrkD38lRoS40aBBvv/6iRKzQuo9EGYVcel36cMNg00VmYNBy3pa1rwg3gA4l3cy6kjayZja1WGPkVhrVKsrJMdbpl0ApLjXKuD8rw1n1XLCwCUEL5eLPljTZaAveqdOFQOiZnZEGI27qIiZe7I1fN8tcz6anS/gTM7xRKE++5egEvRWlTQQTJeApnPSiUPA+8ZykNdelQsOQh5SrGoyI4A5pq\\*\\*\\*\\*==\\` for the digest \\`ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiuyjfzw=\\` using the RSA\\_PSS\\_SHA\\_256 signature algorithm.', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], + ], + ], + 'CancelKeyDeletion' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => ['operationType' => 'update'], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => ['description' => 'The ID of the CMK. The ID must be globally unique.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '1234abcd-12ab-34cd-56ef-12345678****', 'title' => ''], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => ['description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", 'type' => 'string', 'example' => '3da5b8cc-8107-40ac-a170-793cd181d7b7', 'title' => ''], + ], + 'description' => '', + 'title' => '', ], ], ], - 'staticInfo' => [ - 'returnType' => 'synchronous', + 'errorCodes' => [ + 400 => [ + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], + ], + 404 => [ + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"d3eca5c8-a856-4347-8eb6-e1898c3fda2e\\",\\n \\"KmsInstances\\": {\\n \\"KmsInstance\\": [\\n {\\n \\"KmsInstanceArn\\": \\"acs:kms:pre-hangzhou:120708975881****:keystore/kst-phzz64c9f84eo32dbs****\\",\\n \\"KmsInstanceId\\": \\"kst-phzz64c9f84eo32dbs****\\"\\n }\\n ]\\n },\\n \\"TotalCount\\": 1,\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10\\n}","errorExample":""},{"type":"xml","example":"<ListKmsInstancesResponse>\\n <RequestId>d3eca5c8-a856-4347-8eb6-e1898c3fda2e</RequestId>\\n <KmsInstances>\\n <KmsInstanceArn>acs:kms:pre-hangzhou:120708975881****:keystore/kst-phzz64c9f84eo32dbs****</KmsInstanceArn>\\n <KmsInstanceId>kst-phzz64c9f84eo32dbs****</KmsInstanceId>\\n </KmsInstances>\\n <TotalCount>1</TotalCount>\\n <PageNumber>1</PageNumber>\\n <PageSize>10</PageSize>\\n</ListKmsInstancesResponse>","errorExample":""}]', - 'title' => 'ListKmsInstances', + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3da5b8cc-8107-40ac-a170-793cd181d7b7\\"\\n}","errorExample":""},{"type":"xml","example":"<CancelKeyDeletionResponse>\\n <RequestId>3da5b8cc-8107-40ac-a170-793cd181d7b7</RequestId>\\n</CancelKeyDeletionResponse>","errorExample":""}]', + 'title' => 'CancelKeyDeletion', + 'summary' => 'Cancels the deletion task of a CMK.', + 'description' => 'If the deletion task of a CMK is canceled, the CMK returns to the Enabled state.'."\n", + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], ], 'ConnectKmsInstance' => [ 'summary' => 'Enables a Key Management Service (KMS) instance.', - 'methods' => [ - 'post', - ], - 'schemes' => [ - 'https', - ], + 'methods' => ['post'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -528,60 +625,33 @@ 'systemTags' => [ 'operationType' => 'none', 'abilityTreeCode' => '190287', - 'abilityTreeNodes' => [ - 'FEATUREkms586TOR', - ], + 'abilityTreeNodes' => ['FEATUREkms586TOR'], ], 'parameters' => [ [ 'name' => 'KmsInstanceId', 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the KMS instance that you want to enable.'."\n", - 'type' => 'string', - 'required' => true, - 'example' => 'kst-phzz64f722a1buamw0****', - ], + 'schema' => ['description' => 'The ID of the KMS instance that you want to enable.'."\n", 'type' => 'string', 'required' => true, 'example' => 'kst-phzz64f722a1buamw0****', 'title' => ''], ], [ 'name' => 'VpcId', 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the virtual private cloud (VPC) that is associated with the KMS instance.'."\n", - 'type' => 'string', - 'required' => true, - 'example' => 'vpc-bp19z7cwmltad5dff****', - ], + 'schema' => ['description' => 'The ID of the virtual private cloud (VPC) that is associated with the KMS instance.'."\n", 'type' => 'string', 'required' => true, 'example' => 'vpc-bp19z7cwmltad5dff****', 'title' => ''], ], [ 'name' => 'ZoneIds', 'in' => 'query', - 'schema' => [ - 'description' => 'The two zones for the KMS instance. Dual-zone deployment improves service availability and disaster recovery capabilities.'."\n", - 'type' => 'string', - 'required' => true, - 'example' => 'cn-hangzhou-k,cn-hangzhou-j', - ], + 'schema' => ['description' => 'The two zones for the KMS instance. Dual-zone deployment improves service availability and disaster recovery capabilities.'."\n", 'type' => 'string', 'required' => true, 'example' => 'cn-hangzhou-k,cn-hangzhou-j', 'title' => ''], ], [ 'name' => 'VSwitchIds', 'in' => 'query', - 'schema' => [ - 'description' => 'The vSwitch in the two zones. The vSwitch must have at least one available IP address.'."\n", - 'type' => 'string', - 'required' => true, - 'example' => 'vsw-bp1i512amda6d10a0****', - ], + 'schema' => ['description' => 'The vSwitch in the two zones. The vSwitch must have at least one available IP address.'."\n", 'type' => 'string', 'required' => true, 'example' => 'vsw-bp1i512amda6d10a0****', 'title' => ''], ], [ 'name' => 'KMProvider', 'in' => 'query', - 'schema' => [ - 'description' => 'The provider of the KMS instance. Set the value to Aliyun.'."\n", - 'type' => 'string', - 'required' => true, - 'example' => 'Aliyun', - ], + 'schema' => ['description' => 'The provider of the KMS instance. Set the value to Aliyun.'."\n", 'type' => 'string', 'required' => true, 'example' => 'Aliyun', 'title' => ''], ], ], 'responses' => [ @@ -591,336 +661,164 @@ 'description' => 'The response message.'."\n", 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'title' => 'Id of the request', - 'description' => 'The request ID.'."\n", - 'type' => 'string', - 'example' => 'd3eca5c8-a856-4347-8eb6-e1898c3fda2e', - ], + 'RequestId' => ['title' => 'Id of the request', 'description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'd3eca5c8-a856-4347-8eb6-e1898c3fda2e'], ], + 'example' => '', ], ], ], - 'staticInfo' => [ - 'returnType' => 'synchronous', - ], + 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"d3eca5c8-a856-4347-8eb6-e1898c3fda2e\\"\\n}","errorExample":""},{"type":"xml","example":"<ConnectKmsInstanceResponse>\\n <RequestId>d3eca5c8-a856-4347-8eb6-e1898c3fda2e</RequestId>\\n</ConnectKmsInstanceResponse>","errorExample":""}]', 'title' => 'ConnectKmsInstance', 'description' => '### [](#)Limits'."\n" ."\n" .'You can enable only instances of the software key management type. You cannot enable instances of the hardware key management type.'."\n", - ], - 'GetKmsInstance' => [ - 'methods' => [ - 'get', - 'post', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'CreateAlias' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'read', + 'operationType' => 'write', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'get', - 'riskType' => 'none', - 'chargeType' => 'free', - 'abilityTreeCode' => '191299', - 'abilityTreeNodes' => [ - 'FEATUREkms586TOR', - ], - ], + 'systemTags' => ['operationType' => 'create'], 'parameters' => [ [ - 'name' => 'KmsInstanceId', + 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'title' => 'A short description of struct', - 'description' => 'The ID of the KMS instance that you want to query.'."\n", - 'type' => 'string', - 'required' => true, - 'example' => 'kst-bjj62f5ba3dnpb6v8****', - ], + 'schema' => ['description' => 'The ID of the CMK. The ID must be globally unique.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '7906979c-8e06-46a2-be2d-68e3ccbc****', 'title' => ''], + ], + [ + 'name' => 'AliasName', + 'in' => 'query', + 'schema' => ['description' => 'The alias of the CMK.'."\n" + ."\n" + .'The alias must be 1 to 255 characters in length and must contain the prefix `alias/`. The alias cannot be prefixed with the reserved word `alias/acs`.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'alias/example', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ - 'title' => 'Schema of Response', - 'description' => 'The details of the KMS instance.'."\n", 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'title' => 'Id of the request', - 'description' => 'The request ID.'."\n", - 'type' => 'string', - 'example' => '46b4a94a-57d2-44b4-9810-1e87d31abb33', - ], - 'KmsInstance' => [ - 'description' => 'The details of the KMS instance.'."\n", - 'type' => 'object', - 'properties' => [ - 'InstanceId' => [ - 'description' => 'The ID of the KMS instance.'."\n", - 'type' => 'string', - 'example' => 'kst-bjj62f5ba3dnpb6v8****', - ], - 'InstanceName' => [ - 'description' => 'The name of the KMS instance.'."\n", - 'type' => 'string', - 'example' => 'kst-bjj62f5ba3dnpb6v8****', - ], - 'Status' => [ - 'description' => 'The status of the KMS instance. Valid values:'."\n" - ."\n" - .'* Uninitialized: The KMS instance is not enabled.'."\n" - .'* Connecting: The KMS instance is being connected.'."\n" - .'* Connected: The KMS instance is enabled.'."\n" - .'* Disconnected: The KMS instance is disconnected.'."\n" - .'* Error: The KMS instance is abnormal.'."\n", - 'type' => 'string', - 'example' => 'Connected', - ], - 'CreateTime' => [ - 'description' => 'The time when the KMS instance is created.'."\n", - 'type' => 'string', - 'example' => '2023-09-05T12:44:20Z', - ], - 'Spec' => [ - 'description' => 'The computing performance of the KMS instance.'."\n", - 'type' => 'integer', - 'format' => 'int64', - 'example' => '1000', - ], - 'KeyNum' => [ - 'description' => 'The number of keys that can be created for the KMS instance.'."\n", - 'type' => 'integer', - 'format' => 'int64', - 'example' => '1000', - ], - 'SecretNum' => [ - 'description' => 'The number of secrets that can be created for the KMS instance.'."\n", - 'type' => 'string', - 'example' => '10', - ], - 'VpcNum' => [ - 'description' => 'The access management quota for the KMS instance.'."\n", - 'type' => 'integer', - 'format' => 'int64', - 'example' => '5', - ], - 'VpcId' => [ - 'description' => 'The virtual private cloud (VPC) with which the KMS instance is associated.'."\n", - 'type' => 'string', - 'example' => 'vpc-bp19z7cwmltad5dff****', - ], - 'ZoneIds' => [ - 'description' => 'The zone with which the KMS instance is associated.'."\n", - 'type' => 'array', - 'example' => '"cn-hangzhou-k", "cn-hangzhou-j"', - 'items' => [ - 'type' => 'string', - ], - ], - 'VswitchIds' => [ - 'description' => 'The vSwitch in the VPC.'."\n", - 'type' => 'array', - 'example' => 'vsw-bp1i512amda6d10a0****', - 'items' => [ - 'type' => 'string', - ], - ], - 'EndDate' => [ - 'title' => '到期时间'."\n", - 'description' => 'The expiration time of the KMS instance.'."\n", - 'type' => 'string', - 'example' => '2023-10-05T16:00:00Z', - ], - 'StartDate' => [ - 'description' => 'The time when the KMS instance is enabled.'."\n", - 'type' => 'string', - 'example' => '2023-09-05T12:44:19Z', - ], - 'CaCertificateChainPem' => [ - 'description' => 'The content of the certificate authority (CA) certificate of the KMS instance.'."\n", - 'type' => 'string', - 'example' => '-----BEGIN CERTIFICATE-----\\r\\nMIIDuzCCAqOgAwIBAgIJALTKwWAjvbMiMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNV****-----END CERTIFICATE-----', - ], - 'BindVpcs' => [ - 'type' => 'object', - 'itemNode' => true, - 'properties' => [ - 'BindVpc' => [ - 'description' => 'A list of associated VPCs.'."\n" - ."\n" - .'> If your self-managed applications are deployed in multiple VPCs in the same region, you can associate VPCs with the KMS instance beyond the VPC that you specify when you enable the KMS instance. The VPCs can belong to the same Alibaba Cloud account or different Alibaba Cloud accounts. After the configuration is complete, self-managed applications in the VPCs can access the specified KMS instance.'."\n", - 'type' => 'array', - 'items' => [ - 'description' => '', - 'type' => 'object', - 'properties' => [ - 'RegionId' => [ - 'description' => 'The region to which the VPC belongs.'."\n", - 'type' => 'string', - 'example' => 'cn-hangzhou', - ], - 'VpcId' => [ - 'description' => 'The ID of the VPC.'."\n", - 'type' => 'string', - 'example' => 'vpc-bp19z7djuhtad5dff****', - ], - 'VpcOwnerId' => [ - 'description' => 'The Alibaba Cloud account to which the VPC belongs.'."\n", - 'type' => 'string', - 'example' => '190325303126****', - ], - 'VSwitchId' => [ - 'description' => 'The vSwitch in the VPC.'."\n", - 'type' => 'string', - 'example' => 'vsw-bp1i512amhdje10f1****', - ], - ], - ], - ], - ], - ], - 'ChargeType' => [ - 'type' => 'string', - ], - 'ProductVersion' => [ - 'type' => 'string', - ], - 'SaleStatus' => [ - 'type' => 'string', - ], - 'Log' => [ - 'type' => 'integer', - 'format' => 'int64', - ], - 'LogStorage' => [ - 'type' => 'integer', - 'format' => 'int64', - ], - 'ProductType' => [ - 'type' => 'string', - ], - 'DeletionProtection' => [ - 'title' => '', - 'type' => 'boolean', - ], - 'DeletionProtectionDescription' => [ - 'type' => 'string', - ], - ], - ], + 'RequestId' => ['description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", 'type' => 'string', 'example' => '1d2baaf3-d357-46c2-832e-13560c2bd9cd', 'title' => ''], ], + 'description' => '', + 'title' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'IllegalTimestamp', - 'errorMessage' => 'The input parameter Timestamp that is mandatory for processing this request is not supplied.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], + ], + 404 => [ + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"46b4a94a-57d2-44b4-9810-1e87d31abb33\\",\\n \\"KmsInstance\\": {\\n \\"InstanceId\\": \\"kst-bjj62f5ba3dnpb6v8****\\",\\n \\"InstanceName\\": \\"kst-bjj62f5ba3dnpb6v8****\\",\\n \\"Status\\": \\"Connected\\",\\n \\"CreateTime\\": \\"2023-09-05T12:44:20Z\\",\\n \\"Spec\\": 1000,\\n \\"KeyNum\\": 1000,\\n \\"SecretNum\\": \\"10\\",\\n \\"VpcNum\\": 5,\\n \\"VpcId\\": \\"vpc-bp19z7cwmltad5dff****\\",\\n \\"ZoneIds\\": {\\n \\"undefined\\": [\\n \\"\\"\\n ]\\n },\\n \\"VswitchIds\\": {\\n \\"undefined\\": [\\n \\"\\"\\n ]\\n },\\n \\"EndDate\\": \\"2023-10-05T16:00:00Z\\",\\n \\"StartDate\\": \\"2023-09-05T12:44:19Z\\",\\n \\"CaCertificateChainPem\\": \\"-----BEGIN CERTIFICATE-----\\\\\\\\r\\\\\\\\nMIIDuzCCAqOgAwIBAgIJALTKwWAjvbMiMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNV****-----END CERTIFICATE-----\\",\\n \\"BindVpcs\\": {\\n \\"BindVpc\\": [\\n {\\n \\"RegionId\\": \\"cn-hangzhou\\",\\n \\"VpcId\\": \\"vpc-bp19z7djuhtad5dff****\\",\\n \\"VpcOwnerId\\": \\"190325303126****\\",\\n \\"VSwitchId\\": \\"vsw-bp1i512amhdje10f1****\\"\\n }\\n ]\\n },\\n \\"ChargeType\\": \\"POSTPAY\\",\\n \\"ProductVersion\\": \\"3\\",\\n \\"SaleStatus\\": \\"\\",\\n \\"Log\\": 0,\\n \\"LogStorage\\": 0,\\n \\"ProductType\\": \\"\\",\\n \\"DeletionProtection\\": true,\\n \\"DeletionProtectionDescription\\": \\"\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"<GetKmsInstanceResponse>\\n <RequestId>46b4a94a-57d2-44b4-9810-1e87d31abb33</RequestId>\\n <KmsInstance>\\n <InstanceId>kst-bjj62f5ba3dnpb6v8****</InstanceId>\\n <InstanceName>kst-bjj62f5ba3dnpb6v8****</InstanceName>\\n <Status>Connected</Status>\\n <CreateTime>2023-09-05T12:44:20Z</CreateTime>\\n <Spec>1000</Spec>\\n <KeyNum>1000</KeyNum>\\n <SecretNum>10</SecretNum>\\n <VpcNum>5</VpcNum>\\n <VpcId>vpc-bp19z7cwmltad5dff****</VpcId>\\n <ZoneIds>\\"cn-hangzhou-k\\", \\"cn-hangzhou-j\\"</ZoneIds>\\n <VswitchIds>vsw-bp1i512amda6d10a0****</VswitchIds>\\n <EndDate>2023-10-05T16:00:00Z</EndDate>\\n <StartDate>2023-09-05T12:44:19Z</StartDate>\\n <CaCertificateChainPem>-----BEGIN CERTIFICATE-----\\\\r\\\\nMIIDuzCCAqOgAwIBAgIJALTKwWAjvbMiMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNV****-----END CERTIFICATE-----</CaCertificateChainPem>\\n <BindVpcs>\\n <RegionId>cn-hangzhou</RegionId>\\n <VpcId>vpc-bp19z7djuhtad5dff****</VpcId>\\n <VpcOwnerId>190325303126****</VpcOwnerId>\\n <VSwitchId>vsw-bp1i512amhdje10f1****</VSwitchId>\\n </BindVpcs>\\n </KmsInstance>\\n</GetKmsInstanceResponse>","errorExample":""}]', - 'title' => 'GetKmsInstance', - 'summary' => 'Queries the details of a Key Management Service (KMS) instance.', + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"1d2baaf3-d357-46c2-832e-13560c2bd9cd\\"\\n}","errorExample":""},{"type":"xml","example":"<CreateAliasResponse>\\n <RequestId>1d2baaf3-d357-46c2-832e-13560c2bd9cd</RequestId>\\n</CreateAliasResponse>","errorExample":""}]', + 'title' => 'CreateAlias', + 'summary' => 'Creates an alias for a key.', + 'description' => '* Each alias can be bound to only one CMK at a time.'."\n" + .'* The aliases of CMKs in the same region must be unique.'."\n" + ."\n" + .'In this topic, an alias named `alias/example` is created for a CMK named `7906979c-8e06-46a2-be2d-68e3ccbc****`.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], ], - 'UpdateKmsInstanceBindVpc' => [ - 'summary' => 'Updates the virtual private cloud (VPC) that is associated with a Key Management Service (KMS) instance.', - 'methods' => [ - 'get', - 'post', - ], - 'schemes' => [ - 'https', - ], + 'CreateApplicationAccessPoint' => [ + 'summary' => 'Creates an application access point (AAP)', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], + 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'none', - 'abilityTreeCode' => '193192', - 'abilityTreeNodes' => [ - 'FEATUREkms586TOR', - ], + 'operationType' => 'create', + 'abilityTreeCode' => '54651', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], + 'tenantRelevance' => 'publicInformation', ], 'parameters' => [ [ - 'name' => 'KmsInstanceId', + 'name' => 'Name', 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the KMS instance.'."\n", - 'type' => 'string', - 'required' => true, - 'example' => 'kst-phzz64f722a1buamw0****', - ], + 'schema' => ['description' => 'The name of the AAP.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'aap_test', 'title' => ''], ], [ - 'name' => 'BindVpcs', + 'name' => 'Description', 'in' => 'query', - 'schema' => [ - 'description' => 'The VPC configuration. The configuration of each VPC contains the following content:'."\n" - ."\n" - .'* VpcId: the ID of the VPC.'."\n" - .'* VSwitchId: the vSwitch in the VPC.'."\n" - .'* RegionID: the ID of the region to which the VPC belongs.'."\n" - .'* VpcOwnerId: the Alibaba Cloud account to which the VPC belongs.'."\n" - ."\n" - .'Format: `[{"VpcId":"${VpcId}","VSwitchId":"${VSwitchId}","RegionId":"${RegionId}","VpcOwnerId":${VpcOwnerId}},..]`.'."\n", - 'type' => 'string', - 'required' => true, - 'example' => '[{"VpcId":"vpc-bp1go9qvmj78j4f4c****","VSwitchId":"vsw-bp16c5pvvcf0fp5b9****","RegionId":"cn-hangzhou","VpcOwnerId":120708975881****},{"VpcId":"vpc-bp14c07ucxg6h1xjm****","VSwitchId":"vsw-bp1wujtnspi1l3gvu****","RegionId":"cn-hangzhou","VpcOwnerId":119285303511****}]', - ], + 'schema' => ['description' => 'The description of the AAP.'."\n", 'type' => 'string', 'required' => false, 'example' => 'aap description', 'title' => ''], + ], + [ + 'name' => 'AuthenticationMethod', + 'in' => 'query', + 'schema' => ['title' => '', 'description' => 'The authentication method. Currently, only ClientKey is supported.'."\n", 'type' => 'string', 'required' => false, 'example' => 'ClientKey'], + ], + [ + 'name' => 'Policies', + 'in' => 'query', + 'schema' => ['description' => 'The permission policy.'."\n" + ."\n" + .'> You can bind up to three permission policies to each AAP.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ - 'title' => 'Schema of Response', - 'description' => 'Schema of Response', 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'title' => 'Id of the request', - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => 'd3eca5c8-a856-4347-8eb6-e1898c3fda2e', - ], + 'RequestId' => ['description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", 'type' => 'string', 'example' => 'bcfefe15-46f0-44a3-bd96-3d422474b71a', 'title' => ''], + 'Description' => ['description' => 'The description of the AAP.'."\n", 'type' => 'string', 'example' => 'aap description', 'title' => ''], + 'Policies' => ['description' => 'The permission policy.'."\n", 'type' => 'string', 'example' => '["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]', 'title' => ''], + 'Name' => ['description' => 'The name of the AAP.'."\n", 'type' => 'string', 'example' => 'aap_test', 'title' => ''], + 'Arn' => ['description' => 'The Alibaba Cloud Resource Name (ARN) of the AAP.'."\n", 'type' => 'string', 'example' => 'acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test', 'title' => ''], + 'AuthenticationMethod' => ['description' => 'The authentication method.'."\n", 'type' => 'string', 'example' => 'ClientKey', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], - 'staticInfo' => [ - 'returnType' => 'synchronous', + 'errorCodes' => [ + 409 => [ + ['errorCode' => 'Rejected.ResourceExist', 'errorMessage' => 'The request was rejected because the resource already exists.', 'description' => 'The resource already exists.'], + ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"d3eca5c8-a856-4347-8eb6-e1898c3fda2e\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateKmsInstanceBindVpcResponse>\\n <RequestId>d3eca5c8-a856-4347-8eb6-e1898c3fda2e</RequestId>\\n</UpdateKmsInstanceBindVpcResponse>","errorExample":""}]', - 'title' => 'UpdateKmsInstanceBindVpc', - 'description' => 'If your own applications are deployed in multiple VPCs in the same region, you can associate the VPCs except the VPC in which the KMS instance resides with the KMS instance. This topic describes how to configure the VPCs.'."\n" + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"bcfefe15-46f0-44a3-bd96-3d422474b71a\\",\\n \\"Description\\": \\"aap description\\",\\n \\"Policies\\": \\"[\\\\\\"kst-hzz62ee817bvyyr5x****.efkd\\\\\\",\\\\\\"kst-hzz62ee817bvyyr5x****.eyyp\\\\\\"]\\",\\n \\"Name\\": \\"aap_test\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test\\",\\n \\"AuthenticationMethod\\": \\"ClientKey\\"\\n}","errorExample":""},{"type":"xml","example":"<CreateApplicationAccessPointResponse>\\n <RequestId>bcfefe15-46f0-44a3-bd96-3d422474b71a</RequestId>\\n <Description>aap description</Description>\\n <Policies>[\\"kst-hzz62ee817bvyyr5x****.efkd\\",\\"kst-hzz62ee817bvyyr5x****.eyyp\\"]</Policies>\\n <Name>aap_test</Name>\\n <Arn>acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test</Arn>\\n <AuthenticationMethod>ClientKey</AuthenticationMethod>\\n</CreateApplicationAccessPointResponse>","errorExample":""}]', + 'title' => 'CreateApplicationAccessPoint', + 'description' => 'To perform cryptographic operations and retrieve secret values, self-managed applications must use a client key to access a Key Management Service (KMS) instance. The following process shows how to create a client key-based AAP:'."\n" ."\n" - .'The VPCs can belong to the same Alibaba Cloud account or different Alibaba Cloud accounts. After the configuration is complete, the applications in these VPCs can access the KMS instance.'."\n" - ."\n\n" - .'> If the VPCs belong to different Alibaba Cloud accounts, you must first configure resource sharing to share the vSwitches of other Alibaba Cloud accounts with the Alibaba Cloud account to which the KMS instance belongs. For more information, see [Access a KMS instance from multiple VPCs in the same region](~~2393236~~).', - ], - 'ReleaseKmsInstance' => [ - 'summary' => '仅后付费实例支持释放,预付费实例需要从用户中心-退订管理释放。', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + .'1.Create a network access rule: You can configure the private IP addresses or private CIDR blocks that are allowed to access KMS. For more information, see [CreateNetworkRule](~~2539407~~).'."\n" + ."\n" + .'2.Create a permission policy: You can configure the keys and secrets that are allowed to access and bind network access rules to the keys and secrets. For more information, see [CreatePolicy](~~2539454~~).'."\n" + ."\n" + .'3.Create an AAP: You can configure an authentication method and bind a permission policy to an AAP. This topic describes how to create an AAP.'."\n" + ."\n" + .'4.Create a client key: You can configure the encryption password and validity period of a client key and bind the client key to an AAP. For more information, see [CreateClientKey](~~2539509~~).', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'CreateClientKey' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -929,152 +827,89 @@ 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'delete', - 'abilityTreeCode' => '222135', - 'abilityTreeNodes' => [ - 'FEATUREkms586TOR', - ], + 'operationType' => 'create', + 'abilityTreeCode' => '54635', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], + 'tenantRelevance' => 'publicInformation', ], 'parameters' => [ [ - 'name' => 'KmsInstanceId', + 'name' => 'AapName', 'in' => 'query', - 'schema' => [ - 'title' => '仅限于后付费实例', - 'description' => '', - 'type' => 'string', - 'required' => true, - 'example' => 'kst-hzz6****', - ], + 'schema' => ['description' => 'The operation that you want to perform. Set the value to **CreateClientKey**.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'aap_test', 'title' => ''], ], [ - 'name' => 'ForceDeleteWithoutBackup', + 'name' => 'Password', 'in' => 'query', - 'schema' => [ - 'title' => '没有备份情况下也强制删除。'."\n" - .'默认情况下没有备份返回禁止删除', - 'description' => '', - 'type' => 'string', - 'required' => false, - 'example' => 'false', - ], - ], - ], - 'responses' => [ - 200 => [ - 'schema' => [ - 'title' => 'Schema of Response', - 'description' => '', - 'type' => 'object', - 'properties' => [ - 'RequestId' => [ - 'title' => 'Id of the request', - 'description' => '', - 'type' => 'string', - 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', - ], - ], - ], - ], - ], - 'errorCodes' => [ - 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], - [ - 'errorCode' => 'Rejected.UnsupportedOperation', - 'errorMessage' => 'Unsupported operation.', - ], + 'schema' => ['description' => 'The name of the AAP.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'bcfefe15-46f0****', 'title' => ''], ], - 403 => [ - [ - 'errorCode' => 'Forbidden.DKMSInstanceNotFound', - 'errorMessage' => 'The specified DKMS Instance is not found.', - ], - [ - 'errorCode' => 'Forbidden.NoBackup', - 'errorMessage' => 'this kms instance no backup, forbidden delete.', - ], - ], - 503 => [ - [ - 'errorCode' => 'SerivceUnvailableTemporary', - 'errorMessage' => 'Service Unvailable Temporary', - ], - ], - ], - 'staticInfo' => [ - 'returnType' => 'synchronous', - ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\"\\n}","errorExample":""},{"type":"xml","example":"<ReleaseKmsInstanceResponse>\\n <RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>\\n</ReleaseKmsInstanceResponse>","errorExample":""}]', - 'title' => 'ReleaseKmsInstance', - ], - 'GetDefaultKmsInstance' => [ - 'summary' => '获取默认KMS实例', - 'methods' => [ - 'get', - 'post', - ], - 'schemes' => [ - 'https', - ], - 'security' => [ [ - 'AK' => [], + 'name' => 'NotAfter', + 'in' => 'query', + 'schema' => ['description' => 'The encryption password of the client key.'."\n" + ."\n" + .'The password must be 8 to 64 characters in length and must contain at least two of the following types: digits, letters, and special characters. Special characters include `~ ! @ # $ % ^ & * ? _ -`.'."\n", 'type' => 'string', 'required' => false, 'example' => '2028-08-31T17:14:33Z', 'title' => ''], ], - ], - 'operationType' => 'read', - 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'get', - 'riskType' => 'none', - 'chargeType' => 'free', - 'abilityTreeCode' => '274501', - 'abilityTreeNodes' => [ - 'FEATUREkms586TOR', + [ + 'name' => 'NotBefore', + 'in' => 'query', + 'schema' => ['description' => 'The end of the validity period of the client key.'."\n" + ."\n" + .'Specify the time in the ISO 8601 standard. The time must be in UTC. The time must be in the yyyy-MM-ddTHH:mm:ssZ format.'."\n" + ."\n" + .'> '."\n" + ."\n" + .'* If you do not configure NotAfter, the default value is the time when the client key was created plus five years.'."\n" + .'* If you configure NotAfter, you must configure NotBefore.'."\n", 'type' => 'string', 'required' => false, 'example' => '2023-08-31T17:14:33Z', 'title' => ''], ], - 'autoTest' => true, - 'tenantRelevance' => 'tenant', ], - 'parameters' => [], 'responses' => [ 200 => [ 'schema' => [ - 'title' => 'Schema of Response', - 'description' => '', 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'title' => 'Id of the request', - 'description' => '', - 'type' => 'string', - 'example' => 'bbc4e9ab-c76f-48ca-9c2a-8535772117e2', - ], - 'DefaultKmsInstanceId' => [ - 'description' => '', - 'type' => 'string', - 'example' => 'kst-hzz65f176a0ogplgq****', - ], + 'RequestId' => ['description' => 'The beginning of the validity period of the client key.'."\n" + ."\n" + .'Specify the time in the ISO 8601 standard. The time must be in UTC. The time must be in the yyyy-MM-ddTHH:mm:ssZ format.'."\n" + ."\n" + .'> '."\n" + ."\n" + .'* If you do not configure NotBefore, the default value is the time when the client key was created.'."\n" + .'* If you configure NotBefore, you must configure NotAfter.'."\n", 'type' => 'string', 'example' => '2312e45f-b2fa-4c34-ad94-3eca50932916', 'title' => ''], + 'ClientKeyId' => ['description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", 'type' => 'string', 'example' => 'KAAP.66abf237-63f6-4625-b8cf-47e1086e****', 'title' => ''], + 'KeyAlgorithm' => ['description' => 'The ID of the client key.'."\n", 'type' => 'string', 'example' => 'RSA_2048', 'title' => ''], + 'PrivateKeyData' => ['description' => 'The algorithm that is used to encrypt the private key of the client key. Currently, only RSA\\_2048 is supported.'."\n", 'type' => 'string', 'example' => 'MIIJqwIBAzCCCXcGCSqGSIb3DQEHAaCCCWgEgglkMIIJYDCCBBcGCSqGSIb3DQEHBqCCBAgwgg******', 'title' => ''], + 'NotBefore' => ['description' => 'The private key of the client key.'."\n", 'type' => 'string', 'example' => '2023-08-31T17:14:33Z', 'title' => ''], + 'NotAfter' => ['description' => 'The beginning of the validity period of the client key.'."\n", 'type' => 'string', 'example' => '2028-08-31T17:14:33Z', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], - 'staticInfo' => [ - 'returnType' => 'synchronous', + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"2312e45f-b2fa-4c34-ad94-3eca50932916\\",\\n \\"ClientKeyId\\": \\"KAAP.66abf237-63f6-4625-b8cf-47e1086e****\\",\\n \\"KeyAlgorithm\\": \\"RSA_2048\\",\\n \\"PrivateKeyData\\": \\"MIIJqwIBAzCCCXcGCSqGSIb3DQEHAaCCCWgEgglkMIIJYDCCBBcGCSqGSIb3DQEHBqCCBAgwgg******\\",\\n \\"NotBefore\\": \\"2023-08-31T17:14:33Z\\",\\n \\"NotAfter\\": \\"2028-08-31T17:14:33Z\\"\\n}","errorExample":""},{"type":"xml","example":"<CreateClientKeyResponse>\\n <RequestId>2312e45f-b2fa-4c34-ad94-3eca50932916</RequestId>\\n <ClientKeyId>KAAP.66abf237-63f6-4625-b8cf-47e1086e****</ClientKeyId>\\n <KeyAlgorithm>RSA_2048</KeyAlgorithm>\\n <PrivateKeyData>MIIJqwIBAzCCCXcGCSqGSIb3DQEHAaCCCWgEgglkMIIJYDCCBBcGCSqGSIb3DQEHBqCCBAgwgg******</PrivateKeyData>\\n <NotBefore>2023-08-31T17:14:33Z</NotBefore>\\n <NotAfter>2028-08-31T17:14:33Z</NotAfter>\\n</CreateClientKeyResponse>","errorExample":""}]', + 'title' => 'CreateClientKey', + 'summary' => 'Creates a client key.', + 'description' => 'To perform cryptographic operations and retrieve secret values, self-managed applications must use a client key to access a Key Management Service (KMS) instance. The following process shows how to create a client key-based application access point (AAP):'."\n" + ."\n" + .'1.Create an access control rule: You can configure the private IP addresses or private CIDR blocks that are allowed to access a KMS instance. For more information, see [CreateNetworkRule](~~2539407~~).'."\n" + ."\n" + .'2.Create a permission policy: You can configure the keys and secrets that are allowed to access and bind access control rules to the keys and secrets. For more information, see [CreatePolicy](~~2539454~~).'."\n" + ."\n" + .'3.Create an AAP: You can configure an authentication method and bind a permission policy to an AAP. For more information, see [CreateApplicationAccessPoint](~~2539467~~).'."\n" + ."\n" + .'4.Create a client key: You can configure the encryption password and validity period of a client key and bind the client key to an AAP.'."\n" + .'### Precautions'."\n" + .'A client key has a validity period. After a client key expires, applications into which the client key is integrated cannot access the required KMS instance. You must replace the client key before the client key expires. We recommend that you delete the expired client key in KMS after the new client key is used.', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], - 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"bbc4e9ab-c76f-48ca-9c2a-8535772117e2\\",\\n \\"DefaultKmsInstanceId\\": \\"kst-hzz65f176a0ogplgq****\\"\\n}","type":"json"}]', ], 'CreateKey' => [ - 'summary' => 'Creates a key.', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -1085,162 +920,172 @@ 'systemTags' => [ 'operationType' => 'create', 'abilityTreeCode' => '54546', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', - ], + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], 'tenantRelevance' => 'publicInformation', ], 'parameters' => [ [ 'name' => 'Description', 'in' => 'query', - 'schema' => [ - 'description' => 'The description of the key.'."\n" - ."\n" - .'The description can be 0 to 8,192 characters in length.', - 'type' => 'string', - 'required' => false, - 'example' => 'key description example', - ], + 'schema' => ['description' => 'The description of the key.<br> The description can be 0 to 8,192 characters in length.<br>', 'type' => 'string', 'required' => false, 'example' => 'key description example', 'title' => ''], ], [ 'name' => 'KeyUsage', 'in' => 'query', - 'schema' => [ - 'description' => 'The usage of the key. Valid values:'."\n" - ."\n" - .'- ENCRYPT/DECRYPT'."\n" - .'- SIGN/VERIFY'."\n" - ."\n" - .'If the key supports signing and verification, the default value is SIGN/VERIFY. If the key does not support signing and verification, the default value is ENCRYPT/DECRYPT.', - 'type' => 'string', - 'required' => false, - 'example' => 'ENCRYPT/DECRYPT', - 'default' => 'ENCRYPT/DECRYPT', - ], + 'schema' => ['description' => 'The usage of the key. Valid values:'."\n" + ."\n" + .'- ENCRYPT/DECRYPT: encrypts and decrypts data.'."\n" + ."\n" + .'- SIGN/VERIFY: generates and verifies digital signatures.'."\n" + ."\n" + .'Default value: If the key supports signature verification, the default value is SIGN/VERIFY. Otherwise, the default value is ENCRYPT/DECRYPT.', 'type' => 'string', 'required' => false, 'default' => 'ENCRYPT/DECRYPT', 'example' => 'ENCRYPT/DECRYPT', 'title' => ''], ], [ 'name' => 'Origin', 'in' => 'query', - 'schema' => [ - 'description' => 'The key material origin. Valid values:'."\n" - ."\n" - .'- Aliyun_KMS (default): KMS generates key material.'."\n" - .'- EXTERNAL: You import key material.'."\n" - ."\n\n" - .'> - The value of this parameter is case-sensitive.'."\n" - .'> - Default keys of the customer master key (CMK) type support Aliyun_KMS and EXTERNAL. Keys in instances of the software key management type support only Aliyun_KMS. Keys in instances of the hardware key management type support Aliyun_KMS and EXTERNAL.'."\n" - .'> - If you set Origin to EXTERNAL, you must import key material. For more information, see [Import key material into a symmetric key](~~607841~~) or [Import key material into an asymmetric key](~~608827~~).', - 'type' => 'string', - 'required' => false, - 'example' => 'Aliyun_KMS', - ], + 'schema' => ['description' => 'The source of the key material. Valid values:'."\n" + ."\n" + .'- Aliyun\\_KMS (default): The key material is generated by Alibaba Cloud KMS.'."\n" + ."\n" + .'- EXTERNAL: The key material is imported.'."\n" + ."\n" + .'> * The value is case-sensitive.'."\n" + ."\n" + .'- If you set this parameter to EXTERNAL, import key material. For more information, see [Import key material for a symmetric key](~~607841~~) or [Import key material for an asymmetric key](~~608827~~).', 'type' => 'string', 'required' => false, 'example' => 'Aliyun_KMS', 'title' => ''], ], [ 'name' => 'ProtectionLevel', 'in' => 'query', - 'schema' => [ - 'description' => 'You do not need to specify this parameter. KMS sets a protection level for your key.'."\n" - ."\n" - .'The protection level of the key. Valid values:'."\n" - ."\n" - .'- SOFTWARE'."\n" - .'- HSM'."\n" - ."\n\n" - .'> - If DKMSInstanceId is specified, this parameter does not take effect. If your instance is an instance of the software key management type, set the value to SOFTWARE. If your instance is an instance of the hardware key management type, set the value to HSM.'."\n" - .'> - If you do not specify DKMSInstanceId, we recommend that you do not specify this parameter. KMS sets a protection level for your key. If managed hardware security modules (HSMs) exist in the region of your KMS instance, set the value to HSM. If managed HSMs do not exist in the region of your KMS instance, set the value to SOFTWARE. For more information, see Managed HSM overview.', - 'type' => 'string', - 'required' => false, - 'example' => 'SOFTWARE', - ], + 'schema' => ['description' => 'You do not need to specify this parameter. KMS automatically sets an appropriate protection level for your key.'."\n" + ."\n" + .'The protection level of the key. Valid values:'."\n" + ."\n" + .'- SOFTWARE'."\n" + ."\n" + .'- HSM'."\n" + ."\n" + .'> * If you specify DKMSInstanceId, this parameter is ignored. If the instance is a software key management instance, the protection level is SOFTWARE. If the instance is a hardware key management instance, the protection level is HSM.'."\n" + ."\n" + .'- If you do not specify DKMSInstanceId, leave this parameter empty. KMS sets the protection level. If a managed HSM is available in the region, KMS sets this parameter to HSM. Otherwise, KMS sets this parameter to SOFTWARE. For more information, see [Managed HSM overview](~~125803~~).', 'type' => 'string', 'required' => false, 'example' => 'SOFTWARE', 'title' => ''], ], [ 'name' => 'EnableAutomaticRotation', 'in' => 'query', - 'schema' => [ - 'description' => 'Specifies whether to enable automatic key rotation. Valid values:'."\n" - ."\n" - .'- true'."\n" - .'- false (default)'."\n" - ."\n" - .'This parameter is valid only when the key belongs to an instance type that supports automatic rotation. For more information, see [Key rotation](~~2358146~~).', - 'type' => 'boolean', - 'required' => false, - 'example' => 'true', - ], + 'schema' => ['description' => 'Specifies whether to enable automatic key rotation. Valid values:'."\n" + ."\n" + .'- true: enables automatic key rotation.'."\n" + ."\n" + .'- false (default): disables automatic key rotation.'."\n" + ."\n" + .'This parameter is valid only when the key management type of the key supports automatic rotation. For more information, see [Key rotation](~~2358146~~).', 'type' => 'boolean', 'required' => false, 'example' => 'true', 'title' => ''], ], [ 'name' => 'RotationInterval', 'in' => 'query', - 'schema' => [ - 'description' => 'The period of automatic key rotation. Format: integer[unit]. Unit: d (day), h (hour), m (minute), or s (second). For example, both 7d and 604800s represent a seven-day interval.'."\n" - ."\n" - .'- For a default key, set the value to 365 days.'."\n" - .'- For a software-protected key, set a value that ranges from 7 to 365 days.'."\n" - .'- A hardware-protected key does not support automatic rotation.'."\n" - ."\n" - .'> If EnableAutomaticRotation is set to true, this parameter is required.', - 'type' => 'string', - 'required' => false, - 'example' => '365d', - ], + 'schema' => ['description' => 'The automatic rotation period. The format is \\`integer\\[unit]\\`. \\`integer\\` indicates the length of the period. \\`unit\\` indicates the unit of time. Valid units: d (day), h (hour), m (minute), and s (second). For example, both 7d and 604800s represent a period of 7 days.'."\n" + ."\n" + .'- If the key is a default key, the value is 365d.'."\n" + ."\n" + .'- If the key is a software-protected key, the value can be from 7d to 365d.'."\n" + ."\n" + .'- If the key is a hardware-protected key, automatic rotation is not supported.'."\n" + ."\n" + .'> This parameter is required if you set EnableAutomaticRotation to true.', 'type' => 'string', 'required' => false, 'example' => '365d', 'title' => ''], ], [ 'name' => 'KeySpec', 'in' => 'query', - 'schema' => [ - 'description' => 'The key specification. The valid values vary based on the KMS instance type. For more information, see [Overview](~~480159~~).'."\n" - ."\n" - .'> If you do not specify a value for this parameter, the default key specification is Aliyun_AES_256.', - 'type' => 'string', - 'required' => false, - 'example' => 'Aliyun_AES_256', - ], + 'schema' => ['description' => 'The specification of the key. The valid values vary based on the key management type. For more information about key specifications, supported standards, and algorithms, see [Key management types and key specifications](~~480161~~).'."\n" + ."\n" + .'> If you do not specify this parameter, the key specification is Aliyun\\_AES\\_256 by default.', 'type' => 'string', 'required' => false, 'example' => 'Aliyun_AES_256', 'title' => ''], ], [ 'name' => 'DKMSInstanceId', 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the KMS instance.'."\n" - ."\n" - .'> You must specify this parameter if you need to create a key for a KMS instance. If you need to create a default key of the CMK type, you do not need to specify this parameter.', - 'type' => 'string', - 'required' => false, - 'example' => 'kst-bjj62d8f5e0sgtx8h****', - ], + 'schema' => ['description' => 'The ID of the KMS instance.'."\n" + ."\n" + .'> This parameter is required when you create a key for a KMS instance. This parameter is not required when you create a default key (master key).', 'type' => 'string', 'required' => false, 'example' => 'kst-bjj62d8f5e0sgtx8h****', 'title' => ''], ], [ 'name' => 'Tags', 'in' => 'query', 'allowEmptyValue' => true, - 'schema' => [ - 'description' => 'The tag that is added to the key. A tag consists of a key-value pair.'."\n" - ."\n" - .'You can enter up to 20 tags. Enter multiple tags in the [{"TagKey":"key1","TagValue":"value1"},{"TagKey":"key2","TagValue":"value2"},..] format.'."\n" - ."\n" - .'Each tag key or tag value can be up to 128 characters in length and can contain letters, digits, forward slashes (/), backslashes (\\), underscores (_), hyphens (-), periods (.), plus signs (+), equal signs (=), colons (:), and at signs (@).'."\n" - ."\n" - .'> The tag key cannot start with aliyun or acs:.', - 'type' => 'string', - 'required' => false, - 'example' => '[{"TagKey":"disk-encryption","TagValue":"true"}]', - ], + 'schema' => ['description' => 'The tags to bind to the key. Each tag consists of a key-value pair (Key:Value), which includes a tag key and a tag value.'."\n" + ."\n" + .'Specify a maximum of 20 tags. To specify multiple tags, use the following format: `[{"TagKey":"key1","TagValue":"value1"},{"TagKey":"key2","TagValue":"value2"},...]`.'."\n" + ."\n" + .'Each tag key and tag value can be up to 128 characters in length and can contain uppercase letters, lowercase letters, digits, forward slashes (/), backslashes (\\), underscores (\\_), hyphens (-), periods (.), plus signs (+), equal signs (=), colons (:), and at signs (@).'."\n" + ."\n" + .'> The tag key cannot start with aliyun or acs:.', 'type' => 'string', 'required' => false, 'example' => '[{"TagKey":"disk-encryption","TagValue":"true"}]', 'title' => ''], ], [ 'name' => 'Policy', 'in' => 'query', 'allowEmptyValue' => false, - 'schema' => [ - 'title' => '', - 'type' => 'string', - ], + 'schema' => ['description' => 'The content of the key policy. The value is in the JSON format. The policy can be up to 32,768 bytes in length. For more information about key policies, see [Key policy overview](~~2716468~~). If you do not specify this parameter, the default credential policy is used.'."\n" + ."\n" + .'A key policy contains the following content:'."\n" + ."\n" + .'- Version: The version of the key policy. Only version 1 is supported.'."\n" + ."\n" + .'- Statement: The statements of the key policy. Each key policy contains one or more statements.'."\n" + ."\n" + .'The following is the format of a key policy:'."\n" + ."\n" + .'```'."\n" + .'{'."\n" + .' "Version": "1",'."\n" + .' "Statement": ['."\n" + .' {'."\n" + .' "Sid": "Enable RAM User Permissions",'."\n" + .' "Effect": "Allow",'."\n" + .' "Principal": {'."\n" + .' "RAM": ["acs:ram::112890462****:root"]'."\n" + .' },'."\n" + .' "Action": ['."\n" + .' "kms:*"'."\n" + .' ],'."\n" + .' "Resource": ['."\n" + .' "*"'."\n" + .' ],'."\n" + .' "Condition": {'."\n" + .' "condition operator": {'."\n" + .' "condition key": "condition value"'."\n" + .' }'."\n" + .' }'."\n" + .' }'."\n" + .' ]'."\n" + .'}'."\n" + .'```'."\n" + ."\n" + .'Details about a statement:'."\n" + ."\n" + .'- Sid: (Optional) The custom statement identifier. The identifier can be up to 128 characters in length and can contain uppercase letters (A-Z), lowercase letters (a-z), digits (0-9), and special characters, including underscores (\\_), forward slashes (/), plus signs (+), equal signs (=), periods (.), at signs (@), and hyphens (-).'."\n" + ."\n" + .'- Effect: (Required) The effect of the policy statement. Valid values: Allow and Deny.'."\n" + ."\n" + .'- Principal: (Required) The principal to which the permission is granted. Set this parameter to the current Alibaba Cloud account (the Alibaba Cloud account to which the key belongs), a RAM user or RAM role of the current Alibaba Cloud account, or a RAM user or RAM role of another Alibaba Cloud account.'."\n" + ."\n" + .'- Action: (Required) The API operations that are allowed or denied. The value must start with "kms:". For a list of supported operations, see [Key policy overview](~~2716468~~). If you specify an operation that is not in the list, the setting does not take effect.'."\n" + ."\n" + .'- Resource: (Required) The value can only be \\*, which indicates the current KMS key.'."\n" + ."\n" + .'- Condition: (Optional) The conditions for the authorization to take effect. Use conditions to evaluate the context of an API request to determine whether to apply the policy statement. The format is `"Condition": {"condition operator": {"condition key": "condition value"}}`. For more information, see [Key policy overview](~~2716468~~).'."\n" + ."\n" + .'> After granting permissions to a RAM user or RAM role of another Alibaba Cloud account, use that account to grant the RAM user or RAM role permissions to use the key in the RAM console. The RAM user or RAM role can use the key only after this is complete. For more information, see [Custom policies for Key Management Service](~~480682~~), [Grant permissions to a RAM user](~~116146~~), and [Grant permissions to a RAM role](~~116147~~).', 'type' => 'string', 'title' => '', 'required' => false, 'example' => '{"Statement":[{"Action":["kms:*"],"Effect":"Allow","Principal":{"RAM":["acs:ram::119285303511****:*"]},"Resource":["*"],"Sid":"kms default key policy"},{"Action":["kms:List*","kms:Describe*","kms:Create*","kms:Enable*","kms:Disable*","kms:Get*","kms:Set*","kms:Update*","kms:Delete*","kms:Cancel*","kms:TagResource","kms:UntagResource","kms:ImportKeyMaterial","kms:ScheduleKeyDeletion"],"Effect":"Allow","Principal":{"RAM":["acs:ram::119285303511****:user/for_test_policy"]},"Resource":["*"]}],"Version":"1"}'], ], [ 'name' => 'KeyStorageMechanism', 'in' => 'query', - 'schema' => [ - 'type' => 'string', - ], + 'schema' => ['description' => 'The key storage location. This parameter is valid only when DKMSInstanceId is specified for a hardware key management instance. Valid values:'."\n" + ."\n" + .'- HsmInternal (default): The key is stored in an HSM and does not support rotation.'."\n" + ."\n" + .'- HsmEncryptedDatabase: The key is stored in a database.'."\n" + ."\n" + .' - Symmetric keys: Rotation is supported.'."\n" + ."\n" + .' - Asymmetric keys: Rotation is not supported.', 'type' => 'string', 'required' => false, 'example' => 'HsmInternal', 'title' => ''], ], ], 'responses' => [ @@ -1248,566 +1093,167 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.', - 'type' => 'string', - 'example' => '381D5D33-BB8F-395F-8EE4-AE3BB4B523C4', - ], + 'RequestId' => ['description' => 'The ID of the request. This ID is a globally unique identifier (GUID) generated by Alibaba Cloud for the request. Use this ID to troubleshoot issues.', 'type' => 'string', 'example' => '381D5D33-BB8F-395F-8EE4-AE3BB4B523C4', 'title' => ''], 'KeyMetadata' => [ 'description' => 'The metadata of the key.', 'type' => 'object', 'properties' => [ - 'KeyId' => [ - 'description' => 'The globally unique ID of the key.', - 'type' => 'string', - 'example' => 'key-hzz62f1cb66fa42qo****', - ], - 'NextRotationDate' => [ - 'description' => 'The time when the key is next rotated.'."\n" - ."\n" - .'This value is returned only when the value of AutomaticRotation is Enabled or Suspended.', - 'type' => 'string', - 'example' => '2024-03-25T10:00:00Z', - ], - 'KeyState' => [ - 'description' => 'The status of the key.'."\n" - ."\n" - .'For more information, see [Impacts of key status on API operations](~~44211~~).', - 'type' => 'string', - 'example' => 'Enabled', - ], - 'RotationInterval' => [ - 'description' => 'The interval for automatic key rotation. Unit: seconds. The format is an integer value followed by the character s. For example, if the rotation period is seven days, this parameter is set to 604800s.'."\n" - ."\n" - .'This value is returned only when the value of AutomaticRotation is Enabled or Suspended.', - 'type' => 'string', - 'example' => '31536000s', - ], - 'Arn' => [ - 'description' => 'The Alibaba Cloud Resource Name (ARN) of the key.', - 'type' => 'string', - 'example' => 'acs:kms:cn-qingdao:154035569884****:key/key-hzz62f1cb66fa42qo****', - ], - 'Creator' => [ - 'description' => 'The user who created the key.', - 'type' => 'string', - 'example' => '154035569884****', - ], - 'LastRotationDate' => [ - 'description' => 'The time when the last rotation was performed. The time is displayed in UTC.'."\n" - ."\n" - .'For a new key, this parameter value is the time when the initial version of the key was generated.', - 'type' => 'string', - 'example' => '2023-03-25T10:00:00Z', - ], - 'DeleteDate' => [ - 'description' => 'The time when the key is scheduled for deletion. For more information, see ScheduleKeyDeletion.'."\n" - ."\n" - .'This parameter is returned only when the value of KeyState is PendingDeletion.', - 'type' => 'string', - 'example' => '2025-03-25T10:00:00Z', - ], - 'PrimaryKeyVersion' => [ - 'description' => 'The current primary version identifier of the key.', - 'type' => 'string', - 'example' => '7ce1d081-06cb-42e6-aab6-5c5de030****', - ], - 'Description' => [ - 'description' => 'The description of the key.', - 'type' => 'string', - 'example' => 'key description example', - ], - 'KeySpec' => [ - 'description' => 'The specification of the key.', - 'type' => 'string', - 'example' => 'Aliyun_AES_256', - ], - 'Origin' => [ - 'description' => 'The key material origin.', - 'type' => 'string', - 'example' => 'Aliyun_KMS', - ], - 'MaterialExpireTime' => [ - 'description' => 'The time when the key material expires. The time is displayed in UTC.'."\n" - ."\n" - .'If this parameter value is empty, the key material does not expire.', - 'type' => 'string', - 'example' => '2025-03-25T10:00:00Z', - ], - 'AutomaticRotation' => [ - 'description' => 'The status of automatic key rotation. Valid values:'."\n" - ."\n" - .'- Enabled'."\n" - .'- Disabled'."\n" - .'- Suspended', - 'type' => 'string', - 'example' => 'Enabled', - ], - 'ProtectionLevel' => [ - 'description' => 'The protection level of the key.', - 'type' => 'string', - 'example' => 'SOFTWARE', - ], - 'KeyUsage' => [ - 'description' => 'The usage of the key.', - 'type' => 'string', - 'example' => 'ENCRYPT/DECRYPT', - ], - 'CreationDate' => [ - 'description' => 'The date and time (UTC) when the key was created.', - 'type' => 'string', - 'example' => '2023-03-25T10:00:00Z', - ], - 'DKMSInstanceId' => [ - 'description' => 'The ID of the KMS instance.', - 'type' => 'string', - 'example' => 'kst-bjj62d8f5e0sgtx8h****', - ], + 'KeyId' => ['description' => 'The globally unique identifier (GUID) of the key.', 'type' => 'string', 'example' => 'key-hzz62f1cb66fa42qo****', 'title' => ''], + 'NextRotationDate' => ['description' => 'The time when the next rotation is scheduled.'."\n" + ."\n" + .'This parameter is returned only when the value of AutomaticRotation is Enabled or Suspended.', 'type' => 'string', 'example' => '2024-03-25T10:00:00Z', 'title' => ''], + 'KeyState' => ['description' => 'The status of the key.<br> For more information, see [Impact of CMK status on API calls](~~44211~~).<br>', 'type' => 'string', 'example' => 'Enabled', 'title' => ''], + 'RotationInterval' => ['description' => 'The automatic rotation period of the key. The value is in seconds. The value is an integer followed by the character s. For example, a rotation period of 7 days is 604800s.'."\n" + ."\n" + .'This parameter is returned only when the value of AutomaticRotation is Enabled or Suspended.', 'type' => 'string', 'example' => '31536000s', 'title' => ''], + 'Arn' => ['description' => 'The Alibaba Cloud Resource Name (ARN) of the key.', 'type' => 'string', 'example' => 'acs:kms:cn-qingdao:154035569884****:key/key-hzz62f1cb66fa42qo****', 'title' => ''], + 'Creator' => ['description' => 'The creator of the key.', 'type' => 'string', 'example' => '154035569884****', 'title' => ''], + 'LastRotationDate' => ['description' => 'The time when the last rotation was performed. The time is in UTC.<br> If the key is new, this value is the generation time of the initial key version.<br>', 'type' => 'string', 'example' => '2023-03-25T10:00:00Z', 'title' => ''], + 'DeleteDate' => ['description' => 'The scheduled time to delete the key. For more information, see [ScheduleKeyDeletion](~~601417~~) .'."\n" + ."\n" + .'This parameter is returned only when the value of KeyState is PendingDeletion.', 'type' => 'string', 'example' => '2025-03-25T10:00:00Z', 'title' => ''], + 'PrimaryKeyVersion' => ['description' => 'The ID of the current primary version of the key.', 'type' => 'string', 'example' => '7ce1d081-06cb-42e6-aab6-5c5de030****', 'title' => ''], + 'Description' => ['description' => 'The description of the key.', 'type' => 'string', 'example' => 'key description example', 'title' => ''], + 'KeySpec' => ['description' => 'The specification of the key.', 'type' => 'string', 'example' => 'Aliyun_AES_256', 'title' => ''], + 'Origin' => ['description' => 'The source of the key material.', 'type' => 'string', 'example' => 'Aliyun_KMS', 'title' => ''], + 'MaterialExpireTime' => ['description' => 'The expiration time of the key material. The time is in UTC.<br> If this value is empty, the key material does not expire.<br>', 'type' => 'string', 'example' => '2025-03-25T10:00:00Z', 'title' => ''], + 'AutomaticRotation' => ['description' => 'Indicates whether automatic key rotation is enabled. Valid values:'."\n" + ."\n" + .'- Enabled: Automatic rotation is enabled.'."\n" + ."\n" + .'- Disabled: Automatic rotation is disabled.'."\n" + ."\n" + .'- Suspended: Automatic rotation is suspended.', 'type' => 'string', 'example' => 'Enabled', 'title' => ''], + 'ProtectionLevel' => ['description' => 'The protection level of the key.', 'type' => 'string', 'example' => 'SOFTWARE', 'title' => ''], + 'KeyUsage' => ['description' => 'The usage of the key.', 'type' => 'string', 'example' => 'ENCRYPT/DECRYPT', 'title' => ''], + 'CreationDate' => ['description' => 'The date and time when the key was created. The time is in UTC.', 'type' => 'string', 'example' => '2024-03-25T10:00:00Z', 'title' => ''], + 'DKMSInstanceId' => ['description' => 'The ID of the KMS instance.', 'type' => 'string', 'example' => 'kst-bjj62d8f5e0sgtx8h****', 'title' => ''], ], + 'title' => '', + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'Rejected.LimitExceeded', - 'errorMessage' => 'The request was rejected because user create resource limit was exceeded', - ], - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], - [ - 'errorCode' => 'UnsupportedOperation', - 'errorMessage' => 'This action is not supported.', - ], - [ - 'errorCode' => 'Forbidden.NoPermission', - 'errorMessage' => 'This operation is forbidden by permission system.', - ], - [ - 'errorCode' => 'Rejected.ShareQuotaExceedLimit', - 'errorMessage' => 'Instance Share Quota Exceed Limit.', - ], + ['errorCode' => 'Rejected.LimitExceeded', 'errorMessage' => 'The request was rejected because user create resource limit was exceeded', 'description' => 'The request is rejected because the number of created resources reaches the upper limit.'], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], + ['errorCode' => 'UnsupportedOperation', 'errorMessage' => 'This action is not supported.', 'description' => 'The operation is not supported.'], + ['errorCode' => 'Forbidden.NoPermission', 'errorMessage' => 'This operation is forbidden by permission system.', 'description' => 'You are not authorized to perform this operation.'], + ['errorCode' => 'Rejected.ShareQuotaExceedLimit', 'errorMessage' => 'Instance Share Quota Exceed Limit.', 'description' => 'The instance share quota exceeds the limit.'], ], 403 => [ - [ - 'errorCode' => 'Forbidden.DKMSInstanceNotFound', - 'errorMessage' => 'The specified DKMS Instance is not found.', - ], + ['errorCode' => 'Forbidden.DKMSInstanceNotFound', 'errorMessage' => 'The specified DKMS Instance is not found.', 'description' => 'Your dedicated KMS instance is not found.'], ], 500 => [ - [ - 'errorCode' => 'InternalFailure', - 'errorMessage' => 'Internal Failure', - ], + ['errorCode' => 'InternalFailure', 'errorMessage' => 'Internal Failure', 'description' => 'An internal error occurred.'], ], 503 => [ - [ - 'errorCode' => 'SerivceUnvailableTemporary', - 'errorMessage' => 'Service Unvailable Temporary', - ], + ['errorCode' => 'SerivceUnvailableTemporary', 'errorMessage' => 'Service Unvailable Temporary', 'description' => 'The service is temporarily unavailable.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"381D5D33-BB8F-395F-8EE4-AE3BB4B523C4\\",\\n \\"KeyMetadata\\": {\\n \\"KeyId\\": \\"key-hzz62f1cb66fa42qo****\\",\\n \\"NextRotationDate\\": \\"2024-03-25T10:00:00Z\\",\\n \\"KeyState\\": \\"Enabled\\",\\n \\"RotationInterval\\": \\"31536000s\\",\\n \\"Arn\\": \\"acs:kms:cn-qingdao:154035569884****:key/key-hzz62f1cb66fa42qo****\\",\\n \\"Creator\\": \\"154035569884****\\",\\n \\"LastRotationDate\\": \\"2023-03-25T10:00:00Z\\",\\n \\"DeleteDate\\": \\"2025-03-25T10:00:00Z\\",\\n \\"PrimaryKeyVersion\\": \\"7ce1d081-06cb-42e6-aab6-5c5de030****\\",\\n \\"Description\\": \\"key description example\\",\\n \\"KeySpec\\": \\"Aliyun_AES_256\\",\\n \\"Origin\\": \\"Aliyun_KMS\\",\\n \\"MaterialExpireTime\\": \\"2025-03-25T10:00:00Z\\",\\n \\"AutomaticRotation\\": \\"Enabled\\",\\n \\"ProtectionLevel\\": \\"SOFTWARE\\",\\n \\"KeyUsage\\": \\"ENCRYPT/DECRYPT\\",\\n \\"CreationDate\\": \\"2024-03-25T10:00:00Z\\",\\n \\"DKMSInstanceId\\": \\"kst-bjj62d8f5e0sgtx8h****\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"<CreateKeyResponse>\\n <RequestId>381D5D33-BB8F-395F-8EE4-AE3BB4B523C4</RequestId>\\n <KeyMetadata>\\n <KeyId>key-hzz62f1cb66fa42qo****</KeyId>\\n <NextRotationDate>2024-03-25T10:00:00Z</NextRotationDate>\\n <KeyState>Enabled</KeyState>\\n <RotationInterval>31536000s</RotationInterval>\\n <Arn>acs:kms:cn-qingdao:154035569884****:key/key-hzz62f1cb66fa42qo****</Arn>\\n <Creator>154035569884****</Creator>\\n <LastRotationDate>2023-03-25T10:00:00Z</LastRotationDate>\\n <DeleteDate>2025-03-25T10:00:00Z</DeleteDate>\\n <PrimaryKeyVersion>7ce1d081-06cb-42e6-aab6-5c5de030****</PrimaryKeyVersion>\\n <Description>key description example</Description>\\n <KeySpec>Aliyun_AES_256</KeySpec>\\n <Origin>Aliyun_KMS</Origin>\\n <MaterialExpireTime>2025-03-25T10:00:00Z</MaterialExpireTime>\\n <AutomaticRotation>Enabled</AutomaticRotation>\\n <ProtectionLevel>SOFTWARE</ProtectionLevel>\\n <KeyUsage>ENCRYPT/DECRYPT</KeyUsage>\\n <CreationDate>2024-03-25T10:00:00Z</CreationDate>\\n <DKMSInstanceId>kst-bjj62d8f5e0sgtx8h****</DKMSInstanceId>\\n </KeyMetadata>\\n</CreateKeyResponse>","errorExample":""}]', 'title' => 'CreateKey', - 'description' => 'KMS supports common symmetric keys and asymmetric keys. For more information, see [Key types and specifications](~~480161~~).', + 'summary' => 'Creates a customer master key (CMK) for envelope encryption, digital signatures, or other cryptographic operations.', + 'description' => '- For information about the access policies required for a RAM user or RAM role to call this OpenAPI operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- Alibaba Cloud Key Management Service (KMS) supports common specifications for symmetric and asymmetric keys. For more information, see [Key management types and key specifications](~~480161~~).', + 'requestParamsDescription' => 'For information about common request parameters, see [Common parameters](~~69007~~).', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'ListKeys' => [ - 'summary' => 'Queries all keys of the current Alibaba Cloud account in the current region.', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], - 'security' => [ - [ - 'AK' => [], - ], - ], - 'operationType' => 'read', - 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'get', - 'abilityTreeCode' => '54591', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', - ], - 'tenantRelevance' => 'publicInformation', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], - 'parameters' => [ - [ - 'name' => 'PageNumber', - 'in' => 'query', - 'schema' => [ - 'description' => 'The number of the page to return.'."\n" - ."\n" - .'Pages start from page 1.'."\n" - ."\n" - .'Default value: 1.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'example' => '1', - ], - ], - [ - 'name' => 'PageSize', - 'in' => 'query', - 'schema' => [ - 'description' => 'The number of entries to return on each page.'."\n" - ."\n" - .'Valid values: 1 to 100.'."\n" - ."\n" - .'Default value: 10'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'example' => '10', - ], - ], - [ - 'name' => 'Filters', - 'in' => 'query', - 'schema' => [ - 'description' => 'The CMK filter. The filter consists of one or more key-value pairs. You can specify a maximum of 10 key-value pairs.'."\n" - ."\n" - .'* Key'."\n" - ."\n" - .' * Description: the property that you want to filter.'."\n" - ."\n" - .' * Type: string.'."\n" - ."\n" - .' * Valid values:'."\n" - ."\n" - .' * KeyState: the status of the CMK.'."\n" - .' * KeySpec: the type of the CMK.'."\n" - .' * KeyUsage: the usage of the CMK.'."\n" - .' * ProtectionLevel: the protection level.'."\n" - .' * CreatorType: the type of the creator.'."\n" - ."\n" - .'* Values'."\n" - ."\n" - .' * Description: the value to be included after filtering.'."\n" - ."\n" - .' * Format: string array.'."\n" - ."\n" - .' * Length: 0 to 10.'."\n" - ."\n" - .' * Valid values:'."\n" - ."\n" - .' * When Key is set to KeyState, the value can be Enabled, Disabled, PendingDeletion, or PendingImport.'."\n" - ."\n" - .' * When Key is set to KeySpec, the value can be Aliyun_AES\\_256, Aliyun_SM4, RSA\\_2048, EC_P256, EC_P256K, or EC_SM2.'."\n" - ."\n" - .' Note: You can create CMKs of the EC_SM2 or Aliyun_SM4 type only in regions where State Cryptography Administration (SCA)-certified managed HSMs reside. For more information about the regions, see [Supported regions](~~125803~~). If your region does not support EC_SM2 or Aliyun_SM4, the two values are ignored if they are specified.'."\n" - ."\n" - .' * When Key is set to KeyUsage, the value can be ENCRYPT/DECRYPT or SIGN/VERIFY. ENCRYPT/DECRYPT indicates that the CMK is used to encrypt and decrypt data. SIGN/VERIFY indicates that the CMK is used to generate and verify digital signatures.'."\n" - ."\n" - .' * When Key is set to ProtectionLevel, the value can be SOFTWARE (software) or HSM (hardware).'."\n" - ."\n" - .' You can set ProtectionLevel to HSM in only specific regions. For more information about the regions, see [Supported regions](~~125803~~). If your region does not support the value HSM, the value is ignored if the value is specified.'."\n" - ."\n" - .' * If Key is set to CreatorType, the value can be User or Service. User indicates that CMKs created by the current account are queried. Service indicates that CMKs automatically created by other cloud services authorized by the current account are queried.'."\n" - ."\n" - .'The logical relationship between different keys is AND, and the logical relationship between multiple items in the same key is OR. Example:'."\n" - ."\n" - .'`[ {"Key":"KeyState", "Values":["Enabled","Disabled"]}, {"Key":"KeyState", "Values":["PendingDeletion"]}, {"Key":"KeySpec", "Values":["Aliyun_AES_256"]}]`. In this example, the semantics are:`(KeyState=Enabled OR KeyState=Disabled OR KeyState=PendingDeletion) AND (KeySpec=Aliyun_AES_ 256)`.'."\n", - 'type' => 'string', - 'required' => false, - 'docRequired' => false, - 'example' => '[{"Key":"KeyState", "Values":["Enabled","Disabled"]}]', - ], - ], - ], - 'responses' => [ - 200 => [ - 'schema' => [ - 'type' => 'object', - 'properties' => [ - 'PageNumber' => [ - 'description' => 'The page number of the returned page.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '1', - ], - 'PageSize' => [ - 'description' => 'The number of entries returned per page.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '10', - ], - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '8252db58-2036-408c-a3d5-56e656dc2551', - ], - 'TotalCount' => [ - 'description' => 'The total number of CMKs.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '3', - ], - 'Keys' => [ - 'type' => 'object', - 'itemNode' => true, - 'properties' => [ - 'Key' => [ - 'description' => 'An array that consists of the CMKs of the current Alibaba Cloud account in the current region.'."\n", - 'type' => 'array', - 'items' => [ - 'description' => '', - 'type' => 'object', - 'properties' => [ - 'KeyId' => [ - 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n", - 'type' => 'string', - 'example' => '08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****', - ], - 'KeyArn' => [ - 'description' => 'The Alibaba Cloud Resource Name (ARN) of the CMK.'."\n", - 'type' => 'string', - 'example' => 'acs:kms:cn-hangzhou:123456:key/80e9409f-78fa-42ab-84bd-83f40c81****', - ], - ], - ], - ], - ], - ], - ], - ], - ], - ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"RequestId\\": \\"8252db58-2036-408c-a3d5-56e656dc2551\\",\\n \\"TotalCount\\": 3,\\n \\"Keys\\": {\\n \\"Key\\": [\\n {\\n \\"KeyId\\": \\"08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****\\",\\n \\"KeyArn\\": \\"acs:kms:cn-hangzhou:123456:key/80e9409f-78fa-42ab-84bd-83f40c81****\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListKeysResponse>\\n <PageNumber>1</PageNumber>\\n <PageSize>10</PageSize>\\n <RequestId>8252db58-2036-408c-a3d5-56e656dc2551</RequestId>\\n <TotalCount>3</TotalCount>\\n <Keys>\\n <KeyId>08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****</KeyId>\\n <KeyArn>acs:kms:cn-hangzhou:123456:key/80e9409f-78fa-42ab-84bd-83f40c81****</KeyArn>\\n </Keys>\\n</ListKeysResponse>","errorExample":""}]', - 'title' => 'ListKeys', - 'requestParamsDescription' => ' ', - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"381D5D33-BB8F-395F-8EE4-AE3BB4B523C4\\",\\n \\"KeyMetadata\\": {\\n \\"KeyId\\": \\"key-hzz62f1cb66fa42qo****\\",\\n \\"NextRotationDate\\": \\"2024-03-25T10:00:00Z\\",\\n \\"KeyState\\": \\"Enabled\\",\\n \\"RotationInterval\\": \\"31536000s\\",\\n \\"Arn\\": \\"acs:kms:cn-qingdao:154035569884****:key/key-hzz62f1cb66fa42qo****\\",\\n \\"Creator\\": \\"154035569884****\\",\\n \\"LastRotationDate\\": \\"2023-03-25T10:00:00Z\\",\\n \\"DeleteDate\\": \\"2025-03-25T10:00:00Z\\",\\n \\"PrimaryKeyVersion\\": \\"7ce1d081-06cb-42e6-aab6-5c5de030****\\",\\n \\"Description\\": \\"key description example\\",\\n \\"KeySpec\\": \\"Aliyun_AES_256\\",\\n \\"Origin\\": \\"Aliyun_KMS\\",\\n \\"MaterialExpireTime\\": \\"2025-03-25T10:00:00Z\\",\\n \\"AutomaticRotation\\": \\"Enabled\\",\\n \\"ProtectionLevel\\": \\"SOFTWARE\\",\\n \\"KeyUsage\\": \\"ENCRYPT/DECRYPT\\",\\n \\"CreationDate\\": \\"2024-03-25T10:00:00Z\\",\\n \\"DKMSInstanceId\\": \\"kst-bjj62d8f5e0sgtx8h****\\"\\n }\\n}","type":"json"}]', ], - 'DescribeKey' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'CreateKeyVersion' => [ + 'summary' => 'Creates a version for a customer master key (CMK).', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'read', + 'operationType' => 'write', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'get', - ], + 'systemTags' => ['operationType' => 'create'], 'parameters' => [ [ 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" - ."\n" - .'You can also set this parameter to an alias that is bound to the CMK. For more information, see [Overview of aliases](~~68522~~).'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '05754286-3ba2-4fa6-8d41-4323aca6****', - ], + 'schema' => ['description' => 'The ID of the CMK. The ID must be globally unique.'."\n" + ."\n" + .'> You can also set the value to an alias that is bound to the CMK. For more information, see [Overview of aliases](~~68522~~).', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'key-hzz62f1cb66fa42qo***', 'title' => ''], ], ], 'responses' => [ 200 => [ - 'headers' => [], 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => 'f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f', - ], - 'KeyMetadata' => [ - 'description' => 'The metadata of the CMK.'."\n", + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'b96f250a-4b75-498c-91be-22c6928f85be', 'title' => ''], + 'KeyVersion' => [ + 'description' => 'The metadata of the version.', 'type' => 'object', 'properties' => [ - 'DeletionProtection' => [ - 'description' => 'Indicates whether deletion protection is enabled. Valid values:'."\n" - ."\n" - .'* Enabled'."\n" - .'* Disabled'."\n", - 'type' => 'string', - 'example' => 'Enabled', - ], - 'KeyId' => [ - 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n", - 'type' => 'string', - 'example' => '05754286-3ba2-4fa6-8d41-4323aca6****', - ], - 'NextRotationDate' => [ - 'description' => 'The time when the next rotation will be performed.'."\n" - ."\n" - .'> This parameter is returned only when the value of the AutomaticRotation parameter is Enabled or Suspended.'."\n", - 'type' => 'string', - 'example' => '2021-07-06T18:22:03Z', - ], - 'KeyState' => [ - 'description' => 'The status of the CMK.'."\n" - ."\n" - .'For more information, see [Impact of CMK status on API operations](~~44211~~).'."\n", - 'type' => 'string', - 'example' => 'Enabled', - ], - 'RotationInterval' => [ - 'description' => 'The interval for automatic key rotation.'."\n" - ."\n" - .'Unit: seconds.'."\n" - ."\n" - .'For example, if the value is 604800s, automatic key rotation is performed at a 7-day interval.'."\n" - ."\n" - .'> This parameter is returned only when the value of the AutomaticRotation parameter is Enabled or Suspended.'."\n", - 'type' => 'string', - 'example' => '31536000s', - ], - 'Arn' => [ - 'description' => 'The Alibaba Cloud Resource Name (ARN) of the CMK.'."\n", - 'type' => 'string', - 'example' => 'acs:kms:cn-hangzhou:154035569884****:key/05754286-3ba2-4fa6-8d41-4323aca6****', - ], - 'Creator' => [ - 'description' => 'The Alibaba Cloud account that is used to create the CMK.'."\n", - 'type' => 'string', - 'example' => '154035569884****', - ], - 'LastRotationDate' => [ - 'description' => 'The time when the last rotation was performed. The time is displayed in UTC. For a new CMK, the value of this parameter is the time when the initial version of the CMK was generated.'."\n", - 'type' => 'string', - 'example' => '2021-05-20T06:34:21Z', - ], - 'DeleteDate' => [ - 'description' => 'The time at which the CMK is scheduled for deletion. The time is displayed in UTC.'."\n" - ."\n" - .'For more information, see [ScheduleKeyDeletion](~~44196~~).'."\n" - ."\n" - .'> This parameter is returned only when the value of the KeyState parameter is PendingDeletion.'."\n", - 'type' => 'string', - 'example' => '2021-05-26T18:22:03Z', - ], - 'PrimaryKeyVersion' => [ - 'description' => 'The ID of the current primary key version for the symmetric CMK.'."\n", - 'type' => 'string', - 'example' => '515e0b0a-624f-45ab-92b5-54f9b551****', - ], - 'Description' => [ - 'description' => 'The description of the CMK.'."\n", - 'type' => 'string', - 'example' => 'key description example', - ], - 'KeySpec' => [ - 'description' => 'The type of the CMK.'."\n", - 'type' => 'string', - 'example' => 'Aliyun_AES_256', - ], - 'Origin' => [ - 'description' => 'The source of the key material for the CMK.'."\n", - 'type' => 'string', - 'example' => 'Aliyun_KMS', - ], - 'MaterialExpireTime' => [ - 'description' => 'The time when the key material expires. The time is displayed in UTC. If this parameter value is empty, the key material does not expire.'."\n", - 'type' => 'string', - 'example' => '2021-07-06T18:22:03Z', - ], - 'DeletionProtectionDescription' => [ - 'description' => 'The description of deletion protection.'."\n", - 'type' => 'string', - 'example' => 'The CMK is being used by XXX. Deletion protection is set.', - ], - 'AutomaticRotation' => [ - 'description' => 'Indicates whether automatic key rotation is enabled. Valid values:'."\n" - ."\n" - .'* Enabled'."\n" - .'* Disabled'."\n" - .'* Suspended'."\n" - ."\n" - .'For more information, see [Automatic key rotation](~~134270~~).'."\n" - ."\n" - .'> Only symmetric CMKs support automatic key rotation.'."\n", - 'type' => 'string', - 'example' => 'Disabled', - ], - 'ProtectionLevel' => [ - 'description' => 'The protection level of the CMK.'."\n", - 'type' => 'string', - 'example' => 'HSM', - ], - 'KeyUsage' => [ - 'description' => 'The usage of the CMK.'."\n", - 'type' => 'string', - 'example' => 'ENCRYPT/DECRYPT', - ], - 'CreationDate' => [ - 'description' => 'The time when the CMK was created. The time is displayed in UTC.'."\n", - 'type' => 'string', - 'example' => '2021-05-20T06:34:21Z', - ], - 'DKMSInstanceId' => [ - 'description' => 'The ID of the dedicated KMS instance.'."\n", - 'type' => 'string', - 'example' => 'kst-bjj62d8f5e0sgtx8h****', - ], + 'KeyId' => ['description' => 'The ID of the CMK. The ID must be globally unique.', 'type' => 'string', 'example' => 'key-hzz62f1cb66fa42qo****', 'title' => ''], + 'KeyVersionId' => ['description' => 'The ID of the version.', 'type' => 'string', 'example' => 'key-hzz62f1cb66fa42qo****-20v29b****', 'title' => ''], + 'CreationDate' => ['description' => 'The date and time when the version was created. The time is displayed in UTC.', 'type' => 'string', 'example' => '2023-07-02T10:38:27Z', 'title' => ''], ], + 'title' => '', + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'Rejected.UnsupportedOperation', 'errorMessage' => 'Unsupported operation.', 'description' => 'The operation is not supported.'], ], 404 => [ - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], - [ - 'errorCode' => 'Forbidden.AliasNotFound', - 'errorMessage' => 'The specified Alias is not found.', - ], - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'Forbidden.AliasNotFound', 'errorMessage' => 'The specified Alias is not found.', 'description' => 'The error message returned because the specified alias does not exist.'], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], + ], + 409 => [ + ['errorCode' => 'Rejected.Disabled', 'errorMessage' => 'The request was rejected because the key state is Disabled.', 'description' => 'The request was rejected because the key state is Disabled.'], + ['errorCode' => 'Rejected.Unavailable', 'errorMessage' => 'The request was rejected because the key state is Unavailable.', 'description' => 'The request was denied because the key status is unavailable.'], + ['errorCode' => 'Rejected.PendingDeletion', 'errorMessage' => 'The request was rejected because the key state is PendingDeletion.', 'description' => 'The request was rejected because the key state is PendingDeletion.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f\\",\\n \\"KeyMetadata\\": {\\n \\"DeletionProtection\\": \\"Enabled\\",\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"NextRotationDate\\": \\"2021-07-06T18:22:03Z\\",\\n \\"KeyState\\": \\"Enabled\\",\\n \\"RotationInterval\\": \\"31536000s\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:154035569884****:key/key-hzz630494463ejqjx****\\",\\n \\"Creator\\": \\"154035569884****\\",\\n \\"LastRotationDate\\": \\"2024-05-20T06:34:21Z\\",\\n \\"DeleteDate\\": \\"2024-05-26T18:22:03Z\\",\\n \\"PrimaryKeyVersion\\": \\"515e0b0a-624f-45ab-92b5-54f9b551****\\",\\n \\"Description\\": \\"key description example\\",\\n \\"KeySpec\\": \\"Aliyun_AES_256\\",\\n \\"Origin\\": \\"Aliyun_KMS\\",\\n \\"MaterialExpireTime\\": \\"2024-07-06T18:22:03Z\\",\\n \\"DeletionProtectionDescription\\": \\"该密钥正在被XXX服务使用。已为您设置删除保护。\\",\\n \\"AutomaticRotation\\": \\"Disabled\\",\\n \\"ProtectionLevel\\": \\"HSM\\",\\n \\"KeyUsage\\": \\"ENCRYPT/DECRYPT\\",\\n \\"CreationDate\\": \\"2024-05-20T06:34:21Z\\",\\n \\"DKMSInstanceId\\": \\"kst-bjj62d8f5e0sgtx8h****\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"<DescribeKeyResponse>\\n <RequestId>f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f</RequestId>\\n <KeyMetadata>\\n <DeletionProtection>Enabled</DeletionProtection>\\n <KeyId>key-hzz630494463ejqjx****</KeyId>\\n <NextRotationDate>2021-07-06T18:22:03Z</NextRotationDate>\\n <KeyState>Enabled</KeyState>\\n <RotationInterval>31536000s</RotationInterval>\\n <Arn>acs:kms:cn-hangzhou:154035569884****:key/key-hzz630494463ejqjx****</Arn>\\n <Creator>154035569884****</Creator>\\n <LastRotationDate>2024-05-20T06:34:21Z</LastRotationDate>\\n <DeleteDate>2024-05-26T18:22:03Z</DeleteDate>\\n <PrimaryKeyVersion>515e0b0a-624f-45ab-92b5-54f9b551****</PrimaryKeyVersion>\\n <Description>key description example</Description>\\n <KeySpec>Aliyun_AES_256</KeySpec>\\n <Origin>Aliyun_KMS</Origin>\\n <MaterialExpireTime>2024-07-06T18:22:03Z</MaterialExpireTime>\\n <DeletionProtectionDescription>该密钥正在被XXX服务使用。已为您设置删除保护。</DeletionProtectionDescription>\\n <AutomaticRotation>Disabled</AutomaticRotation>\\n <ProtectionLevel>HSM</ProtectionLevel>\\n <KeyUsage>ENCRYPT/DECRYPT</KeyUsage>\\n <CreationDate>2024-05-20T06:34:21Z</CreationDate>\\n <DKMSInstanceId>kst-bjj62d8f5e0sgtx8h****</DKMSInstanceId>\\n </KeyMetadata>\\n</DescribeKeyResponse>","errorExample":""}]', - 'title' => 'DescribeKey', - 'summary' => 'Queries the information about a key.', - 'description' => 'You can query the information about the CMK `05754286-3ba2-4fa6-8d41-4323aca6****` by using parameter settings provided in this topic. The information includes the creator, creation time, status, and deletion protection status of the CMK.'."\n", + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"b96f250a-4b75-498c-91be-22c6928f85be\\",\\n \\"KeyVersion\\": {\\n \\"KeyId\\": \\"key-hzz62f1cb66fa42qo****\\",\\n \\"KeyVersionId\\": \\"key-hzz62f1cb66fa42qo****-20v29b****\\",\\n \\"CreationDate\\": \\"2023-07-02T10:38:27Z\\"\\n }\\n}","type":"json"}]', + 'title' => 'CreateKeyVersion', + 'description' => '- You can create a version only for an asymmetric CMK that is in the Enabled state. You can call the [CreateKey](~~28947~~) operation to create an asymmetric CMK and the [DescribeKey](~~28952~~) operation to query the status of the CMK. The status is specified by the KeyState parameter.'."\n" + ."\n" + .'- The minimum interval for creating a version of the same CMK is seven days. You can call the [DescribeKey](~~28952~~) operation to query the time when the last version of a CMK was created. The time is specified by the LastRotationDate parameter.'."\n" + ."\n" + .'- If a CMK is in a private key store, you cannot create a version for the CMK.'."\n" + ."\n" + .'- You can create a maximum of 50 versions for a CMK in the same region.'."\n" + ."\n" + .'You can create a version for the CMK whose ID is `0b30658a-ed1a-4922-b8f7-a673ca9c****` by using the parameter settings provided in this topic.'."\n" + ."\n" + .'For more information about the access policy required by a RAM user or RAM role to call this API, see [Resource Access Management](~~2767210~~).', 'requestParamsDescription' => ' ', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'UpdateKeyDescription' => [ - 'summary' => 'Updates the description of a key.', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'CreateNetworkRule' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -1816,30 +1262,33 @@ 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'update', + 'operationType' => 'create', + 'abilityTreeCode' => '54653', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], + 'tenantRelevance' => 'publicInformation', ], 'parameters' => [ [ - 'name' => 'KeyId', + 'name' => 'Name', 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '1234abcd-12ab-34cd-56ef-12345678****', - ], + 'schema' => ['title' => '', 'description' => 'The name of the access control rule.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'networkrule_test'], + ], + [ + 'name' => 'Type', + 'in' => 'query', + 'schema' => ['title' => '', 'description' => 'The network type.'."\n" + ."\n" + .'Only private IP addresses are supported. Set the value to Private.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'Private'], ], [ 'name' => 'Description', 'in' => 'query', - 'schema' => [ - 'description' => 'The description of the CMK. This description includes the purpose of the CMK, such as the types of data that you want to protect and applications that can use the CMK.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'key description example', - ], + 'schema' => ['description' => 'The description.'."\n", 'type' => 'string', 'required' => false, 'example' => 'networkrule description', 'title' => ''], + ], + [ + 'name' => 'SourcePrivateIp', + 'in' => 'query', + 'schema' => ['description' => 'The private IP address or private CIDR block. Separate multiple items with commas (,).'."\n", 'type' => 'string', 'required' => false, 'example' => '["192.10.XX.XX","192.168.XX.XX/24"]', 'title' => ''], ], ], 'responses' => [ @@ -1847,30 +1296,39 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '3455b9b4-95c1-419d-b310-db6a53b09a39', - ], + 'Type' => ['description' => 'The network type.'."\n", 'type' => 'string', 'example' => 'Private', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", 'type' => 'string', 'example' => '3bf02f7a-015b-4f93-be0f-cc043fda2dd3', 'title' => ''], + 'Description' => ['description' => 'The description.'."\n", 'type' => 'string', 'example' => 'networkrule description', 'title' => ''], + 'SourcePrivateIp' => ['description' => 'The private IP address or private CIDR block.'."\n", 'type' => 'string', 'example' => '["192.10.XX.XX","192.168.XX.XX/24"]', 'title' => ''], + 'Name' => ['description' => 'The name of the access control rule.'."\n", 'type' => 'string', 'example' => 'networkrule_test', 'title' => ''], + 'Arn' => ['description' => 'The ARN of the access control rule.'."\n", 'type' => 'string', 'example' => 'acs:kms:cn-hangzhou:119285303511****:network/networkrule_test', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3455b9b4-95c1-419d-b310-db6a53b09a39\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateKeyDescriptionResponse>\\n <RequestId>3455b9b4-95c1-419d-b310-db6a53b09a39</RequestId>\\n</UpdateKeyDescriptionResponse>","errorExample":""}]', - 'title' => 'UpdateKeyDescription', - 'description' => 'This operation replaces the description of a customer master key (CMK) with the description that you specify. The original description of the CMK is specified by the Description parameter when you call the [DescribeKey](~~28952~~) operation. You can call this operation to add, modify, or delete the description of a CMK.'."\n", - 'requestParamsDescription' => ' ', - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', - ], - 'EnableKey' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'responseDemo' => '[{"type":"json","example":"{\\n \\"Type\\": \\"Private\\",\\n \\"RequestId\\": \\"3bf02f7a-015b-4f93-be0f-cc043fda2dd3\\",\\n \\"Description\\": \\"networkrule description\\",\\n \\"SourcePrivateIp\\": \\"[\\\\\\"192.10.XX.XX\\\\\\",\\\\\\"192.168.XX.XX/24\\\\\\"]\\",\\n \\"Name\\": \\"networkrule_test\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:119285303511****:network/networkrule_test\\"\\n}","errorExample":""},{"type":"xml","example":"<CreateNetworkRuleResponse>\\n <Type>Private</Type>\\n <RequestId>3bf02f7a-015b-4f93-be0f-cc043fda2dd3</RequestId>\\n <Description>networkrule description</Description>\\n <SourcePrivateIp>[\\"192.10.XX.XX\\",\\"192.168.XX.XX/24\\"]</SourcePrivateIp>\\n <Name>networkrule_test</Name>\\n <Arn>acs:kms:cn-hangzhou:119285303511****:network/networkrule_test</Arn>\\n</CreateNetworkRuleResponse>","errorExample":""}]', + 'title' => 'CreateNetworkRule', + 'summary' => 'Creates a network access rule to configure the private IP addresses or private CIDR blocks that are allowed to access a Key Management Service (KMS) instance.', + 'description' => 'To perform cryptographic operations and retrieve secret values, self-managed applications must use a client key to access a KMS instance. The following process shows how to create a client key-based application access point (AAP):'."\n" + ."\n" + .'1.Create an access control rule: You can configure the private IP addresses or private CIDR blocks that are allowed to access a KMS instance.'."\n" + ."\n" + .'2.Create a permission policy: You can configure the keys and secrets that are allowed to access and bind access control rules to the keys and secrets. For more information, see [CreatePolicy](~~2539454~~).'."\n" + ."\n" + .'3.Create an AAP: You can configure an authentication method and bind a permission policy to an AAP. For more information, see [CreateApplicationAccessPoint](~~2539467~~).'."\n" + ."\n" + .'4.Create a client key: You can configure the encryption password and validity period of a client key and bind the client key to an AAP. For more information, see [CreateClientKey](~~2539509~~).', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'CreatePolicy' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -1879,19 +1337,51 @@ 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'update', + 'operationType' => 'create', + 'abilityTreeCode' => '54642', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], + 'tenantRelevance' => 'publicInformation', ], 'parameters' => [ [ - 'name' => 'KeyId', + 'name' => 'Name', 'in' => 'query', - 'schema' => [ - 'description' => 'The globally unique ID of the CMK.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '1234abcd-12ab-34cd-56ef-12345678****', - ], + 'schema' => ['description' => 'The name of the permission policy.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'policy_test', 'title' => ''], + ], + [ + 'name' => 'Description', + 'in' => 'query', + 'schema' => ['description' => 'The description.'."\n", 'type' => 'string', 'required' => false, 'example' => 'policy description', 'title' => ''], + ], + [ + 'name' => 'KmsInstance', + 'in' => 'query', + 'schema' => ['description' => 'The scope of the permission policy. You need to specify the KMS instance that you want to access.'."\n", 'type' => 'string', 'required' => false, 'example' => 'kst-hzz634e67d126u9p9****', 'title' => ''], + ], + [ + 'name' => 'Permissions', + 'in' => 'query', + 'schema' => ['description' => 'The operations that can be performed. Valid values:'."\n" + ."\n" + .'* RbacPermission/Template/CryptoServiceKeyUser: allows you to perform cryptographic operations.'."\n" + .'* RbacPermission/Template/CryptoServiceSecretUser: allows you to perform secret-related operations.'."\n" + ."\n" + .'You can select both.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]', 'title' => ''], + ], + [ + 'name' => 'Resources', + 'in' => 'query', + 'schema' => ['description' => 'The key and secret that are allowed to access.'."\n" + ."\n" + .'* Key: Enter a key in the `key/${KeyId}` format. To allow access to all keys of a KMS instance, enter key/\\*.'."\n" + .'* Secret: Enter a secret in the `secret/${SecretName}` format. To allow access to all secrets of a KMS instance, enter secret/\\*.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]', 'title' => ''], + ], + [ + 'name' => 'AccessControlRules', + 'in' => 'query', + 'schema' => ['description' => 'The name of the access control rule.'."\n" + ."\n" + .'> For more information about how to query created access control rules, see [ListNetworkRules](~~2539433~~).'."\n", 'type' => 'string', 'required' => false, 'example' => '{"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}', 'title' => ''], ], ], 'responses' => [ @@ -1899,44 +1389,52 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => 'efb1cbbd-a093-4278-bc03-639dd4fcc207', - ], + 'RequestId' => ['description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", 'type' => 'string', 'example' => '3bf02f7a-015b-4f34-be0f-c4543fda2d33', 'title' => ''], + 'Arn' => ['description' => 'The ARN of the permission policy.'."\n", 'type' => 'string', 'example' => 'acs:kms:cn-hangzhou:119285303511****:policy/policy_test', 'title' => ''], + 'Name' => ['description' => 'The name of the permission policy.'."\n", 'type' => 'string', 'example' => 'policy_test', 'title' => ''], + 'Description' => ['description' => 'The description.'."\n", 'type' => 'string', 'example' => 'policy description', 'title' => ''], + 'KmsInstance' => ['description' => 'The scope of the permission policy.'."\n", 'type' => 'string', 'example' => 'kst-hzz634e67d126u9p9****', 'title' => ''], + 'Permissions' => ['description' => 'The operations that can be performed.'."\n", 'type' => 'string', 'example' => '["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]', 'title' => ''], + 'Resources' => ['description' => 'The key and secret that are allowed to access.'."\n" + ."\n" + .'* `key/*` indicates that all keys of the KMS instance can be accessed.'."\n" + .'* `secret/*` indicates all secrets of the KMS instance can be accessed.'."\n", 'type' => 'string', 'example' => '["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]', 'title' => ''], + 'AccessControlRules' => ['description' => 'The name of the access control rule.'."\n", 'type' => 'string', 'example' => '{"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"efb1cbbd-a093-4278-bc03-639dd4fcc207\\"\\n}","errorExample":"//xml response\\n\\n<KMS>\\n <RequestId>efb1cbbd-a093-4278-bc03-639dd4fcc207</RequestId>\\n</KMS>\\n"},{"type":"xml","example":"<KMS>\\r\\n <RequestId>efb1cbbd-a093-4278-bc03-639dd4fcc207</RequestId>\\r\\n</KMS>","errorExample":"//json response\\n{\\n\\"RequestId\\": \\"efb1cbbd-a093-4278-bc03-639dd4fcc207\\"\\n}\\n"}]', - 'title' => 'EnableKey', - 'summary' => 'Enables a key to encrypt and decrypt data.', - 'requestParamsDescription' => ' ', - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', - ], - 'DisableKey' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3bf02f7a-015b-4f34-be0f-c4543fda2d33\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:119285303511****:policy/policy_test\\",\\n \\"Name\\": \\"policy_test\\",\\n \\"Description\\": \\"policy description\\",\\n \\"KmsInstance\\": \\"kst-hzz634e67d126u9p9****\\",\\n \\"Permissions\\": \\"[\\\\\\"RbacPermission/Template/CryptoServiceKeyUser\\\\\\", \\\\\\"RbacPermission/Template/CryptoServiceSecretUser\\\\\\"]\\",\\n \\"Resources\\": \\"[\\\\\\"secret/acs/ram/user/ram-secret\\\\\\", \\\\\\"secret/acs/ram/user/acr-master\\\\\\", \\\\\\"key/key-hzz63d9c8d3dfv8cv****\\\\\\"]\\",\\n \\"AccessControlRules\\": \\"{\\\\\\"NetworkRules\\\\\\":[\\\\\\"kst-hzz62ee817bvyyr5x****.efkd\\\\\\",\\\\\\"kst-hzz62ee817bvyyr5x****.eyyp\\\\\\"]}\\"\\n}","errorExample":""},{"type":"xml","example":"<CreatePolicyResponse>\\n <RequestId>3bf02f7a-015b-4f34-be0f-c4543fda2d33</RequestId>\\n <Arn>acs:kms:cn-hangzhou:119285303511****:policy/policy_test</Arn>\\n <Name>policy_test</Name>\\n <Description>policy description</Description>\\n <KmsInstance>kst-hzz634e67d126u9p9****</KmsInstance>\\n <Permissions>[\\"RbacPermission/Template/CryptoServiceKeyUser\\", \\"RbacPermission/Template/CryptoServiceSecretUser\\"]</Permissions>\\n <Resources>[\\"secret/acs/ram/user/ram-secret\\", \\"secret/acs/ram/user/acr-master\\", \\"key/key-hzz63d9c8d3dfv8cv****\\"]</Resources>\\n <AccessControlRules>{\\"NetworkRules\\":[\\"kst-hzz62ee817bvyyr5x****.efkd\\",\\"kst-hzz62ee817bvyyr5x****.eyyp\\"]}</AccessControlRules>\\n</CreatePolicyResponse>","errorExample":""}]', + 'title' => 'CreatePolicy', + 'summary' => 'Creates a permission policy to configure the keys and secrets that are allowed to access.', + 'description' => 'To perform cryptographic operations and retrieve secret values, self-managed applications must use a client key to access a Key Management Service (KMS) instance. The following process shows how to create a client key-based application access point (AAP):'."\n" + ."\n" + .'1.Create an access control rule: You can configure the private IP addresses or private CIDR blocks that are allowed to access a KMS instance. For more information, see [CreateNetworkRule](~~2539407~~).'."\n" + ."\n" + .'2.Create a permission policy: You can configure the keys and secrets that are allowed to access and bind access control rules to the keys and secrets.'."\n" + ."\n" + .'3.Create an AAP: You can configure an authentication method and bind a permission policy to an AAP. For more information, see [CreateApplicationAccessPoint](~~2539467~~).'."\n" + ."\n" + .'4.Create a client key: You can configure the encryption password and validity period of a client key and bind the client key to an AAP. For more information, see [CreateClientKey](~~2539509~~).', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'CreateSecret' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -1945,71 +1443,370 @@ 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'update', + 'operationType' => 'create', + 'abilityTreeCode' => '54548', + 'abilityTreeNodes' => ['FEATUREkms52EQP9'], + 'tenantRelevance' => 'publicInformation', ], 'parameters' => [ [ - 'name' => 'KeyId', + 'name' => 'SecretName', + 'in' => 'query', + 'schema' => ['description' => 'The name of the secret. The name must be unique in the same region.'."\n" + .'The name can be up to 192 characters in length and can contain letters, digits, underscores (\\_), forward slashes (/), plus signs (+), equal signs (=), periods (.), hyphens (-), and at signs (@). The following limits apply to secret names for different types of secrets:'."\n" + ."\n" + .'- If SecretType is set to Generic, Rds, or Redis, the name cannot start with `acs/`.'."\n" + ."\n" + .'- If SecretType is set to RAMCredentials, set this parameter to the fixed value `$Auto`. In this case, KMS automatically generates a secret name that starts with `acs/ram/user/` and contains the display name of the RAM user.'."\n" + ."\n" + .'- If SecretType is set to ECS, the name must start with `acs/ecs/`.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'mydbconninfo', 'title' => ''], + ], + [ + 'name' => 'VersionId', + 'in' => 'query', + 'schema' => ['description' => 'The version number of the initial version. The version number must be unique within the secret.'."\n" + .'The version number can be up to 64 characters in length.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'v1', 'title' => ''], + ], + [ + 'name' => 'EncryptionKeyId', + 'in' => 'query', + 'schema' => ['description' => 'The ID of the key used to encrypt the secret value.'."\n" + ."\n" + .'> The key and the secret must be in the same KMS instance. The key must be a symmetric key.', 'type' => 'string', 'required' => false, 'docRequired' => false, 'default' => '', 'example' => 'key-gzz63ff0db5hg3qje****', 'title' => ''], + ], + [ + 'name' => 'SecretData', + 'in' => 'query', + 'schema' => ['description' => 'The value of the secret. The value can be up to 30,720 bytes (30 KB) in length. KMS encrypts the secret value with the specified key and stores the encrypted value in the initial version.'."\n" + ."\n" + .'- If SecretType is set to Generic, you can specify a custom secret value.'."\n" + ."\n" + .'- If SecretType is set to Rds, the secret value must be in the following format: `{"Accounts":[{"AccountName":"","AccountPassword":""}]}`. In the format, `AccountName` specifies the username of the account for the RDS instance and `AccountPassword` specifies the password of the account.'."\n" + ."\n" + .'- If SecretType is set to Redis, set this parameter to `$Auto`.'."\n" + ."\n" + .'- If SecretType is set to RAMCredentials, the secret value must be in the following format: `{"AccessKeys":[{"AccessKeyId":"","AccessKeySecret":""}]}`. In the format, `AccessKeyId` specifies the AccessKey ID and `AccessKeySecret` specifies the AccessKey secret. You must specify all AccessKey pairs of the RAM user.'."\n" + ."\n" + .'- If SecretType is set to PolarDB, set this parameter to `$Auto`.'."\n" + ."\n" + .'- If SecretType is set to ECS, the secret value must be in one of the following formats:'."\n" + ."\n" + .' - If SecretSubType in the ExtendedConfig parameter is set to Password: `{"UserName":"","Password": ""}`. In the format, `UserName` specifies the username used to log on to the ECS instance and `Password` specifies the password used to log on to the ECS instance.'."\n" + ."\n" + .' - If SecretSubType in the ExtendedConfig parameter is set to SSHKey: `{"UserName":"","PublicKey": "", "PrivateKey": ""}`. In the format, `PublicKey` specifies the SSH-formatted public key used to log on to the ECS instance and `PrivateKey` specifies the private key used to log on to the ECS instance.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '{"Accounts":[{"AccountName":"user1","AccountPassword":"****"}]}', 'title' => ''], + ], + [ + 'name' => 'SecretDataType', 'in' => 'query', 'schema' => [ - 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n", + 'description' => 'The type of the secret value. Valid values:'."\n" + ."\n" + .'- text (default): The secret value is a text string.'."\n" + ."\n" + .'- binary: The secret value is a binary string.'."\n" + ."\n" + .'> If SecretType is set to Rds, Redis, PolarDB, RAMCredentials, or ECS, SecretDataType must be set to text.', 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + 'required' => false, + 'docRequired' => false, + 'default' => 'text', + 'enum' => ['text', 'binary'], + 'example' => 'text', + 'title' => '', ], ], + [ + 'name' => 'Description', + 'in' => 'query', + 'schema' => ['description' => 'The description of the secret.', 'type' => 'string', 'required' => false, 'docRequired' => false, 'example' => 'mydbinfo', 'title' => ''], + ], + [ + 'name' => 'Tags', + 'in' => 'query', + 'schema' => ['description' => 'The tags of the secret. Each tag consists of a key-value pair. A tag consists of a tag key and a tag value.'."\n" + ."\n" + .'The tag key and tag value can be up to 128 characters in length and can contain letters, digits, forward slashes (/), backslashes (\\), underscores (\\_), hyphens (-), periods (.), plus signs (+), equal signs (=), colons (:), and at signs (@).'."\n" + ."\n" + .'- The tag key cannot start with aliyun or acs:.'."\n" + ."\n" + .'- You can specify up to 20 key-value pairs for each secret.', 'type' => 'string', 'required' => false, 'docRequired' => false, 'example' => '[{\\"TagKey\\":\\"key1\\",\\"TagValue\\":\\"val1\\"},{\\"TagKey\\":\\"key2\\",\\"TagValue\\":\\"val2\\"}]', 'title' => ''], + ], + [ + 'name' => 'SecretType', + 'in' => 'query', + 'schema' => ['description' => 'The type of the secret. Valid values:'."\n" + ."\n" + .'- Generic (default): a generic secret.'."\n" + ."\n" + .'- Rds: an RDS secret.'."\n" + ."\n" + .'- Redis: a Redis secret.'."\n" + ."\n" + .'- RAMCredentials: a RAM secret.'."\n" + ."\n" + .'- ECS: an ECS secret.'."\n" + ."\n" + .'- PolarDB: a PolarDB secret.', 'type' => 'string', 'required' => false, 'example' => 'Rds', 'title' => ''], + ], + [ + 'name' => 'ExtendedConfig', + 'in' => 'query', + 'style' => 'json', + 'schema' => ['description' => 'The extended configuration of the secret. This parameter specifies the properties of the secret of a specific type. The value can be up to 1,024 characters in length.'."\n" + ."\n" + .'- If SecretType is set to Generic, this parameter is ignored.'."\n" + ."\n" + .'- If SecretType is set to Rds, you must specify the following parameters in ExtendedConfig:'."\n" + ."\n" + .' - SecretSubType (Required): The subtype of the secret. Valid values:'."\n" + ."\n" + .' - SingleUser: Secrets Manager manages the RDS secret in single-account mode. When the secret is rotated, the password of the specified account is reset to a new random password.'."\n" + ."\n" + .' - DoubleUsers: Secrets Manager manages the RDS secret in double-account mode. ACSCurrent and ACSPrevious point to one of the accounts. When the secret is rotated, the password of the account pointed to by ACSPrevious is reset to a new random password. Then, Secrets Manager swaps the accounts that ACSCurrent and ACSPrevious point to.'."\n" + ."\n" + .' - DBInstanceId (Required): The ID of the RDS instance to which the account belongs.'."\n" + ."\n" + .' - CustomData (Optional): The custom data. The value is a key-value pair in the JSON format. You can specify up to 10 key-value pairs. Separate multiple key-value pairs with commas (,). Example: `{"Key1": "v1", "fds":"fdsf"}`. The default value is `{}`.'."\n" + ."\n" + .'- If SecretType is set to Redis, you must specify the following parameters in ExtendedConfig:'."\n" + ."\n" + .' - SecretSubType (Required): The subtype of the secret. Valid values:'."\n" + ."\n" + .' - DoubleUsers: Secrets Manager manages the Redis secret in double-account mode. ACSCurrent and ACSPrevious point to one of the accounts. When the secret is rotated, the password of the account pointed to by ACSPrevious is reset to a new random password. Then, Secrets Manager swaps the accounts that ACSCurrent and ACSPrevious point to.'."\n" + ."\n" + .' - AccountName (Required): The database username.'."\n" + ."\n" + .' - CloneAccountName (Required): The database username, which is the value of AccountName with the `_clone` suffix.'."\n" + ."\n" + .' - AccountPrivilege (Required): The permissions to access the database.'."\n" + ."\n" + .' - InstanceId (Required): The ID of the Redis instance.'."\n" + ."\n" + .' - RegionId (Required): The ID of the region where the Redis instance resides.'."\n" + ."\n" + .' - CustomData (Optional): The custom data. The value is a key-value pair in the JSON format. You can specify up to 10 key-value pairs. Separate multiple key-value pairs with commas (,). Example: `{"Key1": "v1", "fds":"fdsf"}`. The default value is `{}`.'."\n" + ."\n" + .'- If SecretType is set to RAMCredentials, you must specify the following parameters in ExtendedConfig:'."\n" + ."\n" + .' - SecretSubType (Required): The subtype of the secret. The value is RamUserAccessKey.'."\n" + ."\n" + .' - UserName (Required): The name of the RAM user.'."\n" + ."\n" + .' - CustomData (Optional): The custom data. The value is a key-value pair in the JSON format. You can specify up to 10 key-value pairs. Separate multiple key-value pairs with commas (,). The default value is `{}`.'."\n" + ."\n" + .'- If SecretType is set to ECS, you must specify the following parameters in ExtendedConfig:'."\n" + ."\n" + .' - SecretSubType (Required): The subtype of the secret. Valid values:'."\n" + ."\n" + .' - Password: an ECS password.'."\n" + ."\n" + .' - SSHKey: an ECS SSH key pair.'."\n" + ."\n" + .' - RegionId (Required): The ID of the region where the ECS instance resides.'."\n" + ."\n" + .' - InstanceId (Required): The ID of the ECS instance.'."\n" + ."\n" + .' - CustomData (Optional): The custom data. The value is a key-value pair in the JSON format. You can specify up to 10 key-value pairs. Separate multiple key-value pairs with commas (,). The default value is `{}`.'."\n" + ."\n" + .'- If SecretType is set to PolarDB, you must specify the following parameters in ExtendedConfig:'."\n" + ."\n" + .' - SecretSubType (Required): The fixed value is DoubleUsers.'."\n" + ."\n" + .' - RegionId (Required): The region.'."\n" + ."\n" + .' - DBClusterId (Required): The ID of the PolarDB instance.'."\n" + ."\n" + .' - DBType (Required): MySQL or PostgreSQL.'."\n" + ."\n" + .' - AccountName (Required): The account name.'."\n" + ."\n" + .' - CloneAccountName: The value is AccountName\\_clone.'."\n" + ."\n" + .' - AccountType: Only Normal is supported.'."\n" + ."\n" + .' - AccountPrivilege: This parameter is available only for MySQL.'."\n" + ."\n" + .' - DBName: This parameter is available only for MySQL.'."\n" + ."\n" + .' - CustomData (Optional): The custom data. The value is a key-value pair in the JSON format. You can specify up to 10 key-value pairs. Separate multiple key-value pairs with commas (,). Example: {"Key1": "v1", "fds":"fdsf"}. The default value is {}.'."\n" + ."\n" + .'> If SecretType is set to Rds, Redis, PolarDB, RAMCredentials, or ECS, you must configure this parameter.', 'type' => 'object', 'required' => false, 'example' => '{"SecretSubType":"SingleUser", "DBInstanceId":"rm-bp1b3dd3a506e****" ,"CustomData":{"Key1": "v1", "fds":"fdsf"}}', 'title' => ''], + ], + [ + 'name' => 'EnableAutomaticRotation', + 'in' => 'query', + 'schema' => ['description' => 'Specifies whether to enable automatic rotation. Valid values:'."\n" + ."\n" + .'- true: enables automatic rotation.'."\n" + ."\n" + .'- false (default): disables automatic rotation.'."\n" + ."\n" + .'> This parameter is valid only if SecretType is set to Rds, PolarDB, Redis, RAMCredentials, or ECS. If SecretType is set to Generic, automatic rotation is not supported. You can call the [PutSecretValue](~~154503~~) operation to manually rotate the secret.', 'type' => 'boolean', 'required' => false, 'example' => 'true', 'title' => ''], + ], + [ + 'name' => 'RotationInterval', + 'in' => 'query', + 'schema' => ['description' => 'The interval for automatic rotation. The value is in the range of 6 hours to 8,760 hours (365 days).<br>'."\n" + .'The value is in the `integer[unit]` format. `integer` indicates the interval. `unit` indicates the unit of time.<br>'."\n" + .'Valid values for unit: d (day), h (hour), m (minute), and s (second). For example, both 7d and 604,800s indicate a rotation interval of 7 days.<br><br>'."\n" + ."\n" + .'> You must specify this parameter if you set EnableAutomaticRotation to true. You do not need to specify this parameter if you set EnableAutomaticRotation to false.', 'type' => 'string', 'required' => false, 'example' => '30d', 'title' => ''], + ], + [ + 'name' => 'DKMSInstanceId', + 'in' => 'query', + 'schema' => ['description' => 'The ID of the KMS instance.', 'type' => 'string', 'required' => false, 'example' => 'kst-bjj62d8f5e0sgtx8h****', 'title' => ''], + ], + [ + 'name' => 'Policy', + 'in' => 'query', + 'allowEmptyValue' => true, + 'schema' => ['description' => 'The content of the secret policy. The value is in the JSON format. The value can be up to 32,768 bytes in length.'."\n" + ."\n" + .'For more information about secret policies, see [Overview of secret policies](~~2716465~~). If you do not specify this parameter, the default secret policy is used.'."\n" + ."\n" + .'A secret policy contains the following parts:'."\n" + ."\n" + .'- Version: The version of the secret policy. Only 1 is supported.'."\n" + ."\n" + .'- Statement: The statements of the secret policy. Each secret policy can contain one or more statements.'."\n" + ."\n" + .'The following is the format of a secret policy:'."\n" + ."\n" + .'```'."\n" + .'{'."\n" + .' "Version": "1",'."\n" + .' "Statement": ['."\n" + .' {'."\n" + .' "Sid": "Enable RAM User Permissions",'."\n" + .' "Effect": "Allow",'."\n" + .' "Principal": {'."\n" + .' "RAM": ["acs:ram::12345678****:*"]'."\n" + .' },'."\n" + .' "Action": ['."\n" + .' "kms:*"'."\n" + .' ],'."\n" + .' "Resource": ['."\n" + .' "*"'."\n" + .' ]'."\n" + .' }'."\n" + .' ]'."\n" + .'}'."\n" + .'```'."\n" + ."\n" + .'Details about a statement:'."\n" + ."\n" + .'- Sid: (Optional) The custom identifier of the statement. The value can be up to 128 characters in length and can contain uppercase letters (A-Z), lowercase letters (a-z), digits (0-9), and special characters, including underscores (\\_), forward slashes (/), plus signs (+), equal signs (=), periods (.), at signs (@), and hyphens (-).'."\n" + ."\n" + .'- Effect: (Required) The effect of the policy statement. Valid values: Allow and Deny.'."\n" + ."\n" + .'- Principal: (Required) The principal that is authorized by the policy. You can specify the current Alibaba Cloud account (the account to which the secret belongs), a RAM user or RAM role of the current Alibaba Cloud account, or a RAM user or RAM role of another Alibaba Cloud account.'."\n" + ."\n" + .'- Action: (Required) The API operations that are allowed or denied. The value must start with "kms:". For the list of supported operations, see [Overview of secret policies](~~2716465~~). If you specify an operation that is not in the list, the setting does not take effect.'."\n" + ."\n" + .'- Resource: (Required) The resource. The value can only be \\*, which indicates the current KMS secret.'."\n" + ."\n" + .'- Condition: (Optional) The conditions for the authorization to take effect. You can use conditions to evaluate the context of an API request to determine whether to apply the policy statement. The format is `"Condition": {"condition operator": {"condition key": "condition value"}}`. For more information, see [Overview of secret policies](~~2716465~~).'."\n" + ."\n" + .'> After you grant permissions to a RAM user or RAM role of another Alibaba Cloud account, you must use the Alibaba Cloud account to which the RAM user or RAM role belongs to grant the RAM user or RAM role the permissions to use the secret in the RAM console. Then, the RAM user or RAM role can use the secret. For more information, see [Custom policies for KMS](~~480682~~), [Grant permissions to a RAM user](~~116146~~), and [Grant permissions to a RAM role](~~116147~~).', 'type' => 'string', 'required' => false, 'example' => '{"Version":"1","Statement": [{"Sid":"kms default secret policy","Effect":"Allow","Principal":{"RAM": ["acs:ram::119285303511****:*"]},"Action":["kms:*"],"Resource": ["*"] }] }', 'title' => ''], + ], ], 'responses' => [ 200 => [ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => '2fe70ce2-3303-4fd6-b3ac-472fb2705c62', - ], + 'RequestId' => ['description' => 'The ID of the request, which is a unique identifier generated by Alibaba Cloud. You can use this ID to troubleshoot issues.', 'type' => 'string', 'example' => '3bf02f7a-015b-4f93-be0f-cc043fda2dd3', 'title' => ''], + 'AutomaticRotation' => ['description' => 'Indicates whether automatic rotation is enabled. Valid values:'."\n" + ."\n" + .'- Enabled: Automatic rotation is enabled.'."\n" + ."\n" + .'- Disabled: Automatic rotation is disabled.'."\n" + ."\n" + .'- Invalid: The rotation status is abnormal. Secrets Manager cannot automatically rotate the secret for you.'."\n" + ."\n" + .'> This parameter is returned if SecretType is set to Rds, Redis, PolarDB, RAMCredentials, or ECS.', 'type' => 'string', 'example' => 'Enabled', 'title' => ''], + 'SecretName' => ['description' => 'The name of the secret.', 'type' => 'string', 'example' => 'mydbconninfo', 'title' => ''], + 'VersionId' => ['description' => 'The version number of the secret.', 'type' => 'string', 'example' => 'v1', 'title' => ''], + 'NextRotationDate' => ['description' => 'The time when the secret is next rotated.'."\n" + ."\n" + .'> This parameter is returned if automatic rotation is enabled.', 'type' => 'string', 'example' => '2023-07-06T18:22:03Z', 'title' => ''], + 'SecretType' => ['description' => 'The type of the secret. Valid values:'."\n" + ."\n" + .'- Generic: a generic secret.'."\n" + ."\n" + .'- Rds: an RDS secret.'."\n" + ."\n" + .'- Redis: a Redis secret.'."\n" + ."\n" + .'- RAMCredentials: a RAM secret.'."\n" + ."\n" + .'- ECS: an ECS secret.'."\n" + ."\n" + .'- PolarDB: a PolarDB secret.', 'type' => 'string', 'example' => 'Rds', 'title' => ''], + 'RotationInterval' => ['description' => 'The interval for automatic rotation.<br>'."\n" + .'The value is in the `integer[unit]` format. `integer` indicates the interval. `unit` indicates the unit of time. The unit is s (second). For example, a rotation interval of 7 days is 604800s.<br>'."\n" + ."\n" + .'> This parameter is returned if automatic rotation is enabled.', 'type' => 'string', 'example' => '604800s', 'title' => ''], + 'Arn' => ['description' => 'The Alibaba Cloud Resource Name (ARN) of the secret.', 'type' => 'string', 'example' => 'acs:kms:cn-hangzhou:154035569884****:secret/mydbconninfo', 'title' => ''], + 'ExtendedConfig' => ['description' => 'The extended configuration of the secret.'."\n" + ."\n" + .'> This parameter is returned if SecretType is set to Rds, Redis, PolarDB, RAMCredentials, or ECS.', 'type' => 'string', 'example' => '{\\"SecretSubType\\":\\"SingleUser\\", \\"DBInstanceId\\":\\"rm-uf667446pc955****\\", \\"CustomData\\":"Key1": "v1", "fds":"fdsf"} }', 'title' => ''], + 'DKMSInstanceId' => ['description' => 'The ID of the KMS instance.', 'type' => 'string', 'example' => 'kst-bjj62d8f5e0sgtx8h****', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'UnsupportedOperation', 'errorMessage' => 'This action is not supported.', 'description' => 'The operation is not supported.'], + ['errorCode' => 'Rejected.LimitExceeded', 'errorMessage' => 'The request was rejected because user create resource limit was exceeded', 'description' => 'The request is rejected because the number of created resources reaches the upper limit.'], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], + ['errorCode' => 'Rejected.ShareQuotaExceedLimit', 'errorMessage' => 'Instance Share Quota Exceed Limit.', 'description' => 'The instance share quota exceeds the limit.'], ], - 404 => [ - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + 403 => [ + ['errorCode' => 'Forbidden.DKMSInstanceNotFound', 'errorMessage' => 'The specified DKMS Instance is not found.', 'description' => 'Your dedicated KMS instance is not found.'], + ], + [ + ['errorCode' => 'Forbidden.ResourceNotFound', 'errorMessage' => 'The resource is not found.', 'description' => 'The resource does not exist.'], + ], + 409 => [ + ['errorCode' => 'Rejected.ResourceExist', 'errorMessage' => 'The resource already exists.', 'description' => 'The resource already exists.'], + ['errorCode' => 'Rejected.ResourceInDeleteWindow', 'errorMessage' => 'The secret is planned to be deleted.', 'description' => 'The secret is to be deleted.'], + ], + 500 => [ + ['errorCode' => 'InternalFailure', 'errorMessage' => 'Internal Failure', 'description' => 'An internal error occurred.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"2fe70ce2-3303-4fd6-b3ac-472fb2705c62\\"\\n}","errorExample":"//xml response\\n<KMS>\\n <RequestId>2fe70ce2-3303-4fd6-b3ac-472fb2705c62</RequestId>\\n</KMS>\\n"},{"type":"xml","example":"<KMS>\\n <RequestId>2fe70ce2-3303-4fd6-b3ac-472fb2705c62</RequestId>\\n</KMS>\\n","errorExample":"//json response\\n{\\n\\"RequestId\\": \\"2fe70ce2-3303-4fd6-b3ac-472fb2705c62\\"\\n}\\n"}]', - 'title' => 'DisableKey', - 'summary' => 'Disables a key.', - 'description' => 'If a customer master key (CMK) is disabled, the ciphertext encrypted by using this CMK cannot be decrypted until you re-enable it. You can call the [EnableKey](~~35150~~) operation to enable the CMK.'."\n" + 'title' => 'CreateSecret', + 'summary' => 'Creates a secret and stores its initial version.', + 'description' => '- For information about the access policy required for a Resource Access Management (RAM) user or RAM role to call this operation, see [Resource Access Management](~~2767210~~).'."\n" ."\n" - .'In this example, the CMK whose ID is `1234abcd-12ab-34cd-56ef-12345678****` is disabled.'."\n", - 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + .'- Specify the secret name, the secret value for the initial version, and the version number. The initial version is marked with the ACSCurrent stage label.'."\n" + ."\n" + .'- Key Management Service (KMS) uses the key that you specify to encrypt the secret value. The key and the secret must be in the same KMS instance. The key must be a symmetric key.'."\n" + ."\n" + .' > KMS encrypts the secret value of each version. Metadata such as the secret name, version number, and version stage labels are not encrypted.'."\n" + ."\n" + .'- Before you encrypt the secret value, you must have the `kms:GenerateDataKey` permission on the key.'."\n" + ."\n" + .'This topic provides an example of how to create an RDS secret. The secret is named `mydbconninfo`. The `VersionId` of the initial version is `v1`. The `SecretData` is `{"Accounts":[{"AccountName":"user1","AccountPassword":"****"}]}`.', + 'requestParamsDescription' => 'For information about common request parameters, see [Common parameters](~~69007~~).', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'GetPublicKey' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"3bf02f7a-015b-4f93-be0f-cc043fda2dd3\\",\\n \\"AutomaticRotation\\": \\"Enabled\\",\\n \\"SecretName\\": \\"mydbconninfo\\",\\n \\"VersionId\\": \\"v1\\",\\n \\"NextRotationDate\\": \\"2023-07-06T18:22:03Z\\",\\n \\"SecretType\\": \\"Rds\\",\\n \\"RotationInterval\\": \\"604800s\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:154035569884****:secret/mydbconninfo\\",\\n \\"ExtendedConfig\\": \\"{\\\\\\\\\\\\\\"SecretSubType\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"SingleUser\\\\\\\\\\\\\\", \\\\\\\\\\\\\\"DBInstanceId\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"rm-uf667446pc955****\\\\\\\\\\\\\\", \\\\\\\\\\\\\\"CustomData\\\\\\\\\\\\\\":\\\\\\"Key1\\\\\\": \\\\\\"v1\\\\\\", \\\\\\"fds\\\\\\":\\\\\\"fdsf\\\\\\"} }\\",\\n \\"DKMSInstanceId\\": \\"kst-bjj62d8f5e0sgtx8h****\\"\\n}","type":"json"}]', + ], + 'Decrypt' => [ + 'summary' => 'Decrypts ciphertext that was encrypted by using a CMK.', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -2019,36 +1816,45 @@ 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', + 'abilityTreeCode' => '54550', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], ], 'parameters' => [ [ - 'name' => 'KeyId', + 'name' => 'CiphertextBlob', 'in' => 'query', - 'schema' => [ - 'description' => 'The globally unique ID of the CMK. You can also set this parameter to an alias that is bound to the CMK. For more information, see [Use aliases](~~68522~~).'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', - ], + 'schema' => ['description' => 'The ciphertext that you want to decrypt.<br> The ciphertext is generated by calling the following API operations:<br>'."\n" + ."\n" + .'- [GenerateDataKey](~~28948~~)'."\n" + ."\n" + .'- [Encrypt](~~28949~~)'."\n" + ."\n" + .'- [GenerateDataKeyWithoutPlaintext](~~134043~~)', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****', 'title' => ''], ], [ - 'name' => 'KeyVersionId', + 'name' => 'EncryptionContext', 'in' => 'query', - 'schema' => [ - 'description' => 'The globally unique ID of the CMK version.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], + 'style' => 'json', + 'schema' => ['description' => 'A JSON string that consists of key-value pairs.'."\n" + ."\n" + .'> If you specify EncryptionContext when you call the [GenerateDataKey](~~28948~~), [Encrypt](~~28949~~), or [GenerateDataKeyWithoutPlaintext](~~134043~~) operation to encrypt data, you must specify the same parameter for decryption. For more information, see [EncryptionContext](~~42975~~).', 'type' => 'object', 'required' => false, 'example' => '{"Example":"Example"}', 'title' => ''], ], [ 'name' => 'DryRun', 'in' => 'query', - 'schema' => [ - 'type' => 'string', - ], + 'schema' => ['description' => 'Specifies whether to enable the dry run feature.'."\n" + ."\n" + .'- true: enables the dry run feature.'."\n" + ."\n" + .'- false (default): disables the dry run feature.'."\n" + ."\n" + .'The dry run feature lets you test API calls, check whether you have the required permissions on resources, and check whether the request parameters are valid. If you enable the dry run feature, KMS always returns a failure response that indicates the cause of the failure. The following causes are possible:'."\n" + ."\n" + .'- DryRunOperationError: The request would have succeeded if the DryRun parameter was not specified.'."\n" + ."\n" + .'- ValidationError: The parameters specified in the request are invalid.'."\n" + ."\n" + .'- AccessDeniedError: You are not authorized to perform this operation on the KMS resource.', 'type' => 'string', 'required' => false, 'example' => 'false', 'title' => ''], ], ], 'responses' => [ @@ -2056,65 +1862,59 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'KeyVersionId' => [ - 'description' => 'The version of the CMK that is used to encrypt the plaintext.'."\n", - 'type' => 'string', - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], - 'KeyId' => [ - 'description' => 'The globally unique ID of the CMK.'."\n" - ."\n" - .'> If you set the KeyId parameter to the alias of the CMK, the ID of the CMK to which the alias is bound is returned.'."\n", - 'type' => 'string', - 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', - ], - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', - ], - 'PublicKey' => [ - 'description' => 'The public key returned in the PEM format.'."\n", - 'type' => 'string', - 'example' => '-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5Yu9AEgATN2/e3nUz1K\\nEy6ng8MSPutcse2/VECG/NUF9C6D4IsJ64ShzY3dcn34WYzTOe916eMJFxyrNrSw\\nHtc4UOR5AvaoRrfpgu2uq+i70/ZXrWL+pGb1hgZV8cWheIHMxwrR3IiQlM5qN7EF\\n9BdyWtyBfUGsp0Bn1VqlPc5G0x0a9xU2z9YtP994yDenNVIoIQ6Cov1lIEuwXAb2\\n7boC41ePXwD0JWt41sP+rgCmpjBx00puIG+IlnoReEgI1ZGYmK98GgA/XzmNjZiD\\nyvXJZAcM33Ue85+PkR5iHTtSEbi4QAoqpJabprUzz3Fin2j1dRrcacxGb7p31A9c\\nJQIDAQAB\\n-----END PUBLIC KEY-----\\n', - ], + 'KeyVersionId' => ['description' => 'The ID of the key version that is used to decrypt the ciphertext. This key version is a version of the master key.', 'type' => 'string', 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], + 'KeyId' => ['description' => 'The ID of the master key that is used to decrypt the ciphertext.<br> The globally unique identifier of the master key.<br>', 'type' => 'string', 'example' => '202b9877-5a25-46e3-a763-e20791b5****', 'title' => ''], + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '207596a2-36d3-4840-b1bd-f87044699bd7', 'title' => ''], + 'Plaintext' => ['description' => 'The decrypted plaintext.', 'type' => 'string', 'example' => 'tRYXuCwgja12xxO1N/gZERDDCLw9doZEQiPDk/Bv****', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'UnsupportedOperation', 'errorMessage' => 'This action is not supported.', 'description' => 'The operation is not supported.'], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], + ['errorCode' => 'Forbidden.AliasNotFound', 'errorMessage' => 'The specified Alias is not found.', 'description' => 'The error message returned because the specified alias does not exist.'], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], + ], + 409 => [ + ['errorCode' => 'Rejected.Disabled', 'errorMessage' => 'The request was rejected because the key state is Disabled.', 'description' => 'The request was rejected because the key state is Disabled.'], + ['errorCode' => 'Rejected.PendingDeletion', 'errorMessage' => 'The request was rejected because the key state is PendingDeletion.', 'description' => 'The request was rejected because the key state is PendingDeletion.'], + ['errorCode' => 'Rejected.Unavailable', 'errorMessage' => 'The request was rejected because the key state is Unavailable.', 'description' => 'The request was denied because the key status is unavailable.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"5c438b18-05be-40ad-b6c2-3be6752c****\\",\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\",\\n \\"PublicKey\\": \\"-----BEGIN PUBLIC KEY-----\\\\\\\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5Yu9AEgATN2/e3nUz1K\\\\\\\\nEy6ng8MSPutcse2/VECG/NUF9C6D4IsJ64ShzY3dcn34WYzTOe916eMJFxyrNrSw\\\\\\\\nHtc4UOR5AvaoRrfpgu2uq+i70/ZXrWL+pGb1hgZV8cWheIHMxwrR3IiQlM5qN7EF\\\\\\\\n9BdyWtyBfUGsp0Bn1VqlPc5G0x0a9xU2z9YtP994yDenNVIoIQ6Cov1lIEuwXAb2\\\\\\\\n7boC41ePXwD0JWt41sP+rgCmpjBx00puIG+IlnoReEgI1ZGYmK98GgA/XzmNjZiD\\\\\\\\nyvXJZAcM33Ue85+PkR5iHTtSEbi4QAoqpJabprUzz3Fin2j1dRrcacxGb7p31A9c\\\\\\\\nJQIDAQAB\\\\\\\\n-----END PUBLIC KEY-----\\\\\\\\n\\"\\n}","errorExample":""},{"type":"xml","example":"<GetPublicKeyResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>5c438b18-05be-40ad-b6c2-3be6752c****</KeyId>\\n <RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>\\n <PublicKey>-----BEGIN PUBLIC KEY-----\\\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5Yu9AEgATN2/e3nUz1K\\\\nEy6ng8MSPutcse2/VECG/NUF9C6D4IsJ64ShzY3dcn34WYzTOe916eMJFxyrNrSw\\\\nHtc4UOR5AvaoRrfpgu2uq+i70/ZXrWL+pGb1hgZV8cWheIHMxwrR3IiQlM5qN7EF\\\\n9BdyWtyBfUGsp0Bn1VqlPc5G0x0a9xU2z9YtP994yDenNVIoIQ6Cov1lIEuwXAb2\\\\n7boC41ePXwD0JWt41sP+rgCmpjBx00puIG+IlnoReEgI1ZGYmK98GgA/XzmNjZiD\\\\nyvXJZAcM33Ue85+PkR5iHTtSEbi4QAoqpJabprUzz3Fin2j1dRrcacxGb7p31A9c\\\\nJQIDAQAB\\\\n-----END PUBLIC KEY-----\\\\n</PublicKey>\\n</GetPublicKeyResponse>","errorExample":""}]', - 'title' => 'GetPublicKey', - 'summary' => 'Queries the public key of an asymmetric key pair. You can use the public key to encrypt local data and verify signatures.', + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"202b9877-5a25-46e3-a763-e20791b5****\\",\\n \\"RequestId\\": \\"207596a2-36d3-4840-b1bd-f87044699bd7\\",\\n \\"Plaintext\\": \\"tRYXuCwgja12xxO1N/gZERDDCLw9doZEQiPDk/Bv****\\"\\n}","type":"json"}]', + 'title' => 'Decrypt', + 'description' => '### Precautions'."\n" + ."\n" + .'- For information about the access policy required for a RAM user or RAM role to call this operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- This operation can be called through a shared gateway or a dedicated gateway. For more information, see [Alibaba Cloud SDK](~~601559~~).'."\n" + ."\n" + .' - Shared gateway: You can access KMS over the Internet or using a VPC domain name. To use a shared gateway, you must enable Internet access. For more information, see [Access keys in a KMS instance over the Internet](~~2856718~~).'."\n" + ."\n" + .' - Dedicated gateway: You can access KMS using the private endpoint of KMS (`<YOUR_KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com`).'."\n" + ."\n" + .'### QPS limits'."\n" + ."\n" + .'- Shared gateway: The queries per second (QPS) limit for a single user for this operation is 1,000. If this limit is exceeded, API calls are throttled, which may affect your business. We recommend that you plan your calls accordingly.'."\n" + ."\n" + .'- Dedicated gateway: The QPS limit for a single user for this operation is subject to the performance specifications of your KMS instance. For more information, see [Performance metrics](~~480120~~).', 'requestParamsDescription' => ' ', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'CreateAlias' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'DeleteAlias' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -2122,33 +1922,14 @@ ], 'operationType' => 'write', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'create', - ], + 'systemTags' => ['operationType' => 'delete'], 'parameters' => [ [ - 'name' => 'KeyId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '7906979c-8e06-46a2-be2d-68e3ccbc****', - ], - ], - [ 'name' => 'AliasName', 'in' => 'query', - 'schema' => [ - 'description' => 'The alias of the CMK.'."\n" - ."\n" - .'The alias must be 1 to 255 characters in length and must contain the prefix `alias/`. The alias cannot be prefixed with the reserved word `alias/acs`.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'alias/example', - ], + 'schema' => ['description' => 'The alias that you want to delete.'."\n" + ."\n" + .'The value must be 1 to 255 characters in length and must include the alias/ prefix.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'alias/example', 'title' => ''], ], ], 'responses' => [ @@ -2156,97 +1937,49 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '1d2baaf3-d357-46c2-832e-13560c2bd9cd', - ], + 'RequestId' => ['description' => 'The ID of the request.'."\n", 'type' => 'string', 'example' => '4c8ae23f-3a42-6791-a4ba-1faa77831c28', 'title' => ''], ], + 'description' => '', + 'title' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"1d2baaf3-d357-46c2-832e-13560c2bd9cd\\"\\n}","errorExample":""},{"type":"xml","example":"<CreateAliasResponse>\\n <RequestId>1d2baaf3-d357-46c2-832e-13560c2bd9cd</RequestId>\\n</CreateAliasResponse>","errorExample":""}]', - 'title' => 'CreateAlias', - 'summary' => 'Creates an alias for a key.', - 'description' => '* Each alias can be bound to only one CMK at a time.'."\n" - .'* The aliases of CMKs in the same region must be unique.'."\n" - ."\n" - .'In this topic, an alias named `alias/example` is created for a CMK named `7906979c-8e06-46a2-be2d-68e3ccbc****`.', + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"4c8ae23f-3a42-6791-a4ba-1faa77831c28\\"\\n}","errorExample":""},{"type":"xml","example":"<KMS>\\r\\n <RequestId>4c8ae23f-3a42-6791-a4ba-1faa77831c28</RequestId>\\r\\n</KMS>","errorExample":""}]', + 'title' => 'DeleteAlias', + 'summary' => 'Deletes an alias.', 'requestParamsDescription' => ' ', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', + 'changeSet' => [], ], - 'ListAliases' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'DeleteApplicationAccessPoint' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'read', + 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'get', - 'abilityTreeCode' => '54587', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', - ], - 'tenantRelevance' => 'publicInformation', + 'operationType' => 'delete', + 'abilityTreeCode' => '54649', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], ], 'parameters' => [ [ - 'name' => 'PageNumber', - 'in' => 'query', - 'schema' => [ - 'description' => 'The number of the page to return.'."\n" - ."\n" - .'Pages start from page 1.'."\n" - ."\n" - .'Default value: 1.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'example' => '1', - ], - ], - [ - 'name' => 'PageSize', + 'name' => 'Name', 'in' => 'query', - 'schema' => [ - 'description' => 'The number of entries to return on each page.'."\n" - ."\n" - .'Valid values: 0 to 100.'."\n" - ."\n" - .'Default value: 10.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'example' => '10', - ], + 'schema' => ['description' => 'The name of the AAP that you want to delete.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'aap_test', 'title' => ''], ], ], 'responses' => [ @@ -2254,143 +1987,53 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => '1b57992c-834b-4811-a889-f8bac1ba0353', - ], - 'PageNumber' => [ - 'description' => 'The page number of the returned page.', - 'type' => 'integer', - 'format' => 'int32', - 'example' => '1', - ], - 'PageSize' => [ - 'description' => 'The number of entries returned per page.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '10', - ], - 'TotalCount' => [ - 'description' => 'The total number of returned aliases.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '1', - ], - 'Aliases' => [ - 'type' => 'object', - 'itemNode' => true, - 'properties' => [ - 'Alias' => [ - 'description' => 'The alias of the user.'."\n", - 'type' => 'array', - 'items' => [ - 'type' => 'object', - 'properties' => [ - 'KeyId' => [ - 'description' => 'The CMK to which the alias belongs.'."\n", - 'type' => 'string', - 'example' => '08c33a6f-4e0a-4a1b-a3fa-7ddfa1d****', - ], - 'AliasArn' => [ - 'description' => 'The Alibaba Cloud Resource Name (ARN) of the alias.'."\n", - 'type' => 'string', - 'example' => 'acs:kms:cn-hangzhou:123456:alias/ExampleAlias1', - ], - 'AliasName' => [ - 'description' => 'The ID of the alias.'."\n", - 'type' => 'string', - 'example' => 'alias/ExampleAlias1', - ], - ], - ], - ], - ], - ], + 'RequestId' => ['description' => 'The ID of the request. This ID is a unique identifier generated by Alibaba Cloud for the request. You can use this ID to troubleshoot issues.', 'type' => 'string', 'example' => 'bcfefe15-46f0-44a3-bd96-3d422474b71a', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"1b57992c-834b-4811-a889-f8bac1ba0353\\",\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 1,\\n \\"Aliases\\": {\\n \\"Alias\\": [\\n {\\n \\"KeyId\\": \\"key-hzz6****\\",\\n \\"AliasArn\\": \\"acs:kms:cn-hangzhou:123456:alias/ExampleAlias1\\",\\n \\"AliasName\\": \\"alias/ExampleAlias1\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListAliasesResponse>\\n <RequestId>1b57992c-834b-4811-a889-f8bac1ba0353</RequestId>\\n <PageNumber>1</PageNumber>\\n <PageSize>10</PageSize>\\n <TotalCount>1</TotalCount>\\n <Aliases>\\n <KeyId>key-hzz6****</KeyId>\\n <AliasArn>acs:kms:cn-hangzhou:123456:alias/ExampleAlias1</AliasArn>\\n <AliasName>alias/ExampleAlias1</AliasName>\\n </Aliases>\\n</ListAliasesResponse>","errorExample":""}]', - 'title' => 'ListAliases', - 'summary' => 'Queries all aliases in the current region for the current account.', - 'requestParamsDescription' => ' ', - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', - ], - 'ListAliasesByKeyId' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'title' => 'DeleteApplicationAccessPoint', + 'summary' => 'Deletes an application access point (AAP).', + 'description' => '- For information about the access policy that a RAM user or RAM role requires to call this operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- Before you delete an AAP, make sure that it is no longer in use. If you delete an AAP that is in use, related applications cannot access KMS. Proceed with caution.', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"bcfefe15-46f0-44a3-bd96-3d422474b71a\\"\\n}","type":"json"}]', + ], + 'DeleteClientKey' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'read', + 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'get', + 'operationType' => 'delete', + 'abilityTreeCode' => '54636', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], ], 'parameters' => [ [ - 'name' => 'KeyId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The globally unique ID of the CMK.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '1234abcd-12ab-34cd-56ef-12345678****', - ], - ], - [ - 'name' => 'PageNumber', - 'in' => 'query', - 'schema' => [ - 'description' => 'The number of the page to return.'."\n" - ."\n" - .'Valid values: an integer that is greater than 0.'."\n" - ."\n" - .'Default value: 1.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'example' => '1', - ], - ], - [ - 'name' => 'PageSize', + 'name' => 'ClientKeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The number of entries to return on each page.'."\n" - ."\n" - .'Valid values: 0 to 101.'."\n" - ."\n" - .'Default value: 10'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'example' => '10', - ], + 'schema' => ['description' => 'The ID of the client key.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'KAAP.66abf237-63f6-4625-b8cf-47e1086e****', 'title' => ''], ], ], 'responses' => [ @@ -2398,92 +2041,36 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '1b57992c-834b-4811-a889-f8bac1ba0353', - ], - 'PageNumber' => [ - 'description' => 'The page number of the returned page.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '1', - ], - 'PageSize' => [ - 'description' => 'The number of entries returned per page.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '10', - ], - 'TotalCount' => [ - 'description' => 'The total number of returned CMKs.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '1', - ], - 'Aliases' => [ - 'type' => 'object', - 'itemNode' => true, - 'properties' => [ - 'Alias' => [ - 'description' => 'An array that consists of aliases.'."\n", - 'type' => 'array', - 'items' => [ - 'type' => 'object', - 'properties' => [ - 'KeyId' => [ - 'description' => 'The CMK to which an alias is bound.'."\n", - 'type' => 'string', - 'example' => '08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****', - ], - 'AliasArn' => [ - 'description' => 'The Alibaba Cloud Resource Name (ARN) of the alias.'."\n", - 'type' => 'string', - 'example' => 'acs:kms:cn-hangzhou:123456:alias/ExampleAlias1', - ], - 'AliasName' => [ - 'description' => 'The ID of the alias.'."\n", - 'type' => 'string', - 'example' => 'alias/ExampleAlias1', - ], - ], - ], - ], - ], - ], + 'RequestId' => ['description' => 'The request ID. This is a unique identifier that Alibaba Cloud generates for the request. Use this ID to troubleshoot and locate issues.', 'type' => 'string', 'example' => '2312e45f-b2fa-4c34-ad94-3eca50932916', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"1b57992c-834b-4811-a889-f8bac1ba0353\\",\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 1,\\n \\"Aliases\\": {\\n \\"Alias\\": [\\n {\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"AliasArn\\": \\"acs:kms:cn-hangzhou:123456:alias/ExampleAlias1\\",\\n \\"AliasName\\": \\"alias/ExampleAlias1\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListAliasesByKeyIdResponse>\\n <RequestId>1b57992c-834b-4811-a889-f8bac1ba0353</RequestId>\\n <PageNumber>1</PageNumber>\\n <PageSize>10</PageSize>\\n <TotalCount>1</TotalCount>\\n <Aliases>\\n <KeyId>key-hzz630494463ejqjx****</KeyId>\\n <AliasArn>acs:kms:cn-hangzhou:123456:alias/ExampleAlias1</AliasArn>\\n <AliasName>alias/ExampleAlias1</AliasName>\\n </Aliases>\\n</ListAliasesByKeyIdResponse>","errorExample":""}]', - 'title' => 'ListAliasesByKeyId', - 'summary' => 'Queries all aliases that are bound to a key.', - 'requestParamsDescription' => ' ', - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', - ], - 'DeleteAlias' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'title' => 'DeleteClientKey', + 'summary' => 'Deletes a client key.', + 'description' => '- For information about the access policy required for a RAM user or RAM role to call this API operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- Before you delete a ClientKey, make sure that it is no longer in use. Deleting a ClientKey that is in use prevents related applications from accessing KMS. Proceed with caution.', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"2312e45f-b2fa-4c34-ad94-3eca50932916\\"\\n}","type":"json"}]', + ], + 'DeleteKeyMaterial' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -2491,22 +2078,12 @@ ], 'operationType' => 'write', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'delete', - ], + 'systemTags' => ['operationType' => 'delete'], 'parameters' => [ [ - 'name' => 'AliasName', + 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The alias that you want to delete.'."\n" - ."\n" - .'The value must be 1 to 255 characters in length and must include the alias/ prefix.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'alias/example', - ], + 'schema' => ['description' => 'The globally unique ID of the CMK.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '1234abcd-12ab-34cd-56ef-12345678****', 'title' => ''], ], ], 'responses' => [ @@ -2514,44 +2091,43 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => '4c8ae23f-3a42-6791-a4ba-1faa77831c28', - ], + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '4162a6af-bc99-40b3-a552-89dcc8aaf7c8', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"4c8ae23f-3a42-6791-a4ba-1faa77831c28\\"\\n}","errorExample":""},{"type":"xml","example":"<KMS>\\r\\n <RequestId>4c8ae23f-3a42-6791-a4ba-1faa77831c28</RequestId>\\r\\n</KMS>","errorExample":""}]', - 'title' => 'DeleteAlias', - 'summary' => 'Deletes an alias.', + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"4162a6af-bc99-40b3-a552-89dcc8aaf7c8\\"\\n}","type":"json"}]', + 'title' => 'DeleteKeyMaterial', + 'summary' => 'Deletes the imported key material from a CMK. After deletion, the CMK enters the PendingImport state until you re-import key material.', + 'description' => 'This operation does not delete the CMK that is created by using the key material.'."\n" + ."\n" + .'If the CMK is in the PendingDeletion state, the state of the CMK and the scheduled deletion time do not change after you call this operation. If the CMK is not in the PendingDeletion state, the state of the CMK changes to PendingImport after you call this operation.'."\n" + ."\n" + .'After you delete the key material, you can upload only the same key material into the CMK.'."\n" + ."\n" + .'For more information about the access policy required by a RAM user or RAM role to call this API, see [Resource Access Management](~~2767210~~).', 'requestParamsDescription' => ' ', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'UpdateAlias' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'DeleteNetworkRule' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -2560,32 +2136,16 @@ 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'update', + 'operationType' => 'delete', + 'abilityTreeCode' => '54647', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], + 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ - 'name' => 'KeyId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '1234abcd-12ab-34cd-56ef-12345678****', - ], - ], - [ - 'name' => 'AliasName', + 'name' => 'Name', 'in' => 'query', - 'schema' => [ - 'description' => 'The alias that you want to bind.'."\n" - ."\n" - .'The value must be 1 to 255 characters in length and must include the alias/ prefix.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'alias/example', - ], + 'schema' => ['description' => 'The name of the network control rule to delete.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'networkrule_test', 'title' => ''], ], ], 'responses' => [ @@ -2593,76 +2153,53 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '1d2baaf3-d357-46c2-832e-13560c2bd9cd', - ], + 'RequestId' => ['description' => 'The ID of the request. This ID is generated by Alibaba Cloud and is unique for each request. You can use it to troubleshoot issues.', 'type' => 'string', 'example' => '3bf02f7a-015b-4f93-be0f-cc043fda2d4', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], - 'errorCodes' => [], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"1d2baaf3-d357-46c2-832e-13560c2bd9cd\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateAliasResponse>\\n <RequestId>1d2baaf3-d357-46c2-832e-13560c2bd9cd</RequestId>\\n</UpdateAliasResponse>","errorExample":""}]', - 'title' => 'UpdateAlias', - 'summary' => 'Binds an existing alias to a different customer master key (CMK) ID.', - 'requestParamsDescription' => ' ', - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', - ], - 'GetParametersForImport' => [ - 'methods' => [ - 'post', - 'get', + 'errorCodes' => [ + 400 => [ + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], + ], + 404 => [ + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ], ], - 'schemes' => [ - 'https', + 'title' => 'DeleteNetworkRule', + 'summary' => 'Deletes a network access rule.', + 'description' => '- For information about the access policy that is required to call this OpenAPI as a Resource Access Management (RAM) user or RAM role, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- Before deleting the network control rule, ensure that it is not attached to any access policies. Otherwise, related applications cannot access KMS as expected.', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"3bf02f7a-015b-4f93-be0f-cc043fda2d4\\"\\n}","type":"json"}]', + ], + 'DeletePolicy' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'read', + 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'get', + 'operationType' => 'delete', + 'abilityTreeCode' => '54645', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], ], 'parameters' => [ [ - 'name' => 'KeyId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The globally unique ID of the CMK.'."\n" - ."\n" - .'> You can import key material only for CMKs whose Origin parameter is set to EXTERNAL.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '202b9877-5a25-46e3-a763-e20791b5****', - ], - ], - [ - 'name' => 'WrappingAlgorithm', - 'in' => 'query', - 'schema' => [ - 'description' => 'The algorithm that is used to encrypt key material.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'RSAES_PKCS1_V1_5', - ], - ], - [ - 'name' => 'WrappingKeySpec', + 'name' => 'Name', 'in' => 'query', - 'schema' => [ - 'description' => 'The type of the public key that is used to encrypt key material.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'RSA_2048', - ], + 'schema' => ['description' => 'The name of the permission policy that you want to delete.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'policy_test', 'title' => ''], ], ], 'responses' => [ @@ -2670,150 +2207,70 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'KeyId' => [ - 'description' => 'The globally unique ID of the CMK.'."\n" - ."\n" - .'The value of this parameter is required when you call the [ImportKeyMaterial](~~68622~~) operation.'."\n", - 'type' => 'string', - 'example' => '202b9877-5a25-46e3-a763-e20791b5****', - ], - 'ImportToken' => [ - 'description' => 'The token that is used to import key material.'."\n" - ."\n" - .'The token is valid for 24 hours. The value of this parameter is required when you call the [ImportKeyMaterial](~~68622~~) operation.'."\n", - 'type' => 'string', - 'example' => 'Base64String', - ], - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '8cdf51fd-bcd6-d79a-0ef4-e52c9b5466dc', - ], - 'TokenExpireTime' => [ - 'description' => 'The time when the token expires.'."\n", - 'type' => 'string', - 'example' => '2018-01-25T00:01:02Z', - ], - 'PublicKey' => [ - 'description' => 'The public key that is used to encrypt key material.'."\n" - ."\n" - .'The public key is Base64-encoded.'."\n", - 'type' => 'string', - 'example' => 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlls4uIBxD0GG84C+lGBO6Dhpf1J3XimC6cPmPNaKKJMOzoX4tD+C+r7aZv8lZ3vnPfxuxvy/YwG+whUxTEEFUdqJTOIzhPfYucupqKM92crVHIuG+xtMVeHKjyTr+UrtKCsQikqHT+19yDRN/RMoo2HUx0gmEnRyXd8t3JyUXun9FdoxKA08GrsV7nodb9ZsoBLhnev7tTLcXvLyKW6XG1ZQCQm6dPnbnwLeDXR7uK0Lqn9PM28mBIdaiQUQxj2XbM1CoJA+JiyVX3Ptdb+4rqukb4Rb05B80Bs9xV/cf7FIku08l7xGhrGiQFq+DFXwQWtwihXHZxz3LhldU+4ZPwID****', - ], + 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '00a26a33-d992-42f3-9012-5fd12764430f', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'Unsupported.Origin', - 'errorMessage' => 'This key origin is not valid for this api', - ], - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyId\\": \\"202b9877-5a25-46e3-a763-e20791b5****\\",\\n \\"ImportToken\\": \\"Base64String\\",\\n \\"RequestId\\": \\"8cdf51fd-bcd6-d79a-0ef4-e52c9b5466dc\\",\\n \\"TokenExpireTime\\": \\"2018-01-25T00:01:02Z\\",\\n \\"PublicKey\\": \\"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlls4uIBxD0GG84C+lGBO6Dhpf1J3XimC6cPmPNaKKJMOzoX4tD+C+r7aZv8lZ3vnPfxuxvy/YwG+whUxTEEFUdqJTOIzhPfYucupqKM92crVHIuG+xtMVeHKjyTr+UrtKCsQikqHT+19yDRN/RMoo2HUx0gmEnRyXd8t3JyUXun9FdoxKA08GrsV7nodb9ZsoBLhnev7tTLcXvLyKW6XG1ZQCQm6dPnbnwLeDXR7uK0Lqn9PM28mBIdaiQUQxj2XbM1CoJA+JiyVX3Ptdb+4rqukb4Rb05B80Bs9xV/cf7FIku08l7xGhrGiQFq+DFXwQWtwihXHZxz3LhldU+4ZPwID****\\"\\n}","errorExample":""},{"type":"xml","example":"<GetParametersForImportResponse>\\n <KeyId>202b9877-5a25-46e3-a763-e20791b5****</KeyId>\\n <ImportToken>Base64String</ImportToken>\\n <RequestId>8cdf51fd-bcd6-d79a-0ef4-e52c9b5466dc</RequestId>\\n <TokenExpireTime>2018-01-25T00:01:02Z</TokenExpireTime>\\n <PublicKey>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlls4uIBxD0GG84C+lGBO6Dhpf1J3XimC6cPmPNaKKJMOzoX4tD+C+r7aZv8lZ3vnPfxuxvy/YwG+whUxTEEFUdqJTOIzhPfYucupqKM92crVHIuG+xtMVeHKjyTr+UrtKCsQikqHT+19yDRN/RMoo2HUx0gmEnRyXd8t3JyUXun9FdoxKA08GrsV7nodb9ZsoBLhnev7tTLcXvLyKW6XG1ZQCQm6dPnbnwLeDXR7uK0Lqn9PM28mBIdaiQUQxj2XbM1CoJA+JiyVX3Ptdb+4rqukb4Rb05B80Bs9xV/cf7FIku08l7xGhrGiQFq+DFXwQWtwihXHZxz3LhldU+4ZPwID****</PublicKey>\\n</GetParametersForImportResponse>","errorExample":""}]', - 'title' => 'GetParametersForImport', - 'summary' => 'Queries the parameters that are used to import key material for a customer master key (CMK).', - 'description' => 'The returned parameters can be used to call the [ImportKeyMaterial](https://www.alibabacloud.com/help/en/key-management-service/latest/importkeymaterial) operation.'."\n" - .'- You can import key material only for CMKs whose Origin parameter is set to EXTERNAL.'."\n" - .'- The public key and token that are returned by the GetParametersForImport operation must be used together. The public key and token can be used to import key material only for the CMK that is specified when you call the operation.'."\n" - .'- The public key and token that are returned vary each time you call the GetParametersForImport operation.'."\n" - .'- You must specify the type of the public key and the encryption algorithm that are used to encrypt key material. The following table lists the types of public keys and the encryption algorithms allowed for each type. '."\n" - ."\n" - .'| Public key type | Encryption algorithm | Description |'."\n" - .'| --------------- | -------------------- | ----------- |'."\n" - .'| RSA_2048 | RSAES_PKCS1_V1_5 '."\n" - ."\n" - .'RSAES_OAEP_SHA_1 '."\n" - ."\n" - .'RSAES_OAEP_SHA_256 | CMKs of all regions and all protection levels are supported. '."\n" - ."\n" - .'Dedicated Key Management Service (KMS) does not support RSAES_OAEP_SHA_1. |'."\n" - .'| EC_SM2 | SM2PKE | CMKs whose ProtectionLevel is set to HSM are supported. The SM2 algorithm is developed and approved by the State Cryptography Administration of China. The SM2 algorithm can be used only to import key material for a CMK whose ProtectionLevel is set to HSM. You can use the SM2 algorithm only when you enable the Managed HSM feature for KMS in the Chinese mainland. For more information, see [Overview of Managed HSM](https://www.alibabacloud.com/help/en/key-management-service/latest/managed-hsm-overview). |'."\n" - .'For more information, see [Import key material](https://www.alibabacloud.com/help/en/key-management-service/latest/import-key-material). This topic provides an example on how to query the parameters that are used to import key material for a CMK. The ID of the CMK is `1234abcd-12ab-34cd-56ef-12345678****`, the encryption algorithm is `RSAES_PKCS1_V1_5`, and the public key is of the `RSA_2048` type. The parameters that are returned include the ID of the CMK, the public key that is used to encrypt the key material, the token that is used to import the key material, and the time when the token expires.', - 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', - ], - 'ImportKeyMaterial' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"00a26a33-d992-42f3-9012-5fd12764430f\\"\\n}","errorExample":""},{"type":"xml","example":"<DeletePolicyResponse>\\n <RequestId>00a26a33-d992-42f3-9012-5fd12764430f</RequestId>\\n</DeletePolicyResponse>","errorExample":""}]', + 'title' => 'DeletePolicy', + 'summary' => 'Deletes a permission policy.', + 'description' => 'Before you delete a permission policy, make sure that the permission policy is not associated with application access points (AAPs). Otherwise, related applications cannot access Key Management Service (KMS).'."\n", + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'DeleteSecret' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'readAndWrite', + 'operationType' => 'write', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'update', - ], + 'systemTags' => ['operationType' => 'delete'], 'parameters' => [ [ - 'name' => 'KeyId', + 'name' => 'SecretName', 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the CMK to be imported.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '1234abcd-12ab-34cd-56ef-12345678****', - ], + 'schema' => ['description' => 'The name of the secret.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'secret001', 'title' => ''], ], [ - 'name' => 'EncryptedKeyMaterial', - 'in' => 'query', - 'schema' => [ - 'description' => 'Use **GetParametersForImport** the Returned public key and the base64-encoded key material.', - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'bCPZx7I6v6KXsqEpr2OXKxuj2CCRtKdwp75Bw+BGncYqBdfjFBYRtOE6HRlT0oeiRDWzwnw9OA54OL36smDJrq4Lo9x0CyYDiuKnRkcKtMtlzW0din7Pd7IlZWWRdVueiw2qpzl7PkUWQGTdsdbzpfJJQ+qj/cRIrk/E83UGyeyytSpgnb+lu0xEYcPajRyWNsbi98N3pqqQzHXNNHO2NJqHlnQgglqTiBEjkGeKFhfKmTc3vjulIdVa3EaVIN6lwWfgx+UUYSrvbA77WDYKlDsZ4SbK2/T7za9Tp1qU7Ynqba7OKGVVj7PMbiaO80AxWZnjUMYCgEp5w7V+seOXqw==', - ], - ], - [ - 'name' => 'ImportToken', + 'name' => 'ForceDeleteWithoutRecovery', 'in' => 'query', 'schema' => [ - 'description' => 'By calling **GetParametersForImport** the import token.', + 'description' => 'Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered.'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'* **true**'."\n" + .'* **false** (default value)'."\n", 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'Base64String', + 'required' => false, + 'example' => 'false', + 'default' => 'false', + 'enum' => ['false', 'true'], + 'title' => '', ], ], [ - 'name' => 'KeyMaterialExpireUnix', + 'name' => 'RecoveryWindowInDays', 'in' => 'query', - 'schema' => [ - 'description' => 'The time when the key material expires.'."\n" - ."\n" - .'If this parameter is not specified or set this parameter to 0, the key material does not expire.'."\n" - ."\n" - .'> The value cannot be earlier than the time when the API is called (based on the server time).', - 'type' => 'integer', - 'format' => 'int64', - 'required' => true, - 'docRequired' => true, - 'example' => '0', - ], + 'schema' => ['description' => 'Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. Unit: Days.'."\n", 'type' => 'string', 'required' => false, 'docRequired' => false, 'example' => '10', 'default' => '30', 'title' => ''], ], ], 'responses' => [ @@ -2821,179 +2278,126 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => 'ec1017cf-ead4-f3ca-babc-c3b34f3dbecb', - ], + 'SecretName' => ['description' => 'The name of the secret.'."\n", 'type' => 'string', 'example' => 'secret001', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", 'type' => 'string', 'example' => '38bbed2a-15e0-45ad-98d4-816ad2ccf4ea', 'title' => ''], + 'PlannedDeleteTime' => ['description' => 'The time when the secret is scheduled to be deleted.'."\n", 'type' => 'string', 'example' => '2022-09-15T07:02:14Z', 'title' => ''], ], + 'description' => '', + 'title' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidKeyMaterial', - 'errorMessage' => 'key material is invalid', - ], - [ - 'errorCode' => 'InvalidImportToken', - 'errorMessage' => 'import token is invalid', - ], - [ - 'errorCode' => 'ExpiredImportToken', - 'errorMessage' => 'import token is expired', - ], - [ - 'errorCode' => 'Unsupported.Origin', - 'errorMessage' => 'This key origin is not valid for this api', - ], - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'Forbidden.ResourceNotFound', 'errorMessage' => 'Resource not found', 'description' => ''], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ], + 409 => [ + ['errorCode' => 'Rejected.ResourceInDeleteWindow', 'errorMessage' => 'secret in delete peroid', 'description' => ''], + ], + 500 => [ + ['errorCode' => 'InternalFailure', 'errorMessage' => 'Internal Failure', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"ec1017cf-ead4-f3ca-babc-c3b34f3dbecb\\"\\n}","errorExample":"//xml response\\n<KMS>\\n <RequestId>ec1017cf-ead4-f3ca-babc-c3b34f3dbecb</RequestId>\\n</KMS>\\n"},{"type":"xml","example":"<KMS>\\n <RequestId>ec1017cf-ead4-f3ca-babc-c3b34f3dbecb</RequestId>\\n</KMS>","errorExample":"//json response\\n{\\n \\"RequestId\\":\\"ec1017cf-ead4-f3ca-babc-c3b34f3dbecb\\"\\n}\\n"}]', - 'title' => 'ImportKeyMaterial', - 'summary' => 'Call the ImportKeyMaterial operation to import the key material.', - 'description' => 'Call [CreateKey](~~28947~~) when creating a CMK, you can select its key material source as external. **Origin** set to **EXTERNAL**. This API is used to import the key material into the CMK.'."\n" - ."\n" - .'* To view the CMK **Origin**, see [DescribeKey](~~28952~~).'."\n" - .'* Before importing key material, you need to call the [GetParametersForImport](~~68621~~) obtain the parameters required to import the key material, including the public key and import token.'."\n" + 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretName\\": \\"secret001\\",\\n \\"RequestId\\": \\"38bbed2a-15e0-45ad-98d4-816ad2ccf4ea\\",\\n \\"PlannedDeleteTime\\": \\"2022-09-15T07:02:14Z\\"\\n}","errorExample":""},{"type":"xml","example":"<DeleteSecretResponse>\\n <SecretName>secret001</SecretName>\\n <RequestId>38bbed2a-15e0-45ad-98d4-816ad2ccf4ea</RequestId>\\n <PlannedDeleteTime>2022-09-15T07:02:14Z</PlannedDeleteTime>\\n</DeleteSecretResponse>","errorExample":""}]', + 'title' => 'DeleteSecret', + 'summary' => 'Deletes a secret.', + 'description' => 'If you call this operation without specifying a recovery period, the deleted secret can be recovered within 30 days.'."\n" ."\n" - .'> * The key type of the pair is **Aliyun\\_AES\\_256** the key material must be 256 bits. The key type must be **Aliyun\\_SM4** the CMK and key material must be 128 bits.'."\n" - .'> * You can set the expiration time for the key material, or you can set it to never expire.'."\n" - .'> * You can reimport the key material and reset the expiration time for the specified CMK at any time, but the same key material must be imported.'."\n" - .'> * After the imported key material expires or is deleted, the specified CMK is unavailable until the same key material are imported again.'."\n" - .'> * A Key material can be imported to multiple cmks, but any Data or Data Key encrypted by one CMK cannot be decrypted by another CMK.', + .'If you specify a recovery period, the deleted secret can be recovered within the recovery period. You can also forcibly delete a secret. A forcibly deleted secret cannot be recovered.'."\n", 'requestParamsDescription' => ' ', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', + 'changeSet' => [], ], - 'DeleteKeyMaterial' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'DescribeAccountKmsStatus' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'write', + 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'delete', - ], - 'parameters' => [ - [ - 'name' => 'KeyId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The globally unique ID of the CMK.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '1234abcd-12ab-34cd-56ef-12345678****', - ], - ], + 'operationType' => 'get', + 'abilityTreeCode' => '54556', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], + 'tenantRelevance' => 'publicInformation', ], + 'parameters' => [], 'responses' => [ 200 => [ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => '4162a6af-bc99-40b3-a552-89dcc8aaf7c8', - ], + 'AccountStatus' => ['description' => 'The status of KMS within your Alibaba cloud account. Valid values:'."\n" + ."\n" + .'- Enabled: KMS is enabled.'."\n" + ."\n" + .'- NotEnabled: KMS is disabled.'."\n" + ."\n" + .'- InDebt: Your account is overdue, and KMS stops providing services.'."\n" + ."\n" + .'> If your Alibaba Cloud account is overdue, top up your account at the earliest opportunity to avoid impacts on your services.'."\n" + ."\n" + .'- Suspended: KMS is suspended.', 'type' => 'string', 'example' => 'Enabled', 'title' => ''], + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '3ac84333-d64d-4784-a8bc-997834a7ac6c', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], - 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + 403 => [ + ['errorCode' => 'Forbidden.NoPermission', 'errorMessage' => 'This operation is forbidden by permission system.', 'description' => ''], + ], + [ + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"4162a6af-bc99-40b3-a552-89dcc8aaf7c8\\"\\n}","errorExample":"//xml response\\n<KMS>\\n <RequestId>4162a6af-bc99-40b3-a552-89dcc8aaf7c8</RequestId>\\n</KMS>\\n"},{"type":"xml","example":"<KMS>\\r\\n <RequestId>4162a6af-bc99-40b3-a552-89dcc8aaf7c8</RequestId>\\r\\n</KMS>","errorExample":"//json response\\n{\\n \\"RequestId\\": \\"4162a6af-bc99-40b3-a552-89dcc8aaf7c8\\"\\n}\\n"}]', - 'title' => 'DeleteKeyMaterial', - 'summary' => 'Deletes the key material that you imported.', - 'description' => 'This operation does not delete the CMK that is created by using the key material.'."\n" - ."\n" - .'If the CMK is in the PendingDeletion state, the state of the CMK and the scheduled deletion time do not change after you call this operation. If the CMK is not in the PendingDeletion state, the state of the CMK changes to PendingImport after you call this operation.'."\n" - ."\n" - .'After you delete the key material, you can upload only the same key material into the CMK.', + 'title' => 'DescribeAccountKmsStatus', + 'summary' => 'Queries the status of Key Management Service (KMS) within your Alibaba Cloud account.', + 'description' => 'For more information about the access policy required by a RAM user or RAM role to call this API, see [Resource Access Management](~~2767210~~).', 'requestParamsDescription' => ' ', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'ScheduleKeyDeletion' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"AccountStatus\\": \\"Enabled\\",\\n \\"RequestId\\": \\"3ac84333-d64d-4784-a8bc-997834a7ac6c\\"\\n}","type":"json"}]', + ], + 'DescribeApplicationAccessPoint' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'write', + 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'update', + 'operationType' => 'get', + 'abilityTreeCode' => '54652', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], + 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ - 'name' => 'KeyId', + 'name' => 'Name', 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the customer master key (CMK). The ID must be globally unique.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '7906979c-8e06-46a2-be2d-68e3ccbc****', - ], - ], - [ - 'name' => 'PendingWindowInDays', - 'in' => 'query', - 'schema' => [ - 'description' => 'The scheduled period after which the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the key deletion task.'."\n" - ."\n" - .'Valid values: 7 to 366.'."\n" - ."\n" - .'Unit: days.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'required' => true, - 'maximum' => '366', - 'minimum' => '7', - 'example' => '7', - ], + 'schema' => ['description' => 'The name of the application access point (AAP) to query.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'aap_test', 'title' => ''], ], ], 'responses' => [ @@ -3001,270 +2405,249 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '3da5b8cc-8107-40ac-a170-793cd181d7b7', - ], + 'RequestId' => ['description' => 'The ID of the request. Alibaba Cloud generates a unique ID for each request. Use this ID to troubleshoot issues.', 'type' => 'string', 'example' => 'bcfefe15-46f0-44a3-bd96-3d422474b71a', 'title' => ''], + 'Arn' => ['description' => 'The Alibaba Cloud Resource Name (ARN) of the AAP.', 'type' => 'string', 'example' => 'acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test', 'title' => ''], + 'Name' => ['description' => 'The name of the AAP.', 'type' => 'string', 'example' => 'aap_test', 'title' => ''], + 'Description' => ['description' => 'The description.', 'type' => 'string', 'example' => 'aap description', 'title' => ''], + 'AuthenticationMethod' => ['description' => 'The authentication method.', 'type' => 'string', 'example' => 'ClientKey', 'title' => ''], + 'Policies' => ['description' => 'The attached access policies.', 'type' => 'string', 'example' => '["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3da5b8cc-8107-40ac-a170-793cd181d7b7\\"\\n}","errorExample":""},{"type":"xml","example":"<ScheduleKeyDeletionResponse>\\n <RequestId>3da5b8cc-8107-40ac-a170-793cd181d7b7</RequestId>\\n</ScheduleKeyDeletionResponse>","errorExample":""}]', - 'title' => 'ScheduleKeyDeletion', - 'summary' => 'Deletes a specified customer master key (CMK).', - 'description' => 'During the scheduled period, the CMK is in the PendingDeletion state and cannot be used to encrypt data, decrypt data, or generate data keys.'."\n" - ."\n" - .'After a CMK is deleted, it cannot be recovered. Data that is encrypted and data keys that are generated by using the CMK cannot be decrypted. To prevent accidental deletion of CMKs, Key Management Service (KMS) allows you to only schedule key deletion tasks. You cannot directly delete CMKs. If you want to delete a CMK, call the [DisableKey](~~35151~~) operation to disable the CMK.'."\n" - ."\n" - .'When you call this operation, you must specify a scheduled period between 7 days to 366 days. The scheduled period starts from the time when you submit the request. You can call the [CancelKeyDeletion](~~44197~~) operation to cancel the key deletion task before the scheduled period ends.'."\n", - 'requestParamsDescription' => ' ', - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', - ], - 'CancelKeyDeletion' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'title' => 'DescribeApplicationAccessPoint', + 'summary' => 'Retrieves the details of an application access point (AAP).', + 'description' => 'For information about the access policy that a Resource Access Management (RAM) user or RAM role must have to call this operation, see [Resource Access Management](~~2767210~~).', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"bcfefe15-46f0-44a3-bd96-3d422474b71a\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test\\",\\n \\"Name\\": \\"aap_test\\",\\n \\"Description\\": \\"aap description\\",\\n \\"AuthenticationMethod\\": \\"ClientKey\\",\\n \\"Policies\\": \\"[\\\\\\"kst-hzz62ee817bvyyr5x****.efkd\\\\\\",\\\\\\"kst-hzz62ee817bvyyr5x****.eyyp\\\\\\"]\\"\\n}","type":"json"}]', + ], + 'DescribeKey' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'write', + 'operationType' => 'read', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'update', - ], + 'systemTags' => ['operationType' => 'get'], 'parameters' => [ [ 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '1234abcd-12ab-34cd-56ef-12345678****', - ], + 'schema' => ['description' => 'The ID of the CMK. The ID must be globally unique.'."\n" + ."\n" + .'You can also set this parameter to an alias that is bound to the CMK. For more information, see [Overview of aliases](~~68522~~).', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'key-hzz630494463ejqjx****', 'title' => ''], ], ], 'responses' => [ 200 => [ + 'headers' => [], 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '3da5b8cc-8107-40ac-a170-793cd181d7b7', + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f', 'title' => ''], + 'KeyMetadata' => [ + 'description' => 'The metadata of the CMK.', + 'type' => 'object', + 'properties' => [ + 'DeletionProtection' => ['description' => 'Indicates whether deletion protection is enabled. Valid values:'."\n" + ."\n" + .'- Enabled'."\n" + ."\n" + .'- Disabled', 'type' => 'string', 'example' => 'Enabled', 'title' => ''], + 'KeyId' => ['description' => 'The ID of the CMK. The ID must be globally unique.', 'type' => 'string', 'example' => 'key-hzz630494463ejqjx****', 'title' => ''], + 'NextRotationDate' => ['description' => 'The time when the next rotation will be performed.'."\n" + ."\n" + .'> This parameter is returned only when the value of the AutomaticRotation parameter is Enabled or Suspended.', 'type' => 'string', 'example' => '2021-07-06T18:22:03Z', 'title' => ''], + 'KeyState' => ['description' => 'The status of the CMK.'."\n" + ."\n" + .'For more information, see [Impact of CMK status on API operations](~~44211~~).', 'type' => 'string', 'example' => 'Enabled', 'title' => ''], + 'RotationInterval' => ['description' => 'The interval for automatic key rotation.'."\n" + ."\n" + .'Unit: seconds.'."\n" + ."\n" + .'For example, if the value is 604800s, automatic key rotation is performed at a 7-day interval.'."\n" + ."\n" + .'> This parameter is returned only when the value of the AutomaticRotation parameter is Enabled or Suspended.', 'type' => 'string', 'example' => '31536000s', 'title' => ''], + 'Arn' => ['description' => 'The Alibaba Cloud Resource Name (ARN) of the CMK.', 'type' => 'string', 'example' => 'acs:kms:cn-hangzhou:154035569884****:key/key-hzz630494463ejqjx****', 'title' => ''], + 'Creator' => ['description' => 'The Alibaba Cloud account that is used to create the CMK.', 'type' => 'string', 'example' => '154035569884****', 'title' => ''], + 'LastRotationDate' => ['description' => 'The time when the last rotation was performed. The time is displayed in UTC. For a new CMK, the value of this parameter is the time when the initial version of the CMK was generated.', 'type' => 'string', 'example' => '2024-05-20T06:34:21Z', 'title' => ''], + 'DeleteDate' => ['description' => 'The time at which the CMK is scheduled for deletion. The time is displayed in UTC.'."\n" + ."\n" + .'For more information, see [ScheduleKeyDeletion](~~44196~~).'."\n" + ."\n" + .'> This parameter is returned only when the value of the KeyState parameter is PendingDeletion.', 'type' => 'string', 'example' => '2024-05-26T18:22:03Z', 'title' => ''], + 'PrimaryKeyVersion' => ['description' => 'The ID of the current primary key version for the symmetric CMK.', 'type' => 'string', 'example' => '515e0b0a-624f-45ab-92b5-54f9b551****', 'title' => ''], + 'Description' => ['description' => 'The description of the CMK.', 'type' => 'string', 'example' => 'key description example', 'title' => ''], + 'KeySpec' => ['description' => 'The type of the CMK.', 'type' => 'string', 'example' => 'Aliyun_AES_256', 'title' => ''], + 'Origin' => ['description' => 'The source of the key material for the CMK.', 'type' => 'string', 'example' => 'Aliyun_KMS', 'title' => ''], + 'MaterialExpireTime' => ['description' => 'The time when the key material expires. The time is displayed in UTC. If this parameter value is empty, the key material does not expire.', 'type' => 'string', 'example' => '2024-07-06T18:22:03Z', 'title' => ''], + 'DeletionProtectionDescription' => ['description' => 'The description of deletion protection.', 'type' => 'string', 'example' => 'The CMK is being used by XXX. Deletion protection is set.', 'title' => ''], + 'AutomaticRotation' => ['description' => 'Indicates whether automatic key rotation is enabled. Valid values:'."\n" + ."\n" + .'- Enabled'."\n" + ."\n" + .'- Disabled'."\n" + ."\n" + .'- Suspended'."\n" + ."\n" + .'For more information, see [Automatic key rotation](~~134270~~).'."\n" + ."\n" + .'> Only symmetric CMKs support automatic key rotation.', 'type' => 'string', 'example' => 'Disabled', 'title' => ''], + 'ProtectionLevel' => ['description' => 'The protection level of the CMK.', 'type' => 'string', 'example' => 'HSM', 'title' => ''], + 'KeyUsage' => ['description' => 'The usage of the CMK.', 'type' => 'string', 'example' => 'ENCRYPT/DECRYPT', 'title' => ''], + 'CreationDate' => ['description' => 'The time when the CMK was created. The time is displayed in UTC.', 'type' => 'string', 'example' => '2024-05-20T06:34:21Z', 'title' => ''], + 'DKMSInstanceId' => ['description' => 'The ID of the dedicated KMS instance.', 'type' => 'string', 'example' => 'kst-bjj62d8f5e0sgtx8h****', 'title' => ''], + ], + 'title' => '', + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], + ['errorCode' => 'Forbidden.AliasNotFound', 'errorMessage' => 'The specified Alias is not found.', 'description' => 'The error message returned because the specified alias does not exist.'], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3da5b8cc-8107-40ac-a170-793cd181d7b7\\"\\n}","errorExample":""},{"type":"xml","example":"<CancelKeyDeletionResponse>\\n <RequestId>3da5b8cc-8107-40ac-a170-793cd181d7b7</RequestId>\\n</CancelKeyDeletionResponse>","errorExample":""}]', - 'title' => 'CancelKeyDeletion', - 'summary' => 'Cancels the deletion task of a CMK.', - 'description' => 'If the deletion task of a CMK is canceled, the CMK returns to the Enabled state.'."\n", + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f\\",\\n \\"KeyMetadata\\": {\\n \\"DeletionProtection\\": \\"Enabled\\",\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"NextRotationDate\\": \\"2021-07-06T18:22:03Z\\",\\n \\"KeyState\\": \\"Enabled\\",\\n \\"RotationInterval\\": \\"31536000s\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:154035569884****:key/key-hzz630494463ejqjx****\\",\\n \\"Creator\\": \\"154035569884****\\",\\n \\"LastRotationDate\\": \\"2024-05-20T06:34:21Z\\",\\n \\"DeleteDate\\": \\"2024-05-26T18:22:03Z\\",\\n \\"PrimaryKeyVersion\\": \\"515e0b0a-624f-45ab-92b5-54f9b551****\\",\\n \\"Description\\": \\"key description example\\",\\n \\"KeySpec\\": \\"Aliyun_AES_256\\",\\n \\"Origin\\": \\"Aliyun_KMS\\",\\n \\"MaterialExpireTime\\": \\"2024-07-06T18:22:03Z\\",\\n \\"DeletionProtectionDescription\\": \\"The CMK is being used by XXX. Deletion protection is set.\\",\\n \\"AutomaticRotation\\": \\"Disabled\\",\\n \\"ProtectionLevel\\": \\"HSM\\",\\n \\"KeyUsage\\": \\"ENCRYPT/DECRYPT\\",\\n \\"CreationDate\\": \\"2024-05-20T06:34:21Z\\",\\n \\"DKMSInstanceId\\": \\"kst-bjj62d8f5e0sgtx8h****\\"\\n }\\n}","type":"json"}]', + 'title' => 'DescribeKey', + 'summary' => 'Queries the metadata of a CMK, such as the key state, usage, and rotation configuration.', + 'description' => 'You can query the information about the CMK `05754286-3ba2-4fa6-8d41-4323aca6****` by using parameter settings provided in this topic. The information includes the creator, creation time, status, and deletion protection status of the CMK.'."\n" + ."\n" + .'For more information about the access policy required by a RAM user or RAM role to call this API, see [Resource Access Management](~~2767210~~).', 'requestParamsDescription' => ' ', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'SetDeletionProtection' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + 'translator' => 'manual', + ], + 'DescribeKeyVersion' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'write', + 'operationType' => 'read', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'update', - 'abilityTreeCode' => '54603', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', - ], - ], + 'systemTags' => ['operationType' => 'get'], 'parameters' => [ [ - 'name' => 'ProtectedResourceArn', - 'in' => 'query', - 'schema' => [ - 'description' => 'The ARN of the CMK for which you want to set deletion protection.'."\n" - ."\n" - .'You can call the [DescribeKey](~~28952~~) operation to query the CMK ARN.'."\n", - 'type' => 'string', - 'required' => false, - 'docRequired' => false, - 'example' => 'acs:kms:cn-hangzhou:123213123****:key/0225f411-b21d-46d1-be5b-93931c82****', - ], - ], - [ - 'name' => 'EnableDeletionProtection', - 'in' => 'query', - 'schema' => [ - 'description' => 'Specifies whether to enable deletion protection. Valid values:'."\n" - ."\n" - .'* true: enables deletion protection.'."\n" - .'* false: disables deletion protection.'."\n", - 'type' => 'boolean', - 'required' => true, - 'docRequired' => true, - 'example' => 'true', - ], - ], - [ - 'name' => 'DeletionProtectionDescription', - 'in' => 'query', - 'schema' => [ - 'description' => 'The description of deletion protection.'."\n" - ."\n" - .'> This parameter takes effect only when you set the EnableDeletionProtection parameter to true.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'This key is being used by XXX service. You are protected from deletion.', - ], - ], - [ 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'type' => 'string', - 'required' => false, - ], + 'schema' => ['description' => 'The globally unique ID of the CMK.'."\n" + ."\n" + .'You can also set this parameter to an alias that is bound to the CMK. For more information, see [Alias overview](~~68522~~).', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'key-hzz630494463ejqjx****', 'title' => ''], ], [ - 'name' => 'KmsInstanceId', + 'name' => 'KeyVersionId', 'in' => 'query', - 'schema' => [ - 'type' => 'string', - ], + 'schema' => ['description' => 'The globally unique ID of the CMK version.'."\n" + ."\n" + .'You can call the [ListKeyVersions](~~133966~~) operation to query the versions of the CMK.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], ], ], 'responses' => [ 200 => [ + 'headers' => [], 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '3455b9b4-95c1-419d-b310-db6a53b09a39', + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '7021b6ec-4be7-4d3c-8a68-1e85d4d515a0', 'title' => ''], + 'KeyVersion' => [ + 'description' => 'The metadata of the CMK version.', + 'type' => 'object', + 'properties' => [ + 'KeyId' => ['description' => 'The globally unique ID of the CMK.'."\n" + ."\n" + .'> If you set the KeyId parameter in the request to an alias of the CMK, the ID of the CMK to which the alias is bound is returned.', 'type' => 'string', 'example' => 'key-hzz630494463ejqjx****', 'title' => ''], + 'KeyVersionId' => ['description' => 'The globally unique ID of the CMK version.', 'type' => 'string', 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], + 'CreationDate' => ['description' => 'The date and time when the CMK version was created. The time is displayed in UTC.', 'type' => 'string', 'example' => '2024-03-25T10:42:40Z', 'title' => ''], + ], + 'title' => '', + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3455b9b4-95c1-419d-b310-db6a53b09a39\\"\\n}","errorExample":""},{"type":"xml","example":"<SetDeletionProtectionResponse>\\n <RequestId>3455b9b4-95c1-419d-b310-db6a53b09a39</RequestId>\\n</SetDeletionProtectionResponse>","errorExample":""}]', - 'title' => 'SetDeletionProtection', - 'summary' => 'Enables or disables deletion protection for a key.', - 'description' => '* After you enable deletion protection for a CMK, you cannot delete the CMK. If you want to delete the CMK, you must first disable deletion protection for the CMK.'."\n" - .'* Before you can call the SetDeletionProtection operation, make sure that the required CMK is not in the Pending Deletion state. You can call the [DescribeKey](~~28952~~) operation to query the CMK status, which is specified by the KeyState parameter.'."\n" + 'errorCodes' => [ + 400 => [ + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], + ], + 404 => [ + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"7021b6ec-4be7-4d3c-8a68-1e85d4d515a0\\",\\n \\"KeyVersion\\": {\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"CreationDate\\": \\"2024-03-25T10:42:40Z\\"\\n }\\n}","type":"json"}]', + 'title' => 'DescribeKeyVersion', + 'summary' => 'Queries the metadata of a specific CMK version.', + 'description' => 'This topic provides an example on how to query the information about a version of the CMK `1234abcd-12ab-34cd-56ef-12345678****`. The ID of the CMK version is `2ab1a983-7072-4bbc-a582-584b5bd8****`. The response shows that the creation time of the CMK version is `2016-03-25T10:42:40Z`.'."\n" ."\n" - .'You can enable deletion protection for the CMK whose Alibaba Cloud Resource Name (ARN) is `acs:kms:cn-hangzhou:123213123****:key/0225f411-b21d-46d1-be5b-93931c82****` by using parameter settings provided in this topic. The CMK ARN is specified by the ProtectedResourceArn parameter.', - 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + .'For more information about the access policy required by a RAM user or RAM role to call this API, see [Resource Access Management](~~2767210~~).', + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'UpdateRotationPolicy' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'DescribeNetworkRule' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'write', + 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'update', + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '189660', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], ], 'parameters' => [ [ - 'name' => 'KeyId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the customer master key (CMK). The ID must be globally unique.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '1234abcd-12ab-34cd-56ef-12345678****', - ], - ], - [ - 'name' => 'EnableAutomaticRotation', - 'in' => 'query', - 'schema' => [ - 'description' => 'Specifies whether to enable automatic key rotation. Valid values:'."\n" - ."\n" - .'* true: enables automatic key rotation.'."\n" - .'* false: disables automatic key rotation.'."\n", - 'type' => 'boolean', - 'required' => true, - 'docRequired' => true, - 'example' => 'true', - ], - ], - [ - 'name' => 'RotationInterval', + 'name' => 'Name', 'in' => 'query', - 'schema' => [ - 'description' => 'The period of automatic key rotation. Specify the value in the integer\\[unit] format. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day period. The period can range from 7 days to 730 days.'."\n" - ."\n" - .'> If you set the EnableAutomaticRotation parameter to true, you must also specify this parameter. If you set the EnableAutomaticRotation parameter to false, you can leave this parameter unspecified.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => '30d', - ], + 'schema' => ['description' => 'The name of the network rule to query.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'networkrule_test', 'title' => ''], ], ], 'responses' => [ @@ -3272,58 +2655,38 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => 'efb1cbbd-a093-4278-bc03-639dd4fcc207', - ], + 'RequestId' => ['description' => 'The ID of the request. Alibaba Cloud generates a unique ID for each request. You can use this ID to troubleshoot issues.', 'type' => 'string', 'example' => '3bf02f7a-015b-4f93-be0f-cc043fda2d33', 'title' => ''], + 'Arn' => ['description' => 'The ARN of the network rule.', 'type' => 'string', 'example' => 'acs:kms:cn-hangzhou:119285303511****:network/networkrule_test', 'title' => ''], + 'Type' => ['description' => 'The network type. The only valid value is Private, which means only private IP addresses are supported.', 'type' => 'string', 'example' => 'Private', 'title' => ''], + 'Description' => ['description' => 'The description.', 'type' => 'string', 'example' => 'Create by kst-hzz62ee817bvyyr5****', 'title' => ''], + 'SourcePrivateIp' => ['description' => 'The private IP addresses or private CIDR blocks.', 'type' => 'string', 'example' => '["192.10.XX.XX","192.168.XX.XX/24"]', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'Rejected.UnsupportedOperation', - 'errorMessage' => 'Unsupported operation.', - ], - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter RotationInterval is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"efb1cbbd-a093-4278-bc03-639dd4fcc207\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateRotationPolicyResponse>\\n <RequestId>efb1cbbd-a093-4278-bc03-639dd4fcc207</RequestId>\\n</UpdateRotationPolicyResponse>","errorExample":""}]', - 'title' => 'UpdateRotationPolicy', - 'summary' => 'Updates a key rotation policy.', - 'description' => 'When automatic key rotation is enabled, KMS automatically creates a key version after the preset rotation period arrives. In addition, KMS sets the new key version as the primary key version.'."\n" - ."\n" - .'An automatic key rotation policy cannot be configured for the following keys:'."\n" - ."\n" - .'* Asymmetric key'."\n" - .'* Service-managed key'."\n" - .'* Bring your own key (BYOK) that is imported into KMS'."\n" - .'* Key that is not in the **Enabled** state'."\n" - ."\n" - .'In this example, automatic key rotation is enabled for a CMK whose ID is `1234abcd-12ab-34cd-56ef-12345678****`. The automatic rotation period is 30 days.', - 'requestParamsDescription' => ' ', - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', - ], - 'DescribeKeyVersion' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'title' => 'DescribeNetworkRule', + 'summary' => 'Retrieves the details of a network access rule.', + 'description' => 'For information about the required access policy for a Resource Access Management (RAM) user or RAM role to call this operation, see [Resource Access Management](~~2767210~~).', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"3bf02f7a-015b-4f93-be0f-cc043fda2d33\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:119285303511****:network/networkrule_test\\",\\n \\"Type\\": \\"Private\\",\\n \\"Description\\": \\"Create by kst-hzz62ee817bvyyr5****\\",\\n \\"SourcePrivateIp\\": \\"[\\\\\\"192.10.XX.XX\\\\\\",\\\\\\"192.168.XX.XX/24\\\\\\"]\\"\\n}","type":"json"}]', + ], + 'DescribePolicy' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -3333,368 +2696,263 @@ 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', + 'abilityTreeCode' => '54643', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], ], 'parameters' => [ [ - 'name' => 'KeyId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The globally unique ID of the CMK.'."\n" - ."\n" - .'You can also set this parameter to an alias that is bound to the CMK. For more information, see [Alias overview](~~68522~~).'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '1234abcd-12ab-34cd-56ef-12345678****', - ], - ], - [ - 'name' => 'KeyVersionId', + 'name' => 'Name', 'in' => 'query', - 'schema' => [ - 'description' => 'The globally unique ID of the CMK version.'."\n" - ."\n" - .'You can call the [ListKeyVersions](~~133966~~) operation to query the versions of the CMK.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], + 'schema' => ['description' => 'The name of the permission policy that you want to query.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'policy_test', 'title' => ''], ], ], 'responses' => [ 200 => [ - 'headers' => [], 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => '7021b6ec-4be7-4d3c-8a68-1e85d4d515a0', + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'f455324b-e229-4066-9f58-9c1cf3fe83a9', 'title' => ''], + 'Arn' => ['description' => 'The Alibaba Cloud Resource Name (ARN) of the permission policy.', 'type' => 'string', 'example' => 'acs:kms:cn-hangzhou:119285303511****:policy/policy_test', 'title' => ''], + 'Name' => ['description' => 'The name of the permission policy.', 'type' => 'string', 'example' => 'policy_test', 'title' => ''], + 'Description' => ['description' => 'The description.', 'type' => 'string', 'example' => 'policy description', 'title' => ''], + 'KmsInstance' => ['description' => 'The scope of the permission policy.', 'type' => 'string', 'example' => 'kst-hzz634e67d126u9p9****', 'title' => ''], + 'Permissions' => [ + 'description' => 'A list of operations that can be performed.', + 'type' => 'array', + 'items' => ['description' => 'The operations that can be performed.', 'type' => 'string', 'example' => '["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]', 'title' => ''], + 'example' => '["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]', + 'title' => '', ], - 'KeyVersion' => [ - 'description' => 'The metadata of the CMK version.'."\n", - 'type' => 'object', - 'properties' => [ - 'KeyId' => [ - 'description' => 'The globally unique ID of the CMK.'."\n" - ."\n" - .'> If you set the KeyId parameter in the request to an alias of the CMK, the ID of the CMK to which the alias is bound is returned.'."\n", - 'type' => 'string', - 'example' => '1234abcd-12ab-34cd-56ef-12345678****', - ], - 'KeyVersionId' => [ - 'description' => 'The globally unique ID of the CMK version.'."\n", - 'type' => 'string', - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], - 'CreationDate' => [ - 'description' => 'The date and time when the CMK version was created. The time is displayed in UTC.'."\n", - 'type' => 'string', - 'example' => '2016-03-25T10:42:40Z', - ], - ], + 'Resources' => [ + 'description' => 'A list of keys and secrets that are allowed to access.', + 'type' => 'array', + 'items' => ['description' => 'The keys and secrets that are allowed to access.', 'type' => 'string', 'example' => '["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]', 'title' => ''], + 'example' => '["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]', + 'title' => '', ], + 'AccessControlRules' => ['description' => 'The network access rule that is associated with the permission policy.', 'type' => 'string', 'example' => '{"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], - 'errorCodes' => [ - 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], - ], - 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], - ], + 'title' => 'DescribePolicy', + 'summary' => 'Retrieves the details of a permission policy.', + 'description' => 'For more information about the access policy required by a RAM user or RAM role to call this API, see [Resource Access Management](~~2767210~~).', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"7021b6ec-4be7-4d3c-8a68-1e85d4d515a0\\",\\n \\"KeyVersion\\": {\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"CreationDate\\": \\"2024-03-25T10:42:40Z\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"<DescribeKeyVersionResponse>\\n <RequestId>7021b6ec-4be7-4d3c-8a68-1e85d4d515a0</RequestId>\\n <KeyVersion>\\n <KeyId>key-hzz630494463ejqjx****</KeyId>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <CreationDate>2024-03-25T10:42:40Z</CreationDate>\\n </KeyVersion>\\n</DescribeKeyVersionResponse>","errorExample":""}]', - 'title' => 'DescribeKeyVersion', - 'summary' => 'Queries the information about a key version.', - 'description' => 'This topic provides an example on how to query the information about a version of the CMK `1234abcd-12ab-34cd-56ef-12345678****`. The ID of the CMK version is `2ab1a983-7072-4bbc-a582-584b5bd8****`. The response shows that the creation time of the CMK version is `2016-03-25T10:42:40Z`.'."\n", - 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"f455324b-e229-4066-9f58-9c1cf3fe83a9\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:119285303511****:policy/policy_test\\",\\n \\"Name\\": \\"policy_test\\",\\n \\"Description\\": \\"policy description\\",\\n \\"KmsInstance\\": \\"kst-hzz634e67d126u9p9****\\",\\n \\"Permissions\\": [\\n \\"[\\\\\\"RbacPermission/Template/CryptoServiceKeyUser\\\\\\", \\\\\\"RbacPermission/Template/CryptoServiceSecretUser\\\\\\"]\\"\\n ],\\n \\"Resources\\": [\\n \\"[\\\\\\"secret/acs/ram/user/ram-secret\\\\\\", \\\\\\"secret/acs/ram/user/acr-master\\\\\\", \\\\\\"key/key-hzz63d9c8d3dfv8cv****\\\\\\"]\\"\\n ],\\n \\"AccessControlRules\\": \\"{\\\\\\"NetworkRules\\\\\\":[\\\\\\"kst-hzz62ee817bvyyr5x****.efkd\\\\\\",\\\\\\"kst-hzz62ee817bvyyr5x****.eyyp\\\\\\"]}\\"\\n}","type":"json"}]', ], - 'CreateKeyVersion' => [ - 'summary' => 'Creates a version for a customer master key (CMK).', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'DescribeRegions' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'write', + 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'create', - ], - 'parameters' => [ - [ - 'name' => 'KeyId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" - ."\n" - .'> You can also set the value to an alias that is bound to the CMK. For more information, see [Overview of aliases](~~68522~~).'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '0b30658a-ed1a-4922-b8f7-a673ca9c****', - ], - ], + 'operationType' => 'get', + 'abilityTreeCode' => '54561', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], + 'tenantRelevance' => 'publicInformation', ], + 'parameters' => [], 'responses' => [ 200 => [ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => 'b96f250a-4b75-498c-91be-22c6928f85be', - ], - 'KeyVersion' => [ - 'description' => 'The metadata of the version.'."\n", + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '815240e2-aa37-4c26-9cca-05d4df3e8fe6', 'title' => ''], + 'Regions' => [ 'type' => 'object', + 'itemNode' => true, 'properties' => [ - 'KeyId' => [ - 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n", - 'type' => 'string', - 'example' => '0b30658a-ed1a-4922-b8f7-a673ca9c****', - ], - 'KeyVersionId' => [ - 'description' => 'The ID of the version.'."\n", - 'type' => 'string', - 'example' => 'c0a3d5dc-0b47-4199-a050-b289349a****', - ], - 'CreationDate' => [ - 'description' => 'The date and time when the version was created. The time is displayed in UTC.'."\n", - 'type' => 'string', - 'example' => '2019-08-02T10:38:27Z', + 'Region' => [ + 'description' => 'The region.', + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'RegionId' => ['description' => 'The region ID.', 'type' => 'string', 'example' => 'cn-hangzhou', 'title' => ''], + ], + 'description' => '', + 'title' => '', + 'example' => '', + ], + 'title' => '', + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'Rejected.UnsupportedOperation', - 'errorMessage' => 'Unsupported operation.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'Forbidden.AliasNotFound', - 'errorMessage' => 'The specified Alias is not found.', - ], - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], - ], - 409 => [ - [ - 'errorCode' => 'Rejected.Disabled', - 'errorMessage' => 'The request was rejected because the key state is Disabled.', - ], - [ - 'errorCode' => 'Rejected.Unavailable', - 'errorMessage' => 'The request was rejected because the key state is Unavailable.', - ], - [ - 'errorCode' => 'Rejected.PendingDeletion', - 'errorMessage' => 'The request was rejected because the key state is PendingDeletion.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"b96f250a-4b75-498c-91be-22c6928f85be\\",\\n \\"KeyVersion\\": {\\n \\"KeyId\\": \\"key-hzz62f1cb66fa42qo****\\",\\n \\"KeyVersionId\\": \\"key-hzz62f1cb66fa42qo****-20v29b****\\",\\n \\"CreationDate\\": \\"2023-07-02T10:38:27Z\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"<CreateKeyVersionResponse>\\n <RequestId>b96f250a-4b75-498c-91be-22c6928f85be</RequestId>\\n <KeyVersion>\\n <KeyId>key-hzz62f1cb66fa42qo****</KeyId>\\n <KeyVersionId>key-hzz62f1cb66fa42qo****-20v29b****</KeyVersionId>\\n <CreationDate>2023-07-02T10:38:27Z</CreationDate>\\n </KeyVersion>\\n</CreateKeyVersionResponse>","errorExample":""}]', - 'title' => 'CreateKeyVersion', - 'description' => '* You can create a version only for an asymmetric CMK that is in the Enabled state. You can call the [CreateKey](~~28947~~) operation to create an asymmetric CMK and the [DescribeKey](~~28952~~) operation to query the status of the CMK. The status is specified by the KeyState parameter.'."\n" - .'* The minimum interval for creating a version of the same CMK is seven days. You can call the [DescribeKey](~~28952~~) operation to query the time when the last version of a CMK was created. The time is specified by the LastRotationDate parameter.'."\n" - .'* If a CMK is in a private key store, you cannot create a version for the CMK.'."\n" - .'* You can create a maximum of 50 versions for a CMK in the same region.'."\n" - ."\n" - .'You can create a version for the CMK whose ID is `0b30658a-ed1a-4922-b8f7-a673ca9c****` by using the parameter settings provided in this topic.', + 'title' => 'DescribeRegions', + 'summary' => 'Queries the regions where KMS is available.', 'requestParamsDescription' => ' ', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'ListKeyVersions' => [ - 'methods' => [ - 'post', - 'get', + 'changeSet' => [ + ['createdAt' => '2025-08-21T07:47:03.000Z', 'description' => 'OpenAPI offline'], ], - 'schemes' => [ - 'https', + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"815240e2-aa37-4c26-9cca-05d4df3e8fe6\\",\\n \\"Regions\\": {\\n \\"Region\\": [\\n {\\n \\"RegionId\\": \\"cn-hangzhou\\"\\n }\\n ]\\n }\\n}","type":"json"}]', + ], + 'DescribeSecret' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'read', + 'operationType' => 'readAndWrite', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'get', - ], + 'systemTags' => ['operationType' => 'get'], 'parameters' => [ [ - 'name' => 'KeyId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The globally unique ID of the CMK. You can also set this parameter to an alias that is bound to the CMK. For more information, see [Use aliases](~~68522~~).'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '0b30658a-ed1a-4922-b8f7-a673ca9c****', - ], - ], - [ - 'name' => 'PageNumber', + 'name' => 'SecretName', 'in' => 'query', - 'schema' => [ - 'description' => 'The number of the page to return.'."\n" - ."\n" - .'Pages start from page 1.'."\n" - ."\n" - .'Default value: 1.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'docRequired' => true, - 'example' => '1', - ], + 'schema' => ['description' => 'The name of the secret.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'secret001', 'title' => ''], ], [ - 'name' => 'PageSize', + 'name' => 'FetchTags', 'in' => 'query', 'schema' => [ - 'description' => 'The number of entries to return on each page.'."\n" - ."\n" - .'Valid values: 0 to 101.'."\n" + 'description' => 'Specifies whether to return the resource tags of the secret. Valid values:'."\n" ."\n" - .'Default value: 10.'."\n", - 'type' => 'integer', - 'format' => 'int32', + .'* true: The resource tags are returned.'."\n" + .'* false: The resource tags are not returned. This is the default value.'."\n", + 'type' => 'string', 'required' => false, - 'example' => '10', + 'example' => 'true', + 'default' => 'false', + 'enum' => ['false', 'true'], + 'title' => '', ], ], ], 'responses' => [ 200 => [ + 'headers' => [], 'schema' => [ 'type' => 'object', 'properties' => [ - 'PageSize' => [ - 'description' => 'The number of entries returned per page.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '10', - ], - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => 'f71204c4-53cd-4eea-b405-653ba2db7e86', - ], - 'PageNumber' => [ - 'description' => 'The page number of the returned page.', - 'type' => 'integer', - 'format' => 'int32', - 'example' => '1', - ], - 'TotalCount' => [ - 'description' => 'The total number of returned key versions.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '3', - ], - 'KeyVersions' => [ + 'UpdateTime' => ['description' => 'The time when the secret was updated.'."\n", 'type' => 'string', 'example' => '2022-02-21T15:39:26Z', 'title' => ''], + 'CreateTime' => ['description' => 'The time when the secret was created.'."\n", 'type' => 'string', 'example' => '2022-02-21T15:39:26Z', 'title' => ''], + 'NextRotationDate' => ['description' => 'The time when the next rotation will be performed.'."\n" + ."\n" + .'> This parameter is returned when automatic rotation is enabled.'."\n", 'type' => 'string', 'example' => '2022-07-06T18:22:03Z', 'title' => ''], + 'EncryptionKeyId' => ['description' => 'The ID of the customer master key (CMK) that is used to encrypt the secret value.'."\n", 'type' => 'string', 'example' => '00aa68af-2c02-4f68-95fe-3435d330****', 'title' => ''], + 'RotationInterval' => ['description' => 'The interval for automatic rotation.'."\n" + ."\n" + .'The value is in the `integer[unit]` format. `integer` indicates the length of time. `unit`: indicates the time unit. The value of `unit` is fixed as s. For example, if the value is 604800s, automatic rotation is performed at a 7-day interval.'."\n" + ."\n" + .'> This parameter is returned when automatic rotation is enabled.'."\n", 'type' => 'string', 'example' => '3153600s', 'title' => ''], + 'Arn' => ['description' => 'The Alibaba Cloud Resource Name (ARN) of the secret.'."\n", 'type' => 'string', 'example' => 'acs:kms:cn-hangzhou:154035569884****:secret/secret001', 'title' => ''], + 'ExtendedConfig' => ['description' => 'The extended configuration of the secret.'."\n" + ."\n" + .'> This parameter is returned only for a managed ApsaraDB RDS secret, a managed Resource Access Management (RAM) secret, or a managed Elastic Compute Service (ECS) secret.'."\n", 'type' => 'string', 'example' => '{\\"SecretSubType\\":\\"SingleUser\\", \\"DBInstanceId\\":\\"rm-uf667446pc955****\\", \\"CustomData\\":{} }', 'title' => ''], + 'LastRotationDate' => ['description' => 'The time when the last rotation was performed.'."\n" + ."\n" + .'> This parameter is returned if the secret was rotated.'."\n", 'type' => 'string', 'example' => '2022-07-05T08:22:03Z', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", 'type' => 'string', 'example' => '93348dfb-3627-4417-8d90-487a76a909c9', 'title' => ''], + 'Description' => ['description' => 'The description of the secret.'."\n", 'type' => 'string', 'example' => 'userinfo', 'title' => ''], + 'SecretName' => ['description' => 'The name of the secret.'."\n", 'type' => 'string', 'example' => 'secret001', 'title' => ''], + 'AutomaticRotation' => ['description' => 'Indicates whether automatic rotation is enabled. Valid values:'."\n" + ."\n" + .'* Enabled: indicates that automatic rotation is enabled.'."\n" + .'* Disabled: indicates that automatic rotation is disabled.'."\n" + .'* Invalid: indicates that the status of automatic rotation is abnormal. In this case, Secrets Manager cannot automatically rotate the secret.'."\n" + ."\n" + .'> This parameter is returned only for a managed ApsaraDB RDS secret, a managed RAM secret, or a managed ECS secret.'."\n", 'type' => 'string', 'example' => 'Enabled', 'title' => ''], + 'SecretType' => ['description' => 'The type of the secret. Valid values:'."\n" + ."\n" + .'* Generic: indicates a generic secret.'."\n" + .'* Rds: indicates a managed ApsaraDB RDS secret.'."\n" + .'* RAMCredentials: indicates a managed RAM secret.'."\n" + .'* ECS: indicates a managed ECS secret.'."\n", 'type' => 'string', 'example' => 'Rds', 'title' => ''], + 'PlannedDeleteTime' => ['description' => 'The time when the secret is scheduled to be deleted.'."\n", 'type' => 'string', 'example' => '2022-03-21T15:45:12Z', 'title' => ''], + 'DKMSInstanceId' => ['description' => 'The ID of the dedicated KMS instance.'."\n", 'type' => 'string', 'example' => 'kst-bjj62d8f5e0sgtx8h****', 'title' => ''], + 'Tags' => [ 'type' => 'object', 'itemNode' => true, 'properties' => [ - 'KeyVersion' => [ - 'description' => 'An array that consists of key versions.'."\n", + 'Tag' => [ + 'description' => 'The resource tags of the secret.'."\n" + ."\n" + .'This parameter is not returned if you set the FetchTags parameter to false or you do not specify the FetchTags parameter.'."\n", + 'title' => '', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ - 'KeyId' => [ - 'description' => 'The globally unique ID of the CMK.'."\n" - ."\n" - .'> If you set the KeyId parameter to the alias of the CMK, the ID of the CMK to which the alias is bound is returned.'."\n", - 'type' => 'string', - 'example' => '0b30658a-ed1a-4922-b8f7-a673ca9c****', - ], - 'KeyVersionId' => [ - 'description' => 'The globally unique ID of the CMK version.'."\n", - 'type' => 'string', - 'example' => '1e3304fd-68ac-4d5b-8886-ae5f01a1****', - ], - 'CreationDate' => [ - 'description' => 'The date and time when the CMK version was created. The time is displayed in UTC.'."\n", - 'type' => 'string', - 'example' => '2016-03-25T10:42:40Z', - ], + 'TagValue' => ['description' => 'The tag value.'."\n", 'type' => 'string', 'example' => 'val1', 'title' => ''], + 'TagKey' => ['description' => 'The tag key.'."\n", 'type' => 'string', 'example' => 'key1', 'title' => ''], ], + 'description' => '', + 'title' => '', ], ], ], ], ], + 'description' => '', + 'title' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'IllegalTimestamp', 'errorMessage' => 'The input parameter Timestamp that is mandatory for processing this request is not supplied.', 'description' => 'The input parameter timestamp indicates that the request is outside the processing time range.'], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], - 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], + 403 => [ + ['errorCode' => 'Forbidden.NoPermission', 'errorMessage' => 'You are not authorized to perform the operation.', 'description' => 'You are not authorized to perform the operation.'], + ], + [ + ['errorCode' => 'Forbidden.ResourceNotFound', 'errorMessage' => 'Resource not found', 'description' => ''], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"PageSize\\": 10,\\n \\"RequestId\\": \\"f71204c4-53cd-4eea-b405-653ba2db7e86\\",\\n \\"PageNumber\\": 1,\\n \\"TotalCount\\": 3,\\n \\"KeyVersions\\": {\\n \\"KeyVersion\\": [\\n {\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"KeyVersionId\\": \\"1e3304fd-68ac-4d5b-8886-ae5f01a1****\\",\\n \\"CreationDate\\": \\"2024-03-25T10:42:40Z\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListKeyVersionsResponse>\\n <PageSize>10</PageSize>\\n <RequestId>f71204c4-53cd-4eea-b405-653ba2db7e86</RequestId>\\n <PageNumber>1</PageNumber>\\n <TotalCount>3</TotalCount>\\n <KeyVersions>\\n <KeyId>key-hzz630494463ejqjx****</KeyId>\\n <KeyVersionId>1e3304fd-68ac-4d5b-8886-ae5f01a1****</KeyVersionId>\\n <CreationDate>2024-03-25T10:42:40Z</CreationDate>\\n </KeyVersions>\\n</ListKeyVersionsResponse>","errorExample":""}]', - 'title' => 'ListKeyVersions', - 'summary' => 'Queries all versions of a key.', - 'requestParamsDescription' => ' ', + 'responseDemo' => '[{"type":"json","example":"{\\n \\"UpdateTime\\": \\"2022-02-21T15:39:26Z\\",\\n \\"CreateTime\\": \\"2022-02-21T15:39:26Z\\",\\n \\"NextRotationDate\\": \\"2022-07-06T18:22:03Z\\",\\n \\"EncryptionKeyId\\": \\"00aa68af-2c02-4f68-95fe-3435d330****\\",\\n \\"RotationInterval\\": \\"3153600s\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:154035569884****:secret/secret001\\",\\n \\"ExtendedConfig\\": \\"{\\\\\\\\\\\\\\"SecretSubType\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"SingleUser\\\\\\\\\\\\\\", \\\\\\\\\\\\\\"DBInstanceId\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"rm-uf667446pc955****\\\\\\\\\\\\\\", \\\\\\\\\\\\\\"CustomData\\\\\\\\\\\\\\":{} }\\",\\n \\"LastRotationDate\\": \\"2022-07-05T08:22:03Z\\",\\n \\"RequestId\\": \\"93348dfb-3627-4417-8d90-487a76a909c9\\",\\n \\"Description\\": \\"userinfo\\",\\n \\"SecretName\\": \\"secret001\\",\\n \\"AutomaticRotation\\": \\"Enabled\\",\\n \\"SecretType\\": \\"Rds\\",\\n \\"PlannedDeleteTime\\": \\"2022-03-21T15:45:12Z\\",\\n \\"DKMSInstanceId\\": \\"kst-bjj62d8f5e0sgtx8h****\\",\\n \\"Tags\\": {\\n \\"Tag\\": [\\n {\\n \\"TagValue\\": \\"val1\\",\\n \\"TagKey\\": \\"key1\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<DescribeSecretResponse>\\n <UpdateTime>2020-02-21T15:39:26Z</UpdateTime>\\n <CreateTime>2020-02-21T15:39:26Z</CreateTime>\\n <NextRotationDate>2020-07-06T18:22:03Z</NextRotationDate>\\n <EncryptionKeyId>00aa68af-2c02-4f68-95fe-3435d330****</EncryptionKeyId>\\n <RotationInterval>3153600s</RotationInterval>\\n <Arn>acs:kms:cn-hangzhou:154035569884****:secret/secret001</Arn>\\n <ExtendedConfig>{\\\\\\"SecretSubType\\\\\\":\\\\\\"SingleUser\\\\\\", \\\\\\"DBInstanceId\\\\\\":\\\\\\"rm-uf667446pc955****\\\\\\", \\\\\\"CustomData\\\\\\":{} }</ExtendedConfig>\\n <LastRotationDate>2020-07-05T08:22:03Z</LastRotationDate>\\n <RequestId>93348dfb-3627-4417-8d90-487a76a909c9</RequestId>\\n <Description>userinfo</Description>\\n <SecretName>secret001</SecretName>\\n <AutomaticRotation>Enabled</AutomaticRotation>\\n <SecretType>Rds</SecretType>\\n <PlannedDeleteTime>2020-03-21T15:45:12Z</PlannedDeleteTime>\\n <DKMSInstanceId>kst-bjj62d8f5e0sgtx8h****</DKMSInstanceId>\\n <Tags>\\n <TagValue>val1</TagValue>\\n <TagKey>key1</TagKey>\\n </Tags>\\n</DescribeSecretResponse>","errorExample":""}]', + 'title' => 'DescribeSecret', + 'summary' => 'Queries the metadata of a secret.', + 'description' => 'This operation returns the metadata of a secret. This operation does not return the secret value.'."\n" + ."\n" + .'In this example, the metadata of the secret named `secret001` is queried.'."\n", + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", 'responseParamsDescription' => ' ', 'extraInfo' => ' ', + 'changeSet' => [], ], - 'SetKeyPolicy' => [ - 'summary' => 'Configures a policy for a key in a Key Management Service (KMS) instance.', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'DisableKey' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -3702,229 +2960,95 @@ ], 'operationType' => 'write', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'update', - 'abilityTreeCode' => '206075', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', - ], - ], + 'systemTags' => ['operationType' => 'update'], 'parameters' => [ [ 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'title' => '', - 'description' => '', - 'type' => 'string', - 'required' => true, - 'example' => 'key-hzz630494463ejqjx****', - ], - ], - [ - 'name' => 'PolicyName', - 'in' => 'query', - 'schema' => [ - 'description' => '', - 'type' => 'string', - 'required' => false, - 'example' => 'default', - ], - ], - [ - 'name' => 'Policy', - 'in' => 'query', - 'schema' => [ - 'description' => '', - 'type' => 'string', - 'required' => true, - 'example' => '{"Statement":[{"Action":["kms:*"],"Effect":"Allow","Principal":{"RAM":["acs:ram::119285303511****:*"]},"Resource":["*"],"Sid":"kms default key policy"},{"Action":["kms:List*","kms:Describe*","kms:Create*","kms:Enable*","kms:Disable*","kms:Get*","kms:Set*","kms:Update*","kms:Delete*","kms:Cancel*","kms:TagResource","kms:UntagResource","kms:ImportKeyMaterial","kms:ScheduleKeyDeletion"],"Effect":"Allow","Principal":{"RAM":["acs:ram::119285303511****:user/for_test_policy"]},"Resource":["*"]}],"Version":"1"}', - ], + 'schema' => ['description' => 'The ID of the CMK. The ID must be globally unique.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '1234abcd-12ab-34cd-56ef-12345678****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ - 'title' => '', - 'description' => '', 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'title' => '', - 'description' => '', - 'type' => 'string', - 'example' => '381D5D33-BB8F-395F-8EE4-AE3BB4B523C8', - ], + 'RequestId' => ['description' => 'The ID of the request.'."\n", 'type' => 'string', 'example' => '2fe70ce2-3303-4fd6-b3ac-472fb2705c62', 'title' => ''], ], + 'description' => '', + 'title' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'MissingParameter', - 'errorMessage' => 'The parameter needed but no provided.', - ], - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], - [ - 'errorCode' => 'Forbidden.NoPermission', - 'errorMessage' => 'This operation is forbidden by permission system.', - ], - [ - 'errorCode' => 'Forbidden.KeyPolicyUnSupported', - 'errorMessage' => 'The specified key does not support key policy.', - ], - [ - 'errorCode' => 'Rejected.ShareQuotaExceedLimit', - 'errorMessage' => 'Instance Share Quota Exceed Limit.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], - 403 => [ - [ - 'errorCode' => 'Forbidden.DKMSInstanceStateInvalid', - 'errorMessage' => 'The DKMS instance state is invalid.', - ], - ], - [ - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], - [ - 'errorCode' => 'Forbidden.ResourceNotFound', - 'errorMessage' => 'Policy not found.', - ], - ], - 500 => [ - [ - 'errorCode' => 'InternalFailure', - 'errorMessage' => 'Internal Failure', - ], + 404 => [ + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'staticInfo' => [ - 'returnType' => 'synchronous', - ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"381D5D33-BB8F-395F-8EE4-AE3BB4B523C8\\"\\n}","errorExample":""},{"type":"xml","example":"<SetKeyPolicyResponse>\\n <RequestId>381D5D33-BB8F-395F-8EE4-AE3BB4B523C8</RequestId>\\n</SetKeyPolicyResponse>","errorExample":""}]', - 'title' => 'SetKeyPolicy', + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"2fe70ce2-3303-4fd6-b3ac-472fb2705c62\\"\\n}","errorExample":"//xml response\\n<KMS>\\n <RequestId>2fe70ce2-3303-4fd6-b3ac-472fb2705c62</RequestId>\\n</KMS>\\n"},{"type":"xml","example":"<KMS>\\n <RequestId>2fe70ce2-3303-4fd6-b3ac-472fb2705c62</RequestId>\\n</KMS>\\n","errorExample":"//json response\\n{\\n\\"RequestId\\": \\"2fe70ce2-3303-4fd6-b3ac-472fb2705c62\\"\\n}\\n"}]', + 'title' => 'DisableKey', + 'summary' => 'Disables a key.', + 'description' => 'If a customer master key (CMK) is disabled, the ciphertext encrypted by using this CMK cannot be decrypted until you re-enable it. You can call the [EnableKey](~~35150~~) operation to enable the CMK.'."\n" + ."\n" + .'In this example, the CMK whose ID is `1234abcd-12ab-34cd-56ef-12345678****` is disabled.'."\n", + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], ], - 'GetKeyPolicy' => [ - 'summary' => '仅可查询名称为 default 的 Key Policy,否则提示 Not Found。', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'EnableKey' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'readAndWrite', + 'operationType' => 'write', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'get', - 'abilityTreeCode' => '206082', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', - ], - ], + 'systemTags' => ['operationType' => 'update'], 'parameters' => [ [ 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'title' => '', - 'description' => '', - 'type' => 'string', - 'required' => true, - 'example' => 'key-hzz630494463ejqjx****', - ], - ], - [ - 'name' => 'PolicyName', - 'in' => 'query', - 'schema' => [ - 'title' => '策略名称', - 'description' => '', - 'type' => 'string', - 'required' => false, - 'example' => 'default', - ], + 'schema' => ['description' => 'The globally unique ID of the CMK.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '1234abcd-12ab-34cd-56ef-12345678****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ - 'title' => '', - 'description' => '', 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'title' => '', - 'description' => '', - 'type' => 'string', - 'example' => '381D5D33-BB8F-395F-8EE4-AE3B84B523C8', - ], - 'Policy' => [ - 'description' => '', - 'type' => 'string', - 'example' => '{"Statement": [{"Action": ["kms:*"],"Effect": "Allow","Principal": {"RAM": ["acs:ram::190325303126****:*","acs:ram::119285303511****:*"]},"Resource": ["*"],"Sid": "kms default key policy"}],"Version": "1" }', - ], + 'RequestId' => ['description' => 'The ID of the request.'."\n", 'type' => 'string', 'example' => 'efb1cbbd-a093-4278-bc03-639dd4fcc207', 'title' => ''], ], + 'description' => '', + 'title' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], - [ - 'errorCode' => 'MissingParameter', - 'errorMessage' => 'The parameter needed but no provided.', - ], - [ - 'errorCode' => 'Forbidden.NoPermission', - 'errorMessage' => 'This operation is forbidden by permission system.', - ], - [ - 'errorCode' => 'Forbidden.KeyPolicyUnSupported', - 'errorMessage' => 'The specified key does not support key policy.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], - [ - 'errorCode' => 'Forbidden.ResourceNotFound', - 'errorMessage' => 'Policy not found.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'staticInfo' => [ - 'returnType' => 'synchronous', - ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"381D5D33-BB8F-395F-8EE4-AE3B84B523C8\\",\\n \\"Policy\\": \\"{\\\\\\"Statement\\\\\\": [{\\\\\\"Action\\\\\\": [\\\\\\"kms:*\\\\\\"],\\\\\\"Effect\\\\\\": \\\\\\"Allow\\\\\\",\\\\\\"Principal\\\\\\": {\\\\\\"RAM\\\\\\": [\\\\\\"acs:ram::190325303126****:*\\\\\\",\\\\\\"acs:ram::119285303511****:*\\\\\\"]},\\\\\\"Resource\\\\\\": [\\\\\\"*\\\\\\"],\\\\\\"Sid\\\\\\": \\\\\\"kms default key policy\\\\\\"}],\\\\\\"Version\\\\\\": \\\\\\"1\\\\\\" }\\"\\n}","errorExample":""},{"type":"xml","example":"<GetKeyPolicyResponse>\\n <RequestId>381D5D33-BB8F-395F-8EE4-AE3B84B523C8</RequestId>\\n <Policy>{\\"Statement\\": [{\\"Action\\": [\\"kms:*\\"],\\"Effect\\": \\"Allow\\",\\"Principal\\": {\\"RAM\\": [\\"acs:ram::190325303126****:*\\",\\"acs:ram::119285303511****:*\\"]},\\"Resource\\": [\\"*\\"],\\"Sid\\": \\"kms default key policy\\"}],\\"Version\\": \\"1\\" }</Policy>\\n</GetKeyPolicyResponse>","errorExample":""}]', - 'title' => 'GetKeyPolicy', + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"efb1cbbd-a093-4278-bc03-639dd4fcc207\\"\\n}","errorExample":"//xml response\\n\\n<KMS>\\n <RequestId>efb1cbbd-a093-4278-bc03-639dd4fcc207</RequestId>\\n</KMS>\\n"},{"type":"xml","example":"<KMS>\\r\\n <RequestId>efb1cbbd-a093-4278-bc03-639dd4fcc207</RequestId>\\r\\n</KMS>","errorExample":"//json response\\n{\\n\\"RequestId\\": \\"efb1cbbd-a093-4278-bc03-639dd4fcc207\\"\\n}\\n"}]', + 'title' => 'EnableKey', + 'summary' => 'Enables a key to encrypt and decrypt data.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], ], - 'GenerateDataKey' => [ - 'summary' => 'Generates a random data key that is used to encrypt on-premises data.', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'Encrypt' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -3934,118 +3058,44 @@ 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', - 'abilityTreeCode' => '54570', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', - ], + 'abilityTreeCode' => '54566', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], ], 'parameters' => [ [ 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" - ."\n" - .'You can also set this parameter to an alias that is bound to the CMK. For more information, see [Alias overview](~~68522~~).'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '7906979c-8e06-46a2-be2d-68e3ccbc****', - ], + 'schema' => ['description' => 'The ID of the key. You can also specify the alias or Amazon Resource Name (ARN) of the key. For more information about aliases, see [Manage aliases](~~480655~~).'."\n" + ."\n" + .'> When you access a key in another Alibaba Cloud account, you must specify the ARN of the key. The ARN of a key is in the `acs:kms:${region}:${account}:key/${keyid}` format.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'key-hzz630494463ejqjx****', 'title' => ''], ], [ - 'name' => 'KeySpec', - 'in' => 'query', - 'schema' => [ - 'description' => 'The type of the data key that you want to generate. Valid values:'."\n" - ."\n" - .'* AES\\_256: a 256-bit symmetric key'."\n" - .'* AES\\_128: a 128-bit symmetric key'."\n" - ."\n" - .'> We recommend that you use the KeySpec or NumberOfBytes parameter to specify the length of a data key. If none of the parameters are specified, KMS generates a 256-bit data key. If both parameters are specified, KMS ignores the KeySpec parameter.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'AES_256', - 'enum' => [ - 'AES_256', - ' AES_128', - ], - ], - ], - [ - 'name' => 'NumberOfBytes', + 'name' => 'Plaintext', 'in' => 'query', - 'schema' => [ - 'description' => 'The length of the data key that you want to generate. Unit: bytes.'."\n" - ."\n" - .'Valid values: 1 to 1024.'."\n" - ."\n" - .'Default value:'."\n" - ."\n" - .'* If the KeySpec parameter is set to AES\\_256, set the value of the NumberOfBytes parameter to 32.'."\n" - .'* If the KeySpec parameter is set to AES\\_128, set the value of the NumberOfBytes parameter to 16.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'maximum' => '1024', - 'minimum' => '0', - 'example' => '256', - ], + 'schema' => ['description' => 'The plaintext to be encrypted. The plaintext must be Base64-encoded.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'SGVsbG8gd29y****', 'title' => ''], ], [ 'name' => 'EncryptionContext', 'in' => 'query', 'style' => 'json', - 'schema' => [ - 'description' => 'The JSON string that consists of key-value pairs.'."\n" - ."\n" - .'If you specify this parameter, an equivalent value is required when you call the [Decrypt](~~28950~~) operation. For more information, see [EncryptionContext](~~42975~~).'."\n", - 'type' => 'object', - 'required' => false, - 'example' => '{"Example":"Example"}', - ], + 'schema' => ['description' => 'A JSON string that consists of key-value pairs. If you specify this parameter, you must specify the same parameter when you call the Decrypt operation. For more information, see [EncryptionContext](~~42975~~).', 'type' => 'object', 'required' => false, 'example' => '{"Example":"Example"}', 'title' => ''], ], [ 'name' => 'DryRun', 'in' => 'query', - 'schema' => [ - 'type' => 'string', - ], - ], - [ - 'name' => 'Recipient', - 'in' => 'query', - 'schema' => [ - 'title' => '类型: String'."\n" - .'格式如下:'."\n" - .'{'."\n" - .'"AttestationDocument":"base64-encoded-attestion-document", '."\n" - .'"KeyEncryptionAlgorithm":"RSAES_OAEP_SHA_256"'."\n" - .'}'."\n" - .'AttestationDocument结构定义'."\n" - .'{'."\n" - .' "quoted": "AI//VENHgBgAIgALaTMPawflAbjXzXCp*******",'."\n" - .' "extendUserData": "base64-encoded-extend-user-data",'."\n" - .' "signature": "ABQACwEApJrELtCW/lwoCKgVMClx9F*******",'."\n" - .' "pcrInfo": {'."\n" - .' "pcrValues": "AAAAGAAgi2emNLLevC3zHzEUs69I3W******",'."\n" - .' "pcrSelectionOut": "AAAAAQALA////w==",'."\n" - .' "pcrUpdateCounter": 201'."\n" - .' },'."\n" - .' "cert": "MIIE3DCCA8SgAwIBAgIBBzANBgkqhkiG9w0BA*******"'."\n" - .'}'."\n" - .'extendUserData中用户数据格式如下:'."\n" - .'{'."\n" - .' "aud": "kms", // 固定值'."\n" - .' "iat": unix-timestamp, //秒级'."\n" - .' "exp": unix-timestamp, //秒级'."\n" - .' "pubKey": "Base64 encoded SPKI, supports RSA2048"'."\n" - .' "digestAlg":"sha256", //当前仅支持sha256'."\n" - .' "ver":"v1" //当前仅支持v1'."\n" - .'}'."\n" - .'仅在调用专属网关的openapi时生效', - 'type' => 'string', - ], + 'schema' => ['description' => 'Specifies whether to enable the dry run feature.'."\n" + ."\n" + .'- true: enables the dry run feature.'."\n" + ."\n" + .'- false (default): disables the dry run feature.'."\n" + ."\n" + .'The dry run feature is used to test API calls and verify the permissions on the resources that you have and the validity of the request parameters. You can view the check results in the response.'."\n" + ."\n" + .'- DryRunOperationError: The permissions and parameters are valid. If you do not specify the DryRun parameter, the request is successful.'."\n" + ."\n" + .'- ValidationError: The parameters in the request are invalid.'."\n" + ."\n" + .'- AccessDeniedError: You are not authorized to perform this operation on the KMS resource.', 'type' => 'string', 'required' => false, 'example' => 'false', 'title' => ''], ], ], 'responses' => [ @@ -4053,107 +3103,64 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'KeyVersionId' => [ - 'description' => 'The ID of the CMK version. The ID must be globally unique.'."\n", - 'type' => 'string', - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], - 'KeyId' => [ - 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" - ."\n" - .'> If you set the KeyId parameter in the request to an alias of the CMK, the ID of the CMK to which the alias is bound is returned.'."\n", - 'type' => 'string', - 'example' => '7906979c-8e06-46a2-be2d-68e3ccbc****', - ], - 'CiphertextBlob' => [ - 'description' => 'The ciphertext of the data key that is encrypted by using the primary version of the specified CMK.'."\n", - 'type' => 'string', - 'example' => 'ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****', - ], - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '7021b6ec-4be7-4d3c-8a68-1e85d4d515a0', - ], - 'Plaintext' => [ - 'description' => 'The Base64 encoded plaintext of the data key.'."\n", - 'type' => 'string', - 'example' => 'QmFzZTY0IGVuY29kZWQgcGxhaW50****', - ], - 'CiphertextForRecipient' => [ - 'title' => '当传递Recipient时, 使用Recipient中的公钥加密明文数据密钥,采用Base64进行编码'."\n" - .'公钥是extendUserData中的pubkey'."\n" - .'仅在调用实例网关的openapi时生效', - 'type' => 'string', - ], + 'KeyVersionId' => ['description' => 'The ID of the key version that is used to encrypt the plaintext. It is the primary version of the specified key.', 'type' => 'string', 'example' => '86a9efd9-3d16-4894-bd4f-1fc43f3f****', 'title' => ''], + 'KeyId' => ['description' => 'The ID of the key. If you use an alias or an ARN of the key in the request, the ID of the key is returned.', 'type' => 'string', 'example' => 'key-hzz630494463ejqjx****', 'title' => ''], + 'CiphertextBlob' => ['description' => 'The ciphertext of the data that is encrypted using the primary version of the specified key.', 'type' => 'string', 'example' => 'DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request, which is a unique identifier generated by Alibaba Cloud for the request. You can use the ID to troubleshoot issues.', 'type' => 'string', 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'UnsupportedOperation', - 'errorMessage' => 'This action is not supported.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is invalid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'Forbidden.AliasNotFound', - 'errorMessage' => 'The specified Alias is not found.', - ], - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], - ], - 409 => [ - [ - 'errorCode' => 'Rejected.Disabled', - 'errorMessage' => 'The request was rejected because the key state is Disabled.', - ], - [ - 'errorCode' => 'Rejected.PendingDeletion', - 'errorMessage' => 'The request was rejected because the key state is PendingDeletion.', - ], - [ - 'errorCode' => 'Rejected.Unavailable', - 'errorMessage' => 'The request was rejected because the key state is Unavailable.', - ], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], + ['errorCode' => 'Forbidden.AliasNotFound', 'errorMessage' => 'The specified Alias is not found.', 'description' => 'The error message returned because the specified alias does not exist.'], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"CiphertextBlob\\": \\"ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****\\",\\n \\"RequestId\\": \\"7021b6ec-4be7-4d3c-8a68-1e85d4d515a0\\",\\n \\"Plaintext\\": \\"QmFzZTY0IGVuY29kZWQgcGxhaW50****\\",\\n \\"CiphertextForRecipient\\": \\"NIahY6pgjK4ZMP2R0EmsmBqntrv0AI2rcDyU7Su6uOT9Le7EOvlCpjHJfr9z3M0vkfulQoyuETmKSpYDfixE3auE4MwxloT6D9Gfsk6hm5FV2iAxL//Ms2kLv6K4z6yGi7lKm2yjX4***==\\"\\n}","errorExample":""},{"type":"xml","example":"<GenerateDataKeyResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>key-hzz630494463ejqjx****</KeyId>\\n <CiphertextBlob>ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****</CiphertextBlob>\\n <RequestId>7021b6ec-4be7-4d3c-8a68-1e85d4d515a0</RequestId>\\n <Plaintext>QmFzZTY0IGVuY29kZWQgcGxhaW50****</Plaintext>\\n</GenerateDataKeyResponse>","errorExample":""}]', - 'title' => 'GenerateDataKey', - 'description' => 'This operation creates a random data key, encrypts the data key by using the specified customer master key (CMK), and returns the plaintext and ciphertext of the data key. You can use the plaintext of the data key to locally encrypt your data without using KMS and store the encrypted data together with the ciphertext of the data key. You can obtain the plaintext of the data key from the Plaintext parameter in the response and the ciphertext of the data key from the CiphertextBlob parameter in the response.'."\n" + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"KeyVersionId\\": \\"86a9efd9-3d16-4894-bd4f-1fc43f3f****\\",\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"CiphertextBlob\\": \\"DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****\\",\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\"\\n}","type":"json"}]', + 'title' => 'Encrypt', + 'summary' => 'Encrypts plaintext by using a symmetric CMK.', + 'description' => '### Precautions'."\n" ."\n" - .'The CMK that you specify in the request of this operation is only used to encrypt the data key and is not involved in the generation of the data key. KMS does not record or store the generated data key. Therefore, you need to store the ciphertext of the data key in persistent storage.'."\n" + .'- For information about the access policy required to allow a RAM user or RAM role to use this operation, see [Resource Access Management](~~2767210~~).'."\n" ."\n" - .'We recommend that you locally encrypt data by performing the following steps:'."\n" + .'- This operation is accessible through a shared gateway or a dedicated gateway. For more information, see [Alibaba Cloud SDK](~~601559~~).'."\n" ."\n" - .'1\\. Call the GenerateDataKey operation.'."\n" + .' - Shared gateway: You can access KMS over the Internet or a VPC. To use this method, you must enable Internet access. For more information, see [Access keys in a KMS instance over the Internet](~~2856718~~).'."\n" ."\n" - .'2\\. Use the plaintext of the data key that you obtain to locally encrypt data without using KMS. Then, delete the plaintext of the data key from the memory.'."\n" + .' - Dedicated gateway: You can access KMS using the private endpoint of KMS (`<YOUR_KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com`).'."\n" ."\n" - .'3\\. Store the encrypted data together with the ciphertext of the data key that you obtain.'."\n" + .'### QPS limits'."\n" ."\n" - .'We recommend that you locally decrypt data by performing the following steps:'."\n" + .'- When accessed through a shared gateway, the queries per second (QPS) limit for a single user is 1,000. If the limit is exceeded, requests are throttled, which can affect your business. We recommend that you stay within this limit to avoid throttling.'."\n" ."\n" - .'* Call the [Decrypt](~~28950~~) operation to decrypt the locally stored ciphertext of the data key. The plaintext of data key is then returned.'."\n" - .'* Use the plaintext of the data key to locally decrypt data and then delete the plaintext of the data key from the memory.'."\n" + .'- When accessed through a dedicated gateway, the QPS limit for a single user is subject to the computing performance specifications of your KMS instance. For more information, see [Performance metrics](~~480120~~).'."\n" ."\n" - .'In this example, a random data key is generated for the CMK whose ID is `7906979c-8e06-46a2-be2d-68e3ccbc****`.'."\n", - 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + .'### Description'."\n" + ."\n" + .'- KMS encrypts the specified data using the primary version of a specified key.'."\n" + ."\n" + .'- You can encrypt a maximum of 6 KB of data, such as an RSA key, a database password, or other sensitive information.'."\n" + ."\n" + .'- If you migrate encrypted data from one region to another, you can call the Encrypt operation in the destination region to re-encrypt the plaintext data key from the source region. This generates a new encrypted data key. You can then call the [Decrypt](~~28950~~) operation to decrypt this new key in the destination region.', + 'requestParamsDescription' => ' ', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'GenerateAndExportDataKey' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'ExportDataKey' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -4163,120 +3170,62 @@ 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', - 'abilityTreeCode' => '54569', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', - ], + 'abilityTreeCode' => '54568', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], ], 'parameters' => [ [ - 'name' => 'KeyId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The globally unique ID of the CMK. You can also set this parameter to an alias that is bound to the CMK. For more information, see [Use aliases](~~68522~~).'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '1234abcd-12ab-34cd-56ef-12345678****', - ], - ], - [ - 'name' => 'KeySpec', - 'in' => 'query', - 'schema' => [ - 'description' => 'The length of the data key that you want to generate. Valid values:'."\n" - ."\n" - .'* AES\\_256: a 256-bit symmetric key'."\n" - .'* AES\\_128: a 128-bit symmetric key'."\n" - ."\n" - .'> We recommend that you use the KeySpec or NumberOfBytes parameter to specify the length of a data key. If both parameters are not specified, KMS generates a 256-bit data key. If both parameters are specified, KMS ignores the KeySpec parameter.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'AES_256', - 'enum' => [ - 'AES_256', - ' AES_128', - ], - ], - ], - [ - 'name' => 'NumberOfBytes', + 'name' => 'CiphertextBlob', 'in' => 'query', - 'schema' => [ - 'description' => 'The length of the data key that you want to generate.'."\n" - ."\n" - .'Valid values: 1 to 1024.'."\n" - ."\n" - .'Unit: bytes.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'maximum' => '1024', - 'minimum' => '0', - 'example' => '32', - ], + 'schema' => ['description' => 'The ciphertext of the data key that is encrypted using a master key (CMK).', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901q********', 'title' => ''], ], [ 'name' => 'EncryptionContext', 'in' => 'query', 'style' => 'json', - 'schema' => [ - 'description' => 'A JSON string of key-value pairs. If you specify this parameter here, an equivalent value is required when you decrypt or re-encrypt the data key. For more information, see [EncryptionContext](~~42975~~).'."\n", - 'type' => 'object', - 'required' => false, - 'example' => '{"Example":"Example"}', - ], + 'schema' => ['description' => 'A JSON string that consists of key-value pairs. EncryptionContext is the encryption context that is passed in when the data key is encrypted using a CMK. For more information, see [EncryptionContext](~~42975~~).', 'type' => 'object', 'required' => false, 'example' => '{"Example":"Example"}', 'title' => ''], ], [ 'name' => 'PublicKeyBlob', 'in' => 'query', - 'schema' => [ - 'description' => 'A Base64-encoded public key.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndKfC2ReLL2+y8a0+ZBBeAft/uBYo86GZiYJuflqgUzKxpyuvlo3uQkBv6b+nx+0tz8g8v7GhpPWMSW5L9mNHYsvYFsa7jTxsYdt17yj6GlUHPuMIs8hr5qbwl38IHU1iIa7nYWwE2fb3ePOvLDACRJVgGpU0yxioW80d2QD+9aU4jF5dlAahcfgsNzo2CXzCUc1+xbmNuq7Rp+H9VJB9dyYOwqnW3RhOLBo21FzpORapf0UiRlrHRpk1V6ez+aE1dofaYh/9bh0m6ioxj7j5hpZbWccuEZTMBKd+cbuBkRhJzc6Tti6qwZbDiu4fUwbZS0Tqpuo1UadiyxMW********', - ], + 'schema' => ['description' => 'The public key in Base64 format.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndKfC2ReLL2+y8a0+ZBBeAft/uBYo86GZiYJuflqgUzKxpyuvlo3uQkBv6b+nx+0tz8g8v7GhpPWMSW5L9mNHYsvYFsa7jTxsYdt17yj6GlUHPuMIs8hr5qbwl38IHU1iIa7nYWwE2fb3ePOvLDACRJVgGpU0yxioW80d2QD+9aU4jF5dlAahcfgsNzo2CXzCUc1+xbmNuq7Rp+H9VJB9dyYOwqnW3RhOLBo21FzpORapf0UiRlrHRpk1V6ez+aE1dofaYh/9bh0m6ioxj7j5hpZbWccuEZTMBKd+cbuBkRhJzc6Tti6qwZbDiu4fUwbZS0Tqpuo1UadiyxMW********', 'title' => ''], ], [ 'name' => 'WrappingKeySpec', 'in' => 'query', - 'schema' => [ - 'description' => 'The key type of the public key specified by PublicKeyBlob. For more information about key types, see [Introduction to asymmetric keys](~~148147~~).'."\n" - ."\n" - .'Valid values:'."\n" - ."\n" - .'* RSA\\_2048'."\n" - .'* EC_SM2'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'RSA_2048', - ], + 'schema' => ['description' => 'The type of the public key specified by PublicKeyBlob. For more information about key types, see [Introduction to asymmetric keys](~~148147~~).<br> Valid values:<br><br>'."\n" + ."\n" + .'- RSA\\_2048'."\n" + ."\n" + .'- EC\\_SM2', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'RSA_2048', 'title' => ''], ], [ 'name' => 'WrappingAlgorithm', 'in' => 'query', - 'schema' => [ - 'description' => 'The encryption algorithm based on which you want to use the public key specified by PublicKeyBlob to encrypt the data key. For more information about encryption algorithms, see [AsymmetricDecrypt](~~148130~~).'."\n" - ."\n" - .'Valid values:'."\n" - ."\n" - .'* RSAES_OAEP_SHA\\_256'."\n" - .'* RSAES_OAEP_SHA\\_1'."\n" - .'* SM2PKE'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'RSAES_OAEP_SHA_256', - ], + 'schema' => ['description' => 'The encryption algorithm that is used to encrypt the data key using the public key specified by PublicKeyBlob. For more information about the algorithms, see [AsymmetricDecrypt](~~148130~~).<br> Valid values:<br><br>'."\n" + ."\n" + .'- RSAES\\_OAEP\\_SHA\\_256'."\n" + ."\n" + .'- RSAES\\_OAEP\\_SHA\\_1'."\n" + ."\n" + .'- SM2PKE', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'RSAES_OAEP_SHA_256', 'title' => ''], ], [ 'name' => 'DryRun', 'in' => 'query', - 'schema' => [ - 'type' => 'string', - ], + 'schema' => ['description' => 'Specifies whether to enable the DryRun mode.'."\n" + ."\n" + .'- true'."\n" + ."\n" + .'- false (default)'."\n" + ."\n" + .'The DryRun mode is used to test the API call and verify the permissions on the specified resources and the validity of the request parameters. If you enable the DryRun mode, KMS returns a failure response and a failure reason. The failure reasons include the following:'."\n" + ."\n" + .'- DryRunOperationError: The request would have succeeded if the DryRun parameter was not specified.'."\n" + ."\n" + .'- ValidationError: The specified parameters in the request are invalid.'."\n" + ."\n" + .'- AccessDeniedError: You are not authorized to perform the operation on the KMS resource.', 'type' => 'string', 'required' => false, 'example' => 'false', 'title' => ''], ], ], 'responses' => [ @@ -4284,83 +3233,57 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'KeyVersionId' => [ - 'description' => 'The ID of the CMK version that is used to encrypt the plaintext. It is the primary version of the CMK.'."\n", - 'type' => 'string', - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], - 'KeyId' => [ - 'description' => 'The globally unique ID of the CMK.'."\n" - ."\n" - .'> If you set the KeyId parameter to an alias, the ID of the CMK to which the alias is bound is returned.'."\n", - 'type' => 'string', - 'example' => '599fa825-17de-417e-9554-bb032cc6****', - ], - 'CiphertextBlob' => [ - 'description' => 'The ciphertext of the data key encrypted by using the primary CMK version.'."\n", - 'type' => 'string', - 'example' => 'ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****', - ], - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => '7021b6ec-4be7-4d3c-8a68-1e85d4d515a0', - ], - 'ExportedDataKey' => [ - 'description' => 'The data key encrypted by using the public key and then exported.'."\n", - 'type' => 'string', - 'example' => 'BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVs*******', - ], + 'KeyVersionId' => ['description' => 'The ID of the key version that is used to decrypt the ciphertext of the specified data key.', 'type' => 'string', 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], + 'KeyId' => ['description' => 'The ID of the CMK that is used to decrypt the ciphertext of the specified data key.<br> The globally unique identifier of the CMK.<br><br>', 'type' => 'string', 'example' => '202b9877-5a25-46e3-a763-e20791b5****', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request, which is a unique identifier generated by Alibaba Cloud for the request. You can use the request ID to troubleshoot issues.', 'type' => 'string', 'example' => '4bd560a1-729e-45f1-a3d9-b2a33d61046b', 'title' => ''], + 'ExportedDataKey' => ['description' => 'The exported data key that is protected by public key encryption.', 'type' => 'string', 'example' => 'BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVs*******', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], 500 => [ - [ - 'errorCode' => 'InternalFailure', - 'errorMessage' => 'InternalFailure', - ], + ['errorCode' => 'InternalFailure', 'errorMessage' => 'Internal Failure.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"599fa825-17de-417e-9554-bb032cc6****\\",\\n \\"CiphertextBlob\\": \\"ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****\\",\\n \\"RequestId\\": \\"7021b6ec-4be7-4d3c-8a68-1e85d4d515a0\\",\\n \\"ExportedDataKey\\": \\"BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVs*******\\"\\n}","errorExample":""},{"type":"xml","example":"<GenerateAndExportDataKeyResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>599fa825-17de-417e-9554-bb032cc6****</KeyId>\\n <CiphertextBlob>ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****</CiphertextBlob>\\n <RequestId>7021b6ec-4be7-4d3c-8a68-1e85d4d515a0</RequestId>\\n <ExportedDataKey>BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVs*******</ExportedDataKey>\\n</GenerateAndExportDataKeyResponse>","errorExample":""}]', - 'title' => 'GenerateAndExportDataKey', - 'summary' => 'Randomly generates a data key and uses a key and a public key to encrypt the data key. This operation returns both the data key ciphertext that is encrypted by using the key and the data key ciphertext that is encrypted by using the public key.', - 'description' => 'We recommend that you perform the following steps to import your data key to a cryptographic module:'."\n" + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"202b9877-5a25-46e3-a763-e20791b5****\\",\\n \\"RequestId\\": \\"4bd560a1-729e-45f1-a3d9-b2a33d61046b\\",\\n \\"ExportedDataKey\\": \\"BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVs*******\\"\\n}","type":"json"}]', + 'title' => 'ExportDataKey', + 'summary' => 'Exports a data key encrypted by a CMK. The data key is re-encrypted by a public key that you specify for secure transmission.', + 'description' => '### Precautions'."\n" + ."\n" + .'- For information about the access policy required for a RAM user or RAM role to use this operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- This operation is accessible through a shared gateway or a dedicated gateway. For more information, see [Alibaba Cloud SDK](~~601559~~).'."\n" + ."\n" + .' - Shared gateway: You can access KMS using the public endpoint or a VPC endpoint. To use the public endpoint, you must first enable it. For more information, see [Access the key in a KMS instance over the Internet](~~2856718~~).'."\n" + ."\n" + .' - Dedicated gateway: You can access KMS using the private endpoint of the KMS instance: `<YOUR_KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com`.'."\n" + ."\n" + .'### Description'."\n" ."\n" - .'* Call the GenerateAndExportDataKey operation to generate a data key and obtain both the ciphertext of the data key encrypted by using the CMK and that encrypted by using the public key.'."\n" - .'* Store the ciphertext of the data key encrypted by using the CMK in KMS Secrets Manager or in a storage service such as ApsaraDB. This ciphertext is used for backup and restoration.'."\n" - .'* Import the ciphertext of the data key encrypted by using the public key to the cryptographic module where the private key is stored. Then, you can use the data key to encrypt or decrypt data.'."\n" + .'After you call the [GenerateDataKeyWithoutPlaintext](~~134043~~) operation to obtain a data key encrypted by a master key (CMK), you can use the ExportDataKey operation to distribute the data key to other regions or cryptographic modules. The ExportDataKey operation returns the ciphertext of the data key, re-encrypted with the specified public key.'."\n" ."\n" - .'> The CMK that you specify in the request of this operation is only used to encrypt the data key and is not involved in the generation of the data key. KMS does not record or store the data keys randomly generated by calling this operation. You must take note of the data keys and the returned ciphertext.'."\n", + .'You can import the exported ciphertext into the cryptographic module that holds the corresponding private key. This process lets you securely distribute the data key from KMS to a cryptographic module. After the data key is imported into the cryptographic module, you can use it to encrypt or decrypt data.', 'requestParamsDescription' => ' ', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'Encrypt' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'GenerateAndExportDataKey' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -4370,51 +3293,91 @@ 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', - 'abilityTreeCode' => '54566', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', - ], + 'abilityTreeCode' => '54569', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], ], 'parameters' => [ [ 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The globally unique ID of the CMK. You can also set this parameter to an alias that is bound to the CMK. For more information, see [Use aliases](~~68522~~).'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '1234abcd-12ab-34cd-56ef-12345678****', - ], + 'schema' => ['description' => 'The ID of the key. You can also specify the alias or Amazon Resource Name (ARN) of the key. For more information about aliases, see [Manage aliases](~~480655~~).'."\n" + ."\n" + .'> To access a key in another Alibaba Cloud account, you must specify the ARN of the key. The key ARN is in the format of `acs:kms:${region}:${account}:key/${keyid}`.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '1234abcd-12ab-34cd-56ef-12345678****', 'title' => ''], ], [ - 'name' => 'Plaintext', + 'name' => 'KeySpec', 'in' => 'query', 'schema' => [ - 'description' => 'The plaintext to be encrypted. The plaintext must be Base64 encoded.'."\n", + 'description' => 'The length of the data key that you want to generate. Valid values:'."\n" + ."\n" + .'- AES\\_256: a 256-bit symmetric key.'."\n" + ."\n" + .'- AES\\_128: a 128-bit symmetric key.'."\n" + ."\n" + .'> We recommend that you use the KeySpec or NumberOfBytes parameter to specify the length of a data key. If you do not specify either of the parameters, KMS generates a 256-bit data key. If you specify both parameters, KMS ignores the KeySpec parameter.', 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'SGVsbG8gd29y****', + 'required' => false, + 'enum' => ['AES_256', ' AES_128'], + 'example' => 'AES_256', + 'title' => '', ], ], [ + 'name' => 'NumberOfBytes', + 'in' => 'query', + 'schema' => ['description' => 'The length of the data key that you want to generate.'."\n" + ."\n" + .'Valid values: 1 to 1024.'."\n" + ."\n" + .'Unit: bytes.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'maximum' => '1024', 'minimum' => '0', 'example' => '32', 'title' => ''], + ], + [ 'name' => 'EncryptionContext', 'in' => 'query', 'style' => 'json', - 'schema' => [ - 'description' => 'A JSON string that consists of key-value pairs. If you specify this parameter, an equivalent value is required when you call the Decrypt operation. For more information, see [EncryptionContext](~~42975~~).'."\n", - 'type' => 'object', - 'required' => false, - 'example' => '{"Example":"Example"}', - ], + 'schema' => ['description' => 'A JSON string that consists of key-value pairs. If you specify this parameter, you must specify the same parameter when you call the Decrypt operation or other operations to re-encrypt the data key. For more information, see [EncryptionContext](~~42975~~).', 'type' => 'object', 'required' => false, 'example' => '{"Example":"Example"}', 'title' => ''], + ], + [ + 'name' => 'PublicKeyBlob', + 'in' => 'query', + 'schema' => ['description' => 'The public key that is encoded in Base64.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndKfC2ReLL2+y8a0+ZBBeAft/uBYo86GZiYJuflqgUzKxpyuvlo3uQkBv6b+nx+0tz8g8v7GhpPWMSW5L9mNHYsvYFsa7jTxsYdt17yj6GlUHPuMIs8hr5qbwl38IHU1iIa7nYWwE2fb3ePOvLDACRJVgGpU0yxioW80d2QD+9aU4jF5dlAahcfgsNzo2CXzCUc1+xbmNuq7Rp+H9VJB9dyYOwqnW3RhOLBo21FzpORapf0UiRlrHRpk1V6ez+aE1dofaYh/9bh0m6ioxj7j5hpZbWccuEZTMBKd+cbuBkRhJzc6Tti6qwZbDiu4fUwbZS0Tqpuo1UadiyxMW********', 'title' => ''], + ], + [ + 'name' => 'WrappingKeySpec', + 'in' => 'query', + 'schema' => ['description' => 'The type of the key specified by PublicKeyBlob. For more information about key types, see [Introduction to asymmetric keys](~~148147~~).<br> Valid values:<br><br>'."\n" + ."\n" + .'- RSA\\_2048'."\n" + ."\n" + .'- EC\\_SM2', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'RSA_2048', 'title' => ''], + ], + [ + 'name' => 'WrappingAlgorithm', + 'in' => 'query', + 'schema' => ['description' => 'The encryption algorithm that is used to encrypt the data key using the public key specified by PublicKeyBlob. For more information about encryption algorithms, see [AsymmetricDecrypt](~~148130~~).<br> Valid values:<br><br>'."\n" + ."\n" + .'- RSAES\\_OAEP\\_SHA\\_256'."\n" + ."\n" + .'- RSAES\\_OAEP\\_SHA\\_1'."\n" + ."\n" + .'- SM2PKE', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'RSAES_OAEP_SHA_256', 'title' => ''], ], [ 'name' => 'DryRun', 'in' => 'query', - 'schema' => [ - 'type' => 'string', - ], + 'schema' => ['description' => 'Specifies whether to enable the dry run feature.'."\n" + ."\n" + .'- true: enables the feature.'."\n" + ."\n" + .'- false (default): disables the feature.'."\n" + ."\n" + .'The DryRun mode is used to test API calls and verify the permissions on the resources that you have access to and the validity of the request parameters. If you enable the DryRun mode, KMS always returns a failure response and the cause of the failure. The following failure causes are included:'."\n" + ."\n" + .'- DryRunOperationError: The request would have succeeded if the DryRun parameter is not specified.'."\n" + ."\n" + .'- ValidationError: The parameters specified in the request are invalid.'."\n" + ."\n" + .'- AccessDeniedError: You are not authorized to perform this operation on the KMS resource.', 'type' => 'string', 'required' => false, 'example' => 'false', 'title' => ''], ], ], 'responses' => [ @@ -4422,71 +3385,64 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'KeyVersionId' => [ - 'description' => 'The ID of the key version that is used to encrypt the plaintext. It is the primary version of the CMK.'."\n", - 'type' => 'string', - 'example' => '86a9efd9-3d16-4894-bd4f-1fc43f3f****', - ], - 'KeyId' => [ - 'description' => 'The globally unique ID of the CMK. If you set the KeyId parameter to an alias, the ID of the CMK to which the alias is bound is returned.'."\n", - 'type' => 'string', - 'example' => '1234abcd-12ab-34cd-56ef-12345678****', - ], - 'CiphertextBlob' => [ - 'description' => 'The ciphertext of the data that is encrypted by using the primary CMK version.'."\n", - 'type' => 'string', - 'example' => 'DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****', - ], - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', - ], + 'KeyVersionId' => ['description' => 'The ID of the key version that is used to encrypt the plaintext. It is the primary version of the specified KMS key.', 'type' => 'string', 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], + 'KeyId' => ['description' => 'The ID of the key. If you use a key alias or key ARN in the request, the key ID is returned.', 'type' => 'string', 'example' => '599fa825-17de-417e-9554-bb032cc6****', 'title' => ''], + 'CiphertextBlob' => ['description' => 'The ciphertext of the data key. The data key is encrypted using the primary version of the specified KMS key.', 'type' => 'string', 'example' => 'ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request, which is a unique identifier generated by Alibaba Cloud. You can use the request ID to troubleshoot issues.', 'type' => 'string', 'example' => '7021b6ec-4be7-4d3c-8a68-1e85d4d515a0', 'title' => ''], + 'ExportedDataKey' => ['description' => 'The exported data key that is protected by the public key.', 'type' => 'string', 'example' => 'BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVs*******', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is invalid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], - [ - 'errorCode' => 'Forbidden.AliasNotFound', - 'errorMessage' => 'The specified Alias is not found.', - ], - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ], + 500 => [ + ['errorCode' => 'InternalFailure', 'errorMessage' => 'InternalFailure', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"86a9efd9-3d16-4894-bd4f-1fc43f3f****\\",\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"CiphertextBlob\\": \\"DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****\\",\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\"\\n}","errorExample":""},{"type":"xml","example":"<EncryptResponse>\\n <KeyVersionId>86a9efd9-3d16-4894-bd4f-1fc43f3f****</KeyVersionId>\\n <KeyId>key-hzz630494463ejqjx****</KeyId>\\n <CiphertextBlob>DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****</CiphertextBlob>\\n <RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>\\n</EncryptResponse>","errorExample":""}]', - 'title' => 'Encrypt', - 'summary' => 'Encrypts plaintext by using a symmetric key.', - 'description' => '* KMS uses the primary version of a specified CMK to encrypt data.'."\n" - .'* Only data of 6 KB or less can be encrypted. For example, you can call this operation to encrypt RSA keys, database access passwords, or other sensitive information.'."\n" - .'* When you migrate encrypted data across regions, you can call this operation in the destination region to encrypt the plaintext of the data key that is used to encrypt the migrated data in the source region. This way, the ciphertext of the data key is generated in the destination region. You can also call the [Decrypt](~~28950~~) operation to decrypt the data key.'."\n", - 'requestParamsDescription' => ' ', - 'responseParamsDescription' => ' ', + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"599fa825-17de-417e-9554-bb032cc6****\\",\\n \\"CiphertextBlob\\": \\"ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****\\",\\n \\"RequestId\\": \\"7021b6ec-4be7-4d3c-8a68-1e85d4d515a0\\",\\n \\"ExportedDataKey\\": \\"BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVs*******\\"\\n}","type":"json"}]', + 'title' => 'GenerateAndExportDataKey', + 'summary' => 'Generates a random data key, encrypts it by using a CMK and a public key that you specify, and returns both ciphertexts.', + 'description' => '### Notes'."\n" + ."\n" + .'- For more information about the access policy required for a RAM user or RAM role to use this operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- This operation is accessible through a shared gateway or a dedicated gateway. For more information, see [Alibaba Cloud SDK](~~601559~~).'."\n" + ."\n" + .' - Shared gateway: You can access KMS over the Internet or a VPC. To access KMS over the Internet, you must enable Internet access. For more information, see [Access KMS instances over the Internet](~~2856718~~).'."\n" + ."\n" + .' - Dedicated gateway: You can access KMS using the private endpoint of KMS (`<YOUR_KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com`).'."\n" + ."\n" + .'### Description'."\n" + ."\n" + .'We recommend that you import the data key to a cryptographic module for data encryption and data decryption as follows:'."\n" + ."\n" + .'1\\. Call the GenerateAndExportDataKey operation to obtain the data key encrypted by a KMS key and a specified public key.'."\n" + ."\n" + .'2\\. Save the ciphertext of the data key that is encrypted by the KMS key to KMS or a storage service, such as ApsaraDB, for key backup and recovery.'."\n" + ."\n" + .'3\\. Import the ciphertext of the data key that is encrypted by the public key to the cryptographic module that contains the corresponding private key. This process distributes the key from KMS to the cryptographic module. You can then use the data key to encrypt and decrypt data.'."\n" + ."\n" + .'> The KMS key that you specify in the request is used only to encrypt the data key and is not used to generate the data key. KMS does not record or store the randomly generated data key. You are responsible for recording the data key or its ciphertext.', + 'changeSet' => [], 'extraInfo' => ' ', - ], - 'Decrypt' => [ - 'summary' => 'Decrypts the ciphertext that is specified by using CiphertextBlob.', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'GenerateDataKey' => [ + 'summary' => 'Generates a random data key for envelope encryption. The data key is returned in both plaintext and ciphertext forms.', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -4496,83 +3452,72 @@ 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', - 'abilityTreeCode' => '54550', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', - ], + 'abilityTreeCode' => '54570', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], ], 'parameters' => [ [ - 'name' => 'CiphertextBlob', + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => ['description' => 'The ID of the key. You can also specify the alias or the key resource name (ARN) of the key. For more information about aliases, see [Manage aliases](~~480655~~).'."\n" + ."\n" + .'> When you access a key in another Alibaba Cloud account, you must enter the ARN of the key. The key ARN is in the format of `acs:kms:${region}:${account}:key/${keyid}`.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'key-hzz630494463ejqjx****', 'title' => ''], + ], + [ + 'name' => 'KeySpec', 'in' => 'query', 'schema' => [ - 'description' => 'The ciphertext that you want to decrypt.'."\n" + 'description' => 'The length of the data key to be generated. Valid values:'."\n" ."\n" - .'You can generate the ciphertext by calling the following operations:'."\n" + .'- AES\\_256: a 256-bit symmetric key.'."\n" ."\n" - .'* [GenerateDataKey](~~28948~~)'."\n" - .'* [Encrypt](~~28949~~)'."\n" - .'* [GenerateDataKeyWithoutPlaintext](~~134043~~)'."\n", + .'- AES\\_128: a 128-bit symmetric key.'."\n" + ."\n" + .'> We recommend that you use the KeySpec or NumberOfBytes parameter to specify the length of a data key. If you do not specify either of the parameters, KMS generates a 256-bit data key. If you specify both parameters, KMS ignores the KeySpec parameter.', 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****', + 'required' => false, + 'enum' => ['AES_256', ' AES_128'], + 'example' => 'AES_256', + 'title' => '', ], ], [ - 'name' => 'EncryptionContext', + 'name' => 'NumberOfBytes', 'in' => 'query', - 'style' => 'json', - 'schema' => [ - 'description' => 'The JSON string that consists of key-value pairs.'."\n" - ."\n" - .'> If you specify the EncryptionContext parameter when you call the [GenerateDataKey](~~28948~~), [Encrypt](~~28949~~), or [GenerateDataKeyWithoutPlaintext](~~134043~~) operation, you must specify the same context when you call the Decrypt operation. For more information, see [EncryptionContext](~~42975~~).'."\n", - 'type' => 'object', - 'required' => false, - 'example' => '{"Example":"Example"}', - ], + 'schema' => ['description' => 'The length of the data key that you want to generate. Unit: bytes.'."\n" + ."\n" + .'Valid values: 1 to 1024.'."\n" + ."\n" + .'Default values:'."\n" + ."\n" + .'- If you set KeySpec to AES\\_256, the default value of NumberOfBytes is 32.'."\n" + ."\n" + .'- If you set KeySpec to AES\\_128, the default value of NumberOfBytes is 16.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'maximum' => '1024', 'minimum' => '0', 'example' => '256', 'title' => ''], ], [ - 'name' => 'DryRun', + 'name' => 'EncryptionContext', 'in' => 'query', - 'schema' => [ - 'type' => 'string', - ], + 'style' => 'json', + 'schema' => ['description' => 'A JSON string that consists of key-value pairs.'."\n" + ."\n" + .'If you specify this parameter, you must also specify the same parameter when you call the [Decrypt](~~28950~~) operation. For more information, see [EncryptionContext](~~42975~~).', 'type' => 'object', 'required' => false, 'example' => '{"Example":"Example"}', 'title' => ''], ], [ - 'name' => 'Recipient', + 'name' => 'DryRun', 'in' => 'query', - 'schema' => [ - 'title' => '类型: String'."\n" - .'格式如下:'."\n" - .'{'."\n" - .'"AttestationDocument":"base64-encoded-attestion-document", '."\n" - .'"KeyEncryptionAlgorithm":"RSAES_OAEP_SHA_256"'."\n" - .'}'."\n" - .'AttestationDocument结构定义'."\n" - .'{'."\n" - .' "quoted": "AI//VENHgBgAIgALaTMPawflAbjXzXCp*******",'."\n" - .' "extendUserData": "base64-encoded-extend-user-data",'."\n" - .' "signature": "ABQACwEApJrELtCW/lwoCKgVMClx9F*******",'."\n" - .' "pcrInfo": {'."\n" - .' "pcrValues": "AAAAGAAgi2emNLLevC3zHzEUs69I3W******",'."\n" - .' "pcrSelectionOut": "AAAAAQALA////w==",'."\n" - .' "pcrUpdateCounter": 201'."\n" - .' },'."\n" - .' "cert": "MIIE3DCCA8SgAwIBAgIBBzANBgkqhkiG9w0BA*******"'."\n" - .'}'."\n" - .'extendUserData中用户数据格式如下:'."\n" - .'{'."\n" - .' "aud": "kms", // 固定值'."\n" - .' "iat": unix-timestamp, //秒级'."\n" - .' "exp": unix-timestamp, //秒级'."\n" - .' "pubKey": "Base64 encoded SPKI, supports RSA2048"'."\n" - .' "digestAlg":"sha256", //当前仅支持sha256'."\n" - .' "ver":"v1" //当前仅支持v1'."\n" - .'}'."\n" - .'仅在调用专属网关的openapi时生效', - 'type' => 'string', - ], + 'schema' => ['description' => 'Specifies whether to enable the DryRun mode.'."\n" + ."\n" + .'- true: enables the DryRun mode.'."\n" + ."\n" + .'- false (default): disables the DryRun mode.'."\n" + ."\n" + .'The DryRun mode is used to test the API call. It verifies whether you have the permissions to access the specified resources and whether the request parameters are valid. If you enable the DryRun mode, KMS always returns a failure response and a failure reason. The failure reasons include the following:'."\n" + ."\n" + .'- DryRunOperationError: The request succeeds if the DryRun parameter is not specified.'."\n" + ."\n" + .'- ValidationError: The parameters specified in the request are invalid.'."\n" + ."\n" + .'- AccessDeniedError: You are not authorized to perform this operation on the KMS resource.', 'type' => 'string', 'required' => false, 'example' => 'false', 'title' => ''], ], ], 'responses' => [ @@ -4580,84 +3525,80 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'KeyVersionId' => [ - 'description' => 'The ID of the CMK version that is used to decrypt the ciphertext.'."\n", - 'type' => 'string', - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], - 'KeyId' => [ - 'description' => 'The ID of the customer master key (CMK) that is used to decrypt the ciphertext.'."\n" - ."\n" - .'It is the GUID of the CMK.'."\n", - 'type' => 'string', - 'example' => '202b9877-5a25-46e3-a763-e20791b5****', - ], - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => '207596a2-36d3-4840-b1bd-f87044699bd7', - ], - 'Plaintext' => [ - 'description' => 'The plaintext that is generated after decryption.'."\n", - 'type' => 'string', - 'example' => 'tRYXuCwgja12xxO1N/gZERDDCLw9doZEQiPDk/Bv****', - ], - 'CiphertextForRecipient' => [ - 'title' => '当传递Recipient时, 使用Recipient中的公钥加密明文数据密钥,采用Base64进行编码'."\n" - .'公钥是extendUserData中的pubkey'."\n" - .'仅在调用实例网关的openapi时生效', - 'type' => 'string', - ], + 'KeyVersionId' => ['description' => 'The globally unique identifier of the key version.', 'type' => 'string', 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], + 'KeyId' => ['description' => 'The ID of the key. If you use a key alias or key ARN in the KeyId parameter of the request, the key ID is also returned in the response.', 'type' => 'string', 'example' => 'key-hzz630494463ejqjx****', 'title' => ''], + 'CiphertextBlob' => ['description' => 'The ciphertext of the data key encrypted by the primary version of the specified key.', 'type' => 'string', 'example' => 'ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request, which is a unique identifier generated by Alibaba Cloud for the request. You can use the request ID to troubleshoot and locate issues.', 'type' => 'string', 'example' => '7021b6ec-4be7-4d3c-8a68-1e85d4d515a0', 'title' => ''], + 'Plaintext' => ['description' => 'The Base64-encoded plaintext of the data key.', 'type' => 'string', 'example' => 'QmFzZTY0IGVuY29kZWQgcGxhaW50****', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'UnsupportedOperation', - 'errorMessage' => 'This action is not supported.', - ], + ['errorCode' => 'UnsupportedOperation', 'errorMessage' => 'This action is not supported.', 'description' => 'The operation is not supported.'], ], 404 => [ - [ - 'errorCode' => 'Forbidden.AliasNotFound', - 'errorMessage' => 'The specified Alias is not found.', - ], - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], + ['errorCode' => 'Forbidden.AliasNotFound', 'errorMessage' => 'The specified Alias is not found.', 'description' => 'The error message returned because the specified alias does not exist.'], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], ], 409 => [ - [ - 'errorCode' => 'Rejected.Disabled', - 'errorMessage' => 'The request was rejected because the key state is Disabled.', - ], - [ - 'errorCode' => 'Rejected.PendingDeletion', - 'errorMessage' => 'The request was rejected because the key state is PendingDeletion.', - ], - [ - 'errorCode' => 'Rejected.Unavailable', - 'errorMessage' => 'The request was rejected because the key state is Unavailable.', - ], + ['errorCode' => 'Rejected.Disabled', 'errorMessage' => 'The request was rejected because the key state is Disabled.', 'description' => 'The request was rejected because the key state is Disabled.'], + ['errorCode' => 'Rejected.PendingDeletion', 'errorMessage' => 'The request was rejected because the key state is PendingDeletion.', 'description' => 'The request was rejected because the key state is PendingDeletion.'], + ['errorCode' => 'Rejected.Unavailable', 'errorMessage' => 'The request was rejected because the key state is Unavailable.', 'description' => 'The request was denied because the key status is unavailable.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"202b9877-5a25-46e3-a763-e20791b5****\\",\\n \\"RequestId\\": \\"207596a2-36d3-4840-b1bd-f87044699bd7\\",\\n \\"Plaintext\\": \\"tRYXuCwgja12xxO1N/gZERDDCLw9doZEQiPDk/Bv****\\",\\n \\"CiphertextForRecipient\\": \\"NIahY6pgjK4ZMP2R0EmsmBqntrv0AI2rcDyU7Su6uOT9Le7EOvlCpjHJfr9z3M0vkfulQoyuETmKSpYDfixE3auE4MwxloT6D9Gfsk6hm5FV2iAxL//Ms2kLv6K4z6yGi7lKm2yjX4***==\\\\n\\"\\n}","errorExample":""},{"type":"xml","example":"<DecryptResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>202b9877-5a25-46e3-a763-e20791b5****</KeyId>\\n <RequestId>207596a2-36d3-4840-b1bd-f87044699bd7</RequestId>\\n <Plaintext>tRYXuCwgja12xxO1N/gZERDDCLw9doZEQiPDk/Bv****</Plaintext>\\n</DecryptResponse>","errorExample":""}]', - 'title' => 'Decrypt', - 'requestParamsDescription' => ' ', + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"CiphertextBlob\\": \\"ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****\\",\\n \\"RequestId\\": \\"7021b6ec-4be7-4d3c-8a68-1e85d4d515a0\\",\\n \\"Plaintext\\": \\"QmFzZTY0IGVuY29kZWQgcGxhaW50****\\"\\n}","type":"json"}]', + 'title' => 'GenerateDataKey', + 'description' => '- For information about the permissions that are required to call this operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- This operation can be called using a shared gateway or a dedicated gateway. For more information, see [Alibaba Cloud SDK](~~601559~~).'."\n" + ."\n" + .' - Shared gateway: You can access KMS over the Internet or a VPC. To access KMS over the Internet, you must enable the public endpoint. For more information, see [Access keys in a KMS instance over the Internet](~~2856718~~).'."\n" + ."\n" + .' - Dedicated gateway: You can access KMS using the private endpoint of KMS (`<YOUR_KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com`).'."\n" + ."\n" + .'### QPS limits'."\n" + ."\n" + .'- If you use a shared gateway to call this operation, the queries per second (QPS) limit for a single user is 1,000. If the limit is exceeded, API calls are throttled. This may affect your business. We recommend that you call this operation at a reasonable rate.'."\n" + ."\n" + .'- If you use a dedicated gateway to call this operation, the QPS limit for a single user is based on the computing performance of your KMS instance. For more information, see [Performance metrics](~~480120~~).'."\n" + ."\n" + .'### Description'."\n" + ."\n" + .'This operation generates a random data key, encrypts the data key using the specified customer master key (CMK), and returns the plaintext and ciphertext of the data key. You can use the plaintext of the data key to encrypt data locally and outside of KMS. When you store the encrypted data, you must also store the ciphertext of the data key. You can obtain the plaintext of the data key from the Plaintext field and the ciphertext of the data key from the CiphertextBlob field in the response.'."\n" + ."\n" + .'The CMK that you specify in the request is used only to encrypt the data key. It is not involved in the generation of the data key. KMS does not record or store the randomly generated data key. You are responsible for the persistence of the ciphertext of the data key.'."\n" + ."\n" + .'We recommend that you perform the following steps to encrypt data locally:'."\n" + ."\n" + .'1\\. Call the GenerateDataKey operation to obtain a data key for data encryption.'."\n" + ."\n" + .'2\\. Use the plaintext of the data key returned in the Plaintext field of the response to encrypt data locally. Then, clear the plaintext of the data key from memory.'."\n" + ."\n" + .'3\\. Store the ciphertext of the data key returned in the CiphertextBlob field of the response together with the encrypted data.'."\n" + ."\n" + .'To decrypt data locally:'."\n" + ."\n" + .'- Call the [Decrypt](~~28950~~) operation to decrypt the stored ciphertext of the data key. This operation returns the plaintext of the data key.'."\n" + ."\n" + .'- Use the plaintext of the data key to decrypt data locally. Then, clear the plaintext of the data key from memory.'."\n" + ."\n" + .'This topic provides an example of how to generate a random data key for a key with the ID `key-hzz630494463ejqjx****`.', + 'requestParamsDescription' => 'For information about common request parameters, see [Common parameters](~~69007~~).', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'ReEncrypt' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'GenerateDataKeyWithoutPlaintext' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -4667,113 +3608,60 @@ 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', - 'abilityTreeCode' => '54598', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', - ], + 'abilityTreeCode' => '54571', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], ], 'parameters' => [ [ - 'name' => 'CiphertextBlob', - 'in' => 'query', - 'schema' => [ - 'description' => 'The ciphertext that you want to re-encrypt.'."\n" - ."\n" - .'You can set this parameter to the ciphertext that is returned after a symmetric or asymmetric encryption operation.'."\n" - ."\n" - .'* Symmetric encryption: the ciphertext returned after you call the [Encrypt](~~28949~~), [GenerateDataKey](~~28948~~), [GenerateDataKeyWithoutPlaintext](~~134043~~), or [GenerateAndExportDataKey](~~176804~~) operation'."\n" - .'* Asymmetric encryption: the public key-encrypted ciphertext returned after you call the [GenerateAndExportDataKey](~~176804~~) operation, or the ciphertext encrypted by using the public key of an asymmetric key pair outside KMS'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901q********', - ], - ], - [ - 'name' => 'SourceKeyId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the CMK that is used to decrypt the ciphertext.'."\n" - ."\n" - .'This parameter is the globally unique ID of the CMK.'."\n" - ."\n" - .'> If you set CiphertextBlob to the public key-encrypted ciphertext that is returned after an asymmetric encryption operation, specify this parameter.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', - ], - ], - [ - 'name' => 'SourceKeyVersionId', + 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the CMK version that is used to decrypt the ciphertext.'."\n" - ."\n" - .'> If you set CiphertextBlob to the public key-encrypted ciphertext that is returned after an asymmetric encryption operation, specify this parameter.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], + 'schema' => ['description' => 'The globally unique identifier of the CMK. You can also specify an alias that is bound to the CMK. For more information about how to use an alias, see Alias overview.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '599fa825-17de-417e-9554-bb032cc6****', 'title' => ''], ], [ - 'name' => 'SourceEncryptionAlgorithm', + 'name' => 'KeySpec', 'in' => 'query', 'schema' => [ - 'description' => 'The encryption algorithm based on which the public key is used to encrypt the ciphertext specified by CiphertextBlob. For more information about encryption algorithms, see [AsymmetricDecrypt](~~148130~~).'."\n" + 'description' => 'The length of the data key to generate. Valid values:'."\n" ."\n" - .'Valid values:'."\n" + .'- AES\\_256: a 256-bit symmetric key'."\n" ."\n" - .'* RSAES_OAEP_SHA\\_256'."\n" - .'* RSAES_OAEP_SHA\\_1'."\n" - .'* SM2PKE'."\n" + .'- AES\\_128: a 128-bit symmetric key'."\n" ."\n" - .'> If you set CiphertextBlob to the public key-encrypted ciphertext that is returned after an asymmetric encryption operation, specify this parameter.'."\n", + .'> Use KeySpec or NumberOfBytes to specify the length of the data key. If you do not specify either parameter, KMS generates a 256-bit data key. If you specify both parameters, KMS ignores the KeySpec parameter.', 'type' => 'string', 'required' => false, - 'example' => 'RSAES_OAEP_SHA_256', - ], - ], - [ - 'name' => 'SourceEncryptionContext', - 'in' => 'query', - 'style' => 'json', - 'schema' => [ - 'description' => 'A JSON string that consists of key-value pairs. If you specify EncryptionContext when you call the [Encrypt](~~28949~~), [GenerateDataKey](~~28948~~), [GenerateDataKeyWithoutPlaintext](~~134043~~), or [GenerateAndExportDataKey](~~176804~~) operation to encrypt the data or data key, an equivalent value is required here. For more information, see [EncryptionContext](~~42975~~).'."\n" - ."\n" - .'> If you set CiphertextBlob to the ciphertext that is returned after a symmetric encryption operation, specify this parameter.'."\n", - 'type' => 'object', - 'required' => false, - 'example' => '{"Example":"Example"}', + 'enum' => ['AES_256', ' AES_128'], + 'example' => 'AES_256', + 'title' => '', ], ], [ - 'name' => 'DestinationKeyId', + 'name' => 'NumberOfBytes', 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the symmetric CMK that is used to re-encrypt the ciphertext after the ciphertext is decrypted.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '1234abcd-12ab-34cd-56ef-12345678****', - ], + 'schema' => ['description' => 'The length of the data key to generate.<br> Valid values: 1 to 1024.<br> Unit: bytes<br><br><br><br><br>', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'maximum' => '1024', 'minimum' => '0', 'example' => '256', 'title' => ''], ], [ - 'name' => 'DestinationEncryptionContext', + 'name' => 'EncryptionContext', 'in' => 'query', 'style' => 'json', - 'schema' => [ - 'description' => 'A JSON string that consists of key-value pairs. This parameter specifies the EncryptionContext that is used to re-encrypt the decrypted data or data key.'."\n", - 'type' => 'object', - 'required' => false, - 'example' => '{"Example":"Example"}', - ], + 'schema' => ['description' => 'A JSON string of key-value pairs. If you specify this parameter, you must provide the same parameter when you call the Decrypt operation. For more information, see [EncryptionContext](~~42975~~).', 'type' => 'object', 'required' => false, 'example' => '{"Example":"Example"}', 'title' => ''], ], [ 'name' => 'DryRun', 'in' => 'query', - 'schema' => [ - 'type' => 'string', - ], + 'schema' => ['description' => 'Specifies whether to enable the DryRun mode.'."\n" + ."\n" + .'- true: enables the DryRun mode.'."\n" + ."\n" + .'- false (default): disables the DryRun mode.'."\n" + ."\n" + .'The DryRun mode is used to test API calls, verify your permissions on the required resources, and check if the request parameters are valid. If you enable the DryRun mode, KMS returns a failure response with a reason. The failure reasons include the following:'."\n" + ."\n" + .'- DryRunOperationError: The request would have succeeded if the DryRun parameter was not specified.'."\n" + ."\n" + .'- ValidationError: The request parameters are invalid.'."\n" + ."\n" + .'- AccessDeniedError: You are not authorized to perform this operation on the KMS resource.', 'type' => 'string', 'required' => false, 'example' => 'false', 'title' => ''], ], ], 'responses' => [ @@ -4781,240 +3669,229 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'KeyId' => [ - 'description' => 'The ID of the CMK that is used to decrypt the original ciphertext.'."\n" - ."\n" - .'This parameter is the globally unique ID of the CMK.'."\n", - 'type' => 'string', - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], - 'KeyVersionId' => [ - 'description' => 'The ID of the CMK version that is used to decrypt the original ciphertext.'."\n", - 'type' => 'string', - 'example' => '202b9877-5a25-46e3-a763-e20791b5****', - ], - 'CiphertextBlob' => [ - 'description' => 'The ciphertext re-encrypted.'."\n", - 'type' => 'string', - 'example' => 'DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****', - ], - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => '207596a2-36d3-4840-b1bd-f87044699bd7', - ], + 'KeyVersionId' => ['description' => 'The ID of the key version used to encrypt the plaintext. This is the primary version of the specified CMK.', 'type' => 'string', 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], + 'KeyId' => ['description' => 'The globally unique identifier of the CMK.'."\n" + ."\n" + .'> If you use an alias of the CMK in the KeyId parameter of the request, the ID of the CMK is returned.', 'type' => 'string', 'example' => '599fa825-17de-417e-9554-bb032cc6****', 'title' => ''], + 'CiphertextBlob' => ['description' => 'The ciphertext of the data key. The data key is encrypted by the primary version of the specified CMK.', 'type' => 'string', 'example' => 'ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request. This ID is a globally unique identifier generated by Alibaba Cloud for the request. You can use this ID to troubleshoot and locate issues.', 'type' => 'string', 'example' => '7021b6ec-4be7-4d3c-8a68-1e85d4d515a0', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], - ], - 500 => [ - [ - 'errorCode' => 'InternalFailure', - 'errorMessage' => 'Internal Failure.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyVersionId\\": \\"202b9877-5a25-46e3-a763-e20791b5****\\",\\n \\"CiphertextBlob\\": \\"DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****\\",\\n \\"RequestId\\": \\"207596a2-36d3-4840-b1bd-f87044699bd7\\"\\n}","errorExample":""},{"type":"xml","example":"<ReEncryptResponse>\\n <KeyId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyId>\\n <KeyVersionId>202b9877-5a25-46e3-a763-e20791b5****</KeyVersionId>\\n <CiphertextBlob>DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****</CiphertextBlob>\\n <RequestId>207596a2-36d3-4840-b1bd-f87044699bd7</RequestId>\\n</ReEncryptResponse>","errorExample":""}]', - 'title' => 'ReEncrypt', - 'summary' => 'Re-encrypts ciphertext. When you call this operation, Key Management Service (KMS) decrypts the ciphertext, uses a different key to re-encrypt the generated plaintext or data key, and then returns the new ciphertext.', - 'description' => 'You can call this operation in the following scenarios:'."\n" + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"599fa825-17de-417e-9554-bb032cc6****\\",\\n \\"CiphertextBlob\\": \\"ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****\\",\\n \\"RequestId\\": \\"7021b6ec-4be7-4d3c-8a68-1e85d4d515a0\\"\\n}","type":"json"}]', + 'title' => 'GenerateDataKeyWithoutPlaintext', + 'summary' => 'Generates a random data key in only ciphertext form, without the plaintext copy.', + 'description' => '### Precautions'."\n" ."\n" - .'* After the CMK that was used to encrypt your data is rotated, you can call this operation to use the latest CMK version to re-encrypt the data. For more information about automatic key rotation, see [Configure automatic key rotation](~~134270~~).'."\n" - .'* The CMK that was used to encrypt your data remains unchanged, but EncryptionContext is changed. In this scenario, you can call this operation to re-encrypt the data.'."\n" - .'* You can call this operation to use a CMK in KMS to re-encrypt data or a data key that was previously encrypted by a different CMK.'."\n" + .'- For information about the access policy that a RAM user or RAM role needs to use this operation, see [Resource Access Management](~~2767210~~).'."\n" ."\n" - .'To use the ReEncrypt operation, you must have two permissions:'."\n" + .'- This operation is accessible through a shared gateway or a dedicated gateway. For more information, see [Alibaba Cloud SDK](~~601559~~).'."\n" ."\n" - .'* kms:ReEncryptFrom on the source CMK'."\n" - .'* kms:ReEncryptTo on the destination CMK'."\n" - .'* For simplicity, you can specify kms:ReEncrypt\\* to allow both of the preceding permissions.'."\n", - 'requestParamsDescription' => ' '."\n", + .' - Shared gateway: Access KMS over the Internet or through a VPC domain name. This method requires Internet access to be enabled. For more information, see [Access keys in a KMS instance over the Internet](~~2856718~~).'."\n" + ."\n" + .' - Dedicated gateway: Access KMS through a KMS private endpoint (`<YOUR_KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com`).'."\n" + ."\n" + .'### QPS limits'."\n" + ."\n" + .'- Calls through a shared gateway: The queries per second (QPS) limit for a single user is 1,000. If you exceed this limit, requests are throttled, which may affect your business. We recommend that you stay within this limit.'."\n" + ."\n" + .'- Calls through a dedicated gateway: The QPS limit for a single user depends on the computing performance of your KMS instance. For more information, see [Performance metrics](~~480120~~).'."\n" + ."\n" + .'### Details'."\n" + ."\n" + .'This operation generates a random data key, encrypts it with a specified symmetric customer master key (CMK), and returns the ciphertext of the data key. This operation provides the same features as [GenerateDataKey](~~28948~~). The only difference is that this operation does not return the plaintext of the data key.'."\n" + ."\n" + .'The CMK that you specify in the request is used only to encrypt the data key. It is not used to generate the data key. KMS does not record or store the randomly generated data key.'."\n" + ."\n" + .'> - This operation is suitable for systems that do not need to immediately use the data key for data encryption. When encryption is required, the system calls the [Decrypt](~~28950~~) API to decrypt the ciphertext of the data key.'."\n" + .'>'."\n" + .'> - This operation is also suitable for distributed systems with different trust levels. For example, your system stores data in different partitions based on a defined policy. A module pre-creates these data partitions and generates a unique data key for each one. After this module initializes the control plane, it acts as a key distributor and does not produce or consume data. When data plane modules produce and consume data, they first retrieve the ciphertext of the data key for a partition. They then decrypt the ciphertext and use the plaintext data key to encrypt or decrypt data. Finally, they purge the plaintext data key from memory. In such a system, the key distributor does not need to access the plaintext of the data key. It only requires the \\`GenerateDataKeyWithoutPlaintext\\` permission for the relevant CMK. Data producers and consumers do not need to generate new data keys. They only require the \\`Decrypt\\` permission for the relevant CMK.', + 'requestParamsDescription' => ' ', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'ExportDataKey' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'GenerateMac' => [ + 'path' => '', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], + 'consumes' => ['application/json'], + 'produces' => ['application/json'], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', - 'abilityTreeCode' => '54568', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', - ], + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], ], 'parameters' => [ [ - 'name' => 'CiphertextBlob', + 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The ciphertext of the data key encrypted by using a CMK.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901q********', - ], + 'schema' => ['description' => 'The ID of the key. You can also specify a key alias or a key Amazon Resource Name (ARN). For more information about aliases, refer to [Manage key aliases](~~480655~~).'."\n" + .'>When you access a key that belongs to a different Alibaba Cloud account, you must specify the key ARN. The format of a key ARN is `acs:kms:${region}:${account}:key/${keyid}`.', 'type' => 'string', 'required' => true, 'example' => 'key-hzz630494463ejqjx****', 'title' => ''], ], [ - 'name' => 'EncryptionContext', + 'name' => 'Message', 'in' => 'query', - 'style' => 'json', - 'schema' => [ - 'description' => 'A JSON string that consists of key-value pairs. If you specify this parameter when you use a CMK to encrypt the data key, an equivalent value is required here. For more information, see [EncryptionContext](~~42975~~).'."\n", - 'type' => 'object', - 'required' => false, - 'example' => '{"Example":"Example"}', - ], + 'schema' => ['description' => 'The data for which you want to generate a message authentication code. '."\n" + ."\n" + .'The value is Base64-encoded. For example, if the hexadecimal data is `[0x31, 0x32, 0x33, 0x34]`, the corresponding Base64-encoded value is `MTIzNA==`.', 'type' => 'string', 'required' => true, 'example' => 'VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4=', 'title' => ''], ], [ - 'name' => 'PublicKeyBlob', + 'name' => 'Algorithm', 'in' => 'query', - 'schema' => [ - 'description' => 'A Base64-encoded public key.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndKfC2ReLL2+y8a0+ZBBeAft/uBYo86GZiYJuflqgUzKxpyuvlo3uQkBv6b+nx+0tz8g8v7GhpPWMSW5L9mNHYsvYFsa7jTxsYdt17yj6GlUHPuMIs8hr5qbwl38IHU1iIa7nYWwE2fb3ePOvLDACRJVgGpU0yxioW80d2QD+9aU4jF5dlAahcfgsNzo2CXzCUc1+xbmNuq7Rp+H9VJB9dyYOwqnW3RhOLBo21FzpORapf0UiRlrHRpk1V6ez+aE1dofaYh/9bh0m6ioxj7j5hpZbWccuEZTMBKd+cbuBkRhJzc6Tti6qwZbDiu4fUwbZS0Tqpuo1UadiyxMW********', - ], + 'schema' => ['description' => 'The algorithm that is used to generate the message authentication code. Valid values vary based on the key specification: '."\n" + ."\n" + .'- HMAC_SM3'."\n" + ."\n" + .'- HMAC_SHA_224'."\n" + ."\n" + .'- HMAC_SHA_256'."\n" + ."\n" + .'- HMAC_SHA_384'."\n" + ."\n" + .'- HMAC_SHA_512', 'type' => 'string', 'required' => true, 'example' => 'HMAC_SHA_256', 'title' => ''], ], [ - 'name' => 'WrappingKeySpec', + 'name' => 'DryRun', 'in' => 'query', + 'schema' => ['description' => 'Specifies whether to enable DryRun mode.'."\n" + ."\n" + .'- true: enabled'."\n" + .'- false (default): disabled'."\n" + ."\n" + .'DryRun mode is used to test API calls and verify whether you have the required permissions on the corresponding resources and whether the request parameters are correctly configured. When DryRun mode is enabled, KMS always returns a failure and provides the failure reason. Failure reasons include:'."\n" + ."\n" + .'- DryRunOperationError: The request would succeed without the DryRun parameter.'."\n" + .'- ValidationError: The parameters specified in the request are invalid.'."\n" + .'- AccessDeniedError: You are not authorized to perform this operation on the KMS resource.', 'type' => 'string', 'required' => false, 'example' => 'false', 'title' => ''], + ], + ], + 'responses' => [ + 200 => [ 'schema' => [ - 'description' => 'The key type of the public key specified by PublicKeyBlob. For more information about key types, see [Introduction to asymmetric keys](~~148147~~).'."\n" - ."\n" - .'Valid values:'."\n" - ."\n" - .'* RSA\\_2048'."\n" - .'* EC_SM2'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'RSA_2048', + 'title' => '', + 'description' => 'Schema of Response', + 'type' => 'object', + 'properties' => [ + 'RequestId' => ['title' => '', 'description' => 'The ID of the request. Alibaba Cloud generates a unique identifier for each request. You can use this ID to troubleshoot issues.', 'type' => 'string', 'example' => '4c8ae23f-3a42-6791-a4ba-1faa77831c28'], + 'KeyId' => ['description' => 'The globally unique identifier of the customer master key (CMK).'."\n" + ."\n" + .'> If the KeyId parameter in the request uses a CMK alias, the response returns the CMK identifier that corresponds to the alias.', 'type' => 'string', 'example' => 'key-hzz630494463ejqjx****', 'title' => ''], + 'Algorithm' => ['description' => 'The algorithm that is used to generate the message authentication code. Valid values vary based on the key specification: '."\n" + ."\n" + .'- HMAC_SM3'."\n" + ."\n" + .'- HMAC_SHA_224'."\n" + ."\n" + .'- HMAC_SHA_256'."\n" + ."\n" + .'- HMAC_SHA_384'."\n" + ."\n" + .'- HMAC_SHA_512', 'type' => 'string', 'example' => 'HMAC_SHA_256', 'title' => ''], + 'Mac' => ['description' => 'The Base64-encoded message authenticate code.', 'type' => 'string', 'example' => 'vz1Snp+jGJbgydCFRWVWxAwIMdyfKCSp+jnMWQ==', 'title' => ''], + ], + 'example' => '', ], ], + ], + 'staticInfo' => ['returnType' => 'synchronous'], + 'title' => 'Generate HMAC message authentication code', + 'summary' => 'Generates an HMAC message authentication code for a message by using a specified key.', + 'description' => 'For details about the access policy required when a RAM user or RAM role invokes this operation, refer to access control.'."\n" + ."\n" + .'This operation can be invoked through a shared gateway or a dedicated gateway. For more information, refer to Alibaba Cloud SDK.'."\n" + ."\n" + .'- Shared gateway: Access KMS through a public or VPC endpoint. This method requires you to enable the public network access switch. For more information, refer to accessing keys in a KMS instance over the Internet.'."\n" + .'- Dedicated gateway: Access KMS through a KMS private endpoint (<YOUR_KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com).', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"4c8ae23f-3a42-6791-a4ba-1faa77831c28\\",\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"Algorithm\\": \\"HMAC_SHA_256\\",\\n \\"Mac\\": \\"vz1Snp+jGJbgydCFRWVWxAwIMdyfKCSp+jnMWQ==\\"\\n}","type":"json"}]', + ], + 'GetClientKey' => [ + 'methods' => ['get'], + 'schemes' => ['https'], + 'security' => [ [ - 'name' => 'WrappingAlgorithm', - 'in' => 'query', - 'schema' => [ - 'description' => 'The encryption algorithm based on which you want to use the public key specified by PublicKeyBlob to encrypt the data key. For more information about encryption algorithms, see [AsymmetricDecrypt](~~148130~~).'."\n" - ."\n" - .'Valid values:'."\n" - ."\n" - .'* RSAES_OAEP_SHA\\_256'."\n" - .'* RSAES_OAEP_SHA\\_1'."\n" - .'* SM2PKE'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'RSAES_OAEP_SHA_256', - ], + 'AK' => [], ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'none', + 'abilityTreeCode' => '190829', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [ [ - 'name' => 'DryRun', + 'name' => 'ClientKeyId', 'in' => 'query', - 'schema' => [ - 'type' => 'string', - ], + 'schema' => ['description' => 'The ID of the client key.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'KAAP.66abf237-63f6-4625-b8cf-47e1086e****'], ], ], 'responses' => [ 200 => [ 'schema' => [ + 'title' => 'Schema of Response', + 'description' => 'The details of the client key.', 'type' => 'object', 'properties' => [ - 'KeyVersionId' => [ - 'description' => 'The ID of the CMK version that is used to decrypt the specified ciphertext of the data key.'."\n", - 'type' => 'string', - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], - 'KeyId' => [ - 'description' => 'The ID of the CMK that is used to decrypt the specified ciphertext of the data key.'."\n" - ."\n" - .'This parameter is the globally unique ID of the CMK.'."\n", - 'type' => 'string', - 'example' => '202b9877-5a25-46e3-a763-e20791b5****', - ], - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => '4bd560a1-729e-45f1-a3d9-b2a33d61046b', - ], - 'ExportedDataKey' => [ - 'description' => 'The data key encrypted by using the public key and then exported.'."\n", - 'type' => 'string', - 'example' => 'BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVs*******', - ], + 'RequestId' => ['title' => 'Id of the request', 'description' => 'The ID of the request. Alibaba Cloud generates this unique ID for each request. Use this ID to troubleshoot issues.', 'type' => 'string', 'example' => '63d849a6-045b-4a57-ad9f-c5f756cea9e9'], + 'ClientKeyId' => ['description' => 'The ID of the client key.', 'type' => 'string', 'example' => 'KAAP.66abf237-63f6-4625-b8cf-47e1086e****', 'title' => ''], + 'CreateTime' => ['description' => 'The time when the client key was created.', 'type' => 'string', 'example' => '2023-08-31T09:14:38Z', 'title' => ''], + 'KeyAlgorithm' => ['description' => 'The algorithm of the private key for the client key.', 'type' => 'string', 'example' => 'RSA_2048', 'title' => ''], + 'KeyOrigin' => ['description' => 'The creator of the client key.'."\n" + ."\n" + .'Currently, client keys are generated only by KMS. The value is \\`KMS\\_PROVIDED\\`.', 'type' => 'string', 'example' => 'KMS_PROVIDED', 'title' => ''], + 'PublicKeyData' => ['description' => 'The content of the public key for the client key.', 'type' => 'string', 'example' => '-----BEGIN CERTIFICATE-----\\nMIIDcjCCAlqgAwIBAgIQT/sAVRxwYp54mrw****-----END CERTIFICATE-----', 'title' => ''], + 'NotAfter' => ['description' => 'The time when the client key expires.', 'type' => 'string', 'example' => '2028-08-31T17:14:33Z', 'title' => ''], + 'NotBefore' => ['description' => 'The time when the validity period of the client key starts.', 'type' => 'string', 'example' => '2023-08-31T17:14:33Z', 'title' => ''], + 'AapName' => ['description' => 'The name of the application access point (AAP).', 'type' => 'string', 'example' => 'aap_test', 'title' => ''], ], + 'example' => '', ], ], ], - 'errorCodes' => [ - 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], - ], - 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], - ], - 500 => [ - [ - 'errorCode' => 'InternalFailure', - 'errorMessage' => 'Internal Failure.', - ], - ], + 'staticInfo' => ['returnType' => 'synchronous'], + 'title' => 'GetClientKey', + 'summary' => 'Retrieves information about a client key.', + 'description' => 'For information about the access policy required for a RAM user or RAM role to call this operation, see [Resource Access Management](~~2767210~~).', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"202b9877-5a25-46e3-a763-e20791b5****\\",\\n \\"RequestId\\": \\"4bd560a1-729e-45f1-a3d9-b2a33d61046b\\",\\n \\"ExportedDataKey\\": \\"BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVs*******\\"\\n}","errorExample":""},{"type":"xml","example":"<ExportDataKeyResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>202b9877-5a25-46e3-a763-e20791b5****</KeyId>\\n <RequestId>4bd560a1-729e-45f1-a3d9-b2a33d61046b</RequestId>\\n <ExportedDataKey>BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVs*******</ExportedDataKey>\\n</ExportDataKeyResponse>","errorExample":""}]', - 'title' => 'ExportDataKey', - 'summary' => 'Encrypts and exports a data key by using a public key.', - 'description' => 'You can call the [GenerateDataKeyWithoutPlaintext](~~134043~~) operation to generate a data key, which is encrypted by a CMK. If you want to distribute the data key to other regions or cryptographic modules, you can call the ExportDataKey operation to use a public key to encrypt the data key.'."\n" - ."\n" - .'Then, you can import the ciphertext of the data key to the cryptographic module where the private key is stored. This way, the data key is securely distributed from KMS to the cryptographic module. After the data key is imported to the cryptographic module, you can use it to encrypt or decrypt data.'."\n", - 'requestParamsDescription' => ' ', - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"63d849a6-045b-4a57-ad9f-c5f756cea9e9\\",\\n \\"ClientKeyId\\": \\"KAAP.66abf237-63f6-4625-b8cf-47e1086e****\\",\\n \\"CreateTime\\": \\"2023-08-31T09:14:38Z\\",\\n \\"KeyAlgorithm\\": \\"RSA_2048\\",\\n \\"KeyOrigin\\": \\"KMS_PROVIDED\\",\\n \\"PublicKeyData\\": \\"-----BEGIN CERTIFICATE-----\\\\\\\\nMIIDcjCCAlqgAwIBAgIQT/sAVRxwYp54mrw****-----END CERTIFICATE-----\\",\\n \\"NotAfter\\": \\"2028-08-31T17:14:33Z\\",\\n \\"NotBefore\\": \\"2023-08-31T17:14:33Z\\",\\n \\"AapName\\": \\"aap_test\\"\\n}","type":"json"}]', ], - 'GenerateDataKeyWithoutPlaintext' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'GetDefaultKmsInstance' => [ + 'summary' => 'Queries the default KMS instance in a specified region.', + 'methods' => ['get', 'post'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -5024,148 +3901,109 @@ 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', - 'abilityTreeCode' => '54571', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', - ], + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '274501', + 'abilityTreeNodes' => ['FEATUREkms586TOR'], + 'autoTest' => true, + 'tenantRelevance' => 'tenant', ], - 'parameters' => [ - [ - 'name' => 'KeyId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The globally unique ID of the CMK. You can also set this parameter to an alias that is bound to the CMK. For more information, see Use aliases.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '1234abcd-12ab-34cd-56ef-12345678****', - ], - ], - [ - 'name' => 'KeySpec', - 'in' => 'query', + 'parameters' => [], + 'responses' => [ + 200 => [ 'schema' => [ - 'description' => 'The length of the data key that you want to generate. Valid values:'."\n" - ."\n" - .'* AES\\_256: 256-bit symmetric key'."\n" - .'* AES\\_128: 128-bit symmetric key'."\n" - ."\n" - .'> We recommend that you use the KeySpec or NumberOfBytes parameter to specify the length of a data key. If both of them are not specified, KMS generates a 256-bit data key. If both of them are specified, KMS ignores the KeySpec parameter.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'AES_256', - 'enum' => [ - 'AES_256', - ' AES_128', + 'title' => '', + 'description' => 'The response message.', + 'type' => 'object', + 'properties' => [ + 'RequestId' => ['description' => 'The ID of the request. This ID is a unique identifier generated by Alibaba Cloud for the request. You can use this ID to troubleshoot and locate issues.', 'type' => 'string', 'title' => '', 'example' => 'bbc4e9ab-c76f-48ca-9c2a-8535772117e2'], + 'DefaultKmsInstanceId' => ['description' => 'The ID of the default KMS instance.', 'type' => 'string', 'example' => 'kst-hzz65f176a0ogplgq****', 'title' => ''], ], + 'example' => '', ], ], + ], + 'staticInfo' => ['returnType' => 'synchronous'], + 'title' => 'GetDefaultKmsInstance', + 'description' => '- For information about the access policy that is required to call this operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- This API is for users who migrate from KMS 1.0 to KMS 3.0. After the migration is complete, if you create an Asset without specifying a KMS instance, the Asset is created in the default KMS instance.', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"bbc4e9ab-c76f-48ca-9c2a-8535772117e2\\",\\n \\"DefaultKmsInstanceId\\": \\"kst-hzz65f176a0ogplgq****\\"\\n}","type":"json"}]', + ], + 'GetKeyPolicy' => [ + 'summary' => 'Queries the key policy of a CMK in a KMS instance.', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], + 'security' => [ [ - 'name' => 'NumberOfBytes', - 'in' => 'query', - 'schema' => [ - 'description' => 'The length of the data key that you want to generate.'."\n" - ."\n" - .'Valid values: 1 to 1024.'."\n" - ."\n" - .'Unit: bytes.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'maximum' => '1024', - 'minimum' => '0', - 'example' => '256', - ], + 'AK' => [], ], + ], + 'operationType' => 'readAndWrite', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '206082', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], + ], + 'parameters' => [ [ - 'name' => 'EncryptionContext', + 'name' => 'KeyId', 'in' => 'query', - 'style' => 'json', - 'schema' => [ - 'description' => 'A JSON string that consists of key-value pairs. If you specify this parameter, an equivalent value is required when you call the Decrypt operation. For more information, see [EncryptionContext](~~42975~~).'."\n", - 'type' => 'object', - 'required' => false, - 'example' => '{"Example":"Example"}', - ], + 'schema' => ['description' => 'The ID or Alibaba Cloud Resource Name (ARN) of the key.'."\n" + ."\n" + .'> When you access a key in another Alibaba Cloud account, you must enter the ARN of the key. The ARN of a key is in the `acs:kms:${region}:${account}:key/${keyid}` format.', 'type' => 'string', 'title' => '', 'required' => true, 'example' => 'key-hzz630494463ejqjx****'], ], [ - 'name' => 'DryRun', + 'name' => 'PolicyName', 'in' => 'query', - 'schema' => [ - 'type' => 'string', - ], + 'schema' => ['description' => 'The name of the key policy. Only the static value default is supported.', 'type' => 'string', 'required' => false, 'title' => '', 'example' => 'default'], ], ], 'responses' => [ 200 => [ 'schema' => [ + 'title' => '', + 'description' => '', 'type' => 'object', 'properties' => [ - 'KeyVersionId' => [ - 'description' => 'The ID of the key version that is used to encrypt the plaintext. It is the primary version of the CMK.'."\n", - 'type' => 'string', - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], - 'KeyId' => [ - 'description' => 'The globally unique ID of the CMK.'."\n" - ."\n" - .'> If you set the KeyId parameter to an alias, the ID of the CMK to which the alias is bound is returned.'."\n", - 'type' => 'string', - 'example' => '599fa825-17de-417e-9554-bb032cc6****', - ], - 'CiphertextBlob' => [ - 'description' => 'The ciphertext of the data that is encrypted by using the primary CMK version.'."\n", - 'type' => 'string', - 'example' => 'ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****', - ], - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => '7021b6ec-4be7-4d3c-8a68-1e85d4d515a0', - ], + 'RequestId' => ['description' => 'The ID of the request. This ID is a unique identifier generated by Alibaba Cloud for the request. You can use this ID to troubleshoot issues.', 'type' => 'string', 'title' => '', 'example' => '381D5D33-BB8F-395F-8EE4-AE3B84B523C8'], + 'Policy' => ['description' => 'The key policy.', 'type' => 'string', 'example' => '{"Statement": [{"Action": ["kms:*"],"Effect": "Allow","Principal": {"RAM": ["acs:ram::190325303126****:*","acs:ram::119285303511****:*"]},"Resource": ["*"],"Sid": "kms default key policy"}],"Version": "1" }', 'title' => ''], ], + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], + ['errorCode' => 'MissingParameter', 'errorMessage' => 'The parameter needed but no provided.', 'description' => 'The required parameters are not specified.'], + ['errorCode' => 'Forbidden.NoPermission', 'errorMessage' => 'This operation is forbidden by permission system.', 'description' => 'You are not authorized to perform this operation.'], + ['errorCode' => 'Forbidden.KeyPolicyUnSupported', 'errorMessage' => 'The specified key does not support key policy.', 'description' => 'The specified key does not support key policies.'], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], + ['errorCode' => 'Forbidden.ResourceNotFound', 'errorMessage' => 'Policy not found.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"599fa825-17de-417e-9554-bb032cc6****\\",\\n \\"CiphertextBlob\\": \\"ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****\\",\\n \\"RequestId\\": \\"7021b6ec-4be7-4d3c-8a68-1e85d4d515a0\\"\\n}","errorExample":""},{"type":"xml","example":"<GenerateDataKeyWithoutPlaintextResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>599fa825-17de-417e-9554-bb032cc6****</KeyId>\\n <CiphertextBlob>ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****</CiphertextBlob>\\n <RequestId>7021b6ec-4be7-4d3c-8a68-1e85d4d515a0</RequestId>\\n</GenerateDataKeyWithoutPlaintextResponse>","errorExample":""}]', - 'title' => 'GenerateDataKeyWithoutPlaintext', - 'summary' => 'Generates a random data key, which can be used to encrypt local data.', - 'description' => 'This operation creates a random data key, encrypts the data key by using a specific symmetric CMK, and returns the ciphertext of the data key. This operation serves the same purpose as the [GenerateDataKey](~~28948~~) operation. The only difference is that this operation does not return the plaintext of the data key.'."\n" - ."\n" - .'The CMK that you specify in the request of this operation is only used to encrypt the data key and is not involved in the generation of the data key. KMS does not record or store the generated data key.'."\n" + 'staticInfo' => ['returnType' => 'synchronous'], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"381D5D33-BB8F-395F-8EE4-AE3B84B523C8\\",\\n \\"Policy\\": \\"{\\\\\\"Statement\\\\\\": [{\\\\\\"Action\\\\\\": [\\\\\\"kms:*\\\\\\"],\\\\\\"Effect\\\\\\": \\\\\\"Allow\\\\\\",\\\\\\"Principal\\\\\\": {\\\\\\"RAM\\\\\\": [\\\\\\"acs:ram::190325303126****:*\\\\\\",\\\\\\"acs:ram::119285303511****:*\\\\\\"]},\\\\\\"Resource\\\\\\": [\\\\\\"*\\\\\\"],\\\\\\"Sid\\\\\\": \\\\\\"kms default key policy\\\\\\"}],\\\\\\"Version\\\\\\": \\\\\\"1\\\\\\" }\\"\\n}","type":"json"}]', + 'title' => 'GetKeyPolicy', + 'description' => '- For more information about the access policy required for a Resource Access Management (RAM) user or RAM role to call this operation, see [Resource Access Management](~~2767210~~).'."\n" ."\n" - .'> * This operation applies to the scenario when you do not need to use the data key to immediately encrypt data. Before you can use the data key to encrypt data, you must call the [Decrypt](~~28950~~) operation to decrypt the ciphertext of the data key.'."\n" - .'> * This operation is also suitable for a distributed system with different trust levels. For example, a system stores data in different partitions based on a preset trust policy. A module creates different partitions and generates different data keys for each partition in advance. This module is not involved in data production and consumption after it completes initialization of the control plane. This module is the key provider. When producing and consuming data, modules on the control plane obtain the ciphertext of the data key for a partition first. After decrypting the ciphertext of the data key, modules on the control plane use the plaintext of the data key to encrypt or decrypt data and then clear the plaintext of the data key from the memory. In such a system, the key provider does not need to obtain the plaintext of the data key. It only needs to have the permissions to call the GenerateDataKeyWithoutPlaintext operation. The data producers or consumers do not need to generate new data keys. They only need to have the permissions to call the Decrypt operation.', - 'requestParamsDescription' => ' ', - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', - ], - 'AsymmetricSign' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + .'- Because the key policy name can only be set to default, you must set the PolicyName parameter to default when you query the key policy. Otherwise, a `Not Found` error is returned.', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'GetKmsInstance' => [ + 'methods' => ['get', 'post'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -5175,151 +4013,148 @@ 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', - 'abilityTreeCode' => '54536', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', - ], + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '191299', + 'abilityTreeNodes' => ['FEATUREkms586TOR'], ], 'parameters' => [ [ - 'name' => 'KeyId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The operation that you want to perform. Set the value to **AsymmetricSign**.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', - ], - ], - [ - 'name' => 'KeyVersionId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the customer master key (CMK). The ID must be globally unique.'."\n" - ."\n" - .'> You can also set this parameter to an alias that is bound to the CMK. For more information, see [Alias overview](~~68522~~).'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], - ], - [ - 'name' => 'Algorithm', - 'in' => 'query', - 'schema' => [ - 'description' => 'The version ID of the CMK. The ID must be globally unique.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'RSA_PSS_SHA_256', - ], - ], - [ - 'name' => 'Digest', - 'in' => 'query', - 'schema' => [ - 'description' => 'The signature algorithm.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiu****=', - ], - ], - [ - 'name' => 'DryRun', + 'name' => 'KmsInstanceId', 'in' => 'query', - 'schema' => [ - 'type' => 'string', - ], + 'schema' => ['title' => 'A short description of struct', 'description' => 'The ID of the KMS instance to query.', 'type' => 'string', 'required' => true, 'example' => 'kst-bjj62f5ba3dnpb6v8****'], ], ], 'responses' => [ 200 => [ 'schema' => [ + 'title' => 'Schema of Response', + 'description' => 'The details of the KMS instance.', 'type' => 'object', 'properties' => [ - 'KeyVersionId' => [ - 'description' => 'The digest that is generated for the original message by using a hash algorithm. The hash algorithm is specified by the Algorithm parameter.'."\n" - ."\n" - .'> * The value is encoded in Base64.'."\n" - .'> * For more information about how to calculate message digests, see the **Preprocess signature: compute a message digest** section of the [Generate and verify a signature by using an asymmetric CMK](~~148146~~) topic.', - 'type' => 'string', - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], - 'KeyId' => [ - 'description' => 'The version ID of the CMK. The ID must be globally unique.'."\n", - 'type' => 'string', - 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', - ], - 'Value' => [ - 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" - ."\n" - .'> If you set the KeyId parameter in the request to an alias, the ID of the CMK to which the alias is bound is returned.'."\n", - 'type' => 'string', - 'example' => 'M2CceNZH00ZgL9ED/ZHFp21YRAvYeZHknJUc207OCZ0N9wNn9As4z2bON3FF3je+1Nu+2+/8Zj50HpMTpzYpMp2R93cYmACCmhaYoKydxylbyGzJR8y9likZRCrkD38lRoS40aBBvv/6iRKzQuo9EGYVcel36cMNg00VmYNBy3pa1rwg3gA4l3cy6kjayZja1WGPkVhrVKsrJMdbpl0ApLjXKuD8rw1n1XLCwCUEL5eLPljTZaAveqdOFQOiZnZEGI27qIiZe7I1fN8tcz6anS/gTM7xRKE++5egEvRWlTQQTJeApnPSiUPA+8ZykNdelQsOQh5SrGoyI4A5pq****==', - ], - 'RequestId' => [ - 'description' => 'The calculated signature.'."\n" - ."\n" - .'> The value is encoded in Base64.'."\n", - 'type' => 'string', - 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', + 'RequestId' => ['title' => 'Id of the request', 'description' => 'The request ID. Alibaba Cloud generates a unique identifier for each request. You can use this ID to locate and troubleshoot issues.', 'type' => 'string', 'example' => '46b4a94a-57d2-44b4-9810-1e87d31abb33'], + 'KmsInstance' => [ + 'description' => 'The details of the KMS instance.', + 'type' => 'object', + 'properties' => [ + 'InstanceId' => ['description' => 'The ID of the KMS instance.', 'type' => 'string', 'example' => 'kst-bjj62f5ba3dnpb6v8****', 'title' => ''], + 'InstanceName' => ['description' => 'The name of the KMS instance.', 'type' => 'string', 'example' => 'kst-bjj62f5ba3dnpb6v8****', 'title' => ''], + 'Status' => ['description' => 'The status of the KMS instance. Valid values:'."\n" + ."\n" + .'- `Uninitialized`: The instance is not enabled.'."\n" + ."\n" + .'- `Connecting`: The instance is connecting.'."\n" + ."\n" + .'- `Connected`: The instance is enabled.'."\n" + ."\n" + .'- `Disconnected`: The instance is disconnected.'."\n" + ."\n" + .'- `Error`: The instance is in an error state.', 'type' => 'string', 'example' => 'Connected', 'title' => ''], + 'CreateTime' => ['description' => 'The creation time of the KMS instance.', 'type' => 'string', 'example' => '2023-09-05T12:44:20Z', 'title' => ''], + 'Spec' => ['description' => 'The computing performance of the KMS instance.', 'type' => 'integer', 'format' => 'int64', 'example' => '1000', 'title' => ''], + 'KeyNum' => ['description' => 'The maximum number of keys that can be created in the KMS instance.', 'type' => 'integer', 'format' => 'int64', 'example' => '1000', 'title' => ''], + 'SecretNum' => ['description' => 'The maximum number of credentials that can be created in the KMS instance.', 'type' => 'string', 'example' => '10', 'title' => ''], + 'VpcNum' => ['description' => 'The maximum number of VPCs that can be associated with the KMS instance for access control.', 'type' => 'integer', 'format' => 'int64', 'example' => '5', 'title' => ''], + 'VpcId' => ['description' => 'The VPC to which the KMS instance is attached.', 'type' => 'string', 'example' => 'vpc-bp19z7cwmltad5dff****', 'title' => ''], + 'ZoneIds' => [ + 'description' => 'The zones to which the KMS instance is attached.', + 'type' => 'array', + 'title' => '', + 'items' => ['type' => 'string', 'description' => '', 'title' => '', 'example' => ''], + 'example' => '"cn-hangzhou-k", "cn-hangzhou-j"', + ], + 'VswitchIds' => [ + 'description' => 'The vSwitches in the VPC to which the KMS instance is attached.', + 'type' => 'array', + 'title' => '', + 'items' => ['type' => 'string', 'description' => '', 'title' => '', 'example' => ''], + 'example' => 'vsw-bp1i512amda6d10a0****', + ], + 'EndDate' => ['description' => 'The expiration time of the KMS instance.', 'type' => 'string', 'title' => '', 'example' => '2023-10-05T16:00:00Z'], + 'StartDate' => ['description' => 'The time when the KMS instance was enabled.', 'type' => 'string', 'example' => '2023-09-05T12:44:19Z', 'title' => ''], + 'CaCertificateChainPem' => ['description' => 'The CA certificate chain for the KMS instance in PEM format.', 'type' => 'string', 'example' => '-----BEGIN CERTIFICATE-----\\r\\nMIIDuzCCAqOgAwIBAgIJALTKwWAjvbMiMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNV****-----END CERTIFICATE-----', 'title' => ''], + 'BindVpcs' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'BindVpc' => [ + 'description' => 'A list of associated VPCs.'."\n" + ."\n" + .'> You can associate the KMS instance with additional VPCs in the same region, allowing self-managed applications in those VPCs to access the instance. These VPCs can belong to the same or different Alibaba Cloud accounts.', + 'type' => 'array', + 'items' => [ + 'description' => 'Details of an associated VPC.'."\n" + ."\n" + .'> You can associate the KMS instance with additional VPCs in the same region, allowing self-managed applications in those VPCs to access the instance. These VPCs can belong to the same or different Alibaba Cloud accounts.', + 'type' => 'object', + 'properties' => [ + 'RegionId' => ['description' => 'The region where the VPC is located.', 'type' => 'string', 'example' => 'cn-hangzhou', 'title' => ''], + 'VpcId' => ['description' => 'The ID of the VPC.', 'type' => 'string', 'example' => 'vpc-bp19z7djuhtad5dff****', 'title' => ''], + 'VpcOwnerId' => ['description' => 'The Alibaba Cloud account to which the VPC belongs.', 'type' => 'string', 'example' => '190325303126****', 'title' => ''], + 'VSwitchId' => ['description' => 'The vSwitch in the VPC.', 'type' => 'string', 'example' => 'vsw-bp1i512amhdje10f1****', 'title' => ''], + ], + 'title' => '', + 'example' => '', + ], + 'title' => '', + 'example' => '', + ], + ], + 'description' => '', + 'title' => '', + 'example' => '', + ], + 'ChargeType' => ['description' => 'The billing method of the instance. Valid values:'."\n" + ."\n" + .'- `PREPAY`: subscription'."\n" + ."\n" + .'- `POSTPAY`: pay-as-you-go', 'type' => 'string', 'example' => 'POSTPAY', 'title' => ''], + 'ProductVersion' => ['description' => 'The version of the KMS instance.', 'type' => 'string', 'example' => '3', 'title' => ''], + 'SaleStatus' => ['description' => 'The sales status of the instance.', 'type' => 'string', 'example' => 'Normal', 'title' => ''], + 'Log' => ['description' => 'Indicates whether logging is enabled for the KMS instance. Valid values: `1` (enabled) and `0` (disabled).', 'type' => 'integer', 'format' => 'int64', 'example' => '1', 'title' => ''], + 'LogStorage' => ['description' => 'The log storage capacity. Unit: GB.', 'type' => 'integer', 'format' => 'int64', 'example' => '100', 'title' => ''], + 'ProductType' => ['description' => 'The product type.<br>Subscription:<br>`kms_ddi_public_cn`: China site<br>`kms_ddi_public_intl`: international site<br>Pay-as-you-go:<br>`kms_ppi_public_cn`: China site<br>`kms_ppi_public_intl`: international site<br><br><br><br><br><br>', 'type' => 'string', 'example' => 'kms_ddi_public_cn', 'title' => ''], + ], + 'example' => '3', + 'title' => '', ], ], + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], - ], - 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], - [ - 'errorCode' => 'Forbidden.AliasNotFound', - 'errorMessage' => 'The specified Alias is not found.', - ], + ['errorCode' => 'IllegalTimestamp', 'errorMessage' => 'The input parameter Timestamp that is mandatory for processing this request is not supplied.', 'description' => 'The input parameter timestamp indicates that the request is outside the processing time range.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"5c438b18-05be-40ad-b6c2-3be6752c****\\",\\n \\"Value\\": \\"M2CceNZH00ZgL9ED/ZHFp21YRAvYeZHknJUc207OCZ0N9wNn9As4z2bON3FF3je+1Nu+2+/8Zj50HpMTpzYpMp2R93cYmACCmhaYoKydxylbyGzJR8y9likZRCrkD38lRoS40aBBvv/6iRKzQuo9EGYVcel36cMNg00VmYNBy3pa1rwg3gA4l3cy6kjayZja1WGPkVhrVKsrJMdbpl0ApLjXKuD8rw1n1XLCwCUEL5eLPljTZaAveqdOFQOiZnZEGI27qIiZe7I1fN8tcz6anS/gTM7xRKE++5egEvRWlTQQTJeApnPSiUPA+8ZykNdelQsOQh5SrGoyI4A5pq****==\\",\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\"\\n}","errorExample":""},{"type":"xml","example":"<AsymmetricSignResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>5c438b18-05be-40ad-b6c2-3be6752c****</KeyId>\\n <Value>M2CceNZH00ZgL9ED/ZHFp21YRAvYeZHknJUc207OCZ0N9wNn9As4z2bON3FF3je+1Nu+2+/8Zj50HpMTpzYpMp2R93cYmACCmhaYoKydxylbyGzJR8y9likZRCrkD38lRoS40aBBvv/6iRKzQuo9EGYVcel36cMNg00VmYNBy3pa1rwg3gA4l3cy6kjayZja1WGPkVhrVKsrJMdbpl0ApLjXKuD8rw1n1XLCwCUEL5eLPljTZaAveqdOFQOiZnZEGI27qIiZe7I1fN8tcz6anS/gTM7xRKE++5egEvRWlTQQTJeApnPSiUPA+8ZykNdelQsOQh5SrGoyI4A5pq****==</Value>\\n <RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>\\n</AsymmetricSignResponse>","errorExample":""}]', - 'title' => 'AsymmetricSign', - 'summary' => 'AsymmetricSign', - 'description' => 'Generates a signature by using an asymmetric key.', - 'requestParamsDescription' => 'This operation supports only asymmetric keys for which the **Usage** parameter is set to **SIGN/VERIFY**. The following table describes the supported signature algorithms. '."\n" - ."\n" - .'| KeySpec | Algorithm | Description |'."\n" - .'| ------- | --------- | ----------- |'."\n" - .'| RSA_2048 | RSA_PSS_SHA_256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |'."\n" - .'| RSA_2048 | RSA_PKCS1_SHA_256 | RSASSA-PKCS1-v1_5 using SHA-256 |'."\n" - .'| RSA_3072 | RSA_PSS_SHA_256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |'."\n" - .'| RSA_3072 | RSA_PKCS1_SHA_256 | RSASSA-PKCS1-v1_5 using SHA-256 |'."\n" - .'| EC_P256 | ECDSA_SHA_256 | ECDSA on the P-256 Curve(secp256r1) with a SHA-256 digest |'."\n" - .'| EC_P256K | ECDSA_SHA_256 | ECDSA on the P-256K Curve(secp256k1) with a SHA-256 digest |'."\n" - .'| EC_SM2 | SM2DSA | SM2 public key encryption algorithm based on elliptic curves cryptography (ECC) |'."\n" - .'> According to GB/T 32918.2 "Information security technology-Public key cryptographic algorithm SM2 based on elliptic curves-Part 2: Digital signature algorithm", when you calculate the SM2 signature, the **Digest** parameter is used to calculate the digest value of the combination of Z(A) and M, rather than the SM3 digest value. M indicates the original message to be signed. Z(A) indicates the hash value for User A. The hash value is defined in GB/T GB/T 32918.2. In this example, the asymmetric key whose ID is `5c438b18-05be-40ad-b6c2-3be6752c****` and version ID is `2ab1a983-7072-4bbc-a582-584b5bd8****` and the signature algorithm `RSA_PSS_SHA_256` are used to generate a signature for the digest `ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiuy****=`.', - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', - ], - 'AsymmetricVerify' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"46b4a94a-57d2-44b4-9810-1e87d31abb33\\",\\n \\"KmsInstance\\": {\\n \\"InstanceId\\": \\"kst-bjj62f5ba3dnpb6v8****\\",\\n \\"InstanceName\\": \\"kst-bjj62f5ba3dnpb6v8****\\",\\n \\"Status\\": \\"Connected\\",\\n \\"CreateTime\\": \\"2023-09-05T12:44:20Z\\",\\n \\"Spec\\": 1000,\\n \\"KeyNum\\": 1000,\\n \\"SecretNum\\": \\"10\\",\\n \\"VpcNum\\": 5,\\n \\"VpcId\\": \\"vpc-bp19z7cwmltad5dff****\\",\\n \\"ZoneIds\\": [\\n \\"\\"\\n ],\\n \\"VswitchIds\\": [\\n \\"\\"\\n ],\\n \\"EndDate\\": \\"2023-10-05T16:00:00Z\\",\\n \\"StartDate\\": \\"2023-09-05T12:44:19Z\\",\\n \\"CaCertificateChainPem\\": \\"-----BEGIN CERTIFICATE-----\\\\\\\\r\\\\\\\\nMIIDuzCCAqOgAwIBAgIJALTKwWAjvbMiMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNV****-----END CERTIFICATE-----\\",\\n \\"BindVpcs\\": {\\n \\"BindVpc\\": [\\n {\\n \\"RegionId\\": \\"cn-hangzhou\\",\\n \\"VpcId\\": \\"vpc-bp19z7djuhtad5dff****\\",\\n \\"VpcOwnerId\\": \\"190325303126****\\",\\n \\"VSwitchId\\": \\"vsw-bp1i512amhdje10f1****\\"\\n }\\n ]\\n },\\n \\"ChargeType\\": \\"POSTPAY\\",\\n \\"ProductVersion\\": \\"3\\",\\n \\"SaleStatus\\": \\"Normal\\",\\n \\"Log\\": 1,\\n \\"LogStorage\\": 100,\\n \\"ProductType\\": \\"kms_ddi_public_cn\\"\\n }\\n}","type":"json"}]', + 'title' => 'GetKmsInstance', + 'summary' => 'Retrieves the details of a KMS instance.', + 'description' => 'Refer to [Resource Access Management](~~2767210~~) for the access policy required to call this OpenAPI as a RAM user or RAM role.', + 'changeSet' => [ + ['createdAt' => '2025-11-28T01:56:41.000Z', 'description' => 'Response parameters changed'], + ['createdAt' => '2025-11-27T11:59:54.000Z', 'description' => 'OpenAPI offline'], + ['createdAt' => '2025-11-27T11:59:49.000Z', 'description' => 'OpenAPI offline'], + ['createdAt' => '2025-11-27T11:47:52.000Z', 'description' => 'OpenAPI offline'], + ['createdAt' => '2025-11-27T11:47:41.000Z', 'description' => 'OpenAPI offline'], + ['createdAt' => '2025-11-27T11:42:12.000Z', 'description' => 'OpenAPI offline'], + ['createdAt' => '2025-11-27T11:39:16.000Z', 'description' => 'OpenAPI offline'], + ['createdAt' => '2025-11-27T08:17:00.000Z', 'description' => 'OpenAPI offline'], + ['createdAt' => '2025-11-27T08:15:59.000Z', 'description' => 'OpenAPI offline'], + ['createdAt' => '2025-11-27T07:58:43.000Z', 'description' => 'OpenAPI offline'], + ['createdAt' => '2025-11-18T03:35:59.000Z', 'description' => 'OpenAPI offline'], + ['createdAt' => '2025-11-18T03:28:08.000Z', 'description' => 'OpenAPI offline'], + ['createdAt' => '2025-11-18T02:37:21.000Z', 'description' => 'OpenAPI offline'], + ], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'GetKmsInstanceQuotaInfos' => [ + 'summary' => 'Queries the quota usage and limits for a KMS instance.', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -5329,78 +4164,37 @@ 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', - 'abilityTreeCode' => '54537', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', - ], + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '290515', + 'abilityTreeNodes' => ['FEATUREkms586TOR'], + 'autoTest' => true, + 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ - 'name' => 'KeyId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" - ."\n" - .'> You can also set this parameter to an alias that is bound to the CMK. For more information, see [Overview of aliases](~~68522~~).'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', - ], - ], - [ - 'name' => 'KeyVersionId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The version ID of the CMK. The ID must be globally unique.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], - ], - [ - 'name' => 'Algorithm', + 'name' => 'KmsInstanceId', 'in' => 'query', - 'schema' => [ - 'description' => 'The signature algorithm.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'RSA_PSS_SHA_256', - ], + 'schema' => ['description' => 'The ID of the KMS instance to query.', 'type' => 'string', 'required' => false, 'example' => 'kst-bjj62f5ba3dnpb6v8****', 'title' => ''], ], [ - 'name' => 'Digest', + 'name' => 'ResourceType', 'in' => 'query', 'schema' => [ - 'description' => 'The digest that is generated for the original message by using a hash algorithm. The hash algorithm is specified by the **Algorithm** parameter.'."\n" + 'description' => 'The resource type. Valid values:'."\n" ."\n" - .'> The value is encoded in Base64.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiuy****=', - ], - ], - [ - 'name' => 'Value', - 'in' => 'query', - 'schema' => [ - 'description' => 'The signature value to be verified.'."\n" + .'- `key`: key quota'."\n" ."\n" - .'> The value is encoded in Base64.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'M2CceNZH00ZgL9ED/ZHFp21YRAvYeZHknJUc207OCZ0N9wNn9As4z2bON3FF3je+1Nu+2+/8Zj50HpMTpzYpMp2R93cYmACCmhaYoKydxylbyGzJR8y9likZRCrkD38lRoS40aBBvv/6iRKzQuo9EGYVcel36cMNg00VmYNBy3pa1rwg3gA4l3cy6kjayZja1WGPkVhrVKsrJMdbpl0ApLjXKuD8rw1n1XLCwCUEL5eLPljTZaAveqdOFQOiZnZEGI27qIiZe7I1fN8tcz6anS/gTM7xRKE++5egEvRWlTQQTJeApnPSiUPA+8ZykNdelQsOQh5SrGoyI4A5pq****==', - ], - ], - [ - 'name' => 'DryRun', - 'in' => 'query', - 'schema' => [ + .'- `secret`: secret quota'."\n" + ."\n" + .'- `qps`: queries per second (QPS) quota'."\n" + ."\n" + .'- `vpc`: Virtual Private Cloud (VPC) quota', + 'enumValueTitles' => ['qps' => 'qps', 'vpc' => 'vpc', 'secret' => 'secret', 'key' => 'key'], 'type' => 'string', + 'required' => false, + 'example' => 'key', + 'title' => '', ], ], ], @@ -5409,82 +4203,58 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'KeyVersionId' => [ - 'description' => 'The version ID of the CMK that is used to encrypt the plaintext.'."\n", - 'type' => 'string', - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], - 'KeyId' => [ - 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" - ."\n" - .'> If you set the KeyId parameter in the request to an alias, the ID of the CMK to which the alias is bound is returned.'."\n", - 'type' => 'string', - 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', - ], - 'Value' => [ - 'description' => 'Indicates whether the signature passed the verification.'."\n", - 'type' => 'boolean', - 'example' => 'true', - ], - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'title' => '', 'example' => 'f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f'], + 'KmsInstanceId' => ['description' => 'The ID of the KMS instance.', 'type' => 'string', 'example' => 'kst-hzz6****', 'title' => ''], + 'KmsInstanceQuotaInfos' => [ + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'ResourceQuota' => ['description' => 'The quota.', 'type' => 'integer', 'format' => 'int64', 'example' => '12', 'title' => ''], + 'ResourceType' => ['description' => 'The resource type.', 'type' => 'string', 'example' => 'key', 'title' => ''], + 'UsedQuantity' => ['description' => 'The quota usage.', 'type' => 'integer', 'format' => 'int64', 'example' => '10', 'title' => ''], + ], + 'description' => '', + 'title' => '', + 'example' => '', + ], + 'description' => 'An array of quota details for the instance.', + 'title' => '', + 'example' => '', ], ], + 'description' => 'The response schema.', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], - 404 => [ - [ - 'errorCode' => 'Forbidden.AliasNotFound', - 'errorMessage' => 'The specified Alias is not found.', - ], - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + 403 => [ + ['errorCode' => 'Forbidden.DKMSInstanceStateInvalid', 'errorMessage' => 'The DKMS instance state is invalid.', 'description' => 'Your dedicated KMS instance is invalid.'], + ['errorCode' => 'Forbidden.DKMSInstanceNotFound', 'errorMessage' => 'The specified DKMS Instance is not found.', 'description' => 'Your dedicated KMS instance is not found.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"5c438b18-05be-40ad-b6c2-3be6752c****\\",\\n \\"Value\\": true,\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\"\\n}","errorExample":""},{"type":"xml","example":"<AsymmetricVerifyResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>5c438b18-05be-40ad-b6c2-3be6752c****</KeyId>\\n <Value>true</Value>\\n <RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>\\n</AsymmetricVerifyResponse>","errorExample":""}]', - 'title' => 'AsymmetricVerify', - 'summary' => 'Verifies a signature by using an asymmetric key.', - 'description' => 'This operation supports only asymmetric keys for which the **Usage** parameter is set to **SIGN/VERIFY**. The following table describes the supported signature algorithms. '."\n" - ."\n" - .'| KeySpec | Algorithm | Description |'."\n" - .'| ------- | --------- | ----------- |'."\n" - .'| RSA_2048 | RSA_PSS_SHA_256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |'."\n" - .'| RSA_2048 | RSA_PKCS1_SHA_256 | RSASSA-PKCS1-v1_5 using SHA-256 |'."\n" - .'| RSA_3072 | RSA_PSS_SHA_256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |'."\n" - .'| RSA_3072 | RSA_PKCS1_SHA_256 | RSASSA-PKCS1-v1_5 using SHA-256 |'."\n" - .'| EC_P256 | ECDSA_SHA_256 | ECDSA on the P-256 Curve(secp256r1) with a SHA-256 digest |'."\n" - .'| EC_P256K | ECDSA_SHA_256 | ECDSA on the P-256K Curve(secp256k1) with a SHA-256 digest |'."\n" - .'| EC_SM2 | SM2DSA | SM2 elliptic curve public key encryption algorithm |'."\n" - .'> When you calculate the SM2 signature based on GB/T 32918, the **Digest** parameter is used to calculate the digest value of the combination of Z(A) and M, rather than the SM3 digest value. M indicates the original message to be signed. Z(A) indicates the hash value for User A. The hash value is defined in GB/T 32918. In this example, the asymmetric key whose ID is `5c438b18-05be-40ad-b6c2-3be6752c****` and version ID is `2ab1a983-7072-4bbc-a582-584b5bd8****` and the signature algorithm RSA_PSS_SHA_256 are used to verify the signature `M2CceNZH00ZgL9ED/ZHFp21YRAvYeZHknJUc207OCZ0N9wNn9As4z2bON3FF3je+1Nu+2+/8Zj50HpMTpzYpMp2R93cYmACCmhaYoKydxylbyGzJR8y9likZRCrkD38lRoS40aBBvv/6iRKzQuo9EGYVcel36cMNg00VmYNBy3pa1rwg3gA4l3cy6kjayZja1WGPkVhrVKsrJMdbpl0ApLjXKuD8rw1n1XLCwCUEL5eLPljTZaAveqdOFQOiZnZEGI27qIiZe7I1fN8tcz6anS/gTM7xRKE++5egEvRWlTQQTJeApnPSiUPA+8ZykNdelQsOQh5SrGoyI4A5pq****==` of the digest `ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiuyjfzw=`.', - 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', - ], - 'AsymmetricEncrypt' => [ - 'summary' => 'Encrypts data by using an asymmetric customer master key (CMK).', - 'methods' => [ - 'post', - 'get', + 'staticInfo' => ['returnType' => 'synchronous'], + 'title' => 'GetKmsInstanceQuotaInfos', + 'changeSet' => [ + ['createdAt' => '2025-11-27T08:32:27.000Z', 'description' => 'OpenAPI offline'], + ['createdAt' => '2025-11-27T08:17:00.000Z', 'description' => 'OpenAPI offline'], + ['createdAt' => '2025-11-27T08:15:59.000Z', 'description' => 'OpenAPI offline'], + ['createdAt' => '2025-11-27T07:58:43.000Z', 'description' => 'OpenAPI offline'], + ['createdAt' => '2025-11-18T03:35:59.000Z', 'description' => 'OpenAPI offline'], ], - 'schemes' => [ - 'https', + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f\\",\\n \\"KmsInstanceId\\": \\"kst-hzz6****\\",\\n \\"KmsInstanceQuotaInfos\\": [\\n {\\n \\"ResourceQuota\\": 12,\\n \\"ResourceType\\": \\"key\\",\\n \\"UsedQuantity\\": 10\\n }\\n ]\\n}","type":"json"}]', + ], + 'GetParametersForImport' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -5492,68 +4262,24 @@ ], 'operationType' => 'read', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'get', - 'abilityTreeCode' => '54535', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', - ], - ], + 'systemTags' => ['operationType' => 'get'], 'parameters' => [ [ - 'name' => 'Plaintext', - 'in' => 'query', - 'schema' => [ - 'description' => 'The plaintext that you want to encrypt. The plaintext must be Base64-encoded.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'SGVsbG8gd29ybGQ=', - ], - ], - [ 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" - ."\n" - .'> You can also set this parameter to an alias that is bound to the CMK. For more information, see [Overview of aliases](~~68522~~).'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', - ], + 'schema' => ['description' => 'The globally unique ID of the CMK.'."\n" + ."\n" + .'> You can import key material only for CMKs whose Origin parameter is set to EXTERNAL.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '202b9877-5a25-46e3-a763-e20791b5****', 'title' => ''], ], [ - 'name' => 'KeyVersionId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The version ID of the CMK. The ID must be globally unique.'."\n" - ."\n" - .'> You can call the [ListKeyVersions](~~133966~~) operation to query the versions of a CMK. The ID of a version is specified by the KeyVersionId parameter.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], - ], - [ - 'name' => 'Algorithm', + 'name' => 'WrappingAlgorithm', 'in' => 'query', - 'schema' => [ - 'description' => 'The encryption algorithm.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'RSAES_OAEP_SHA_1', - ], + 'schema' => ['description' => 'The algorithm that is used to encrypt key material.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'RSAES_PKCS1_V1_5', 'title' => ''], ], [ - 'name' => 'DryRun', + 'name' => 'WrappingKeySpec', 'in' => 'query', - 'schema' => [ - 'type' => 'string', - ], + 'schema' => ['description' => 'The type of the public key that is used to encrypt key material.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'RSA_2048', 'title' => ''], ], ], 'responses' => [ @@ -5561,75 +4287,60 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'KeyVersionId' => [ - 'description' => 'The version ID of the CMK that is used to encrypt the plaintext.'."\n", - 'type' => 'string', - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], - 'KeyId' => [ - 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" - ."\n" - .'> If you set the KeyId parameter in the request to an alias, the ID of the CMK to which the alias is bound is returned.'."\n", - 'type' => 'string', - 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', - ], - 'CiphertextBlob' => [ - 'description' => 'The Base64-encoded ciphertext that was generated after encryption.'."\n", - 'type' => 'string', - 'example' => 'BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVsv1Wbjwg==', - ], - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', - ], + 'KeyId' => ['description' => 'The globally unique ID of the CMK.'."\n" + ."\n" + .'The value of this parameter is required when you call the [ImportKeyMaterial](~~68622~~) operation.'."\n", 'type' => 'string', 'example' => '202b9877-5a25-46e3-a763-e20791b5****', 'title' => ''], + 'ImportToken' => ['description' => 'The token that is used to import key material.'."\n" + ."\n" + .'The token is valid for 24 hours. The value of this parameter is required when you call the [ImportKeyMaterial](~~68622~~) operation.'."\n", 'type' => 'string', 'example' => 'Base64String', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", 'type' => 'string', 'example' => '8cdf51fd-bcd6-d79a-0ef4-e52c9b5466dc', 'title' => ''], + 'TokenExpireTime' => ['description' => 'The time when the token expires.'."\n", 'type' => 'string', 'example' => '2018-01-25T00:01:02Z', 'title' => ''], + 'PublicKey' => ['description' => 'The public key that is used to encrypt key material.'."\n" + ."\n" + .'The public key is Base64-encoded.'."\n", 'type' => 'string', 'example' => 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlls4uIBxD0GG84C+lGBO6Dhpf1J3XimC6cPmPNaKKJMOzoX4tD+C+r7aZv8lZ3vnPfxuxvy/YwG+whUxTEEFUdqJTOIzhPfYucupqKM92crVHIuG+xtMVeHKjyTr+UrtKCsQikqHT+19yDRN/RMoo2HUx0gmEnRyXd8t3JyUXun9FdoxKA08GrsV7nodb9ZsoBLhnev7tTLcXvLyKW6XG1ZQCQm6dPnbnwLeDXR7uK0Lqn9PM28mBIdaiQUQxj2XbM1CoJA+JiyVX3Ptdb+4rqukb4Rb05B80Bs9xV/cf7FIku08l7xGhrGiQFq+DFXwQWtwihXHZxz3LhldU+4ZPwID****', 'title' => ''], ], + 'description' => '', + 'title' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'Rejected.UnsupportedOperation', - 'errorMessage' => 'Unsupported operation.', - ], + ['errorCode' => 'Unsupported.Origin', 'errorMessage' => 'This key origin is not valid for this api', 'description' => 'The key origin is not supported for this API operation.'], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'Forbidden.AliasNotFound', - 'errorMessage' => 'The specified Alias is not found.', - ], - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"CiphertextBlob\\": \\"BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVsv1Wbjwg==\\",\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\"\\n}","errorExample":""},{"type":"xml","example":"<AsymmetricEncryptResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>key-hzz630494463ejqjx****</KeyId>\\n <CiphertextBlob>BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVsv1Wbjwg==</CiphertextBlob>\\n <RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>\\n</AsymmetricEncryptResponse>","errorExample":""}]', - 'title' => 'AsymmetricEncrypt', - 'description' => 'This operation is supported only for asymmetric keys for which the **Usage** parameter is set to **ENCRYPT/DECRYPT**. The following table lists the supported encryption algorithms: '."\n" - ."\n" - .'| KeySpec | Algorithm | Description | Maximum number of bytes that can be encrypted |'."\n" - .'| ------- | --------- | ----------- | --------------------------------------------- |'."\n" - .'| RSA_2048 | RSAES_OAEP_SHA_256 | RSAES-OAEP using SHA-256 and MGF1 with SHA-256 | 190 |'."\n" - .'| RSA_2048 | RSAES_OAEP_SHA_1 | RSAES-OAEP using SHA1 and MGF1 with SHA1 | 214 |'."\n" - .'| RSA_3072 | RSAES_OAEP_SHA_256 | RSAES-OAEP using SHA-256 and MGF1 with SHA-256 | 318 |'."\n" - .'| RSA_3072 | RSAES_OAEP_SHA_1 | RSAES-OAEP using SHA1 and MGF1 with SHA1 | 342 |'."\n" - .'| EC_SM2 | SM2PKE | SM2 public key encryption algorithm based on elliptic curves | 6047 |'."\n" - .'You can use the asymmetric CMK whose ID is `5c438b18-05be-40ad-b6c2-3be6752c****` and version ID is `2ab1a983-7072-4bbc-a582-584b5bd8****` and the algorithm `RSAES_OAEP_SHA_1` to encrypt the plaintext `SGVsbG8gd29ybGQ=` based on the parameter settings provided in this topic.', + 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyId\\": \\"202b9877-5a25-46e3-a763-e20791b5****\\",\\n \\"ImportToken\\": \\"Base64String\\",\\n \\"RequestId\\": \\"8cdf51fd-bcd6-d79a-0ef4-e52c9b5466dc\\",\\n \\"TokenExpireTime\\": \\"2018-01-25T00:01:02Z\\",\\n \\"PublicKey\\": \\"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlls4uIBxD0GG84C+lGBO6Dhpf1J3XimC6cPmPNaKKJMOzoX4tD+C+r7aZv8lZ3vnPfxuxvy/YwG+whUxTEEFUdqJTOIzhPfYucupqKM92crVHIuG+xtMVeHKjyTr+UrtKCsQikqHT+19yDRN/RMoo2HUx0gmEnRyXd8t3JyUXun9FdoxKA08GrsV7nodb9ZsoBLhnev7tTLcXvLyKW6XG1ZQCQm6dPnbnwLeDXR7uK0Lqn9PM28mBIdaiQUQxj2XbM1CoJA+JiyVX3Ptdb+4rqukb4Rb05B80Bs9xV/cf7FIku08l7xGhrGiQFq+DFXwQWtwihXHZxz3LhldU+4ZPwID****\\"\\n}","errorExample":""},{"type":"xml","example":"<GetParametersForImportResponse>\\n <KeyId>202b9877-5a25-46e3-a763-e20791b5****</KeyId>\\n <ImportToken>Base64String</ImportToken>\\n <RequestId>8cdf51fd-bcd6-d79a-0ef4-e52c9b5466dc</RequestId>\\n <TokenExpireTime>2018-01-25T00:01:02Z</TokenExpireTime>\\n <PublicKey>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlls4uIBxD0GG84C+lGBO6Dhpf1J3XimC6cPmPNaKKJMOzoX4tD+C+r7aZv8lZ3vnPfxuxvy/YwG+whUxTEEFUdqJTOIzhPfYucupqKM92crVHIuG+xtMVeHKjyTr+UrtKCsQikqHT+19yDRN/RMoo2HUx0gmEnRyXd8t3JyUXun9FdoxKA08GrsV7nodb9ZsoBLhnev7tTLcXvLyKW6XG1ZQCQm6dPnbnwLeDXR7uK0Lqn9PM28mBIdaiQUQxj2XbM1CoJA+JiyVX3Ptdb+4rqukb4Rb05B80Bs9xV/cf7FIku08l7xGhrGiQFq+DFXwQWtwihXHZxz3LhldU+4ZPwID****</PublicKey>\\n</GetParametersForImportResponse>","errorExample":""}]', + 'title' => 'GetParametersForImport', + 'summary' => 'Queries the parameters that are used to import key material for a customer master key (CMK).', + 'description' => 'The returned parameters can be used to call the [ImportKeyMaterial](https://www.alibabacloud.com/help/en/key-management-service/latest/importkeymaterial) operation.'."\n" + .'- You can import key material only for CMKs whose Origin parameter is set to EXTERNAL.'."\n" + .'- The public key and token that are returned by the GetParametersForImport operation must be used together. The public key and token can be used to import key material only for the CMK that is specified when you call the operation.'."\n" + .'- The public key and token that are returned vary each time you call the GetParametersForImport operation.'."\n" + .'- You must specify the type of the public key and the encryption algorithm that are used to encrypt key material. The following table lists the types of public keys and the encryption algorithms allowed for each type. '."\n" + ."\n" + .'| Public key type | Encryption algorithm | Description |'."\n" + .'| --------------- | -------------------- | ----------- |'."\n" + .'| RSA_2048 | RSAES_PKCS1_V1_5 '."\n" + ."\n" + .'RSAES_OAEP_SHA_1 '."\n" + ."\n" + .'RSAES_OAEP_SHA_256 | CMKs of all regions and all protection levels are supported. '."\n" + ."\n" + .'Dedicated Key Management Service (KMS) does not support RSAES_OAEP_SHA_1. |'."\n" + .'| EC_SM2 | SM2PKE | CMKs whose ProtectionLevel is set to HSM are supported. The SM2 algorithm is developed and approved by the State Cryptography Administration of China. The SM2 algorithm can be used only to import key material for a CMK whose ProtectionLevel is set to HSM. You can use the SM2 algorithm only when you enable the Managed HSM feature for KMS in the Chinese mainland. For more information, see [Overview of Managed HSM](https://www.alibabacloud.com/help/en/key-management-service/latest/managed-hsm-overview). |'."\n" + .'For more information, see [Import key material](https://www.alibabacloud.com/help/en/key-management-service/latest/import-key-material). This topic provides an example on how to query the parameters that are used to import key material for a CMK. The ID of the CMK is `1234abcd-12ab-34cd-56ef-12345678****`, the encryption algorithm is `RSAES_PKCS1_V1_5`, and the public key is of the `RSA_2048` type. The parameters that are returned include the ID of the CMK, the public key that is used to encrypt the key material, the token that is used to import the key material, and the time when the token expires.', 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", 'responseParamsDescription' => ' ', 'extraInfo' => ' ', + 'changeSet' => [], ], - 'AsymmetricDecrypt' => [ - 'summary' => 'Decrypts data by using an asymmetric key.', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'GetPublicKey' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -5637,69 +4348,34 @@ ], 'operationType' => 'read', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'get', - 'abilityTreeCode' => '54534', - 'abilityTreeNodes' => [ - 'FEATUREkmsZ5VV9Q', - ], - ], + 'systemTags' => ['operationType' => 'get'], 'parameters' => [ [ - 'name' => 'CiphertextBlob', - 'in' => 'query', - 'schema' => [ - 'description' => 'The ciphertext that you want to decrypt.'."\n" - ."\n" - .'> * The value is encoded in Base64.'."\n" - .'> * You can call the [AsymmetricEncrypt](~~148131~~) operation to generate the ciphertext.', - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVsv1W****==', - ], - ], - [ 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the customer master key (CMK). The ID must be globally unique.'."\n" - ."\n" - .'> You can also set this parameter to an alias that is bound to the CMK. For more information, see [Alias overview](~~68522~~).'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', - ], + 'schema' => ['description' => 'The globally unique identifier of the customer master key (CMK). This parameter can also be an alias that is bound to the CMK. For more information, see [Use of aliases](~~68522~~).', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', 'title' => ''], ], [ 'name' => 'KeyVersionId', 'in' => 'query', - 'schema' => [ - 'description' => 'The version ID of the CMK. The ID must be globally unique.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], - ], - [ - 'name' => 'Algorithm', - 'in' => 'query', - 'schema' => [ - 'description' => 'The decryption algorithm.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'RSAES_OAEP_SHA_1', - ], + 'schema' => ['description' => 'The globally unique identifier of the key version.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], ], [ 'name' => 'DryRun', 'in' => 'query', - 'schema' => [ - 'type' => 'string', - ], + 'schema' => ['description' => 'Specifies whether to enable the DryRun mode.'."\n" + ."\n" + .'- true: enables the DryRun mode.'."\n" + ."\n" + .'- false (default): disables the DryRun mode.'."\n" + ."\n" + .'The DryRun mode is used to test API calls, verify your permissions on resources, and check whether the parameters are valid. If you enable the DryRun mode, KMS always returns a failed response and a failure reason. The failure reasons include the following:'."\n" + ."\n" + .'- DryRunOperationError: The request would have succeeded if the DryRun parameter is not specified.'."\n" + ."\n" + .'- ValidationError: The specified parameters in the request are invalid.'."\n" + ."\n" + .'- AccessDeniedError: You are not authorized to perform the operation on the KMS resource.', 'type' => 'string', 'required' => false, 'example' => 'false', 'title' => ''], ], ], 'responses' => [ @@ -5707,305 +4383,177 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'KeyVersionId' => [ - 'description' => 'The version ID of the CMK that is used to encrypt the plaintext.'."\n", - 'type' => 'string', - 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', - ], - 'KeyId' => [ - 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" - ."\n" - .'> If you set the KeyId parameter in the request to an alias, the ID of the CMK to which the alias is bound is returned.'."\n", - 'type' => 'string', - 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', - ], - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', - ], - 'Plaintext' => [ - 'description' => 'The Base64-encoded plaintext that is generated after decryption.'."\n", - 'type' => 'string', - 'example' => 'SGVsbG8gd29ybGQ=', - ], + 'KeyVersionId' => ['description' => 'The globally unique identifier of the key version.', 'type' => 'string', 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], + 'KeyId' => ['description' => 'The globally unique identifier of the CMK.'."\n" + ."\n" + .'> If you specify an alias of the CMK for the KeyId parameter in the request, the ID of the CMK to which the alias is bound is returned.', 'type' => 'string', 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', 'title' => ''], + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', 'title' => ''], + 'PublicKey' => ['description' => 'The public key in the PEM format.', 'type' => 'string', 'example' => '-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5Yu9AEgATN2/e3nUz1K\\nEy6ng8MSPutcse2/VECG/NUF9C6D4IsJ64ShzY3dcn34WYzTOe916eMJFxyrNrSw\\nHtc4UOR5AvaoRrfpgu2uq+i70/ZXrWL+pGb1hgZV8cWheIHMxwrR3IiQlM5qN7EF\\n9BdyWtyBfUGsp0Bn1VqlPc5G0x0a9xU2z9YtP994yDenNVIoIQ6Cov1lIEuwXAb2\\n7boC41ePXwD0JWt41sP+rgCmpjBx00puIG+IlnoReEgI1ZGYmK98GgA/XzmNjZiD\\nyvXJZAcM33Ue85+PkR5iHTtSEbi4QAoqpJabprUzz3Fin2j1dRrcacxGb7p31A9c\\nJQIDAQAB\\n-----END PUBLIC KEY-----\\n', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'Rejected.UnsupportedOperation', - 'errorMessage' => 'Unsupported operation.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'Forbidden.AliasNotFound', - 'errorMessage' => 'The specified Alias is not found.', - ], - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\",\\n \\"Plaintext\\": \\"SGVsbG8gd29ybGQ=\\"\\n}","errorExample":""},{"type":"xml","example":"<AsymmetricDecryptResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>key-hzz630494463ejqjx****</KeyId>\\n <RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>\\n <Plaintext>SGVsbG8gd29ybGQ=</Plaintext>\\n</AsymmetricDecryptResponse>","errorExample":""}]', - 'title' => 'AsymmetricDecrypt', - 'description' => 'This operation supports only asymmetric keys for which the **Usage** parameter is set to **ENCRYPT/DECRYPT**. The following table lists supported encryption algorithms. '."\n" + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"5c438b18-05be-40ad-b6c2-3be6752c****\\",\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\",\\n \\"PublicKey\\": \\"-----BEGIN PUBLIC KEY-----\\\\\\\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5Yu9AEgATN2/e3nUz1K\\\\\\\\nEy6ng8MSPutcse2/VECG/NUF9C6D4IsJ64ShzY3dcn34WYzTOe916eMJFxyrNrSw\\\\\\\\nHtc4UOR5AvaoRrfpgu2uq+i70/ZXrWL+pGb1hgZV8cWheIHMxwrR3IiQlM5qN7EF\\\\\\\\n9BdyWtyBfUGsp0Bn1VqlPc5G0x0a9xU2z9YtP994yDenNVIoIQ6Cov1lIEuwXAb2\\\\\\\\n7boC41ePXwD0JWt41sP+rgCmpjBx00puIG+IlnoReEgI1ZGYmK98GgA/XzmNjZiD\\\\\\\\nyvXJZAcM33Ue85+PkR5iHTtSEbi4QAoqpJabprUzz3Fin2j1dRrcacxGb7p31A9c\\\\\\\\nJQIDAQAB\\\\\\\\n-----END PUBLIC KEY-----\\\\\\\\n\\"\\n}","type":"json"}]', + 'title' => 'GetPublicKey', + 'summary' => 'Retrieves the public key of an asymmetric key. You can use the public key to encrypt data or verify a signature on your device.', + 'description' => '- For more information about the access policy required for a RAM user or RAM role to call this OpenAPI operation, see [Resource Access Management](~~2767210~~).'."\n" ."\n" - .'| KeySpec | Algorithm | Description | Maximum length in bytes |'."\n" - .'| ------- | --------- | ----------- | ----------------------- |'."\n" - .'| RSA_2048 | RSAES_OAEP_SHA_256 | RSAES-OAEP using SHA-256 and MGF1 with SHA-256 | 256 |'."\n" - .'| RSA_2048 | RSAES_OAEP_SHA_1 | RSAES-OAEP using SHA1 and MGF1 with SHA1 | 256 |'."\n" - .'| RSA_3072 | RSAES_OAEP_SHA_256 | RSAES-OAEP using SHA-256 and MGF1 with SHA-256 | 384 |'."\n" - .'| RSA_3072 | RSAES_OAEP_SHA_1 | RSAES-OAEP using SHA1 and MGF1 with SHA1 | 384 |'."\n" - .'| EC_SM2 | SM2PKE | SM2 public key encryption algorithm based on elliptic curves | 6144 |'."\n" + .'- This operation supports both shared gateways and dedicated gateways. For more information, see [Alibaba Cloud SDK](~~601559~~).'."\n" ."\n" - .'In this example, the asymmetric key whose ID is `5c438b18-05be-40ad-b6c2-3be6752c****` and version ID is `2ab1a983-7072-4bbc-a582-584b5bd8****` and the decryption algorithm `RSAES_OAEP_SHA_1` are used to decrypt the ciphertext `BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVsv1W****==`.', - 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + .' - Shared gateway: You can access KMS over the Internet or using a VPC domain name. If you access KMS over the Internet, you must enable Internet access. For more information, see [Access keys in a KMS instance over the Internet](~~2856718~~).'."\n" + ."\n" + .' - Dedicated gateway: You can access KMS using the private endpoint of KMS (`<YOUR_KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com`).', + 'requestParamsDescription' => ' ', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'CreateSecret' => [ - 'summary' => 'Creates a secret and stores the initial version of the secret.', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'GetRandomPassword' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'write', + 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'create', - 'abilityTreeCode' => '54548', - 'abilityTreeNodes' => [ - 'FEATUREkms52EQP9', - ], + 'operationType' => 'get', + 'abilityTreeCode' => '54579', + 'abilityTreeNodes' => ['FEATUREkms52EQP9'], 'tenantRelevance' => 'publicInformation', ], 'parameters' => [ [ - 'name' => 'SecretName', - 'in' => 'query', - 'schema' => [ - 'description' => 'The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores the encrypted value in the initial version.'."\n" - ."\n" - .'* If you set the SecretType parameter to Generic that indicates a generic secret, you can customize the secret value.'."\n" - ."\n" - .'* If you set the SecretType parameter to Rds that indicates a managed ApsaraDB RDS secret, the secret value must be in the format of `{"Accounts":[{"AccountName":"","AccountPassword":""}]}`. In the preceding format, `AccountName` indicates the username of the account that is used to connect to your ApsaraDB RDS instance, and `AccountPassword` specifies the password of the account.'."\n" - ."\n" - .'* If you set the SecretType parameter to RAMCredentials that indicates a managed RAM secret, the secret value must be in the format of `{"AccessKeys":[{"AccessKeyId":"","AccessKeySecret":"",}]}`. In the preceding format, `AccessKeyId` indicates the AccessKey ID of the RAM user and `AccessKeySecret` specifies the AccessKey secret of the RAM user. You must specify all the AccessKey pairs of the RAM user.'."\n" - ."\n" - .'* If you set the SecretType parameter to ECS that indicates a managed ECS secret, the secret value must be in one of the following formats:'."\n" - ."\n" - .' * `{"UserName":"","Password": ""}`: In the format, `UserName` specifies the username that is used to log on to the ECS instance, and `Password` specifies the password that is used to log on to the ECS instance.'."\n" - .' * `{"UserName":"","PublicKey": "", "PrivateKey": ""}`: In the format, `PublicKey` indicates the SSH public key that is used to log on to the ECS instance, and `PrivateKey` specifies the SSH private key that is used to log on to the ECS instance.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'mydbconninfo', - ], - ], - [ - 'name' => 'VersionId', + 'name' => 'PasswordLength', 'in' => 'query', - 'schema' => [ - 'description' => 'The type of the secret value. Valid values:'."\n" - ."\n" - .'* text'."\n" - .'* binary'."\n" - ."\n" - .'> If you set the SecretType parameter to Rds, RAMCredentials, or ECS, the SecretDataType parameter must be set to text.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'v1', - ], + 'schema' => ['description' => 'The number of bytes that the password to be generated contains.'."\n" + ."\n" + .'Valid values: 8 to 128.'."\n" + ."\n" + .'Default value: 32', 'type' => 'string', 'required' => false, 'docRequired' => false, 'default' => '32', 'example' => '32', 'title' => ''], ], [ - 'name' => 'EncryptionKeyId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The description of the secret.'."\n", - 'type' => 'string', - 'required' => false, - 'docRequired' => false, - 'example' => '00aa68af-2c02-4f68-95fe-3435d330****', - 'default' => '', - ], - ], - [ - 'name' => 'SecretData', + 'name' => 'ExcludeCharacters', 'in' => 'query', - 'schema' => [ - 'description' => 'The tags of the secret.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'The type of the secret. Valid values:'."\n" - ."\n" - .'* Generic: specifies a generic secret.'."\n" - .'* Rds: specifies a managed ApsaraDB RDS secret.'."\n" - .'* RAMCredentials: specifies a managed RAM secret.'."\n" - .'* ECS: specifies a managed ECS secret.'."\n", - ], + 'schema' => ['description' => 'The characters that are not included in the password to be generated.'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'`Valid characters: 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ! \\"#$%&\'()*+,-. /:;<=>? @[\\] your_project_id} ~ `.'."\n" + ."\n" + .'This parameter is empty by default.', 'type' => 'string', 'required' => false, 'example' => 'ABCabc', 'title' => ''], ], [ - 'name' => 'SecretDataType', + 'name' => 'ExcludeLowercase', 'in' => 'query', 'schema' => [ - 'description' => 'The extended configuration of the secret. This parameter specifies the properties of the secret of the specific type. The description can be up to 1,024 characters in length.'."\n" - ."\n" - .'* If you set the SecretType parameter to Generic, you do not need to configure this parameter.'."\n" - ."\n" - .'* If you set the SecretType parameter to Rds, configure the following fields for the ExtendedConfig parameter:'."\n" - ."\n" - .' * SecretSubType: required. The subtype of the secret. Valid values:'."\n" - ."\n" - .' * SingleUser: Secrets Manager manages the ApsaraDB RDS secret in single-account mode. When the secret is rotated, the password of the specified account is reset to a new random password.'."\n" - .' * DoubleUsers: Secrets Manager manages the ApsaraDB RDS secret in dual-account mode. One account is referenced by the ACSCurrent version, and the other account is referenced by the ACSPrevious version. When the secret is rotated, the password of the account referenced by the ACSPrevious version is reset to a new random password. Then, Secrets Manager switches the referenced accounts between the ACSCurrent and ACSPrevious versions.'."\n" - ."\n" - .' * DBInstanceId: required. The ApsaraDB RDS instance to which the ApsaraDB RDS account belongs.'."\n" - ."\n" - .' * CustomData: optional. The custom data. The value is a collection of key-value pairs in the JSON format. Up to 10 key-value pairs can be specified. Separate multiple key-value pairs with commas (,). Example: `{"Key1": "v1", "fds":"fdsf"}`. The default value is a pair of empty braces (`{}`).'."\n" - ."\n" - .'* If you set the SecretType parameter to RAMCredentials, configure the following fields for the ExtendedConfig parameter:'."\n" - ."\n" - .' * SecretSubType: required. The subtype of the secret. Set the value to RamUserAccessKey.'."\n" - .' * UserName: required. The name of the RAM user.'."\n" - .' * CustomData: optional. The custom data. The value is a collection of key-value pairs in the JSON format. Up to 10 key-value pairs can be specified. Separate multiple key-value pairs with commas (,). The default value is a pair of empty braces (`{}`).'."\n" - ."\n" - .'* If you set the SecretType parameter to ECS, configure the following fields for the ExtendedConfig parameter:'."\n" - ."\n" - .' * SecretSubType: required. The subtype of the secret. Valid values:'."\n" - ."\n" - .' * Password: the password that is used to log on to the ECS instance.'."\n" - .' * SSHKey: the SSH public key and private key that are used to log on to the ECS instance.'."\n" - ."\n" - .' * RegionId: required. The ID of the region in which the ECS instance resides.'."\n" + 'description' => 'Specifies whether to exclude lowercase letters.'."\n" ."\n" - .' * InstanceId: required. The ID of the ECS instance.'."\n" + .'Valid values:'."\n" ."\n" - .' * CustomData: optional. The custom data. The value is a collection of key-value pairs in the JSON format. Up to 10 key-value pairs can be specified. Separate multiple key-value pairs with commas (,). The default value is a pair of empty braces (`{}`).'."\n" + .'- true'."\n" ."\n" - .'> This parameter is required if you set the SecretType parameter to Rds, RAMCredentials, or ECS.'."\n", + .'- false', 'type' => 'string', 'required' => false, - 'docRequired' => false, - 'example' => 'text', - 'default' => 'text', - 'enum' => [ - 'text', - 'binary', - ], + 'default' => 'false', + 'enum' => ['false', 'true'], + 'example' => 'false', + 'title' => '', ], ], [ - 'name' => 'Description', + 'name' => 'ExcludeUppercase', 'in' => 'query', 'schema' => [ - 'description' => 'Specifies whether to enable automatic rotation. Valid values:'."\n" + 'description' => 'Specifies whether to exclude uppercase letters.'."\n" + ."\n" + .'Valid values:'."\n" ."\n" - .'* true: specifies to enable automatic rotation.'."\n" - .'* false: specifies to disable automatic rotation. This is the default value.'."\n" + .'- true'."\n" ."\n" - .'> This parameter is valid if you set the SecretType parameter to Rds, RAMCredentials, or ECS.'."\n", + .'- false', 'type' => 'string', 'required' => false, - 'docRequired' => false, - 'example' => 'mydbinfo', + 'default' => 'false', + 'enum' => ['false', 'true'], + 'example' => 'false', + 'title' => '', ], ], [ - 'name' => 'Tags', + 'name' => 'ExcludeNumbers', 'in' => 'query', 'schema' => [ - 'description' => 'The interval for automatic rotation. Valid values: 6 hours to 8,760 hours (365 days).'."\n" + 'description' => 'Specifies whether to exclude digits.'."\n" ."\n" - .'The value is in the `integer[unit]` format.'."\n" + .'Valid values:'."\n" ."\n" - .'The unit can be d (day), h (hour), m (minute), or s (second). For example, both 7d and 604800s indicate a seven-day interval.'."\n" + .'- true'."\n" ."\n" - .'> This parameter is required if you set the EnableAutomaticRotation parameter to true. This parameter is ignored if you set the EnableAutomaticRotation parameter to false or if the EnableAutomaticRotation parameter is not configured.'."\n", - 'type' => 'string', - 'required' => false, - 'docRequired' => false, - 'example' => '[{\\"TagKey\\":\\"key1\\",\\"TagValue\\":\\"val1\\"},{\\"TagKey\\":\\"key2\\",\\"TagValue\\":\\"val2\\"}]', - ], - ], - [ - 'name' => 'SecretType', - 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the dedicated KMS instance.'."\n", + .'- false', 'type' => 'string', 'required' => false, - 'example' => 'Rds', - ], - ], - [ - 'name' => 'ExtendedConfig', - 'in' => 'query', - 'style' => 'json', - 'schema' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'object', - 'required' => false, - 'example' => '{"SecretSubType":"SingleUser", "DBInstanceId":"rm-bp1b3dd3a506e****" ,"CustomData":{}}', + 'default' => 'false', + 'enum' => ['false', 'true'], + 'example' => 'false', + 'title' => '', ], ], [ - 'name' => 'EnableAutomaticRotation', + 'name' => 'ExcludePunctuation', 'in' => 'query', 'schema' => [ - 'description' => 'Indicates whether automatic rotation is enabled. Valid values:'."\n" + 'description' => 'Specifies whether to exclude special characters.'."\n" ."\n" - .'* Enabled: indicates that automatic rotation is enabled.'."\n" - .'* Disabled: indicates that automatic rotation is disabled.'."\n" - .'* Invalid: indicates that the status of automatic rotation is abnormal. In this case, Secrets Manager cannot automatically rotate the secret.'."\n" + .'Valid values:'."\n" ."\n" - .'> This parameter is returned if you set the SecretType parameter to Rds, RAMCredentials, or ECS.'."\n", - 'type' => 'boolean', - 'required' => false, - 'example' => 'true', - ], - ], - [ - 'name' => 'RotationInterval', - 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => '30d', - ], - ], - [ - 'name' => 'DKMSInstanceId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The version number of the secret.'."\n", + .'- true'."\n" + ."\n" + .'- false', 'type' => 'string', 'required' => false, - 'example' => 'kst-bjj62d8f5e0sgtx8h****', + 'default' => 'false', + 'enum' => ['false', 'true'], + 'example' => 'false', + 'title' => '', ], ], [ - 'name' => 'Policy', + 'name' => 'RequireEachIncludedType', 'in' => 'query', - 'allowEmptyValue' => true, 'schema' => [ + 'description' => 'Specifies whether to include all the preceding character types.'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'- true'."\n" + ."\n" + .'- false', 'type' => 'string', 'required' => false, + 'docRequired' => false, + 'default' => 'true', + 'enum' => ['false', 'true'], + 'example' => 'true', + 'title' => '', ], ], ], @@ -6014,315 +4562,171 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The time when the next rotation will be performed.'."\n" - ."\n" - .'> This parameter is returned if automatic rotation is enabled.'."\n", - 'type' => 'string', - 'example' => '3bf02f7a-015b-4f93-be0f-cc043fda2dd3', - ], - 'AutomaticRotation' => [ - 'description' => 'The type of the secret. Valid values:'."\n" - ."\n" - .'* Generic: indicates a generic secret.'."\n" - .'* Rds: indicates a managed ApsaraDB RDS secret.'."\n" - .'* RAMCredentials: indicates a managed RAM secret.'."\n" - .'* ECS: indicates a managed ECS secret.'."\n", - 'type' => 'string', - 'example' => 'Enabled', - ], - 'SecretName' => [ - 'description' => 'The interval for automatic rotation.'."\n" - ."\n" - .'The value is in the `integer[unit]` format. The value of the `unit` field is fixed as s. For example, if the value is 604800s, automatic rotation is performed at a 7-day interval.'."\n" - ."\n" - .'> This parameter is returned if automatic rotation is enabled.'."\n", - 'type' => 'string', - 'example' => 'mydbconninfo', - ], - 'VersionId' => [ - 'description' => 'The Alibaba Cloud Resource Name (ARN) of the secret.'."\n", - 'type' => 'string', - 'example' => 'v1', - ], - 'NextRotationDate' => [ - 'description' => 'The extended configuration of the secret.'."\n" - ."\n" - .'> This parameter is returned if you set the SecretType parameter to Rds, RAMCredentials, or ECS.'."\n", - 'type' => 'string', - 'example' => '2022-07-06T18:22:03Z', - ], - 'SecretType' => [ - 'description' => 'The ID of the dedicated KMS instance.'."\n", - 'type' => 'string', - 'example' => 'Rds', - ], - 'RotationInterval' => [ - 'description' => '', - 'type' => 'string', - 'example' => '604800s', - ], - 'Arn' => [ - 'description' => '', - 'type' => 'string', - 'example' => 'acs:kms:cn-hangzhou:154035569884****:secret/mydbconninfo', - ], - 'ExtendedConfig' => [ - 'description' => '', - 'type' => 'string', - 'example' => '{\\"SecretSubType\\":\\"SingleUser\\", \\"DBInstanceId\\":\\"rm-uf667446pc955****\\", \\"CustomData\\":{} }', - ], - 'DKMSInstanceId' => [ - 'description' => '', - 'type' => 'string', - 'example' => 'kst-bjj62d8f5e0sgtx8h****', - ], + 'RandomPassword' => ['description' => 'The generated random password.', 'type' => 'string', 'example' => 'IxGn>NMmNB(y?iZ<Yc,_H/{2GC\'U****', 'title' => ''], + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '6b0cbe25-5e33-467e-972e-7a83c6c97604', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'UnsupportedOperation', - 'errorMessage' => 'This action is not supported.', - ], - [ - 'errorCode' => 'Rejected.LimitExceeded', - 'errorMessage' => 'The request was rejected because user create resource limit was exceeded', - ], - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], - [ - 'errorCode' => 'Rejected.ShareQuotaExceedLimit', - 'errorMessage' => 'Instance Share Quota Exceed Limit.', - ], - ], - 403 => [ - [ - 'errorCode' => 'Forbidden.DKMSInstanceNotFound', - 'errorMessage' => 'The specified DKMS Instance is not found.', - ], - ], - [ - [ - 'errorCode' => 'Forbidden.ResourceNotFound', - 'errorMessage' => 'The resource is not found.', - ], - ], - 409 => [ - [ - 'errorCode' => 'Rejected.ResourceExist', - 'errorMessage' => 'The resource already exists.', - ], - [ - 'errorCode' => 'Rejected.ResourceInDeleteWindow', - 'errorMessage' => 'The secret is planned to be deleted.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'some of the specified parameters "\\" is not valid', 'description' => ''], ], 500 => [ - [ - 'errorCode' => 'InternalFailure', - 'errorMessage' => 'Internal Failure', - ], + ['errorCode' => 'InternalFailure', 'errorMessage' => 'Internal Failure', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3bf02f7a-015b-4f93-be0f-cc043fda2dd3\\",\\n \\"AutomaticRotation\\": \\"Enabled\\",\\n \\"SecretName\\": \\"mydbconninfo\\",\\n \\"VersionId\\": \\"v1\\",\\n \\"NextRotationDate\\": \\"2023-07-06T18:22:03Z\\",\\n \\"SecretType\\": \\"Rds\\",\\n \\"RotationInterval\\": \\"604800s\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:154035569884****:secret/mydbconninfo\\",\\n \\"ExtendedConfig\\": \\"{\\\\\\\\\\\\\\"SecretSubType\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"SingleUser\\\\\\\\\\\\\\", \\\\\\\\\\\\\\"DBInstanceId\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"rm-uf667446pc955****\\\\\\\\\\\\\\", \\\\\\\\\\\\\\"CustomData\\\\\\\\\\\\\\":\\\\\\"Key1\\\\\\": \\\\\\"v1\\\\\\", \\\\\\"fds\\\\\\":\\\\\\"fdsf\\\\\\"} }\\",\\n \\"DKMSInstanceId\\": \\"kst-bjj62d8f5e0sgtx8h****\\"\\n}","errorExample":""},{"type":"xml","example":"<CreateSecretResponse>\\n <RequestId>3bf02f7a-015b-4f93-be0f-cc043fda2dd3</RequestId>\\n <AutomaticRotation>Enabled</AutomaticRotation>\\n <SecretName>mydbconninfo</SecretName>\\n <VersionId>v1</VersionId>\\n <NextRotationDate>2023-07-06T18:22:03Z</NextRotationDate>\\n <SecretType>Rds</SecretType>\\n <RotationInterval>604800s</RotationInterval>\\n <Arn>acs:kms:cn-hangzhou:154035569884****:secret/mydbconninfo</Arn>\\n <ExtendedConfig>{\\\\\\"SecretSubType\\\\\\":\\\\\\"SingleUser\\\\\\", \\\\\\"DBInstanceId\\\\\\":\\\\\\"rm-uf667446pc955****\\\\\\", \\\\\\"CustomData\\\\\\":\\"Key1\\": \\"v1\\", \\"fds\\":\\"fdsf\\"} }</ExtendedConfig>\\n <DKMSInstanceId>kst-bjj62d8f5e0sgtx8h****</DKMSInstanceId>\\n</CreateSecretResponse>","errorExample":""}]', - 'title' => 'CreateSecret', - 'description' => 'The name of the secret.'."\n" - ."\n" - .'The value must be 1 to 64 characters in length and can contain letters, digits, underscores (\\_), forward slashes (/), plus signs (+), equal signs (=), periods (.), hyphens (-), and at signs (@). The following list describes the name requirements for different types of secrets:'."\n" - ."\n" - .'* If the SecretType parameter is set to Generic or Rds, the name cannot start with `acs/`.'."\n" - .'* If the SecretType parameter is set to RAMCredentials, set the SecretName parameter to `$Auto`. In this case, KMS automatically generates a secret name that starts with `acs/ram/user/`. The name includes the display name of RAM user.'."\n" - .'* If the SecretType parameter is set to ECS, the name must start with `acs/ecs/`.'."\n", - 'requestParamsDescription' => 'The initial version number. Version numbers are unique in each secret.'."\n", + 'title' => 'GetRandomPassword', + 'summary' => 'Generates a random password string.', + 'description' => 'For more information about the access policy required by a RAM user or RAM role to call this API, see [Resource Access Management](~~2767210~~).', + 'requestParamsDescription' => ' ', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'DeleteSecret' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RandomPassword\\": \\"IxGn>NMmNB(y?iZ<Yc,_H/{2GC\'U****\\",\\n \\"RequestId\\": \\"6b0cbe25-5e33-467e-972e-7a83c6c97604\\"\\n}","type":"json"}]', + ], + 'GetSecretPolicy' => [ + 'summary' => 'Queries the access policy of a specified secret in a KMS instance.', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'write', + 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'delete', + 'operationType' => 'get', + 'abilityTreeCode' => '206109', + 'abilityTreeNodes' => ['FEATUREkms52EQP9'], ], 'parameters' => [ [ 'name' => 'SecretName', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'secret001', - ], - ], - [ - 'name' => 'ForceDeleteWithoutRecovery', - 'in' => 'query', - 'schema' => [ - 'description' => 'Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered.'."\n" - ."\n" - .'Valid values:'."\n" - ."\n" - .'* **true**'."\n" - .'* **false** (default value)'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'false', - 'default' => 'false', - 'enum' => [ - 'false', - 'true', - ], - ], + 'schema' => ['description' => 'The name or Alibaba Cloud Resource Name (ARN) of the credential.'."\n" + ."\n" + .'> If you access a credential that belongs to another Alibaba Cloud account, you must specify the ARN of the credential. The ARN of a credential must be in the `acs:kms:${region}:${account}:secret/${secret-name}` format.', 'type' => 'string', 'required' => true, 'example' => 'secret_test', 'title' => ''], ], [ - 'name' => 'RecoveryWindowInDays', + 'name' => 'PolicyName', 'in' => 'query', - 'schema' => [ - 'description' => 'Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. Unit: Days.'."\n", - 'type' => 'string', - 'required' => false, - 'docRequired' => false, - 'example' => '10', - 'default' => '30', - ], + 'schema' => ['description' => 'The name of the credential policy. Only the static field default is supported.', 'type' => 'string', 'required' => false, 'example' => 'default', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ + 'title' => '', + 'description' => '', 'type' => 'object', 'properties' => [ - 'SecretName' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'example' => 'secret001', - ], - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '38bbed2a-15e0-45ad-98d4-816ad2ccf4ea', - ], - 'PlannedDeleteTime' => [ - 'description' => 'The time when the secret is scheduled to be deleted.'."\n", - 'type' => 'string', - 'example' => '2022-09-15T07:02:14Z', - ], + 'RequestId' => ['description' => 'The ID of the request. This ID is a unique identifier generated by Alibaba Cloud for the request. You can use the ID to troubleshoot and locate issues.', 'type' => 'string', 'title' => '', 'example' => '381D5D33-BB8F-395F-8EE4-AE3BB4B523C8'], + 'Policy' => ['description' => 'The credential policy.', 'type' => 'string', 'example' => '{"Version":"1","Statement": [{"Sid":"kms default secret policy","Effect":"Allow","Principal":{"RAM": ["acs:ram::119285303511****:*"]},"Action":["kms:*"],"Resource": ["*"] }] }', 'title' => ''], ], + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], + ['errorCode' => 'MissingParameter', 'errorMessage' => 'The parameter needed but no provided.', 'description' => 'The required parameters are not specified.'], + ['errorCode' => 'Forbidden.NoPermission', 'errorMessage' => 'This operation is forbidden by permission system.', 'description' => 'You are not authorized to perform this operation.'], + ['errorCode' => 'Forbidden.KeyPolicyUnSupported', 'errorMessage' => 'The specified key does not support key policy.', 'description' => 'The specified key does not support key policies.'], ], - 404 => [ - [ - 'errorCode' => 'Forbidden.ResourceNotFound', - 'errorMessage' => 'Resource not found', - ], - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + 403 => [ + ['errorCode' => 'Forbidden.DKMSInstanceStateInvalid', 'errorMessage' => 'The DKMS instance state is invalid.', 'description' => 'Your dedicated KMS instance is invalid.'], ], - 409 => [ - [ - 'errorCode' => 'Rejected.ResourceInDeleteWindow', - 'errorMessage' => 'secret in delete peroid', - ], + [ + ['errorCode' => 'Forbidden.ResourceNotFound', 'errorMessage' => 'Resource not found.', 'description' => 'The resource is not found.'], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], ], - 500 => [ - [ - 'errorCode' => 'InternalFailure', - 'errorMessage' => 'Internal Failure', - ], + 503 => [ + ['errorCode' => 'SerivceUnvailableTemporary', 'errorMessage' => 'Service Unvailable Temporary', 'description' => 'The service is temporarily unavailable.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretName\\": \\"secret001\\",\\n \\"RequestId\\": \\"38bbed2a-15e0-45ad-98d4-816ad2ccf4ea\\",\\n \\"PlannedDeleteTime\\": \\"2024-04-15T07:02:14Z\\"\\n}","errorExample":""},{"type":"xml","example":"<DeleteSecretResponse>\\n <SecretName>secret001</SecretName>\\n <RequestId>38bbed2a-15e0-45ad-98d4-816ad2ccf4ea</RequestId>\\n <PlannedDeleteTime>2022-09-15T07:02:14Z</PlannedDeleteTime>\\n</DeleteSecretResponse>","errorExample":""}]', - 'title' => 'DeleteSecret', - 'summary' => 'Deletes a secret.', - 'description' => 'If you call this operation without specifying a recovery period, the deleted secret can be recovered within 30 days.'."\n" + 'staticInfo' => ['returnType' => 'synchronous'], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"381D5D33-BB8F-395F-8EE4-AE3BB4B523C8\\",\\n \\"Policy\\": \\"{\\\\\\"Version\\\\\\":\\\\\\"1\\\\\\",\\\\\\"Statement\\\\\\": [{\\\\\\"Sid\\\\\\":\\\\\\"kms default secret policy\\\\\\",\\\\\\"Effect\\\\\\":\\\\\\"Allow\\\\\\",\\\\\\"Principal\\\\\\":{\\\\\\"RAM\\\\\\": [\\\\\\"acs:ram::119285303511****:*\\\\\\"]},\\\\\\"Action\\\\\\":[\\\\\\"kms:*\\\\\\"],\\\\\\"Resource\\\\\\": [\\\\\\"*\\\\\\"] }] }\\"\\n}","type":"json"}]', + 'title' => 'GetSecretPolicy', + 'description' => '- For information about the access policy required for a RAM user or RAM role to call this OpenAPI, see [Resource Access Management](~~2767210~~).'."\n" ."\n" - .'If you specify a recovery period, the deleted secret can be recovered within the recovery period. You can also forcibly delete a secret. A forcibly deleted secret cannot be recovered.'."\n", - 'requestParamsDescription' => ' ', - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', - ], - 'UpdateSecret' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + .'- A credential policy name can be set only to default. Therefore, you must set the PolicyName parameter to default when you query the credential policy. Otherwise, a `Not Found` error is returned.', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'GetSecretValue' => [ + 'summary' => 'Retrieve the credential value.', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'write', + 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'update', + 'operationType' => 'get', + 'abilityTreeCode' => '54580', + 'abilityTreeNodes' => ['FEATUREkms52EQP9'], + 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'SecretName', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'secret001', - ], + 'schema' => ['description' => 'The name or ARN of the credential. '."\n" + .'> When accessing a credential under another Alibaba Cloud account, you must specify the credential ARN. The ARN format is `acs:kms:${region}:${account}:secret/${secret-name}`. ', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'secret001', 'title' => ''], ], [ - 'name' => 'Description', + 'name' => 'VersionStage', 'in' => 'query', - 'schema' => [ - 'description' => 'The description of the secret.'."\n", - 'type' => 'string', - 'required' => false, - 'docRequired' => false, - 'example' => 'datainfo', - ], + 'schema' => ['description' => 'The version stage. Default value: ACSCurrent. '."\n" + ."\n" + .'If you specify this parameter, the credential value of the specified version stage is returned. If you do not specify this parameter, the credential value of the ACSCurrent version stage is returned. '."\n" + .'> For RDS credentials, PolarDB credentials, Redis/Tair credentials, RAM credentials, and ECS credentials, you can retrieve only the credential values corresponding to the ACSPrevious or ACSCurrent version stages. ', 'type' => 'string', 'required' => false, 'example' => 'ACSCurrent', 'title' => ''], ], [ - 'name' => 'ExtendedConfig.CustomData', + 'name' => 'VersionId', 'in' => 'query', - 'style' => 'json', - 'schema' => [ - 'description' => 'The custom data in the extended configuration of the secret.'."\n" - ."\n" - .'> * If this parameter is specified, the existing extended configuration of the secret is updated.'."\n" - .'> * This parameter is unavailable for generic secrets.', - 'type' => 'object', - 'required' => false, - 'example' => '{"DBName":"app1","Port":"3306"}', - ], + 'schema' => ['description' => 'Version number.'."\n" + ."\n" + .'> The VersionId parameter is not supported for RDS credentials, PolarDB credentials, Redis/Tair credentials, RAM credentials, and ECS credentials. If you specify this parameter, it will be ignored.', 'type' => 'string', 'required' => false, 'example' => 'v1', 'title' => ''], + ], + [ + 'name' => 'FetchExtendedConfig', + 'in' => 'query', + 'schema' => ['description' => 'Indicates whether to retrieve the extended configuration of the credential. Valid values:'."\n" + ."\n" + .'- true: Retrieve '."\n" + .'- false (Default Value): Do not retrieve '."\n" + ."\n" + .'> Generic secrets do not support extended configuration. If you specify this parameter, it will be ignored.', 'type' => 'boolean', 'required' => false, 'example' => 'true', 'title' => ''], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => ['description' => 'Indicates whether to enable DryRun mode.'."\n" + ."\n" + .'- true: Enabled '."\n" + .'- false (Default Value): Disabled '."\n" + ."\n" + .'DryRun mode is used for Testing API Calls to authenticate whether you have the required permissions on the specified resource and whether the Request Parameters are correctly configured. When DryRun mode is enabled, KMS always returns a failed response along with the failure reason. Possible failure reasons include:'."\n" + ."\n" + .'- DryRunOperationError: The request would succeed if the DryRun parameter were not specified. '."\n" + .'- ValidationError: One or more parameters in the request are invalid. '."\n" + .'- AccessDeniedError: You do not have permission to execute this operation on the KMS resource.'."\n" + ."\n", 'type' => 'string', 'required' => false, 'example' => 'false', 'title' => ''], ], ], 'responses' => [ @@ -6330,130 +4734,138 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'SecretName' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'example' => 'secret001', - ], - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '5b75d8b1-5b6a-4ec0-8e0c-c08befdfad47', + 'SecretDataType' => ['description' => 'The value type of the credential. Valid values:'."\n" + .'- text'."\n" + .'- binary', 'type' => 'string', 'example' => 'binary', 'title' => ''], + 'CreateTime' => ['description' => 'The time when the credential was created.', 'type' => 'string', 'example' => '2024-02-21T15:39:26Z', 'title' => ''], + 'VersionId' => ['description' => 'The version number of the credential.', 'type' => 'string', 'example' => 'v1', 'title' => ''], + 'NextRotationDate' => ['description' => 'The time of the next rotation. '."\n" + ."\n" + .'> This parameter is returned only when automatic rotation is enabled. ', 'type' => 'string', 'example' => '2024-07-06T18:22:03Z', 'title' => ''], + 'SecretData' => ['description' => 'The value of the credential. KMS decrypts the stored ciphertext and returns this parameter. '."\n" + ."\n" + .'- For generic secrets, the credential value you specified is returned. '."\n" + ."\n" + .'- For RDS credentials and Redis/Tair credentials, the credential value is in the format: `{"AccountName":"","AccountPassword":""}`. '."\n" + ."\n" + .'- For RAM credentials, the credential value is in the format: `{"AccessKeyId":"Adfdsfd","AccessKeySecret":"fdsfdsf","GenerateTimestamp": "2023-03-25T10:42:40Z"}`. '."\n" + ."\n" + .'- For ECS credentials, the credential value is in one of the following formats: '."\n" + .' - Security token type: `{"UserName":"ecs-user","Password":"H5asdasdsads****"}`. '."\n" + .' - Public-private key pair type (private key in PEM format): `{"UserName":"ecs-user","PublicKey":"ssh-rsa ****mKwnVix9YTFY9Rs= imported-openssh-key","PrivateKey": "d6bee1cb-2e14-4277-ba6b-73786b21****"}`. '."\n" + ."\n" + .'- For PolarDB credentials, the credential value is in the format: `{"AccountName":"","AccountPassword":""}`. ', 'type' => 'string', 'example' => 'testdata1', 'title' => ''], + 'RotationInterval' => ['description' => 'The epoch for automatic credential rotation. '."\n" + .'The format is `integer[unit]`, where `integer` indicates the time duration and `unit` indicates the time unit. Valid value for `unit`: s (seconds). For example, a 7-day rotation epoch is 604800s.'."\n" + ."\n" + .'> This parameter is returned only when automatic rotation is enabled.', 'type' => 'string', 'example' => '604800s', 'title' => ''], + 'ExtendedConfig' => ['description' => 'The extended configuration of the credential. '."\n" + ."\n" + .'> This parameter is returned only for RDS credentials, PolarDB credentials, Redis/Tair credentials, RAM credentials, or ECS credentials when FetchExtendedConfig is set to true. ', 'type' => 'string', 'example' => '{\\"SecretSubType\\":\\"SingleUser\\", \\"DBInstanceId\\":\\"rm-uf667446pc955****\\", \\"CustomData\\":{} }', 'title' => ''], + 'LastRotationDate' => ['description' => 'The time of the most recent rotation. '."\n" + ."\n" + .'> This parameter is returned only if the credential has been rotated.', 'type' => 'string', 'example' => '2023-07-05T08:22:03Z', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the current request. Alibaba Cloud generates a unique identifier for each request, which can be used for troubleshooting and issue tracking.', 'type' => 'string', 'example' => '6a3e9c36-1150-4881-84d3-eb8672fcafad', 'title' => ''], + 'SecretName' => ['description' => 'The name of the credential. ', 'type' => 'string', 'example' => 'secret001', 'title' => ''], + 'AutomaticRotation' => ['description' => 'Indicates whether automatic rotation is enabled. Valid values: '."\n" + .'- Enabled: Automatic rotation is enabled. '."\n" + .'- Disabled: Automatic rotation is disabled. '."\n" + .'- Invalid: The rotation status is abnormal, and KMS cannot automatically rotate the credential for you. '."\n" + ."\n" + .'> This parameter is returned only for RDS credentials, PolarDB credentials, Redis/Tair credentials, RAM credentials, or ECS credentials. ', 'type' => 'string', 'example' => 'Enabled', 'title' => ''], + 'SecretType' => ['description' => 'The type of the credential. Valid values:'."\n" + .'- Generic: generic secret. '."\n" + .'- Rds: RDS credential. '."\n" + .'- Redis: Redis/Tair credential.'."\n" + .'- RAMCredentials: RAM credential. '."\n" + .'- ECS: ECS credential.'."\n" + .'- PolarDB: PolarDB credential.', 'type' => 'string', 'example' => 'Generic', 'title' => ''], + 'VersionStages' => [ + 'itemNode' => true, + 'type' => 'object', + 'properties' => [ + 'VersionStage' => [ + 'description' => 'The status mark of the credential version.', + 'type' => 'array', + 'items' => ['description' => 'The status mark of the credential version.', 'type' => 'string', 'example' => '{ "VersionStage": [ "ACSCurrent" ] }', 'title' => ''], + 'title' => '', + 'example' => '', + ], + ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ - 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'some of the specified parameters "\\" is not valid', - ], - ], 403 => [ - [ - 'errorCode' => 'Forbidden.NoPermission', - 'errorMessage' => 'This operation is forbidden by permission system', - ], + ['errorCode' => 'Forbidden.DKMSInstanceStateInvalid', 'errorMessage' => 'The DKMS instance state is invalid.', 'description' => 'Your dedicated KMS instance is invalid.'], + ['errorCode' => 'Forbidden.DKMSInstanceNotFound', 'errorMessage' => 'The specified DKMS Instance is not found.', 'description' => 'Your dedicated KMS instance is not found.'], ], [ - [ - 'errorCode' => 'Forbidden.ResourceNotFound', - 'errorMessage' => 'Resource not found', - ], - ], - 409 => [ - [ - 'errorCode' => 'Rejected.ResourceExist', - 'errorMessage' => 'The request was rejected becasue key already exsit', - ], - [ - 'errorCode' => 'Rejected.ResourceInDeleteWindow', - 'errorMessage' => 'secret in delete peroid', - ], - ], - 500 => [ - [ - 'errorCode' => 'InternalFailure', - 'errorMessage' => 'Internal Failure', - ], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], + ['errorCode' => 'Forbidden.ResourceNotFound', 'errorMessage' => 'Resource not found.', 'description' => 'The resource is not found.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretName\\": \\"secret001\\",\\n \\"RequestId\\": \\"5b75d8b1-5b6a-4ec0-8e0c-c08befdfad47\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateSecretResponse>\\n <SecretName>secret001</SecretName>\\n <RequestId>5b75d8b1-5b6a-4ec0-8e0c-c08befdfad47</RequestId>\\n</UpdateSecretResponse>","errorExample":""}]', - 'title' => 'UpdateSecret', - 'summary' => 'Updates the metadata of a secret.', - 'description' => 'In this example, the metadata of the `secret001` secret is updated. The `Description` parameter is set to `datainfo`.'."\n", - 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'title' => 'Retrieve Credential Value ', + 'description' => '- For details about the access policy that must be granted to a Resource Access Management (RAM) user or RAM role to invoke this OpenAPI operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- If you do not specify a version number or version status, Key Management Service (KMS) returns the credential value of the version marked as ACSCurrent by default.'."\n" + ."\n" + .'- If a customer-managed key is used to protect the credential value, the caller must also have the `kms:Decrypt` permission on the corresponding master key.'."\n" + ."\n" + .'This topic provides a sample request to retrieve the credential value of a credential named `secret001`. The returned result shows that the credential value `SecretData` is `testdata1`.', + 'requestParamsDescription' => 'For more information about common request parameters, see [Common Parameters](~~69007~~).', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'UpdateSecretVersionStage' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"SecretDataType\\": \\"binary\\",\\n \\"CreateTime\\": \\"2024-02-21T15:39:26Z\\",\\n \\"VersionId\\": \\"v1\\",\\n \\"NextRotationDate\\": \\"2024-07-06T18:22:03Z\\",\\n \\"SecretData\\": \\"testdata1\\",\\n \\"RotationInterval\\": \\"604800s\\",\\n \\"ExtendedConfig\\": \\"{\\\\\\\\\\\\\\"SecretSubType\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"SingleUser\\\\\\\\\\\\\\", \\\\\\\\\\\\\\"DBInstanceId\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"rm-uf667446pc955****\\\\\\\\\\\\\\", \\\\\\\\\\\\\\"CustomData\\\\\\\\\\\\\\":{} }\\",\\n \\"LastRotationDate\\": \\"2023-07-05T08:22:03Z\\",\\n \\"RequestId\\": \\"6a3e9c36-1150-4881-84d3-eb8672fcafad\\",\\n \\"SecretName\\": \\"secret001\\",\\n \\"AutomaticRotation\\": \\"Enabled\\",\\n \\"SecretType\\": \\"Generic\\",\\n \\"VersionStages\\": {\\n \\"VersionStage\\": [\\n \\"{ \\\\\\"VersionStage\\\\\\": [ \\\\t\\\\\\"ACSCurrent\\\\\\" \\\\t] }\\"\\n ]\\n }\\n}","type":"json"}]', + 'translator' => 'machine', + ], + 'ImportKeyMaterial' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'write', + 'operationType' => 'readAndWrite', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'update', - ], + 'systemTags' => ['operationType' => 'update'], 'parameters' => [ [ - 'name' => 'SecretName', + 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The operation that you want to perform. Set the value to **UpdateSecretVersionStage**.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'secret001', - ], + 'schema' => ['description' => 'The ID of the CMK to be imported.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '1234abcd-12ab-34cd-56ef-12345678****', 'title' => ''], ], [ - 'name' => 'VersionStage', + 'name' => 'EncryptedKeyMaterial', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'ACSCurrent', - ], + 'schema' => ['description' => 'The key material encrypted with the public key returned by **GetParametersForImport**, and then Base64-encoded.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'bCPZx7I6v6KXsqEpr2OXKxuj2CCRtKdwp75Bw+BGncYqBdfjFBYRtOE6HRlT0oeiRDWzwnw9OA54OL36smDJrq4Lo9x0CyYDiuKnRkcKtMtlzW0din7Pd7IlZWWRdVueiw2qpzl7PkUWQGTdsdbzpfJJQ+qj/cRIrk/E83UGyeyytSpgnb+lu0xEYcPajRyWNsbi98N3pqqQzHXNNHO2NJqHlnQgglqTiBEjkGeKFhfKmTc3vjulIdVa3EaVIN6lwWfgx+UUYSrvbA77WDYKlDsZ4SbK2/T7za9Tp1qU7Ynqba7OKGVVj7PMbiaO80AxWZnjUMYCgEp5w7V+seOXqw==', 'title' => ''], ], [ - 'name' => 'RemoveFromVersion', + 'name' => 'ImportToken', 'in' => 'query', - 'schema' => [ - 'description' => 'The specified stage label. Valid values:'."\n" - ."\n" - .'* ACSCurrent'."\n" - .'* ACSPrevious'."\n" - .'* Custom stage label'."\n", - 'type' => 'string', - 'required' => false, - 'example' => '001', - ], + 'schema' => ['description' => 'The import token obtained by calling **GetParametersForImport**.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'Base64String', 'title' => ''], ], [ - 'name' => 'MoveToVersion', + 'name' => 'KeyMaterialExpireUnix', 'in' => 'query', - 'schema' => [ - 'description' => 'The version from which you want to remove the specified stage label.'."\n" - ."\n" - .'> You must specify at least one of the RemoveFromVersion and MoveToVersion parameters.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => '002', - ], + 'schema' => ['description' => 'The time when the key material expires.'."\n" + ."\n" + .'If this parameter is not specified or set this parameter to 0, the key material does not expire.'."\n" + ."\n" + .'> The value cannot be earlier than the time when the operation is called (based on the server time).', 'type' => 'integer', 'format' => 'int64', 'required' => true, 'docRequired' => true, 'example' => '0', 'title' => ''], ], ], 'responses' => [ @@ -6461,134 +4873,88 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'SecretName' => [ - 'description' => 'The version to which you want to apply the specified stage label.'."\n" - ."\n" - .'> * You must specify at least one of the RemoveFromVersion and MoveToVersion parameters.'."\n" - .'> * If the VersionStage parameter is set to ACSCurrent or ACSPrevious, this parameter is required.', - 'type' => 'string', - 'example' => 'secret001', - ], - 'RequestId' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'example' => '8cad259f-4d77-40ec-bbd7-b9c47a423bb9', - ], + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'ec1017cf-ead4-f3ca-babc-c3b34f3dbecb', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'some of the specified parameters "\\" is not valid', - ], - [ - 'errorCode' => 'Rejected.LimitExceeded', - 'errorMessage' => 'exceed secret limits error', - ], - [ - 'errorCode' => 'Rejected.InvalidRequest', - 'errorMessage' => 'param mismatch', - ], - [ - 'errorCode' => 'Rejected.UnsupportedOperation', - 'errorMessage' => 'secret stages in unnormal status', - ], - ], - 403 => [ - [ - 'errorCode' => 'Forbidden.NoPermission', - 'errorMessage' => 'This operation is forbidden by permission system', - ], + ['errorCode' => 'InvalidKeyMaterial', 'errorMessage' => 'key material is invalid', 'description' => ''], + ['errorCode' => 'InvalidImportToken', 'errorMessage' => 'import token is invalid', 'description' => ''], + ['errorCode' => 'ExpiredImportToken', 'errorMessage' => 'import token is expired', 'description' => ''], + ['errorCode' => 'Unsupported.Origin', 'errorMessage' => 'This key origin is not valid for this api', 'description' => 'The key origin is not supported for this API operation.'], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], - [ - [ - 'errorCode' => 'Forbidden.ResourceNotFound', - 'errorMessage' => 'Resource not found', - ], - ], - 409 => [ - [ - 'errorCode' => 'Rejected.ResourceInDeleteWindow', - 'errorMessage' => 'secret in delete peroid', - ], - ], - 500 => [ - [ - 'errorCode' => 'InternalFailure', - 'errorMessage' => 'Internal Failure', - ], + 404 => [ + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretName\\": \\"secret001\\",\\n \\"RequestId\\": \\"8cad259f-4d77-40ec-bbd7-b9c47a423bb9\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateSecretVersionStageResponse>\\n <SecretName>secret001</SecretName>\\n <RequestId>8cad259f-4d77-40ec-bbd7-b9c47a423bb9</RequestId>\\n</UpdateSecretVersionStageResponse>","errorExample":""}]', - 'title' => 'UpdateSecretVersionStage', - 'summary' => 'Updates the stage label that marks a secret version.', - 'description' => 'Updates the stage label that marks a secret version.', + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"ec1017cf-ead4-f3ca-babc-c3b34f3dbecb\\"\\n}","type":"json"}]', + 'title' => 'ImportKeyMaterial', + 'summary' => 'Imports externally generated key material into a CMK whose origin is EXTERNAL.', + 'description' => 'When you call [CreateKey](~~28947~~) to create a CMK, you can set **Origin** to **EXTERNAL** to specify that the key material comes from an external source. Use this operation to import the key material into such a CMK.'."\n" + ."\n" + .'- To view the CMK **Origin**, see [DescribeKey](~~28952~~).'."\n" + ."\n" + .'- Before importing key material, call [GetParametersForImport](~~68621~~) to obtain the parameters required for the import, including the public key and import token.'."\n" + ."\n" + .'> * For a CMK of type **Aliyun\\_AES\\_256**, the key material must be 256 bits. For a CMK of type **Aliyun\\_SM4**, the key material must be 128 bits.'."\n" + .'>'."\n" + .'> * You can set the expiration time for the key material, or you can set it to never expire.'."\n" + .'>'."\n" + .'> * You can reimport the key material and reset the expiration time for the specified CMK at any time, but the same key material must be imported.'."\n" + .'>'."\n" + .'> * After the imported key material expires or is deleted, the specified CMK becomes unavailable until the same key material is imported again.'."\n" + .'>'."\n" + .'> * The same key material can be imported into multiple CMKs, but data or data keys encrypted by one CMK cannot be decrypted by another CMK.'."\n" + ."\n" + .'For more information about the access policy required for a RAM user or RAM role to call this operation, see [Resource Access Management](~~2767210~~).', 'requestParamsDescription' => ' ', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'UpdateSecretRotationPolicy' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'ListAliases' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'write', + 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'update', + 'operationType' => 'get', + 'abilityTreeCode' => '54587', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], + 'tenantRelevance' => 'publicInformation', ], 'parameters' => [ [ - 'name' => 'SecretName', + 'name' => 'PageNumber', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'RdsSecret/Mysql5.4/MyCred', - ], + 'schema' => ['description' => 'The number of the page to return.'."\n" + ."\n" + .'Pages start from page 1.'."\n" + ."\n" + .'Default value: 1.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', 'title' => ''], ], [ - 'name' => 'EnableAutomaticRotation', + 'name' => 'PageSize', 'in' => 'query', - 'schema' => [ - 'description' => 'Specifies whether to enable automatic rotation. Valid values:'."\n" - ."\n" - .'* true: enables automatic rotation.'."\n" - .'* false: does not enable automatic rotation. This is the default value.'."\n", - 'type' => 'boolean', - 'required' => true, - 'docRequired' => true, - 'example' => 'true', - ], - ], - [ - 'name' => 'RotationInterval', - 'in' => 'query', - 'schema' => [ - 'description' => 'The interval for automatic rotation. Valid values: 6 hours to 8,760 hours (365 days).'."\n" - ."\n" - .'The value is in the `integer[unit]` format.````'."\n" - ."\n" - .'The unit can be d (day), h (hour), m (minute), or s (second). For example, both 7d and 604800s indicate a seven-day interval.'."\n" - ."\n" - .'> This parameter is required if you set the EnableAutomaticRotation parameter to true. This parameter is ignored if you set the EnableAutomaticRotation parameter to false or does not specify the EnableAutomaticRotation parameter.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => '30d', - ], + 'schema' => ['description' => 'The number of entries to return on each page.'."\n" + ."\n" + .'Valid values: 0 to 100.'."\n" + ."\n" + .'Default value: 10.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''], ], ], 'responses' => [ @@ -6596,44 +4962,66 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'SecretName' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'example' => 'RdsSecret/Mysql5.4/MyCred', - ], - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '2c124f6f-4210-499f-b88a-69f54004d2d8', + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '1b57992c-834b-4811-a889-f8bac1ba0353', 'title' => ''], + 'PageNumber' => ['description' => 'The page number of the returned page.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], + 'PageSize' => ['description' => 'The number of entries returned per page.', 'type' => 'integer', 'format' => 'int32', 'example' => '10', 'title' => ''], + 'TotalCount' => ['description' => 'The total number of returned aliases.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], + 'Aliases' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'Alias' => [ + 'description' => 'The alias of the user.', + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'KeyId' => ['description' => 'The CMK to which the alias belongs.', 'type' => 'string', 'example' => 'key-hzz6****', 'title' => ''], + 'AliasArn' => ['description' => 'The Alibaba Cloud Resource Name (ARN) of the alias.', 'type' => 'string', 'example' => 'acs:kms:cn-hangzhou:123456:alias/ExampleAlias1', 'title' => ''], + 'AliasName' => ['description' => 'The ID of the alias.', 'type' => 'string', 'example' => 'alias/ExampleAlias1', 'title' => ''], + ], + 'description' => '', + 'title' => '', + 'example' => '', + ], + 'title' => '', + 'example' => '', + ], + ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], - 'errorCodes' => [], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretName\\": \\"RdsSecret/Mysql5.4/MyCred\\",\\n \\"RequestId\\": \\"2c124f6f-4210-499f-b88a-69f54004d2d8\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateSecretRotationPolicyResponse>\\n <SecretName>RdsSecret/Mysql5.4/MyCred</SecretName>\\n <RequestId>2c124f6f-4210-499f-b88a-69f54004d2d8</RequestId>\\n</UpdateSecretRotationPolicyResponse>","errorExample":""}]', - 'title' => 'UpdateSecretRotationPolicy', - 'summary' => 'Updates the rotation policy of a secret.', - 'description' => 'After automatic rotation is enabled, Secrets Manager schedules the first automatic rotation by adding the preset rotation interval to the timestamp of the last rotation.'."\n" - ."\n" - .'Limits: The UpdateSecretRotationPolicy operation cannot be used to update the rotation policy of generic secrets.'."\n" - ."\n" - .'In this example, the rotation policy of the `RdsSecret/Mysql5.4/MyCred` secret is updated. The following settings are modified:'."\n" - ."\n" - .'* The `EnableAutomaticRotation` parameter is set to `true`, which indicates that automatic rotation is enabled.'."\n" - .'* The `RotationInterval` parameter is set to `30d`, which indicates that the interval for automatic rotation is 30 days.'."\n", - 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'errorCodes' => [ + 400 => [ + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], + ], + 404 => [ + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ], + ], + 'title' => 'ListAliases', + 'summary' => 'Queries all aliases in the current region for the current account.', + 'description' => 'For more information about the access policy required by a RAM user or RAM role to call this API, see [Resource Access Management](~~2767210~~).', + 'requestParamsDescription' => ' ', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'ListSecrets' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"1b57992c-834b-4811-a889-f8bac1ba0353\\",\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 1,\\n \\"Aliases\\": {\\n \\"Alias\\": [\\n {\\n \\"KeyId\\": \\"key-hzz6****\\",\\n \\"AliasArn\\": \\"acs:kms:cn-hangzhou:123456:alias/ExampleAlias1\\",\\n \\"AliasName\\": \\"alias/ExampleAlias1\\"\\n }\\n ]\\n }\\n}","type":"json"}]', + ], + 'ListAliasesByKeyId' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -6641,98 +5029,30 @@ ], 'operationType' => 'read', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'get', - 'abilityTreeCode' => '54594', - 'abilityTreeNodes' => [ - 'FEATUREkms52EQP9', - ], - 'tenantRelevance' => 'publicInformation', - ], + 'systemTags' => ['operationType' => 'get'], 'parameters' => [ [ - 'name' => 'FetchTags', + 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The number of entries to return on each page.'."\n" - ."\n" - .'Valid values: 1 to 100.'."\n" - ."\n" - .'Default value: 10.'."\n", - 'type' => 'string', - 'required' => false, - 'docRequired' => false, - 'example' => 'false', - ], + 'schema' => ['description' => 'The globally unique ID of the CMK.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '1234abcd-12ab-34cd-56ef-12345678****', 'title' => ''], ], [ 'name' => 'PageNumber', 'in' => 'query', - 'schema' => [ - 'description' => 'The secret filter. The filter consists of one or more key-value pairs. You can specify one key-value pair or leave this parameter empty. If you use one tag key or tag value to filter resources, up to 4,000 resources can be queried. If you want to query more than 4,000 resources, call the [ListResourceTags](~~120090~~) operation.'."\n" - ."\n" - .'* Key'."\n" - ."\n" - .' * Description: the property that you want to filter.'."\n" - ."\n" - .' * Type: string.'."\n" - ."\n" - .' * Valid values:'."\n" - ."\n" - .' * SecretName: the secret name.'."\n" - .' * Description: the description of the secret.'."\n" - .' * TagKey: the tag key.'."\n" - .' * TagValue: the tag value.'."\n" - ."\n" - .'* Values'."\n" - ."\n" - .' * Description: the value to be included after filtering.'."\n" - ."\n" - .' * Type: string.'."\n" - ."\n" - .' * Length: 0 to 10.'."\n" - ."\n" - .' * Valid values:'."\n" - ."\n" - .' * If the Key field is set to SecretName, the value must be 1 to 192 characters in length and can contain letters, digits, and special characters `_ / + = . @ -`.'."\n" - .' * If the Key field is set to Description, the value must be 1 to 256 characters in length.'."\n" - .' * If the Key field is set to TagKey, the value must be 1 to 256 characters in length and can contain letters, digits, and special characters `/ _ - . + = @ :`.'."\n" - .' * If the Key field is set to TagValue, the value must be 1 to 256 characters in length and can contain letters, numbers, and special characters `/ _ - . + = @ :`.'."\n" - ."\n" - .'The logical relationship between values of the Values field in a key-value pair is OR. Example: `[ {"Key":"SecretName", "Values":["sec1","sec2"]}]`. In this example, the semantics are `SecretName=sec 1 OR SecretName=sec 2`.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'docRequired' => false, - 'example' => '1', - 'default' => '1', - ], + 'schema' => ['description' => 'The number of the page to return.'."\n" + ."\n" + .'Valid values: an integer that is greater than 0.'."\n" + ."\n" + .'Default value: 1.'."\n", 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', 'title' => ''], ], [ 'name' => 'PageSize', 'in' => 'query', - 'schema' => [ - 'description' => 'The page number of the returned page.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'docRequired' => false, - 'maximum' => '100', - 'minimum' => '1', - 'example' => '2', - 'default' => '10', - ], - ], - [ - 'name' => 'Filters', - 'in' => 'query', - 'schema' => [ - 'description' => 'The number of entries returned per page.'."\n", - 'type' => 'string', - 'required' => false, - 'docRequired' => false, - 'example' => '[{"Key":"SecretName", "Values":["Val1","Val2"]}]', - ], + 'schema' => ['description' => 'The number of entries to return on each page.'."\n" + ."\n" + .'Valid values: 0 to 101.'."\n" + ."\n" + .'Default value: 10'."\n", 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''], ], ], 'responses' => [ @@ -6740,198 +5060,81 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'PageNumber' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '1', - ], - 'PageSize' => [ - 'description' => 'The number of returned secrets.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '2', - ], - 'RequestId' => [ - 'description' => 'The list of secrets.'."\n", - 'type' => 'string', - 'example' => '6a6287a0-ff34-4780-a790-fdfca900557f', - ], - 'TotalCount' => [ - 'description' => 'The secret name.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '55', - ], - 'SecretList' => [ + 'RequestId' => ['description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", 'type' => 'string', 'example' => '1b57992c-834b-4811-a889-f8bac1ba0353', 'title' => ''], + 'PageNumber' => ['description' => 'The page number of the returned page.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], + 'PageSize' => ['description' => 'The number of entries returned per page.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '10', 'title' => ''], + 'TotalCount' => ['description' => 'The total number of returned CMKs.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], + 'Aliases' => [ 'type' => 'object', 'itemNode' => true, 'properties' => [ - 'Secret' => [ - 'description' => 'The time when the secret was updated.'."\n", + 'Alias' => [ + 'description' => 'An array that consists of aliases.'."\n", + 'title' => '', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ - 'SecretName' => [ - 'description' => 'The type of the secret. Valid values:'."\n" - ."\n" - .'* Generic: indicates a generic secret.'."\n" - .'* Rds: indicates a managed ApsaraDB RDS secret.'."\n", - 'type' => 'string', - 'example' => 'secret001', - ], - 'UpdateTime' => [ - 'description' => 'The time when the secret is scheduled to be deleted.'."\n", - 'type' => 'string', - 'example' => '2022-07-17T07:59:05Z', - ], - 'SecretType' => [ - 'description' => 'The time when the secret was created.'."\n", - 'type' => 'string', - 'example' => 'Generic', - ], - 'PlannedDeleteTime' => [ - 'description' => 'The resource tags of the secret.'."\n" - ."\n" - .'This parameter is not returned if you set the FetchTags parameter to false or do not specify the FetchTags parameter.'."\n", - 'type' => 'string', - 'example' => '2022-08-17T07:59:05Z', - ], - 'CreateTime' => [ - 'description' => 'The tag value.'."\n", - 'type' => 'string', - 'example' => '2022-07-17T07:59:05Z', - ], - 'Tags' => [ - 'type' => 'object', - 'itemNode' => true, - 'properties' => [ - 'Tag' => [ - 'description' => 'The tag key.'."\n", - 'type' => 'array', - 'items' => [ - 'type' => 'object', - 'properties' => [ - 'TagValue' => [ - 'description' => '', - 'type' => 'string', - 'example' => 'val1', - ], - 'TagKey' => [ - 'description' => '', - 'type' => 'string', - 'example' => 'key1', - ], - ], - ], - ], - ], - ], - 'OwingService' => [ - 'type' => 'string', - ], + 'KeyId' => ['description' => 'The CMK to which an alias is bound.'."\n", 'type' => 'string', 'example' => '08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****', 'title' => ''], + 'AliasArn' => ['description' => 'The Alibaba Cloud Resource Name (ARN) of the alias.'."\n", 'type' => 'string', 'example' => 'acs:kms:cn-hangzhou:123456:alias/ExampleAlias1', 'title' => ''], + 'AliasName' => ['description' => 'The ID of the alias.'."\n", 'type' => 'string', 'example' => 'alias/ExampleAlias1', 'title' => ''], ], + 'description' => '', + 'title' => '', ], ], ], ], ], + 'description' => '', + 'title' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'some of the specified parameters "\\" is not valid', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], - 403 => [ - [ - 'errorCode' => 'Forbidden.NoPermission', - 'errorMessage' => 'This operation is forbidden by permission system', - ], - ], - [ - [ - 'errorCode' => 'Forbidden.ResourceNotFound', - 'errorMessage' => 'Resource not found', - ], - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], - ], - 500 => [ - [ - 'errorCode' => 'InternalFailure', - 'errorMessage' => 'Internal Failure', - ], + 404 => [ + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 2,\\n \\"RequestId\\": \\"6a6287a0-ff34-4780-a790-fdfca900557f\\",\\n \\"TotalCount\\": 55,\\n \\"SecretList\\": {\\n \\"Secret\\": [\\n {\\n \\"SecretName\\": \\"secret001\\",\\n \\"UpdateTime\\": \\"2024-07-17T07:59:05Z\\",\\n \\"SecretType\\": \\"Generic\\",\\n \\"PlannedDeleteTime\\": \\"2024-08-17T07:59:05Z\\",\\n \\"CreateTime\\": \\"2024-07-17T07:59:05Z\\",\\n \\"Tags\\": {\\n \\"Tag\\": [\\n {\\n \\"TagValue\\": \\"val1\\",\\n \\"TagKey\\": \\"key1\\"\\n }\\n ]\\n },\\n \\"OwingService\\": \\"\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListSecretsResponse>\\n <PageNumber>1</PageNumber>\\n <PageSize>2</PageSize>\\n <RequestId>6a6287a0-ff34-4780-a790-fdfca900557f</RequestId>\\n <TotalCount>55</TotalCount>\\n <SecretList>\\n <SecretName>secret001</SecretName>\\n <UpdateTime>2024-07-17T07:59:05Z</UpdateTime>\\n <SecretType>Generic</SecretType>\\n <PlannedDeleteTime>2024-08-17T07:59:05Z</PlannedDeleteTime>\\n <CreateTime>2024-07-17T07:59:05Z</CreateTime>\\n <Tags>\\n <TagValue>val1</TagValue>\\n <TagKey>key1</TagKey>\\n </Tags>\\n </SecretList>\\n</ListSecretsResponse>","errorExample":""}]', - 'title' => 'ListSecrets', - 'summary' => 'Queries all secrets created by the current Alibaba Cloud account in the current region.', - 'description' => 'Specifies whether to return the resource tags of the secret. Valid values:'."\n" - ."\n" - .'* true: returns the resource tags.'."\n" - .'* false: does not return the resource tags. This is the default value.'."\n", + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"1b57992c-834b-4811-a889-f8bac1ba0353\\",\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 1,\\n \\"Aliases\\": {\\n \\"Alias\\": [\\n {\\n \\"KeyId\\": \\"08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****\\",\\n \\"AliasArn\\": \\"acs:kms:cn-hangzhou:123456:alias/ExampleAlias1\\",\\n \\"AliasName\\": \\"alias/ExampleAlias1\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListAliasesByKeyIdResponse>\\n <RequestId>1b57992c-834b-4811-a889-f8bac1ba0353</RequestId>\\n <PageNumber>1</PageNumber>\\n <PageSize>10</PageSize>\\n <TotalCount>1</TotalCount>\\n <Aliases>\\n <KeyId>08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****</KeyId>\\n <AliasArn>acs:kms:cn-hangzhou:123456:alias/ExampleAlias1</AliasArn>\\n <AliasName>alias/ExampleAlias1</AliasName>\\n </Aliases>\\n</ListAliasesByKeyIdResponse>","errorExample":""}]', + 'title' => 'ListAliasesByKeyId', + 'summary' => 'Queries all aliases that are bound to a key.', 'requestParamsDescription' => ' ', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'DescribeSecret' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [ + ['createdAt' => '2022-09-22T11:56:41.000Z', 'description' => 'Error codes changed'], ], + ], + 'ListApplicationAccessPoints' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'readAndWrite', + 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'get', - 'abilityTreeCode' => '54562', - 'abilityTreeNodes' => [ - 'FEATUREkms52EQP9', - ], + 'operationType' => 'list', + 'abilityTreeCode' => '54646', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], + 'tenantRelevance' => 'publicInformation', ], 'parameters' => [ [ - 'name' => 'SecretName', + 'name' => 'PageNumber', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'secret001', - ], + 'schema' => ['description' => 'The page number. Default value: 1.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', 'title' => ''], ], [ - 'name' => 'FetchTags', + 'name' => 'PageSize', 'in' => 'query', - 'schema' => [ - 'description' => 'Specifies whether to return the resource tags of the secret. Valid values:'."\n" - ."\n" - .'* true: The resource tags are returned.'."\n" - .'* false: The resource tags are not returned. This is the default value.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'true', - 'default' => 'false', - 'enum' => [ - 'false', - 'true', - ], - ], + 'schema' => ['description' => 'The number of entries per page. Valid values: 1 to 100. Default value: 20.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''], ], ], 'responses' => [ @@ -6939,183 +5142,64 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'UpdateTime' => [ - 'description' => 'The time when the secret was updated.'."\n", - 'type' => 'string', - 'example' => '2022-02-21T15:39:26Z', - ], - 'CreateTime' => [ - 'description' => 'The time when the secret was created.'."\n", - 'type' => 'string', - 'example' => '2022-02-21T15:39:26Z', - ], - 'NextRotationDate' => [ - 'description' => 'The time when the next rotation will be performed.'."\n" - ."\n" - .'> This parameter is returned when automatic rotation is enabled.'."\n", - 'type' => 'string', - 'example' => '2022-07-06T18:22:03Z', - ], - 'EncryptionKeyId' => [ - 'description' => 'The ID of the customer master key (CMK) that is used to encrypt the secret value.'."\n", - 'type' => 'string', - 'example' => '00aa68af-2c02-4f68-95fe-3435d330****', - ], - 'RotationInterval' => [ - 'description' => 'The interval for automatic rotation.'."\n" - ."\n" - .'The value is in the `integer[unit]` format. `integer` indicates the length of time. `unit`: indicates the time unit. The value of `unit` is fixed as s. For example, if the value is 604800s, automatic rotation is performed at a 7-day interval.'."\n" - ."\n" - .'> This parameter is returned when automatic rotation is enabled.'."\n", - 'type' => 'string', - 'example' => '3153600s', - ], - 'Arn' => [ - 'description' => 'The Alibaba Cloud Resource Name (ARN) of the secret.'."\n", - 'type' => 'string', - 'example' => 'acs:kms:cn-hangzhou:154035569884****:secret/secret001', - ], - 'ExtendedConfig' => [ - 'description' => 'The extended configuration of the secret.'."\n" - ."\n" - .'> This parameter is returned only for a managed ApsaraDB RDS secret, a managed Resource Access Management (RAM) secret, or a managed Elastic Compute Service (ECS) secret.'."\n", - 'type' => 'string', - 'example' => '{\\"SecretSubType\\":\\"SingleUser\\", \\"DBInstanceId\\":\\"rm-uf667446pc955****\\", \\"CustomData\\":{} }', - ], - 'LastRotationDate' => [ - 'description' => 'The time when the last rotation was performed.'."\n" - ."\n" - .'> This parameter is returned if the secret was rotated.'."\n", - 'type' => 'string', - 'example' => '2022-07-05T08:22:03Z', - ], - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '93348dfb-3627-4417-8d90-487a76a909c9', - ], - 'Description' => [ - 'description' => 'The description of the secret.'."\n", - 'type' => 'string', - 'example' => 'userinfo', - ], - 'SecretName' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'example' => 'secret001', - ], - 'AutomaticRotation' => [ - 'description' => 'Indicates whether automatic rotation is enabled. Valid values:'."\n" - ."\n" - .'* Enabled: indicates that automatic rotation is enabled.'."\n" - .'* Disabled: indicates that automatic rotation is disabled.'."\n" - .'* Invalid: indicates that the status of automatic rotation is abnormal. In this case, Secrets Manager cannot automatically rotate the secret.'."\n" - ."\n" - .'> This parameter is returned only for a managed ApsaraDB RDS secret, a managed RAM secret, or a managed ECS secret.'."\n", - 'type' => 'string', - 'example' => 'Enabled', - ], - 'SecretType' => [ - 'description' => 'The type of the secret. Valid values:'."\n" - ."\n" - .'* Generic: indicates a generic secret.'."\n" - .'* Rds: indicates a managed ApsaraDB RDS secret.'."\n" - .'* RAMCredentials: indicates a managed RAM secret.'."\n" - .'* ECS: indicates a managed ECS secret.'."\n", - 'type' => 'string', - 'example' => 'Rds', - ], - 'PlannedDeleteTime' => [ - 'description' => 'The time when the secret is scheduled to be deleted.'."\n", - 'type' => 'string', - 'example' => '2022-03-21T15:45:12Z', - ], - 'DKMSInstanceId' => [ - 'description' => 'The ID of the dedicated KMS instance.'."\n", - 'type' => 'string', - 'example' => 'kst-bjj62d8f5e0sgtx8h****', - ], - 'Tags' => [ + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'bcfefe15-46f0-44a3-bd96-3d422474b71a', 'title' => ''], + 'PageNumber' => ['description' => 'The page number.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], + 'PageSize' => ['description' => 'The number of entries per page.', 'type' => 'integer', 'format' => 'int32', 'example' => '10', 'title' => ''], + 'TotalCount' => ['description' => 'The total number of entries returned.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], + 'ApplicationAccessPoints' => [ 'type' => 'object', 'itemNode' => true, 'properties' => [ - 'Tag' => [ - 'description' => 'The resource tags of the secret.'."\n" - ."\n" - .'This parameter is not returned if you set the FetchTags parameter to false or you do not specify the FetchTags parameter.'."\n", + 'ApplicationAccessPoint' => [ + 'description' => 'A list of AAPs.', 'type' => 'array', 'items' => [ + 'description' => 'A list of AAPs.', 'type' => 'object', 'properties' => [ - 'TagValue' => [ - 'description' => 'The tag value.'."\n", - 'type' => 'string', - 'example' => 'val1', - ], - 'TagKey' => [ - 'description' => 'The tag key.'."\n", - 'type' => 'string', - 'example' => 'key1', - ], + 'Name' => ['description' => 'The name of the AAP.', 'type' => 'string', 'example' => 'aap_test', 'title' => ''], + 'AuthenticationMethod' => ['description' => 'The authentication method.', 'type' => 'string', 'example' => 'ClientKey', 'title' => ''], ], + 'title' => '', + 'example' => '', ], + 'title' => '', + 'example' => '', ], ], - ], - 'OwingService' => [ - 'type' => 'string', + 'description' => '', + 'title' => '', + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'IllegalTimestamp', - 'errorMessage' => 'The input parameter Timestamp that is mandatory for processing this request is not supplied.', - ], - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], - ], - 403 => [ - [ - 'errorCode' => 'Forbidden.NoPermission', - 'errorMessage' => 'You are not authorized to perform the operation.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], - [ - [ - 'errorCode' => 'Forbidden.ResourceNotFound', - 'errorMessage' => 'Resource not found', - ], - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + 404 => [ + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"UpdateTime\\": \\"2024-02-21T15:39:26Z\\",\\n \\"CreateTime\\": \\"2024-02-21T15:39:26Z\\",\\n \\"NextRotationDate\\": \\"2024-07-06T18:22:03Z\\",\\n \\"EncryptionKeyId\\": \\"key-hzz63ca8cbe3hefht****\\",\\n \\"RotationInterval\\": \\"3153600s\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:154035569884****:secret/secret001\\",\\n \\"ExtendedConfig\\": \\"{\\\\\\\\\\\\\\"AccountName\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"kms\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"Database\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"kmsdata\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"AccountPrivilege\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"RoleReadOnly\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"CloneAccountName\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"kms_clone\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"CustomData\\\\\\\\\\\\\\":{},\\\\\\\\\\\\\\"InstanceId\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"pc-bp134f7hnijoey****\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"RegionId\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"cn-hangzhou\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"SecretSubType\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"DoubleUsers\\\\\\\\\\\\\\"}\\\\\\"\\",\\n \\"LastRotationDate\\": \\"2022-07-05T08:22:03Z\\",\\n \\"RequestId\\": \\"93348dfb-3627-4417-8d90-487a76a909c9\\",\\n \\"Description\\": \\"userinfo\\",\\n \\"SecretName\\": \\"secret001\\",\\n \\"AutomaticRotation\\": \\"Enabled\\",\\n \\"SecretType\\": \\"Rds\\",\\n \\"PlannedDeleteTime\\": \\"2025-03-21T15:45:12Z\\",\\n \\"DKMSInstanceId\\": \\"kst-bjj62d8f5e0sgtx8h****\\",\\n \\"Tags\\": {\\n \\"Tag\\": [\\n {\\n \\"TagValue\\": \\"val1\\",\\n \\"TagKey\\": \\"key1\\"\\n }\\n ]\\n },\\n \\"OwingService\\": \\"\\"\\n}","errorExample":""},{"type":"xml","example":"<DescribeSecretResponse>\\n <UpdateTime>2024-02-21T15:39:26Z</UpdateTime>\\n <CreateTime>2024-02-21T15:39:26Z</CreateTime>\\n <NextRotationDate>2024-07-06T18:22:03Z</NextRotationDate>\\n <EncryptionKeyId>key-hzz63ca8cbe3hefht****</EncryptionKeyId>\\n <RotationInterval>3153600s</RotationInterval>\\n <Arn>acs:kms:cn-hangzhou:154035569884****:secret/secret001</Arn>\\n <ExtendedConfig>{\\\\\\"SecretSubType\\\\\\":\\\\\\"SingleUser\\\\\\", \\\\\\"DBInstanceId\\\\\\":\\\\\\"rm-uf667446pc955****\\\\\\", \\\\\\"CustomData\\\\\\":{} }</ExtendedConfig>\\n <LastRotationDate>2022-07-05T08:22:03Z</LastRotationDate>\\n <RequestId>93348dfb-3627-4417-8d90-487a76a909c9</RequestId>\\n <Description>userinfo</Description>\\n <SecretName>secret001</SecretName>\\n <AutomaticRotation>Enabled</AutomaticRotation>\\n <SecretType>Rds</SecretType>\\n <PlannedDeleteTime>2025-03-21T15:45:12Z</PlannedDeleteTime>\\n <DKMSInstanceId>kst-bjj62d8f5e0sgtx8h****</DKMSInstanceId>\\n <Tags>\\n <TagValue>val1</TagValue>\\n <TagKey>key1</TagKey>\\n </Tags>\\n</DescribeSecretResponse>","errorExample":""}]', - 'title' => 'DescribeSecret', - 'summary' => 'Queries the metadata of a secret.', - 'description' => 'This operation returns the metadata of a secret. This operation does not return the secret value.'."\n" - ."\n" - .'In this example, the metadata of the secret named `secret001` is queried.'."\n", - 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', - ], - 'GetSecretValue' => [ - 'summary' => 'Queries a secret value.', - 'methods' => [ - 'post', - 'get', + 'title' => 'ListApplicationAccessPoints', + 'summary' => 'Queries all application access points (AAPs) in the current region.', + 'description' => 'For more information about the access policy required by a RAM user or RAM role to call this API, see [Resource Access Management](~~2767210~~).', + 'changeSet' => [ + ['createdAt' => '2025-10-16T05:41:36.000Z', 'description' => 'OpenAPI offline'], ], - 'schemes' => [ - 'https', + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"bcfefe15-46f0-44a3-bd96-3d422474b71a\\",\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 1,\\n \\"ApplicationAccessPoints\\": {\\n \\"ApplicationAccessPoint\\": [\\n {\\n \\"Name\\": \\"aap_test\\",\\n \\"AuthenticationMethod\\": \\"ClientKey\\"\\n }\\n ]\\n }\\n}","type":"json"}]', + ], + 'ListClientKeys' => [ + 'methods' => ['get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -7124,72 +5208,16 @@ 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'get', - 'abilityTreeCode' => '54580', - 'abilityTreeNodes' => [ - 'FEATUREkms52EQP9', - ], - 'tenantRelevance' => 'tenant', + 'operationType' => 'list', + 'abilityTreeCode' => '54637', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], + 'tenantRelevance' => 'publicInformation', ], 'parameters' => [ [ - 'name' => 'SecretName', - 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'secret001', - ], - ], - [ - 'name' => 'VersionStage', - 'in' => 'query', - 'schema' => [ - 'description' => 'The stage label that marks the secret version. If you specify this parameter, Secrets Manager returns the secret value of the version that is marked with the specified stage label.'."\n" - ."\n" - .'Default value: ACSCurrent.'."\n" - ."\n" - .'> For a managed ApsaraDB RDS secret, a managed RAM secret, or a managed ECS secret, Secrets Manager can return only the secret value of the version marked with ACSPrevious or ACSCurrent.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'ACSCurrent', - ], - ], - [ - 'name' => 'VersionId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The version number of the secret value. If you specify this parameter, Secrets Manager returns the secret value of the specified version.'."\n" - ."\n" - .'> This parameter is ignored for a managed ApsaraDB RDS secret, a managed RAM secret, or a managed ECS secret.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => '00000000000000000000000000000001', - ], - ], - [ - 'name' => 'FetchExtendedConfig', + 'name' => 'AapName', 'in' => 'query', - 'schema' => [ - 'description' => 'Specifies whether to obtain the extended configuration of the secret. Valid values:'."\n" - ."\n" - .'* true'."\n" - .'* false: This is the default value.'."\n" - ."\n" - .'> This parameter is ignored for a generic secret.'."\n", - 'type' => 'boolean', - 'required' => false, - 'example' => 'true', - ], - ], - [ - 'name' => 'DryRun', - 'in' => 'query', - 'schema' => [ - 'type' => 'string', - ], + 'schema' => ['description' => 'The name of the application access point (AAP).', 'type' => 'string', 'required' => false, 'docRequired' => false, 'example' => 'aap_test', 'title' => ''], ], ], 'responses' => [ @@ -7197,161 +5225,52 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'SecretDataType' => [ - 'description' => 'The type of the secret value. Valid values:'."\n" - ."\n" - .'* text'."\n" - .'* binary'."\n", - 'type' => 'string', - 'example' => 'binary', - ], - 'CreateTime' => [ - 'description' => 'The time when the secret was created.'."\n", - 'type' => 'string', - 'example' => '2020-02-21T15:39:26Z', - ], - 'VersionId' => [ - 'description' => 'The version number of the secret value.'."\n", - 'type' => 'string', - 'example' => '00000000000000000000000000000001', - ], - 'NextRotationDate' => [ - 'description' => 'The time when the next rotation will be performed.'."\n" - ."\n" - .'> This parameter is returned if automatic rotation is enabled.'."\n", - 'type' => 'string', - 'example' => '2020-07-06T18:22:03Z', - ], - 'SecretData' => [ - 'description' => 'The secret value. Secrets Manager decrypts the ciphertext of the secret value and returns the plaintext of the secret value in this parameter.'."\n" - ."\n" - .'* For a generic secret, the secret value of the specified version is returned.'."\n" - ."\n" - .'* For a managed ApsaraDB RDS secret, the value is returned in the following format:`{"AccountName":"","AccountPassword":""}` .'."\n" - ."\n" - .'* For a managed RAM secret, the secret value is returned in the following format: `{"AccessKeyId":"Adfdsfd","AccessKeySecret":"fdsfdsf","GenerateTimestamp": "2016-03-25T10:42:40Z"}`.'."\n" - ."\n" - .'* For a managed ECS secret, the secret value is returned in one of the following formats:'."\n" - ."\n" - .' * `{"UserName":"root","Password":"H5asdasdsads****"}`: The secret value is returned in this format if the ECS secret is a password.'."\n" - .' * `{"UserName":"root","PublicKey":"ssh-rsa ****mKwnVix9YTFY9Rs= imported-openssh-key","PrivateKey": "d6bee1cb-2e14-4277-ba6b-73786b21****"}`: The secret value is returned in this format is the ECS secret is a pair of SSH keys. The private key is in the Privacy Enhanced Mail (PEM) format.'."\n", - 'type' => 'string', - 'example' => 'testdata1', - ], - 'RotationInterval' => [ - 'description' => 'The interval for automatic rotation.'."\n" - ."\n" - .'The value is in the `integer[unit]` format. The `unit` field has a fixed value of s. For example, if the value is 604800s, automatic rotation is performed at a 7-day interval.'."\n" - ."\n" - .'> This parameter is returned if automatic rotation is enabled.'."\n", - 'type' => 'string', - 'example' => '604800s', - ], - 'ExtendedConfig' => [ - 'description' => 'The extended configuration of the secret.'."\n" - ."\n" - .'> This parameter is returned if you set the FetchExtendedConfig parameter to true. This parameter is returned only for a managed ApsaraDB RDS secret, a managed RAM secret, or a managed ECS secret.'."\n", - 'type' => 'string', - 'example' => '{\\"SecretSubType\\":\\"SingleUser\\", \\"DBInstanceId\\":\\"rm-uf667446pc955****\\", \\"CustomData\\":{} }', - ], - 'LastRotationDate' => [ - 'description' => 'The time when the last rotation was performed.'."\n" - ."\n" - .'> This parameter is returned if the secret was rotated.'."\n", - 'type' => 'string', - 'example' => '2020-07-05T08:22:03Z', - ], - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => '6a3e9c36-1150-4881-84d3-eb8672fcafad', - ], - 'SecretName' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'example' => 'secret001', - ], - 'AutomaticRotation' => [ - 'description' => 'Indicates whether automatic rotation is enabled. Valid values:'."\n" - ."\n" - .'* Enabled: indicates that automatic rotation is enabled.'."\n" - .'* Disabled: indicates that automatic rotation is disabled.'."\n" - .'* Invalid: indicates that the status of automatic rotation is abnormal. In this case, Secrets Manager cannot automatically rotate the secret.'."\n" - ."\n" - .'> This parameter is returned only for a managed ApsaraDB RDS secret, a managed RAM secret, or a managed ECS secret.'."\n", - 'type' => 'string', - 'example' => 'Enabled', - ], - 'SecretType' => [ - 'description' => 'The type of the secret. Valid values:'."\n" - ."\n" - .'* Generic: indicates a generic secret.'."\n" - .'* Rds: indicates a managed ApsaraDB RDS secret.'."\n" - .'* RAMCredentials: indicates a managed RAM secret.'."\n" - .'* ECS: indicates a managed ECS secret.'."\n", - 'type' => 'string', - 'example' => 'Generic', - ], - 'VersionStages' => [ - 'type' => 'object', - 'itemNode' => true, - 'properties' => [ - 'VersionStage' => [ - 'description' => 'The stage labels that mark the secret versions.'."\n", - 'type' => 'array', - 'items' => [ - 'description' => '', - 'type' => 'string', - 'example' => '{ "VersionStage": [ "ACSCurrent" ] }', - ], + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '2312e45f-b2fa-4c34-ad94-3eca50932916', 'title' => ''], + 'ClientKeys' => [ + 'description' => 'A list of client keys.', + 'type' => 'array', + 'items' => [ + 'description' => 'A list of client keys.', + 'type' => 'object', + 'properties' => [ + 'ClientKeyId' => ['description' => 'The ID of the client key.', 'type' => 'string', 'example' => 'KAAP.66abf237-63f6-4625-b8cf-47e1086e****', 'title' => ''], + 'CreateTime' => ['description' => 'The time when the client key was created.', 'type' => 'string', 'example' => '2023-08-31T09:14:38Z', 'title' => ''], + 'PublicKeyData' => ['description' => 'The public key of the client key.', 'type' => 'string', 'example' => '-----BEGIN CERTIFICATE-----\\nMIIDcjCCAlqgAwIBAgIQT/sAVRxwYp54mrw****-----END CERTIFICATE-----', 'title' => ''], + 'KeyAlgorithm' => ['description' => 'The private key algorithm of the client key.', 'type' => 'string', 'example' => 'RSA_2048', 'title' => ''], + 'NotBefore' => ['description' => 'The beginning of the validity period of the client key.', 'type' => 'string', 'example' => '2023-08-31T17:14:33Z', 'title' => ''], + 'NotAfter' => ['description' => 'The end of the validity period of the client key.', 'type' => 'string', 'example' => '2028-08-31T17:14:33Z', 'title' => ''], + 'KeyOrigin' => ['description' => 'The provider of the client key.'."\n" + ."\n" + .'Currently, only KMS is supported. The value is fixed as KMS\\_PROVIDED.', 'type' => 'string', 'example' => 'KMS_PROVIDED', 'title' => ''], + 'AapName' => ['description' => 'The name of the AAP.', 'type' => 'string', 'example' => 'aap_test', 'title' => ''], ], + 'title' => '', + 'example' => '', ], + 'title' => '', + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], - 'errorCodes' => [ - 403 => [ - [ - 'errorCode' => 'Forbidden.DKMSInstanceStateInvalid', - 'errorMessage' => 'The DKMS instance state is invalid.', - ], - [ - 'errorCode' => 'Forbidden.DKMSInstanceNotFound', - 'errorMessage' => 'The specified DKMS Instance is not found.', - ], - ], - [ - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], - [ - 'errorCode' => 'Forbidden.ResourceNotFound', - 'errorMessage' => 'Resource not found.', - ], - ], - ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretDataType\\": \\"binary\\",\\n \\"CreateTime\\": \\"2024-02-21T15:39:26Z\\",\\n \\"VersionId\\": \\"v1\\",\\n \\"NextRotationDate\\": \\"2024-07-06T18:22:03Z\\",\\n \\"SecretData\\": \\"testdata1\\",\\n \\"RotationInterval\\": \\"604800s\\",\\n \\"ExtendedConfig\\": \\"{\\\\\\\\\\\\\\"SecretSubType\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"SingleUser\\\\\\\\\\\\\\", \\\\\\\\\\\\\\"DBInstanceId\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"rm-uf667446pc955****\\\\\\\\\\\\\\", \\\\\\\\\\\\\\"CustomData\\\\\\\\\\\\\\":{} }\\",\\n \\"LastRotationDate\\": \\"2023-07-05T08:22:03Z\\",\\n \\"RequestId\\": \\"6a3e9c36-1150-4881-84d3-eb8672fcafad\\",\\n \\"SecretName\\": \\"secret001\\",\\n \\"AutomaticRotation\\": \\"Enabled\\",\\n \\"SecretType\\": \\"Generic\\",\\n \\"VersionStages\\": {\\n \\"VersionStage\\": [\\n \\"{ \\\\\\"VersionStage\\\\\\": [ \\\\t\\\\\\"ACSCurrent\\\\\\" \\\\t] }\\"\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<GetSecretValueResponse>\\n <SecretDataType>binary</SecretDataType>\\n <CreateTime>2024-02-21T15:39:26Z</CreateTime>\\n <VersionId>v1</VersionId>\\n <NextRotationDate>2024-07-06T18:22:03Z</NextRotationDate>\\n <SecretData>testdata1</SecretData>\\n <RotationInterval>604800s</RotationInterval>\\n <ExtendedConfig>{\\\\\\"SecretSubType\\\\\\":\\\\\\"SingleUser\\\\\\", \\\\\\"DBInstanceId\\\\\\":\\\\\\"rm-uf667446pc955****\\\\\\", \\\\\\"CustomData\\\\\\":{} }</ExtendedConfig>\\n <LastRotationDate>2023-07-05T08:22:03Z</LastRotationDate>\\n <RequestId>6a3e9c36-1150-4881-84d3-eb8672fcafad</RequestId>\\n <SecretName>secret001</SecretName>\\n <AutomaticRotation>Enabled</AutomaticRotation>\\n <SecretType>Generic</SecretType>\\n <VersionStages>{ \\"VersionStage\\": [ \\t\\"ACSCurrent\\" \\t] }</VersionStages>\\n</GetSecretValueResponse>","errorExample":""}]', - 'title' => 'GetSecretValue', - 'description' => 'If you do not specify a version number or stage label, Secrets Manager returns the secret value of the version marked with ACSCurrent.'."\n" - ."\n" - .'If a customer master key (CMK) is specified to encrypt the secret value, you must also have the `kms:Decrypt` permission on the CMK to call the GetSecretValue operation.'."\n" - ."\n" - .'In this example, the value of the secret named `secret001` is obtained. The secret value is returned in the `SecretData` parameter. The secret value is `testdata1`.'."\n", - 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', - ], - 'ListSecretVersionIds' => [ - 'methods' => [ - 'post', - 'get', + 'title' => 'ListClientKeys', + 'summary' => 'Queries all client keys within an AAP.', + 'description' => 'For more information about the access policy required by a RAM user or RAM role to call this API, see [Resource Access Management](~~2767210~~).', + 'changeSet' => [ + ['createdAt' => '2025-10-16T05:41:35.000Z', 'description' => 'OpenAPI offline'], ], - 'schemes' => [ - 'https', + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"2312e45f-b2fa-4c34-ad94-3eca50932916\\",\\n \\"ClientKeys\\": [\\n {\\n \\"ClientKeyId\\": \\"KAAP.66abf237-63f6-4625-b8cf-47e1086e****\\",\\n \\"CreateTime\\": \\"2023-08-31T09:14:38Z\\",\\n \\"PublicKeyData\\": \\"-----BEGIN CERTIFICATE-----\\\\\\\\nMIIDcjCCAlqgAwIBAgIQT/sAVRxwYp54mrw****-----END CERTIFICATE-----\\",\\n \\"KeyAlgorithm\\": \\"RSA_2048\\",\\n \\"NotBefore\\": \\"2023-08-31T17:14:33Z\\",\\n \\"NotAfter\\": \\"2028-08-31T17:14:33Z\\",\\n \\"KeyOrigin\\": \\"KMS_PROVIDED\\",\\n \\"AapName\\": \\"aap_test\\"\\n }\\n ]\\n}","type":"json"}]', + ], + 'ListKeyVersions' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -7359,62 +5278,30 @@ ], 'operationType' => 'read', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'get', - ], + 'systemTags' => ['operationType' => 'get'], 'parameters' => [ [ - 'name' => 'SecretName', + 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'secret001', - ], - ], - [ - 'name' => 'IncludeDeprecated', - 'in' => 'query', - 'schema' => [ - 'description' => 'Specifies whether to return deprecated secret versions.'."\n" - ."\n" - .'Valid values:'."\n" - ."\n" - .'* false: no'."\n" - .'* true: yes'."\n" - ."\n" - .'Default value: false.'."\n", - 'type' => 'string', - 'required' => false, - 'docRequired' => false, - 'example' => 'false', - ], + 'schema' => ['description' => 'The globally unique ID of the CMK. You can also set this parameter to an alias that is bound to the CMK. For more information, see [Use aliases](~~68522~~).', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'key-hzz630494463ejqjx****', 'title' => ''], ], [ 'name' => 'PageNumber', 'in' => 'query', - 'schema' => [ - 'description' => 'The number of the page to return. Default value: 1.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'docRequired' => false, - 'example' => '1', - ], + 'schema' => ['description' => 'The number of the page to return.'."\n" + ."\n" + .'Pages start from page 1.'."\n" + ."\n" + .'Default value: 1.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'docRequired' => true, 'example' => '1', 'title' => ''], ], [ 'name' => 'PageSize', 'in' => 'query', - 'schema' => [ - 'description' => 'The number of entries to return on each page. Default value: 10.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'docRequired' => false, - 'example' => '10', - ], + 'schema' => ['description' => 'The number of entries to return on each page.'."\n" + ."\n" + .'Valid values: 0 to 101.'."\n" + ."\n" + .'Default value: 10.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''], ], ], 'responses' => [ @@ -7422,120 +5309,69 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'SecretName' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'example' => 'secret001', - ], - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '5b75d8b1-5b6a-4ec0-8e0c-c08befdfad47', - ], - 'PageSize' => [ - 'description' => 'The number of entries returned per page.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '10', - ], - 'PageNumber' => [ - 'description' => 'The page number of the returned page.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '1', - ], - 'TotalCount' => [ - 'description' => 'The number of entries returned on the current page.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '4', - ], - 'VersionIds' => [ + 'PageSize' => ['description' => 'The number of entries returned per page.', 'type' => 'integer', 'format' => 'int32', 'example' => '10', 'title' => ''], + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'f71204c4-53cd-4eea-b405-653ba2db7e86', 'title' => ''], + 'PageNumber' => ['description' => 'The page number of the returned page.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], + 'TotalCount' => ['description' => 'The total number of returned key versions.', 'type' => 'integer', 'format' => 'int32', 'example' => '3', 'title' => ''], + 'KeyVersions' => [ 'type' => 'object', 'itemNode' => true, 'properties' => [ - 'VersionId' => [ - 'description' => 'The list of secret versions.'."\n", + 'KeyVersion' => [ + 'description' => 'An array that consists of key versions.', + 'title' => '', 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ - 'VersionId' => [ - 'description' => 'The version number.'."\n", - 'type' => 'string', - 'example' => '00000000000000000000000000000000203', - ], - 'CreateTime' => [ - 'description' => 'The time when the secret version was created.'."\n", - 'type' => 'string', - 'example' => '2020-02-21T15:39:26Z', - ], - 'VersionStages' => [ - 'type' => 'object', - 'itemNode' => true, - 'properties' => [ - 'VersionStage' => [ - 'description' => 'The stage labels that mark the secret version.'."\n", - 'type' => 'array', - 'items' => [ - 'description' => '', - 'type' => 'string', - 'example' => '{ "VersionStage": [ "ACSCurrent", "UStage1", "Ustage2" ] }', - ], - ], - ], - ], + 'KeyId' => ['description' => 'The globally unique ID of the CMK.'."\n" + ."\n" + .'> If you set the KeyId parameter to the alias of the CMK, the ID of the CMK to which the alias is bound is returned.', 'type' => 'string', 'example' => 'key-hzz630494463ejqjx****', 'title' => ''], + 'KeyVersionId' => ['description' => 'The globally unique ID of the CMK version.', 'type' => 'string', 'example' => '1e3304fd-68ac-4d5b-8886-ae5f01a1****', 'title' => ''], + 'CreationDate' => ['description' => 'The date and time when the CMK version was created. The time is displayed in UTC.', 'type' => 'string', 'example' => '2024-03-25T10:42:40Z', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'some of the specified parameters "\\" is not valid', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], - 403 => [ - [ - 'errorCode' => 'Forbidden.NoPermission', - 'errorMessage' => 'This operation is forbidden by permission system', - ], - ], - [ - [ - 'errorCode' => 'Forbidden.ResourceNotFound', - 'errorMessage' => 'Resource not found', - ], - ], - 500 => [ - [ - 'errorCode' => 'InternalFailure', - 'errorMessage' => 'Internal Failure', - ], + 404 => [ + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretName\\": \\"secret001\\",\\n \\"RequestId\\": \\"5b75d8b1-5b6a-4ec0-8e0c-c08befdfad47\\",\\n \\"PageSize\\": 10,\\n \\"PageNumber\\": 1,\\n \\"TotalCount\\": 1,\\n \\"VersionIds\\": {\\n \\"VersionId\\": [\\n {\\n \\"VersionId\\": \\"v1\\",\\n \\"CreateTime\\": \\"2024-02-21T15:39:26Z\\",\\n \\"VersionStages\\": {\\n \\"VersionStage\\": [\\n \\"{\\\\\\"VersionStage\\\\\\": [\\\\\\"ACSCurrent\\\\\\",\\\\\\"uStage1\\\\\\"]}\\"\\n ]\\n }\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListSecretVersionIdsResponse>\\n <SecretName>secret001</SecretName>\\n <RequestId>5b75d8b1-5b6a-4ec0-8e0c-c08befdfad47</RequestId>\\n <PageSize>10</PageSize>\\n <PageNumber>1</PageNumber>\\n <TotalCount>1</TotalCount>\\n <VersionIds>\\n <VersionId>v1</VersionId>\\n <CreateTime>2024-02-21T15:39:26Z</CreateTime>\\n <VersionStages>{\\"VersionStage\\": [\\"ACSCurrent\\",\\"uStage1\\"]}</VersionStages>\\n </VersionIds>\\n</ListSecretVersionIdsResponse>","errorExample":""}]', - 'title' => 'ListSecretVersionIds', - 'summary' => 'Queries all versions of a secret.', - 'description' => 'The secret value is not included in the returned version information. By default, deprecated secret versions are not returned.'."\n", + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"PageSize\\": 10,\\n \\"RequestId\\": \\"f71204c4-53cd-4eea-b405-653ba2db7e86\\",\\n \\"PageNumber\\": 1,\\n \\"TotalCount\\": 3,\\n \\"KeyVersions\\": {\\n \\"KeyVersion\\": [\\n {\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"KeyVersionId\\": \\"1e3304fd-68ac-4d5b-8886-ae5f01a1****\\",\\n \\"CreationDate\\": \\"2024-03-25T10:42:40Z\\"\\n }\\n ]\\n }\\n}","type":"json"}]', + 'title' => 'ListKeyVersions', + 'summary' => 'Queries all versions of a specified CMK.', + 'description' => 'For more information about the access policy required by a RAM user or RAM role to call this API, see [Resource Access Management](~~2767210~~).', 'requestParamsDescription' => ' ', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'GetRandomPassword' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'ListKeys' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -7545,145 +5381,65 @@ 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', - 'abilityTreeCode' => '54579', - 'abilityTreeNodes' => [ - 'FEATUREkms52EQP9', - ], + 'abilityTreeCode' => '54591', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], 'tenantRelevance' => 'publicInformation', ], 'parameters' => [ [ - 'name' => 'PasswordLength', - 'in' => 'query', - 'schema' => [ - 'description' => 'The number of bytes that the password to be generated contains.'."\n" - ."\n" - .'Valid values: 8 to 128.'."\n" - ."\n" - .'Default value: 32'."\n", - 'type' => 'string', - 'required' => false, - 'docRequired' => false, - 'example' => '32', - 'default' => '32', - ], - ], - [ - 'name' => 'ExcludeCharacters', - 'in' => 'query', - 'schema' => [ - 'description' => 'The characters that are not included in the password to be generated.'."\n" - ."\n" - .'Valid values:'."\n" - ."\n" - .'` Valid characters: 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ! \\"#$%&\'()*+,-. /:;<=>? @[\\] your_project_id} ~ `.'."\n" - ."\n" - .'This parameter is empty by default.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'ABCabc', - ], - ], - [ - 'name' => 'ExcludeLowercase', - 'in' => 'query', - 'schema' => [ - 'description' => 'Specifies whether to exclude lowercase letters.'."\n" - ."\n" - .'Valid values:'."\n" - ."\n" - .'* true'."\n" - .'* false'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'false', - 'default' => 'false', - 'enum' => [ - 'false', - 'true', - ], - ], - ], - [ - 'name' => 'ExcludeUppercase', - 'in' => 'query', - 'schema' => [ - 'description' => 'Specifies whether to exclude uppercase letters.'."\n" - ."\n" - .'Valid values:'."\n" - ."\n" - .'* true'."\n" - .'* false'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'false', - 'default' => 'false', - 'enum' => [ - 'false', - 'true', - ], - ], - ], - [ - 'name' => 'ExcludeNumbers', + 'name' => 'PageNumber', 'in' => 'query', - 'schema' => [ - 'description' => 'Specifies whether to exclude digits.'."\n" - ."\n" - .'Valid values:'."\n" - ."\n" - .'* true'."\n" - .'* false'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'false', - 'default' => 'false', - 'enum' => [ - 'false', - 'true', - ], - ], + 'schema' => ['description' => 'The page number.<br> Valid values: greater than 0.<br> Default value: 1.<br><br>', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', 'title' => ''], ], [ - 'name' => 'ExcludePunctuation', + 'name' => 'PageSize', 'in' => 'query', - 'schema' => [ - 'description' => 'Specifies whether to exclude special characters.'."\n" - ."\n" - .'Valid values:'."\n" - ."\n" - .'* true'."\n" - .'* false'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'false', - 'default' => 'false', - 'enum' => [ - 'false', - 'true', - ], - ], + 'schema' => ['description' => 'The number of entries to return on each page.<br> Valid values: 1 to 100.<br> Default value: 10.<br><br>', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''], ], [ - 'name' => 'RequireEachIncludedType', + 'name' => 'Filters', 'in' => 'query', - 'schema' => [ - 'description' => 'Specifies whether to include all the preceding character types.'."\n" - ."\n" - .'Valid values:'."\n" - ."\n" - .'* true'."\n" - .'* false'."\n", - 'type' => 'string', - 'required' => false, - 'docRequired' => false, - 'example' => 'true', - 'default' => 'true', - 'enum' => [ - 'false', - 'true', - ], - ], + 'schema' => ['description' => 'A filter for master keys. The filter consists of 0 to 10 key-value pairs.'."\n" + ."\n" + .'- Key'."\n" + ."\n" + .' - Description: The property to filter.'."\n" + ."\n" + .' - Type: String.'."\n" + ."\n" + .'- Values'."\n" + ."\n" + .' - Description: The value to be included after filtering.'."\n" + ."\n" + .' - Type: String array.'."\n" + ."\n" + .' - Length: 0 to 10.'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'- If \\`Key\\` is set to \\`KeyState\\`, it specifies the key status. Valid values for \\`Value\\` are \\`Enabled\\`, \\`Disabled\\`, \\`PendingDeletion\\`, and \\`PendingImport\\`.'."\n" + ."\n" + .'- If \\`Key\\` is set to \\`KeySpec\\`, it specifies the key type. Valid values for \\`Value\\` are \\`Aliyun\\_AES\\_256\\`, \\`Aliyun\\_SM4\\`, \\`RSA\\_2048\\`, \\`EC\\_P256\\`, \\`EC\\_P256K\\`, \\`EC\\_SM2\\`, and \\`Aliyun\\_SM4\\`.<br> Note: You can create keys of the \\`EC\\_SM2\\` and \\`Aliyun\\_SM4\\` types only in regions that support managed HSMs and have passed the compliance assessment of the Office of State Commercial Cryptography Administration (OSCCA). For more information about the supported regions, see [Supported regions](~~125803~~). If you specify \\`EC\\_SM2\\` or \\`Aliyun\\_SM4\\` in a region that does not support these key types, the parameters are ignored.<br>'."\n" + ."\n" + .'- If \\`Key\\` is set to \\`KeyUsage\\`, it specifies the key usage. Valid values for \\`Value\\` are \\`ENCRYPT/DECRYPT\\` (for data encryption and decryption) and \\`SIGN/VERIFY\\` (for generating and verifying digital signatures).'."\n" + ."\n" + .'- If \\`Key\\` is set to \\`ProtectionLevel\\`, it specifies the protection level of the key. Valid values for \\`Value\\` are \\`SOFTWARE\\` and \\`HSM\\`.<br> Note: The HSM protection level is supported only in specific regions. For more information about the supported regions, see [Supported regions](~~125803~~). If you specify \\`HSM\\` in a region that does not support it, the parameter is ignored.<br>'."\n" + ."\n" + .'- If \\`Key\\` is set to \\`CreatorType\\`, it specifies the creator type. Valid values for \\`Value\\` are \\`User\\` (returns master keys created by users) and \\`Service\\` (returns master keys that are automatically created by other Alibaba Cloud services based on your authorization).'."\n" + ."\n" + .'- If \\`Key\\` is set to \\`DKMSInstanceId\\`, it specifies the ID of the KMS instance. Set \\`Value\\` as needed.'."\n" + ."\n" + .'- If \\`Key\\` is set to \\`keyId\\`, it specifies the key ID. Set \\`Value\\` as needed.'."\n" + ."\n" + .'- If \\`Key\\` is set to \\`AliasName\\`, it specifies the key alias. Set \\`Value\\` as needed.'."\n" + ."\n" + .'- If \\`Key\\` is set to \\`Creator\\`, it specifies the key creator. Set \\`Value\\` as needed.'."\n" + ."\n" + .'- If \\`Key\\` is set to \\`TagKey\\`, it specifies the key of a key tag. Set \\`Value\\` as needed.'."\n" + ."\n" + .'- If \\`Key\\` is set to \\`TagValue\\`, it specifies the value of a key tag. Set \\`Value\\` as needed.'."\n" + ."\n" + .'The logical relationship between different keys in \\`Filters\\` is \\`AND\\`. The logical relationship between multiple values for the same key is \\`OR\\`. For example, if you enter `[ {"Key":"KeyState", "Values":["Enabled","Disabled"]}, {"Key":"KeyState", "Values":["PendingDeletion"]}, {"Key":"KeySpec", "Values":["Aliyun_AES_256"]} ]`, the semantics are: `(KeyState=Enabled OR KeyState=Disabled OR KeyState=PendingDeletion) AND (KeySpec=Aliyun_AES_256)`.', 'type' => 'string', 'required' => false, 'docRequired' => false, 'example' => '[{"Key":"KeyState", "Values":["Enabled","Disabled"]}]', 'title' => ''], ], ], 'responses' => [ @@ -7691,253 +5447,167 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RandomPassword' => [ - 'description' => 'The generated random password.'."\n", - 'type' => 'string', - 'example' => 'IxGn>NMmNB(y?iZ<Yc,_H/{2GC\'U****', - ], - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => '6b0cbe25-5e33-467e-972e-7a83c6c97604', + 'PageNumber' => ['description' => 'The page number.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], + 'PageSize' => ['description' => 'The number of entries returned per page.', 'type' => 'integer', 'format' => 'int32', 'example' => '10', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request. It is a globally unique identifier (GUID) generated by Alibaba Cloud. You can use the request ID to troubleshoot issues.', 'type' => 'string', 'example' => '8252db58-2036-408c-a3d5-56e656dc2551', 'title' => ''], + 'TotalCount' => ['description' => 'The total number of master keys.', 'type' => 'integer', 'format' => 'int32', 'example' => '3', 'title' => ''], + 'Keys' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'Key' => [ + 'description' => 'The master keys.', + 'type' => 'array', + 'items' => [ + 'description' => 'The master key.', + 'type' => 'object', + 'properties' => [ + 'KeyId' => ['description' => 'The globally unique identifier of the master key.', 'type' => 'string', 'example' => '08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****', 'title' => ''], + 'KeyArn' => ['description' => 'The Alibaba Cloud Resource Name (ARN) of the master key.', 'type' => 'string', 'example' => 'acs:kms:cn-hangzhou:123456:key/80e9409f-78fa-42ab-84bd-83f40c81****', 'title' => ''], + ], + 'title' => '', + 'example' => '', + ], + 'title' => '', + 'example' => '', + ], + ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], - 'errorCodes' => [ - 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'some of the specified parameters "\\" is not valid', - ], - ], - 500 => [ - [ - 'errorCode' => 'InternalFailure', - 'errorMessage' => 'Internal Failure', - ], - ], - ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RandomPassword\\": \\"IxGn>NMmNB(y?iZ<Yc,_H/{2GC\'U****\\",\\n \\"RequestId\\": \\"6b0cbe25-5e33-467e-972e-7a83c6c97604\\"\\n}","errorExample":""},{"type":"xml","example":"<RequestId>6b0cbe25-5e33-467e-972e-7a83c6c97604</RequestId>\\n<RandomPassword>IxGn>NMmNB(y?iZ<Yc,_H/{2GC\'U****</RandomPassword>","errorExample":""}]', - 'title' => 'GetRandomPassword', - 'summary' => 'Obtains a random password string.', + 'title' => 'ListKeys', + 'summary' => 'Queries the IDs and ARNs of all CMKs in the current region.', + 'description' => 'For more information about the access policy required by a RAM user or RAM role to call this API, see [Resource Access Management](~~2767210~~).', 'requestParamsDescription' => ' ', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'PutSecretValue' => [ - 'methods' => [ - 'post', - 'get', + 'changeSet' => [ + ['createdAt' => '2025-08-21T07:38:13.000Z', 'description' => 'Response parameters changed'], ], - 'schemes' => [ - 'https', + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"RequestId\\": \\"8252db58-2036-408c-a3d5-56e656dc2551\\",\\n \\"TotalCount\\": 3,\\n \\"Keys\\": {\\n \\"Key\\": [\\n {\\n \\"KeyId\\": \\"08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****\\",\\n \\"KeyArn\\": \\"acs:kms:cn-hangzhou:123456:key/80e9409f-78fa-42ab-84bd-83f40c81****\\"\\n }\\n ]\\n }\\n}","type":"json"}]', + ], + 'ListKmsInstances' => [ + 'methods' => ['get', 'post'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'write', + 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'update', - 'abilityTreeCode' => '54597', - 'abilityTreeNodes' => [ - 'FEATUREkms52EQP9', - ], - 'tenantRelevance' => 'tenant', + 'operationType' => 'list', + 'abilityTreeCode' => '191383', + 'abilityTreeNodes' => ['FEATUREkms586TOR'], + 'tenantRelevance' => 'publicInformation', ], 'parameters' => [ [ - 'name' => 'VersionId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The new version of the secret value. Version numbers must be unique in each secret.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '00000000000000000000000000000000203', - ], - ], - [ - 'name' => 'SecretName', - 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'secret001', - ], - ], - [ - 'name' => 'SecretData', + 'name' => 'PageNumber', 'in' => 'query', - 'schema' => [ - 'description' => 'The secret value. The value is encrypted and then stored in the new version.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'importantdata', - ], + 'schema' => ['description' => 'The number of the page to return. The default value is 1.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', 'title' => ''], ], [ - 'name' => 'SecretDataType', - 'in' => 'query', - 'schema' => [ - 'description' => 'The type of the secret value. Valid values:'."\n" - ."\n" - .'* text: This is the default value.'."\n" - .'* binary'."\n", - 'type' => 'string', - 'required' => false, - 'docRequired' => false, - 'example' => 'text', - 'default' => 'text', - 'enum' => [ - 'text', - 'binary', - ], - ], - ], - [ - 'name' => 'VersionStages', + 'name' => 'PageSize', 'in' => 'query', - 'schema' => [ - 'description' => 'The stage labels that are used to mark the new version. If you do not specify this parameter, Secrets Manager marks the new version with ACSCurrent.'."\n", - 'type' => 'string', - 'required' => false, - 'docRequired' => false, - 'example' => '["ACSCurrent","ACSNext"]', - ], + 'schema' => ['description' => 'The number of entries to return on each page. Valid values: 1 to 100. Default value: 20.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ + 'title' => 'Schema of Response', + 'description' => 'Schema of Response', 'type' => 'object', 'properties' => [ - 'SecretName' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'example' => 'secret001', - ], - 'VersionId' => [ - 'description' => 'The new version of the secret value.'."\n", - 'type' => 'string', - 'example' => '00000000000000000000000000000000203', - ], - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => 'f94ec9d3-2d10-4922-9a5c-5dcd5ebcb5e8', - ], - 'VersionStages' => [ + 'RequestId' => ['title' => 'Id of the request', 'description' => 'The request ID.', 'type' => 'string', 'example' => 'd3eca5c8-a856-4347-8eb6-e1898c3fda2e'], + 'KmsInstances' => [ 'type' => 'object', 'itemNode' => true, 'properties' => [ - 'VersionStage' => [ - 'description' => 'The stage labels that are used to mark the new version.'."\n", + 'KmsInstance' => [ + 'itemNode' => true, + 'description' => 'A list of KMS instances.', + 'title' => '', 'type' => 'array', 'items' => [ - 'description' => '', - 'type' => 'string', - 'example' => '{ "VersionStage": [ "ACSCurrent", "ACSNext" ] }', + 'description' => 'A list of KMS instances.', + 'type' => 'object', + 'properties' => [ + 'KmsInstanceArn' => ['description' => 'The ARN of the KMS instance.', 'type' => 'string', 'example' => 'acs:kms:pre-hangzhou:120708975881****:keystore/kst-phzz64c9f84eo32dbs****', 'title' => ''], + 'KmsInstanceId' => ['description' => 'The ID of the KMS instance.', 'type' => 'string', 'example' => 'kst-phzz64c9f84eo32dbs****', 'title' => ''], + ], + 'title' => '', + 'example' => '', ], + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], + 'TotalCount' => ['description' => 'The total number of KMS instances.', 'type' => 'integer', 'format' => 'int64', 'example' => '1', 'title' => ''], + 'PageNumber' => ['description' => 'The page number of the returned page.', 'type' => 'integer', 'format' => 'int64', 'example' => '1', 'title' => ''], + 'PageSize' => ['description' => 'The number of KMS instances returned per page.', 'type' => 'integer', 'format' => 'int64', 'example' => '10', 'title' => ''], ], + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'some of the specified parameters "\\" is not valid', - ], - [ - 'errorCode' => 'Rejected.LimitExceeded', - 'errorMessage' => 'exceed secret limits error', - ], - ], - 403 => [ - [ - 'errorCode' => 'Forbidden.NoPermission', - 'errorMessage' => 'This operation is forbidden by permission system', - ], - ], - [ - [ - 'errorCode' => 'Forbidden.ResourceNotFound', - 'errorMessage' => 'Resource not found', - ], - ], - 409 => [ - [ - 'errorCode' => 'Rejected.ResourceExist', - 'errorMessage' => 'The request was rejected becasue key already exsit', - ], + ['errorCode' => 'IllegalTimestamp', 'errorMessage' => 'The input parameter Timestamp that is mandatory for processing this request is not supplied.', 'description' => 'The input parameter timestamp indicates that the request is outside the processing time range.'], ], - 500 => [ - [ - 'errorCode' => 'InternalFailure', - 'errorMessage' => 'Internal Failure', - ], - ], - ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretName\\": \\"secret001\\",\\n \\"VersionId\\": \\"v3\\",\\n \\"RequestId\\": \\"f94ec9d3-2d10-4922-9a5c-5dcd5ebcb5e8\\",\\n \\"VersionStages\\": {\\n \\"VersionStage\\": [\\n \\"{ \\\\\\"VersionStage\\\\\\": [ \\\\\\"ACSCurrent\\\\\\", \\\\\\"ACSNext\\\\\\" ] }\\"\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<PutSecretValueResponse>\\n <SecretName>secret001</SecretName>\\n <VersionId>v3</VersionId>\\n <RequestId>f94ec9d3-2d10-4922-9a5c-5dcd5ebcb5e8</RequestId>\\n <VersionStages>{ \\"VersionStage\\": [ \\"ACSCurrent\\", \\"ACSNext\\" ] }</VersionStages>\\n</PutSecretValueResponse>","errorExample":""}]', - 'title' => 'PutSecretValue', - 'summary' => 'Stores the secret value of a new version into a secret.', - 'description' => 'This operation is used to store the secret values of new versions. It cannot be used to modify the secret value of an existing version.'."\n" - ."\n" - .'By default, the newly stored secret value is marked with ACSCurrent, and the mark for the previous version of the secret value is changed from ACSCurrent to ACSPrevious. If you specify the VersionStage parameter, the newly stored secret value is marked with the stage label that you specify.'."\n" - ."\n" - .'You must specify a version number when you call the operation. Secrets Manager performs operations based on the following rules:'."\n" - ."\n" - .'* If the specified version number does not exist in the secret, Secrets Manager creates the version and stores the secret value.'."\n" - .'* If the specified version number already exists in the secret and the secret value of the existing version is the same as the secret value that you specify, Secrets Manager ignores the request and returns a success message. The request is idempotent.'."\n" - .'* If the specified version number already exists in the secret but the secret value of the existing version is different from the secret value that you specify, Secrets Manager rejects the request and returns a failure message.'."\n" - ."\n" - .'Limits: This operation is available only for standard secrets.'."\n" - ."\n" - .'In this example, the secret value of a new version is stored into the `secret001` secret. The `VersionId` parameter is set to `00000000000000000000000000000000203` as the new version, and the `SecretData` parameter is set to `importantdata`.'."\n", - 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', - ], - 'RestoreSecret' => [ - 'methods' => [ - 'post', - 'get', ], - 'schemes' => [ - 'https', + 'staticInfo' => ['returnType' => 'synchronous'], + 'title' => 'ListKmsInstances', + 'summary' => 'Queries all KMS instances in the current region.', + 'description' => 'For more information about the access policy required for a RAM user or RAM role to call this operation, see [Resource Access Management](~~2767210~~).', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"d3eca5c8-a856-4347-8eb6-e1898c3fda2e\\",\\n \\"KmsInstances\\": {\\n \\"KmsInstance\\": [\\n {\\n \\"KmsInstanceArn\\": \\"acs:kms:pre-hangzhou:120708975881****:keystore/kst-phzz64c9f84eo32dbs****\\",\\n \\"KmsInstanceId\\": \\"kst-phzz64c9f84eo32dbs****\\"\\n }\\n ]\\n },\\n \\"TotalCount\\": 1,\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10\\n}","type":"json"}]', + ], + 'ListNetworkRules' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'write', + 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'update', + 'operationType' => 'list', + 'abilityTreeCode' => '54654', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], + 'tenantRelevance' => 'publicInformation', ], 'parameters' => [ [ - 'name' => 'SecretName', + 'name' => 'PageNumber', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the secret you want to restore.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'secret001', - ], + 'schema' => ['description' => 'The page number. Default value: 1.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', 'title' => ''], + ], + [ + 'name' => 'PageSize', + 'in' => 'query', + 'schema' => ['description' => 'The number of entries per page. Valid values: 1 to 100. Default value: 20.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''], ], ], 'responses' => [ @@ -7945,102 +5615,85 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'SecretName' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'example' => 'secret001', - ], - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => 'e4885adf-548f-4ca5-8075-f540bbd3a55f', + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '3bf02f7a-015b-4f34-be0f-cc043fda2d33', 'title' => ''], + 'PageNumber' => ['description' => 'The page number.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], + 'PageSize' => ['description' => 'The number of entries per page.', 'type' => 'integer', 'format' => 'int32', 'example' => '10', 'title' => ''], + 'TotalCount' => ['description' => 'The total number of entries returned.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], + 'NetworkRules' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'NetworkRule' => [ + 'description' => 'A list of access control rules.', + 'type' => 'array', + 'items' => [ + 'description' => 'A list of access control rules.', + 'type' => 'object', + 'properties' => [ + 'Type' => ['description' => 'The network type. The value is fixed as Private. Self-managed applications can access KMS instances only over a private virtual private cloud (VPC).', 'type' => 'string', 'example' => 'Private', 'title' => ''], + 'Name' => ['description' => 'The name of the access control rule.', 'type' => 'string', 'example' => 'networkrule_test', 'title' => ''], + ], + 'title' => '', + 'example' => '', + ], + 'title' => '', + 'example' => '', + ], + ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'some of the specified parameters "\\" is not valid', - ], - ], - 403 => [ - [ - 'errorCode' => 'Forbidden.NoPermission', - 'errorMessage' => 'This operation is forbidden by permission system', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is invalid.', 'description' => 'An invalid value is specified for the parameter.'], ], - [ - [ - 'errorCode' => 'Forbidden.ResourceNotFound', - 'errorMessage' => 'Resource not found', - ], - ], - 409 => [ - [ - 'errorCode' => 'Rejected.ResourceInUse', - 'errorMessage' => 'restore normal secret', - ], - ], - 500 => [ - [ - 'errorCode' => 'InternalFailure', - 'errorMessage' => 'Internal Failure', - ], + 404 => [ + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretName\\": \\"secret001\\",\\n \\"RequestId\\": \\"e4885adf-548f-4ca5-8075-f540bbd3a55f\\"\\n}","errorExample":""},{"type":"xml","example":"<RestoreSecretResponse>\\n <SecretName>secret001</SecretName>\\n <RequestId>e4885adf-548f-4ca5-8075-f540bbd3a55f</RequestId>\\n</RestoreSecretResponse>","errorExample":""}]', - 'title' => 'RestoreSecret', - 'summary' => 'Restores a deleted secret.', - 'description' => 'You can only use this operation to restore a deleted secret that is within its recovery period. If you set **ForceDeleteWithoutRecovery** to **true** when you delete the secret, you cannot restore it.'."\n", - 'requestParamsDescription' => ' ', - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', - ], - 'RotateSecret' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'title' => 'ListNetworkRules', + 'summary' => 'Queries all network access rules in the current region.', + 'description' => 'For more information about the access policy required by a RAM user or RAM role to call this API, see [Resource Access Management](~~2767210~~).', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"3bf02f7a-015b-4f34-be0f-cc043fda2d33\\",\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 1,\\n \\"NetworkRules\\": {\\n \\"NetworkRule\\": [\\n {\\n \\"Type\\": \\"Private\\",\\n \\"Name\\": \\"networkrule_test\\"\\n }\\n ]\\n }\\n}","type":"json"}]', + ], + 'ListPolicies' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'readAndWrite', + 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'update', + 'operationType' => 'list', + 'abilityTreeCode' => '54648', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], + 'tenantRelevance' => 'publicInformation', ], 'parameters' => [ [ - 'name' => 'SecretName', + 'name' => 'PageNumber', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'RdsSecret/Mysql5.4/MyCred', - ], + 'schema' => ['description' => 'The page number. Default value: 1.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', 'title' => ''], ], [ - 'name' => 'VersionId', + 'name' => 'PageSize', 'in' => 'query', - 'schema' => [ - 'description' => 'The version number of the secret after the secret is rotated.'."\n" - ."\n" - .'> The version number is used to ensure the idempotence of the request. Secrets Manager uses this version number to prevent your application from creating the same version of the secret when the application retries a request. If a version number already exists, Secrets Manager ignores the request for rotation and returns a success message.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '000000123', - ], + 'schema' => ['description' => 'The number of entries per page. Valid values: 1 to 100. Default value: 20.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''], ], ], 'responses' => [ @@ -8048,411 +5701,332 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'VersionId' => [ - 'description' => 'The version number of the secret after the secret is rotated.'."\n", - 'type' => 'string', - 'example' => '000000123', - ], - 'SecretName' => [ - 'description' => 'The name of the secret.'."\n", - 'type' => 'string', - 'example' => 'RdsSecret/Mysql5.4/MyCred', - ], - 'RequestId' => [ - 'description' => 'The ID of the request.'."\n", - 'type' => 'string', - 'example' => '10257c86-269d-43aa-aaf3-90ed4144bb7c', - ], - 'Arn' => [ - 'description' => 'The Alibaba Cloud Resource Name (ARN) of the secret.'."\n", - 'type' => 'string', - 'example' => 'acs:kms:cn-hangzhou:154035569884****:secret/RdsSecret/Mysql5.4/MyCred', + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'b66ad557-9c00-4064-9c8d-b621c3263308', 'title' => ''], + 'PageNumber' => ['description' => 'The page number.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], + 'PageSize' => ['description' => 'The number of entries per page.', 'type' => 'integer', 'format' => 'int32', 'example' => '10', 'title' => ''], + 'TotalCount' => ['description' => 'The total number of entries returned.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], + 'Policies' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'Policy' => [ + 'description' => 'A list of permission policies.', + 'type' => 'array', + 'items' => [ + 'description' => 'A list of permission policies.', + 'type' => 'object', + 'properties' => [ + 'Name' => ['description' => 'The name of the permission policy.', 'type' => 'string', 'example' => 'policy_test', 'title' => ''], + ], + 'title' => '', + 'example' => '', + ], + 'title' => '', + 'example' => '', + ], + ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"VersionId\\": \\"000000123\\",\\n \\"SecretName\\": \\"RdsSecret/Mysql5.4/MyCred\\",\\n \\"RequestId\\": \\"10257c86-269d-43aa-aaf3-90ed4144bb7c\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:154035569884****:secret/RdsSecret/Mysql5.4/MyCred\\"\\n}","errorExample":""},{"type":"xml","example":"<RotateSecretResponse>\\n <VersionId>000000123</VersionId>\\n <SecretName>RdsSecret/Mysql5.4/MyCred</SecretName>\\n <RequestId>10257c86-269d-43aa-aaf3-90ed4144bb7c</RequestId>\\n <Arn>acs:kms:cn-hangzhou:154035569884****:secret/RdsSecret/Mysql5.4/MyCred</Arn>\\n</RotateSecretResponse>","errorExample":""}]', - 'title' => 'RotateSecret', - 'summary' => 'Manually rotates a secret.', - 'description' => 'Limits:'."\n" - ."\n" - .'• A secret of each Alibaba Cloud account can be rotated for a maximum of 50 times per hour.'."\n" - ."\n" - .'• The RotateSecret operation is unavailable for standard secrets.'."\n" - ."\n" - .'In this example, the `RdsSecret/Mysql5.4/MyCred` secret is manually rotated, and the version number of the secret is set to `000000123` after the secret is rotated.'."\n", - 'requestParamsDescription' => ' ', - 'extraInfo' => ' ', - ], - 'SetSecretPolicy' => [ - 'summary' => 'Configures a policy for a secret in a Key Management Service (KMS) instance.', - 'methods' => [ - 'post', - ], - 'schemes' => [ - 'https', + 'title' => 'ListPolicies', + 'summary' => 'Queries all permission policies in the current region.', + 'description' => 'For more information about the access policy required by a RAM user or RAM role to call this API, see [Resource Access Management](~~2767210~~).', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"b66ad557-9c00-4064-9c8d-b621c3263308\\",\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 1,\\n \\"Policies\\": {\\n \\"Policy\\": [\\n {\\n \\"Name\\": \\"policy_test\\"\\n }\\n ]\\n }\\n}","type":"json"}]', + ], + 'ListResourceTags' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'write', + 'operationType' => 'read', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'update', - 'abilityTreeCode' => '206088', - 'abilityTreeNodes' => [ - 'FEATUREkms52EQP9', - ], - ], + 'systemTags' => ['operationType' => 'get'], 'parameters' => [ [ - 'name' => 'SecretName', - 'in' => 'query', - 'schema' => [ - 'title' => '', - 'description' => '', - 'type' => 'string', - 'required' => true, - 'example' => 'secret_test', - ], - ], - [ - 'name' => 'PolicyName', - 'in' => 'query', - 'schema' => [ - 'description' => '', - 'type' => 'string', - 'required' => false, - 'example' => 'default', - ], - ], - [ - 'name' => 'Policy', + 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => '', - 'type' => 'string', - 'required' => true, - 'example' => '{"Version":"1","Statement": [{"Sid":"kms default secret policy","Effect":"Allow","Principal":{"RAM": ["acs:ram::119285303511****:*"]},"Action":["kms:*"],"Resource": ["*"] }] }', - ], + 'schema' => ['description' => 'The globally unique ID of the CMK.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '1234abcd-12ab-34cd-56ef-12345678****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ - 'title' => '', - 'description' => '', 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'title' => '', - 'description' => '', - 'type' => 'string', - 'example' => '381D5D33-BB8F-395F-8EE4-AE3BB4B523C8', + 'RequestId' => ['description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", 'type' => 'string', 'example' => '4162a6af-bc99-40b3-a552-89dcc8aaf7c8', 'title' => ''], + 'Tags' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'Tag' => [ + 'description' => 'The tags of the CMK.'."\n", + 'title' => '', + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'KeyId' => ['description' => 'The globally unique ID of the CMK.'."\n", 'type' => 'string', 'example' => '33caea95-c3e5-4b3e-a9c6-cec76e4e****', 'title' => ''], + 'TagValue' => ['description' => 'The tag value.'."\n", 'type' => 'string', 'example' => 'Test', 'title' => ''], + 'TagKey' => ['description' => 'The tag key.'."\n", 'type' => 'string', 'example' => 'Project', 'title' => ''], + ], + 'description' => '', + 'title' => '', + ], + ], + ], ], ], + 'description' => '', + 'title' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'MissingParameter', - 'errorMessage' => 'The parameter needed but no provided.', - ], - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], - [ - 'errorCode' => 'Forbidden.NoPermission', - 'errorMessage' => 'This operation is forbidden by permission system.', - ], - [ - 'errorCode' => 'Forbidden.KeyPolicyUnSupported', - 'errorMessage' => 'The specified key does not support key policy.', - ], - [ - 'errorCode' => 'Rejected.ShareQuotaExceedLimit', - 'errorMessage' => 'Instance Share Quota Exceed Limit.', - ], - ], - 403 => [ - [ - 'errorCode' => 'Forbidden.DKMSInstanceStateInvalid', - 'errorMessage' => 'The DKMS instance state is invalid.', - ], - ], - [ - [ - 'errorCode' => 'Forbidden.ResourceNotFound', - 'errorMessage' => 'Resource not found.', - ], - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], - 503 => [ - [ - 'errorCode' => 'SerivceUnvailableTemporary', - 'errorMessage' => 'Service Unvailable Temporary', - ], + 404 => [ + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'staticInfo' => [ - 'returnType' => 'synchronous', + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"4162a6af-bc99-40b3-a552-89dcc8aaf7c8\\",\\n \\"Tags\\": {\\n \\"Tag\\": [\\n {\\n \\"KeyId\\": \\"33caea95-c3e5-4b3e-a9c6-cec76e4e****\\",\\n \\"TagValue\\": \\"Test\\",\\n \\"TagKey\\": \\"Project\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListResourceTagsResponse>\\n <RequestId>4162a6af-bc99-40b3-a552-89dcc8aaf7c8</RequestId>\\n <Tags>\\n <KeyId>33caea95-c3e5-4b3e-a9c6-cec76e4e****</KeyId>\\n <TagValue>Test</TagValue>\\n <TagKey>Project</TagKey>\\n </Tags>\\n</ListResourceTagsResponse>","errorExample":""}]', + 'title' => 'ListResourceTags', + 'summary' => 'Queries the tags of a customer master key (CMK).', + 'description' => 'Request format: KeyId="string"'."\n", + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [ + ['createdAt' => '2022-09-22T11:56:41.000Z', 'description' => 'Error codes changed'], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"381D5D33-BB8F-395F-8EE4-AE3BB4B523C8\\"\\n}","errorExample":""},{"type":"xml","example":"<SetSecretPolicyResponse>\\n <RequestId>381D5D33-BB8F-395F-8EE4-AE3BB4B523C8</RequestId>\\n</SetSecretPolicyResponse>","errorExample":""}]', - 'title' => 'SetSecretPolicy', ], - 'GetSecretPolicy' => [ - 'summary' => '仅可查询名称为 default 的 Secret Policy,否则提示 Not Found。', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'ListSecretVersionIds' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'readAndWrite', + 'operationType' => 'read', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'get', - 'abilityTreeCode' => '206109', - 'abilityTreeNodes' => [ - 'FEATUREkms52EQP9', - ], - ], + 'systemTags' => ['operationType' => 'get'], 'parameters' => [ [ 'name' => 'SecretName', 'in' => 'query', - 'schema' => [ - 'description' => '', - 'type' => 'string', - 'required' => true, - 'example' => 'secret_test', - ], + 'schema' => ['description' => 'The name or Alibaba Cloud Resource Name (ARN) of the credential.'."\n" + ."\n" + .'> When you access a credential that belongs to another Alibaba Cloud account, you must specify the ARN of the credential. The ARN of a credential is in the format of `acs:kms:${region}:${account}:secret/${secret-name}`.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'secret001', 'title' => ''], ], [ - 'name' => 'PolicyName', + 'name' => 'IncludeDeprecated', 'in' => 'query', - 'schema' => [ - 'description' => '', - 'type' => 'string', - 'required' => false, - 'example' => 'default', - ], + 'schema' => ['description' => 'Specifies whether to include credential versions that have no version stages in the response.'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'- false (default): No'."\n" + ."\n" + .'- true: Yes', 'type' => 'string', 'required' => false, 'docRequired' => false, 'example' => 'false', 'title' => ''], + ], + [ + 'name' => 'PageNumber', + 'in' => 'query', + 'schema' => ['description' => 'The number of the page to return for a paged query. Default value: 1.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'docRequired' => false, 'example' => '1', 'title' => ''], + ], + [ + 'name' => 'PageSize', + 'in' => 'query', + 'schema' => ['description' => 'The number of entries to return on each page for a paged query. Default value: 20.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'docRequired' => false, 'example' => '10', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ - 'title' => '', - 'description' => '', 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'title' => '', - 'description' => '', - 'type' => 'string', - 'example' => '381D5D33-BB8F-395F-8EE4-AE3BB4B523C8', - ], - 'Policy' => [ + 'SecretName' => ['description' => 'The name of the credential.', 'type' => 'string', 'example' => 'secret001', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request, which is a unique identifier generated by Alibaba Cloud. You can use this ID to troubleshoot issues.', 'type' => 'string', 'example' => '5b75d8b1-5b6a-4ec0-8e0c-c08befdfad47', 'title' => ''], + 'PageSize' => ['description' => 'The number of entries returned on each page.', 'type' => 'integer', 'format' => 'int32', 'example' => '10', 'title' => ''], + 'PageNumber' => ['description' => 'The page number of the returned page.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], + 'TotalCount' => ['description' => 'The total number of entries.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], + 'VersionIds' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'VersionId' => [ + 'itemNode' => true, + 'description' => 'A list of version information of the credential.', + 'title' => '', + 'type' => 'array', + 'items' => [ + 'description' => 'A list of version information of the credential.', + 'type' => 'object', + 'properties' => [ + 'VersionId' => ['description' => 'The version number.', 'type' => 'string', 'example' => 'v1', 'title' => ''], + 'CreateTime' => ['description' => 'The time when the version was created.', 'type' => 'string', 'example' => '2024-02-21T15:39:26Z', 'title' => ''], + 'VersionStages' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'VersionStage' => [ + 'description' => 'The stage labels of the version.', + 'title' => '', + 'type' => 'array', + 'items' => ['description' => 'The stage labels of the version.', 'type' => 'string', 'example' => '{"VersionStage": ["ACSCurrent","uStage1"]}', 'title' => ''], + 'example' => '', + ], + ], + 'description' => '', + 'title' => '', + 'example' => '', + ], + ], + 'title' => '', + 'example' => '', + ], + 'example' => '', + ], + ], 'description' => '', - 'type' => 'string', - 'example' => '{"Version":"1","Statement": [{"Sid":"kms default secret policy","Effect":"Allow","Principal":{"RAM": ["acs:ram::119285303511****:*"]},"Action":["kms:*"],"Resource": ["*"] }] }', + 'title' => '', + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], - [ - 'errorCode' => 'MissingParameter', - 'errorMessage' => 'The parameter needed but no provided.', - ], - [ - 'errorCode' => 'Forbidden.NoPermission', - 'errorMessage' => 'This operation is forbidden by permission system.', - ], - [ - 'errorCode' => 'Forbidden.KeyPolicyUnSupported', - 'errorMessage' => 'The specified key does not support key policy.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'some of the specified parameters "\\" is not valid', 'description' => ''], ], 403 => [ - [ - 'errorCode' => 'Forbidden.DKMSInstanceStateInvalid', - 'errorMessage' => 'The DKMS instance state is invalid.', - ], + ['errorCode' => 'Forbidden.NoPermission', 'errorMessage' => 'This operation is forbidden by permission system', 'description' => ''], ], [ - [ - 'errorCode' => 'Forbidden.ResourceNotFound', - 'errorMessage' => 'Resource not found.', - ], - [ - 'errorCode' => 'Forbidden.KeyNotFound', - 'errorMessage' => 'The specified Key is not found.', - ], + ['errorCode' => 'Forbidden.ResourceNotFound', 'errorMessage' => 'Resource not found', 'description' => ''], ], - 503 => [ - [ - 'errorCode' => 'SerivceUnvailableTemporary', - 'errorMessage' => 'Service Unvailable Temporary', - ], + 500 => [ + ['errorCode' => 'InternalFailure', 'errorMessage' => 'Internal Failure', 'description' => ''], ], ], - 'staticInfo' => [ - 'returnType' => 'synchronous', + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"SecretName\\": \\"secret001\\",\\n \\"RequestId\\": \\"5b75d8b1-5b6a-4ec0-8e0c-c08befdfad47\\",\\n \\"PageSize\\": 10,\\n \\"PageNumber\\": 1,\\n \\"TotalCount\\": 1,\\n \\"VersionIds\\": {\\n \\"VersionId\\": [\\n {\\n \\"VersionId\\": \\"v1\\",\\n \\"CreateTime\\": \\"2024-02-21T15:39:26Z\\",\\n \\"VersionStages\\": {\\n \\"VersionStage\\": [\\n \\"{\\\\\\"VersionStage\\\\\\": [\\\\\\"ACSCurrent\\\\\\",\\\\\\"uStage1\\\\\\"]}\\"\\n ]\\n }\\n }\\n ]\\n }\\n}","type":"json"}]', + 'title' => 'ListSecretVersionIds', + 'summary' => 'Queries all version IDs and stage labels of a specified secret.', + 'description' => '- For more information about the access policy required for a RAM user or RAM role to call this OpenAPI, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- The version information does not include the secret value. By default, this operation returns only the secret versions that are marked with a version stage.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"381D5D33-BB8F-395F-8EE4-AE3BB4B523C8\\",\\n \\"Policy\\": \\"{\\\\\\"Version\\\\\\":\\\\\\"1\\\\\\",\\\\\\"Statement\\\\\\": [{\\\\\\"Sid\\\\\\":\\\\\\"kms default secret policy\\\\\\",\\\\\\"Effect\\\\\\":\\\\\\"Allow\\\\\\",\\\\\\"Principal\\\\\\":{\\\\\\"RAM\\\\\\": [\\\\\\"acs:ram::119285303511****:*\\\\\\"]},\\\\\\"Action\\\\\\":[\\\\\\"kms:*\\\\\\"],\\\\\\"Resource\\\\\\": [\\\\\\"*\\\\\\"] }] }\\"\\n}","errorExample":""},{"type":"xml","example":"<GetSecretPolicyResponse>\\n <RequestId>381D5D33-BB8F-395F-8EE4-AE3BB4B523C8</RequestId>\\n <Policy>{\\"Version\\":\\"1\\",\\"Statement\\": [{\\"Sid\\":\\"kms default secret policy\\",\\"Effect\\":\\"Allow\\",\\"Principal\\":{\\"RAM\\": [\\"acs:ram::119285303511****:*\\"]},\\"Action\\":[\\"kms:*\\"],\\"Resource\\": [\\"*\\"] }] }</Policy>\\n</GetSecretPolicyResponse>","errorExample":""}]', - 'title' => 'GetSecretPolicy', ], - 'UntagResources' => [ - 'summary' => 'Removes tags from keys or secrets.', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'ListSecrets' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'readAndWrite', + 'operationType' => 'read', + 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'none', - 'riskType' => 'none', - 'chargeType' => 'free', - 'abilityTreeCode' => '177229', - 'abilityTreeNodes' => [ - 'FEATUREkms5QHERY', - ], + 'operationType' => 'get', + 'abilityTreeCode' => '54594', + 'abilityTreeNodes' => ['FEATUREkms52EQP9'], + 'tenantRelevance' => 'publicInformation', ], 'parameters' => [ [ - 'name' => 'RegionId', + 'name' => 'FetchTags', 'in' => 'query', - 'schema' => [ - 'title' => '地域', - 'description' => 'The region ID of the resource.'."\n" - ."\n" - .'> You can call the [DescribeRegions](~~601478~~) operation to query the most recent region list.'."\n", - 'type' => 'string', - 'required' => true, - 'example' => 'cn-hangzhou', - ], + 'schema' => ['description' => 'Specifies whether to return resource tags for each secret. Valid values:'."\n" + ."\n" + .'- `true`: Resource tags are returned.'."\n" + ."\n" + .'- `false` (default): Resource tags are not returned.', 'type' => 'string', 'required' => false, 'docRequired' => false, 'example' => 'false', 'title' => ''], ], [ - 'name' => 'ResourceType', + 'name' => 'PageNumber', 'in' => 'query', - 'schema' => [ - 'title' => '资源类型', - 'description' => 'The type of the resource from which you want to remove tags. Valid values:'."\n" - ."\n" - .'* key'."\n" - .'* secret'."\n", - 'type' => 'string', - 'required' => true, - 'example' => 'key', - ], + 'schema' => ['description' => 'The page number.<br>'."\n" + .'The value must be greater than 0.<br>'."\n" + .'Default: 1.<br><br>', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'docRequired' => false, 'default' => '1', 'example' => '1', 'title' => ''], ], [ - 'name' => 'All', + 'name' => 'PageSize', 'in' => 'query', - 'schema' => [ - 'title' => '是否全部删除,只针对TagKey.N为空时有效。 取值范围: true false True False 默认是 false', - 'description' => 'Specifies whether to remove all tags from resources. Valid values:'."\n" - ."\n" - .'* true'."\n" - .'* false (default)'."\n" - ."\n" - .'> This parameter takes effect only when you specify an empty tag key.'."\n", - 'type' => 'boolean', - 'required' => false, - 'example' => 'false', - ], + 'schema' => ['description' => 'The page size.<br>'."\n" + .'The value must be between 1 and 100.<br>'."\n" + .'Default: 10.<br><br>', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'docRequired' => false, 'maximum' => '100', 'minimum' => '1', 'default' => '10', 'example' => '2', 'title' => ''], ], [ - 'name' => 'ResourceId', + 'name' => 'Filters', 'in' => 'query', - 'style' => 'repeatList', - 'schema' => [ - 'title' => '资源ID,最多50个子项', - 'description' => 'The IDs of the resources from which you want to remove tags. You can enter up to 50 resource IDs.'."\n" - ."\n" - .'Enter multiple resource IDs in the `["ResourceId.1","ResourceId.2",...]` format.'."\n", - 'type' => 'array', - 'items' => [ - 'description' => 'The IDs of the resources from which you want to remove tags. You can enter up to 50 resource IDs.'."\n" - ."\n" - .'Enter multiple resource IDs in the `["ResourceId.1","ResourceId.2",...]` format.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'key-hzz62f1cb66fa42qo****', - ], - 'required' => true, - 'maxItems' => 51, - ], - ], - [ - 'name' => 'TagKey', - 'in' => 'query', - 'style' => 'repeatList', - 'schema' => [ - 'title' => '标签键,最多20个子项', - 'description' => 'The keys of the tags that you want to remove. You can enter up to 20 tag keys.'."\n" - ."\n" - .'Enter multiple tag keys in the `["key.1","key.2",...]` format.'."\n" - ."\n" - .'> The tag key cannot start with aliyun or acs:.'."\n", - 'type' => 'array', - 'items' => [ - 'description' => 'The keys of the tags that you want to remove. You can enter up to 20 tag keys.'."\n" - ."\n" - .'Enter multiple tag keys in the `["key.1","key.2",...]` format.'."\n" - ."\n" - .'> The tag key cannot start with aliyun or acs:.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'disk-encryption', - ], - 'required' => false, - 'maxItems' => 21, - ], + 'schema' => ['description' => 'Filters secrets based on specified conditions. The value is a list of up to 10 key-value pairs. When you filter by tag, the query returns a maximum of 4,000 resources. If more than 4,000 resources match the filter, call the [ListResourceTags](~~120090~~) operation.'."\n" + ."\n" + .'- Key'."\n" + ."\n" + .' - Description: The filter property.'."\n" + ."\n" + .' - Type: String.'."\n" + ."\n" + .'- Values'."\n" + ."\n" + .' - Description: The filter value.'."\n" + ."\n" + .' - Type: String.'."\n" + ."\n" + .' - You can specify up to 10 items.'."\n" + ."\n" + .'Valid values for Key:'."\n" + ."\n" + .'- Set `Key` to **SecretName** to filter by secret name.'."\n" + ."\n" + .'- Set `Key` to **Description** to filter by secret description.'."\n" + ."\n" + .'- Set `Key` to **TagKey** to filter by tag key.'."\n" + ."\n" + .'- Set `Key` to **TagValue** to filter by tag value.'."\n" + ."\n" + .'- Set `Key` to **DKMSInstanceId** to filter by KMS instance ID.'."\n" + ."\n" + .'- Set Key to **SecretType** to filter by secret type. `Values` can be `Generic`, `RDS`, `Redis`, `RAMCredentials`, `ECS`, or `PolarDB`.'."\n" + ."\n" + .'- Set `Key` to **Creator** to filter by the creator of the secret.'."\n" + ."\n" + .'If you specify multiple values for a key, the filter applies a logical OR. For example, if you enter `[ {"Key":"SecretName", "Values":["sec1","sec2"]} ]`, this means: `(SecretName=sec1 OR SecretName=sec2)`.', 'type' => 'string', 'required' => false, 'docRequired' => false, 'example' => '[{"Key":"SecretName", "Values":["Val1","Val2"]}]', 'title' => ''], ], ], 'responses' => [ @@ -8460,46 +6034,119 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The request ID.'."\n", - 'type' => 'string', - 'example' => 'b1f210dc-e52c-4a86-b9dd-7492343d46c7', + 'PageNumber' => ['description' => 'The page number.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], + 'PageSize' => ['description' => 'The number of entries per page.', 'type' => 'integer', 'format' => 'int32', 'example' => '2', 'title' => ''], + 'RequestId' => ['description' => 'The unique identifier generated by Alibaba Cloud for the request. Use it to locate and troubleshoot issues.', 'type' => 'string', 'example' => '6a6287a0-ff34-4780-a790-fdfca900557f', 'title' => ''], + 'TotalCount' => ['description' => 'The number of secrets.', 'type' => 'integer', 'format' => 'int32', 'example' => '55', 'title' => ''], + 'SecretList' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'Secret' => [ + 'description' => 'The list of secrets.', + 'title' => '', + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'SecretName' => ['description' => 'The name of the secret.', 'type' => 'string', 'example' => 'secret001', 'title' => ''], + 'UpdateTime' => ['description' => 'The time when the secret was last updated.', 'type' => 'string', 'example' => '2024-07-17T07:59:05Z', 'title' => ''], + 'SecretType' => ['description' => 'The type of the secret. Valid values:'."\n" + ."\n" + .'- `Generic`: a generic secret.'."\n" + ."\n" + .'- `Rds`: an RDS secret.'."\n" + ."\n" + .'- `Redis`: a Redis or Tair secret.'."\n" + ."\n" + .'- `RAMCredentials`: a RAM secret.'."\n" + ."\n" + .'- `ECS`: an ECS secret.'."\n" + ."\n" + .'- `PolarDB`: a PolarDB secret.', 'type' => 'string', 'example' => 'Generic', 'title' => ''], + 'PlannedDeleteTime' => ['description' => 'The scheduled deletion time.', 'type' => 'string', 'example' => '2024-08-17T07:59:05Z', 'title' => ''], + 'CreateTime' => ['description' => 'The time when the secret was created.', 'type' => 'string', 'example' => '2024-07-17T07:59:05Z', 'title' => ''], + 'Tags' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'Tag' => [ + 'description' => 'The resource tags for the secret.'."\n" + .'This parameter is not returned if the `FetchTags` parameter is set to `false` or is not specified.', + 'title' => '', + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'TagValue' => ['description' => 'The tag value.', 'type' => 'string', 'example' => 'val1', 'title' => ''], + 'TagKey' => ['description' => 'The tag key.', 'type' => 'string', 'example' => 'key1', 'title' => ''], + ], + 'description' => 'A resource tag.', + 'title' => '', + 'example' => '', + ], + 'example' => '', + ], + ], + 'description' => '', + 'title' => '', + 'example' => '', + ], + 'OwingService' => ['description' => 'The owner service.', 'type' => 'string', 'example' => 'alb', 'title' => ''], + ], + 'description' => '', + 'title' => '', + 'example' => '', + ], + 'example' => '', + ], + ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ - 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], - [ - 'errorCode' => 'InvalidResourceId.NotFound', - 'errorMessage' => 'The specified ResourceId is not found.', - ], + 400 => [ + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'some of the specified parameters "\\" is not valid', 'description' => ''], + ], + 403 => [ + ['errorCode' => 'Forbidden.NoPermission', 'errorMessage' => 'This operation is forbidden by permission system', 'description' => ''], + ], + [ + ['errorCode' => 'Forbidden.ResourceNotFound', 'errorMessage' => 'Resource not found', 'description' => ''], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ], + 500 => [ + ['errorCode' => 'InternalFailure', 'errorMessage' => 'Internal Failure', 'description' => ''], ], ], - 'staticInfo' => [ - 'returnType' => 'synchronous', - ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"b1f210dc-e52c-4a86-b9dd-7492343d46c7\\"\\n}","errorExample":""},{"type":"xml","example":"<UntagResourcesResponse>\\n <RequestId>b1f210dc-e52c-4a86-b9dd-7492343d46c7</RequestId>\\n</UntagResourcesResponse>","errorExample":""}]', - 'title' => 'UntagResources', - 'description' => 'You can remove multiple tags from multiple keys or multiple secrets at a time. You cannot remove tags that start with aliyun or acs:.'."\n" + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 2,\\n \\"RequestId\\": \\"6a6287a0-ff34-4780-a790-fdfca900557f\\",\\n \\"TotalCount\\": 55,\\n \\"SecretList\\": {\\n \\"Secret\\": [\\n {\\n \\"SecretName\\": \\"secret001\\",\\n \\"UpdateTime\\": \\"2024-07-17T07:59:05Z\\",\\n \\"SecretType\\": \\"Generic\\",\\n \\"PlannedDeleteTime\\": \\"2024-08-17T07:59:05Z\\",\\n \\"CreateTime\\": \\"2024-07-17T07:59:05Z\\",\\n \\"Tags\\": {\\n \\"Tag\\": [\\n {\\n \\"TagValue\\": \\"val1\\",\\n \\"TagKey\\": \\"key1\\"\\n }\\n ]\\n },\\n \\"OwingService\\": \\"alb\\"\\n }\\n ]\\n }\\n}","type":"json"}]', + 'title' => 'ListSecrets', + 'summary' => 'Queries all secrets in the current region.', + 'description' => '- To call this operation, the RAM user or RAM role must be granted the required policy. For more information, see [Resource Access Management](~~2767210~~).'."\n" ."\n" - .'If you enter multiple tag keys in the request parameters and only some of the tag keys are associated with resources, the operation can be called and the tags whose keys are associated with resources are removed from the resources.'."\n", + .'- This operation returns only secret metadata, not the secret values.'."\n" + ."\n" + .'This example shows how to query secrets created by the current user in the current region. `PageNumber` is set to `1` and `PageSize` is set to `2`, returning metadata for two secrets.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], + ], ], 'ListTagResources' => [ - 'summary' => 'Queries the tags of a key or a secret.', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'summary' => 'Lists the tags that are bound to a key or a secret.', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -8511,72 +6158,49 @@ 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeCode' => '177230', - 'abilityTreeNodes' => [ - 'FEATUREkms5QHERY', - ], + 'abilityTreeNodes' => ['FEATUREkms5QHERY'], 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ 'name' => 'RegionId', 'in' => 'query', - 'schema' => [ - 'title' => '地域', - 'description' => 'The region ID of the resource.'."\n" - ."\n" - .'> You can call the [DescribeRegions](~~601478~~) to query the most recent region list.'."\n", - 'type' => 'string', - 'required' => true, - 'example' => 'cn-hangzhou', - ], + 'schema' => ['description' => 'The region ID of the resource.'."\n" + ."\n" + .'> Call [DescribeRegions](~~601478~~) to query the most recent region list.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'cn-hangzhou'], ], [ 'name' => 'NextToken', 'in' => 'query', - 'schema' => [ - 'title' => '下一个查询开始Token', - 'description' => 'The pagination token that is used in the next request to retrieve a new page of results.'."\n" - ."\n" - .'> If the call does not return all result entries, the value of the NextToken parameter is returned. By default, 200 rows are returned. You can call this operation again and set the value of the parameter to the value of the parameter that is returned in the last call to implement paged query.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'caeba0bbb2be03f84eb48b699f0a4883', - ], + 'schema' => ['description' => 'The pagination token that is used in the next request to retrieve a new page of results.'."\n" + ."\n" + .'> If not all results are returned, the NextToken value is included in the response. By default, 200 rows are returned per page. To retrieve the next page, set this parameter to the NextToken value from the previous response.', 'type' => 'string', 'required' => false, 'title' => '', 'example' => 'caeba0bbb2be03f84eb48b699f0a4883'], ], [ 'name' => 'ResourceType', 'in' => 'query', - 'schema' => [ - 'title' => '资源类型', - 'description' => 'The type of resource whose tags you want to query. Valid value:'."\n" - ."\n" - .'* key'."\n" - .'* secret'."\n", - 'type' => 'string', - 'required' => true, - 'example' => 'key', - ], + 'schema' => ['description' => 'The type of resource whose tags you want to query. Valid value:'."\n" + ."\n" + .'- key'."\n" + ."\n" + .'- secret', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'key'], ], [ 'name' => 'ResourceId', 'in' => 'query', 'style' => 'repeatList', 'schema' => [ - 'title' => '资源ID,最多 50个子项', + 'title' => '', 'description' => 'A list of resource IDs for which you want to query tags. You can enter a maximum of 50 resource IDs.'."\n" ."\n" - .'Enter multiple resource IDs in the `["ResourceId. 1","ResourceId. 2",...]` format.'."\n", + .'Enter multiple resource IDs in the `["ResourceId. 1","ResourceId. 2",...]` format.', 'type' => 'array', - 'items' => [ - 'description' => 'The resource IDs for which you want to query tags. You can enter a maximum of 50 resource IDs.'."\n" - ."\n" - .'Enter multiple resource IDs in the `["ResourceId. 1","ResourceId. 2",...]` format.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'key-hzz62f1cb66fa42qo****', - ], + 'items' => ['description' => 'The resource IDs for which you want to query tags. You can enter a maximum of 50 resource IDs.'."\n" + ."\n" + .'Enter multiple resource IDs in the `["ResourceId. 1","ResourceId. 2",...]` format.', 'type' => 'string', 'required' => false, 'example' => 'key-hzz62f1cb66fa42qo****', 'title' => ''], 'required' => false, 'maxItems' => 51, + 'example' => '', ], ], [ @@ -8584,38 +6208,29 @@ 'in' => 'query', 'style' => 'repeatList', 'schema' => [ - 'title' => '标签列表,最多包含20个子项', - 'description' => 'A list of tags that you want to query. Valid values of N: 1 to 20.'."\n", + 'title' => '', + 'description' => 'A list of tags that you want to query. Valid values of N: 1 to 20.', 'type' => 'array', 'items' => [ 'description' => '', 'type' => 'object', 'properties' => [ - 'Key' => [ - 'title' => '标签键', - 'description' => 'The key of the tag. A tag consists of a key-value pair.'."\n" - ."\n" - .'You can enter up to 20 tags. Enter multiple tags in the `[{"Key":"key1","Value":"value1"},{"Key":"key2","Value":"value2"},..]` format.'."\n" - ."\n" - .'> The key cannot start with aliyun or acs:.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'disk-encryption', - ], - 'Value' => [ - 'title' => '标签值', - 'description' => 'The value of the tag. A tag consists of a key-value pair.'."\n" - ."\n" - .'You can enter up to 20 tags. Enter multiple tags in the `[{"Key":"key1","Value":"value1"},{"Key":"key2","Value":"value2"},..]` format.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'true', - ], + 'Key' => ['description' => 'The key of the tag. A tag consists of a key-value pair.'."\n" + ."\n" + .'You can enter up to 20 tags. Enter multiple tags in the `[{"Key":"key1","Value":"value1"},{"Key":"key2","Value":"value2"},..]` format.'."\n" + ."\n" + .'> The key cannot start with aliyun or acs:.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'disk-encryption'], + 'Value' => ['description' => 'The value of the tag. A tag consists of a key-value pair.'."\n" + ."\n" + .'You can enter up to 20 tags. Enter multiple tags in the `[{"Key":"key1","Value":"value1"},{"Key":"key2","Value":"value2"},..]` format.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'true'], ], 'required' => false, + 'title' => '', + 'example' => '', ], 'required' => false, 'maxItems' => 21, + 'example' => '', ], ], ], @@ -8624,430 +6239,342 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'NextToken' => [ - 'title' => '下一个查询开始Token,NextToken为空说明没有下一个', - 'description' => 'A pagination token. It can be used in the next request to retrieve a new page of results.'."\n" - ."\n" - .'* If NextToken is empty ("NextToken": ""), no next page exists.'."\n" - .'* If NextToken is not empty, the next query is required, and the value is the token used to start the next query.'."\n", - 'type' => 'string', - 'example' => 'e71d8a535bd9cc11', - ], - 'RequestId' => [ - 'description' => 'The request ID.'."\n", - 'type' => 'string', - 'example' => '00827261-20B7-4562-83F2-4DF39876A45A', - ], + 'NextToken' => ['description' => 'A pagination token. It can be used in the next request to retrieve a new page of results.'."\n" + ."\n" + .'- If NextToken is empty ("NextToken": ""), no next page exists.'."\n" + ."\n" + .'- If NextToken is not empty, the next query is required, and the value is the token used to start the next query.', 'type' => 'string', 'title' => '', 'example' => 'e71d8a535bd9cc11'], + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '00827261-20B7-4562-83F2-4DF39876A45A', 'title' => ''], 'TagResources' => [ 'type' => 'object', 'itemNode' => true, 'properties' => [ 'TagResource' => [ - 'title' => '资源列表', - 'description' => 'A list of tags.'."\n", + 'title' => '', + 'description' => 'A list of tags.', 'type' => 'array', 'items' => [ 'description' => '', 'type' => 'object', 'properties' => [ - 'ResourceType' => [ - 'title' => '资源类型', - 'description' => 'The type of the resource.'."\n", - 'type' => 'string', - 'example' => 'key', - ], - 'TagValue' => [ - 'title' => '标签值', - 'description' => 'The value of the tag.'."\n", - 'type' => 'string', - 'example' => 'true', - ], - 'ResourceId' => [ - 'title' => '资源ID', - 'description' => 'The resource ID.'."\n", - 'type' => 'string', - 'example' => 'key-hzz62f1cb66fa42qo****', - ], - 'TagKey' => [ - 'title' => '标签键', - 'description' => 'The key of the tag.'."\n", - 'type' => 'string', - 'example' => 'disk-encryption', - ], + 'ResourceType' => ['description' => 'The type of the resource.', 'type' => 'string', 'title' => '', 'example' => 'key'], + 'TagValue' => ['description' => 'The value of the tag.', 'type' => 'string', 'title' => '', 'example' => 'true'], + 'ResourceId' => ['description' => 'The resource ID.', 'type' => 'string', 'title' => '', 'example' => 'key-hzz62f1cb66fa42qo****'], + 'TagKey' => ['description' => 'The key of the tag.', 'type' => 'string', 'title' => '', 'example' => 'disk-encryption'], ], + 'title' => '', + 'example' => '', ], + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'Duplicate.TagKey', - 'errorMessage' => 'The specified tagKey is duplicate.', - ], + ['errorCode' => 'Duplicate.TagKey', 'errorMessage' => 'The specified tagKey is duplicate.', 'description' => ''], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], - [ - 'errorCode' => 'InvalidResourceId.NotFound', - 'errorMessage' => 'The specified ResourceId is not found.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ['errorCode' => 'InvalidResourceId.NotFound', 'errorMessage' => 'The specified ResourceId is not found.', 'description' => ''], ], ], - 'staticInfo' => [ - 'returnType' => 'synchronous', - ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"NextToken\\": \\"e71d8a535bd9cc11\\",\\n \\"RequestId\\": \\"00827261-20B7-4562-83F2-4DF39876A45A\\",\\n \\"TagResources\\": {\\n \\"TagResource\\": [\\n {\\n \\"ResourceType\\": \\"key\\",\\n \\"TagValue\\": \\"true\\",\\n \\"ResourceId\\": \\"key-hzz62f1cb66fa42qo****\\",\\n \\"TagKey\\": \\"disk-encryption\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListTagResourcesResponse>\\n <NextToken>e71d8a535bd9cc11</NextToken>\\n <RequestId>00827261-20B7-4562-83F2-4DF39876A45A</RequestId>\\n <TagResources>\\n <ResourceType>key</ResourceType>\\n <TagValue>true</TagValue>\\n <ResourceId>key-hzz62f1cb66fa42qo****</ResourceId>\\n <TagKey>disk-encryption</TagKey>\\n </TagResources>\\n</ListTagResourcesResponse>","errorExample":""}]', + 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'ListTagResources', - ], - 'TagResources' => [ - 'summary' => 'Adds tags to keys or secrets.', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'description' => 'For more information about the access policy required for a RAM user or RAM role to call this operation, see [Resource Access Management](~~2767210~~).', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [ + ['threshold' => '1000', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListTagResources'], + ], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"NextToken\\": \\"e71d8a535bd9cc11\\",\\n \\"RequestId\\": \\"00827261-20B7-4562-83F2-4DF39876A45A\\",\\n \\"TagResources\\": {\\n \\"TagResource\\": [\\n {\\n \\"ResourceType\\": \\"key\\",\\n \\"TagValue\\": \\"true\\",\\n \\"ResourceId\\": \\"key-hzz62f1cb66fa42qo****\\",\\n \\"TagKey\\": \\"disk-encryption\\"\\n }\\n ]\\n }\\n}","type":"json"}]', + ], + 'OpenKmsService' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'readAndWrite', + 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'none', - 'riskType' => 'none', - 'chargeType' => 'free', - 'abilityTreeCode' => '177226', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], - ], - 'parameters' => [ - [ - 'name' => 'RegionId', - 'in' => 'query', - 'schema' => [ - 'title' => '地域', - 'description' => 'The region ID of the resource.'."\n" - ."\n" - .'> You can call the [DescribeRegions](~~601478~~) to query the most recent region list.'."\n", - 'type' => 'string', - 'required' => true, - 'example' => 'cn-hangzhou', - ], - ], - [ - 'name' => 'ResourceType', - 'in' => 'query', - 'schema' => [ - 'title' => '资源类型', - 'description' => 'The type of the resource to which you want to add tags. Valid values:'."\n" - ."\n" - .'* key'."\n" - .'* secret'."\n", - 'type' => 'string', - 'required' => true, - 'example' => 'key', - ], - ], - [ - 'name' => 'ResourceId', - 'in' => 'query', - 'style' => 'repeatList', - 'schema' => [ - 'title' => '资源ID,最多 50个子项', - 'description' => 'The IDs of the resources to which you want to add tags. You can enter a maximum of 50 resource IDs.'."\n" - ."\n" - .'Enter multiple resource IDs in the `["ResourceId. 1","ResourceId. 2",...]` format.'."\n", - 'type' => 'array', - 'items' => [ - 'description' => 'The IDs of the resources to which you want to add tags. You can enter a maximum of 50 resource IDs.'."\n" - ."\n" - .'Enter multiple resource IDs in the `["ResourceId. 1","ResourceId. 2",...]` format.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'key-hzz62f1cb66fa42qo****', - ], - 'required' => true, - 'maxItems' => 51, - ], - ], - [ - 'name' => 'Tag', - 'in' => 'query', - 'style' => 'repeatList', - 'schema' => [ - 'title' => '标签列表,最多包含20个子项', - 'description' => 'A list of tags. You can enter up to 20 tags.'."\n" - ."\n" - .'A tag consists of a key-value pair. Enter multiple tags in the `[{"Key":"key1","Value":"value1"},{"Key":"key2","Value":"value2"},..]` format.'."\n", - 'type' => 'array', - 'items' => [ - 'description' => '', - 'type' => 'object', - 'properties' => [ - 'Key' => [ - 'title' => '标签键', - 'description' => 'The key of the tag. A tag consists of a key-value pair.'."\n" - ."\n" - .'You can enter up to 20 tags. Enter multiple tags in the `[{"Key":"key1","Value":"value1"},{"Key":"key2","Value":"value2"},..]` format.'."\n" - ."\n" - .'Each key can be up to 128 characters in length and can contain letters, digits, forward slashes (/), backslashes (\\\\), underscores (\\_), hyphens (-), periods (.), plus signs (+), equal signs (=), colons (:), and at signs (@).'."\n" - ."\n" - .'> The key cannot start with aliyun or acs:.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'disk-encryption', - ], - 'Value' => [ - 'title' => '标签值', - 'description' => 'The value of the tag. A tag consists of a key-value pair.'."\n" - ."\n" - .'You can enter up to 20 tags. Enter multiple tags in the `[{"Key":"key1","Value":"value1"},{"Key":"key2","Value":"value2"},..]` format.'."\n" - ."\n" - .'Each value can be up to 128 characters in length and can contain letters, digits, forward slashes (/), backslashes (\\\\), underscores (\\_), hyphens (-), periods (.), plus signs (+), equal signs (=), colons (:), and at signs (@).'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'true', - ], - ], - 'required' => false, - ], - 'required' => true, - 'maxItems' => 21, - ], - ], + 'operationType' => 'update', + 'abilityTreeCode' => '54596', + 'abilityTreeNodes' => ['FEATUREkms586TOR'], + 'tenantRelevance' => 'publicInformation', ], + 'parameters' => [], 'responses' => [ 200 => [ 'schema' => [ - 'title' => 'Schema of Response', - 'description' => 'Schema of Response'."\n", 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'title' => 'Id of the request', - 'description' => 'The request ID.'."\n", - 'type' => 'string', - 'example' => '598d0219-45cd-4477-84ad-85a52d9debcf', - ], + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '3455b9b4-95c1-419d-b310-db6a53b09a39', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter.TagValue', - 'errorMessage' => 'The specified parameter is not valid.', - ], - [ - 'errorCode' => 'InvalidParameter.TagKey', - 'errorMessage' => 'The specified parameter is not valid.', - ], - [ - 'errorCode' => 'Duplicate.TagKey', - 'errorMessage' => 'The specified tagKey is duplicate.', - ], - ], - 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], - [ - 'errorCode' => 'InvalidResourceId.NotFound', - 'errorMessage' => 'The specified ResourceId is not found.', - ], + ['errorCode' => 'CreateLXOrderFailed', 'errorMessage' => 'Create order failed.', 'description' => ''], + ['errorCode' => 'Forbidden.NoRealNameAuthentication', 'errorMessage' => 'Real name authentication is needed.', 'description' => 'You have not passed real name authentication.'], + ['errorCode' => 'Forbidden.Opened', 'errorMessage' => 'Your kms service has been opened.', 'description' => 'You have activated Key Management Service.'], ], ], - 'staticInfo' => [ - 'returnType' => 'synchronous', - ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"598d0219-45cd-4477-84ad-85a52d9debcf\\"\\n}","errorExample":""},{"type":"xml","example":"<TagResourcesResponse>\\n <RequestId>598d0219-45cd-4477-84ad-85a52d9debcf</RequestId>\\n</TagResourcesResponse>","errorExample":""}]', - 'title' => 'TagResources', - 'description' => 'You can add multiple tags to multiple keys or multiple secrets at a time.'."\n", - ], - 'ListResourceTags' => [ - 'methods' => [ - 'post', - 'get', + 'title' => 'OpenKmsService', + 'summary' => 'Activates Key Management Service (KMS) for your Alibaba Cloud account.', + 'description' => '- For more information about the access policies that a RAM user or RAM role needs to call this OpenAPI, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- KMS is a paid service. For more information about billing, see [Billing](~~52608~~).'."\n" + ."\n" + .'- You can activate the service for an Alibaba Cloud account only once.'."\n" + ."\n" + .'- Make sure that your Alibaba Cloud account has completed real-name verification.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [ + ['createdAt' => '2025-08-21T07:47:03.000Z', 'description' => 'OpenAPI offline'], ], - 'schemes' => [ - 'https', + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"3455b9b4-95c1-419d-b310-db6a53b09a39\\"\\n}","type":"json"}]', + ], + 'PutSecretValue' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'read', + 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'get', + 'operationType' => 'update', + 'abilityTreeCode' => '54597', + 'abilityTreeNodes' => ['FEATUREkms52EQP9'], + 'tenantRelevance' => 'tenant', ], 'parameters' => [ [ - 'name' => 'KeyId', + 'name' => 'VersionId', + 'in' => 'query', + 'schema' => ['description' => 'The version number of the secret. The value must be unique in the secret.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'v3', 'title' => ''], + ], + [ + 'name' => 'SecretName', + 'in' => 'query', + 'schema' => ['description' => 'The name or Alibaba Cloud Resource Name (ARN) of the secret.'."\n" + ."\n" + .'> When you access a secret in another Alibaba Cloud account, you must specify the ARN of the secret. The ARN of a secret is in the format of `acs:kms:${region}:${account}:secret/${secret-name}`.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'secret001', 'title' => ''], + ], + [ + 'name' => 'SecretData', + 'in' => 'query', + 'schema' => ['description' => 'The secret value. The value is encrypted and stored in the specified new version.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'importantdata', 'title' => ''], + ], + [ + 'name' => 'SecretDataType', 'in' => 'query', 'schema' => [ - 'description' => 'The globally unique ID of the CMK.'."\n", + 'description' => 'The type of the secret value. Valid values:'."\n" + ."\n" + .'- text (default)'."\n" + ."\n" + .'- binary', 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + 'required' => false, + 'docRequired' => false, + 'default' => 'text', + 'enum' => ['text', 'binary'], + 'example' => 'text', + 'title' => '', ], ], + [ + 'name' => 'VersionStages', + 'in' => 'query', + 'schema' => ['description' => 'The stage labels that are used to mark the new version. If you do not specify this parameter, KMS marks the new version with ACSCurrent.', 'type' => 'string', 'required' => false, 'docRequired' => false, 'example' => '["ACSCurrent","ACSNext"]', 'title' => ''], + ], ], 'responses' => [ 200 => [ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '4162a6af-bc99-40b3-a552-89dcc8aaf7c8', - ], - 'Tags' => [ + 'SecretName' => ['description' => 'The name of the secret.', 'type' => 'string', 'example' => 'secret001', 'title' => ''], + 'VersionId' => ['description' => 'The version number of the secret.', 'type' => 'string', 'example' => 'v3', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request, which is a unique identifier generated by Alibaba Cloud. You can use this ID to troubleshoot issues.', 'type' => 'string', 'example' => 'f94ec9d3-2d10-4922-9a5c-5dcd5ebcb5e8', 'title' => ''], + 'VersionStages' => [ 'type' => 'object', 'itemNode' => true, 'properties' => [ - 'Tag' => [ - 'description' => 'The tags of the CMK.'."\n", + 'VersionStage' => [ + 'itemNode' => true, + 'description' => 'The stage labels of the secret version.', + 'title' => '', 'type' => 'array', - 'items' => [ - 'type' => 'object', - 'properties' => [ - 'KeyId' => [ - 'description' => 'The globally unique ID of the CMK.'."\n", - 'type' => 'string', - 'example' => '33caea95-c3e5-4b3e-a9c6-cec76e4e****', - ], - 'TagValue' => [ - 'description' => 'The tag value.'."\n", - 'type' => 'string', - 'example' => 'Test', - ], - 'TagKey' => [ - 'description' => 'The tag key.'."\n", - 'type' => 'string', - 'example' => 'Project', - ], - ], - ], + 'items' => ['description' => 'The stage label of the secret version.', 'type' => 'string', 'example' => '{ "VersionStage": [ "ACSCurrent", "ACSNext" ] }', 'title' => ''], + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'some of the specified parameters "\\" is not valid', 'description' => ''], + ['errorCode' => 'Rejected.LimitExceeded', 'errorMessage' => 'exceed secret limits error', 'description' => ''], ], - 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + 403 => [ + ['errorCode' => 'Forbidden.NoPermission', 'errorMessage' => 'This operation is forbidden by permission system', 'description' => ''], + ], + [ + ['errorCode' => 'Forbidden.ResourceNotFound', 'errorMessage' => 'Resource not found', 'description' => ''], + ], + 409 => [ + ['errorCode' => 'Rejected.ResourceExist', 'errorMessage' => 'The request was rejected becasue key already exsit', 'description' => ''], + ], + 500 => [ + ['errorCode' => 'InternalFailure', 'errorMessage' => 'Internal Failure', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"4162a6af-bc99-40b3-a552-89dcc8aaf7c8\\",\\n \\"Tags\\": {\\n \\"Tag\\": [\\n {\\n \\"KeyId\\": \\"33caea95-c3e5-4b3e-a9c6-cec76e4e****\\",\\n \\"TagValue\\": \\"Test\\",\\n \\"TagKey\\": \\"Project\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListResourceTagsResponse>\\n <RequestId>4162a6af-bc99-40b3-a552-89dcc8aaf7c8</RequestId>\\n <Tags>\\n <KeyId>33caea95-c3e5-4b3e-a9c6-cec76e4e****</KeyId>\\n <TagValue>Test</TagValue>\\n <TagKey>Project</TagKey>\\n </Tags>\\n</ListResourceTagsResponse>","errorExample":""}]', - 'title' => 'ListResourceTags', - 'summary' => 'Queries the tags of a customer master key (CMK).', - 'description' => 'Request format: KeyId="string"'."\n", - 'requestParamsDescription' => ' ', + 'title' => 'PutSecretValue', + 'summary' => 'Stores a new version of a secret value for a generic secret.', + 'description' => '- For information about the access policy required for a RAM user or RAM role to call this OpenAPI operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- This operation supports only generic secrets. Each generic secret can have a maximum of 10 versions. If the number of versions exceeds the limit, KMS deletes the earliest version.'."\n" + ."\n" + .'- By default, the new secret value is marked with ACSCurrent, and the previous version that was marked with ACSCurrent is marked with ACSPrevious. You can specify the VersionStage parameter to overwrite this default behavior.'."\n" + ."\n" + .'- This operation stores a new version of a secret value. You cannot use it to modify an existing version of a secret value. You must specify a version number when you store a new version. KMS processes requests based on the following rules:'."\n" + ."\n" + .' - If the version number does not exist in the secret, KMS creates a new version and stores the secret value.'."\n" + ."\n" + .' - If the version number already exists in the secret, KMS compares the secret value in the request with the stored value. If the values are the same, the request is ignored and a success message is returned. This makes the operation idempotent. If the values are different, the request is rejected.'."\n" + ."\n" + .'This topic provides an example of how to store a new version of a secret value for the secret named `secret001`. The new version number (`VersionId`) is `v3` and the secret value (`SecretData`) is `importantdata`.', + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).', 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'TagResource' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"SecretName\\": \\"secret001\\",\\n \\"VersionId\\": \\"v3\\",\\n \\"RequestId\\": \\"f94ec9d3-2d10-4922-9a5c-5dcd5ebcb5e8\\",\\n \\"VersionStages\\": {\\n \\"VersionStage\\": [\\n \\"{ \\\\\\"VersionStage\\\\\\": [ \\\\\\"ACSCurrent\\\\\\", \\\\\\"ACSNext\\\\\\" ] }\\"\\n ]\\n }\\n}","type":"json"}]', + ], + 'ReEncrypt' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'write', + 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'update', + 'operationType' => 'get', + 'abilityTreeCode' => '54598', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], ], 'parameters' => [ [ - 'name' => 'KeyId', + 'name' => 'CiphertextBlob', 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the customer master key (CMK). The ID must be globally unique.'."\n" - ."\n" - .'> You can configure only one of the KeyId, SecretName, and CertificateId parameters.'."\n", - 'type' => 'string', - 'required' => false, - 'docRequired' => false, - 'example' => '08c33a6f-4e0a-4a1b-a3fa-7ddf****', - ], + 'schema' => ['description' => 'The ciphertext that you want to re-encrypt.<br> This parameter can be the ciphertext that is returned after symmetric or asymmetric key encryption.<br><br>'."\n" + ."\n" + .'- Symmetric encryption: the ciphertext that is returned after you call the [Encrypt](~~28949~~), [GenerateDataKey](~~28948~~), [GenerateDataKeyWithoutPlaintext](~~134043~~), or [GenerateAndExportDataKey](~~176804~~) operation.'."\n" + ."\n" + .'- Asymmetric key encryption: the data that is encrypted using a public key after you call the [GenerateAndExportDataKey](~~176804~~) operation, or the data that is encrypted using an asymmetric public key in an external system.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901q********', 'title' => ''], ], [ - 'name' => 'Tags', + 'name' => 'SourceKeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'One or more tags that you want to add. The value is in the array format.'."\n" - ."\n" - .'Tag attributes:'."\n" - ."\n" - .'* TagKey: the tag key.'."\n" - .'* TagValue: the tag value.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '[{"TagKey":"S1key1","TagValue":"S1val1"},{"TagKey":"S1key2","TagValue":"S2val2"}]', - ], + 'schema' => ['description' => 'The ID of the master key that is used to decrypt the ciphertext.<br> The globally unique identifier of the master key.<br><br>'."\n" + ."\n" + .'> You must specify this parameter when CiphertextBlob is the data that is encrypted using a public key after asymmetric key encryption.', 'type' => 'string', 'required' => false, 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', 'title' => ''], ], [ - 'name' => 'SecretName', + 'name' => 'SourceKeyVersionId', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the secret.'."\n" - ."\n" - .'> You can configure only one of the KeyId, SecretName, and CertificateId parameters.'."\n", - 'type' => 'string', - 'required' => false, - 'docRequired' => false, - 'example' => 'MyDbC****', - ], + 'schema' => ['description' => 'The ID of the key version that is used to decrypt the ciphertext.'."\n" + ."\n" + .'> You must specify this parameter when CiphertextBlob is the data that is encrypted using a public key after asymmetric key encryption.', 'type' => 'string', 'required' => false, 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], ], [ - 'name' => 'CertificateId', + 'name' => 'SourceEncryptionAlgorithm', 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the certificate.'."\n" - ."\n" - .'> You can configure only one of the KeyId, SecretName, and CertificateId parameters.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => '770dbe42-e146-43d1-a55a-1355db86****', - ], + 'schema' => ['description' => 'If CiphertextBlob is the result of public key encryption, specify the public key encryption algorithm. For more information about the algorithms, see [AsymmetricDecrypt](~~148130~~).<br> Valid values:<br><br>'."\n" + ."\n" + .'- RSAES\\_OAEP\\_SHA\\_256'."\n" + ."\n" + .'- RSAES\\_OAEP\\_SHA\\_1'."\n" + ."\n" + .'- SM2PKE'."\n" + ."\n" + .'> You must specify this parameter when CiphertextBlob is the data that is encrypted using a public key after asymmetric key encryption.', 'type' => 'string', 'required' => false, 'example' => 'RSAES_OAEP_SHA_256', 'title' => ''], + ], + [ + 'name' => 'SourceEncryptionContext', + 'in' => 'query', + 'style' => 'json', + 'schema' => ['description' => 'A JSON string that consists of key-value pairs. If you specify this parameter when you call the [Encrypt](~~28949~~), [GenerateDataKey](~~28948~~), [GenerateDataKeyWithoutPlaintext](~~134043~~), or [GenerateAndExportDataKey](~~176804~~) operation, you must specify the same parameter to decrypt the data. For more information, see [EncryptionContext](~~42975~~).'."\n" + ."\n" + .'> You must specify this parameter when CiphertextBlob is the ciphertext that is returned after symmetric encryption.', 'type' => 'object', 'required' => false, 'example' => '{"Example":"Example"}', 'title' => ''], + ], + [ + 'name' => 'DestinationKeyId', + 'in' => 'query', + 'schema' => ['description' => 'The ID of the symmetric master key that is used to re-encrypt the data after the ciphertext is decrypted.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '1234abcd-12ab-34cd-56ef-12345678****', 'title' => ''], + ], + [ + 'name' => 'DestinationEncryptionContext', + 'in' => 'query', + 'style' => 'json', + 'schema' => ['description' => 'A JSON string that consists of key-value pairs. This parameter specifies the encryption context for the destination master key.', 'type' => 'object', 'required' => false, 'example' => '{"Example":"Example"}', 'title' => ''], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => ['description' => 'Specifies whether to enable the DryRun mode.'."\n" + ."\n" + .'- true: enables the DryRun mode.'."\n" + ."\n" + .'- false (default): disables the DryRun mode.'."\n" + ."\n" + .'The DryRun mode is used to test API calls, verify whether you have the permissions to perform operations on the required resources, and check whether the request parameters are valid. If you enable the DryRun mode, KMS always returns a failure and a reason for the failure. The reasons for the failure include the following:'."\n" + ."\n" + .'- DryRunOperationError: The request would have succeeded if the DryRun parameter was not configured.'."\n" + ."\n" + .'- ValidationError: The parameters specified in the request are invalid.'."\n" + ."\n" + .'- AccessDeniedError: You are not authorized to perform the operation on the KMS resource.', 'type' => 'string', 'required' => false, 'example' => 'false', 'title' => ''], ], ], 'responses' => [ @@ -9055,47 +6582,72 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '4162a6af-bc99-40b3-a552-89dcc8aaf7c8', - ], + 'KeyId' => ['description' => 'The ID of the master key that is used to decrypt the ciphertext.<br> The globally unique identifier of the master key.<br><br>', 'type' => 'string', 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', 'title' => ''], + 'KeyVersionId' => ['description' => 'The ID of the key version that is used to decrypt the ciphertext of the master key.', 'type' => 'string', 'example' => '202b9877-5a25-46e3-a763-e20791b5****', 'title' => ''], + 'CiphertextBlob' => ['description' => 'The ciphertext that is re-encrypted using the specified master key.', 'type' => 'string', 'example' => 'DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request. This ID is a globally unique identifier that is generated by Alibaba Cloud for the request. You can use this ID to troubleshoot issues.', 'type' => 'string', 'example' => '207596a2-36d3-4840-b1bd-f87044699bd7', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], + ], + 500 => [ + ['errorCode' => 'InternalFailure', 'errorMessage' => 'Internal Failure.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"4162a6af-bc99-40b3-a552-89dcc8aaf7c8\\"\\n}","errorExample":""},{"type":"xml","example":"<TagResourceResponse>\\n <RequestId>4162a6af-bc99-40b3-a552-89dcc8aaf7c8</RequestId>\\n</TagResourceResponse>","errorExample":""}]', - 'title' => 'TagResource', - 'summary' => 'Adds tags to a customer master key (CMK), secret, or certificate.', - 'description' => 'You can add up to 10 tags to a CMK, secret, or certificate.'."\n" + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"KeyId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyVersionId\\": \\"202b9877-5a25-46e3-a763-e20791b5****\\",\\n \\"CiphertextBlob\\": \\"DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****\\",\\n \\"RequestId\\": \\"207596a2-36d3-4840-b1bd-f87044699bd7\\"\\n}","type":"json"}]', + 'title' => 'ReEncrypt', + 'summary' => 'Re-encrypts ciphertext under a different CMK without exposing the plaintext.', + 'description' => '### Notes'."\n" ."\n" - .'In this example, the tags `[{"TagKey":"S1key1","TagValue":"S1val1"},{"TagKey":"S1key2","TagValue":"S2val2"}]` are added to the CMK whose ID is `08c33a6f-4e0a-4a1b-a3fa-7ddf****`.'."\n", - 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + .'- For more information about the access policy required to grant a RAM user or RAM role the permission to use this operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- This operation is accessible only through a shared gateway, not a dedicated gateway. For more information, see [Alibaba Cloud SDK](~~601559~~).'."\n" + ."\n" + .' When using a shared gateway, you access KMS through an Internet or a VPC domain name. This method requires Internet access to be enabled. For more information, see [Access keys in a KMS instance over the Internet](~~2856718~~).'."\n" + ."\n" + .'### QPS limits'."\n" + ."\n" + .'This operation is accessible only through a shared gateway. The single-user queries per second (QPS) limit is 750. If this limit is exceeded, requests are throttled, which may affect your business. We recommend that you stay within the specified limit.'."\n" + ."\n" + .'### Details'."\n" + ."\n" + .'You can use the ReEncrypt operation in the following scenarios:'."\n" + ."\n" + .'- After a customer master key (CMK) is rotated, you can use the latest key version to re-encrypt data. For more information about automatic key rotation, see [Automatic key rotation](~~134270~~).'."\n" + ."\n" + .'- You can re-encrypt data by changing the encryption context without changing the master key.'."\n" + ."\n" + .'- You can re-encrypt data or a data key that is encrypted by one master key with another master key in KMS.'."\n" + ."\n" + .'The ReEncrypt operation requires the following permissions:'."\n" + ."\n" + .'- The kms:ReEncryptFrom permission for the source master key.'."\n" + ."\n" + .'- The kms:ReEncryptTo permission for the destination master key.'."\n" + ."\n" + .'- You can use kms:ReEncrypt\\* to grant both permissions.', + 'requestParamsDescription' => ' '."\n", 'responseParamsDescription' => ' ', 'extraInfo' => ' ', - ], - 'UntagResource' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'ReleaseKmsInstance' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -9104,103 +6656,75 @@ 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'update', + 'operationType' => 'delete', + 'abilityTreeCode' => '222135', + 'abilityTreeNodes' => ['FEATUREkms586TOR'], ], 'parameters' => [ [ - 'name' => 'KeyId', - 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'required' => false, - 'docRequired' => false, - 'example' => '08c33a6f-4e0a-4a1b-a3fa-7ddf****', - ], - ], - [ - 'name' => 'TagKeys', + 'name' => 'KmsInstanceId', 'in' => 'query', - 'schema' => [ - 'description' => '', - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '["tagkey1","tagkey2"]', - ], + 'schema' => ['description' => 'The ID of the KMS instance.', 'type' => 'string', 'required' => true, 'example' => 'kst-hzz6****', 'title' => ''], ], [ - 'name' => 'SecretName', + 'name' => 'ForceDeleteWithoutBackup', 'in' => 'query', - 'schema' => [ - 'description' => '', - 'type' => 'string', - 'required' => false, - 'docRequired' => false, - 'example' => 'MyDbC****', - ], - ], - [ - 'name' => 'CertificateId', - 'in' => 'query', - 'schema' => [ - 'description' => '', - 'type' => 'string', - 'required' => false, - 'example' => '770dbe42-e146-43d1-a55a-1355db86****', - ], + 'schema' => ['description' => 'Specifies whether to forcibly release the KMS instance if it has not been backed up.'."\n" + ."\n" + .'- true: forcibly releases the instance.'."\n" + ."\n" + .'- false (default): does not release the instance.', 'type' => 'string', 'example' => 'false', 'title' => '', 'required' => false], ], ], 'responses' => [ 200 => [ 'schema' => [ + 'title' => 'Schema of Response', + 'description' => 'The returned data.', 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => '', - 'type' => 'string', - 'example' => '4162a6af-bc99-40b3-a552-89dcc8aaf7c8', - ], + 'RequestId' => ['title' => 'Id of the request', 'description' => 'The ID of the request, which is a unique identifier generated by Alibaba Cloud for the request. You can use the ID to troubleshoot issues.', 'type' => 'string', 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d'], ], + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], + ['errorCode' => 'Rejected.UnsupportedOperation', 'errorMessage' => 'Unsupported operation.', 'description' => 'The operation is not supported.'], ], - 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + 403 => [ + ['errorCode' => 'Forbidden.DKMSInstanceNotFound', 'errorMessage' => 'The specified DKMS Instance is not found.', 'description' => 'Your dedicated KMS instance is not found.'], + ['errorCode' => 'Forbidden.NoBackup', 'errorMessage' => 'this kms instance no backup, forbidden delete.', 'description' => 'This KMS instance has no backup and is not allowed to be deleted.'], + ], + 503 => [ + ['errorCode' => 'SerivceUnvailableTemporary', 'errorMessage' => 'Service Unvailable Temporary', 'description' => 'The service is temporarily unavailable.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"4162a6af-bc99-40b3-a552-89dcc8aaf7c8\\"\\n}","errorExample":""},{"type":"xml","example":"<UntagResourceResponse>\\n <RequestId>4162a6af-bc99-40b3-a552-89dcc8aaf7c8</RequestId>\\n</UntagResourceResponse>","errorExample":""}]', - 'title' => 'UntagResource', - 'summary' => 'Removes tags from a customer master key (CMK), secret, or certificate.', - 'description' => 'One or more tag keys. Separate multiple tag keys with commas (,).'."\n" + 'staticInfo' => ['returnType' => 'synchronous'], + 'title' => 'ReleaseKmsInstance', + 'summary' => 'Releases a pay-as-you-go KMS instance.', + 'description' => '- For information about the access policy that is required to allow a RAM user or RAM role to call this OpenAPI operation, see [Resource Access Management](~~2767210~~).'."\n" ."\n" - .'You need to specify only the tag keys, not the tag values.'."\n" + .'- Subscription instances cannot be manually released. You can only unsubscribe from them under specific conditions. To unsubscribe, go to the Expenses and Costs page in the console and choose Unsubscribe. For more information, see [Unsubscription policy](~~600418~~).'."\n" ."\n" - .'Each tag key must be 1 to 128 bytes in length.'."\n", - 'requestParamsDescription' => 'The name of the secret.'."\n" + .'- After you release an instance, all resources in the instance are also released. Resources that are encrypted using keys in the instance cannot be decrypted, and credentials cannot be retrieved. Before you release an instance, make sure that no data is encrypted by the keys in the instance and no services call the credentials. This prevents service interruptions.'."\n" ."\n" - .'> You can configure only one of the KeyId, SecretName, and CertificateId parameters.'."\n", - 'responseParamsDescription' => ' ', - 'extraInfo' => ' ', - ], - 'CreateNetworkRule' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + .'- If your instance is a software key management instance, we recommend that you back up the resources of the instance before you release it. The backed-up resources can be recovered. For more information, see [Backup management](~~2357488~~).'."\n" + ."\n" + .'- The billing epoch is daily. Therefore, after you release a pay-as-you-go instance, the bill for the previous day is pushed before 12:00 on the next day.'."\n" + ."\n" + .'- Before you release a KMS instance, we recommend that you check whether deletion protection is enabled for the instance in the console. If deletion protection is enabled, disable it in the console before you release the instance. For more information, see [Manage a KMS instance](~~604735~~).', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\"\\n}","type":"json"}]', + ], + 'RestoreSecret' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -9208,60 +6732,76 @@ ], 'operationType' => 'write', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'create', - 'abilityTreeCode' => '54653', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], - 'tenantRelevance' => 'publicInformation', - ], + 'systemTags' => ['operationType' => 'update'], 'parameters' => [ [ - 'name' => 'Name', + 'name' => 'SecretName', 'in' => 'query', + 'schema' => ['description' => 'The name of the secret you want to restore.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'secret001', 'title' => ''], + ], + ], + 'responses' => [ + 200 => [ 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'SecretName' => ['description' => 'The name of the secret.'."\n", 'type' => 'string', 'example' => 'secret001', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request.'."\n", 'type' => 'string', 'example' => 'e4885adf-548f-4ca5-8075-f540bbd3a55f', 'title' => ''], + ], + 'description' => '', 'title' => '', - 'description' => 'The name of the access control rule.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'networkrule_test', ], ], + ], + 'errorCodes' => [ + 400 => [ + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'some of the specified parameters "\\" is not valid', 'description' => ''], + ], + 403 => [ + ['errorCode' => 'Forbidden.NoPermission', 'errorMessage' => 'This operation is forbidden by permission system', 'description' => ''], + ], [ - 'name' => 'Type', - 'in' => 'query', - 'schema' => [ - 'title' => '', - 'description' => 'The network type.'."\n" - ."\n" - .'Only private IP addresses are supported. Set the value to Private.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'Private', - ], + ['errorCode' => 'Forbidden.ResourceNotFound', 'errorMessage' => 'Resource not found', 'description' => ''], + ], + 409 => [ + ['errorCode' => 'Rejected.ResourceInUse', 'errorMessage' => 'restore normal secret', 'description' => ''], + ], + 500 => [ + ['errorCode' => 'InternalFailure', 'errorMessage' => 'Internal Failure', 'description' => ''], ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretName\\": \\"secret001\\",\\n \\"RequestId\\": \\"e4885adf-548f-4ca5-8075-f540bbd3a55f\\"\\n}","errorExample":""},{"type":"xml","example":"<RequestId>e4885adf-548f-4ca5-8075-f540bbd3a55f</RequestId>\\n<SecretName>secret001</SecretName>","errorExample":""}]', + 'title' => 'RestoreSecret', + 'summary' => 'Restores a deleted secret.', + 'description' => 'You can only use this operation to restore a deleted secret that is within its recovery period. If you set **ForceDeleteWithoutRecovery** to **true** when you delete the secret, you cannot restore it.'."\n", + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], + ], + 'RotateSecret' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], + 'security' => [ [ - 'name' => 'Description', + 'AK' => [], + ], + ], + 'operationType' => 'readAndWrite', + 'deprecated' => false, + 'systemTags' => ['operationType' => 'update'], + 'parameters' => [ + [ + 'name' => 'SecretName', 'in' => 'query', - 'schema' => [ - 'description' => 'The description.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'networkrule description', - ], + 'schema' => ['description' => 'The name of the secret.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'RdsSecret/Mysql5.4/MyCred', 'title' => ''], ], [ - 'name' => 'SourcePrivateIp', + 'name' => 'VersionId', 'in' => 'query', - 'schema' => [ - 'description' => 'The private IP address or private CIDR block. Separate multiple items with commas (,).'."\n", - 'type' => 'string', - 'required' => false, - 'example' => '["192.10.XX.XX","192.168.XX.XX/24"]', - ], + 'schema' => ['description' => 'The version number of the secret after the secret is rotated.'."\n" + ."\n" + .'> The version number is used to ensure the idempotence of the request. Secrets Manager uses this version number to prevent your application from creating the same version of the secret when the application retries a request. If a version number already exists, Secrets Manager ignores the request for rotation and returns a success message.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '000000123', 'title' => ''], ], ], 'responses' => [ @@ -9269,98 +6809,70 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'Type' => [ - 'description' => 'The network type.'."\n", - 'type' => 'string', - 'example' => 'Private', - ], - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '3bf02f7a-015b-4f93-be0f-cc043fda2dd3', - ], - 'Description' => [ - 'description' => 'The description.'."\n", - 'type' => 'string', - 'example' => 'networkrule description', - ], - 'SourcePrivateIp' => [ - 'description' => 'The private IP address or private CIDR block.'."\n", - 'type' => 'string', - 'example' => '["192.10.XX.XX","192.168.XX.XX/24"]', - ], - 'Name' => [ - 'description' => 'The name of the access control rule.'."\n", - 'type' => 'string', - 'example' => 'networkrule_test', - ], - 'Arn' => [ - 'description' => 'The ARN of the access control rule.'."\n", - 'type' => 'string', - 'example' => 'acs:kms:cn-hangzhou:119285303511****:network/networkrule_test', - ], + 'VersionId' => ['description' => 'The version number of the secret after the secret is rotated.', 'type' => 'string', 'example' => '000000123', 'title' => ''], + 'SecretName' => ['description' => 'The name of the secret.', 'type' => 'string', 'example' => 'RdsSecret/Mysql5.4/MyCred', 'title' => ''], + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '10257c86-269d-43aa-aaf3-90ed4144bb7c', 'title' => ''], + 'Arn' => ['description' => 'The Alibaba Cloud Resource Name (ARN) of the secret.', 'type' => 'string', 'example' => 'acs:kms:cn-hangzhou:154035569884****:secret/RdsSecret/Mysql5.4/MyCred', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"Type\\": \\"Private\\",\\n \\"RequestId\\": \\"3bf02f7a-015b-4f93-be0f-cc043fda2dd3\\",\\n \\"Description\\": \\"networkrule description\\",\\n \\"SourcePrivateIp\\": \\"[\\\\\\"192.10.XX.XX\\\\\\",\\\\\\"192.168.XX.XX/24\\\\\\"]\\",\\n \\"Name\\": \\"networkrule_test\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:119285303511****:network/networkrule_test\\"\\n}","errorExample":""},{"type":"xml","example":"<CreateNetworkRuleResponse>\\n <Type>Private</Type>\\n <RequestId>3bf02f7a-015b-4f93-be0f-cc043fda2dd3</RequestId>\\n <Description>networkrule description</Description>\\n <SourcePrivateIp>[\\"192.10.XX.XX\\",\\"192.168.XX.XX/24\\"]</SourcePrivateIp>\\n <Name>networkrule_test</Name>\\n <Arn>acs:kms:cn-hangzhou:119285303511****:network/networkrule_test</Arn>\\n</CreateNetworkRuleResponse>","errorExample":""}]', - 'title' => 'CreateNetworkRule', - 'summary' => 'Creates a network access rule to configure the private IP addresses or private CIDR blocks that are allowed to access a Key Management Service (KMS) instance.', - 'description' => 'To perform cryptographic operations and retrieve secret values, self-managed applications must use a client key to access a KMS instance. The following process shows how to create a client key-based application access point (AAP):'."\n" + 'errorCodes' => [ + 400 => [ + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], + ], + 404 => [ + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"VersionId\\": \\"000000123\\",\\n \\"SecretName\\": \\"RdsSecret/Mysql5.4/MyCred\\",\\n \\"RequestId\\": \\"10257c86-269d-43aa-aaf3-90ed4144bb7c\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:154035569884****:secret/RdsSecret/Mysql5.4/MyCred\\"\\n}","type":"json"}]', + 'title' => 'RotateSecret', + 'summary' => 'Immediately rotates a secret.', + 'description' => 'Limits:'."\n" ."\n" - .'1.Create an access control rule: You can configure the private IP addresses or private CIDR blocks that are allowed to access a KMS instance.'."\n" + .'• A secret of each Alibaba Cloud account can be rotated for a maximum of 50 times per hour.'."\n" ."\n" - .'2.Create a permission policy: You can configure the keys and secrets that are allowed to access and bind access control rules to the keys and secrets. For more information, see [CreatePolicy](~~2539454~~).'."\n" + .'• The RotateSecret operation is unavailable for standard secrets.'."\n" ."\n" - .'3.Create an AAP: You can configure an authentication method and bind a permission policy to an AAP. For more information, see [CreateApplicationAccessPoint](~~2539467~~).'."\n" + .'In this example, the `RdsSecret/Mysql5.4/MyCred` secret is manually rotated, and the version number of the secret is set to `000000123` after the secret is rotated.'."\n" ."\n" - .'4.Create a client key: You can configure the encryption password and validity period of a client key and bind the client key to an AAP. For more information, see [CreateClientKey](~~2539509~~).', - ], - 'ListNetworkRules' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + .'For more information about the access policy required by a RAM user or RAM role to call this API, see [Resource Access Management](~~2767210~~).', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'ScheduleKeyDeletion' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'read', + 'operationType' => 'write', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'list', - 'abilityTreeCode' => '54654', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], - 'tenantRelevance' => 'publicInformation', - ], + 'systemTags' => ['operationType' => 'update'], 'parameters' => [ [ - 'name' => 'PageNumber', + 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The page number. Default value: 1.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'example' => '1', - ], + 'schema' => ['description' => 'The ID of the customer master key (CMK). The ID must be globally unique.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '7906979c-8e06-46a2-be2d-68e3ccbc****', 'title' => ''], ], [ - 'name' => 'PageSize', + 'name' => 'PendingWindowInDays', 'in' => 'query', - 'schema' => [ - 'description' => 'The number of entries per page. Valid values: 1 to 100. Default value: 20.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'example' => '10', - ], + 'schema' => ['description' => 'The scheduled period after which the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the key deletion task.'."\n" + ."\n" + .'Valid values: 7 to 366.'."\n" + ."\n" + .'Unit: days.'."\n", 'type' => 'integer', 'format' => 'int32', 'required' => true, 'maximum' => '366', 'minimum' => '7', 'example' => '7', 'title' => ''], ], ], 'responses' => [ @@ -9368,113 +6880,82 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '3bf02f7a-015b-4f34-be0f-cc043fda2d33', - ], - 'PageNumber' => [ - 'description' => 'The page number.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '1', - ], - 'PageSize' => [ - 'description' => 'The number of entries per page.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '10', - ], - 'TotalCount' => [ - 'description' => 'The total number of entries returned.'."\n", - 'type' => 'integer', - 'format' => 'int32', - 'example' => '1', - ], - 'NetworkRules' => [ - 'type' => 'object', - 'itemNode' => true, - 'properties' => [ - 'NetworkRule' => [ - 'description' => 'A list of access control rules.', - 'type' => 'array', - 'items' => [ - 'description' => 'A list of access control rules.', - 'type' => 'object', - 'properties' => [ - 'Type' => [ - 'description' => 'The network type. The value is fixed as Private. Self-managed applications can access KMS instances only over a private virtual private cloud (VPC).'."\n", - 'type' => 'string', - 'example' => 'Private', - ], - 'Name' => [ - 'description' => 'The name of the access control rule.'."\n", - 'type' => 'string', - 'example' => 'networkrule_test', - ], - ], - ], - ], - ], - ], + 'RequestId' => ['description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", 'type' => 'string', 'example' => '3da5b8cc-8107-40ac-a170-793cd181d7b7', 'title' => ''], ], + 'description' => '', + 'title' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is invalid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3bf02f7a-015b-4f34-be0f-cc043fda2d33\\",\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 1,\\n \\"NetworkRules\\": {\\n \\"NetworkRule\\": [\\n {\\n \\"Type\\": \\"Private\\",\\n \\"Name\\": \\"networkrule_test\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListNetworkRulesResponse>\\n <RequestId>3bf02f7a-015b-4f34-be0f-cc043fda2d33</RequestId>\\n <PageNumber>1</PageNumber>\\n <PageSize>10</PageSize>\\n <TotalCount>1</TotalCount>\\n <NetworkRules>\\n <Type>Private</Type>\\n <Name>networkrule_test</Name>\\n </NetworkRules>\\n</ListNetworkRulesResponse>","errorExample":""}]', - 'title' => 'ListNetworkRules', - 'summary' => 'Queries a list of network access rules.', + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3da5b8cc-8107-40ac-a170-793cd181d7b7\\"\\n}","errorExample":""},{"type":"xml","example":"<ScheduleKeyDeletionResponse>\\n <RequestId>3da5b8cc-8107-40ac-a170-793cd181d7b7</RequestId>\\n</ScheduleKeyDeletionResponse>","errorExample":""}]', + 'title' => 'ScheduleKeyDeletion', + 'summary' => 'Deletes a specified customer master key (CMK).', + 'description' => 'During the scheduled period, the CMK is in the PendingDeletion state and cannot be used to encrypt data, decrypt data, or generate data keys.'."\n" + ."\n" + .'After a CMK is deleted, it cannot be recovered. Data that is encrypted and data keys that are generated by using the CMK cannot be decrypted. To prevent accidental deletion of CMKs, Key Management Service (KMS) allows you to only schedule key deletion tasks. You cannot directly delete CMKs. If you want to delete a CMK, call the [DisableKey](~~35151~~) operation to disable the CMK.'."\n" + ."\n" + .'When you call this operation, you must specify a scheduled period between 7 days to 366 days. The scheduled period starts from the time when you submit the request. You can call the [CancelKeyDeletion](~~44197~~) operation to cancel the key deletion task before the scheduled period ends.'."\n", + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], ], - 'DescribeNetworkRule' => [ - 'summary' => 'Queries the details of a network access rule.', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'SetDeletionProtection' => [ + 'summary' => 'Enables or disables deletion protection for a customer master key (CMK).', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'read', + 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'get', - 'riskType' => 'none', - 'chargeType' => 'free', - 'abilityTreeCode' => '189660', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], + 'operationType' => 'update', + 'abilityTreeCode' => '54603', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], ], 'parameters' => [ [ - 'name' => 'Name', + 'name' => 'ProtectedResourceArn', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the access control rule that you want to query.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'networkrule_test', - ], + 'schema' => ['description' => 'The ARN of the CMK for which you want to configure deletion protection.<br>'."\n" + .'You can call the [DescribeKey](~~28952~~) operation to query the ARN of the CMK.<br><br>', 'type' => 'string', 'required' => false, 'docRequired' => false, 'example' => 'acs:kms:cn-hangzhou:123213123****:key/0225f411-b21d-46d1-be5b-93931c82****', 'title' => ''], + ], + [ + 'name' => 'EnableDeletionProtection', + 'in' => 'query', + 'schema' => ['description' => 'Specifies whether to enable deletion protection. Valid values:'."\n" + ."\n" + .'- true: enables deletion protection.'."\n" + ."\n" + .'- false: disables deletion protection. This is the default value.', 'type' => 'boolean', 'required' => true, 'docRequired' => true, 'example' => 'true', 'title' => ''], + ], + [ + 'name' => 'DeletionProtectionDescription', + 'in' => 'query', + 'schema' => ['description' => 'The description of deletion protection.'."\n" + ."\n" + .'> This parameter is available only when EnableDeletionProtection is set to true.', 'type' => 'string', 'example' => 'The CMK is being used by XXX. Deletion protection is set.', 'required' => false, 'title' => ''], + ], + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => ['description' => 'The ID of the key.', 'type' => 'string', 'required' => false, 'example' => 'key-hzz65f3a68554s6ms****', 'title' => ''], + ], + [ + 'name' => 'KmsInstanceId', + 'in' => 'query', + 'schema' => ['type' => 'string', 'description' => '', 'title' => '', 'example' => ''], ], ], 'responses' => [ @@ -9482,60 +6963,34 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '3bf02f7a-015b-4f93-be0f-cc043fda2d33', - ], - 'Arn' => [ - 'description' => 'The ARN of the access control rule.'."\n", - 'type' => 'string', - 'example' => 'acs:kms:cn-hangzhou:119285303511****:network/networkrule_test', - ], - 'Type' => [ - 'description' => 'The network type. Only private IP addresses are supported. The value is fixed as Private.'."\n", - 'type' => 'string', - 'example' => 'Private', - ], - 'Description' => [ - 'description' => 'The description.'."\n", - 'type' => 'string', - 'example' => 'Creat by kst-hzz62ee817bvyyr5****', - ], - 'SourcePrivateIp' => [ - 'description' => 'The private IP address or private CIDR block.'."\n", - 'type' => 'string', - 'example' => '["192.10.XX.XX","192.168.XX.XX/24"]', - ], + 'RequestId' => ['description' => 'The ID of the request. The ID is a unique identifier that is generated by Alibaba Cloud for the request. You can use the ID to troubleshoot issues.', 'type' => 'string', 'example' => '3455b9b4-95c1-419d-b310-db6a53b09a39', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], - 'errorCodes' => [ - 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], - ], - 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], - ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"3455b9b4-95c1-419d-b310-db6a53b09a39\\"\\n}","type":"json"}]', + 'title' => 'SetDeletionProtection', + 'description' => '- For more information about the access policy required for a RAM user or RAM role to call this API operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- After you enable deletion protection for a CMK, you cannot delete it. To delete the CMK, you must first disable deletion protection.'."\n" + ."\n" + .'- Before you call the SetDeletionProtection operation, ensure that the CMK is not in the PendingDeletion state. You can call the [DescribeKey](~~28952~~) operation to query the status of the CMK.', + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3bf02f7a-015b-4f93-be0f-cc043fda2d33\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:119285303511****:network/networkrule_test\\",\\n \\"Type\\": \\"Private\\",\\n \\"Description\\": \\"Create by kst-hzz62ee817bvyyr5****\\",\\n \\"SourcePrivateIp\\": \\"[\\\\\\"192.10.XX.XX\\\\\\",\\\\\\"192.168.XX.XX/24\\\\\\"]\\"\\n}","errorExample":""},{"type":"xml","example":"<DescribeNetworkRuleResponse>\\n <RequestId>3bf02f7a-015b-4f93-be0f-cc043fda2d33</RequestId>\\n <Arn>acs:kms:cn-hangzhou:119285303511****:network/networkrule_test</Arn>\\n <Type>Private</Type>\\n <Description>Create by kst-hzz62ee817bvyyr5****</Description>\\n <SourcePrivateIp>[\\"192.10.XX.XX\\",\\"192.168.XX.XX/24\\"]</SourcePrivateIp>\\n</DescribeNetworkRuleResponse>","errorExample":""}]', - 'title' => 'DescribeNetworkRule', + 'translator' => 'machine', ], - 'UpdateNetworkRule' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'SetKeyPolicy' => [ + 'summary' => 'Sets the key policy for a CMK in a KMS instance.', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -9545,86 +7000,120 @@ 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', - 'abilityTreeCode' => '54644', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], + 'abilityTreeCode' => '206075', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], ], 'parameters' => [ [ - 'name' => 'Name', + 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the access control rule that you want to update.', - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'networkrule_test', - ], + 'schema' => ['description' => 'The ID or Alibaba Cloud Resource Name (ARN) of the key.'."\n" + ."\n" + .'> To access a key of another Alibaba Cloud account, you must specify the ARN of the key. The key ARN is in the format of `acs:kms:${region}:${account}:key/${keyid}`.', 'type' => 'string', 'title' => '', 'required' => true, 'example' => 'key-hzz630494463ejqjx****'], ], [ - 'name' => 'Description', + 'name' => 'PolicyName', 'in' => 'query', - 'schema' => [ - 'description' => 'The description after the update.', - 'type' => 'string', - 'required' => false, - 'example' => 'Creat by kst-hzz62ee817bvyyr5****', - ], + 'schema' => ['description' => 'The name of the key policy. The name can only be \\`default\\`.', 'type' => 'string', 'required' => false, 'example' => 'default', 'title' => ''], ], [ - 'name' => 'SourcePrivateIp', + 'name' => 'Policy', 'in' => 'query', - 'schema' => [ - 'description' => 'The private IP address or CIDR block after the update. Separate multiple items with commas (,).', - 'type' => 'string', - 'required' => false, - 'example' => '["192.10.XX.XX","192.168.XX.XX/24"]', - ], + 'schema' => ['description' => 'The key policy. The policy is in the JSON format. The policy can be up to 32,768 bytes in length.'."\n" + ."\n" + .'A key policy contains the following elements:'."\n" + ."\n" + .'- Version: The version of the key policy. The value can only be 1.'."\n" + ."\n" + .'- Statement: The statement of the key policy. Each key policy can contain one or more statements.'."\n" + ."\n" + .'The following code provides an example of a key policy:'."\n" + ."\n" + .'```'."\n" + .'{'."\n" + .' "Version": "1",'."\n" + .' "Statement": ['."\n" + .' {'."\n" + .' "Sid": "Enable RAM User Permissions",'."\n" + .' "Effect": "Allow",'."\n" + .' "Principal": {'."\n" + .' "RAM": ["acs:ram::112890462****:*"]'."\n" + .' },'."\n" + .' "Action": ['."\n" + .' "kms:*"'."\n" + .' ],'."\n" + .' "Resource": ['."\n" + .' "*"'."\n" + .' ]'."\n" + .' }'."\n" + .' ]'."\n" + .'}'."\n" + .'```'."\n" + ."\n" + .'The following section describes the elements in a Statement:'."\n" + ."\n" + .'- Sid: Optional. The custom statement identifier. The value can be up to 128 characters in length and can contain uppercase letters, lowercase letters, digits, and the following special characters: \\_ / + = . @ -.'."\n" + ."\n" + .'- Effect: Required. The effect of the policy statement. Valid values: Allow and Deny.'."\n" + ."\n" + .'- Principal: Required. The principal that is authorized to access the key. You can set this parameter to the current Alibaba Cloud account, a RAM user or RAM role of the current Alibaba Cloud account, or a RAM user or RAM role of another Alibaba Cloud account.'."\n" + ."\n" + .'- Action: Required. The API operations that are allowed or denied. The value must start with kms:. For more information about the operations, see [Key policy overview](~~2716468~~). If you specify an operation that is not included in the list, the operation will not take effect.'."\n" + ."\n" + .'- Resource: Required. The key. The value can only be \\*.'."\n" + ."\n" + .'- Condition: Optional. The conditions for the policy to take effect. You can use conditions to evaluate the context of an API request to determine whether the policy statement is applicable. The format is `"Condition": {"condition operator": {"condition key": "condition value"}}`. For more information, see [Key policy overview](~~2716468~~).'."\n" + ."\n" + .'> After you grant permissions to a RAM user or RAM role of another Alibaba Cloud account, you must use the Alibaba Cloud account to which the RAM user or RAM role belongs to grant the RAM user or RAM role the permissions to use the key in the RAM console. For more information, see [Custom policies for KMS](~~480682~~), [Grant permissions to a RAM user](~~116146~~), and [Grant permissions to a RAM role](~~116147~~).', 'type' => 'string', 'required' => true, 'example' => '{"Statement":[{"Action":["kms:*"],"Effect":"Allow","Principal":{"RAM":["acs:ram::119285303511****:*"]},"Resource":["*"],"Sid":"kms default key policy"},{"Action":["kms:List*","kms:Describe*","kms:Create*","kms:Enable*","kms:Disable*","kms:Get*","kms:Set*","kms:Update*","kms:Delete*","kms:Cancel*","kms:TagResource","kms:UntagResource","kms:ImportKeyMaterial","kms:ScheduleKeyDeletion"],"Effect":"Allow","Principal":{"RAM":["acs:ram::119285303511****:user/for_test_policy"]},"Resource":["*"]}],"Version":"1"}', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ + 'title' => '', + 'description' => '', 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.', - 'type' => 'string', - 'example' => '3bf02f7a-015b-4f34-be0f-cc043fda2d85', - ], + 'RequestId' => ['description' => 'The ID of the request, which is a unique identifier generated by Alibaba Cloud. You can use the ID to troubleshoot issues.', 'type' => 'string', 'title' => '', 'example' => '381D5D33-BB8F-395F-8EE4-AE3BB4B523C8'], ], + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'MissingParameter', 'errorMessage' => 'The parameter needed but no provided.', 'description' => 'The required parameters are not specified.'], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], + ['errorCode' => 'Forbidden.NoPermission', 'errorMessage' => 'This operation is forbidden by permission system.', 'description' => 'You are not authorized to perform this operation.'], + ['errorCode' => 'Forbidden.KeyPolicyUnSupported', 'errorMessage' => 'The specified key does not support key policy.', 'description' => 'The specified key does not support key policies.'], + ['errorCode' => 'Rejected.ShareQuotaExceedLimit', 'errorMessage' => 'Instance Share Quota Exceed Limit.', 'description' => 'The instance share quota exceeds the limit.'], ], - 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + 403 => [ + ['errorCode' => 'Forbidden.DKMSInstanceStateInvalid', 'errorMessage' => 'The DKMS instance state is invalid.', 'description' => 'Your dedicated KMS instance is invalid.'], + ], + [ + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], + ['errorCode' => 'Forbidden.ResourceNotFound', 'errorMessage' => 'Policy not found.', 'description' => ''], + ], + 500 => [ + ['errorCode' => 'InternalFailure', 'errorMessage' => 'Internal Failure', 'description' => 'An internal error occurred.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3bf02f7a-015b-4f34-be0f-cc043fda2d85\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateNetworkRuleResponse>\\n <RequestId>3bf02f7a-015b-4f34-be0f-cc043fda2d85</RequestId>\\n</UpdateNetworkRuleResponse>","errorExample":""}]', - 'title' => 'UpdateNetworkRule', - 'summary' => 'Updates a network access rule.', - 'description' => '- You can update only private IP addresses and description of an access control rule. You cannot update the name and network type of an access control rule.'."\n" - .'- Updating an access control rule affects all permission policies that are bound to the access control rule. Exercise caution when you perform this operation.', - ], - 'DeleteNetworkRule' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'staticInfo' => ['returnType' => 'synchronous'], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"381D5D33-BB8F-395F-8EE4-AE3BB4B523C8\\"\\n}","type":"json"}]', + 'title' => 'SetKeyPolicy', + 'description' => '- For information about the access policy required for a RAM user or RAM role to call this API operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- For more information about key policies, see [Key policy overview](~~2716468~~).', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'SetSecretPolicy' => [ + 'summary' => 'Sets the access policy for a secret in a KMS instance.', + 'methods' => ['post'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -9633,67 +7122,120 @@ 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'delete', - 'abilityTreeCode' => '54647', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], - 'tenantRelevance' => 'tenant', + 'operationType' => 'update', + 'abilityTreeCode' => '206088', + 'abilityTreeNodes' => ['FEATUREkms52EQP9'], ], 'parameters' => [ [ - 'name' => 'Name', + 'name' => 'SecretName', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the network access rule that you want to delete.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'networkrule_test', - ], + 'schema' => ['description' => 'The name or Alibaba Cloud Resource Name (ARN) of the secret.'."\n" + ."\n" + .'> When you access a secret in another Alibaba Cloud account, you must specify the ARN of the secret. The ARN of a secret is in the format of `acs:kms:${region}:${account}:secret/${secret-name}`.', 'type' => 'string', 'title' => '', 'required' => true, 'example' => 'secret_test'], + ], + [ + 'name' => 'PolicyName', + 'in' => 'query', + 'schema' => ['description' => 'The name of the secret policy. The value can only be \\`default\\`.', 'type' => 'string', 'required' => false, 'example' => 'default', 'title' => ''], + ], + [ + 'name' => 'Policy', + 'in' => 'query', + 'schema' => ['description' => 'The content of the secret policy. The value must be in the JSON format. The value can be up to 32,768 bytes in length.'."\n" + ."\n" + .'A secret policy contains the following elements:'."\n" + ."\n" + .'- Version: The version of the secret policy. The value can only be 1.'."\n" + ."\n" + .'- Statement: The statement of the secret policy. Each secret policy can contain one or more statements.'."\n" + ."\n" + .'The following code shows the format of a secret policy:'."\n" + ."\n" + .'```'."\n" + .'{'."\n" + .' "Version": "1",'."\n" + .' "Statement": ['."\n" + .' {'."\n" + .' "Sid": "Enable RAM User Permissions",'."\n" + .' "Effect": "Allow",'."\n" + .' "Principal": {'."\n" + .' "RAM": ["acs:ram::12345678****:*"]'."\n" + .' },'."\n" + .' "Action": ['."\n" + .' "kms:*"'."\n" + .' ],'."\n" + .' "Resource": ['."\n" + .' "*"'."\n" + .' ]'."\n" + .' }'."\n" + .' ]'."\n" + .'}'."\n" + .'```'."\n" + ."\n" + .'The following section describes the elements in a statement:'."\n" + ."\n" + .'- Sid: Optional. The custom identifier of the statement. The value can be up to 128 characters in length and can contain uppercase letters (A-Z), lowercase letters (a-z), digits (0-9), and special characters, including underscores (\\_), forward slashes (/), equal signs (=), plus signs (+), periods (.), at signs (@), and hyphens (-).'."\n" + ."\n" + .'- Effect: Required. Specifies whether to allow or deny the permissions in the statement. Valid values: Allow and Deny.'."\n" + ."\n" + .'- Principal: Required. The principal that is authorized to access the secret. You can set this parameter to the current Alibaba Cloud account (the account to which the secret belongs), a RAM user or RAM role of the current Alibaba Cloud account, or a RAM user or RAM role of another Alibaba Cloud account.'."\n" + ."\n" + .'- Action: Required. The API operations that are allowed or denied. The value must start with \\`kms:\\`. For a list of supported operations, see [Secret policy overview](~~2716465~~). If you specify an operation that is not in the list, the operation does not take effect.'."\n" + ."\n" + .'- Resource: Required. The value can only be \\`\\*\\`, which indicates the current KMS secret.'."\n" + ."\n" + .'- Condition: Optional. The conditions for the authorization to take effect. You can use conditions to evaluate the context of an API request to determine whether a policy statement is applicable. The format is `"Condition": {"condition operator": {"condition key": "condition value"}}`. For more information, see [Secret policy overview](~~2716465~~).'."\n" + ."\n" + .'> After you grant permissions to a RAM user or RAM role of another Alibaba Cloud account, you must go to the RAM console and use the Alibaba Cloud account to which the RAM user or RAM role belongs to grant the RAM user or RAM role the permissions to use the secret. For more information, see [Custom policies for KMS](~~480682~~), [Grant permissions to a RAM user](~~116146~~), and [Grant permissions to a RAM role](~~116147~~).', 'type' => 'string', 'required' => true, 'example' => '{"Version":"1","Statement": [{"Sid":"kms default secret policy","Effect":"Allow","Principal":{"RAM": ["acs:ram::119285303511****:*"]},"Action":["kms:*"],"Resource": ["*"] }] }', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ + 'title' => '', + 'description' => '', 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '3bf02f7a-015b-4f93-be0f-cc043fda2d4', - ], + 'RequestId' => ['description' => 'The ID of the request, which is a unique identifier generated by Alibaba Cloud. You can use this ID to troubleshoot issues.', 'type' => 'string', 'title' => '', 'example' => '381D5D33-BB8F-395F-8EE4-AE3BB4B523C8'], ], + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'MissingParameter', 'errorMessage' => 'The parameter needed but no provided.', 'description' => 'The required parameters are not specified.'], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], + ['errorCode' => 'Forbidden.NoPermission', 'errorMessage' => 'This operation is forbidden by permission system.', 'description' => 'You are not authorized to perform this operation.'], + ['errorCode' => 'Forbidden.KeyPolicyUnSupported', 'errorMessage' => 'The specified key does not support key policy.', 'description' => 'The specified key does not support key policies.'], + ['errorCode' => 'Rejected.ShareQuotaExceedLimit', 'errorMessage' => 'Instance Share Quota Exceed Limit.', 'description' => 'The instance share quota exceeds the limit.'], ], - 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + 403 => [ + ['errorCode' => 'Forbidden.DKMSInstanceStateInvalid', 'errorMessage' => 'The DKMS instance state is invalid.', 'description' => 'Your dedicated KMS instance is invalid.'], + ], + [ + ['errorCode' => 'Forbidden.ResourceNotFound', 'errorMessage' => 'Resource not found.', 'description' => 'The resource is not found.'], + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], + ], + 503 => [ + ['errorCode' => 'SerivceUnvailableTemporary', 'errorMessage' => 'Service Unvailable Temporary', 'description' => 'The service is temporarily unavailable.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3bf02f7a-015b-4f93-be0f-cc043fda2d4\\"\\n}","errorExample":""},{"type":"xml","example":"<DeleteNetworkRuleResponse>\\n <RequestId>3bf02f7a-015b-4f93-be0f-cc043fda2d4</RequestId>\\n</DeleteNetworkRuleResponse>","errorExample":""}]', - 'title' => 'DeleteNetworkRule', - 'summary' => 'Deletes a network access rule.', - 'description' => 'Before you delete a network access rule, make sure that the network access rule is not bound to permission policies. Otherwise, related applications cannot access Key Management Service (KMS).', - ], - 'CreatePolicy' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'staticInfo' => ['returnType' => 'synchronous'], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"381D5D33-BB8F-395F-8EE4-AE3BB4B523C8\\"\\n}","type":"json"}]', + 'title' => 'SetSecretPolicy', + 'description' => '- For information about the access policy that a RAM user or RAM role requires to call this operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- For more information about secret policies, see [Secret policy overview](~~2716465~~).', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'TagResource' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -9701,87 +7243,39 @@ ], 'operationType' => 'write', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'create', - 'abilityTreeCode' => '54642', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], - 'tenantRelevance' => 'publicInformation', - ], + 'systemTags' => ['operationType' => 'update'], 'parameters' => [ [ - 'name' => 'Name', - 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the permission policy.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'policy_test', - ], - ], - [ - 'name' => 'Description', - 'in' => 'query', - 'schema' => [ - 'description' => 'The description.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'policy description', - ], - ], - [ - 'name' => 'KmsInstance', + 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The scope of the permission policy. You need to specify the KMS instance that you want to access.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'kst-hzz634e67d126u9p9****', - ], + 'schema' => ['description' => 'The ID of the customer master key (CMK). The ID must be globally unique.'."\n" + ."\n" + .'> You can configure only one of the KeyId, SecretName, and CertificateId parameters.', 'type' => 'string', 'required' => false, 'docRequired' => false, 'example' => 'key-hzz630494463ejqjx****', 'title' => ''], ], [ - 'name' => 'Permissions', + 'name' => 'Tags', 'in' => 'query', - 'schema' => [ - 'description' => 'The operations that can be performed. Valid values:'."\n" - ."\n" - .'* RbacPermission/Template/CryptoServiceKeyUser: allows you to perform cryptographic operations.'."\n" - .'* RbacPermission/Template/CryptoServiceSecretUser: allows you to perform secret-related operations.'."\n" - ."\n" - .'You can select both.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]', - ], + 'schema' => ['description' => 'One or more tags that you want to add. The value is in the array format.'."\n" + ."\n" + .'Tag attributes:'."\n" + ."\n" + .'- TagKey: the tag key.'."\n" + ."\n" + .'- TagValue: the tag value.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '[{"TagKey":"S1key1","TagValue":"S1val1"},{"TagKey":"S1key2","TagValue":"S2val2"}]', 'title' => ''], ], [ - 'name' => 'Resources', + 'name' => 'SecretName', 'in' => 'query', - 'schema' => [ - 'description' => 'The key and secret that are allowed to access.'."\n" - ."\n" - .'* Key: Enter a key in the `key/${KeyId}` format. To allow access to all keys of a KMS instance, enter key/\\*.'."\n" - .'* Secret: Enter a secret in the `secret/${SecretName}` format. To allow access to all secrets of a KMS instance, enter secret/\\*.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]', - ], + 'schema' => ['description' => 'The name of the secret.'."\n" + ."\n" + .'> You can configure only one of the KeyId, SecretName, and CertificateId parameters.', 'type' => 'string', 'required' => false, 'docRequired' => false, 'example' => 'MyDbC****', 'title' => ''], ], [ - 'name' => 'AccessControlRules', + 'name' => 'CertificateId', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the access control rule.'."\n" - ."\n" - .'> For more information about how to query created access control rules, see [ListNetworkRules](~~2539433~~).'."\n", - 'type' => 'string', - 'required' => false, - 'example' => '{"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}', - ], + 'schema' => ['description' => 'The ID of the certificate.'."\n" + ."\n" + .'> You can configure only one of the KeyId, SecretName, and CertificateId parameters.', 'type' => 'string', 'required' => false, 'example' => '770dbe42-e146-43d1-a55a-1355db86****', 'title' => ''], ], ], 'responses' => [ @@ -9789,232 +7283,202 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '3bf02f7a-015b-4f34-be0f-c4543fda2d33', - ], - 'Arn' => [ - 'description' => 'The ARN of the permission policy.'."\n", - 'type' => 'string', - 'example' => 'acs:kms:cn-hangzhou:119285303511****:policy/policy_test', - ], - 'Name' => [ - 'description' => 'The name of the permission policy.'."\n", - 'type' => 'string', - 'example' => 'policy_test', - ], - 'Description' => [ - 'description' => 'The description.'."\n", - 'type' => 'string', - 'example' => 'policy description', - ], - 'KmsInstance' => [ - 'description' => 'The scope of the permission policy.'."\n", - 'type' => 'string', - 'example' => 'kst-hzz634e67d126u9p9****', - ], - 'Permissions' => [ - 'description' => 'The operations that can be performed.'."\n", - 'type' => 'string', - 'example' => '["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]', - ], - 'Resources' => [ - 'description' => 'The key and secret that are allowed to access.'."\n" - ."\n" - .'* `key/*` indicates that all keys of the KMS instance can be accessed.'."\n" - .'* `secret/*` indicates all secrets of the KMS instance can be accessed.'."\n", - 'type' => 'string', - 'example' => '["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]', - ], - 'AccessControlRules' => [ - 'description' => 'The name of the access control rule.'."\n", - 'type' => 'string', - 'example' => '{"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}', - ], + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '4162a6af-bc99-40b3-a552-89dcc8aaf7c8', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3bf02f7a-015b-4f34-be0f-c4543fda2d33\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:119285303511****:policy/policy_test\\",\\n \\"Name\\": \\"policy_test\\",\\n \\"Description\\": \\"policy description\\",\\n \\"KmsInstance\\": \\"kst-hzz634e67d126u9p9****\\",\\n \\"Permissions\\": \\"[\\\\\\"RbacPermission/Template/CryptoServiceKeyUser\\\\\\", \\\\\\"RbacPermission/Template/CryptoServiceSecretUser\\\\\\"]\\",\\n \\"Resources\\": \\"[\\\\\\"secret/acs/ram/user/ram-secret\\\\\\", \\\\\\"secret/acs/ram/user/acr-master\\\\\\", \\\\\\"key/key-hzz63d9c8d3dfv8cv****\\\\\\"]\\",\\n \\"AccessControlRules\\": \\"{\\\\\\"NetworkRules\\\\\\":[\\\\\\"kst-hzz62ee817bvyyr5x****.efkd\\\\\\",\\\\\\"kst-hzz62ee817bvyyr5x****.eyyp\\\\\\"]}\\"\\n}","errorExample":""},{"type":"xml","example":"<CreatePolicyResponse>\\n <RequestId>3bf02f7a-015b-4f34-be0f-c4543fda2d33</RequestId>\\n <Arn>acs:kms:cn-hangzhou:119285303511****:policy/policy_test</Arn>\\n <Name>policy_test</Name>\\n <Description>policy description</Description>\\n <KmsInstance>kst-hzz634e67d126u9p9****</KmsInstance>\\n <Permissions>[\\"RbacPermission/Template/CryptoServiceKeyUser\\", \\"RbacPermission/Template/CryptoServiceSecretUser\\"]</Permissions>\\n <Resources>[\\"secret/acs/ram/user/ram-secret\\", \\"secret/acs/ram/user/acr-master\\", \\"key/key-hzz63d9c8d3dfv8cv****\\"]</Resources>\\n <AccessControlRules>{\\"NetworkRules\\":[\\"kst-hzz62ee817bvyyr5x****.efkd\\",\\"kst-hzz62ee817bvyyr5x****.eyyp\\"]}</AccessControlRules>\\n</CreatePolicyResponse>","errorExample":""}]', - 'title' => 'CreatePolicy', - 'summary' => 'Creates a permission policy to configure the keys and secrets that are allowed to access.', - 'description' => 'To perform cryptographic operations and retrieve secret values, self-managed applications must use a client key to access a Key Management Service (KMS) instance. The following process shows how to create a client key-based application access point (AAP):'."\n" - ."\n" - .'1.Create an access control rule: You can configure the private IP addresses or private CIDR blocks that are allowed to access a KMS instance. For more information, see [CreateNetworkRule](~~2539407~~).'."\n" - ."\n" - .'2.Create a permission policy: You can configure the keys and secrets that are allowed to access and bind access control rules to the keys and secrets.'."\n" + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"4162a6af-bc99-40b3-a552-89dcc8aaf7c8\\"\\n}","type":"json"}]', + 'title' => 'TagResource', + 'summary' => 'Adds tags to a CMK, secret, or certificate.', + 'description' => 'You can add up to 10 tags to a CMK, secret, or certificate.'."\n" ."\n" - .'3.Create an AAP: You can configure an authentication method and bind a permission policy to an AAP. For more information, see [CreateApplicationAccessPoint](~~2539467~~).'."\n" + .'In this example, the tags `[{"TagKey":"S1key1","TagValue":"S1val1"},{"TagKey":"S1key2","TagValue":"S2val2"}]` are added to the CMK whose ID is `08c33a6f-4e0a-4a1b-a3fa-7ddf****`.'."\n" ."\n" - .'4.Create a client key: You can configure the encryption password and validity period of a client key and bind the client key to an AAP. For more information, see [CreateClientKey](~~2539509~~).', - ], - 'ListPolicies' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + .'For more information about the access policy required by a RAM user or RAM role to call this API, see [Resource Access Management](~~2767210~~).', + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'TagResources' => [ + 'summary' => 'Adds tags to one or more keys or secrets.', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'read', + 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'list', - 'abilityTreeCode' => '54648', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], - 'tenantRelevance' => 'publicInformation', + 'operationType' => 'none', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '177226', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], ], 'parameters' => [ [ - 'name' => 'PageNumber', + 'name' => 'RegionId', + 'in' => 'query', + 'schema' => ['description' => 'The region ID of the resource.'."\n" + ."\n" + .'> You can call the [DescribeRegions](~~601478~~) to query the most recent region list.', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'cn-hangzhou'], + ], + [ + 'name' => 'ResourceType', 'in' => 'query', + 'schema' => ['description' => 'The type of the resource to which you want to add tags. Valid values:'."\n" + ."\n" + .'- key'."\n" + ."\n" + .'- secret', 'type' => 'string', 'required' => true, 'title' => '', 'example' => 'key'], + ], + [ + 'name' => 'ResourceId', + 'in' => 'query', + 'style' => 'repeatList', 'schema' => [ - 'description' => 'The page number. Default value: 1.', - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'example' => '1', + 'title' => '', + 'description' => 'The IDs of the resources to which you want to add tags. You can enter a maximum of 50 resource IDs.'."\n" + ."\n" + .'Enter multiple resource IDs in the `["ResourceId. 1","ResourceId. 2",...]` format.', + 'type' => 'array', + 'items' => ['description' => 'The IDs of the resources to which you want to add tags. You can enter a maximum of 50 resource IDs.'."\n" + ."\n" + .'Enter multiple resource IDs in the `["ResourceId. 1","ResourceId. 2",...]` format.', 'type' => 'string', 'required' => false, 'example' => 'key-hzz62f1cb66fa42qo****', 'title' => ''], + 'required' => true, + 'maxItems' => 51, + 'example' => '', ], ], [ - 'name' => 'PageSize', + 'name' => 'Tag', 'in' => 'query', + 'style' => 'repeatList', 'schema' => [ - 'description' => 'The number of entries per page. Valid values: 1 to 100. Default value: 20.', - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'example' => '10', + 'title' => '', + 'description' => 'A list of tags. You can enter up to 20 tags.'."\n" + ."\n" + .'A tag consists of a key-value pair. Enter multiple tags in the `[{"Key":"key1","Value":"value1"},{"Key":"key2","Value":"value2"},..]` format.', + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'Key' => ['description' => 'The key of the tag. A tag consists of a key-value pair.'."\n" + ."\n" + .'You can enter up to 20 tags. Enter multiple tags in the `[{"Key":"key1","Value":"value1"},{"Key":"key2","Value":"value2"},..]` format.'."\n" + ."\n" + .'Each key can be up to 128 characters in length and can contain letters, digits, forward slashes (/), backslashes (\\), underscores (\\_), hyphens (-), periods (.), plus signs (+), equal signs (=), colons (:), and at signs (@).'."\n" + ."\n" + .'> The key cannot start with aliyun or acs:.', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'disk-encryption'], + 'Value' => ['description' => 'The value of the tag. A tag consists of a key-value pair.'."\n" + ."\n" + .'You can enter up to 20 tags. Enter multiple tags in the `[{"Key":"key1","Value":"value1"},{"Key":"key2","Value":"value2"},..]` format.'."\n" + ."\n" + .'Each value can be up to 128 characters in length and can contain letters, digits, forward slashes (/), backslashes (\\), underscores (\\_), hyphens (-), periods (.), plus signs (+), equal signs (=), colons (:), and at signs (@).', 'type' => 'string', 'title' => '', 'required' => false, 'example' => 'true'], + ], + 'required' => false, + 'title' => '', + 'example' => '', + ], + 'required' => true, + 'maxItems' => 21, + 'example' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ + 'title' => 'Schema of Response', + 'description' => 'Schema of Response', 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.', - 'type' => 'string', - 'example' => 'b66ad557-9c00-4064-9c8d-b621c3263308', - ], - 'PageNumber' => [ - 'description' => 'The page number.', - 'type' => 'integer', - 'format' => 'int32', - 'example' => '1', - ], - 'PageSize' => [ - 'description' => 'The number of entries per page.', - 'type' => 'integer', - 'format' => 'int32', - 'example' => '10', - ], - 'TotalCount' => [ - 'description' => 'The total number of entries returned.', - 'type' => 'integer', - 'format' => 'int32', - 'example' => '1', - ], - 'Policies' => [ - 'type' => 'object', - 'itemNode' => true, - 'properties' => [ - 'Policy' => [ - 'description' => 'A list of permission policies.', - 'type' => 'array', - 'items' => [ - 'description' => 'A list of permission policies.', - 'type' => 'object', - 'properties' => [ - 'Name' => [ - 'description' => 'The name of the permission policy.', - 'type' => 'string', - 'example' => 'policy_test', - ], - ], - ], - ], - ], - ], + 'RequestId' => ['title' => 'Id of the request', 'description' => 'The request ID.', 'type' => 'string', 'example' => '598d0219-45cd-4477-84ad-85a52d9debcf'], ], + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter.TagValue', 'errorMessage' => 'The specified parameter is not valid.', 'description' => ''], + ['errorCode' => 'InvalidParameter.TagKey', 'errorMessage' => 'The specified parameter is not valid.', 'description' => ''], + ['errorCode' => 'Duplicate.TagKey', 'errorMessage' => 'The specified tagKey is duplicate.', 'description' => ''], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ['errorCode' => 'InvalidResourceId.NotFound', 'errorMessage' => 'The specified ResourceId is not found.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"b66ad557-9c00-4064-9c8d-b621c3263308\\",\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 1,\\n \\"Policies\\": {\\n \\"Policy\\": [\\n {\\n \\"Name\\": \\"policy_test\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListPoliciesResponse>\\n <RequestId>b66ad557-9c00-4064-9c8d-b621c3263308</RequestId>\\n <PageNumber>1</PageNumber>\\n <PageSize>10</PageSize>\\n <TotalCount>1</TotalCount>\\n <Policies>\\n <Name>policy_test</Name>\\n </Policies>\\n</ListPoliciesResponse>","errorExample":""}]', - 'title' => 'ListPolicies', - 'summary' => 'Queries a list of permission policies.', - ], - 'DescribePolicy' => [ - 'summary' => 'Queries the details of a permission policy.', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'staticInfo' => ['returnType' => 'synchronous'], + 'title' => 'TagResources', + 'description' => 'You can add multiple tags to multiple keys or multiple secrets at a time.'."\n" + ."\n" + .'For more information about the access policy required by a RAM user or RAM role to call this API, see [Resource Access Management](~~2767210~~).', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [ + ['threshold' => '1000', 'countWindow' => 1, 'regionId' => '*', 'api' => 'TagResources'], + ], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"598d0219-45cd-4477-84ad-85a52d9debcf\\"\\n}","type":"json"}]', + ], + 'UntagResource' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'read', + 'operationType' => 'write', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'get', - 'abilityTreeCode' => '54643', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], - ], + 'systemTags' => ['operationType' => 'update'], 'parameters' => [ [ - 'name' => 'Name', + 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the permission policy that you want to query.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'policy_test', - ], + 'schema' => ['description' => 'The ID of the key. This is the globally unique identifier (GUID) of the master key (CMK).'."\n" + ."\n" + .'> You must specify one and only one of the KeyId, SecretName, and CertificateId parameters.', 'type' => 'string', 'required' => false, 'docRequired' => false, 'example' => '08c33a6f-4e0a-4a1b-a3fa-7ddf****', 'title' => ''], + ], + [ + 'name' => 'TagKeys', + 'in' => 'query', + 'schema' => ['description' => 'One or more tag keys. Separate multiple tag keys with commas (,).<br> You need to specify only tag keys, not tag values.<br> The tag key can be 1 to 128 bytes in length.<br><br>', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '["tagkey1","tagkey2"]', 'title' => ''], + ], + [ + 'name' => 'SecretName', + 'in' => 'query', + 'schema' => ['description' => 'The name of the credential.'."\n" + ."\n" + .'> You must specify one and only one of the KeyId, SecretName, and CertificateId parameters.', 'type' => 'string', 'required' => false, 'docRequired' => false, 'example' => 'MyDbC****', 'title' => ''], + ], + [ + 'name' => 'CertificateId', + 'in' => 'query', + 'schema' => ['description' => 'The ID of the certificate.'."\n" + ."\n" + .'> You must specify one and only one of the KeyId, SecretName, and CertificateId parameters.', 'type' => 'string', 'required' => false, 'example' => '770dbe42-e146-43d1-a55a-1355db86****', 'title' => ''], ], ], 'responses' => [ @@ -10022,147 +7486,117 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The request ID.'."\n", - 'type' => 'string', - 'example' => 'f455324b-e229-4066-9f58-9c1cf3fe83a9', - ], - 'Arn' => [ - 'description' => 'The Alibaba Cloud Resource Name (ARN) of the permission policy.'."\n", - 'type' => 'string', - 'example' => 'acs:kms:cn-hangzhou:119285303511****:policy/policy_test', - ], - 'Name' => [ - 'description' => 'The name of the permission policy.'."\n", - 'type' => 'string', - 'example' => 'policy_test', - ], - 'Description' => [ - 'description' => 'The description.'."\n", - 'type' => 'string', - 'example' => 'policy description', - ], - 'KmsInstance' => [ - 'description' => 'The scope of the permission policy.'."\n", - 'type' => 'string', - 'example' => 'kst-hzz634e67d126u9p9****', - ], - 'Permissions' => [ - 'description' => 'A list of operations that can be performed.'."\n", - 'type' => 'array', - 'items' => [ - 'description' => 'The operations that can be performed.'."\n", - 'type' => 'string', - 'example' => '["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]', - ], - 'example' => '["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]', - ], - 'Resources' => [ - 'description' => 'A list of keys and secrets that are allowed to access.'."\n", - 'type' => 'array', - 'items' => [ - 'description' => 'The keys and secrets that are allowed to access.'."\n", - 'type' => 'string', - 'example' => '["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]', - ], - 'example' => '["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]', - ], - 'AccessControlRules' => [ - 'description' => 'The network access rule that is associated with the permission policy.'."\n", - 'type' => 'string', - 'example' => '{"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}', - ], + 'RequestId' => ['description' => 'The ID of the request. This ID is generated by Alibaba Cloud to uniquely identify the request. You can use this ID to troubleshoot issues.', 'type' => 'string', 'example' => '4162a6af-bc99-40b3-a552-89dcc8aaf7c8', 'title' => ''], ], 'description' => '', + 'title' => '', + 'example' => '', ], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"f455324b-e229-4066-9f58-9c1cf3fe83a9\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:119285303511****:policy/policy_test\\",\\n \\"Name\\": \\"policy_test\\",\\n \\"Description\\": \\"policy description\\",\\n \\"KmsInstance\\": \\"kst-hzz634e67d126u9p9****\\",\\n \\"Permissions\\": [\\n \\"[\\\\\\"RbacPermission/Template/CryptoServiceKeyUser\\\\\\", \\\\\\"RbacPermission/Template/CryptoServiceSecretUser\\\\\\"]\\"\\n ],\\n \\"Resources\\": [\\n \\"[\\\\\\"secret/acs/ram/user/ram-secret\\\\\\", \\\\\\"secret/acs/ram/user/acr-master\\\\\\", \\\\\\"key/key-hzz63d9c8d3dfv8cv****\\\\\\"]\\"\\n ],\\n \\"AccessControlRules\\": \\"{\\\\\\"NetworkRules\\\\\\":[\\\\\\"kst-hzz62ee817bvyyr5x****.efkd\\\\\\",\\\\\\"kst-hzz62ee817bvyyr5x****.eyyp\\\\\\"]}\\"\\n}","errorExample":""},{"type":"xml","example":"<DescribePolicyResponse>\\n <RequestId>f455324b-e229-4066-9f58-9c1cf3fe83a9</RequestId>\\n <Arn>acs:kms:cn-hangzhou:119285303511****:policy/policy_test</Arn>\\n <Name>policy_test</Name>\\n <Description>policy description</Description>\\n <KmsInstance>kst-hzz634e67d126u9p9****</KmsInstance>\\n <Permissions>[\\"RbacPermission/Template/CryptoServiceKeyUser\\", \\"RbacPermission/Template/CryptoServiceSecretUser\\"]</Permissions>\\n <Resources>[\\"secret/acs/ram/user/ram-secret\\", \\"secret/acs/ram/user/acr-master\\", \\"key/key-hzz63d9c8d3dfv8cv****\\"]</Resources>\\n <AccessControlRules>{\\"NetworkRules\\":[\\"kst-hzz62ee817bvyyr5x****.efkd\\",\\"kst-hzz62ee817bvyyr5x****.eyyp\\"]}</AccessControlRules>\\n</DescribePolicyResponse>","errorExample":""}]', - 'title' => 'DescribePolicy', - ], - 'UpdatePolicy' => [ - 'summary' => 'Updates a permission policy.', - 'methods' => [ - 'post', - 'get', + 'errorCodes' => [ + 400 => [ + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], + ], + 404 => [ + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ], ], - 'schemes' => [ - 'https', + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"4162a6af-bc99-40b3-a552-89dcc8aaf7c8\\"\\n}","type":"json"}]', + 'title' => 'UntagResource', + 'summary' => 'Removes tags from a CMK, secret, or certificate.', + 'description' => 'For information about the access policy that is required for a RAM user or RAM role to call this OpenAPI operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'This topic provides an example of how to detach tags with the tag keys tagkey1 and tagkey2 from the key with the ID `08c33a6f-4e0a-4a1b-a3fa-7ddf****`.', + 'requestParamsDescription' => 'For information about common request parameters, see [Common parameters](~~69007~~).', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'UntagResources' => [ + 'summary' => 'Removes tags from keys or secrets.', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'write', - 'deprecated' => false, + 'operationType' => 'readAndWrite', 'systemTags' => [ - 'operationType' => 'update', - 'abilityTreeCode' => '54641', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], + 'operationType' => 'none', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '177229', + 'abilityTreeNodes' => ['FEATUREkms5QHERY'], ], 'parameters' => [ [ - 'name' => 'Name', + 'name' => 'RegionId', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the permission policy that you want to update.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'policy_test', - ], + 'schema' => ['title' => '', 'description' => 'The region ID of the resource.'."\n" + ."\n" + .'> You can call the [DescribeRegions](~~601478~~) operation to query the most recent region list.'."\n", 'type' => 'string', 'required' => true, 'example' => 'cn-hangzhou'], ], [ - 'name' => 'Permissions', + 'name' => 'ResourceType', 'in' => 'query', - 'schema' => [ - 'description' => 'The operations that are supported by the updated policy. Valid values:'."\n" - ."\n" - .'* RbacPermission/Template/CryptoServiceKeyUser: allows you to perform cryptographic operations.'."\n" - .'* RbacPermission/Template/CryptoServiceSecretUser: allows you to perform secret-related operations.'."\n" - ."\n" - .'You can select both.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => '["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]', - ], + 'schema' => ['title' => '', 'description' => 'The type of the resource from which you want to remove tags. Valid values:'."\n" + ."\n" + .'* key'."\n" + .'* secret'."\n", 'type' => 'string', 'required' => true, 'example' => 'key'], ], [ - 'name' => 'Resources', + 'name' => 'All', 'in' => 'query', - 'schema' => [ - 'description' => 'The key and secret that are allowed to access after the update.'."\n" - ."\n" - .'* Key: Enter a key in the `key/${KeyId}` format. To allow access to all keys of a KMS instance, enter key/\\*.'."\n" - .'* Secret: Enter a secret in the `secret/${SecretName}` format. To allow access to all secrets of a KMS instance, enter secret/\\*.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => '["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]', - ], + 'schema' => ['title' => '', 'description' => 'Specifies whether to remove all tags from resources. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false (default)'."\n" + ."\n" + .'> This parameter takes effect only when you specify an empty tag key.'."\n", 'type' => 'boolean', 'required' => false, 'example' => 'false'], ], [ - 'name' => 'AccessControlRules', + 'name' => 'ResourceId', 'in' => 'query', + 'style' => 'repeatList', 'schema' => [ - 'description' => 'The access control rule.'."\n" + 'title' => '', + 'description' => 'The IDs of the resources from which you want to remove tags. You can enter up to 50 resource IDs.'."\n" ."\n" - .'> For more information about how to query created access control rules, see [ListNetworkRules](~~2539433~~).'."\n", - 'type' => 'string', - 'required' => false, - 'example' => '{"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}', + .'Enter multiple resource IDs in the `["ResourceId.1","ResourceId.2",...]` format.'."\n", + 'type' => 'array', + 'items' => ['description' => 'The IDs of the resources from which you want to remove tags. You can enter up to 50 resource IDs.'."\n" + ."\n" + .'Enter multiple resource IDs in the `["ResourceId.1","ResourceId.2",...]` format.'."\n", 'type' => 'string', 'required' => false, 'example' => 'key-hzz62f1cb66fa42qo****', 'title' => ''], + 'required' => true, + 'maxItems' => 51, + 'example' => '', ], ], [ - 'name' => 'Description', + 'name' => 'TagKey', 'in' => 'query', + 'style' => 'repeatList', 'schema' => [ - 'description' => 'The description.'."\n", - 'type' => 'string', + 'title' => '', + 'description' => 'The keys of the tags that you want to remove. You can enter up to 20 tag keys.'."\n" + ."\n" + .'Enter multiple tag keys in the `["key.1","key.2",...]` format.'."\n" + ."\n" + .'> The tag key cannot start with aliyun or acs:.'."\n", + 'type' => 'array', + 'items' => ['description' => 'The keys of the tags that you want to remove. You can enter up to 20 tag keys.'."\n" + ."\n" + .'Enter multiple tag keys in the `["key.1","key.2",...]` format.'."\n" + ."\n" + .'> The tag key cannot start with aliyun or acs:.'."\n", 'type' => 'string', 'required' => false, 'example' => 'disk-encryption', 'title' => ''], 'required' => false, - 'example' => 'policy description', + 'maxItems' => 21, + 'example' => '', ], ], ], @@ -10171,42 +7605,36 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => 'f455324b-e229-4066-9f58-9c1cf3fe83a8', - ], + 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'b1f210dc-e52c-4a86-b9dd-7492343d46c7', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ - 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], - ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], + ['errorCode' => 'InvalidResourceId.NotFound', 'errorMessage' => 'The specified ResourceId is not found.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"f455324b-e229-4066-9f58-9c1cf3fe83a8\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdatePolicyResponse>\\n <RequestId>f455324b-e229-4066-9f58-9c1cf3fe83a8</RequestId>\\n</UpdatePolicyResponse>","errorExample":""}]', - 'title' => 'UpdatePolicy', - 'description' => '- You can update the role-based access control (RBAC) permissions, accessible resources, access control rules, and description of a permission policy. You cannot update the name or scope of a permission policy.'."\n" - .'- Updating a permission policy affects all application access points (AAPs) that are bound to the permission policy. Exercise caution when you perform this operation.', - ], - 'DeletePolicy' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'staticInfo' => ['returnType' => 'synchronous'], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"b1f210dc-e52c-4a86-b9dd-7492343d46c7\\"\\n}","errorExample":""},{"type":"xml","example":"<UntagResourcesResponse>\\n <RequestId>b1f210dc-e52c-4a86-b9dd-7492343d46c7</RequestId>\\n</UntagResourcesResponse>","errorExample":""}]', + 'title' => 'UntagResources', + 'description' => 'You can remove multiple tags from multiple keys or multiple secrets at a time. You cannot remove tags that start with aliyun or acs:.'."\n" + ."\n" + .'If you enter multiple tag keys in the request parameters and only some of the tag keys are associated with resources, the operation can be called and the tags whose keys are associated with resources are removed from the resources.'."\n", + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [ + ['threshold' => '1000', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UntagResources'], + ], ], + ], + 'UpdateAlias' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -10214,24 +7642,19 @@ ], 'operationType' => 'write', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'delete', - 'abilityTreeCode' => '54645', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], - ], + 'systemTags' => ['operationType' => 'update'], 'parameters' => [ [ - 'name' => 'Name', + 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the permission policy that you want to delete.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'policy_test', - ], + 'schema' => ['description' => 'The ID of the CMK. The ID must be globally unique.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '1234abcd-12ab-34cd-56ef-12345678****', 'title' => ''], + ], + [ + 'name' => 'AliasName', + 'in' => 'query', + 'schema' => ['description' => 'The alias that you want to bind.'."\n" + ."\n" + .'The value must be 1 to 255 characters in length and must include the alias/ prefix.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'alias/example', 'title' => ''], ], ], 'responses' => [ @@ -10239,44 +7662,25 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The request ID.'."\n", - 'type' => 'string', - 'example' => '00a26a33-d992-42f3-9012-5fd12764430f', - ], + 'RequestId' => ['description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", 'type' => 'string', 'example' => '1d2baaf3-d357-46c2-832e-13560c2bd9cd', 'title' => ''], ], 'description' => '', + 'title' => '', ], ], ], - 'errorCodes' => [ - 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], - ], - 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], - ], - ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"00a26a33-d992-42f3-9012-5fd12764430f\\"\\n}","errorExample":""},{"type":"xml","example":"<DeletePolicyResponse>\\n <RequestId>00a26a33-d992-42f3-9012-5fd12764430f</RequestId>\\n</DeletePolicyResponse>","errorExample":""}]', - 'title' => 'DeletePolicy', - 'summary' => 'Deletes a permission policy.', - 'description' => 'Before you delete a permission policy, make sure that the permission policy is not associated with application access points (AAPs). Otherwise, related applications cannot access Key Management Service (KMS).'."\n", + 'errorCodes' => [], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"1d2baaf3-d357-46c2-832e-13560c2bd9cd\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateAliasResponse>\\n <RequestId>1d2baaf3-d357-46c2-832e-13560c2bd9cd</RequestId>\\n</UpdateAliasResponse>","errorExample":""}]', + 'title' => 'UpdateAlias', + 'summary' => 'Binds an existing alias to a different customer master key (CMK) ID.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], ], - 'CreateApplicationAccessPoint' => [ - 'summary' => 'Creates an application access point (AAP)', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'UpdateApplicationAccessPoint' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -10285,58 +7689,26 @@ 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'create', - 'abilityTreeCode' => '54651', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], - 'tenantRelevance' => 'publicInformation', + 'operationType' => 'update', + 'abilityTreeCode' => '54640', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], ], 'parameters' => [ [ 'name' => 'Name', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the AAP.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'aap_test', - ], + 'schema' => ['description' => 'The name of the AAP that you want to update.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'aap_test', 'title' => ''], ], [ 'name' => 'Description', 'in' => 'query', - 'schema' => [ - 'description' => 'The description of the AAP.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'aap description', - ], - ], - [ - 'name' => 'AuthenticationMethod', - 'in' => 'query', - 'schema' => [ - 'title' => '新版认证字段'."\n", - 'description' => 'The authentication method. Currently, only ClientKey is supported.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => 'ClientKey', - ], + 'schema' => ['description' => 'The description.', 'type' => 'string', 'required' => false, 'example' => 'aap description', 'title' => ''], ], [ 'name' => 'Policies', 'in' => 'query', - 'schema' => [ - 'description' => 'The permission policy.'."\n" - ."\n" - .'> You can bind up to three permission policies to each AAP.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => '["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]', - ], + 'schema' => ['description' => 'The permission policy that you want to update.'."\n" + .'> You can associate up to three permission policies with each AAP.', 'type' => 'string', 'required' => false, 'example' => '["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]', 'title' => ''], ], ], 'responses' => [ @@ -10344,105 +7716,50 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => 'bcfefe15-46f0-44a3-bd96-3d422474b71a', - ], - 'Description' => [ - 'description' => 'The description of the AAP.'."\n", - 'type' => 'string', - 'example' => 'aap description', - ], - 'Policies' => [ - 'description' => 'The permission policy.'."\n", - 'type' => 'string', - 'example' => '["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]', - ], - 'Name' => [ - 'description' => 'The name of the AAP.'."\n", - 'type' => 'string', - 'example' => 'aap_test', - ], - 'Arn' => [ - 'description' => 'The Alibaba Cloud Resource Name (ARN) of the AAP.'."\n", - 'type' => 'string', - 'example' => 'acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test', - ], - 'AuthenticationMethod' => [ - 'description' => 'The authentication method.'."\n", - 'type' => 'string', - 'example' => 'ClientKey', - ], + 'RequestId' => ['description' => 'The ID of the request, which is used to locate and troubleshoot issues.', 'type' => 'string', 'example' => 'bcfefe15-46f0-44a3-bd96-3d422474b71a', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ - 409 => [ - [ - 'errorCode' => 'Rejected.ResourceExist', - 'errorMessage' => 'The request was rejected because the resource already exists.', - ], + 400 => [ + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is invalid.', 'description' => 'An invalid value is specified for the parameter.'], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"bcfefe15-46f0-44a3-bd96-3d422474b71a\\",\\n \\"Description\\": \\"aap description\\",\\n \\"Policies\\": \\"[\\\\\\"kst-hzz62ee817bvyyr5x****.efkd\\\\\\",\\\\\\"kst-hzz62ee817bvyyr5x****.eyyp\\\\\\"]\\",\\n \\"Name\\": \\"aap_test\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test\\",\\n \\"AuthenticationMethod\\": \\"ClientKey\\"\\n}","errorExample":""},{"type":"xml","example":"<CreateApplicationAccessPointResponse>\\n <RequestId>bcfefe15-46f0-44a3-bd96-3d422474b71a</RequestId>\\n <Description>aap description</Description>\\n <Policies>[\\"kst-hzz62ee817bvyyr5x****.efkd\\",\\"kst-hzz62ee817bvyyr5x****.eyyp\\"]</Policies>\\n <Name>aap_test</Name>\\n <Arn>acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test</Arn>\\n <AuthenticationMethod>ClientKey</AuthenticationMethod>\\n</CreateApplicationAccessPointResponse>","errorExample":""}]', - 'title' => 'CreateApplicationAccessPoint', - 'description' => 'To perform cryptographic operations and retrieve secret values, self-managed applications must use a client key to access a Key Management Service (KMS) instance. The following process shows how to create a client key-based AAP:'."\n" - ."\n" - .'1.Create a network access rule: You can configure the private IP addresses or private CIDR blocks that are allowed to access KMS. For more information, see [CreateNetworkRule](~~2539407~~).'."\n" - ."\n" - .'2.Create a permission policy: You can configure the keys and secrets that are allowed to access and bind network access rules to the keys and secrets. For more information, see [CreatePolicy](~~2539454~~).'."\n" - ."\n" - .'3.Create an AAP: You can configure an authentication method and bind a permission policy to an AAP. This topic describes how to create an AAP.'."\n" - ."\n" - .'4.Create a client key: You can configure the encryption password and validity period of a client key and bind the client key to an AAP. For more information, see [CreateClientKey](~~2539509~~).', - ], - 'ListApplicationAccessPoints' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"bcfefe15-46f0-44a3-bd96-3d422474b71a\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateApplicationAccessPointResponse>\\n <RequestId>bcfefe15-46f0-44a3-bd96-3d422474b71a</RequestId>\\n</UpdateApplicationAccessPointResponse>","errorExample":""}]', + 'title' => 'UpdateApplicationAccessPoint', + 'summary' => 'Updates the information about an application access point (AAP).', + 'description' => 'The update takes effect immediately after an AAP information is updated. Exercise caution when you perform this operation. You can update the description of an AAP and the permission policies that are associated with the AAP. You cannot update the name of the AAP.', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'UpdateKeyDescription' => [ + 'summary' => 'Updates the description of a CMK.', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'read', + 'operationType' => 'write', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'list', - 'abilityTreeCode' => '54646', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], - 'tenantRelevance' => 'publicInformation', - ], + 'systemTags' => ['operationType' => 'update'], 'parameters' => [ [ - 'name' => 'PageNumber', + 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The page number. Default value: 1.', - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'example' => '1', - ], + 'schema' => ['description' => 'The ID of the CMK. The ID must be globally unique.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '1234abcd-12ab-34cd-56ef-12345678****', 'title' => ''], ], [ - 'name' => 'PageSize', + 'name' => 'Description', 'in' => 'query', - 'schema' => [ - 'description' => 'The number of entries per page. Valid values: 1 to 100. Default value: 20.', - 'type' => 'integer', - 'format' => 'int32', - 'required' => false, - 'example' => '10', - ], + 'schema' => ['description' => 'The description of the CMK. This description includes the purpose of the CMK, such as the types of data that you want to protect and applications that can use the CMK.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'key description example', 'title' => ''], ], ], 'responses' => [ @@ -10450,178 +7767,95 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.', - 'type' => 'string', - 'example' => 'bcfefe15-46f0-44a3-bd96-3d422474b71a', - ], - 'PageNumber' => [ - 'description' => 'The page number.', - 'type' => 'integer', - 'format' => 'int32', - 'example' => '1', - ], - 'PageSize' => [ - 'description' => 'The number of entries per page.', - 'type' => 'integer', - 'format' => 'int32', - 'example' => '10', - ], - 'TotalCount' => [ - 'description' => 'The total number of entries returned.', - 'type' => 'integer', - 'format' => 'int32', - 'example' => '1', - ], - 'ApplicationAccessPoints' => [ - 'type' => 'object', - 'itemNode' => true, - 'properties' => [ - 'ApplicationAccessPoint' => [ - 'description' => 'A list of AAPs.', - 'type' => 'array', - 'items' => [ - 'description' => 'A list of AAPs.', - 'type' => 'object', - 'properties' => [ - 'Name' => [ - 'description' => 'The name of the AAP.', - 'type' => 'string', - 'example' => 'aap_test', - ], - 'AuthenticationMethod' => [ - 'description' => 'The authentication method.', - 'type' => 'string', - 'example' => 'ClientKey', - ], - ], - ], - ], - ], - ], + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '3455b9b4-95c1-419d-b310-db6a53b09a39', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], - 'errorCodes' => [ - 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], - ], - 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], - ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"3455b9b4-95c1-419d-b310-db6a53b09a39\\"\\n}","type":"json"}]', + 'title' => 'UpdateKeyDescription', + 'description' => 'This operation replaces the description of a customer master key (CMK) with the description that you specify. The original description of the CMK is specified by the Description parameter when you call the [DescribeKey](~~28952~~) operation. Use this operation to add, modify, or delete the description of a CMK.'."\n" + ."\n" + .'For more information about the access policy required for a RAM user or RAM role to call this operation, see [Resource Access Management](~~2767210~~).', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"bcfefe15-46f0-44a3-bd96-3d422474b71a\\",\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 1,\\n \\"ApplicationAccessPoints\\": {\\n \\"ApplicationAccessPoint\\": [\\n {\\n \\"Name\\": \\"aap_test\\",\\n \\"AuthenticationMethod\\": \\"ClientKey\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListApplicationAccessPointsResponse>\\n <RequestId>bcfefe15-46f0-44a3-bd96-3d422474b71a</RequestId>\\n <PageNumber>1</PageNumber>\\n <PageSize>10</PageSize>\\n <TotalCount>1</TotalCount>\\n <ApplicationAccessPoints>\\n <Name>aap_test</Name>\\n <AuthenticationMethod>ClientKey</AuthenticationMethod>\\n </ApplicationAccessPoints>\\n</ListApplicationAccessPointsResponse>","errorExample":""}]', - 'title' => 'ListApplicationAccessPoints', - 'summary' => 'Queries a list of application access points (AAPs).', ], - 'DescribeApplicationAccessPoint' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'UpdateKmsInstanceBindVpc' => [ + 'methods' => ['get', 'post'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'get', - 'abilityTreeCode' => '54652', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], - 'tenantRelevance' => 'tenant', + 'operationType' => 'none', + 'abilityTreeCode' => '193192', + 'abilityTreeNodes' => ['FEATUREkms586TOR'], ], 'parameters' => [ [ - 'name' => 'Name', + 'name' => 'KmsInstanceId', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the AAP that you want to query.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'aap_test', - ], + 'schema' => ['description' => 'The ID of the KMS instance.', 'type' => 'string', 'required' => true, 'example' => 'kst-phzz64f722a1buamw0****', 'title' => ''], + ], + [ + 'name' => 'BindVpcs', + 'in' => 'query', + 'schema' => ['description' => 'The VPC configuration. Each VPC configuration contains the following parameters:'."\n" + ."\n" + .'- VpcId: The ID of the VPC.'."\n" + ."\n" + .'- VSwitchId: The vSwitch in the VPC.'."\n" + ."\n" + .'- RegionID: The region where the VPC resides.'."\n" + ."\n" + .'- VpcOwnerId: The Alibaba Cloud account that owns the VPC.'."\n" + ."\n" + .'The value is a JSON string in the following format: `[{"VpcId":"${VpcId}","VSwitchId":"${VSwitchId}","RegionId":"${RegionId}","VpcOwnerId":${VpcOwnerId}},...]`.', 'type' => 'string', 'required' => true, 'example' => '[{"VpcId":"vpc-bp1go9qvmj78j4f4c****","VSwitchId":"vsw-bp16c5pvvcf0fp5b9****","RegionId":"cn-hangzhou","VpcOwnerId":120708975881****},{"VpcId":"vpc-bp14c07ucxg6h1xjm****","VSwitchId":"vsw-bp1wujtnspi1l3gvu****","RegionId":"cn-hangzhou","VpcOwnerId":119285303511****}]', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ + 'title' => 'Schema of Response', + 'description' => 'The response schema.', 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => 'bcfefe15-46f0-44a3-bd96-3d422474b71a', - ], - 'Arn' => [ - 'description' => 'The ARN of the AAP.'."\n", - 'type' => 'string', - 'example' => 'acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test', - ], - 'Name' => [ - 'description' => 'The name of the AAP.'."\n", - 'type' => 'string', - 'example' => 'aap_test', - ], - 'Description' => [ - 'description' => 'The description.'."\n", - 'type' => 'string', - 'example' => 'aap description', - ], - 'AuthenticationMethod' => [ - 'description' => 'The authentication method.'."\n", - 'type' => 'string', - 'example' => 'ClientKey', - ], - 'Policies' => [ - 'description' => 'The permission policy that is bound to the AAP.'."\n", - 'type' => 'string', - 'example' => '["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]', - ], + 'RequestId' => ['title' => 'Id of the request', 'description' => 'The ID of the request. This ID is generated by Alibaba Cloud and is unique to the request. You can use this ID to troubleshoot issues.', 'type' => 'string', 'example' => 'd3eca5c8-a856-4347-8eb6-e1898c3fda2e'], ], + 'example' => '', ], ], ], - 'errorCodes' => [ - 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], - ], - 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], - ], + 'staticInfo' => ['returnType' => 'synchronous'], + 'title' => 'UpdateKmsInstanceBindVpc', + 'summary' => 'Updates the VPC bindings of a KMS instance.', + 'description' => '- For information about the access policy required for a Resource Access Management (RAM) user or RAM role to call this operation, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- If your self-managed application is deployed in multiple VPCs in the same region, you can bind the KMS instance to additional VPCs. These VPCs are in addition to the one that you specified when you enabled the instance.'."\n" + ."\n" + .' These VPCs can belong to the same Alibaba Cloud account or different Alibaba Cloud accounts. After the configuration is complete, self-managed applications in these VPCs can access the specified KMS instance.'."\n" + ."\n" + .' > If the VPCs belong to different Alibaba Cloud accounts, you must first configure resource sharing to share the vSwitch resources from those accounts with the Alibaba Cloud account that owns the KMS instance. For more information, see [Access a KMS instance from multiple VPCs in the same region](~~2393236~~).', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"bcfefe15-46f0-44a3-bd96-3d422474b71a\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test\\",\\n \\"Name\\": \\"aap_test\\",\\n \\"Description\\": \\"aap description\\",\\n \\"AuthenticationMethod\\": \\"ClientKey\\",\\n \\"Policies\\": \\"[\\\\\\"kst-hzz62ee817bvyyr5x****.efkd\\\\\\",\\\\\\"kst-hzz62ee817bvyyr5x****.eyyp\\\\\\"]\\"\\n}","errorExample":""},{"type":"xml","example":"<DescribeApplicationAccessPointResponse>\\n <RequestId>bcfefe15-46f0-44a3-bd96-3d422474b71a</RequestId>\\n <Arn>acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test</Arn>\\n <Name>aap_test</Name>\\n <Description>aap description</Description>\\n <AuthenticationMethod>ClientKey</AuthenticationMethod>\\n <Policies>[\\"kst-hzz62ee817bvyyr5x****.efkd\\",\\"kst-hzz62ee817bvyyr5x****.eyyp\\"]</Policies>\\n</DescribeApplicationAccessPointResponse>","errorExample":""}]', - 'title' => 'DescribeApplicationAccessPoint', - 'summary' => 'Queries the details of an application access point (AAP).', + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"d3eca5c8-a856-4347-8eb6-e1898c3fda2e\\"\\n}","type":"json"}]', ], - 'UpdateApplicationAccessPoint' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'UpdateNetworkRule' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -10631,43 +7865,24 @@ 'deprecated' => false, 'systemTags' => [ 'operationType' => 'update', - 'abilityTreeCode' => '54640', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], + 'abilityTreeCode' => '54644', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], ], 'parameters' => [ [ 'name' => 'Name', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the AAP that you want to update.', - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'aap_test', - ], + 'schema' => ['description' => 'The name of the network control rule that you want to update.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'networkrule_test', 'title' => ''], ], [ 'name' => 'Description', 'in' => 'query', - 'schema' => [ - 'description' => 'The description.', - 'type' => 'string', - 'required' => false, - 'example' => 'aap description', - ], + 'schema' => ['description' => 'The updated description.', 'type' => 'string', 'required' => false, 'example' => 'Create by kst-hzz62ee817bvyyr5****', 'title' => ''], ], [ - 'name' => 'Policies', + 'name' => 'SourcePrivateIp', 'in' => 'query', - 'schema' => [ - 'description' => 'The permission policy that you want to update.'."\n" - .'> You can associate up to three permission policies with each AAP.', - 'type' => 'string', - 'required' => false, - 'example' => '["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]', - ], + 'schema' => ['description' => 'The updated private IP addresses or private CIDR blocks. Separate multiple IP addresses or private CIDR blocks with a comma (,).', 'type' => 'string', 'required' => false, 'example' => '["192.10.XX.XX","192.168.XX.XX/24"]', 'title' => ''], ], ], 'responses' => [ @@ -10675,36 +7890,39 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.', - 'type' => 'string', - 'example' => 'bcfefe15-46f0-44a3-bd96-3d422474b71a', - ], + 'RequestId' => ['description' => 'The ID of the request. Alibaba Cloud generates a unique ID for each request. You can use the ID to troubleshoot issues.', 'type' => 'string', 'example' => '3bf02f7a-015b-4f34-be0f-cc043fda2d85', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is invalid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], + ], + 404 => [ + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"bcfefe15-46f0-44a3-bd96-3d422474b71a\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateApplicationAccessPointResponse>\\n <RequestId>bcfefe15-46f0-44a3-bd96-3d422474b71a</RequestId>\\n</UpdateApplicationAccessPointResponse>","errorExample":""}]', - 'title' => 'UpdateApplicationAccessPoint', - 'description' => 'The update takes effect immediately after an AAP information is updated. Exercise caution when you perform this operation. You can update the description of an AAP and the permission policies that are associated with the AAP. You cannot update the name of the AAP.', - 'summary' => 'Updates the information about an application access point (AAP).', - ], - 'DeleteApplicationAccessPoint' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'title' => 'UpdateNetworkRule', + 'summary' => 'Updates a network access rule.', + 'description' => '- For more information about the access policy required for a Resource Access Management (RAM) user or RAM role to call this operation, see [Access control](~~2767210~~).'."\n" + ."\n" + .'- You can only modify the private IP addresses and description of a network control rule. The name and network type cannot be modified.'."\n" + ."\n" + .'- When you update a network control rule, the access policies attached to it are also updated. Proceed with caution.', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"3bf02f7a-015b-4f34-be0f-cc043fda2d85\\"\\n}","type":"json"}]', + ], + 'UpdatePolicy' => [ + 'summary' => 'Updates a permission policy.', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -10713,23 +7931,45 @@ 'operationType' => 'write', 'deprecated' => false, 'systemTags' => [ - 'operationType' => 'delete', - 'abilityTreeCode' => '54649', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], + 'operationType' => 'update', + 'abilityTreeCode' => '54641', + 'abilityTreeNodes' => ['FEATUREkms9F3ZXA'], ], 'parameters' => [ [ 'name' => 'Name', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the AAP that you want to delete.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'aap_test', - ], + 'schema' => ['description' => 'The name of the permission policy that you want to update.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'policy_test', 'title' => ''], + ], + [ + 'name' => 'Permissions', + 'in' => 'query', + 'schema' => ['description' => 'The operations that are supported by the updated policy. Valid values:'."\n" + ."\n" + .'* RbacPermission/Template/CryptoServiceKeyUser: allows you to perform cryptographic operations.'."\n" + .'* RbacPermission/Template/CryptoServiceSecretUser: allows you to perform secret-related operations.'."\n" + ."\n" + .'You can select both.'."\n", 'type' => 'string', 'required' => false, 'example' => '["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]', 'title' => ''], + ], + [ + 'name' => 'Resources', + 'in' => 'query', + 'schema' => ['description' => 'The key and secret that are allowed to access after the update.'."\n" + ."\n" + .'* Key: Enter a key in the `key/${KeyId}` format. To allow access to all keys of a KMS instance, enter key/\\*.'."\n" + .'* Secret: Enter a secret in the `secret/${SecretName}` format. To allow access to all secrets of a KMS instance, enter secret/\\*.'."\n", 'type' => 'string', 'required' => false, 'example' => '["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]', 'title' => ''], + ], + [ + 'name' => 'AccessControlRules', + 'in' => 'query', + 'schema' => ['description' => 'The access control rule.'."\n" + ."\n" + .'> For more information about how to query created access control rules, see [ListNetworkRules](~~2539433~~).'."\n", 'type' => 'string', 'required' => false, 'example' => '{"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}', 'title' => ''], + ], + [ + 'name' => 'Description', + 'in' => 'query', + 'schema' => ['description' => 'The description.'."\n", 'type' => 'string', 'required' => false, 'example' => 'policy description', 'title' => ''], ], ], 'responses' => [ @@ -10737,42 +7977,34 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => 'bcfefe15-46f0-44a3-bd96-3d422474b71a', - ], + 'RequestId' => ['description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", 'type' => 'string', 'example' => 'f455324b-e229-4066-9f58-9c1cf3fe83a8', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter is not valid.', 'description' => 'An invalid value is specified for the parameter.'], ], 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + ['errorCode' => 'InvalidAccessKeyId.NotFound', 'errorMessage' => 'The Access Key ID provided does not exist in our records.', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"bcfefe15-46f0-44a3-bd96-3d422474b71a\\"\\n}","errorExample":""},{"type":"xml","example":"<DeleteApplicationAccessPointResponse>\\n <RequestId>bcfefe15-46f0-44a3-bd96-3d422474b71a</RequestId>\\n</DeleteApplicationAccessPointResponse>","errorExample":""}]', - 'title' => 'DeleteApplicationAccessPoint', - 'summary' => 'Deletes an application access point (AAP).', - 'description' => 'Before you delete an AAP, make sure that the AAP is no longer in use. If you delete an AAP that is in use, applications that use the AAP cannot access Key Management Service (KMS). Exercise caution when you delete an AAP.', - ], - 'CreateClientKey' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"f455324b-e229-4066-9f58-9c1cf3fe83a8\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdatePolicyResponse>\\n <RequestId>f455324b-e229-4066-9f58-9c1cf3fe83a8</RequestId>\\n</UpdatePolicyResponse>","errorExample":""}]', + 'title' => 'UpdatePolicy', + 'description' => '- You can update the role-based access control (RBAC) permissions, accessible resources, access control rules, and description of a permission policy. You cannot update the name or scope of a permission policy.'."\n" + .'- Updating a permission policy affects all application access points (AAPs) that are bound to the permission policy. Exercise caution when you perform this operation.', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'UpdateRotationPolicy' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -10780,65 +8012,28 @@ ], 'operationType' => 'write', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'create', - 'abilityTreeCode' => '54635', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], - 'tenantRelevance' => 'publicInformation', - ], + 'systemTags' => ['operationType' => 'update'], 'parameters' => [ [ - 'name' => 'AapName', - 'in' => 'query', - 'schema' => [ - 'description' => 'The operation that you want to perform. Set the value to **CreateClientKey**.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'aap_test', - ], - ], - [ - 'name' => 'Password', + 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the AAP.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'bcfefe15-46f0****', - ], + 'schema' => ['description' => 'The ID of the customer master key (CMK). The ID must be globally unique.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'key-hzz62f1cb66fa42qo****', 'title' => ''], ], [ - 'name' => 'NotAfter', + 'name' => 'EnableAutomaticRotation', 'in' => 'query', - 'schema' => [ - 'description' => 'The encryption password of the client key.'."\n" - ."\n" - .'The password must be 8 to 64 characters in length and must contain at least two of the following types: digits, letters, and special characters. Special characters include `~ ! @ # $ % ^ & * ? _ -`.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => '2028-08-31T17:14:33Z', - ], + 'schema' => ['description' => 'Specifies whether to enable automatic key rotation. Valid values:'."\n" + ."\n" + .'- true: enables automatic key rotation.'."\n" + ."\n" + .'- false: disables automatic key rotation.', 'type' => 'boolean', 'required' => true, 'docRequired' => true, 'example' => 'true', 'title' => ''], ], [ - 'name' => 'NotBefore', + 'name' => 'RotationInterval', 'in' => 'query', - 'schema' => [ - 'description' => 'The end of the validity period of the client key.'."\n" - ."\n" - .'Specify the time in the ISO 8601 standard. The time must be in UTC. The time must be in the yyyy-MM-ddTHH:mm:ssZ format.'."\n" - ."\n" - .'> '."\n" - ."\n" - .'* If you do not configure NotAfter, the default value is the time when the client key was created plus five years.'."\n" - .'* If you configure NotAfter, you must configure NotBefore.'."\n", - 'type' => 'string', - 'required' => false, - 'example' => '2023-08-31T17:14:33Z', - ], + 'schema' => ['description' => 'The period of automatic key rotation. Specify the value in the integer\\[unit] format. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day period. The period can range from 7 days to 730 days.'."\n" + ."\n" + .'> If you set the EnableAutomaticRotation parameter to true, you must also specify this parameter. If you set the EnableAutomaticRotation parameter to false, you can leave this parameter unspecified.', 'type' => 'string', 'required' => false, 'example' => '30d', 'title' => ''], ], ], 'responses' => [ @@ -10846,95 +8041,79 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The beginning of the validity period of the client key.'."\n" - ."\n" - .'Specify the time in the ISO 8601 standard. The time must be in UTC. The time must be in the yyyy-MM-ddTHH:mm:ssZ format.'."\n" - ."\n" - .'> '."\n" - ."\n" - .'* If you do not configure NotBefore, the default value is the time when the client key was created.'."\n" - .'* If you configure NotBefore, you must configure NotAfter.'."\n", - 'type' => 'string', - 'example' => '2312e45f-b2fa-4c34-ad94-3eca50932916', - ], - 'ClientKeyId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => 'KAAP.66abf237-63f6-4625-b8cf-47e1086e****', - ], - 'KeyAlgorithm' => [ - 'description' => 'The ID of the client key.'."\n", - 'type' => 'string', - 'example' => 'RSA_2048', - ], - 'PrivateKeyData' => [ - 'description' => 'The algorithm that is used to encrypt the private key of the client key. Currently, only RSA\\_2048 is supported.'."\n", - 'type' => 'string', - 'example' => 'MIIJqwIBAzCCCXcGCSqGSIb3DQEHAaCCCWgEgglkMIIJYDCCBBcGCSqGSIb3DQEHBqCCBAgwgg******', - ], - 'NotBefore' => [ - 'description' => 'The private key of the client key.'."\n", - 'type' => 'string', - 'example' => '2023-08-31T17:14:33Z', - ], - 'NotAfter' => [ - 'description' => 'The beginning of the validity period of the client key.'."\n", - 'type' => 'string', - 'example' => '2028-08-31T17:14:33Z', - ], + 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'efb1cbbd-a093-4278-bc03-639dd4fcc207', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"2312e45f-b2fa-4c34-ad94-3eca50932916\\",\\n \\"ClientKeyId\\": \\"KAAP.66abf237-63f6-4625-b8cf-47e1086e****\\",\\n \\"KeyAlgorithm\\": \\"RSA_2048\\",\\n \\"PrivateKeyData\\": \\"MIIJqwIBAzCCCXcGCSqGSIb3DQEHAaCCCWgEgglkMIIJYDCCBBcGCSqGSIb3DQEHBqCCBAgwgg******\\",\\n \\"NotBefore\\": \\"2023-08-31T17:14:33Z\\",\\n \\"NotAfter\\": \\"2028-08-31T17:14:33Z\\"\\n}","errorExample":""},{"type":"xml","example":"<CreateClientKeyResponse>\\n <RequestId>2312e45f-b2fa-4c34-ad94-3eca50932916</RequestId>\\n <ClientKeyId>KAAP.66abf237-63f6-4625-b8cf-47e1086e****</ClientKeyId>\\n <KeyAlgorithm>RSA_2048</KeyAlgorithm>\\n <PrivateKeyData>MIIJqwIBAzCCCXcGCSqGSIb3DQEHAaCCCWgEgglkMIIJYDCCBBcGCSqGSIb3DQEHBqCCBAgwgg******</PrivateKeyData>\\n <NotBefore>2023-08-31T17:14:33Z</NotBefore>\\n <NotAfter>2028-08-31T17:14:33Z</NotAfter>\\n</CreateClientKeyResponse>","errorExample":""}]', - 'title' => 'CreateClientKey', - 'summary' => 'Creates a client key.', - 'description' => 'To perform cryptographic operations and retrieve secret values, self-managed applications must use a client key to access a Key Management Service (KMS) instance. The following process shows how to create a client key-based application access point (AAP):'."\n" + 'errorCodes' => [ + 400 => [ + ['errorCode' => 'Rejected.UnsupportedOperation', 'errorMessage' => 'Unsupported operation.', 'description' => 'The operation is not supported.'], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'The specified parameter RotationInterval is not valid.', 'description' => 'Invalid RotationInterval parameter value.'], + ], + 404 => [ + ['errorCode' => 'Forbidden.KeyNotFound', 'errorMessage' => 'The specified Key is not found.', 'description' => 'The error message returned because the specified CMK does not exist.'], + ], + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"efb1cbbd-a093-4278-bc03-639dd4fcc207\\"\\n}","type":"json"}]', + 'title' => 'UpdateRotationPolicy', + 'summary' => 'Updates the automatic rotation policy of a CMK.', + 'description' => 'When automatic key rotation is enabled, KMS automatically creates a key version after the preset rotation period arrives. In addition, KMS sets the new key version as the primary key version.'."\n" ."\n" - .'1.Create an access control rule: You can configure the private IP addresses or private CIDR blocks that are allowed to access a KMS instance. For more information, see [CreateNetworkRule](~~2539407~~).'."\n" + .'An automatic key rotation policy cannot be configured for the following keys:'."\n" ."\n" - .'2.Create a permission policy: You can configure the keys and secrets that are allowed to access and bind access control rules to the keys and secrets. For more information, see [CreatePolicy](~~2539454~~).'."\n" + .'- Asymmetric key'."\n" ."\n" - .'3.Create an AAP: You can configure an authentication method and bind a permission policy to an AAP. For more information, see [CreateApplicationAccessPoint](~~2539467~~).'."\n" + .'- Service-managed key'."\n" ."\n" - .'4.Create a client key: You can configure the encryption password and validity period of a client key and bind the client key to an AAP.'."\n" - .'### Precautions'."\n" - .'A client key has a validity period. After a client key expires, applications into which the client key is integrated cannot access the required KMS instance. You must replace the client key before the client key expires. We recommend that you delete the expired client key in KMS after the new client key is used.', - ], - 'ListClientKeys' => [ - 'methods' => [ - 'get', - ], - 'schemes' => [ - 'https', + .'- Bring your own key (BYOK) that is imported into KMS'."\n" + ."\n" + .'- Key that is not in the **Enabled** state'."\n" + ."\n" + .'In this example, automatic key rotation is enabled for a CMK whose ID is `1234abcd-12ab-34cd-56ef-12345678****`. The automatic rotation period is 30 days.'."\n" + ."\n" + .'For more information about the access policy required by a RAM user or RAM role to call this API, see [Resource Access Management](~~2767210~~).', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'UpdateSecret' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], - 'operationType' => 'read', + 'operationType' => 'write', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'list', - 'abilityTreeCode' => '54637', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], - 'tenantRelevance' => 'publicInformation', - ], + 'systemTags' => ['operationType' => 'update'], 'parameters' => [ [ - 'name' => 'AapName', + 'name' => 'SecretName', 'in' => 'query', - 'schema' => [ - 'description' => 'The name of the application access point (AAP).', - 'type' => 'string', - 'required' => false, - 'docRequired' => false, - 'example' => 'aap_test', - ], + 'schema' => ['description' => 'The name of the secret.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'secret001', 'title' => ''], + ], + [ + 'name' => 'Description', + 'in' => 'query', + 'schema' => ['description' => 'The description of the secret.'."\n", 'type' => 'string', 'required' => false, 'docRequired' => false, 'example' => 'datainfo', 'title' => ''], + ], + [ + 'name' => 'ExtendedConfig.CustomData', + 'in' => 'query', + 'style' => 'json', + 'schema' => ['description' => 'The custom data in the extended configuration of the secret.'."\n" + ."\n" + .'> * If this parameter is specified, the existing extended configuration of the secret is updated.'."\n" + .'> * This parameter is unavailable for generic secrets.', 'type' => 'object', 'required' => false, 'example' => '{"DBName":"app1","Port":"3306"}', 'title' => ''], ], ], 'responses' => [ @@ -10942,179 +8121,111 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.', - 'type' => 'string', - 'example' => '2312e45f-b2fa-4c34-ad94-3eca50932916', - ], - 'ClientKeys' => [ - 'description' => 'A list of client keys.', - 'type' => 'array', - 'items' => [ - 'description' => 'A list of client keys.', - 'type' => 'object', - 'properties' => [ - 'ClientKeyId' => [ - 'description' => 'The ID of the client key.', - 'type' => 'string', - 'example' => 'KAAP.66abf237-63f6-4625-b8cf-47e1086e****', - ], - 'CreateTime' => [ - 'description' => 'The time when the client key was created.', - 'type' => 'string', - 'example' => '2023-08-31T09:14:38Z', - ], - 'PublicKeyData' => [ - 'description' => 'The public key of the client key.', - 'type' => 'string', - 'example' => '-----BEGIN CERTIFICATE-----\\nMIIDcjCCAlqgAwIBAgIQT/sAVRxwYp54mrw****-----END CERTIFICATE-----', - ], - 'KeyAlgorithm' => [ - 'description' => 'The private key algorithm of the client key.', - 'type' => 'string', - 'example' => 'RSA_2048', - ], - 'NotBefore' => [ - 'description' => 'The beginning of the validity period of the client key.', - 'type' => 'string', - 'example' => '2023-08-31T17:14:33Z', - ], - 'NotAfter' => [ - 'description' => 'The end of the validity period of the client key.', - 'type' => 'string', - 'example' => '2028-08-31T17:14:33Z', - ], - 'KeyOrigin' => [ - 'description' => 'The provider of the client key.'."\n" - ."\n" - .'Currently, only KMS is supported. The value is fixed as KMS_PROVIDED.', - 'type' => 'string', - 'example' => 'KMS_PROVIDED', - ], - 'AapName' => [ - 'description' => 'The name of the AAP.', - 'type' => 'string', - 'example' => 'aap_test', - ], - ], - ], - ], + 'SecretName' => ['description' => 'The name of the secret.'."\n", 'type' => 'string', 'example' => 'secret001', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", 'type' => 'string', 'example' => '5b75d8b1-5b6a-4ec0-8e0c-c08befdfad47', 'title' => ''], ], + 'description' => '', + 'title' => '', ], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"2312e45f-b2fa-4c34-ad94-3eca50932916\\",\\n \\"ClientKeys\\": [\\n {\\n \\"ClientKeyId\\": \\"KAAP.66abf237-63f6-4625-b8cf-47e1086e****\\",\\n \\"CreateTime\\": \\"2023-08-31T09:14:38Z\\",\\n \\"PublicKeyData\\": \\"-----BEGIN CERTIFICATE-----\\\\\\\\nMIIDcjCCAlqgAwIBAgIQT/sAVRxwYp54mrw****-----END CERTIFICATE-----\\",\\n \\"KeyAlgorithm\\": \\"RSA_2048\\",\\n \\"NotBefore\\": \\"2023-08-31T17:14:33Z\\",\\n \\"NotAfter\\": \\"2028-08-31T17:14:33Z\\",\\n \\"KeyOrigin\\": \\"KMS_PROVIDED\\",\\n \\"AapName\\": \\"aap_test\\"\\n }\\n ]\\n}","errorExample":""},{"type":"xml","example":"<ListClientKeysResponse>\\n <RequestId>2312e45f-b2fa-4c34-ad94-3eca50932916</RequestId>\\n <ClientKeys>\\n <KeyOrigin>KMS_PROVIDED</KeyOrigin>\\n <PublicKeyData>-----BEGIN CERTIFICATE-----\\\\nMIIDcjCCAlqgAwIBAgIQT/sAVRxwYp54mrw****-----END CERTIFICATE-----</PublicKeyData>\\n <CreateTime>2023-08-31T09:14:38Z</CreateTime>\\n <KeyAlgorithm>RSA_2048</KeyAlgorithm>\\n <NotBefore>2023-08-31T17:14:33Z</NotBefore>\\n <NotAfter>2028-08-31T17:14:33Z</NotAfter>\\n <AapName>aap_test</AapName>\\n <ClientKeyId>KAAP.66abf237-63f6-4625-b8cf-47e1086e****</ClientKeyId>\\n </ClientKeys>\\n</ListClientKeysResponse>","errorExample":""}]', - 'title' => 'ListClientKeys', - 'summary' => 'Queries a list of client keys', - ], - 'GetClientKey' => [ - 'summary' => 'Queries the information about a client key.', - 'methods' => [ - 'get', - ], - 'schemes' => [ - 'https', + 'errorCodes' => [ + 400 => [ + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'some of the specified parameters "\\" is not valid', 'description' => ''], + ], + 403 => [ + ['errorCode' => 'Forbidden.NoPermission', 'errorMessage' => 'This operation is forbidden by permission system', 'description' => ''], + ], + [ + ['errorCode' => 'Forbidden.ResourceNotFound', 'errorMessage' => 'Resource not found', 'description' => ''], + ], + 409 => [ + ['errorCode' => 'Rejected.ResourceExist', 'errorMessage' => 'The request was rejected becasue key already exsit', 'description' => ''], + ['errorCode' => 'Rejected.ResourceInDeleteWindow', 'errorMessage' => 'secret in delete peroid', 'description' => ''], + ], + 500 => [ + ['errorCode' => 'InternalFailure', 'errorMessage' => 'Internal Failure', 'description' => ''], + ], ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretName\\": \\"secret001\\",\\n \\"RequestId\\": \\"5b75d8b1-5b6a-4ec0-8e0c-c08befdfad47\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateSecretResponse>\\n <SecretName>secret001</SecretName>\\n <RequestId>5b75d8b1-5b6a-4ec0-8e0c-c08befdfad47</RequestId>\\n</UpdateSecretResponse>","errorExample":""}]', + 'title' => 'UpdateSecret', + 'summary' => 'Updates the metadata of a secret.', + 'description' => 'In this example, the metadata of the `secret001` secret is updated. The `Description` parameter is set to `datainfo`.'."\n", + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], + ], + 'UpdateSecretRotationPolicy' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], + 'operationType' => 'write', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'none', - 'abilityTreeCode' => '190829', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], - 'tenantRelevance' => 'publicInformation', - ], + 'systemTags' => ['operationType' => 'update'], 'parameters' => [ [ - 'name' => 'ClientKeyId', + 'name' => 'SecretName', 'in' => 'query', - 'schema' => [ - 'title' => '新版keyId', - 'description' => 'The ID of the client key.'."\n", - 'type' => 'string', - 'required' => true, - 'example' => 'KAAP.66abf237-63f6-4625-b8cf-47e1086e****', - ], + 'schema' => ['description' => 'The name of the secret.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'RdsSecret/Mysql5.4/MyCred', 'title' => ''], + ], + [ + 'name' => 'EnableAutomaticRotation', + 'in' => 'query', + 'schema' => ['description' => 'Specifies whether to enable automatic rotation. Valid values:'."\n" + ."\n" + .'* true: enables automatic rotation.'."\n" + .'* false: does not enable automatic rotation. This is the default value.'."\n", 'type' => 'boolean', 'required' => true, 'docRequired' => true, 'example' => 'true', 'title' => ''], + ], + [ + 'name' => 'RotationInterval', + 'in' => 'query', + 'schema' => ['description' => 'The interval for automatic rotation. Valid values: 6 hours to 8,760 hours (365 days).'."\n" + ."\n" + .'The value is in the `integer[unit]` format.````'."\n" + ."\n" + .'The unit can be d (day), h (hour), m (minute), or s (second). For example, both 7d and 604800s indicate a seven-day interval.'."\n" + ."\n" + .'> This parameter is required if you set the EnableAutomaticRotation parameter to true. This parameter is ignored if you set the EnableAutomaticRotation parameter to false or does not specify the EnableAutomaticRotation parameter.'."\n", 'type' => 'string', 'required' => false, 'example' => '30d', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ - 'title' => 'Schema of Response', - 'description' => '', 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'title' => 'Id of the request', - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '63d849a6-045b-4a57-ad9f-c5f756cea9e9', - ], - 'ClientKeyId' => [ - 'description' => 'The ID of the client key.'."\n", - 'type' => 'string', - 'example' => 'KAAP.66abf237-63f6-4625-b8cf-47e1086e****', - ], - 'CreateTime' => [ - 'description' => 'The time when the client key was created.'."\n", - 'type' => 'string', - 'example' => '2023-08-31T09:14:38Z', - ], - 'KeyAlgorithm' => [ - 'description' => 'The private key algorithm of the client key.'."\n", - 'type' => 'string', - 'example' => 'RSA_2048', - ], - 'KeyOrigin' => [ - 'description' => 'The provider of the client key.'."\n" - ."\n" - .'Currently, only Key Management Service (KMS) is supported. The value is fixed as KMS_PROVIDED.'."\n", - 'type' => 'string', - 'example' => 'KMS_PROVIDED', - ], - 'PublicKeyData' => [ - 'description' => 'The content of the public key of the client key.'."\n", - 'type' => 'string', - 'example' => '-----BEGIN CERTIFICATE-----\\nMIIDcjCCAlqgAwIBAgIQT/sAVRxwYp54mrw****-----END CERTIFICATE-----', - ], - 'NotAfter' => [ - 'description' => 'The end of the validity period of the client key.'."\n", - 'type' => 'string', - 'example' => '2028-08-31T17:14:33Z', - ], - 'NotBefore' => [ - 'description' => 'The beginning of the validity period of the client key.'."\n", - 'type' => 'string', - 'example' => '2023-08-31T17:14:33Z', - ], - 'AapName' => [ - 'description' => 'The name of the application access point (AAP).'."\n", - 'type' => 'string', - 'example' => 'aap_test', - ], + 'SecretName' => ['description' => 'The name of the secret.'."\n", 'type' => 'string', 'example' => 'RdsSecret/Mysql5.4/MyCred', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", 'type' => 'string', 'example' => '2c124f6f-4210-499f-b88a-69f54004d2d8', 'title' => ''], ], + 'description' => '', + 'title' => '', ], ], ], - 'staticInfo' => [ - 'returnType' => 'synchronous', - ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"63d849a6-045b-4a57-ad9f-c5f756cea9e9\\",\\n \\"ClientKeyId\\": \\"KAAP.66abf237-63f6-4625-b8cf-47e1086e****\\",\\n \\"CreateTime\\": \\"2023-08-31T09:14:38Z\\",\\n \\"KeyAlgorithm\\": \\"RSA_2048\\",\\n \\"KeyOrigin\\": \\"KMS_PROVIDED\\",\\n \\"PublicKeyData\\": \\"-----BEGIN CERTIFICATE-----\\\\\\\\nMIIDcjCCAlqgAwIBAgIQT/sAVRxwYp54mrw****-----END CERTIFICATE-----\\",\\n \\"NotAfter\\": \\"2028-08-31T17:14:33Z\\",\\n \\"NotBefore\\": \\"2023-08-31T17:14:33Z\\",\\n \\"AapName\\": \\"aap_test\\"\\n}","errorExample":""},{"type":"xml","example":"<GetClientKeyResponse>\\n <RequestId>63d849a6-045b-4a57-ad9f-c5f756cea9e9</RequestId>\\n <ClientKeyId>KAAP.66abf237-63f6-4625-b8cf-47e1086e****</ClientKeyId>\\n <CreateTime>2023-08-31T09:14:38Z</CreateTime>\\n <KeyAlgorithm>RSA_2048</KeyAlgorithm>\\n <KeyOrigin>KMS_PROVIDED</KeyOrigin>\\n <PublicKeyData>-----BEGIN CERTIFICATE-----\\\\nMIIDcjCCAlqgAwIBAgIQT/sAVRxwYp54mrw****-----END CERTIFICATE-----</PublicKeyData>\\n <NotAfter>2028-08-31T17:14:33Z</NotAfter>\\n <NotBefore>2023-08-31T17:14:33Z</NotBefore>\\n <AapName>aap_test</AapName>\\n</GetClientKeyResponse>","errorExample":""}]', - 'title' => 'GetClientKey', + 'errorCodes' => [], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretName\\": \\"RdsSecret/Mysql5.4/MyCred\\",\\n \\"RequestId\\": \\"2c124f6f-4210-499f-b88a-69f54004d2d8\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateSecretRotationPolicyResponse>\\n <SecretName>RdsSecret/Mysql5.4/MyCred</SecretName>\\n <RequestId>2c124f6f-4210-499f-b88a-69f54004d2d8</RequestId>\\n</UpdateSecretRotationPolicyResponse>","errorExample":""}]', + 'title' => 'UpdateSecretRotationPolicy', + 'summary' => 'Updates the rotation policy of a secret.', + 'description' => 'After automatic rotation is enabled, Secrets Manager schedules the first automatic rotation by adding the preset rotation interval to the timestamp of the last rotation.'."\n" + ."\n" + .'Limits: The UpdateSecretRotationPolicy operation cannot be used to update the rotation policy of generic secrets.'."\n" + ."\n" + .'In this example, the rotation policy of the `RdsSecret/Mysql5.4/MyCred` secret is updated. The following settings are modified:'."\n" + ."\n" + .'* The `EnableAutomaticRotation` parameter is set to `true`, which indicates that automatic rotation is enabled.'."\n" + .'* The `RotationInterval` parameter is set to `30d`, which indicates that the interval for automatic rotation is 30 days.'."\n", + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], ], - 'DeleteClientKey' => [ - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', - ], + 'UpdateSecretVersionStage' => [ + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], @@ -11122,24 +8233,49 @@ ], 'operationType' => 'write', 'deprecated' => false, - 'systemTags' => [ - 'operationType' => 'delete', - 'abilityTreeCode' => '54636', - 'abilityTreeNodes' => [ - 'FEATUREkms9F3ZXA', - ], - ], + 'systemTags' => ['operationType' => 'update'], 'parameters' => [ [ - 'name' => 'ClientKeyId', + 'name' => 'SecretName', 'in' => 'query', - 'schema' => [ - 'description' => 'The ID of the client key.'."\n", - 'type' => 'string', - 'required' => true, - 'docRequired' => true, - 'example' => 'KAAP.66abf237-63f6-4625-b8cf-47e1086e****', - ], + 'schema' => ['description' => 'The name or Alibaba Cloud Resource Name (ARN) of the secret.'."\n" + ."\n" + .'> To access a secret in a different Alibaba Cloud account, you must specify the ARN of the secret. The ARN is in the format of `acs:kms:${region}:${account}:secret/${secret-name}`.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'secret001', 'title' => ''], + ], + [ + 'name' => 'VersionStage', + 'in' => 'query', + 'schema' => ['description' => 'The version stage of the secret.'."\n" + ."\n" + .'**Scenario 1: Add a version stage to a specified secret version.**'."\n" + ."\n" + .'Specify this parameter and MoveToVersion. Do not specify RemoveFromVersion. This parameter can be set to ACSCurrent, ACSPrevious, or a custom stage.'."\n" + ."\n" + .'**Scenario 2: Remove a version stage from a specified secret version.**'."\n" + ."\n" + .'Specify this parameter and RemoveFromVersion. Do not specify MoveToVersion. This parameter must be set to a custom stage.'."\n" + ."\n" + .'> ACSCurrent and ACSPrevious are system-reserved stages. You cannot directly remove them. You can only remove them from one secret version and attach them to another.'."\n" + ."\n" + .'**Scenario 3: Remove a version stage from a specified secret version and attach it to another secret version.**'."\n" + ."\n" + .'Specify this parameter, MoveToVersion, and RemoveFromVersion. This parameter can be set to ACSCurrent, ACSPrevious, or a custom stage.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'ACSCurrent', 'title' => ''], + ], + [ + 'name' => 'RemoveFromVersion', + 'in' => 'query', + 'schema' => ['description' => 'The version number of the secret. This parameter specifies that the version stage set by VersionStage is removed from this version.'."\n" + ."\n" + .'> You must specify at least one of RemoveFromVersion and MoveToVersion.', 'type' => 'string', 'required' => false, 'example' => '001', 'title' => ''], + ], + [ + 'name' => 'MoveToVersion', + 'in' => 'query', + 'schema' => ['description' => 'The version number of the secret. This parameter specifies that the version stage set by VersionStage is attached to this version.'."\n" + ."\n" + .'> - You must specify at least one of RemoveFromVersion and MoveToVersion.'."\n" + .'>'."\n" + .'> - If you set VersionStage to ACSCurrent or ACSPrevious, you must specify this parameter.', 'type' => 'string', 'required' => false, 'example' => '002', 'title' => ''], ], ], 'responses' => [ @@ -11147,297 +8283,505 @@ 'schema' => [ 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", - 'type' => 'string', - 'example' => '2312e45f-b2fa-4c34-ad94-3eca50932916', - ], + 'SecretName' => ['description' => 'The name of the secret.', 'type' => 'string', 'example' => 'secret001', 'title' => ''], + 'RequestId' => ['description' => 'The ID of the request. Alibaba Cloud generates a unique ID for each request. You can use the ID to troubleshoot issues.', 'type' => 'string', 'example' => '8cad259f-4d77-40ec-bbd7-b9c47a423bb9', 'title' => ''], ], + 'description' => '', + 'title' => '', + 'example' => '', ], ], ], 'errorCodes' => [ 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], + ['errorCode' => 'InvalidParameter', 'errorMessage' => 'some of the specified parameters "\\" is not valid', 'description' => ''], + ['errorCode' => 'Rejected.LimitExceeded', 'errorMessage' => 'exceed secret limits error', 'description' => ''], + ['errorCode' => 'Rejected.InvalidRequest', 'errorMessage' => 'param mismatch', 'description' => ''], + ['errorCode' => 'Rejected.UnsupportedOperation', 'errorMessage' => 'secret stages in unnormal status', 'description' => ''], ], - 404 => [ - [ - 'errorCode' => 'InvalidAccessKeyId.NotFound', - 'errorMessage' => 'The Access Key ID provided does not exist in our records.', - ], + 403 => [ + ['errorCode' => 'Forbidden.NoPermission', 'errorMessage' => 'This operation is forbidden by permission system', 'description' => ''], + ], + [ + ['errorCode' => 'Forbidden.ResourceNotFound', 'errorMessage' => 'Resource not found', 'description' => ''], + ], + 409 => [ + ['errorCode' => 'Rejected.ResourceInDeleteWindow', 'errorMessage' => 'secret in delete peroid', 'description' => ''], + ], + 500 => [ + ['errorCode' => 'InternalFailure', 'errorMessage' => 'Internal Failure', 'description' => ''], ], ], - 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"2312e45f-b2fa-4c34-ad94-3eca50932916\\"\\n}","errorExample":""},{"type":"xml","example":"<DeleteClientKeyResponse>\\n <RequestId>2312e45f-b2fa-4c34-ad94-3eca50932916</RequestId>\\n</DeleteClientKeyResponse>","errorExample":""}]', - 'title' => 'DeleteClientKey', - 'description' => 'Before you delete a client key, make sure that the client key is no longer in use. If you delete a client key that is in use, applications that use the client key cannot access Key Management Service (KMS). Exercise caution when you delete a client key.', - 'summary' => 'Deletes a client key.', - ], - 'GetKmsInstanceQuotaInfos' => [ - 'summary' => '获取实例配额信息', - 'methods' => [ - 'post', - 'get', - ], - 'schemes' => [ - 'https', + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"SecretName\\": \\"secret001\\",\\n \\"RequestId\\": \\"8cad259f-4d77-40ec-bbd7-b9c47a423bb9\\"\\n}","type":"json"}]', + 'title' => 'UpdateSecretVersionStage', + 'summary' => 'Moves a version stage label to a different version of a secret.', + 'description' => '- For more information about the access policy that is required to call this operation as a Resource Access Management (RAM) user or RAM role, see [Resource Access Management](~~2767210~~).'."\n" + ."\n" + .'- This operation supports only generic secrets. You can perform the following operations:'."\n" + ."\n" + .' - Add a version stage to a specified secret version.'."\n" + ."\n" + .' - Remove a version stage from a specified secret version.'."\n" + ."\n" + .' - Remove a version stage from a specified secret version and attach it to another secret version.'."\n" + ."\n" + .'- The total number of version stages for each generic secret cannot exceed 8.'."\n" + ."\n" + .'This topic provides an example of how to update the version stage of the secret named `secret001`. In this example, the `ACSCurrent` stage is used to mark version `002`.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], + ], + 'VerifyMac' => [ + 'path' => '', + 'methods' => ['post', 'get'], + 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], + 'consumes' => ['application/json'], + 'produces' => ['application/json'], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', - 'abilityTreeCode' => '290515', - 'abilityTreeNodes' => [ - 'FEATUREkms586TOR', - ], - 'autoTest' => true, - 'tenantRelevance' => 'tenant', + 'abilityTreeNodes' => ['FEATUREkmsZ5VV9Q'], ], 'parameters' => [ [ - 'name' => 'KmsInstanceId', + 'name' => 'KeyId', 'in' => 'query', - 'schema' => [ - 'description' => '', - 'type' => 'string', - 'required' => false, - 'example' => 'kst-bjj62f5ba3dnpb6v8****', - ], + 'schema' => ['description' => 'The ID of the key. You can also specify a key alias or key Amazon Resource Name (ARN). For more information about aliases, refer to [Manage key aliases](~~480655~~).'."\n" + .'>To access a key in a different Alibaba Cloud account, you must specify the key ARN. The key ARN is in the format of `acs:kms:${region}:${account}:key/${keyid}`.', 'type' => 'string', 'required' => true, 'example' => 'key-hzz630494463ejqjx****', 'title' => ''], ], [ - 'name' => 'ResourceType', + 'name' => 'Mac', 'in' => 'query', - 'schema' => [ - 'description' => '', - 'type' => 'string', - 'required' => false, - 'enumValueTitles' => [ - 'qps' => 'qps', - 'vpc' => 'vpc', - 'secret' => 'secret', - 'key' => 'key', - ], - 'example' => 'key', - ], + 'schema' => ['description' => 'The Base64-encoding message authentication code to verify.', 'type' => 'string', 'required' => true, 'example' => 'vz1Snp+jGJbgydCFRWVWxAwIMdyfKCSp+jnMWQ=='."\n", 'title' => ''], + ], + [ + 'name' => 'Message', + 'in' => 'query', + 'schema' => ['description' => 'The original message data. '."\n" + ."\n" + .'Use Base64 encoding. For example, if the hexadecimal content of the message for which you want to generate a message authentication code is `[0x31, 0x32, 0x33, 0x34]`, the corresponding Base64-encoded value is `MTIzNA==`.', 'type' => 'string', 'required' => true, 'example' => 'VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4=', 'title' => ''], + ], + [ + 'name' => 'Algorithm', + 'in' => 'query', + 'schema' => ['description' => 'The algorithm used to generate the message authentication code. Valid values vary based on the key specification: '."\n" + ."\n" + .'- HMAC_SM3'."\n" + ."\n" + .'- HMAC_SHA_224'."\n" + ."\n" + .'- HMAC_SHA_256'."\n" + ."\n" + .'- HMAC_SHA_384'."\n" + ."\n" + .'- HMAC_SHA_512', 'type' => 'string', 'required' => true, 'example' => 'HMAC_SHA_256', 'title' => ''], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => ['description' => 'Specifies whether to enable DryRun mode. Valid values:'."\n" + .'- true: enables DryRun mode.'."\n" + .'- false (default): disables DryRun mode.'."\n" + ."\n" + .'DryRun mode is used to test API calls and verify whether you have the required permissions on the corresponding resources and whether the request parameters are correctly configured. When DryRun mode is enabled, KMS always returns a failure and provides the failure reason. Failure reasons include:'."\n" + .'- DryRunOperationError: The request would succeed if the DryRun parameter is not specified.'."\n" + .'- ValidationError: The parameters specified in the request are invalid.'."\n" + .'- AccessDeniedError: You are not authorized to perform this operation on the KMS resource.', 'type' => 'string', 'required' => false, 'example' => 'false', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ - 'title' => 'Schema of Response', + 'title' => '', 'description' => 'Schema of Response', 'type' => 'object', 'properties' => [ - 'RequestId' => [ - 'title' => 'Id of the request', - 'description' => 'Id of the request', - 'type' => 'string', - 'example' => 'f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f', - ], - 'KmsInstanceId' => [ - 'description' => '', - 'type' => 'string', - 'example' => 'kst-hzz6****', - ], - 'KmsInstanceQuotaInfos' => [ - 'description' => '', - 'type' => 'array', - 'items' => [ - 'type' => 'object', - 'properties' => [ - 'ResourceQuota' => [ - 'description' => '', - 'type' => 'integer', - 'format' => 'int64', - 'example' => '12', - ], - 'ResourceType' => [ - 'description' => '', - 'type' => 'string', - 'example' => 'key', - ], - 'UsedQuantity' => [ - 'description' => '', - 'type' => 'integer', - 'format' => 'int64', - 'example' => '10', - ], - ], - ], - ], + 'RequestId' => ['title' => '', 'description' => 'The request ID. It is a unique identifier generated by Alibaba Cloud for the request and can be used to troubleshoot issues.', 'type' => 'string', 'example' => 'f94ec9d3-2d10-4922-9a5c-5dcd5ebcb5e8'], + 'KeyId' => ['description' => 'The globally unique identifier of the customer master key (CMK).'."\n" + ."\n" + .'> If the KeyId parameter in the request is set to an alias of the CMK, the CMK ID corresponding to the alias is returned in the response.', 'type' => 'string', 'example' => 'key-hzz62f1cb66fa42qo***', 'title' => ''], + 'Algorithm' => ['description' => 'The algorithm used to generate the message authentication code. Valid values vary based on the key specification: '."\n" + ."\n" + .'- HMAC_SM3'."\n" + ."\n" + .'- HMAC_SHA_224'."\n" + ."\n" + .'- HMAC_SHA_256'."\n" + ."\n" + .'- HMAC_SHA_384'."\n" + ."\n" + .'- HMAC_SHA_512', 'type' => 'string', 'example' => 'HMAC_SHA_256', 'title' => ''], + 'Value' => ['description' => 'Indicates whether the message authentication code verification is successful.', 'type' => 'boolean', 'example' => 'true', 'title' => ''], ], + 'example' => '', ], ], ], - 'errorCodes' => [ - 400 => [ - [ - 'errorCode' => 'InvalidParameter', - 'errorMessage' => 'The specified parameter is not valid.', - ], - ], - 403 => [ - [ - 'errorCode' => 'Forbidden.DKMSInstanceStateInvalid', - 'errorMessage' => 'The DKMS instance state is invalid.', - ], - [ - 'errorCode' => 'Forbidden.DKMSInstanceNotFound', - 'errorMessage' => 'The specified DKMS Instance is not found.', - ], - ], - ], - 'staticInfo' => [ - 'returnType' => 'synchronous', + 'staticInfo' => ['returnType' => 'synchronous'], + 'title' => 'Verify HMAC message authentication code', + 'summary' => 'Verifies the HMAC message authentication code of a specific message by using a specified key.', + 'description' => 'For details about the access policy required when a RAM user or RAM role invokes this operation, refer to access control.'."\n" + ."\n" + .'This operation can be invoked through a shared gateway or a dedicated gateway. For more information, refer to Alibaba Cloud SDK.'."\n" + ."\n" + .'- Shared gateway: Access KMS through a public or VPC endpoint. This method requires you to enable the public network access switch. For more information, refer to accessing keys in a KMS instance over the Internet.'."\n" + .'- Dedicated gateway: Access KMS through a KMS private endpoint (<YOUR_KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com).', + 'changeSet' => [], + 'flowControl' => [ + 'flowControlList' => [], ], - 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f\\",\\n \\"KmsInstanceId\\": \\"kst-hzz6****\\",\\n \\"KmsInstanceQuotaInfos\\": [\\n {\\n \\"ResourceQuota\\": 12,\\n \\"ResourceType\\": \\"key\\",\\n \\"UsedQuantity\\": 10\\n }\\n ]\\n}","type":"json"}]', + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"f94ec9d3-2d10-4922-9a5c-5dcd5ebcb5e8\\",\\n \\"KeyId\\": \\"key-hzz62f1cb66fa42qo***\\",\\n \\"Algorithm\\": \\"HMAC_SHA_256\\",\\n \\"Value\\": true\\n}","type":"json"}]', ], ], 'endpoints' => [ + ['regionId' => 'ap-northeast-1', 'regionName' => 'Japan (Tokyo)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.ap-northeast-1.aliyuncs.com', 'endpoint' => 'kms.ap-northeast-1.aliyuncs.com', 'vpc' => 'kms-vpc.ap-northeast-1.aliyuncs.com'], + ['regionId' => 'ap-northeast-2', 'regionName' => 'South Korea (Seoul)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.ap-northeast-2.aliyuncs.com', 'endpoint' => 'kms.ap-northeast-2.aliyuncs.com', 'vpc' => 'kms-vpc.ap-northeast-2.aliyuncs.com'], + ['regionId' => 'ap-southeast-1', 'regionName' => 'Singapore', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.ap-southeast-1.aliyuncs.com', 'endpoint' => 'kms.ap-southeast-1.aliyuncs.com', 'vpc' => 'kms-vpc.ap-southeast-1.aliyuncs.com'], + ['regionId' => 'ap-southeast-2', 'regionName' => 'Australia (Sydney) Closed', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.ap-southeast-2.aliyuncs.com', 'endpoint' => 'kms.ap-southeast-2.aliyuncs.com', 'vpc' => 'kms-vpc.ap-southeast-2.aliyuncs.com'], + ['regionId' => 'ap-southeast-3', 'regionName' => 'Malaysia (Kuala Lumpur)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.ap-southeast-3.aliyuncs.com', 'endpoint' => 'kms.ap-southeast-3.aliyuncs.com', 'vpc' => 'kms-vpc.ap-southeast-3.aliyuncs.com'], + ['regionId' => 'ap-southeast-5', 'regionName' => 'Indonesia (Jakarta)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.ap-southeast-5.aliyuncs.com', 'endpoint' => 'kms.ap-southeast-5.aliyuncs.com', 'vpc' => 'kms-vpc.ap-southeast-5.aliyuncs.com'], + ['regionId' => 'ap-southeast-6', 'regionName' => 'Philippines (Manila)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.ap-southeast-6.aliyuncs.com', 'endpoint' => 'kms.ap-southeast-6.aliyuncs.com', 'vpc' => 'kms-vpc.ap-southeast-6.aliyuncs.com'], + ['regionId' => 'ap-southeast-7', 'regionName' => 'Thailand (Bangkok)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.ap-southeast-7.aliyuncs.com', 'endpoint' => 'kms.ap-southeast-7.aliyuncs.com', 'vpc' => 'kms-vpc.ap-southeast-7.aliyuncs.com'], + ['regionId' => 'cn-beijing', 'regionName' => 'China (Beijing)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.cn-beijing.aliyuncs.com', 'endpoint' => 'kms.cn-beijing.aliyuncs.com', 'vpc' => 'kms-vpc.cn-beijing.aliyuncs.com'], + ['regionId' => 'cn-chengdu', 'regionName' => 'China (Chengdu)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.cn-chengdu.aliyuncs.com', 'endpoint' => 'kms.cn-chengdu.aliyuncs.com', 'vpc' => 'kms-vpc.cn-chengdu.aliyuncs.com'], + ['regionId' => 'cn-fuzhou', 'regionName' => 'China (Fuzhou - Local Region)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.cn-fuzhou.aliyuncs.com', 'endpoint' => 'kms.cn-fuzhou.aliyuncs.com', 'vpc' => 'kms-vpc.cn-fuzhou.aliyuncs.com'], + ['regionId' => 'cn-guangzhou', 'regionName' => 'China (Guangzhou)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.cn-guangzhou.aliyuncs.com', 'endpoint' => 'kms.cn-guangzhou.aliyuncs.com', 'vpc' => 'kms-vpc.cn-guangzhou.aliyuncs.com'], + ['regionId' => 'cn-hangzhou', 'regionName' => 'China (Hangzhou)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.cn-hangzhou.aliyuncs.com', 'endpoint' => 'kms.cn-hangzhou.aliyuncs.com', 'vpc' => 'kms-vpc.cn-hangzhou.aliyuncs.com'], + ['regionId' => 'cn-heyuan', 'regionName' => 'China (Heyuan)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.cn-heyuan.aliyuncs.com', 'endpoint' => 'kms.cn-heyuan.aliyuncs.com', 'vpc' => 'kms-vpc.cn-heyuan.aliyuncs.com'], + ['regionId' => 'cn-hongkong', 'regionName' => 'China (Hong Kong)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.cn-hongkong.aliyuncs.com', 'endpoint' => 'kms.cn-hongkong.aliyuncs.com', 'vpc' => 'kms-vpc.cn-hongkong.aliyuncs.com'], + ['regionId' => 'cn-huhehaote', 'regionName' => 'China (Hohhot)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.cn-huhehaote.aliyuncs.com', 'endpoint' => 'kms.cn-huhehaote.aliyuncs.com', 'vpc' => 'kms-vpc.cn-huhehaote.aliyuncs.com'], + ['regionId' => 'cn-qingdao', 'regionName' => 'China (Qingdao)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.cn-qingdao.aliyuncs.com', 'endpoint' => 'kms.cn-qingdao.aliyuncs.com', 'vpc' => 'kms-vpc.cn-qingdao.aliyuncs.com'], + ['regionId' => 'cn-shanghai', 'regionName' => 'China (Shanghai)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.cn-shanghai.aliyuncs.com', 'endpoint' => 'kms.cn-shanghai.aliyuncs.com', 'vpc' => 'kms-vpc.cn-shanghai.aliyuncs.com'], + ['regionId' => 'cn-shenzhen', 'regionName' => 'China (Shenzhen)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.cn-shenzhen.aliyuncs.com', 'endpoint' => 'kms.cn-shenzhen.aliyuncs.com', 'vpc' => 'kms-vpc.cn-shenzhen.aliyuncs.com'], + ['regionId' => 'cn-wuhan-lr', 'regionName' => 'China (Wuhan - Local Region)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.cn-wuhan-lr.aliyuncs.com', 'endpoint' => 'kms.cn-wuhan-lr.aliyuncs.com', 'vpc' => 'kms-vpc.cn-wuhan-lr.aliyuncs.com'], + ['regionId' => 'cn-wulanchabu', 'regionName' => 'China (Ulanqab)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.cn-wulanchabu.aliyuncs.com', 'endpoint' => 'kms.cn-wulanchabu.aliyuncs.com', 'vpc' => 'kms-vpc.cn-wulanchabu.aliyuncs.com'], + ['regionId' => 'cn-zhangjiakou', 'regionName' => 'China (Zhangjiakou)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.cn-zhangjiakou.aliyuncs.com', 'endpoint' => 'kms.cn-zhangjiakou.aliyuncs.com', 'vpc' => 'kms-vpc.cn-zhangjiakou.aliyuncs.com'], + ['regionId' => 'cn-zhengzhou-jva', 'regionName' => 'Zhengzhou (China Unicom Joint Venture)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'kms.cn-zhengzhou-jva.aliyuncs.com', 'endpoint' => 'kms.cn-zhengzhou-jva.aliyuncs.com', 'vpc' => 'kms-vpc.cn-zhengzhou-jva.aliyuncs.com'], + ['regionId' => 'us-west-1', 'regionName' => 'US (Silicon Valley)', 'areaId' => 'europeAmerica', 'areaName' => 'Europe & Americas', 'public' => 'kms.us-west-1.aliyuncs.com', 'endpoint' => 'kms.us-west-1.aliyuncs.com', 'vpc' => 'kms-vpc.us-west-1.aliyuncs.com'], + ['regionId' => 'us-east-1', 'regionName' => 'US (Virginia)', 'areaId' => 'europeAmerica', 'areaName' => 'Europe & Americas', 'public' => 'kms.us-east-1.aliyuncs.com', 'endpoint' => 'kms.us-east-1.aliyuncs.com', 'vpc' => 'kms-vpc.us-east-1.aliyuncs.com'], + ['regionId' => 'na-south-1', 'regionName' => 'Mexico', 'areaId' => 'europeAmerica', 'areaName' => 'Europe & Americas', 'public' => 'kms.na-south-1.aliyuncs.com', 'endpoint' => 'kms.na-south-1.aliyuncs.com', 'vpc' => 'kms-vpc.na-south-1.aliyuncs.com'], + ['regionId' => 'eu-west-1', 'regionName' => 'UK (London)', 'areaId' => 'europeAmerica', 'areaName' => 'Europe & Americas', 'public' => 'kms.eu-west-1.aliyuncs.com', 'endpoint' => 'kms.eu-west-1.aliyuncs.com', 'vpc' => 'kms-vpc.eu-west-1.aliyuncs.com'], + ['regionId' => 'eu-central-1', 'regionName' => 'Germany (Frankfurt)', 'areaId' => 'europeAmerica', 'areaName' => 'Europe & Americas', 'public' => 'kms.eu-central-1.aliyuncs.com', 'endpoint' => 'kms.eu-central-1.aliyuncs.com', 'vpc' => 'kms-vpc.eu-central-1.aliyuncs.com'], + ['regionId' => 'me-east-1', 'regionName' => 'UAE (Dubai)', 'areaId' => 'middleEast', 'areaName' => 'Middle East', 'public' => 'kms.me-east-1.aliyuncs.com', 'endpoint' => 'kms.me-east-1.aliyuncs.com', 'vpc' => 'kms-vpc.me-east-1.aliyuncs.com'], + ['regionId' => 'me-central-1', 'regionName' => 'Saudi Arabia (Riyadh)', 'areaId' => 'middleEast', 'areaName' => 'Middle East', 'public' => 'kms.me-central-1.aliyuncs.com', 'endpoint' => 'kms.me-central-1.aliyuncs.com', 'vpc' => 'kms-vpc.me-central-1.aliyuncs.com'], + ['regionId' => 'ap-south-1', 'regionName' => 'India (Mumbai) Closed', 'areaId' => 'middleEast', 'areaName' => 'Middle East', 'public' => 'kms.ap-south-1.aliyuncs.com', 'endpoint' => 'kms.ap-south-1.aliyuncs.com', 'vpc' => 'kms-vpc.ap-south-1.aliyuncs.com'], + ['regionId' => 'cn-shenzhen-finance-1', 'regionName' => 'China South 1 Finance', 'areaId' => 'industryCloud', 'areaName' => 'Industry Cloud', 'public' => 'kms.cn-shenzhen-finance-1.aliyuncs.com', 'endpoint' => 'kms.cn-shenzhen-finance-1.aliyuncs.com', 'vpc' => 'kms-vpc.cn-shenzhen-finance-1.aliyuncs.com'], + ['regionId' => 'cn-shanghai-finance-1', 'regionName' => 'China East 2 Finance', 'areaId' => 'industryCloud', 'areaName' => 'Industry Cloud', 'public' => 'kms.cn-shanghai-finance-1.aliyuncs.com', 'endpoint' => 'kms.cn-shanghai-finance-1.aliyuncs.com', 'vpc' => 'kms-vpc.cn-shanghai-finance-1.aliyuncs.com'], + ['regionId' => 'cn-heyuan-acdr-1', 'regionName' => 'Heyuan ACDR Auto', 'areaId' => 'industryCloud', 'areaName' => 'Industry Cloud', 'public' => 'kms.cn-heyuan-acdr-1.aliyuncs.com', 'endpoint' => 'kms.cn-heyuan-acdr-1.aliyuncs.com', 'vpc' => 'kms-vpc.cn-heyuan-acdr-1.aliyuncs.com'], + ['regionId' => 'cn-hangzhou-finance', 'regionName' => 'China East 1 Finance', 'areaId' => 'industryCloud', 'areaName' => 'Industry Cloud', 'public' => 'kms.cn-hangzhou-finance.aliyuncs.com', 'endpoint' => 'kms.cn-hangzhou-finance.aliyuncs.com', 'vpc' => 'kms-vpc.cn-hangzhou-finance.aliyuncs.com'], + ['regionId' => 'cn-beijing-finance-1', 'regionName' => 'China North 2 Finance (Preview)', 'areaId' => 'industryCloud', 'areaName' => 'Industry Cloud', 'public' => 'kms.cn-beijing-finance-1.aliyuncs.com', 'endpoint' => 'kms.cn-beijing-finance-1.aliyuncs.com', 'vpc' => 'kms-vpc.cn-beijing-finance-1.aliyuncs.com'], + ], + 'errorCodes' => [ + ['code' => 'AliasAlreadyExists', 'message' => 'AliasName already exists.', 'http_code' => 400, 'description' => 'Alias already exists.'], + ['code' => 'Certificate.ContentMismatch', 'message' => 'Content mismatch is detected in certificate %s.', 'http_code' => 403, 'description' => 'The content of the certificate does not match.'], + ['code' => 'Certificate.DecryptionError', 'message' => 'Failed to decrypt data with certificate private key.', 'http_code' => 403, 'description' => 'Failed to decrypt data by using the private key of the certificate. Check whether the passed ciphertext or algorithm is valid.'], + ['code' => 'Certificate.Expired', 'message' => 'The certificate has expired or is not yet valid.', 'http_code' => 400, 'description' => 'The certificate is expired or invalid.'], + ['code' => 'Certificate.InvalidPrivateKey', 'message' => 'The private key decrypted is not a valid SM2 private key.', 'http_code' => 403, 'description' => 'The decrypted private key is not a valid SM2-based private key.'], + ['code' => 'Certificate.InvalidSymmetricKey', 'message' => 'The symmetric key length is invalid for algorithm %s.', 'http_code' => 403, 'description' => 'The length of the decrypted symmetric key is invalid.'], + ['code' => 'Certificate.IsInvalid', 'message' => 'CA certificate in the certificate chain has expired.', 'http_code' => 403, 'description' => 'An invalid certificate exists in the certificate chain.'], + ['code' => 'Certificate.NotFound', 'message' => 'The specified certificate is not found.', 'http_code' => 404, 'description' => 'The specified certificate does not exist.'], + ['code' => 'Certificate.ParseError', 'message' => 'Failed to parse the certificate.', 'http_code' => 403, 'description' => 'Failed to parse the certificate.'], + ['code' => 'Certificate.ParseError', 'message' => 'Failed to parse the certificate. Please upload a certificate in the PEM format.', 'http_code' => 403, 'description' => 'Failed to parse the certificate. Upload a certificate in the PEM format.'], + ['code' => 'Certificate.PrivateKeyMismatch', 'message' => 'The private key does not match the public key in certificate.', 'http_code' => 403, 'description' => 'The decrypted private key does not match the public key in the certificate.'], + ['code' => 'Certificate.StatusError', 'message' => 'The certificate has not been activated.', 'http_code' => 404, 'description' => 'The certificate is not activated.'], + ['code' => 'Certificate.UnsupportedKeySpec', 'message' => 'The key type in the certificate is not supported.', 'http_code' => 403, 'description' => 'The key type of the certificate is not supported.'], + ['code' => 'Certificate.UnsupportedOperation', 'message' => 'This operation is not supported for certificates with %s %s.', 'http_code' => 403, 'description' => 'The type or protection level of the key in the certificate does not support the operation.'], + ['code' => 'CreateLXOrderFailed', 'message' => 'Fail to create the order.', 'http_code' => 400, 'description' => 'Failed to create the order.'], + ['code' => 'DependencyViolation.Key', 'message' => 'The dedicated key instance cannot be deleted when some keys dependent with it.', 'http_code' => 400, 'description' => 'The dedicated KSM instance failed to be deleted because keys that depend on the dedicated KMS instance exist.'], + ['code' => 'Duplicate.TagKey', 'message' => 'The specified tagKey is duplicate.', 'http_code' => 400, 'description' => ''], + ['code' => 'Forbidden.Access', 'message' => 'Current ip not in ip white list', 'http_code' => 403, 'description' => 'The IP address is not in the whitelist.'], + ['code' => 'Forbidden.AccessKey', 'message' => null, 'http_code' => null, 'description' => 'This AccessKey is not enabled.'], + ['code' => 'Forbidden.AccessKey', 'message' => 'This AccessKey is not enabled.', 'http_code' => 403, 'description' => 'The AccessKey is not enabled.'], + ['code' => 'Forbidden.AliasNotFound', 'message' => 'The specified Alias is not found.', 'http_code' => 404, 'description' => 'The error message returned because the specified alias does not exist.'], + ['code' => 'Forbidden.DeletionProtection', 'message' => 'The specified key is under delete protection, can not be deleted.', 'http_code' => 403, 'description' => 'Deletion protection is enabled for your key, and you cannot delete your key.'], + ['code' => 'Forbidden.DependencyNotReady', 'message' => 'The dependency resource in your account is not ready. Please try again later.', 'http_code' => 403, 'description' => 'The dependent resources within the account are not ready. Try again later.'], + ['code' => 'Forbidden.DKMSInstanceNotFound', 'message' => 'The specified DKMS Instance is not found.', 'http_code' => 403, 'description' => 'Your dedicated KMS instance is not found.'], + ['code' => 'Forbidden.DKMSInstanceStateInvalid', 'message' => 'The DKMS instance state is invalid.', 'http_code' => 403, 'description' => 'Your dedicated KMS instance is invalid.'], + ['code' => 'Forbidden.ExtendLimit', 'message' => 'The maximum number of client keys is exceeded.', 'http_code' => 403, 'description' => 'The number of client keys has reached the upper limit.'], + ['code' => 'Forbidden.InDebt', 'message' => 'The user has an overdue payment.', 'http_code' => 403, 'description' => 'The current user has overdue payments.'], + ['code' => 'Forbidden.InDebt', 'message' => 'Current user is indebted.', 'http_code' => 403, 'description' => 'Current user is indebted.'], + ['code' => 'Forbidden.InDebtOverdue', 'message' => 'The user has an overdue payment.', 'http_code' => 403, 'description' => 'The current user has overdue payments.'], + ['code' => 'Forbidden.KeyNotFound', 'message' => 'The specified Key is not found.', 'http_code' => 404, 'description' => 'The error message returned because the specified CMK does not exist.'], + ['code' => 'Forbidden.KeyNotFound', 'message' => 'The specified key does not exist.', 'http_code' => 404, 'description' => 'The specified key does not exist.'], + ['code' => 'Forbidden.KeyPolicyUnSupported', 'message' => 'The specified key does not support key policy.', 'http_code' => 400, 'description' => 'The specified key does not support key policies.'], + ['code' => 'Forbidden.KeyVersionNotFound', 'message' => 'The specified Key version is not found.', 'http_code' => 404, 'description' => 'The specified key version cannot be found.'], + ['code' => 'Forbidden.KmsServiceNotEnabled', 'message' => 'KMS has not been activated for the user. Obtain access permissions first.', 'http_code' => 403, 'description' => 'KMS is not activated for the current user. You must obtain the permissions to access KMS.'], + ['code' => 'Forbidden.NoBackup', 'message' => 'this kms instance no backup, forbidden delete.', 'http_code' => 403, 'description' => 'This KMS instance has no backup and is not allowed to be deleted.'], + ['code' => 'Forbidden.NoPermission', 'message' => null, 'http_code' => null, 'description' => 'This operation is forbidden by permission system.'], + ['code' => 'Forbidden.NoPermission', 'message' => 'You are not authorized to perform the operation.', 'http_code' => 403, 'description' => 'You are not authorized to perform the operation.'], + ['code' => 'Forbidden.NoPermission', 'message' => 'This operation is forbidden by permission system.', 'http_code' => 400, 'description' => 'You are not authorized to perform this operation.'], + ['code' => 'Forbidden.NoPermission.SLR', 'message' => 'You are not authorized to perform the action: ram:CreateServiceLinkedRole', 'http_code' => 403, 'description' => 'You are not authorized to perform the ram:CreateServiceLinkedRole operation.'], + ['code' => 'Forbidden.NoRealNameAuthentication', 'message' => 'Real name authentication is needed.', 'http_code' => 400, 'description' => 'You have not passed real name authentication.'], + ['code' => 'Forbidden.Opened', 'message' => 'Your kms service has been opened.', 'http_code' => 400, 'description' => 'You have activated Key Management Service.'], + ['code' => 'Forbidden.ProhibitedByRiskControl', 'message' => 'Current user is prohibited by risk control.', 'http_code' => 403, 'description' => 'The current user does not have access permissions based on risk control rules.'], + ['code' => 'Forbidden.ResourceNotFound', 'message' => 'The resource is not found.', 'http_code' => 404, 'description' => 'The resource does not exist.'], + ['code' => 'Forbidden.ResourceNotFound', 'message' => 'Resource not found.', 'http_code' => 404, 'description' => 'The resource is not found.'], + ['code' => 'Forbidden.ResourceNotFound', 'message' => 'The specified resource is not found.', 'http_code' => 404, 'description' => 'The specified resource cannot be found.'], + ['code' => 'Forbidden.ResourceNotFound', 'message' => 'Policy not found.', 'http_code' => 404, 'description' => ''], + ['code' => 'Forbidden.RotateCommandIdNotFound', 'message' => 'The region does not support key rotation. Rotation commands have not be configured.', 'http_code' => 404, 'description' => 'Rotation is not supported in this region because the command is not specified.'], + ['code' => 'Forbidden.UbsmsInvalidBid', 'message' => 'Your account partner does not support KMS.', 'http_code' => 403, 'description' => 'The cooperative partner of your account does not support KMS.'], + ['code' => 'Forbidden.UbsmsInvalidUserid', 'message' => 'Your user ID is Invalid for UBSMS.', 'http_code' => 403, 'description' => 'Your user ID is invalid for UBSMS.'], + ['code' => 'IllegalTimestamp', 'message' => 'The input parameter Timestamp that is mandatory for processing this request is not supplied.', 'http_code' => 400, 'description' => 'The input parameter timestamp indicates that the request is outside the processing time range.'], + ['code' => 'IllegalTimestamp', 'message' => 'The input parameter "Timestamp" that is required for processing this request is not supplied.', 'http_code' => 400, 'description' => 'The input parameter "Timestamp" was not provided or is invalid (for example, it has expired).'], + ['code' => 'IncompleteSignature', 'message' => null, 'http_code' => null, 'description' => 'The request signature does not conform to Aliyun standards.'], + ['code' => 'IncompleteSignature', 'message' => 'The request signature does not conform to Alibaba Cloud standards.', 'http_code' => 400, 'description' => 'The signature does not match. Check whether the Access Key ID, Access Key secret, and signature method are valid. For more information, see Signature mechanism.'], + ['code' => 'IncompleteSignature', 'message' => 'The request signature does not conform to Aliyun standards.', 'http_code' => 400, 'description' => 'The signature does not conform to standards.'], + ['code' => 'InternalFailure', 'message' => null, 'http_code' => null, 'description' => 'Internal Failure.'], + ['code' => 'InternalFailure', 'message' => 'Internal Failure.', 'http_code' => 500, 'description' => ''], + ['code' => 'InternalFailure', 'message' => 'An internal error occurred.', 'http_code' => 500, 'description' => 'An internal error occurred.'], + ['code' => 'InternalFailure', 'message' => 'Internal Failure', 'http_code' => 500, 'description' => 'An internal error occurred.'], + ['code' => 'InvalidAccessKeyId.NotFound', 'message' => 'The specified AccessKey ID does not exist.', 'http_code' => 404, 'description' => 'The AccessKey ID is not found.'], + ['code' => 'InvalidHeader', 'message' => 'The specified header is not valid.', 'http_code' => 400, 'description' => 'The specified request header in your request is invalid.'], + ['code' => 'InvalidInstance.NotFound', 'message' => 'The specified ECS instance is not found.', 'http_code' => 404, 'description' => 'The specified ECS instance is not found.'], + ['code' => 'InvalidParameter', 'message' => null, 'http_code' => null, 'description' => 'Invalid parameter.'], + ['code' => 'InvalidParameter', 'message' => 'The specified parameter is invalid.', 'http_code' => 400, 'description' => 'An invalid value is specified for the parameter.'], + ['code' => 'InvalidParameter', 'message' => 'The specified parameter is not valid.', 'http_code' => 400, 'description' => 'An invalid value is specified for the parameter.'], + ['code' => 'InvalidParameter', 'message' => 'The specified parameter RotationInterval is not valid.', 'http_code' => 400, 'description' => 'Invalid RotationInterval parameter value.'], + ['code' => 'InvalidParameter.TagKey', 'message' => 'The specified parameter is not valid.', 'http_code' => 400, 'description' => ''], + ['code' => 'InvalidParameter.TagValue', 'message' => 'The specified parameter is not valid.', 'http_code' => 400, 'description' => ''], + ['code' => 'InvalidResourceId.NotFound', 'message' => 'The specified ResourceId is not found.', 'http_code' => 404, 'description' => ''], + ['code' => 'MissingHeader', 'message' => 'The request header is required.', 'http_code' => 400, 'description' => 'The request header is not specified.'], + ['code' => 'MissingParameter', 'message' => null, 'http_code' => null, 'description' => 'Missing parameter.'], + ['code' => 'MissingParameter', 'message' => 'The parameter needed but no provided.', 'http_code' => 400, 'description' => 'The required parameters are not specified.'], + ['code' => 'ParseRequestHeaderException', 'message' => 'The server cannot parse the request header.', 'http_code' => 400, 'description' => 'The server failed to parse the request header. Check the request header information.'], + ['code' => 'ParseRequestParameterException', 'message' => 'The server cannot parse the request parameters.', 'http_code' => 400, 'description' => 'The server failed to parse the parameters. Check the input parameters.'], + ['code' => 'ParseRequestParameterException', 'message' => 'server parse parameters exception,please check your input params.', 'http_code' => 400, 'description' => 'Failed to parse the parameter.'], + ['code' => 'PrivateCA.CertificateMismatch', 'message' => 'The certificate authority certificate you are importing does not comply with conditions specified in the certificate that signed it.', 'http_code' => 400, 'description' => 'The certificate does not match.'], + ['code' => 'PrivateCA.InvalidState', 'message' => 'The state of the private CA does not allow this action to occur.', 'http_code' => 400, 'description' => 'The status of the CA certificate does not support the current operation.'], + ['code' => 'PrivateCA.MalformedCertificate', 'message' => 'One or more fields in the certificate are invalid.', 'http_code' => 400, 'description' => 'Failed to read or parse the certificate.'], + ['code' => 'PrivateCA.MalformedCertificateChain', 'message' => 'One or more certificates in the certificate chain are invalid.', 'http_code' => 400, 'description' => 'Failed to read or parse the certificate chain.'], + ['code' => 'PrivateCA.MalformedCSR', 'message' => 'The certificate signing request is invalid.', 'http_code' => 400, 'description' => 'Failed to read or parse the CSR file.'], + ['code' => 'PrivateCA.ResourceNotFound', 'message' => 'A resource such as a private CA or certificate cannot be found.', 'http_code' => 400, 'description' => 'The specified resource cannot be found.'], + ['code' => 'Rejected.AvailableVSwitchNotEnough', 'message' => 'The vSwitch does not have enough IP addresses for creating dedicated KMS instances.', 'http_code' => 400, 'description' => 'Your vSwitch does not have sufficient IP addresses to create dedicated KMS instances.'], + ['code' => 'Rejected.Connecting', 'message' => 'The request was denied. The DKMS Instance is connecting to CloudHSM instance.', 'http_code' => 409, 'description' => 'The request is rejected because the dedicated KMS instance is connecting to an HSM cluster.'], + ['code' => 'Rejected.Creating', 'message' => 'The request was denied. The secret is creating.', 'http_code' => 409, 'description' => 'The secret is being created.'], + ['code' => 'Rejected.Disabled', 'message' => null, 'http_code' => null, 'description' => 'The specified Key is not Enable.'], + ['code' => 'Rejected.Disabled', 'message' => 'The request was rejected because the key state is Disabled.', 'http_code' => 409, 'description' => 'The request was rejected because the key state is Disabled.'], + ['code' => 'Rejected.DisabledAutomaticRotation', 'message' => 'The request was rejected because the secret has been disabled to rotate automatically.', 'http_code' => 403, 'description' => 'The request is rejected because invalid secrets cannot be automatically rotated.'], + ['code' => 'Rejected.InvalidRequest', 'message' => 'The parameter values do not match.', 'http_code' => 400, 'description' => 'The parameters do not match.'], + ['code' => 'Rejected.LimitExceeded', 'message' => null, 'http_code' => null, 'description' => 'User Key Limit Exceeded.'], + ['code' => 'Rejected.LimitExceeded', 'message' => 'The secret quota is exceeded.', 'http_code' => 400, 'description' => 'You cannot create more resources.'], + ['code' => 'Rejected.LimitExceeded', 'message' => 'The request was rejected because user create resource limit was exceeded', 'http_code' => 400, 'description' => 'The request is rejected because the number of created resources reaches the upper limit.'], + ['code' => 'Rejected.NotInRotating', 'message' => 'The secret cannot be rotated. Access denied.', 'http_code' => 409, 'description' => 'The request is denied. Your secret cannot be rotated.'], + ['code' => 'Rejected.PendingDeletion', 'message' => 'The request was rejected because the key state is PendingDeletion.', 'http_code' => 409, 'description' => 'The request was rejected because the key state is PendingDeletion.'], + ['code' => 'Rejected.Replicating', 'message' => 'The request was denied. The secret is replicating.', 'http_code' => 409, 'description' => 'The request is rejected because your secret is being copied.'], + ['code' => 'Rejected.ResourceConflict', 'message' => 'Please check whether the key index 1024 is available.', 'http_code' => 409, 'description' => 'Check whether the key index is valid.'], + ['code' => 'Rejected.ResourceExist', 'message' => 'The request was rejected because the resource already exists.', 'http_code' => 409, 'description' => 'The resource already exists.'], + ['code' => 'Rejected.ResourceExist', 'message' => 'The resource already exists.', 'http_code' => 409, 'description' => 'The resource already exists.'], + ['code' => 'Rejected.ResourceInDeleteWindow', 'message' => 'The secret is planned to be deleted.', 'http_code' => 409, 'description' => 'The secret is to be deleted.'], + ['code' => 'Rejected.ResourceInUse', 'message' => 'The operation failed because the secret is not in the pre-deletion state.', 'http_code' => 409, 'description' => 'You cannot call this operation because the secret is not in the pending deletion state.'], + ['code' => 'Rejected.Rotating', 'message' => 'The request was denied. The secret is rotating.', 'http_code' => 403, 'description' => 'The access is denied because the secret is being rotated.'], + ['code' => 'Rejected.SecretType', 'message' => 'The request was denied. The secret type does not support the action.', 'http_code' => 403, 'description' => 'The request is denied because the secret type does not support the operation.'], + ['code' => 'Rejected.SecurityGroupLimitExceeded', 'message' => 'The request was rejected because user create resource limit was exceeded', 'http_code' => 400, 'description' => 'You cannot create more security groups.'], + ['code' => 'Rejected.ShareQuotaExceedLimit', 'message' => 'Instance Share Quota Exceed Limit.', 'http_code' => 400, 'description' => 'The instance share quota exceeds the limit.'], + ['code' => 'Rejected.StateModifiedFailed', 'message' => null, 'http_code' => null, 'description' => 'Keystate modified failed.'], + ['code' => 'Rejected.StateModifiedFailed', 'message' => 'keystate modified failed', 'http_code' => 409, 'description' => 'Failed to modify the status of the key.'], + ['code' => 'Rejected.Throttling', 'message' => 'The QPS upper limit is exceeded.', 'http_code' => 429, 'description' => 'The traffic reaches the upper limit.'], + ['code' => 'Rejected.Throttling', 'message' => 'QPS Limit Exceeded', 'http_code' => 429, 'description' => 'The QPS reaches the upper limit.'], + ['code' => 'Rejected.Unavailable', 'message' => 'The request was rejected because the key state is Unavailable.', 'http_code' => 409, 'description' => 'The request was denied because the key status is unavailable.'], + ['code' => 'Rejected.UnsupportedOperation', 'message' => 'Unsupported operation.', 'http_code' => 400, 'description' => 'The operation is not supported.'], + ['code' => 'Rejected.UnsupportedOperation', 'message' => 'You cannot perform an operation on the specified key.', 'http_code' => 400, 'description' => 'This API does not support operations on the key.'], + ['code' => 'Rejected.VSwitchNotEnable', 'message' => 'The vSwitch is not enabled.', 'http_code' => 400, 'description' => 'The vSwitch is not enabled.'], + ['code' => 'Rejected.VSwitchNotFound', 'message' => 'The vSwitch is not found.', 'http_code' => 404, 'description' => 'The vSwitch is not found.'], + ['code' => 'SerivceUnvailableTemporary', 'message' => 'The service is temporarily unavailable.', 'http_code' => 503, 'description' => 'The service is temporary unavailable.'], + ['code' => 'SerivceUnvailableTemporary', 'message' => 'Service Unvailable Temporary', 'http_code' => 503, 'description' => 'The service is temporarily unavailable.'], + ['code' => 'Unsupported.Alias', 'message' => 'Alias is not valid for this api', 'http_code' => 400, 'description' => 'The alias is invalid.'], + ['code' => 'Unsupported.NetworkTypeVerify', 'message' => 'The specified region does not support the VPC network type.', 'http_code' => 400, 'description' => 'KMS in the specified region does not support the VPC network type.'], + ['code' => 'Unsupported.Origin', 'message' => 'The key origin is invalid for this API operation.', 'http_code' => 400, 'description' => 'The key origin is invalid for this API operation.'], + ['code' => 'Unsupported.Origin', 'message' => 'This key origin is not valid for this api', 'http_code' => 400, 'description' => 'The key origin is not supported for this API operation.'], + ['code' => 'Unsupported.ProtectionLevel', 'message' => 'This protection level is not valid for this region.', 'http_code' => 400, 'description' => 'This protection level is not supported in the region.'], + ['code' => 'Unsupported.SecretType', 'message' => 'This secret type is not valid for this api.', 'http_code' => 400, 'description' => 'The specified secret type is not supported.'], + ['code' => 'Unsupported.UserType', 'message' => 'RAM cannot create a service linked role for a BID account.', 'http_code' => 403, 'description' => 'RAM does not support creating service-linked roles for virtual users.'], + ['code' => 'UnsupportedHTTPMethod', 'message' => null, 'http_code' => null, 'description' => 'This http method not supported.'], + ['code' => 'UnsupportedHTTPMethod', 'message' => 'This http method not supported.', 'http_code' => 400, 'description' => 'The HTTP method is not supported.'], + ['code' => 'UnsupportedHTTPMethod', 'message' => 'This http method is not supported.', 'http_code' => 400, 'description' => 'The HTTP method is not supported.'], + ['code' => 'UnsupportedOperation', 'message' => 'This action is not supported.', 'http_code' => 400, 'description' => 'The operation is not supported.'], + ['code' => 'UnsupportedOperation.NotPrimaryReplica', 'message' => 'This replica is not primary. Only the primary replica can be updated or deleted.', 'http_code' => 400, 'description' => 'This replica is not the primary replica. Only the primary replica can be updated or deleted.'], + ], + 'changeSet' => [ [ - 'regionId' => 'cn-qingdao', - 'endpoint' => 'kms.cn-qingdao.aliyuncs.com', - ], - [ - 'regionId' => 'cn-beijing', - 'endpoint' => 'kms.cn-beijing.aliyuncs.com', - ], - [ - 'regionId' => 'cn-zhangjiakou', - 'endpoint' => 'kms.cn-zhangjiakou.aliyuncs.com', - ], - [ - 'regionId' => 'cn-zhengzhou-jva', - 'endpoint' => 'kms.cn-zhengzhou-jva.aliyuncs.com', - ], - [ - 'regionId' => 'cn-huhehaote', - 'endpoint' => 'kms.cn-huhehaote.aliyuncs.com', - ], - [ - 'regionId' => 'cn-wulanchabu', - 'endpoint' => 'kms.cn-wulanchabu.aliyuncs.com', - ], - [ - 'regionId' => 'cn-hangzhou', - 'endpoint' => 'kms.cn-hangzhou.aliyuncs.com', - ], - [ - 'regionId' => 'cn-shanghai', - 'endpoint' => 'kms.cn-shanghai.aliyuncs.com', - ], - [ - 'regionId' => 'cn-fuzhou', - 'endpoint' => 'kms.cn-fuzhou.aliyuncs.com', - ], - [ - 'regionId' => 'cn-shenzhen', - 'endpoint' => 'kms.cn-shenzhen.aliyuncs.com', - ], - [ - 'regionId' => 'cn-heyuan', - 'endpoint' => 'kms.cn-heyuan.aliyuncs.com', - ], - [ - 'regionId' => 'cn-guangzhou', - 'endpoint' => 'kms.cn-guangzhou.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'ListManagedQuotas'], + ], + 'createdAt' => '2026-01-26T07:51:47.000Z', + 'description' => '', ], [ - 'regionId' => 'cn-chengdu', - 'endpoint' => 'kms.cn-chengdu.aliyuncs.com', + 'apis' => [ + ['description' => 'Response parameters changed', 'api' => 'GetKmsInstance'], + ], + 'createdAt' => '2025-11-28T01:56:41.000Z', + 'description' => '', ], [ - 'regionId' => 'cn-hongkong', - 'endpoint' => 'kms.cn-hongkong.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'GetKmsInstance'], + ], + 'createdAt' => '2025-11-27T11:59:54.000Z', + 'description' => '', ], [ - 'regionId' => 'ap-northeast-1', - 'endpoint' => 'kms.ap-northeast-1.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'GetKmsInstance'], + ], + 'createdAt' => '2025-11-27T11:59:49.000Z', + 'description' => '', ], [ - 'regionId' => 'ap-northeast-2', - 'endpoint' => 'kms.ap-northeast-2.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'GetKmsInstance'], + ['description' => 'OpenAPI offline', 'api' => 'GetKmsInstance'], + ], + 'createdAt' => '2025-11-27T11:47:41.000Z', + 'description' => '', ], [ - 'regionId' => 'ap-southeast-1', - 'endpoint' => 'kms.ap-southeast-1.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'GetKmsInstance'], + ], + 'createdAt' => '2025-11-27T11:42:12.000Z', + 'description' => '', ], [ - 'regionId' => 'ap-southeast-2', - 'endpoint' => 'kms.ap-southeast-2.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'GetKmsInstance'], + ], + 'createdAt' => '2025-11-27T11:39:16.000Z', + 'description' => '', ], [ - 'regionId' => 'ap-southeast-3', - 'endpoint' => 'kms.ap-southeast-3.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'GetKmsInstanceQuotaInfos'], + ], + 'createdAt' => '2025-11-27T08:32:27.000Z', + 'description' => '', ], [ - 'regionId' => 'ap-southeast-5', - 'endpoint' => 'kms.ap-southeast-5.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'GetKmsInstanceQuotaInfos'], + ['description' => 'OpenAPI offline', 'api' => 'GetKmsInstance'], + ], + 'createdAt' => '2025-11-27T08:17:00.000Z', + 'description' => '', ], [ - 'regionId' => 'ap-southeast-6', - 'endpoint' => 'kms.ap-southeast-6.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'GetKmsInstanceQuotaInfos'], + ['description' => 'OpenAPI offline', 'api' => 'GetKmsInstance'], + ], + 'createdAt' => '2025-11-27T08:15:59.000Z', + 'description' => '', ], [ - 'regionId' => 'us-east-1', - 'endpoint' => 'kms.us-east-1.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'GetKmsInstanceQuotaInfos'], + ['description' => 'OpenAPI offline', 'api' => 'GetKmsInstance'], + ], + 'createdAt' => '2025-11-27T07:58:43.000Z', + 'description' => '', ], [ - 'regionId' => 'us-west-1', - 'endpoint' => 'kms.us-west-1.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'GetKmsInstanceQuotaInfos'], + ['description' => 'OpenAPI offline', 'api' => 'GetKmsInstance'], + ], + 'createdAt' => '2025-11-18T03:35:59.000Z', + 'description' => '', ], [ - 'regionId' => 'eu-west-1', - 'endpoint' => 'kms.eu-west-1.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'GetKmsInstance'], + ], + 'createdAt' => '2025-11-18T03:28:08.000Z', + 'description' => '', ], [ - 'regionId' => 'eu-central-1', - 'endpoint' => 'kms.eu-central-1.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'GetKmsInstance'], + ], + 'createdAt' => '2025-11-18T02:37:21.000Z', + 'description' => '', ], [ - 'regionId' => 'ap-south-1', - 'endpoint' => 'kms.ap-south-1.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'ListManagedQuotas'], + ], + 'createdAt' => '2025-10-27T07:26:20.000Z', + 'description' => '', ], [ - 'regionId' => 'me-east-1', - 'endpoint' => 'kms.me-east-1.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'ListManagedQuotas'], + ], + 'createdAt' => '2025-10-27T07:26:15.000Z', + 'description' => '', ], [ - 'regionId' => 'cn-hangzhou-finance', - 'endpoint' => 'kms.cn-hangzhou-finance.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'ListClientKeys'], + ['description' => 'OpenAPI offline', 'api' => 'ListApplicationAccessPoints'], + ], + 'createdAt' => '2025-10-16T05:41:36.000Z', + 'description' => '', ], [ - 'regionId' => 'cn-shanghai-finance-1', - 'endpoint' => 'kms.cn-shanghai-finance-1.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'ListClientKeys'], + ['description' => 'OpenAPI offline', 'api' => 'ListApplicationAccessPoints'], + ], + 'createdAt' => '2025-10-16T05:41:35.000Z', + 'description' => '', ], [ - 'regionId' => 'cn-shenzhen-finance-1', - 'endpoint' => 'kms.cn-shenzhen-finance-1.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'DescribeRegions'], + ['description' => 'OpenAPI offline', 'api' => 'OpenKmsService'], + ], + 'createdAt' => '2025-08-21T07:47:03.000Z', + 'description' => '', ], [ - 'regionId' => 'ap-southeast-7', - 'endpoint' => 'kms.ap-southeast-7.aliyuncs.com', + 'apis' => [ + ['description' => 'OpenAPI offline', 'api' => 'DescribeRegions'], + ['description' => 'OpenAPI offline', 'api' => 'OpenKmsService'], + ], + 'createdAt' => '2025-08-21T07:47:03.000Z', + 'description' => '', ], [ - 'regionId' => 'cn-beijing-finance-1', - 'endpoint' => 'kms.cn-beijing-finance-1.aliyuncs.com', + 'apis' => [ + ['description' => 'Response parameters changed', 'api' => 'ListKeys'], + ], + 'createdAt' => '2025-08-21T07:38:13.000Z', + 'description' => '', ], [ - 'regionId' => 'me-central-1', - 'endpoint' => 'kms.me-central-1.aliyuncs.com', + 'apis' => [ + ['description' => 'Response parameters changed', 'api' => 'ListKeys'], + ], + 'createdAt' => '2025-08-21T07:38:13.000Z', + 'description' => '', ], - [ - 'regionId' => 'cn-wuhan-lr', - 'endpoint' => 'kms.cn-wuhan-lr.aliyuncs.com', + ], + 'flowControl' => [ + 'flowControlList' => [ + ['threshold' => '-1', 'countWindow' => 1, 'regionId' => '*'], + ['threshold' => '1000', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListTagResources'], + ['threshold' => '1000', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UntagResources'], + ['threshold' => '1000', 'countWindow' => 1, 'regionId' => '*', 'api' => 'TagResources'], ], ], ]; |
