diff options
Diffstat (limited to 'data/en_us/kms')
| -rw-r--r-- | data/en_us/kms/2016-01-20/api-docs.php | 11443 |
1 files changed, 11443 insertions, 0 deletions
diff --git a/data/en_us/kms/2016-01-20/api-docs.php b/data/en_us/kms/2016-01-20/api-docs.php new file mode 100644 index 0000000..5bafa05 --- /dev/null +++ b/data/en_us/kms/2016-01-20/api-docs.php @@ -0,0 +1,11443 @@ +<?php return [ + 'version' => '1.0', + 'info' => [ + 'style' => 'RPC', + 'product' => 'Kms', + 'version' => '2016-01-20', + ], + 'directories' => [ + [ + 'id' => 244879, + 'title' => null, + 'type' => 'directory', + 'children' => [ + 'DescribeRegions', + 'DescribeAccountKmsStatus', + 'OpenKmsService', + ], + ], + [ + 'id' => 244883, + 'title' => null, + 'type' => 'directory', + 'children' => [ + 'ListKmsInstances', + 'ConnectKmsInstance', + 'GetKmsInstance', + 'UpdateKmsInstanceBindVpc', + 'ReleaseKmsInstance', + 'GetDefaultKmsInstance', + ], + ], + [ + 'id' => 244890, + 'title' => null, + 'type' => 'directory', + 'children' => [ + 'CreateKey', + 'ListKeys', + 'DescribeKey', + 'UpdateKeyDescription', + 'EnableKey', + 'DisableKey', + 'GetPublicKey', + 'CreateAlias', + 'ListAliases', + 'ListAliasesByKeyId', + 'DeleteAlias', + 'UpdateAlias', + 'GetParametersForImport', + 'ImportKeyMaterial', + 'DeleteKeyMaterial', + 'ScheduleKeyDeletion', + 'CancelKeyDeletion', + 'SetDeletionProtection', + 'UpdateRotationPolicy', + 'DescribeKeyVersion', + 'CreateKeyVersion', + 'ListKeyVersions', + 'SetKeyPolicy', + 'GetKeyPolicy', + ], + ], + [ + 'id' => 244915, + 'title' => null, + 'type' => 'directory', + 'children' => [ + 'GenerateDataKey', + 'GenerateAndExportDataKey', + 'Encrypt', + 'Decrypt', + 'ReEncrypt', + 'ExportDataKey', + 'GenerateDataKeyWithoutPlaintext', + 'AsymmetricSign', + 'AsymmetricVerify', + 'AsymmetricEncrypt', + 'AsymmetricDecrypt', + ], + ], + [ + 'id' => 244927, + 'title' => null, + 'type' => 'directory', + 'children' => [ + 'CreateSecret', + 'DeleteSecret', + 'UpdateSecret', + 'UpdateSecretVersionStage', + 'UpdateSecretRotationPolicy', + 'ListSecrets', + 'DescribeSecret', + 'GetSecretValue', + 'ListSecretVersionIds', + 'GetRandomPassword', + 'PutSecretValue', + 'RestoreSecret', + 'RotateSecret', + 'SetSecretPolicy', + 'GetSecretPolicy', + ], + ], + [ + 'id' => 244954, + 'title' => null, + 'type' => 'directory', + 'children' => [ + 'UntagResources', + 'ListTagResources', + 'TagResources', + 'ListResourceTags', + 'TagResource', + 'UntagResource', + ], + ], + [ + 'id' => 244961, + 'title' => null, + 'type' => 'directory', + 'children' => [ + 'CreateNetworkRule', + 'ListNetworkRules', + 'DescribeNetworkRule', + 'UpdateNetworkRule', + 'DeleteNetworkRule', + 'CreatePolicy', + 'ListPolicies', + 'DescribePolicy', + 'UpdatePolicy', + 'DeletePolicy', + 'CreateApplicationAccessPoint', + 'ListApplicationAccessPoints', + 'DescribeApplicationAccessPoint', + 'UpdateApplicationAccessPoint', + 'DeleteApplicationAccessPoint', + 'CreateClientKey', + 'ListClientKeys', + 'GetClientKey', + 'DeleteClientKey', + ], + ], + [ + 'id' => 0, + 'title' => '其它', + 'type' => 'directory', + 'children' => [ + 'GetKmsInstanceQuotaInfos', + ], + ], + ], + 'components' => [ + 'schemas' => [], + ], + 'apis' => [ + 'DescribeRegions' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54561', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request.', + 'type' => 'string', + 'example' => '815240e2-aa37-4c26-9cca-05d4df3e8fe6', + ], + 'Regions' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'Region' => [ + 'description' => 'The region.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'RegionId' => [ + 'description' => 'The region ID.'."\n", + 'type' => 'string', + 'example' => 'cn-hangzhou', + ], + ], + ], + ], + ], + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"815240e2-aa37-4c26-9cca-05d4df3e8fe6\\",\\n \\"Regions\\": {\\n \\"Region\\": [\\n {\\n \\"RegionId\\": \\"cn-hangzhou\\"\\n }\\n ]\\n }\\n}","errorExample":"//xml response\\n<KMS>\\n\\t<Regions>\\n\\t\\t<Region>\\n\\t\\t\\t<RegionId>cn-beijing</RegionId>\\n\\t\\t</Region>\\n\\t\\t<Region>\\n\\t\\t\\t<RegionId>cn-hangzhou</RegionId>\\n\\t\\t</Region>\\n\\t</Regions>\\n\\t<RequestId>815240e2-aa37-4c26-9cca-05d4df3e8fe6</RequestId>\\n</KMS>\\n"},{"type":"xml","example":"<KMS>\\r\\n\\t<Regions>\\r\\n\\t\\t<Region>\\r\\n\\t\\t\\t<RegionId>cn-beijing</RegionId>\\r\\n\\t\\t</Region>\\r\\n\\t\\t<Region>\\r\\n\\t\\t\\t<RegionId>cn-hangzhou</RegionId>\\r\\n\\t\\t</Region>\\r\\n\\t</Regions>\\r\\n\\t<RequestId>815240e2-aa37-4c26-9cca-05d4df3e8fe6</RequestId>\\r\\n</KMS>","errorExample":"//json response\\n{\\n \\"Regions\\": {\\n \\"Region\\": [\\n {\\n \\"RegionId\\": \\"cn-beijing\\"\\n },\\n {\\n \\"RegionId\\": \\"cn-hangzhou\\"\\n }\\n ]\\n },\\n \\"RequestId\\": \\"815240e2-aa37-4c26-9cca-05d4df3e8fe6\\"\\n}\\n"}]', + 'title' => 'DescribeRegions', + 'summary' => 'Queries available regions for the current account.', + 'description' => '## Debugging'."\n" + ."\n" + .'[OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.](https://api.aliyun.com/#product=Kms\\&api=DescribeRegions\\&type=RPC\\&version=2016-01-20)'."\n", + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'DescribeAccountKmsStatus' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54556', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'AccountStatus' => [ + 'description' => 'The status of KMS within your Alibaba cloud account. Valid values:'."\n" + ."\n" + .'* Enabled: KMS is enabled.'."\n" + ."\n" + .'* NotEnabled: KMS is disabled.'."\n" + ."\n" + .'* InDebt: Your account is overdue, and KMS stops providing services.'."\n" + ."\n" + .'> If your Alibaba Cloud account is overdue, top up your account at the earliest opportunity to avoid impacts on your services.'."\n" + ."\n" + .'* Suspended: KMS is suspended.', + 'type' => 'string', + 'example' => 'Enabled', + ], + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '3ac84333-d64d-4784-a8bc-997834a7ac6c', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 403 => [ + [ + 'errorCode' => 'Forbidden.NoPermission', + 'errorMessage' => 'This operation is forbidden by permission system.', + ], + ], + [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"AccountStatus\\": \\"Enabled\\",\\n \\"RequestId\\": \\"3ac84333-d64d-4784-a8bc-997834a7ac6c\\"\\n}","errorExample":""},{"type":"xml","example":"<DescribeAccountKmsStatusResponse>\\n <AccountStatus>Enabled</AccountStatus>\\n <RequestId>3ac84333-d64d-4784-a8bc-997834a7ac6c</RequestId>\\n</DescribeAccountKmsStatusResponse>","errorExample":""}]', + 'title' => 'DescribeAccountKmsStatus', + 'summary' => 'Queries the status of Key Management Service (KMS) within your Alibaba Cloud account.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'OpenKmsService' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + 'abilityTreeCode' => '54596', + 'abilityTreeNodes' => [ + 'FEATUREkms586TOR', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => '3455b9b4-95c1-419d-b310-db6a53b09a39', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'CreateLXOrderFailed', + 'errorMessage' => 'Create order failed.', + ], + [ + 'errorCode' => 'Forbidden.NoRealNameAuthentication', + 'errorMessage' => 'Real name authentication is needed.', + ], + [ + 'errorCode' => 'Forbidden.Opened', + 'errorMessage' => 'Your kms service has been opened.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3455b9b4-95c1-419d-b310-db6a53b09a39\\"\\n}","errorExample":""},{"type":"xml","example":"<KMS>\\n <RequestId>3455b9b4-95c1-419d-b310-db6a53b09a39</RequestId>\\n</KMS>","errorExample":""}]', + 'title' => 'OpenKmsService', + 'summary' => 'Activates Key Management Service (KMS) under your Alibaba cloud account.', + 'description' => 'When you call this operation, note that:'."\n" + ."\n" + .'- KMS is a paid service. For more information about the billing method, see [Billing description](https://www.alibabacloud.com/help/en/key-management-service/latest/billing-billing).'."\n" + .'- An Alibaba Cloud account can activate KMS only once.'."\n" + .'- Make sure that your Alibaba Cloud account has passed real-name authentication.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'ListKmsInstances' => [ + 'summary' => 'Queries a list of Key Management Service (KMS) instances.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'abilityTreeCode' => '191383', + 'abilityTreeNodes' => [ + 'FEATUREkms586TOR', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [ + [ + 'name' => 'PageNumber', + 'in' => 'query', + 'schema' => [ + 'description' => 'The page number. Default value: 1.', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'query', + 'schema' => [ + 'description' => 'The number of entries per page. Valid values: 1 to 100. Default value: 20.', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '10', + ], + ], + [ + 'name' => 'Filters', + 'in' => 'query', + 'schema' => [ + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'Schema of Response', + 'description' => 'Schema of Response', + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'title' => 'Id of the request', + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.', + 'type' => 'string', + 'example' => 'd3eca5c8-a856-4347-8eb6-e1898c3fda2e', + ], + 'KmsInstances' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'KmsInstance' => [ + 'description' => 'A list of KMS instances.', + 'type' => 'array', + 'items' => [ + 'description' => 'A list of KMS instances.', + 'type' => 'object', + 'properties' => [ + 'KmsInstanceArn' => [ + 'description' => 'The ARN of the KMS instance.', + 'type' => 'string', + 'example' => 'acs:kms:pre-hangzhou:120708975881****:keystore/kst-phzz64c9f84eo32dbs****', + ], + 'KmsInstanceId' => [ + 'description' => 'The ID of the KMS instance.', + 'type' => 'string', + 'example' => 'kst-phzz64c9f84eo32dbs****', + ], + ], + ], + ], + ], + ], + 'TotalCount' => [ + 'description' => 'The total number of KMS instances.', + 'type' => 'integer', + 'format' => 'int64', + 'example' => '1', + ], + 'PageNumber' => [ + 'description' => 'The page number.', + 'type' => 'integer', + 'format' => 'int64', + 'example' => '1', + ], + 'PageSize' => [ + 'description' => 'The number of entries per page.', + 'type' => 'integer', + 'format' => 'int64', + 'example' => '10', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'IllegalTimestamp', + 'errorMessage' => 'The input parameter Timestamp that is mandatory for processing this request is not supplied.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"d3eca5c8-a856-4347-8eb6-e1898c3fda2e\\",\\n \\"KmsInstances\\": {\\n \\"KmsInstance\\": [\\n {\\n \\"KmsInstanceArn\\": \\"acs:kms:pre-hangzhou:120708975881****:keystore/kst-phzz64c9f84eo32dbs****\\",\\n \\"KmsInstanceId\\": \\"kst-phzz64c9f84eo32dbs****\\"\\n }\\n ]\\n },\\n \\"TotalCount\\": 1,\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10\\n}","errorExample":""},{"type":"xml","example":"<ListKmsInstancesResponse>\\n <RequestId>d3eca5c8-a856-4347-8eb6-e1898c3fda2e</RequestId>\\n <KmsInstances>\\n <KmsInstanceArn>acs:kms:pre-hangzhou:120708975881****:keystore/kst-phzz64c9f84eo32dbs****</KmsInstanceArn>\\n <KmsInstanceId>kst-phzz64c9f84eo32dbs****</KmsInstanceId>\\n </KmsInstances>\\n <TotalCount>1</TotalCount>\\n <PageNumber>1</PageNumber>\\n <PageSize>10</PageSize>\\n</ListKmsInstancesResponse>","errorExample":""}]', + 'title' => 'ListKmsInstances', + ], + 'ConnectKmsInstance' => [ + 'summary' => 'Enables a Key Management Service (KMS) instance.', + 'methods' => [ + 'post', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'none', + 'abilityTreeCode' => '190287', + 'abilityTreeNodes' => [ + 'FEATUREkms586TOR', + ], + ], + 'parameters' => [ + [ + 'name' => 'KmsInstanceId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the KMS instance that you want to enable.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'kst-phzz64f722a1buamw0****', + ], + ], + [ + 'name' => 'VpcId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the virtual private cloud (VPC) that is associated with the KMS instance.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'vpc-bp19z7cwmltad5dff****', + ], + ], + [ + 'name' => 'ZoneIds', + 'in' => 'query', + 'schema' => [ + 'description' => 'The two zones for the KMS instance. Dual-zone deployment improves service availability and disaster recovery capabilities.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'cn-hangzhou-k,cn-hangzhou-j', + ], + ], + [ + 'name' => 'VSwitchIds', + 'in' => 'query', + 'schema' => [ + 'description' => 'The vSwitch in the two zones. The vSwitch must have at least one available IP address.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'vsw-bp1i512amda6d10a0****', + ], + ], + [ + 'name' => 'KMProvider', + 'in' => 'query', + 'schema' => [ + 'description' => 'The provider of the KMS instance. Set the value to Aliyun.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'Aliyun', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'Schema of Response', + 'description' => 'The response message.'."\n", + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'title' => 'Id of the request', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => 'd3eca5c8-a856-4347-8eb6-e1898c3fda2e', + ], + ], + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"d3eca5c8-a856-4347-8eb6-e1898c3fda2e\\"\\n}","errorExample":""},{"type":"xml","example":"<ConnectKmsInstanceResponse>\\n <RequestId>d3eca5c8-a856-4347-8eb6-e1898c3fda2e</RequestId>\\n</ConnectKmsInstanceResponse>","errorExample":""}]', + 'title' => 'ConnectKmsInstance', + 'description' => '### [](#)Limits'."\n" + ."\n" + .'You can enable only instances of the software key management type. You cannot enable instances of the hardware key management type.'."\n", + ], + 'GetKmsInstance' => [ + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '191299', + 'abilityTreeNodes' => [ + 'FEATUREkms586TOR', + ], + ], + 'parameters' => [ + [ + 'name' => 'KmsInstanceId', + 'in' => 'query', + 'schema' => [ + 'title' => 'A short description of struct', + 'description' => 'The ID of the KMS instance that you want to query.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'kst-bjj62f5ba3dnpb6v8****', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'Schema of Response', + 'description' => 'The details of the KMS instance.'."\n", + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'title' => 'Id of the request', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '46b4a94a-57d2-44b4-9810-1e87d31abb33', + ], + 'KmsInstance' => [ + 'description' => 'The details of the KMS instance.'."\n", + 'type' => 'object', + 'properties' => [ + 'InstanceId' => [ + 'description' => 'The ID of the KMS instance.'."\n", + 'type' => 'string', + 'example' => 'kst-bjj62f5ba3dnpb6v8****', + ], + 'InstanceName' => [ + 'description' => 'The name of the KMS instance.'."\n", + 'type' => 'string', + 'example' => 'kst-bjj62f5ba3dnpb6v8****', + ], + 'Status' => [ + 'description' => 'The status of the KMS instance. Valid values:'."\n" + ."\n" + .'* Uninitialized: The KMS instance is not enabled.'."\n" + .'* Connecting: The KMS instance is being connected.'."\n" + .'* Connected: The KMS instance is enabled.'."\n" + .'* Disconnected: The KMS instance is disconnected.'."\n" + .'* Error: The KMS instance is abnormal.'."\n", + 'type' => 'string', + 'example' => 'Connected', + ], + 'CreateTime' => [ + 'description' => 'The time when the KMS instance is created.'."\n", + 'type' => 'string', + 'example' => '2023-09-05T12:44:20Z', + ], + 'Spec' => [ + 'description' => 'The computing performance of the KMS instance.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '1000', + ], + 'KeyNum' => [ + 'description' => 'The number of keys that can be created for the KMS instance.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '1000', + ], + 'SecretNum' => [ + 'description' => 'The number of secrets that can be created for the KMS instance.'."\n", + 'type' => 'string', + 'example' => '10', + ], + 'VpcNum' => [ + 'description' => 'The access management quota for the KMS instance.'."\n", + 'type' => 'integer', + 'format' => 'int64', + 'example' => '5', + ], + 'VpcId' => [ + 'description' => 'The virtual private cloud (VPC) with which the KMS instance is associated.'."\n", + 'type' => 'string', + 'example' => 'vpc-bp19z7cwmltad5dff****', + ], + 'ZoneIds' => [ + 'description' => 'The zone with which the KMS instance is associated.'."\n", + 'type' => 'array', + 'example' => '"cn-hangzhou-k", "cn-hangzhou-j"', + 'items' => [ + 'type' => 'string', + ], + ], + 'VswitchIds' => [ + 'description' => 'The vSwitch in the VPC.'."\n", + 'type' => 'array', + 'example' => 'vsw-bp1i512amda6d10a0****', + 'items' => [ + 'type' => 'string', + ], + ], + 'EndDate' => [ + 'title' => '到期时间'."\n", + 'description' => 'The expiration time of the KMS instance.'."\n", + 'type' => 'string', + 'example' => '2023-10-05T16:00:00Z', + ], + 'StartDate' => [ + 'description' => 'The time when the KMS instance is enabled.'."\n", + 'type' => 'string', + 'example' => '2023-09-05T12:44:19Z', + ], + 'CaCertificateChainPem' => [ + 'description' => 'The content of the certificate authority (CA) certificate of the KMS instance.'."\n", + 'type' => 'string', + 'example' => '-----BEGIN CERTIFICATE-----\\r\\nMIIDuzCCAqOgAwIBAgIJALTKwWAjvbMiMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNV****-----END CERTIFICATE-----', + ], + 'BindVpcs' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'BindVpc' => [ + 'description' => 'A list of associated VPCs.'."\n" + ."\n" + .'> If your self-managed applications are deployed in multiple VPCs in the same region, you can associate VPCs with the KMS instance beyond the VPC that you specify when you enable the KMS instance. The VPCs can belong to the same Alibaba Cloud account or different Alibaba Cloud accounts. After the configuration is complete, self-managed applications in the VPCs can access the specified KMS instance.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'RegionId' => [ + 'description' => 'The region to which the VPC belongs.'."\n", + 'type' => 'string', + 'example' => 'cn-hangzhou', + ], + 'VpcId' => [ + 'description' => 'The ID of the VPC.'."\n", + 'type' => 'string', + 'example' => 'vpc-bp19z7djuhtad5dff****', + ], + 'VpcOwnerId' => [ + 'description' => 'The Alibaba Cloud account to which the VPC belongs.'."\n", + 'type' => 'string', + 'example' => '190325303126****', + ], + 'VSwitchId' => [ + 'description' => 'The vSwitch in the VPC.'."\n", + 'type' => 'string', + 'example' => 'vsw-bp1i512amhdje10f1****', + ], + ], + ], + ], + ], + ], + 'ChargeType' => [ + 'type' => 'string', + ], + 'ProductVersion' => [ + 'type' => 'string', + ], + 'SaleStatus' => [ + 'type' => 'string', + ], + 'Log' => [ + 'type' => 'integer', + 'format' => 'int64', + ], + 'LogStorage' => [ + 'type' => 'integer', + 'format' => 'int64', + ], + 'ProductType' => [ + 'type' => 'string', + ], + 'DeletionProtection' => [ + 'title' => '', + 'type' => 'boolean', + ], + 'DeletionProtectionDescription' => [ + 'type' => 'string', + ], + ], + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'IllegalTimestamp', + 'errorMessage' => 'The input parameter Timestamp that is mandatory for processing this request is not supplied.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"46b4a94a-57d2-44b4-9810-1e87d31abb33\\",\\n \\"KmsInstance\\": {\\n \\"InstanceId\\": \\"kst-bjj62f5ba3dnpb6v8****\\",\\n \\"InstanceName\\": \\"kst-bjj62f5ba3dnpb6v8****\\",\\n \\"Status\\": \\"Connected\\",\\n \\"CreateTime\\": \\"2023-09-05T12:44:20Z\\",\\n \\"Spec\\": 1000,\\n \\"KeyNum\\": 1000,\\n \\"SecretNum\\": \\"10\\",\\n \\"VpcNum\\": 5,\\n \\"VpcId\\": \\"vpc-bp19z7cwmltad5dff****\\",\\n \\"ZoneIds\\": {\\n \\"undefined\\": [\\n \\"\\"\\n ]\\n },\\n \\"VswitchIds\\": {\\n \\"undefined\\": [\\n \\"\\"\\n ]\\n },\\n \\"EndDate\\": \\"2023-10-05T16:00:00Z\\",\\n \\"StartDate\\": \\"2023-09-05T12:44:19Z\\",\\n \\"CaCertificateChainPem\\": \\"-----BEGIN CERTIFICATE-----\\\\\\\\r\\\\\\\\nMIIDuzCCAqOgAwIBAgIJALTKwWAjvbMiMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNV****-----END CERTIFICATE-----\\",\\n \\"BindVpcs\\": {\\n \\"BindVpc\\": [\\n {\\n \\"RegionId\\": \\"cn-hangzhou\\",\\n \\"VpcId\\": \\"vpc-bp19z7djuhtad5dff****\\",\\n \\"VpcOwnerId\\": \\"190325303126****\\",\\n \\"VSwitchId\\": \\"vsw-bp1i512amhdje10f1****\\"\\n }\\n ]\\n },\\n \\"ChargeType\\": \\"POSTPAY\\",\\n \\"ProductVersion\\": \\"3\\",\\n \\"SaleStatus\\": \\"\\",\\n \\"Log\\": 0,\\n \\"LogStorage\\": 0,\\n \\"ProductType\\": \\"\\",\\n \\"DeletionProtection\\": true,\\n \\"DeletionProtectionDescription\\": \\"\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"<GetKmsInstanceResponse>\\n <RequestId>46b4a94a-57d2-44b4-9810-1e87d31abb33</RequestId>\\n <KmsInstance>\\n <InstanceId>kst-bjj62f5ba3dnpb6v8****</InstanceId>\\n <InstanceName>kst-bjj62f5ba3dnpb6v8****</InstanceName>\\n <Status>Connected</Status>\\n <CreateTime>2023-09-05T12:44:20Z</CreateTime>\\n <Spec>1000</Spec>\\n <KeyNum>1000</KeyNum>\\n <SecretNum>10</SecretNum>\\n <VpcNum>5</VpcNum>\\n <VpcId>vpc-bp19z7cwmltad5dff****</VpcId>\\n <ZoneIds>\\"cn-hangzhou-k\\", \\"cn-hangzhou-j\\"</ZoneIds>\\n <VswitchIds>vsw-bp1i512amda6d10a0****</VswitchIds>\\n <EndDate>2023-10-05T16:00:00Z</EndDate>\\n <StartDate>2023-09-05T12:44:19Z</StartDate>\\n <CaCertificateChainPem>-----BEGIN CERTIFICATE-----\\\\r\\\\nMIIDuzCCAqOgAwIBAgIJALTKwWAjvbMiMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNV****-----END CERTIFICATE-----</CaCertificateChainPem>\\n <BindVpcs>\\n <RegionId>cn-hangzhou</RegionId>\\n <VpcId>vpc-bp19z7djuhtad5dff****</VpcId>\\n <VpcOwnerId>190325303126****</VpcOwnerId>\\n <VSwitchId>vsw-bp1i512amhdje10f1****</VSwitchId>\\n </BindVpcs>\\n </KmsInstance>\\n</GetKmsInstanceResponse>","errorExample":""}]', + 'title' => 'GetKmsInstance', + 'summary' => 'Queries the details of a Key Management Service (KMS) instance.', + ], + 'UpdateKmsInstanceBindVpc' => [ + 'summary' => 'Updates the virtual private cloud (VPC) that is associated with a Key Management Service (KMS) instance.', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'none', + 'abilityTreeCode' => '193192', + 'abilityTreeNodes' => [ + 'FEATUREkms586TOR', + ], + ], + 'parameters' => [ + [ + 'name' => 'KmsInstanceId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the KMS instance.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'kst-phzz64f722a1buamw0****', + ], + ], + [ + 'name' => 'BindVpcs', + 'in' => 'query', + 'schema' => [ + 'description' => 'The VPC configuration. The configuration of each VPC contains the following content:'."\n" + ."\n" + .'* VpcId: the ID of the VPC.'."\n" + .'* VSwitchId: the vSwitch in the VPC.'."\n" + .'* RegionID: the ID of the region to which the VPC belongs.'."\n" + .'* VpcOwnerId: the Alibaba Cloud account to which the VPC belongs.'."\n" + ."\n" + .'Format: `[{"VpcId":"${VpcId}","VSwitchId":"${VSwitchId}","RegionId":"${RegionId}","VpcOwnerId":${VpcOwnerId}},..]`.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => '[{"VpcId":"vpc-bp1go9qvmj78j4f4c****","VSwitchId":"vsw-bp16c5pvvcf0fp5b9****","RegionId":"cn-hangzhou","VpcOwnerId":120708975881****},{"VpcId":"vpc-bp14c07ucxg6h1xjm****","VSwitchId":"vsw-bp1wujtnspi1l3gvu****","RegionId":"cn-hangzhou","VpcOwnerId":119285303511****}]', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'Schema of Response', + 'description' => 'Schema of Response', + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'title' => 'Id of the request', + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => 'd3eca5c8-a856-4347-8eb6-e1898c3fda2e', + ], + ], + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"d3eca5c8-a856-4347-8eb6-e1898c3fda2e\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateKmsInstanceBindVpcResponse>\\n <RequestId>d3eca5c8-a856-4347-8eb6-e1898c3fda2e</RequestId>\\n</UpdateKmsInstanceBindVpcResponse>","errorExample":""}]', + 'title' => 'UpdateKmsInstanceBindVpc', + 'description' => 'If your own applications are deployed in multiple VPCs in the same region, you can associate the VPCs except the VPC in which the KMS instance resides with the KMS instance. This topic describes how to configure the VPCs.'."\n" + ."\n" + .'The VPCs can belong to the same Alibaba Cloud account or different Alibaba Cloud accounts. After the configuration is complete, the applications in these VPCs can access the KMS instance.'."\n" + ."\n\n" + .'> If the VPCs belong to different Alibaba Cloud accounts, you must first configure resource sharing to share the vSwitches of other Alibaba Cloud accounts with the Alibaba Cloud account to which the KMS instance belongs. For more information, see [Access a KMS instance from multiple VPCs in the same region](~~2393236~~).', + ], + 'ReleaseKmsInstance' => [ + 'summary' => '仅后付费实例支持释放,预付费实例需要从用户中心-退订管理释放。', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'delete', + 'abilityTreeCode' => '222135', + 'abilityTreeNodes' => [ + 'FEATUREkms586TOR', + ], + ], + 'parameters' => [ + [ + 'name' => 'KmsInstanceId', + 'in' => 'query', + 'schema' => [ + 'title' => '仅限于后付费实例', + 'description' => '', + 'type' => 'string', + 'required' => true, + 'example' => 'kst-hzz6****', + ], + ], + [ + 'name' => 'ForceDeleteWithoutBackup', + 'in' => 'query', + 'schema' => [ + 'title' => '没有备份情况下也强制删除。'."\n" + .'默认情况下没有备份返回禁止删除', + 'description' => '', + 'type' => 'string', + 'required' => false, + 'example' => 'false', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'Schema of Response', + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'title' => 'Id of the request', + 'description' => '', + 'type' => 'string', + 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + [ + 'errorCode' => 'Rejected.UnsupportedOperation', + 'errorMessage' => 'Unsupported operation.', + ], + ], + 403 => [ + [ + 'errorCode' => 'Forbidden.DKMSInstanceNotFound', + 'errorMessage' => 'The specified DKMS Instance is not found.', + ], + [ + 'errorCode' => 'Forbidden.NoBackup', + 'errorMessage' => 'this kms instance no backup, forbidden delete.', + ], + ], + 503 => [ + [ + 'errorCode' => 'SerivceUnvailableTemporary', + 'errorMessage' => 'Service Unvailable Temporary', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\"\\n}","errorExample":""},{"type":"xml","example":"<ReleaseKmsInstanceResponse>\\n <RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>\\n</ReleaseKmsInstanceResponse>","errorExample":""}]', + 'title' => 'ReleaseKmsInstance', + ], + 'GetDefaultKmsInstance' => [ + 'summary' => '获取默认KMS实例', + 'methods' => [ + 'get', + 'post', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '274501', + 'abilityTreeNodes' => [ + 'FEATUREkms586TOR', + ], + 'autoTest' => true, + 'tenantRelevance' => 'tenant', + ], + 'parameters' => [], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'Schema of Response', + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'title' => 'Id of the request', + 'description' => '', + 'type' => 'string', + 'example' => 'bbc4e9ab-c76f-48ca-9c2a-8535772117e2', + ], + 'DefaultKmsInstanceId' => [ + 'description' => '', + 'type' => 'string', + 'example' => 'kst-hzz65f176a0ogplgq****', + ], + ], + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"bbc4e9ab-c76f-48ca-9c2a-8535772117e2\\",\\n \\"DefaultKmsInstanceId\\": \\"kst-hzz65f176a0ogplgq****\\"\\n}","type":"json"}]', + ], + 'CreateKey' => [ + 'summary' => 'Creates a key.', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'abilityTreeCode' => '54546', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [ + [ + 'name' => 'Description', + 'in' => 'query', + 'schema' => [ + 'description' => 'The description of the key.'."\n" + ."\n" + .'The description can be 0 to 8,192 characters in length.', + 'type' => 'string', + 'required' => false, + 'example' => 'key description example', + ], + ], + [ + 'name' => 'KeyUsage', + 'in' => 'query', + 'schema' => [ + 'description' => 'The usage of the key. Valid values:'."\n" + ."\n" + .'- ENCRYPT/DECRYPT'."\n" + .'- SIGN/VERIFY'."\n" + ."\n" + .'If the key supports signing and verification, the default value is SIGN/VERIFY. If the key does not support signing and verification, the default value is ENCRYPT/DECRYPT.', + 'type' => 'string', + 'required' => false, + 'example' => 'ENCRYPT/DECRYPT', + 'default' => 'ENCRYPT/DECRYPT', + ], + ], + [ + 'name' => 'Origin', + 'in' => 'query', + 'schema' => [ + 'description' => 'The key material origin. Valid values:'."\n" + ."\n" + .'- Aliyun_KMS (default): KMS generates key material.'."\n" + .'- EXTERNAL: You import key material.'."\n" + ."\n\n" + .'> - The value of this parameter is case-sensitive.'."\n" + .'> - Default keys of the customer master key (CMK) type support Aliyun_KMS and EXTERNAL. Keys in instances of the software key management type support only Aliyun_KMS. Keys in instances of the hardware key management type support Aliyun_KMS and EXTERNAL.'."\n" + .'> - If you set Origin to EXTERNAL, you must import key material. For more information, see [Import key material into a symmetric key](~~607841~~) or [Import key material into an asymmetric key](~~608827~~).', + 'type' => 'string', + 'required' => false, + 'example' => 'Aliyun_KMS', + ], + ], + [ + 'name' => 'ProtectionLevel', + 'in' => 'query', + 'schema' => [ + 'description' => 'You do not need to specify this parameter. KMS sets a protection level for your key.'."\n" + ."\n" + .'The protection level of the key. Valid values:'."\n" + ."\n" + .'- SOFTWARE'."\n" + .'- HSM'."\n" + ."\n\n" + .'> - If DKMSInstanceId is specified, this parameter does not take effect. If your instance is an instance of the software key management type, set the value to SOFTWARE. If your instance is an instance of the hardware key management type, set the value to HSM.'."\n" + .'> - If you do not specify DKMSInstanceId, we recommend that you do not specify this parameter. KMS sets a protection level for your key. If managed hardware security modules (HSMs) exist in the region of your KMS instance, set the value to HSM. If managed HSMs do not exist in the region of your KMS instance, set the value to SOFTWARE. For more information, see Managed HSM overview.', + 'type' => 'string', + 'required' => false, + 'example' => 'SOFTWARE', + ], + ], + [ + 'name' => 'EnableAutomaticRotation', + 'in' => 'query', + 'schema' => [ + 'description' => 'Specifies whether to enable automatic key rotation. Valid values:'."\n" + ."\n" + .'- true'."\n" + .'- false (default)'."\n" + ."\n" + .'This parameter is valid only when the key belongs to an instance type that supports automatic rotation. For more information, see [Key rotation](~~2358146~~).', + 'type' => 'boolean', + 'required' => false, + 'example' => 'true', + ], + ], + [ + 'name' => 'RotationInterval', + 'in' => 'query', + 'schema' => [ + 'description' => 'The period of automatic key rotation. Format: integer[unit]. Unit: d (day), h (hour), m (minute), or s (second). For example, both 7d and 604800s represent a seven-day interval.'."\n" + ."\n" + .'- For a default key, set the value to 365 days.'."\n" + .'- For a software-protected key, set a value that ranges from 7 to 365 days.'."\n" + .'- A hardware-protected key does not support automatic rotation.'."\n" + ."\n" + .'> If EnableAutomaticRotation is set to true, this parameter is required.', + 'type' => 'string', + 'required' => false, + 'example' => '365d', + ], + ], + [ + 'name' => 'KeySpec', + 'in' => 'query', + 'schema' => [ + 'description' => 'The key specification. The valid values vary based on the KMS instance type. For more information, see [Overview](~~480159~~).'."\n" + ."\n" + .'> If you do not specify a value for this parameter, the default key specification is Aliyun_AES_256.', + 'type' => 'string', + 'required' => false, + 'example' => 'Aliyun_AES_256', + ], + ], + [ + 'name' => 'DKMSInstanceId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the KMS instance.'."\n" + ."\n" + .'> You must specify this parameter if you need to create a key for a KMS instance. If you need to create a default key of the CMK type, you do not need to specify this parameter.', + 'type' => 'string', + 'required' => false, + 'example' => 'kst-bjj62d8f5e0sgtx8h****', + ], + ], + [ + 'name' => 'Tags', + 'in' => 'query', + 'allowEmptyValue' => true, + 'schema' => [ + 'description' => 'The tag that is added to the key. A tag consists of a key-value pair.'."\n" + ."\n" + .'You can enter up to 20 tags. Enter multiple tags in the [{"TagKey":"key1","TagValue":"value1"},{"TagKey":"key2","TagValue":"value2"},..] format.'."\n" + ."\n" + .'Each tag key or tag value can be up to 128 characters in length and can contain letters, digits, forward slashes (/), backslashes (\\), underscores (_), hyphens (-), periods (.), plus signs (+), equal signs (=), colons (:), and at signs (@).'."\n" + ."\n" + .'> The tag key cannot start with aliyun or acs:.', + 'type' => 'string', + 'required' => false, + 'example' => '[{"TagKey":"disk-encryption","TagValue":"true"}]', + ], + ], + [ + 'name' => 'Policy', + 'in' => 'query', + 'allowEmptyValue' => false, + 'schema' => [ + 'title' => '', + 'type' => 'string', + ], + ], + [ + 'name' => 'KeyStorageMechanism', + 'in' => 'query', + 'schema' => [ + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.', + 'type' => 'string', + 'example' => '381D5D33-BB8F-395F-8EE4-AE3BB4B523C4', + ], + 'KeyMetadata' => [ + 'description' => 'The metadata of the key.', + 'type' => 'object', + 'properties' => [ + 'KeyId' => [ + 'description' => 'The globally unique ID of the key.', + 'type' => 'string', + 'example' => 'key-hzz62f1cb66fa42qo****', + ], + 'NextRotationDate' => [ + 'description' => 'The time when the key is next rotated.'."\n" + ."\n" + .'This value is returned only when the value of AutomaticRotation is Enabled or Suspended.', + 'type' => 'string', + 'example' => '2024-03-25T10:00:00Z', + ], + 'KeyState' => [ + 'description' => 'The status of the key.'."\n" + ."\n" + .'For more information, see [Impacts of key status on API operations](~~44211~~).', + 'type' => 'string', + 'example' => 'Enabled', + ], + 'RotationInterval' => [ + 'description' => 'The interval for automatic key rotation. Unit: seconds. The format is an integer value followed by the character s. For example, if the rotation period is seven days, this parameter is set to 604800s.'."\n" + ."\n" + .'This value is returned only when the value of AutomaticRotation is Enabled or Suspended.', + 'type' => 'string', + 'example' => '31536000s', + ], + 'Arn' => [ + 'description' => 'The Alibaba Cloud Resource Name (ARN) of the key.', + 'type' => 'string', + 'example' => 'acs:kms:cn-qingdao:154035569884****:key/key-hzz62f1cb66fa42qo****', + ], + 'Creator' => [ + 'description' => 'The user who created the key.', + 'type' => 'string', + 'example' => '154035569884****', + ], + 'LastRotationDate' => [ + 'description' => 'The time when the last rotation was performed. The time is displayed in UTC.'."\n" + ."\n" + .'For a new key, this parameter value is the time when the initial version of the key was generated.', + 'type' => 'string', + 'example' => '2023-03-25T10:00:00Z', + ], + 'DeleteDate' => [ + 'description' => 'The time when the key is scheduled for deletion. For more information, see ScheduleKeyDeletion.'."\n" + ."\n" + .'This parameter is returned only when the value of KeyState is PendingDeletion.', + 'type' => 'string', + 'example' => '2025-03-25T10:00:00Z', + ], + 'PrimaryKeyVersion' => [ + 'description' => 'The current primary version identifier of the key.', + 'type' => 'string', + 'example' => '7ce1d081-06cb-42e6-aab6-5c5de030****', + ], + 'Description' => [ + 'description' => 'The description of the key.', + 'type' => 'string', + 'example' => 'key description example', + ], + 'KeySpec' => [ + 'description' => 'The specification of the key.', + 'type' => 'string', + 'example' => 'Aliyun_AES_256', + ], + 'Origin' => [ + 'description' => 'The key material origin.', + 'type' => 'string', + 'example' => 'Aliyun_KMS', + ], + 'MaterialExpireTime' => [ + 'description' => 'The time when the key material expires. The time is displayed in UTC.'."\n" + ."\n" + .'If this parameter value is empty, the key material does not expire.', + 'type' => 'string', + 'example' => '2025-03-25T10:00:00Z', + ], + 'AutomaticRotation' => [ + 'description' => 'The status of automatic key rotation. Valid values:'."\n" + ."\n" + .'- Enabled'."\n" + .'- Disabled'."\n" + .'- Suspended', + 'type' => 'string', + 'example' => 'Enabled', + ], + 'ProtectionLevel' => [ + 'description' => 'The protection level of the key.', + 'type' => 'string', + 'example' => 'SOFTWARE', + ], + 'KeyUsage' => [ + 'description' => 'The usage of the key.', + 'type' => 'string', + 'example' => 'ENCRYPT/DECRYPT', + ], + 'CreationDate' => [ + 'description' => 'The date and time (UTC) when the key was created.', + 'type' => 'string', + 'example' => '2023-03-25T10:00:00Z', + ], + 'DKMSInstanceId' => [ + 'description' => 'The ID of the KMS instance.', + 'type' => 'string', + 'example' => 'kst-bjj62d8f5e0sgtx8h****', + ], + ], + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'Rejected.LimitExceeded', + 'errorMessage' => 'The request was rejected because user create resource limit was exceeded', + ], + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + [ + 'errorCode' => 'UnsupportedOperation', + 'errorMessage' => 'This action is not supported.', + ], + [ + 'errorCode' => 'Forbidden.NoPermission', + 'errorMessage' => 'This operation is forbidden by permission system.', + ], + [ + 'errorCode' => 'Rejected.ShareQuotaExceedLimit', + 'errorMessage' => 'Instance Share Quota Exceed Limit.', + ], + ], + 403 => [ + [ + 'errorCode' => 'Forbidden.DKMSInstanceNotFound', + 'errorMessage' => 'The specified DKMS Instance is not found.', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalFailure', + 'errorMessage' => 'Internal Failure', + ], + ], + 503 => [ + [ + 'errorCode' => 'SerivceUnvailableTemporary', + 'errorMessage' => 'Service Unvailable Temporary', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"381D5D33-BB8F-395F-8EE4-AE3BB4B523C4\\",\\n \\"KeyMetadata\\": {\\n \\"KeyId\\": \\"key-hzz62f1cb66fa42qo****\\",\\n \\"NextRotationDate\\": \\"2024-03-25T10:00:00Z\\",\\n \\"KeyState\\": \\"Enabled\\",\\n \\"RotationInterval\\": \\"31536000s\\",\\n \\"Arn\\": \\"acs:kms:cn-qingdao:154035569884****:key/key-hzz62f1cb66fa42qo****\\",\\n \\"Creator\\": \\"154035569884****\\",\\n \\"LastRotationDate\\": \\"2023-03-25T10:00:00Z\\",\\n \\"DeleteDate\\": \\"2025-03-25T10:00:00Z\\",\\n \\"PrimaryKeyVersion\\": \\"7ce1d081-06cb-42e6-aab6-5c5de030****\\",\\n \\"Description\\": \\"key description example\\",\\n \\"KeySpec\\": \\"Aliyun_AES_256\\",\\n \\"Origin\\": \\"Aliyun_KMS\\",\\n \\"MaterialExpireTime\\": \\"2025-03-25T10:00:00Z\\",\\n \\"AutomaticRotation\\": \\"Enabled\\",\\n \\"ProtectionLevel\\": \\"SOFTWARE\\",\\n \\"KeyUsage\\": \\"ENCRYPT/DECRYPT\\",\\n \\"CreationDate\\": \\"2024-03-25T10:00:00Z\\",\\n \\"DKMSInstanceId\\": \\"kst-bjj62d8f5e0sgtx8h****\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"<CreateKeyResponse>\\n <RequestId>381D5D33-BB8F-395F-8EE4-AE3BB4B523C4</RequestId>\\n <KeyMetadata>\\n <KeyId>key-hzz62f1cb66fa42qo****</KeyId>\\n <NextRotationDate>2024-03-25T10:00:00Z</NextRotationDate>\\n <KeyState>Enabled</KeyState>\\n <RotationInterval>31536000s</RotationInterval>\\n <Arn>acs:kms:cn-qingdao:154035569884****:key/key-hzz62f1cb66fa42qo****</Arn>\\n <Creator>154035569884****</Creator>\\n <LastRotationDate>2023-03-25T10:00:00Z</LastRotationDate>\\n <DeleteDate>2025-03-25T10:00:00Z</DeleteDate>\\n <PrimaryKeyVersion>7ce1d081-06cb-42e6-aab6-5c5de030****</PrimaryKeyVersion>\\n <Description>key description example</Description>\\n <KeySpec>Aliyun_AES_256</KeySpec>\\n <Origin>Aliyun_KMS</Origin>\\n <MaterialExpireTime>2025-03-25T10:00:00Z</MaterialExpireTime>\\n <AutomaticRotation>Enabled</AutomaticRotation>\\n <ProtectionLevel>SOFTWARE</ProtectionLevel>\\n <KeyUsage>ENCRYPT/DECRYPT</KeyUsage>\\n <CreationDate>2024-03-25T10:00:00Z</CreationDate>\\n <DKMSInstanceId>kst-bjj62d8f5e0sgtx8h****</DKMSInstanceId>\\n </KeyMetadata>\\n</CreateKeyResponse>","errorExample":""}]', + 'title' => 'CreateKey', + 'description' => 'KMS supports common symmetric keys and asymmetric keys. For more information, see [Key types and specifications](~~480161~~).', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'ListKeys' => [ + 'summary' => 'Queries all keys of the current Alibaba Cloud account in the current region.', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54591', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [ + [ + 'name' => 'PageNumber', + 'in' => 'query', + 'schema' => [ + 'description' => 'The number of the page to return.'."\n" + ."\n" + .'Pages start from page 1.'."\n" + ."\n" + .'Default value: 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'query', + 'schema' => [ + 'description' => 'The number of entries to return on each page.'."\n" + ."\n" + .'Valid values: 1 to 100.'."\n" + ."\n" + .'Default value: 10'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '10', + ], + ], + [ + 'name' => 'Filters', + 'in' => 'query', + 'schema' => [ + 'description' => 'The CMK filter. The filter consists of one or more key-value pairs. You can specify a maximum of 10 key-value pairs.'."\n" + ."\n" + .'* Key'."\n" + ."\n" + .' * Description: the property that you want to filter.'."\n" + ."\n" + .' * Type: string.'."\n" + ."\n" + .' * Valid values:'."\n" + ."\n" + .' * KeyState: the status of the CMK.'."\n" + .' * KeySpec: the type of the CMK.'."\n" + .' * KeyUsage: the usage of the CMK.'."\n" + .' * ProtectionLevel: the protection level.'."\n" + .' * CreatorType: the type of the creator.'."\n" + ."\n" + .'* Values'."\n" + ."\n" + .' * Description: the value to be included after filtering.'."\n" + ."\n" + .' * Format: string array.'."\n" + ."\n" + .' * Length: 0 to 10.'."\n" + ."\n" + .' * Valid values:'."\n" + ."\n" + .' * When Key is set to KeyState, the value can be Enabled, Disabled, PendingDeletion, or PendingImport.'."\n" + ."\n" + .' * When Key is set to KeySpec, the value can be Aliyun_AES\\_256, Aliyun_SM4, RSA\\_2048, EC_P256, EC_P256K, or EC_SM2.'."\n" + ."\n" + .' Note: You can create CMKs of the EC_SM2 or Aliyun_SM4 type only in regions where State Cryptography Administration (SCA)-certified managed HSMs reside. For more information about the regions, see [Supported regions](~~125803~~). If your region does not support EC_SM2 or Aliyun_SM4, the two values are ignored if they are specified.'."\n" + ."\n" + .' * When Key is set to KeyUsage, the value can be ENCRYPT/DECRYPT or SIGN/VERIFY. ENCRYPT/DECRYPT indicates that the CMK is used to encrypt and decrypt data. SIGN/VERIFY indicates that the CMK is used to generate and verify digital signatures.'."\n" + ."\n" + .' * When Key is set to ProtectionLevel, the value can be SOFTWARE (software) or HSM (hardware).'."\n" + ."\n" + .' You can set ProtectionLevel to HSM in only specific regions. For more information about the regions, see [Supported regions](~~125803~~). If your region does not support the value HSM, the value is ignored if the value is specified.'."\n" + ."\n" + .' * If Key is set to CreatorType, the value can be User or Service. User indicates that CMKs created by the current account are queried. Service indicates that CMKs automatically created by other cloud services authorized by the current account are queried.'."\n" + ."\n" + .'The logical relationship between different keys is AND, and the logical relationship between multiple items in the same key is OR. Example:'."\n" + ."\n" + .'`[ {"Key":"KeyState", "Values":["Enabled","Disabled"]}, {"Key":"KeyState", "Values":["PendingDeletion"]}, {"Key":"KeySpec", "Values":["Aliyun_AES_256"]}]`. In this example, the semantics are:`(KeyState=Enabled OR KeyState=Disabled OR KeyState=PendingDeletion) AND (KeySpec=Aliyun_AES_ 256)`.'."\n", + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => '[{"Key":"KeyState", "Values":["Enabled","Disabled"]}]', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'PageNumber' => [ + 'description' => 'The page number of the returned page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'description' => 'The number of entries returned per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '8252db58-2036-408c-a3d5-56e656dc2551', + ], + 'TotalCount' => [ + 'description' => 'The total number of CMKs.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '3', + ], + 'Keys' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'Key' => [ + 'description' => 'An array that consists of the CMKs of the current Alibaba Cloud account in the current region.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'KeyId' => [ + 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n", + 'type' => 'string', + 'example' => '08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****', + ], + 'KeyArn' => [ + 'description' => 'The Alibaba Cloud Resource Name (ARN) of the CMK.'."\n", + 'type' => 'string', + 'example' => 'acs:kms:cn-hangzhou:123456:key/80e9409f-78fa-42ab-84bd-83f40c81****', + ], + ], + ], + ], + ], + ], + ], + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"RequestId\\": \\"8252db58-2036-408c-a3d5-56e656dc2551\\",\\n \\"TotalCount\\": 3,\\n \\"Keys\\": {\\n \\"Key\\": [\\n {\\n \\"KeyId\\": \\"08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****\\",\\n \\"KeyArn\\": \\"acs:kms:cn-hangzhou:123456:key/80e9409f-78fa-42ab-84bd-83f40c81****\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListKeysResponse>\\n <PageNumber>1</PageNumber>\\n <PageSize>10</PageSize>\\n <RequestId>8252db58-2036-408c-a3d5-56e656dc2551</RequestId>\\n <TotalCount>3</TotalCount>\\n <Keys>\\n <KeyId>08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****</KeyId>\\n <KeyArn>acs:kms:cn-hangzhou:123456:key/80e9409f-78fa-42ab-84bd-83f40c81****</KeyArn>\\n </Keys>\\n</ListKeysResponse>","errorExample":""}]', + 'title' => 'ListKeys', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'DescribeKey' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" + ."\n" + .'You can also set this parameter to an alias that is bound to the CMK. For more information, see [Overview of aliases](~~68522~~).'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '05754286-3ba2-4fa6-8d41-4323aca6****', + ], + ], + ], + 'responses' => [ + 200 => [ + 'headers' => [], + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => 'f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f', + ], + 'KeyMetadata' => [ + 'description' => 'The metadata of the CMK.'."\n", + 'type' => 'object', + 'properties' => [ + 'DeletionProtection' => [ + 'description' => 'Indicates whether deletion protection is enabled. Valid values:'."\n" + ."\n" + .'* Enabled'."\n" + .'* Disabled'."\n", + 'type' => 'string', + 'example' => 'Enabled', + ], + 'KeyId' => [ + 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n", + 'type' => 'string', + 'example' => '05754286-3ba2-4fa6-8d41-4323aca6****', + ], + 'NextRotationDate' => [ + 'description' => 'The time when the next rotation will be performed.'."\n" + ."\n" + .'> This parameter is returned only when the value of the AutomaticRotation parameter is Enabled or Suspended.'."\n", + 'type' => 'string', + 'example' => '2021-07-06T18:22:03Z', + ], + 'KeyState' => [ + 'description' => 'The status of the CMK.'."\n" + ."\n" + .'For more information, see [Impact of CMK status on API operations](~~44211~~).'."\n", + 'type' => 'string', + 'example' => 'Enabled', + ], + 'RotationInterval' => [ + 'description' => 'The interval for automatic key rotation.'."\n" + ."\n" + .'Unit: seconds.'."\n" + ."\n" + .'For example, if the value is 604800s, automatic key rotation is performed at a 7-day interval.'."\n" + ."\n" + .'> This parameter is returned only when the value of the AutomaticRotation parameter is Enabled or Suspended.'."\n", + 'type' => 'string', + 'example' => '31536000s', + ], + 'Arn' => [ + 'description' => 'The Alibaba Cloud Resource Name (ARN) of the CMK.'."\n", + 'type' => 'string', + 'example' => 'acs:kms:cn-hangzhou:154035569884****:key/05754286-3ba2-4fa6-8d41-4323aca6****', + ], + 'Creator' => [ + 'description' => 'The Alibaba Cloud account that is used to create the CMK.'."\n", + 'type' => 'string', + 'example' => '154035569884****', + ], + 'LastRotationDate' => [ + 'description' => 'The time when the last rotation was performed. The time is displayed in UTC. For a new CMK, the value of this parameter is the time when the initial version of the CMK was generated.'."\n", + 'type' => 'string', + 'example' => '2021-05-20T06:34:21Z', + ], + 'DeleteDate' => [ + 'description' => 'The time at which the CMK is scheduled for deletion. The time is displayed in UTC.'."\n" + ."\n" + .'For more information, see [ScheduleKeyDeletion](~~44196~~).'."\n" + ."\n" + .'> This parameter is returned only when the value of the KeyState parameter is PendingDeletion.'."\n", + 'type' => 'string', + 'example' => '2021-05-26T18:22:03Z', + ], + 'PrimaryKeyVersion' => [ + 'description' => 'The ID of the current primary key version for the symmetric CMK.'."\n", + 'type' => 'string', + 'example' => '515e0b0a-624f-45ab-92b5-54f9b551****', + ], + 'Description' => [ + 'description' => 'The description of the CMK.'."\n", + 'type' => 'string', + 'example' => 'key description example', + ], + 'KeySpec' => [ + 'description' => 'The type of the CMK.'."\n", + 'type' => 'string', + 'example' => 'Aliyun_AES_256', + ], + 'Origin' => [ + 'description' => 'The source of the key material for the CMK.'."\n", + 'type' => 'string', + 'example' => 'Aliyun_KMS', + ], + 'MaterialExpireTime' => [ + 'description' => 'The time when the key material expires. The time is displayed in UTC. If this parameter value is empty, the key material does not expire.'."\n", + 'type' => 'string', + 'example' => '2021-07-06T18:22:03Z', + ], + 'DeletionProtectionDescription' => [ + 'description' => 'The description of deletion protection.'."\n", + 'type' => 'string', + 'example' => 'The CMK is being used by XXX. Deletion protection is set.', + ], + 'AutomaticRotation' => [ + 'description' => 'Indicates whether automatic key rotation is enabled. Valid values:'."\n" + ."\n" + .'* Enabled'."\n" + .'* Disabled'."\n" + .'* Suspended'."\n" + ."\n" + .'For more information, see [Automatic key rotation](~~134270~~).'."\n" + ."\n" + .'> Only symmetric CMKs support automatic key rotation.'."\n", + 'type' => 'string', + 'example' => 'Disabled', + ], + 'ProtectionLevel' => [ + 'description' => 'The protection level of the CMK.'."\n", + 'type' => 'string', + 'example' => 'HSM', + ], + 'KeyUsage' => [ + 'description' => 'The usage of the CMK.'."\n", + 'type' => 'string', + 'example' => 'ENCRYPT/DECRYPT', + ], + 'CreationDate' => [ + 'description' => 'The time when the CMK was created. The time is displayed in UTC.'."\n", + 'type' => 'string', + 'example' => '2021-05-20T06:34:21Z', + ], + 'DKMSInstanceId' => [ + 'description' => 'The ID of the dedicated KMS instance.'."\n", + 'type' => 'string', + 'example' => 'kst-bjj62d8f5e0sgtx8h****', + ], + ], + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + [ + 'errorCode' => 'Forbidden.AliasNotFound', + 'errorMessage' => 'The specified Alias is not found.', + ], + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f\\",\\n \\"KeyMetadata\\": {\\n \\"DeletionProtection\\": \\"Enabled\\",\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"NextRotationDate\\": \\"2021-07-06T18:22:03Z\\",\\n \\"KeyState\\": \\"Enabled\\",\\n \\"RotationInterval\\": \\"31536000s\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:154035569884****:key/key-hzz630494463ejqjx****\\",\\n \\"Creator\\": \\"154035569884****\\",\\n \\"LastRotationDate\\": \\"2024-05-20T06:34:21Z\\",\\n \\"DeleteDate\\": \\"2024-05-26T18:22:03Z\\",\\n \\"PrimaryKeyVersion\\": \\"515e0b0a-624f-45ab-92b5-54f9b551****\\",\\n \\"Description\\": \\"key description example\\",\\n \\"KeySpec\\": \\"Aliyun_AES_256\\",\\n \\"Origin\\": \\"Aliyun_KMS\\",\\n \\"MaterialExpireTime\\": \\"2024-07-06T18:22:03Z\\",\\n \\"DeletionProtectionDescription\\": \\"该密钥正在被XXX服务使用。已为您设置删除保护。\\",\\n \\"AutomaticRotation\\": \\"Disabled\\",\\n \\"ProtectionLevel\\": \\"HSM\\",\\n \\"KeyUsage\\": \\"ENCRYPT/DECRYPT\\",\\n \\"CreationDate\\": \\"2024-05-20T06:34:21Z\\",\\n \\"DKMSInstanceId\\": \\"kst-bjj62d8f5e0sgtx8h****\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"<DescribeKeyResponse>\\n <RequestId>f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f</RequestId>\\n <KeyMetadata>\\n <DeletionProtection>Enabled</DeletionProtection>\\n <KeyId>key-hzz630494463ejqjx****</KeyId>\\n <NextRotationDate>2021-07-06T18:22:03Z</NextRotationDate>\\n <KeyState>Enabled</KeyState>\\n <RotationInterval>31536000s</RotationInterval>\\n <Arn>acs:kms:cn-hangzhou:154035569884****:key/key-hzz630494463ejqjx****</Arn>\\n <Creator>154035569884****</Creator>\\n <LastRotationDate>2024-05-20T06:34:21Z</LastRotationDate>\\n <DeleteDate>2024-05-26T18:22:03Z</DeleteDate>\\n <PrimaryKeyVersion>515e0b0a-624f-45ab-92b5-54f9b551****</PrimaryKeyVersion>\\n <Description>key description example</Description>\\n <KeySpec>Aliyun_AES_256</KeySpec>\\n <Origin>Aliyun_KMS</Origin>\\n <MaterialExpireTime>2024-07-06T18:22:03Z</MaterialExpireTime>\\n <DeletionProtectionDescription>该密钥正在被XXX服务使用。已为您设置删除保护。</DeletionProtectionDescription>\\n <AutomaticRotation>Disabled</AutomaticRotation>\\n <ProtectionLevel>HSM</ProtectionLevel>\\n <KeyUsage>ENCRYPT/DECRYPT</KeyUsage>\\n <CreationDate>2024-05-20T06:34:21Z</CreationDate>\\n <DKMSInstanceId>kst-bjj62d8f5e0sgtx8h****</DKMSInstanceId>\\n </KeyMetadata>\\n</DescribeKeyResponse>","errorExample":""}]', + 'title' => 'DescribeKey', + 'summary' => 'Queries the information about a key.', + 'description' => 'You can query the information about the CMK `05754286-3ba2-4fa6-8d41-4323aca6****` by using parameter settings provided in this topic. The information includes the creator, creation time, status, and deletion protection status of the CMK.'."\n", + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'UpdateKeyDescription' => [ + 'summary' => 'Updates the description of a key.', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + ], + ], + [ + 'name' => 'Description', + 'in' => 'query', + 'schema' => [ + 'description' => 'The description of the CMK. This description includes the purpose of the CMK, such as the types of data that you want to protect and applications that can use the CMK.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'key description example', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '3455b9b4-95c1-419d-b310-db6a53b09a39', + ], + ], + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3455b9b4-95c1-419d-b310-db6a53b09a39\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateKeyDescriptionResponse>\\n <RequestId>3455b9b4-95c1-419d-b310-db6a53b09a39</RequestId>\\n</UpdateKeyDescriptionResponse>","errorExample":""}]', + 'title' => 'UpdateKeyDescription', + 'description' => 'This operation replaces the description of a customer master key (CMK) with the description that you specify. The original description of the CMK is specified by the Description parameter when you call the [DescribeKey](~~28952~~) operation. You can call this operation to add, modify, or delete the description of a CMK.'."\n", + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'EnableKey' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The globally unique ID of the CMK.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => 'efb1cbbd-a093-4278-bc03-639dd4fcc207', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"efb1cbbd-a093-4278-bc03-639dd4fcc207\\"\\n}","errorExample":"//xml response\\n\\n<KMS>\\n <RequestId>efb1cbbd-a093-4278-bc03-639dd4fcc207</RequestId>\\n</KMS>\\n"},{"type":"xml","example":"<KMS>\\r\\n <RequestId>efb1cbbd-a093-4278-bc03-639dd4fcc207</RequestId>\\r\\n</KMS>","errorExample":"//json response\\n{\\n\\"RequestId\\": \\"efb1cbbd-a093-4278-bc03-639dd4fcc207\\"\\n}\\n"}]', + 'title' => 'EnableKey', + 'summary' => 'Enables a key to encrypt and decrypt data.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'DisableKey' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => '2fe70ce2-3303-4fd6-b3ac-472fb2705c62', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"2fe70ce2-3303-4fd6-b3ac-472fb2705c62\\"\\n}","errorExample":"//xml response\\n<KMS>\\n <RequestId>2fe70ce2-3303-4fd6-b3ac-472fb2705c62</RequestId>\\n</KMS>\\n"},{"type":"xml","example":"<KMS>\\n <RequestId>2fe70ce2-3303-4fd6-b3ac-472fb2705c62</RequestId>\\n</KMS>\\n","errorExample":"//json response\\n{\\n\\"RequestId\\": \\"2fe70ce2-3303-4fd6-b3ac-472fb2705c62\\"\\n}\\n"}]', + 'title' => 'DisableKey', + 'summary' => 'Disables a key.', + 'description' => 'If a customer master key (CMK) is disabled, the ciphertext encrypted by using this CMK cannot be decrypted until you re-enable it. You can call the [EnableKey](~~35150~~) operation to enable the CMK.'."\n" + ."\n" + .'In this example, the CMK whose ID is `1234abcd-12ab-34cd-56ef-12345678****` is disabled.'."\n", + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'GetPublicKey' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The globally unique ID of the CMK. You can also set this parameter to an alias that is bound to the CMK. For more information, see [Use aliases](~~68522~~).'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', + ], + ], + [ + 'name' => 'KeyVersionId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The globally unique ID of the CMK version.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => [ + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'KeyVersionId' => [ + 'description' => 'The version of the CMK that is used to encrypt the plaintext.'."\n", + 'type' => 'string', + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + 'KeyId' => [ + 'description' => 'The globally unique ID of the CMK.'."\n" + ."\n" + .'> If you set the KeyId parameter to the alias of the CMK, the ID of the CMK to which the alias is bound is returned.'."\n", + 'type' => 'string', + 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', + ], + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', + ], + 'PublicKey' => [ + 'description' => 'The public key returned in the PEM format.'."\n", + 'type' => 'string', + 'example' => '-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5Yu9AEgATN2/e3nUz1K\\nEy6ng8MSPutcse2/VECG/NUF9C6D4IsJ64ShzY3dcn34WYzTOe916eMJFxyrNrSw\\nHtc4UOR5AvaoRrfpgu2uq+i70/ZXrWL+pGb1hgZV8cWheIHMxwrR3IiQlM5qN7EF\\n9BdyWtyBfUGsp0Bn1VqlPc5G0x0a9xU2z9YtP994yDenNVIoIQ6Cov1lIEuwXAb2\\n7boC41ePXwD0JWt41sP+rgCmpjBx00puIG+IlnoReEgI1ZGYmK98GgA/XzmNjZiD\\nyvXJZAcM33Ue85+PkR5iHTtSEbi4QAoqpJabprUzz3Fin2j1dRrcacxGb7p31A9c\\nJQIDAQAB\\n-----END PUBLIC KEY-----\\n', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"5c438b18-05be-40ad-b6c2-3be6752c****\\",\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\",\\n \\"PublicKey\\": \\"-----BEGIN PUBLIC KEY-----\\\\\\\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5Yu9AEgATN2/e3nUz1K\\\\\\\\nEy6ng8MSPutcse2/VECG/NUF9C6D4IsJ64ShzY3dcn34WYzTOe916eMJFxyrNrSw\\\\\\\\nHtc4UOR5AvaoRrfpgu2uq+i70/ZXrWL+pGb1hgZV8cWheIHMxwrR3IiQlM5qN7EF\\\\\\\\n9BdyWtyBfUGsp0Bn1VqlPc5G0x0a9xU2z9YtP994yDenNVIoIQ6Cov1lIEuwXAb2\\\\\\\\n7boC41ePXwD0JWt41sP+rgCmpjBx00puIG+IlnoReEgI1ZGYmK98GgA/XzmNjZiD\\\\\\\\nyvXJZAcM33Ue85+PkR5iHTtSEbi4QAoqpJabprUzz3Fin2j1dRrcacxGb7p31A9c\\\\\\\\nJQIDAQAB\\\\\\\\n-----END PUBLIC KEY-----\\\\\\\\n\\"\\n}","errorExample":""},{"type":"xml","example":"<GetPublicKeyResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>5c438b18-05be-40ad-b6c2-3be6752c****</KeyId>\\n <RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>\\n <PublicKey>-----BEGIN PUBLIC KEY-----\\\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5Yu9AEgATN2/e3nUz1K\\\\nEy6ng8MSPutcse2/VECG/NUF9C6D4IsJ64ShzY3dcn34WYzTOe916eMJFxyrNrSw\\\\nHtc4UOR5AvaoRrfpgu2uq+i70/ZXrWL+pGb1hgZV8cWheIHMxwrR3IiQlM5qN7EF\\\\n9BdyWtyBfUGsp0Bn1VqlPc5G0x0a9xU2z9YtP994yDenNVIoIQ6Cov1lIEuwXAb2\\\\n7boC41ePXwD0JWt41sP+rgCmpjBx00puIG+IlnoReEgI1ZGYmK98GgA/XzmNjZiD\\\\nyvXJZAcM33Ue85+PkR5iHTtSEbi4QAoqpJabprUzz3Fin2j1dRrcacxGb7p31A9c\\\\nJQIDAQAB\\\\n-----END PUBLIC KEY-----\\\\n</PublicKey>\\n</GetPublicKeyResponse>","errorExample":""}]', + 'title' => 'GetPublicKey', + 'summary' => 'Queries the public key of an asymmetric key pair. You can use the public key to encrypt local data and verify signatures.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'CreateAlias' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '7906979c-8e06-46a2-be2d-68e3ccbc****', + ], + ], + [ + 'name' => 'AliasName', + 'in' => 'query', + 'schema' => [ + 'description' => 'The alias of the CMK.'."\n" + ."\n" + .'The alias must be 1 to 255 characters in length and must contain the prefix `alias/`. The alias cannot be prefixed with the reserved word `alias/acs`.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'alias/example', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '1d2baaf3-d357-46c2-832e-13560c2bd9cd', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"1d2baaf3-d357-46c2-832e-13560c2bd9cd\\"\\n}","errorExample":""},{"type":"xml","example":"<CreateAliasResponse>\\n <RequestId>1d2baaf3-d357-46c2-832e-13560c2bd9cd</RequestId>\\n</CreateAliasResponse>","errorExample":""}]', + 'title' => 'CreateAlias', + 'summary' => 'Creates an alias for a key.', + 'description' => '* Each alias can be bound to only one CMK at a time.'."\n" + .'* The aliases of CMKs in the same region must be unique.'."\n" + ."\n" + .'In this topic, an alias named `alias/example` is created for a CMK named `7906979c-8e06-46a2-be2d-68e3ccbc****`.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'ListAliases' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54587', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [ + [ + 'name' => 'PageNumber', + 'in' => 'query', + 'schema' => [ + 'description' => 'The number of the page to return.'."\n" + ."\n" + .'Pages start from page 1.'."\n" + ."\n" + .'Default value: 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'query', + 'schema' => [ + 'description' => 'The number of entries to return on each page.'."\n" + ."\n" + .'Valid values: 0 to 100.'."\n" + ."\n" + .'Default value: 10.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '10', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => '1b57992c-834b-4811-a889-f8bac1ba0353', + ], + 'PageNumber' => [ + 'description' => 'The page number of the returned page.', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'description' => 'The number of entries returned per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'TotalCount' => [ + 'description' => 'The total number of returned aliases.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'Aliases' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'Alias' => [ + 'description' => 'The alias of the user.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'KeyId' => [ + 'description' => 'The CMK to which the alias belongs.'."\n", + 'type' => 'string', + 'example' => '08c33a6f-4e0a-4a1b-a3fa-7ddfa1d****', + ], + 'AliasArn' => [ + 'description' => 'The Alibaba Cloud Resource Name (ARN) of the alias.'."\n", + 'type' => 'string', + 'example' => 'acs:kms:cn-hangzhou:123456:alias/ExampleAlias1', + ], + 'AliasName' => [ + 'description' => 'The ID of the alias.'."\n", + 'type' => 'string', + 'example' => 'alias/ExampleAlias1', + ], + ], + ], + ], + ], + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"1b57992c-834b-4811-a889-f8bac1ba0353\\",\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 1,\\n \\"Aliases\\": {\\n \\"Alias\\": [\\n {\\n \\"KeyId\\": \\"key-hzz6****\\",\\n \\"AliasArn\\": \\"acs:kms:cn-hangzhou:123456:alias/ExampleAlias1\\",\\n \\"AliasName\\": \\"alias/ExampleAlias1\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListAliasesResponse>\\n <RequestId>1b57992c-834b-4811-a889-f8bac1ba0353</RequestId>\\n <PageNumber>1</PageNumber>\\n <PageSize>10</PageSize>\\n <TotalCount>1</TotalCount>\\n <Aliases>\\n <KeyId>key-hzz6****</KeyId>\\n <AliasArn>acs:kms:cn-hangzhou:123456:alias/ExampleAlias1</AliasArn>\\n <AliasName>alias/ExampleAlias1</AliasName>\\n </Aliases>\\n</ListAliasesResponse>","errorExample":""}]', + 'title' => 'ListAliases', + 'summary' => 'Queries all aliases in the current region for the current account.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'ListAliasesByKeyId' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The globally unique ID of the CMK.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + ], + ], + [ + 'name' => 'PageNumber', + 'in' => 'query', + 'schema' => [ + 'description' => 'The number of the page to return.'."\n" + ."\n" + .'Valid values: an integer that is greater than 0.'."\n" + ."\n" + .'Default value: 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'query', + 'schema' => [ + 'description' => 'The number of entries to return on each page.'."\n" + ."\n" + .'Valid values: 0 to 101.'."\n" + ."\n" + .'Default value: 10'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '10', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '1b57992c-834b-4811-a889-f8bac1ba0353', + ], + 'PageNumber' => [ + 'description' => 'The page number of the returned page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'description' => 'The number of entries returned per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'TotalCount' => [ + 'description' => 'The total number of returned CMKs.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'Aliases' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'Alias' => [ + 'description' => 'An array that consists of aliases.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'KeyId' => [ + 'description' => 'The CMK to which an alias is bound.'."\n", + 'type' => 'string', + 'example' => '08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4****', + ], + 'AliasArn' => [ + 'description' => 'The Alibaba Cloud Resource Name (ARN) of the alias.'."\n", + 'type' => 'string', + 'example' => 'acs:kms:cn-hangzhou:123456:alias/ExampleAlias1', + ], + 'AliasName' => [ + 'description' => 'The ID of the alias.'."\n", + 'type' => 'string', + 'example' => 'alias/ExampleAlias1', + ], + ], + ], + ], + ], + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"1b57992c-834b-4811-a889-f8bac1ba0353\\",\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 1,\\n \\"Aliases\\": {\\n \\"Alias\\": [\\n {\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"AliasArn\\": \\"acs:kms:cn-hangzhou:123456:alias/ExampleAlias1\\",\\n \\"AliasName\\": \\"alias/ExampleAlias1\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListAliasesByKeyIdResponse>\\n <RequestId>1b57992c-834b-4811-a889-f8bac1ba0353</RequestId>\\n <PageNumber>1</PageNumber>\\n <PageSize>10</PageSize>\\n <TotalCount>1</TotalCount>\\n <Aliases>\\n <KeyId>key-hzz630494463ejqjx****</KeyId>\\n <AliasArn>acs:kms:cn-hangzhou:123456:alias/ExampleAlias1</AliasArn>\\n <AliasName>alias/ExampleAlias1</AliasName>\\n </Aliases>\\n</ListAliasesByKeyIdResponse>","errorExample":""}]', + 'title' => 'ListAliasesByKeyId', + 'summary' => 'Queries all aliases that are bound to a key.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'DeleteAlias' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'delete', + ], + 'parameters' => [ + [ + 'name' => 'AliasName', + 'in' => 'query', + 'schema' => [ + 'description' => 'The alias that you want to delete.'."\n" + ."\n" + .'The value must be 1 to 255 characters in length and must include the alias/ prefix.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'alias/example', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => '4c8ae23f-3a42-6791-a4ba-1faa77831c28', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"4c8ae23f-3a42-6791-a4ba-1faa77831c28\\"\\n}","errorExample":""},{"type":"xml","example":"<KMS>\\r\\n <RequestId>4c8ae23f-3a42-6791-a4ba-1faa77831c28</RequestId>\\r\\n</KMS>","errorExample":""}]', + 'title' => 'DeleteAlias', + 'summary' => 'Deletes an alias.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'UpdateAlias' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + ], + ], + [ + 'name' => 'AliasName', + 'in' => 'query', + 'schema' => [ + 'description' => 'The alias that you want to bind.'."\n" + ."\n" + .'The value must be 1 to 255 characters in length and must include the alias/ prefix.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'alias/example', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '1d2baaf3-d357-46c2-832e-13560c2bd9cd', + ], + ], + ], + ], + ], + 'errorCodes' => [], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"1d2baaf3-d357-46c2-832e-13560c2bd9cd\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateAliasResponse>\\n <RequestId>1d2baaf3-d357-46c2-832e-13560c2bd9cd</RequestId>\\n</UpdateAliasResponse>","errorExample":""}]', + 'title' => 'UpdateAlias', + 'summary' => 'Binds an existing alias to a different customer master key (CMK) ID.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'GetParametersForImport' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The globally unique ID of the CMK.'."\n" + ."\n" + .'> You can import key material only for CMKs whose Origin parameter is set to EXTERNAL.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '202b9877-5a25-46e3-a763-e20791b5****', + ], + ], + [ + 'name' => 'WrappingAlgorithm', + 'in' => 'query', + 'schema' => [ + 'description' => 'The algorithm that is used to encrypt key material.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'RSAES_PKCS1_V1_5', + ], + ], + [ + 'name' => 'WrappingKeySpec', + 'in' => 'query', + 'schema' => [ + 'description' => 'The type of the public key that is used to encrypt key material.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'RSA_2048', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'KeyId' => [ + 'description' => 'The globally unique ID of the CMK.'."\n" + ."\n" + .'The value of this parameter is required when you call the [ImportKeyMaterial](~~68622~~) operation.'."\n", + 'type' => 'string', + 'example' => '202b9877-5a25-46e3-a763-e20791b5****', + ], + 'ImportToken' => [ + 'description' => 'The token that is used to import key material.'."\n" + ."\n" + .'The token is valid for 24 hours. The value of this parameter is required when you call the [ImportKeyMaterial](~~68622~~) operation.'."\n", + 'type' => 'string', + 'example' => 'Base64String', + ], + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '8cdf51fd-bcd6-d79a-0ef4-e52c9b5466dc', + ], + 'TokenExpireTime' => [ + 'description' => 'The time when the token expires.'."\n", + 'type' => 'string', + 'example' => '2018-01-25T00:01:02Z', + ], + 'PublicKey' => [ + 'description' => 'The public key that is used to encrypt key material.'."\n" + ."\n" + .'The public key is Base64-encoded.'."\n", + 'type' => 'string', + 'example' => 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlls4uIBxD0GG84C+lGBO6Dhpf1J3XimC6cPmPNaKKJMOzoX4tD+C+r7aZv8lZ3vnPfxuxvy/YwG+whUxTEEFUdqJTOIzhPfYucupqKM92crVHIuG+xtMVeHKjyTr+UrtKCsQikqHT+19yDRN/RMoo2HUx0gmEnRyXd8t3JyUXun9FdoxKA08GrsV7nodb9ZsoBLhnev7tTLcXvLyKW6XG1ZQCQm6dPnbnwLeDXR7uK0Lqn9PM28mBIdaiQUQxj2XbM1CoJA+JiyVX3Ptdb+4rqukb4Rb05B80Bs9xV/cf7FIku08l7xGhrGiQFq+DFXwQWtwihXHZxz3LhldU+4ZPwID****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'Unsupported.Origin', + 'errorMessage' => 'This key origin is not valid for this api', + ], + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyId\\": \\"202b9877-5a25-46e3-a763-e20791b5****\\",\\n \\"ImportToken\\": \\"Base64String\\",\\n \\"RequestId\\": \\"8cdf51fd-bcd6-d79a-0ef4-e52c9b5466dc\\",\\n \\"TokenExpireTime\\": \\"2018-01-25T00:01:02Z\\",\\n \\"PublicKey\\": \\"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlls4uIBxD0GG84C+lGBO6Dhpf1J3XimC6cPmPNaKKJMOzoX4tD+C+r7aZv8lZ3vnPfxuxvy/YwG+whUxTEEFUdqJTOIzhPfYucupqKM92crVHIuG+xtMVeHKjyTr+UrtKCsQikqHT+19yDRN/RMoo2HUx0gmEnRyXd8t3JyUXun9FdoxKA08GrsV7nodb9ZsoBLhnev7tTLcXvLyKW6XG1ZQCQm6dPnbnwLeDXR7uK0Lqn9PM28mBIdaiQUQxj2XbM1CoJA+JiyVX3Ptdb+4rqukb4Rb05B80Bs9xV/cf7FIku08l7xGhrGiQFq+DFXwQWtwihXHZxz3LhldU+4ZPwID****\\"\\n}","errorExample":""},{"type":"xml","example":"<GetParametersForImportResponse>\\n <KeyId>202b9877-5a25-46e3-a763-e20791b5****</KeyId>\\n <ImportToken>Base64String</ImportToken>\\n <RequestId>8cdf51fd-bcd6-d79a-0ef4-e52c9b5466dc</RequestId>\\n <TokenExpireTime>2018-01-25T00:01:02Z</TokenExpireTime>\\n <PublicKey>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlls4uIBxD0GG84C+lGBO6Dhpf1J3XimC6cPmPNaKKJMOzoX4tD+C+r7aZv8lZ3vnPfxuxvy/YwG+whUxTEEFUdqJTOIzhPfYucupqKM92crVHIuG+xtMVeHKjyTr+UrtKCsQikqHT+19yDRN/RMoo2HUx0gmEnRyXd8t3JyUXun9FdoxKA08GrsV7nodb9ZsoBLhnev7tTLcXvLyKW6XG1ZQCQm6dPnbnwLeDXR7uK0Lqn9PM28mBIdaiQUQxj2XbM1CoJA+JiyVX3Ptdb+4rqukb4Rb05B80Bs9xV/cf7FIku08l7xGhrGiQFq+DFXwQWtwihXHZxz3LhldU+4ZPwID****</PublicKey>\\n</GetParametersForImportResponse>","errorExample":""}]', + 'title' => 'GetParametersForImport', + 'summary' => 'Queries the parameters that are used to import key material for a customer master key (CMK).', + 'description' => 'The returned parameters can be used to call the [ImportKeyMaterial](https://www.alibabacloud.com/help/en/key-management-service/latest/importkeymaterial) operation.'."\n" + .'- You can import key material only for CMKs whose Origin parameter is set to EXTERNAL.'."\n" + .'- The public key and token that are returned by the GetParametersForImport operation must be used together. The public key and token can be used to import key material only for the CMK that is specified when you call the operation.'."\n" + .'- The public key and token that are returned vary each time you call the GetParametersForImport operation.'."\n" + .'- You must specify the type of the public key and the encryption algorithm that are used to encrypt key material. The following table lists the types of public keys and the encryption algorithms allowed for each type. '."\n" + ."\n" + .'| Public key type | Encryption algorithm | Description |'."\n" + .'| --------------- | -------------------- | ----------- |'."\n" + .'| RSA_2048 | RSAES_PKCS1_V1_5 '."\n" + ."\n" + .'RSAES_OAEP_SHA_1 '."\n" + ."\n" + .'RSAES_OAEP_SHA_256 | CMKs of all regions and all protection levels are supported. '."\n" + ."\n" + .'Dedicated Key Management Service (KMS) does not support RSAES_OAEP_SHA_1. |'."\n" + .'| EC_SM2 | SM2PKE | CMKs whose ProtectionLevel is set to HSM are supported. The SM2 algorithm is developed and approved by the State Cryptography Administration of China. The SM2 algorithm can be used only to import key material for a CMK whose ProtectionLevel is set to HSM. You can use the SM2 algorithm only when you enable the Managed HSM feature for KMS in the Chinese mainland. For more information, see [Overview of Managed HSM](https://www.alibabacloud.com/help/en/key-management-service/latest/managed-hsm-overview). |'."\n" + .'For more information, see [Import key material](https://www.alibabacloud.com/help/en/key-management-service/latest/import-key-material). This topic provides an example on how to query the parameters that are used to import key material for a CMK. The ID of the CMK is `1234abcd-12ab-34cd-56ef-12345678****`, the encryption algorithm is `RSAES_PKCS1_V1_5`, and the public key is of the `RSA_2048` type. The parameters that are returned include the ID of the CMK, the public key that is used to encrypt the key material, the token that is used to import the key material, and the time when the token expires.', + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'ImportKeyMaterial' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'readAndWrite', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the CMK to be imported.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + ], + ], + [ + 'name' => 'EncryptedKeyMaterial', + 'in' => 'query', + 'schema' => [ + 'description' => 'Use **GetParametersForImport** the Returned public key and the base64-encoded key material.', + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'bCPZx7I6v6KXsqEpr2OXKxuj2CCRtKdwp75Bw+BGncYqBdfjFBYRtOE6HRlT0oeiRDWzwnw9OA54OL36smDJrq4Lo9x0CyYDiuKnRkcKtMtlzW0din7Pd7IlZWWRdVueiw2qpzl7PkUWQGTdsdbzpfJJQ+qj/cRIrk/E83UGyeyytSpgnb+lu0xEYcPajRyWNsbi98N3pqqQzHXNNHO2NJqHlnQgglqTiBEjkGeKFhfKmTc3vjulIdVa3EaVIN6lwWfgx+UUYSrvbA77WDYKlDsZ4SbK2/T7za9Tp1qU7Ynqba7OKGVVj7PMbiaO80AxWZnjUMYCgEp5w7V+seOXqw==', + ], + ], + [ + 'name' => 'ImportToken', + 'in' => 'query', + 'schema' => [ + 'description' => 'By calling **GetParametersForImport** the import token.', + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'Base64String', + ], + ], + [ + 'name' => 'KeyMaterialExpireUnix', + 'in' => 'query', + 'schema' => [ + 'description' => 'The time when the key material expires.'."\n" + ."\n" + .'If this parameter is not specified or set this parameter to 0, the key material does not expire.'."\n" + ."\n" + .'> The value cannot be earlier than the time when the API is called (based on the server time).', + 'type' => 'integer', + 'format' => 'int64', + 'required' => true, + 'docRequired' => true, + 'example' => '0', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => 'ec1017cf-ead4-f3ca-babc-c3b34f3dbecb', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidKeyMaterial', + 'errorMessage' => 'key material is invalid', + ], + [ + 'errorCode' => 'InvalidImportToken', + 'errorMessage' => 'import token is invalid', + ], + [ + 'errorCode' => 'ExpiredImportToken', + 'errorMessage' => 'import token is expired', + ], + [ + 'errorCode' => 'Unsupported.Origin', + 'errorMessage' => 'This key origin is not valid for this api', + ], + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"ec1017cf-ead4-f3ca-babc-c3b34f3dbecb\\"\\n}","errorExample":"//xml response\\n<KMS>\\n <RequestId>ec1017cf-ead4-f3ca-babc-c3b34f3dbecb</RequestId>\\n</KMS>\\n"},{"type":"xml","example":"<KMS>\\n <RequestId>ec1017cf-ead4-f3ca-babc-c3b34f3dbecb</RequestId>\\n</KMS>","errorExample":"//json response\\n{\\n \\"RequestId\\":\\"ec1017cf-ead4-f3ca-babc-c3b34f3dbecb\\"\\n}\\n"}]', + 'title' => 'ImportKeyMaterial', + 'summary' => 'Call the ImportKeyMaterial operation to import the key material.', + 'description' => 'Call [CreateKey](~~28947~~) when creating a CMK, you can select its key material source as external. **Origin** set to **EXTERNAL**. This API is used to import the key material into the CMK.'."\n" + ."\n" + .'* To view the CMK **Origin**, see [DescribeKey](~~28952~~).'."\n" + .'* Before importing key material, you need to call the [GetParametersForImport](~~68621~~) obtain the parameters required to import the key material, including the public key and import token.'."\n" + ."\n" + .'> * The key type of the pair is **Aliyun\\_AES\\_256** the key material must be 256 bits. The key type must be **Aliyun\\_SM4** the CMK and key material must be 128 bits.'."\n" + .'> * You can set the expiration time for the key material, or you can set it to never expire.'."\n" + .'> * You can reimport the key material and reset the expiration time for the specified CMK at any time, but the same key material must be imported.'."\n" + .'> * After the imported key material expires or is deleted, the specified CMK is unavailable until the same key material are imported again.'."\n" + .'> * A Key material can be imported to multiple cmks, but any Data or Data Key encrypted by one CMK cannot be decrypted by another CMK.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'DeleteKeyMaterial' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'delete', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The globally unique ID of the CMK.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => '4162a6af-bc99-40b3-a552-89dcc8aaf7c8', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"4162a6af-bc99-40b3-a552-89dcc8aaf7c8\\"\\n}","errorExample":"//xml response\\n<KMS>\\n <RequestId>4162a6af-bc99-40b3-a552-89dcc8aaf7c8</RequestId>\\n</KMS>\\n"},{"type":"xml","example":"<KMS>\\r\\n <RequestId>4162a6af-bc99-40b3-a552-89dcc8aaf7c8</RequestId>\\r\\n</KMS>","errorExample":"//json response\\n{\\n \\"RequestId\\": \\"4162a6af-bc99-40b3-a552-89dcc8aaf7c8\\"\\n}\\n"}]', + 'title' => 'DeleteKeyMaterial', + 'summary' => 'Deletes the key material that you imported.', + 'description' => 'This operation does not delete the CMK that is created by using the key material.'."\n" + ."\n" + .'If the CMK is in the PendingDeletion state, the state of the CMK and the scheduled deletion time do not change after you call this operation. If the CMK is not in the PendingDeletion state, the state of the CMK changes to PendingImport after you call this operation.'."\n" + ."\n" + .'After you delete the key material, you can upload only the same key material into the CMK.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'ScheduleKeyDeletion' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the customer master key (CMK). The ID must be globally unique.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '7906979c-8e06-46a2-be2d-68e3ccbc****', + ], + ], + [ + 'name' => 'PendingWindowInDays', + 'in' => 'query', + 'schema' => [ + 'description' => 'The scheduled period after which the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the key deletion task.'."\n" + ."\n" + .'Valid values: 7 to 366.'."\n" + ."\n" + .'Unit: days.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => true, + 'maximum' => '366', + 'minimum' => '7', + 'example' => '7', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '3da5b8cc-8107-40ac-a170-793cd181d7b7', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3da5b8cc-8107-40ac-a170-793cd181d7b7\\"\\n}","errorExample":""},{"type":"xml","example":"<ScheduleKeyDeletionResponse>\\n <RequestId>3da5b8cc-8107-40ac-a170-793cd181d7b7</RequestId>\\n</ScheduleKeyDeletionResponse>","errorExample":""}]', + 'title' => 'ScheduleKeyDeletion', + 'summary' => 'Deletes a specified customer master key (CMK).', + 'description' => 'During the scheduled period, the CMK is in the PendingDeletion state and cannot be used to encrypt data, decrypt data, or generate data keys.'."\n" + ."\n" + .'After a CMK is deleted, it cannot be recovered. Data that is encrypted and data keys that are generated by using the CMK cannot be decrypted. To prevent accidental deletion of CMKs, Key Management Service (KMS) allows you to only schedule key deletion tasks. You cannot directly delete CMKs. If you want to delete a CMK, call the [DisableKey](~~35151~~) operation to disable the CMK.'."\n" + ."\n" + .'When you call this operation, you must specify a scheduled period between 7 days to 366 days. The scheduled period starts from the time when you submit the request. You can call the [CancelKeyDeletion](~~44197~~) operation to cancel the key deletion task before the scheduled period ends.'."\n", + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'CancelKeyDeletion' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '3da5b8cc-8107-40ac-a170-793cd181d7b7', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3da5b8cc-8107-40ac-a170-793cd181d7b7\\"\\n}","errorExample":""},{"type":"xml","example":"<CancelKeyDeletionResponse>\\n <RequestId>3da5b8cc-8107-40ac-a170-793cd181d7b7</RequestId>\\n</CancelKeyDeletionResponse>","errorExample":""}]', + 'title' => 'CancelKeyDeletion', + 'summary' => 'Cancels the deletion task of a CMK.', + 'description' => 'If the deletion task of a CMK is canceled, the CMK returns to the Enabled state.'."\n", + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'SetDeletionProtection' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + 'abilityTreeCode' => '54603', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + ], + 'parameters' => [ + [ + 'name' => 'ProtectedResourceArn', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ARN of the CMK for which you want to set deletion protection.'."\n" + ."\n" + .'You can call the [DescribeKey](~~28952~~) operation to query the CMK ARN.'."\n", + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => 'acs:kms:cn-hangzhou:123213123****:key/0225f411-b21d-46d1-be5b-93931c82****', + ], + ], + [ + 'name' => 'EnableDeletionProtection', + 'in' => 'query', + 'schema' => [ + 'description' => 'Specifies whether to enable deletion protection. Valid values:'."\n" + ."\n" + .'* true: enables deletion protection.'."\n" + .'* false: disables deletion protection.'."\n", + 'type' => 'boolean', + 'required' => true, + 'docRequired' => true, + 'example' => 'true', + ], + ], + [ + 'name' => 'DeletionProtectionDescription', + 'in' => 'query', + 'schema' => [ + 'description' => 'The description of deletion protection.'."\n" + ."\n" + .'> This parameter takes effect only when you set the EnableDeletionProtection parameter to true.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'This key is being used by XXX service. You are protected from deletion.', + ], + ], + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'type' => 'string', + 'required' => false, + ], + ], + [ + 'name' => 'KmsInstanceId', + 'in' => 'query', + 'schema' => [ + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '3455b9b4-95c1-419d-b310-db6a53b09a39', + ], + ], + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3455b9b4-95c1-419d-b310-db6a53b09a39\\"\\n}","errorExample":""},{"type":"xml","example":"<SetDeletionProtectionResponse>\\n <RequestId>3455b9b4-95c1-419d-b310-db6a53b09a39</RequestId>\\n</SetDeletionProtectionResponse>","errorExample":""}]', + 'title' => 'SetDeletionProtection', + 'summary' => 'Enables or disables deletion protection for a key.', + 'description' => '* After you enable deletion protection for a CMK, you cannot delete the CMK. If you want to delete the CMK, you must first disable deletion protection for the CMK.'."\n" + .'* Before you can call the SetDeletionProtection operation, make sure that the required CMK is not in the Pending Deletion state. You can call the [DescribeKey](~~28952~~) operation to query the CMK status, which is specified by the KeyState parameter.'."\n" + ."\n" + .'You can enable deletion protection for the CMK whose Alibaba Cloud Resource Name (ARN) is `acs:kms:cn-hangzhou:123213123****:key/0225f411-b21d-46d1-be5b-93931c82****` by using parameter settings provided in this topic. The CMK ARN is specified by the ProtectedResourceArn parameter.', + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'UpdateRotationPolicy' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the customer master key (CMK). The ID must be globally unique.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + ], + ], + [ + 'name' => 'EnableAutomaticRotation', + 'in' => 'query', + 'schema' => [ + 'description' => 'Specifies whether to enable automatic key rotation. Valid values:'."\n" + ."\n" + .'* true: enables automatic key rotation.'."\n" + .'* false: disables automatic key rotation.'."\n", + 'type' => 'boolean', + 'required' => true, + 'docRequired' => true, + 'example' => 'true', + ], + ], + [ + 'name' => 'RotationInterval', + 'in' => 'query', + 'schema' => [ + 'description' => 'The period of automatic key rotation. Specify the value in the integer\\[unit] format. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day period. The period can range from 7 days to 730 days.'."\n" + ."\n" + .'> If you set the EnableAutomaticRotation parameter to true, you must also specify this parameter. If you set the EnableAutomaticRotation parameter to false, you can leave this parameter unspecified.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '30d', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => 'efb1cbbd-a093-4278-bc03-639dd4fcc207', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'Rejected.UnsupportedOperation', + 'errorMessage' => 'Unsupported operation.', + ], + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter RotationInterval is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"efb1cbbd-a093-4278-bc03-639dd4fcc207\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateRotationPolicyResponse>\\n <RequestId>efb1cbbd-a093-4278-bc03-639dd4fcc207</RequestId>\\n</UpdateRotationPolicyResponse>","errorExample":""}]', + 'title' => 'UpdateRotationPolicy', + 'summary' => 'Updates a key rotation policy.', + 'description' => 'When automatic key rotation is enabled, KMS automatically creates a key version after the preset rotation period arrives. In addition, KMS sets the new key version as the primary key version.'."\n" + ."\n" + .'An automatic key rotation policy cannot be configured for the following keys:'."\n" + ."\n" + .'* Asymmetric key'."\n" + .'* Service-managed key'."\n" + .'* Bring your own key (BYOK) that is imported into KMS'."\n" + .'* Key that is not in the **Enabled** state'."\n" + ."\n" + .'In this example, automatic key rotation is enabled for a CMK whose ID is `1234abcd-12ab-34cd-56ef-12345678****`. The automatic rotation period is 30 days.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'DescribeKeyVersion' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The globally unique ID of the CMK.'."\n" + ."\n" + .'You can also set this parameter to an alias that is bound to the CMK. For more information, see [Alias overview](~~68522~~).'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + ], + ], + [ + 'name' => 'KeyVersionId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The globally unique ID of the CMK version.'."\n" + ."\n" + .'You can call the [ListKeyVersions](~~133966~~) operation to query the versions of the CMK.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + ], + ], + 'responses' => [ + 200 => [ + 'headers' => [], + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => '7021b6ec-4be7-4d3c-8a68-1e85d4d515a0', + ], + 'KeyVersion' => [ + 'description' => 'The metadata of the CMK version.'."\n", + 'type' => 'object', + 'properties' => [ + 'KeyId' => [ + 'description' => 'The globally unique ID of the CMK.'."\n" + ."\n" + .'> If you set the KeyId parameter in the request to an alias of the CMK, the ID of the CMK to which the alias is bound is returned.'."\n", + 'type' => 'string', + 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + ], + 'KeyVersionId' => [ + 'description' => 'The globally unique ID of the CMK version.'."\n", + 'type' => 'string', + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + 'CreationDate' => [ + 'description' => 'The date and time when the CMK version was created. The time is displayed in UTC.'."\n", + 'type' => 'string', + 'example' => '2016-03-25T10:42:40Z', + ], + ], + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"7021b6ec-4be7-4d3c-8a68-1e85d4d515a0\\",\\n \\"KeyVersion\\": {\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"CreationDate\\": \\"2024-03-25T10:42:40Z\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"<DescribeKeyVersionResponse>\\n <RequestId>7021b6ec-4be7-4d3c-8a68-1e85d4d515a0</RequestId>\\n <KeyVersion>\\n <KeyId>key-hzz630494463ejqjx****</KeyId>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <CreationDate>2024-03-25T10:42:40Z</CreationDate>\\n </KeyVersion>\\n</DescribeKeyVersionResponse>","errorExample":""}]', + 'title' => 'DescribeKeyVersion', + 'summary' => 'Queries the information about a key version.', + 'description' => 'This topic provides an example on how to query the information about a version of the CMK `1234abcd-12ab-34cd-56ef-12345678****`. The ID of the CMK version is `2ab1a983-7072-4bbc-a582-584b5bd8****`. The response shows that the creation time of the CMK version is `2016-03-25T10:42:40Z`.'."\n", + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'CreateKeyVersion' => [ + 'summary' => 'Creates a version for a customer master key (CMK).', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" + ."\n" + .'> You can also set the value to an alias that is bound to the CMK. For more information, see [Overview of aliases](~~68522~~).'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '0b30658a-ed1a-4922-b8f7-a673ca9c****', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => 'b96f250a-4b75-498c-91be-22c6928f85be', + ], + 'KeyVersion' => [ + 'description' => 'The metadata of the version.'."\n", + 'type' => 'object', + 'properties' => [ + 'KeyId' => [ + 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n", + 'type' => 'string', + 'example' => '0b30658a-ed1a-4922-b8f7-a673ca9c****', + ], + 'KeyVersionId' => [ + 'description' => 'The ID of the version.'."\n", + 'type' => 'string', + 'example' => 'c0a3d5dc-0b47-4199-a050-b289349a****', + ], + 'CreationDate' => [ + 'description' => 'The date and time when the version was created. The time is displayed in UTC.'."\n", + 'type' => 'string', + 'example' => '2019-08-02T10:38:27Z', + ], + ], + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'Rejected.UnsupportedOperation', + 'errorMessage' => 'Unsupported operation.', + ], + ], + 404 => [ + [ + 'errorCode' => 'Forbidden.AliasNotFound', + 'errorMessage' => 'The specified Alias is not found.', + ], + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + ], + 409 => [ + [ + 'errorCode' => 'Rejected.Disabled', + 'errorMessage' => 'The request was rejected because the key state is Disabled.', + ], + [ + 'errorCode' => 'Rejected.Unavailable', + 'errorMessage' => 'The request was rejected because the key state is Unavailable.', + ], + [ + 'errorCode' => 'Rejected.PendingDeletion', + 'errorMessage' => 'The request was rejected because the key state is PendingDeletion.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"b96f250a-4b75-498c-91be-22c6928f85be\\",\\n \\"KeyVersion\\": {\\n \\"KeyId\\": \\"key-hzz62f1cb66fa42qo****\\",\\n \\"KeyVersionId\\": \\"key-hzz62f1cb66fa42qo****-20v29b****\\",\\n \\"CreationDate\\": \\"2023-07-02T10:38:27Z\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"<CreateKeyVersionResponse>\\n <RequestId>b96f250a-4b75-498c-91be-22c6928f85be</RequestId>\\n <KeyVersion>\\n <KeyId>key-hzz62f1cb66fa42qo****</KeyId>\\n <KeyVersionId>key-hzz62f1cb66fa42qo****-20v29b****</KeyVersionId>\\n <CreationDate>2023-07-02T10:38:27Z</CreationDate>\\n </KeyVersion>\\n</CreateKeyVersionResponse>","errorExample":""}]', + 'title' => 'CreateKeyVersion', + 'description' => '* You can create a version only for an asymmetric CMK that is in the Enabled state. You can call the [CreateKey](~~28947~~) operation to create an asymmetric CMK and the [DescribeKey](~~28952~~) operation to query the status of the CMK. The status is specified by the KeyState parameter.'."\n" + .'* The minimum interval for creating a version of the same CMK is seven days. You can call the [DescribeKey](~~28952~~) operation to query the time when the last version of a CMK was created. The time is specified by the LastRotationDate parameter.'."\n" + .'* If a CMK is in a private key store, you cannot create a version for the CMK.'."\n" + .'* You can create a maximum of 50 versions for a CMK in the same region.'."\n" + ."\n" + .'You can create a version for the CMK whose ID is `0b30658a-ed1a-4922-b8f7-a673ca9c****` by using the parameter settings provided in this topic.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'ListKeyVersions' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The globally unique ID of the CMK. You can also set this parameter to an alias that is bound to the CMK. For more information, see [Use aliases](~~68522~~).'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '0b30658a-ed1a-4922-b8f7-a673ca9c****', + ], + ], + [ + 'name' => 'PageNumber', + 'in' => 'query', + 'schema' => [ + 'description' => 'The number of the page to return.'."\n" + ."\n" + .'Pages start from page 1.'."\n" + ."\n" + .'Default value: 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'docRequired' => true, + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'query', + 'schema' => [ + 'description' => 'The number of entries to return on each page.'."\n" + ."\n" + .'Valid values: 0 to 101.'."\n" + ."\n" + .'Default value: 10.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '10', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'PageSize' => [ + 'description' => 'The number of entries returned per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => 'f71204c4-53cd-4eea-b405-653ba2db7e86', + ], + 'PageNumber' => [ + 'description' => 'The page number of the returned page.', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'TotalCount' => [ + 'description' => 'The total number of returned key versions.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '3', + ], + 'KeyVersions' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'KeyVersion' => [ + 'description' => 'An array that consists of key versions.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'KeyId' => [ + 'description' => 'The globally unique ID of the CMK.'."\n" + ."\n" + .'> If you set the KeyId parameter to the alias of the CMK, the ID of the CMK to which the alias is bound is returned.'."\n", + 'type' => 'string', + 'example' => '0b30658a-ed1a-4922-b8f7-a673ca9c****', + ], + 'KeyVersionId' => [ + 'description' => 'The globally unique ID of the CMK version.'."\n", + 'type' => 'string', + 'example' => '1e3304fd-68ac-4d5b-8886-ae5f01a1****', + ], + 'CreationDate' => [ + 'description' => 'The date and time when the CMK version was created. The time is displayed in UTC.'."\n", + 'type' => 'string', + 'example' => '2016-03-25T10:42:40Z', + ], + ], + ], + ], + ], + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"PageSize\\": 10,\\n \\"RequestId\\": \\"f71204c4-53cd-4eea-b405-653ba2db7e86\\",\\n \\"PageNumber\\": 1,\\n \\"TotalCount\\": 3,\\n \\"KeyVersions\\": {\\n \\"KeyVersion\\": [\\n {\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"KeyVersionId\\": \\"1e3304fd-68ac-4d5b-8886-ae5f01a1****\\",\\n \\"CreationDate\\": \\"2024-03-25T10:42:40Z\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListKeyVersionsResponse>\\n <PageSize>10</PageSize>\\n <RequestId>f71204c4-53cd-4eea-b405-653ba2db7e86</RequestId>\\n <PageNumber>1</PageNumber>\\n <TotalCount>3</TotalCount>\\n <KeyVersions>\\n <KeyId>key-hzz630494463ejqjx****</KeyId>\\n <KeyVersionId>1e3304fd-68ac-4d5b-8886-ae5f01a1****</KeyVersionId>\\n <CreationDate>2024-03-25T10:42:40Z</CreationDate>\\n </KeyVersions>\\n</ListKeyVersionsResponse>","errorExample":""}]', + 'title' => 'ListKeyVersions', + 'summary' => 'Queries all versions of a key.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'SetKeyPolicy' => [ + 'summary' => 'Configures a policy for a key in a Key Management Service (KMS) instance.', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + 'abilityTreeCode' => '206075', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'title' => '', + 'description' => '', + 'type' => 'string', + 'required' => true, + 'example' => 'key-hzz630494463ejqjx****', + ], + ], + [ + 'name' => 'PolicyName', + 'in' => 'query', + 'schema' => [ + 'description' => '', + 'type' => 'string', + 'required' => false, + 'example' => 'default', + ], + ], + [ + 'name' => 'Policy', + 'in' => 'query', + 'schema' => [ + 'description' => '', + 'type' => 'string', + 'required' => true, + 'example' => '{"Statement":[{"Action":["kms:*"],"Effect":"Allow","Principal":{"RAM":["acs:ram::119285303511****:*"]},"Resource":["*"],"Sid":"kms default key policy"},{"Action":["kms:List*","kms:Describe*","kms:Create*","kms:Enable*","kms:Disable*","kms:Get*","kms:Set*","kms:Update*","kms:Delete*","kms:Cancel*","kms:TagResource","kms:UntagResource","kms:ImportKeyMaterial","kms:ScheduleKeyDeletion"],"Effect":"Allow","Principal":{"RAM":["acs:ram::119285303511****:user/for_test_policy"]},"Resource":["*"]}],"Version":"1"}', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => '', + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'title' => '', + 'description' => '', + 'type' => 'string', + 'example' => '381D5D33-BB8F-395F-8EE4-AE3BB4B523C8', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'MissingParameter', + 'errorMessage' => 'The parameter needed but no provided.', + ], + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + [ + 'errorCode' => 'Forbidden.NoPermission', + 'errorMessage' => 'This operation is forbidden by permission system.', + ], + [ + 'errorCode' => 'Forbidden.KeyPolicyUnSupported', + 'errorMessage' => 'The specified key does not support key policy.', + ], + [ + 'errorCode' => 'Rejected.ShareQuotaExceedLimit', + 'errorMessage' => 'Instance Share Quota Exceed Limit.', + ], + ], + 403 => [ + [ + 'errorCode' => 'Forbidden.DKMSInstanceStateInvalid', + 'errorMessage' => 'The DKMS instance state is invalid.', + ], + ], + [ + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + [ + 'errorCode' => 'Forbidden.ResourceNotFound', + 'errorMessage' => 'Policy not found.', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalFailure', + 'errorMessage' => 'Internal Failure', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"381D5D33-BB8F-395F-8EE4-AE3BB4B523C8\\"\\n}","errorExample":""},{"type":"xml","example":"<SetKeyPolicyResponse>\\n <RequestId>381D5D33-BB8F-395F-8EE4-AE3BB4B523C8</RequestId>\\n</SetKeyPolicyResponse>","errorExample":""}]', + 'title' => 'SetKeyPolicy', + ], + 'GetKeyPolicy' => [ + 'summary' => '仅可查询名称为 default 的 Key Policy,否则提示 Not Found。', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'readAndWrite', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '206082', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'title' => '', + 'description' => '', + 'type' => 'string', + 'required' => true, + 'example' => 'key-hzz630494463ejqjx****', + ], + ], + [ + 'name' => 'PolicyName', + 'in' => 'query', + 'schema' => [ + 'title' => '策略名称', + 'description' => '', + 'type' => 'string', + 'required' => false, + 'example' => 'default', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => '', + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'title' => '', + 'description' => '', + 'type' => 'string', + 'example' => '381D5D33-BB8F-395F-8EE4-AE3B84B523C8', + ], + 'Policy' => [ + 'description' => '', + 'type' => 'string', + 'example' => '{"Statement": [{"Action": ["kms:*"],"Effect": "Allow","Principal": {"RAM": ["acs:ram::190325303126****:*","acs:ram::119285303511****:*"]},"Resource": ["*"],"Sid": "kms default key policy"}],"Version": "1" }', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + [ + 'errorCode' => 'MissingParameter', + 'errorMessage' => 'The parameter needed but no provided.', + ], + [ + 'errorCode' => 'Forbidden.NoPermission', + 'errorMessage' => 'This operation is forbidden by permission system.', + ], + [ + 'errorCode' => 'Forbidden.KeyPolicyUnSupported', + 'errorMessage' => 'The specified key does not support key policy.', + ], + ], + 404 => [ + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + [ + 'errorCode' => 'Forbidden.ResourceNotFound', + 'errorMessage' => 'Policy not found.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"381D5D33-BB8F-395F-8EE4-AE3B84B523C8\\",\\n \\"Policy\\": \\"{\\\\\\"Statement\\\\\\": [{\\\\\\"Action\\\\\\": [\\\\\\"kms:*\\\\\\"],\\\\\\"Effect\\\\\\": \\\\\\"Allow\\\\\\",\\\\\\"Principal\\\\\\": {\\\\\\"RAM\\\\\\": [\\\\\\"acs:ram::190325303126****:*\\\\\\",\\\\\\"acs:ram::119285303511****:*\\\\\\"]},\\\\\\"Resource\\\\\\": [\\\\\\"*\\\\\\"],\\\\\\"Sid\\\\\\": \\\\\\"kms default key policy\\\\\\"}],\\\\\\"Version\\\\\\": \\\\\\"1\\\\\\" }\\"\\n}","errorExample":""},{"type":"xml","example":"<GetKeyPolicyResponse>\\n <RequestId>381D5D33-BB8F-395F-8EE4-AE3B84B523C8</RequestId>\\n <Policy>{\\"Statement\\": [{\\"Action\\": [\\"kms:*\\"],\\"Effect\\": \\"Allow\\",\\"Principal\\": {\\"RAM\\": [\\"acs:ram::190325303126****:*\\",\\"acs:ram::119285303511****:*\\"]},\\"Resource\\": [\\"*\\"],\\"Sid\\": \\"kms default key policy\\"}],\\"Version\\": \\"1\\" }</Policy>\\n</GetKeyPolicyResponse>","errorExample":""}]', + 'title' => 'GetKeyPolicy', + ], + 'GenerateDataKey' => [ + 'summary' => 'Generates a random data key that is used to encrypt on-premises data.', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54570', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" + ."\n" + .'You can also set this parameter to an alias that is bound to the CMK. For more information, see [Alias overview](~~68522~~).'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '7906979c-8e06-46a2-be2d-68e3ccbc****', + ], + ], + [ + 'name' => 'KeySpec', + 'in' => 'query', + 'schema' => [ + 'description' => 'The type of the data key that you want to generate. Valid values:'."\n" + ."\n" + .'* AES\\_256: a 256-bit symmetric key'."\n" + .'* AES\\_128: a 128-bit symmetric key'."\n" + ."\n" + .'> We recommend that you use the KeySpec or NumberOfBytes parameter to specify the length of a data key. If none of the parameters are specified, KMS generates a 256-bit data key. If both parameters are specified, KMS ignores the KeySpec parameter.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'AES_256', + 'enum' => [ + 'AES_256', + ' AES_128', + ], + ], + ], + [ + 'name' => 'NumberOfBytes', + 'in' => 'query', + 'schema' => [ + 'description' => 'The length of the data key that you want to generate. Unit: bytes.'."\n" + ."\n" + .'Valid values: 1 to 1024.'."\n" + ."\n" + .'Default value:'."\n" + ."\n" + .'* If the KeySpec parameter is set to AES\\_256, set the value of the NumberOfBytes parameter to 32.'."\n" + .'* If the KeySpec parameter is set to AES\\_128, set the value of the NumberOfBytes parameter to 16.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'maximum' => '1024', + 'minimum' => '0', + 'example' => '256', + ], + ], + [ + 'name' => 'EncryptionContext', + 'in' => 'query', + 'style' => 'json', + 'schema' => [ + 'description' => 'The JSON string that consists of key-value pairs.'."\n" + ."\n" + .'If you specify this parameter, an equivalent value is required when you call the [Decrypt](~~28950~~) operation. For more information, see [EncryptionContext](~~42975~~).'."\n", + 'type' => 'object', + 'required' => false, + 'example' => '{"Example":"Example"}', + ], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => [ + 'type' => 'string', + ], + ], + [ + 'name' => 'Recipient', + 'in' => 'query', + 'schema' => [ + 'title' => '类型: String'."\n" + .'格式如下:'."\n" + .'{'."\n" + .'"AttestationDocument":"base64-encoded-attestion-document", '."\n" + .'"KeyEncryptionAlgorithm":"RSAES_OAEP_SHA_256"'."\n" + .'}'."\n" + .'AttestationDocument结构定义'."\n" + .'{'."\n" + .' "quoted": "AI//VENHgBgAIgALaTMPawflAbjXzXCp*******",'."\n" + .' "extendUserData": "base64-encoded-extend-user-data",'."\n" + .' "signature": "ABQACwEApJrELtCW/lwoCKgVMClx9F*******",'."\n" + .' "pcrInfo": {'."\n" + .' "pcrValues": "AAAAGAAgi2emNLLevC3zHzEUs69I3W******",'."\n" + .' "pcrSelectionOut": "AAAAAQALA////w==",'."\n" + .' "pcrUpdateCounter": 201'."\n" + .' },'."\n" + .' "cert": "MIIE3DCCA8SgAwIBAgIBBzANBgkqhkiG9w0BA*******"'."\n" + .'}'."\n" + .'extendUserData中用户数据格式如下:'."\n" + .'{'."\n" + .' "aud": "kms", // 固定值'."\n" + .' "iat": unix-timestamp, //秒级'."\n" + .' "exp": unix-timestamp, //秒级'."\n" + .' "pubKey": "Base64 encoded SPKI, supports RSA2048"'."\n" + .' "digestAlg":"sha256", //当前仅支持sha256'."\n" + .' "ver":"v1" //当前仅支持v1'."\n" + .'}'."\n" + .'仅在调用专属网关的openapi时生效', + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'KeyVersionId' => [ + 'description' => 'The ID of the CMK version. The ID must be globally unique.'."\n", + 'type' => 'string', + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + 'KeyId' => [ + 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" + ."\n" + .'> If you set the KeyId parameter in the request to an alias of the CMK, the ID of the CMK to which the alias is bound is returned.'."\n", + 'type' => 'string', + 'example' => '7906979c-8e06-46a2-be2d-68e3ccbc****', + ], + 'CiphertextBlob' => [ + 'description' => 'The ciphertext of the data key that is encrypted by using the primary version of the specified CMK.'."\n", + 'type' => 'string', + 'example' => 'ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****', + ], + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '7021b6ec-4be7-4d3c-8a68-1e85d4d515a0', + ], + 'Plaintext' => [ + 'description' => 'The Base64 encoded plaintext of the data key.'."\n", + 'type' => 'string', + 'example' => 'QmFzZTY0IGVuY29kZWQgcGxhaW50****', + ], + 'CiphertextForRecipient' => [ + 'title' => '当传递Recipient时, 使用Recipient中的公钥加密明文数据密钥,采用Base64进行编码'."\n" + .'公钥是extendUserData中的pubkey'."\n" + .'仅在调用实例网关的openapi时生效', + 'type' => 'string', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'UnsupportedOperation', + 'errorMessage' => 'This action is not supported.', + ], + ], + 404 => [ + [ + 'errorCode' => 'Forbidden.AliasNotFound', + 'errorMessage' => 'The specified Alias is not found.', + ], + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + ], + 409 => [ + [ + 'errorCode' => 'Rejected.Disabled', + 'errorMessage' => 'The request was rejected because the key state is Disabled.', + ], + [ + 'errorCode' => 'Rejected.PendingDeletion', + 'errorMessage' => 'The request was rejected because the key state is PendingDeletion.', + ], + [ + 'errorCode' => 'Rejected.Unavailable', + 'errorMessage' => 'The request was rejected because the key state is Unavailable.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"CiphertextBlob\\": \\"ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****\\",\\n \\"RequestId\\": \\"7021b6ec-4be7-4d3c-8a68-1e85d4d515a0\\",\\n \\"Plaintext\\": \\"QmFzZTY0IGVuY29kZWQgcGxhaW50****\\",\\n \\"CiphertextForRecipient\\": \\"NIahY6pgjK4ZMP2R0EmsmBqntrv0AI2rcDyU7Su6uOT9Le7EOvlCpjHJfr9z3M0vkfulQoyuETmKSpYDfixE3auE4MwxloT6D9Gfsk6hm5FV2iAxL//Ms2kLv6K4z6yGi7lKm2yjX4***==\\"\\n}","errorExample":""},{"type":"xml","example":"<GenerateDataKeyResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>key-hzz630494463ejqjx****</KeyId>\\n <CiphertextBlob>ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****</CiphertextBlob>\\n <RequestId>7021b6ec-4be7-4d3c-8a68-1e85d4d515a0</RequestId>\\n <Plaintext>QmFzZTY0IGVuY29kZWQgcGxhaW50****</Plaintext>\\n</GenerateDataKeyResponse>","errorExample":""}]', + 'title' => 'GenerateDataKey', + 'description' => 'This operation creates a random data key, encrypts the data key by using the specified customer master key (CMK), and returns the plaintext and ciphertext of the data key. You can use the plaintext of the data key to locally encrypt your data without using KMS and store the encrypted data together with the ciphertext of the data key. You can obtain the plaintext of the data key from the Plaintext parameter in the response and the ciphertext of the data key from the CiphertextBlob parameter in the response.'."\n" + ."\n" + .'The CMK that you specify in the request of this operation is only used to encrypt the data key and is not involved in the generation of the data key. KMS does not record or store the generated data key. Therefore, you need to store the ciphertext of the data key in persistent storage.'."\n" + ."\n" + .'We recommend that you locally encrypt data by performing the following steps:'."\n" + ."\n" + .'1\\. Call the GenerateDataKey operation.'."\n" + ."\n" + .'2\\. Use the plaintext of the data key that you obtain to locally encrypt data without using KMS. Then, delete the plaintext of the data key from the memory.'."\n" + ."\n" + .'3\\. Store the encrypted data together with the ciphertext of the data key that you obtain.'."\n" + ."\n" + .'We recommend that you locally decrypt data by performing the following steps:'."\n" + ."\n" + .'* Call the [Decrypt](~~28950~~) operation to decrypt the locally stored ciphertext of the data key. The plaintext of data key is then returned.'."\n" + .'* Use the plaintext of the data key to locally decrypt data and then delete the plaintext of the data key from the memory.'."\n" + ."\n" + .'In this example, a random data key is generated for the CMK whose ID is `7906979c-8e06-46a2-be2d-68e3ccbc****`.'."\n", + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'GenerateAndExportDataKey' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54569', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The globally unique ID of the CMK. You can also set this parameter to an alias that is bound to the CMK. For more information, see [Use aliases](~~68522~~).'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + ], + ], + [ + 'name' => 'KeySpec', + 'in' => 'query', + 'schema' => [ + 'description' => 'The length of the data key that you want to generate. Valid values:'."\n" + ."\n" + .'* AES\\_256: a 256-bit symmetric key'."\n" + .'* AES\\_128: a 128-bit symmetric key'."\n" + ."\n" + .'> We recommend that you use the KeySpec or NumberOfBytes parameter to specify the length of a data key. If both parameters are not specified, KMS generates a 256-bit data key. If both parameters are specified, KMS ignores the KeySpec parameter.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'AES_256', + 'enum' => [ + 'AES_256', + ' AES_128', + ], + ], + ], + [ + 'name' => 'NumberOfBytes', + 'in' => 'query', + 'schema' => [ + 'description' => 'The length of the data key that you want to generate.'."\n" + ."\n" + .'Valid values: 1 to 1024.'."\n" + ."\n" + .'Unit: bytes.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'maximum' => '1024', + 'minimum' => '0', + 'example' => '32', + ], + ], + [ + 'name' => 'EncryptionContext', + 'in' => 'query', + 'style' => 'json', + 'schema' => [ + 'description' => 'A JSON string of key-value pairs. If you specify this parameter here, an equivalent value is required when you decrypt or re-encrypt the data key. For more information, see [EncryptionContext](~~42975~~).'."\n", + 'type' => 'object', + 'required' => false, + 'example' => '{"Example":"Example"}', + ], + ], + [ + 'name' => 'PublicKeyBlob', + 'in' => 'query', + 'schema' => [ + 'description' => 'A Base64-encoded public key.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndKfC2ReLL2+y8a0+ZBBeAft/uBYo86GZiYJuflqgUzKxpyuvlo3uQkBv6b+nx+0tz8g8v7GhpPWMSW5L9mNHYsvYFsa7jTxsYdt17yj6GlUHPuMIs8hr5qbwl38IHU1iIa7nYWwE2fb3ePOvLDACRJVgGpU0yxioW80d2QD+9aU4jF5dlAahcfgsNzo2CXzCUc1+xbmNuq7Rp+H9VJB9dyYOwqnW3RhOLBo21FzpORapf0UiRlrHRpk1V6ez+aE1dofaYh/9bh0m6ioxj7j5hpZbWccuEZTMBKd+cbuBkRhJzc6Tti6qwZbDiu4fUwbZS0Tqpuo1UadiyxMW********', + ], + ], + [ + 'name' => 'WrappingKeySpec', + 'in' => 'query', + 'schema' => [ + 'description' => 'The key type of the public key specified by PublicKeyBlob. For more information about key types, see [Introduction to asymmetric keys](~~148147~~).'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'* RSA\\_2048'."\n" + .'* EC_SM2'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'RSA_2048', + ], + ], + [ + 'name' => 'WrappingAlgorithm', + 'in' => 'query', + 'schema' => [ + 'description' => 'The encryption algorithm based on which you want to use the public key specified by PublicKeyBlob to encrypt the data key. For more information about encryption algorithms, see [AsymmetricDecrypt](~~148130~~).'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'* RSAES_OAEP_SHA\\_256'."\n" + .'* RSAES_OAEP_SHA\\_1'."\n" + .'* SM2PKE'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'RSAES_OAEP_SHA_256', + ], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => [ + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'KeyVersionId' => [ + 'description' => 'The ID of the CMK version that is used to encrypt the plaintext. It is the primary version of the CMK.'."\n", + 'type' => 'string', + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + 'KeyId' => [ + 'description' => 'The globally unique ID of the CMK.'."\n" + ."\n" + .'> If you set the KeyId parameter to an alias, the ID of the CMK to which the alias is bound is returned.'."\n", + 'type' => 'string', + 'example' => '599fa825-17de-417e-9554-bb032cc6****', + ], + 'CiphertextBlob' => [ + 'description' => 'The ciphertext of the data key encrypted by using the primary CMK version.'."\n", + 'type' => 'string', + 'example' => 'ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****', + ], + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => '7021b6ec-4be7-4d3c-8a68-1e85d4d515a0', + ], + 'ExportedDataKey' => [ + 'description' => 'The data key encrypted by using the public key and then exported.'."\n", + 'type' => 'string', + 'example' => 'BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVs*******', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalFailure', + 'errorMessage' => 'InternalFailure', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"599fa825-17de-417e-9554-bb032cc6****\\",\\n \\"CiphertextBlob\\": \\"ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****\\",\\n \\"RequestId\\": \\"7021b6ec-4be7-4d3c-8a68-1e85d4d515a0\\",\\n \\"ExportedDataKey\\": \\"BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVs*******\\"\\n}","errorExample":""},{"type":"xml","example":"<GenerateAndExportDataKeyResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>599fa825-17de-417e-9554-bb032cc6****</KeyId>\\n <CiphertextBlob>ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****</CiphertextBlob>\\n <RequestId>7021b6ec-4be7-4d3c-8a68-1e85d4d515a0</RequestId>\\n <ExportedDataKey>BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVs*******</ExportedDataKey>\\n</GenerateAndExportDataKeyResponse>","errorExample":""}]', + 'title' => 'GenerateAndExportDataKey', + 'summary' => 'Randomly generates a data key and uses a key and a public key to encrypt the data key. This operation returns both the data key ciphertext that is encrypted by using the key and the data key ciphertext that is encrypted by using the public key.', + 'description' => 'We recommend that you perform the following steps to import your data key to a cryptographic module:'."\n" + ."\n" + .'* Call the GenerateAndExportDataKey operation to generate a data key and obtain both the ciphertext of the data key encrypted by using the CMK and that encrypted by using the public key.'."\n" + .'* Store the ciphertext of the data key encrypted by using the CMK in KMS Secrets Manager or in a storage service such as ApsaraDB. This ciphertext is used for backup and restoration.'."\n" + .'* Import the ciphertext of the data key encrypted by using the public key to the cryptographic module where the private key is stored. Then, you can use the data key to encrypt or decrypt data.'."\n" + ."\n" + .'> The CMK that you specify in the request of this operation is only used to encrypt the data key and is not involved in the generation of the data key. KMS does not record or store the data keys randomly generated by calling this operation. You must take note of the data keys and the returned ciphertext.'."\n", + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'Encrypt' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54566', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The globally unique ID of the CMK. You can also set this parameter to an alias that is bound to the CMK. For more information, see [Use aliases](~~68522~~).'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + ], + ], + [ + 'name' => 'Plaintext', + 'in' => 'query', + 'schema' => [ + 'description' => 'The plaintext to be encrypted. The plaintext must be Base64 encoded.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'SGVsbG8gd29y****', + ], + ], + [ + 'name' => 'EncryptionContext', + 'in' => 'query', + 'style' => 'json', + 'schema' => [ + 'description' => 'A JSON string that consists of key-value pairs. If you specify this parameter, an equivalent value is required when you call the Decrypt operation. For more information, see [EncryptionContext](~~42975~~).'."\n", + 'type' => 'object', + 'required' => false, + 'example' => '{"Example":"Example"}', + ], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => [ + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'KeyVersionId' => [ + 'description' => 'The ID of the key version that is used to encrypt the plaintext. It is the primary version of the CMK.'."\n", + 'type' => 'string', + 'example' => '86a9efd9-3d16-4894-bd4f-1fc43f3f****', + ], + 'KeyId' => [ + 'description' => 'The globally unique ID of the CMK. If you set the KeyId parameter to an alias, the ID of the CMK to which the alias is bound is returned.'."\n", + 'type' => 'string', + 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + ], + 'CiphertextBlob' => [ + 'description' => 'The ciphertext of the data that is encrypted by using the primary CMK version.'."\n", + 'type' => 'string', + 'example' => 'DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****', + ], + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is invalid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + [ + 'errorCode' => 'Forbidden.AliasNotFound', + 'errorMessage' => 'The specified Alias is not found.', + ], + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"86a9efd9-3d16-4894-bd4f-1fc43f3f****\\",\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"CiphertextBlob\\": \\"DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****\\",\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\"\\n}","errorExample":""},{"type":"xml","example":"<EncryptResponse>\\n <KeyVersionId>86a9efd9-3d16-4894-bd4f-1fc43f3f****</KeyVersionId>\\n <KeyId>key-hzz630494463ejqjx****</KeyId>\\n <CiphertextBlob>DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****</CiphertextBlob>\\n <RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>\\n</EncryptResponse>","errorExample":""}]', + 'title' => 'Encrypt', + 'summary' => 'Encrypts plaintext by using a symmetric key.', + 'description' => '* KMS uses the primary version of a specified CMK to encrypt data.'."\n" + .'* Only data of 6 KB or less can be encrypted. For example, you can call this operation to encrypt RSA keys, database access passwords, or other sensitive information.'."\n" + .'* When you migrate encrypted data across regions, you can call this operation in the destination region to encrypt the plaintext of the data key that is used to encrypt the migrated data in the source region. This way, the ciphertext of the data key is generated in the destination region. You can also call the [Decrypt](~~28950~~) operation to decrypt the data key.'."\n", + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'Decrypt' => [ + 'summary' => 'Decrypts the ciphertext that is specified by using CiphertextBlob.', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54550', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + ], + 'parameters' => [ + [ + 'name' => 'CiphertextBlob', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ciphertext that you want to decrypt.'."\n" + ."\n" + .'You can generate the ciphertext by calling the following operations:'."\n" + ."\n" + .'* [GenerateDataKey](~~28948~~)'."\n" + .'* [Encrypt](~~28949~~)'."\n" + .'* [GenerateDataKeyWithoutPlaintext](~~134043~~)'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****', + ], + ], + [ + 'name' => 'EncryptionContext', + 'in' => 'query', + 'style' => 'json', + 'schema' => [ + 'description' => 'The JSON string that consists of key-value pairs.'."\n" + ."\n" + .'> If you specify the EncryptionContext parameter when you call the [GenerateDataKey](~~28948~~), [Encrypt](~~28949~~), or [GenerateDataKeyWithoutPlaintext](~~134043~~) operation, you must specify the same context when you call the Decrypt operation. For more information, see [EncryptionContext](~~42975~~).'."\n", + 'type' => 'object', + 'required' => false, + 'example' => '{"Example":"Example"}', + ], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => [ + 'type' => 'string', + ], + ], + [ + 'name' => 'Recipient', + 'in' => 'query', + 'schema' => [ + 'title' => '类型: String'."\n" + .'格式如下:'."\n" + .'{'."\n" + .'"AttestationDocument":"base64-encoded-attestion-document", '."\n" + .'"KeyEncryptionAlgorithm":"RSAES_OAEP_SHA_256"'."\n" + .'}'."\n" + .'AttestationDocument结构定义'."\n" + .'{'."\n" + .' "quoted": "AI//VENHgBgAIgALaTMPawflAbjXzXCp*******",'."\n" + .' "extendUserData": "base64-encoded-extend-user-data",'."\n" + .' "signature": "ABQACwEApJrELtCW/lwoCKgVMClx9F*******",'."\n" + .' "pcrInfo": {'."\n" + .' "pcrValues": "AAAAGAAgi2emNLLevC3zHzEUs69I3W******",'."\n" + .' "pcrSelectionOut": "AAAAAQALA////w==",'."\n" + .' "pcrUpdateCounter": 201'."\n" + .' },'."\n" + .' "cert": "MIIE3DCCA8SgAwIBAgIBBzANBgkqhkiG9w0BA*******"'."\n" + .'}'."\n" + .'extendUserData中用户数据格式如下:'."\n" + .'{'."\n" + .' "aud": "kms", // 固定值'."\n" + .' "iat": unix-timestamp, //秒级'."\n" + .' "exp": unix-timestamp, //秒级'."\n" + .' "pubKey": "Base64 encoded SPKI, supports RSA2048"'."\n" + .' "digestAlg":"sha256", //当前仅支持sha256'."\n" + .' "ver":"v1" //当前仅支持v1'."\n" + .'}'."\n" + .'仅在调用专属网关的openapi时生效', + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'KeyVersionId' => [ + 'description' => 'The ID of the CMK version that is used to decrypt the ciphertext.'."\n", + 'type' => 'string', + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + 'KeyId' => [ + 'description' => 'The ID of the customer master key (CMK) that is used to decrypt the ciphertext.'."\n" + ."\n" + .'It is the GUID of the CMK.'."\n", + 'type' => 'string', + 'example' => '202b9877-5a25-46e3-a763-e20791b5****', + ], + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => '207596a2-36d3-4840-b1bd-f87044699bd7', + ], + 'Plaintext' => [ + 'description' => 'The plaintext that is generated after decryption.'."\n", + 'type' => 'string', + 'example' => 'tRYXuCwgja12xxO1N/gZERDDCLw9doZEQiPDk/Bv****', + ], + 'CiphertextForRecipient' => [ + 'title' => '当传递Recipient时, 使用Recipient中的公钥加密明文数据密钥,采用Base64进行编码'."\n" + .'公钥是extendUserData中的pubkey'."\n" + .'仅在调用实例网关的openapi时生效', + 'type' => 'string', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'UnsupportedOperation', + 'errorMessage' => 'This action is not supported.', + ], + ], + 404 => [ + [ + 'errorCode' => 'Forbidden.AliasNotFound', + 'errorMessage' => 'The specified Alias is not found.', + ], + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + ], + 409 => [ + [ + 'errorCode' => 'Rejected.Disabled', + 'errorMessage' => 'The request was rejected because the key state is Disabled.', + ], + [ + 'errorCode' => 'Rejected.PendingDeletion', + 'errorMessage' => 'The request was rejected because the key state is PendingDeletion.', + ], + [ + 'errorCode' => 'Rejected.Unavailable', + 'errorMessage' => 'The request was rejected because the key state is Unavailable.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"202b9877-5a25-46e3-a763-e20791b5****\\",\\n \\"RequestId\\": \\"207596a2-36d3-4840-b1bd-f87044699bd7\\",\\n \\"Plaintext\\": \\"tRYXuCwgja12xxO1N/gZERDDCLw9doZEQiPDk/Bv****\\",\\n \\"CiphertextForRecipient\\": \\"NIahY6pgjK4ZMP2R0EmsmBqntrv0AI2rcDyU7Su6uOT9Le7EOvlCpjHJfr9z3M0vkfulQoyuETmKSpYDfixE3auE4MwxloT6D9Gfsk6hm5FV2iAxL//Ms2kLv6K4z6yGi7lKm2yjX4***==\\\\n\\"\\n}","errorExample":""},{"type":"xml","example":"<DecryptResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>202b9877-5a25-46e3-a763-e20791b5****</KeyId>\\n <RequestId>207596a2-36d3-4840-b1bd-f87044699bd7</RequestId>\\n <Plaintext>tRYXuCwgja12xxO1N/gZERDDCLw9doZEQiPDk/Bv****</Plaintext>\\n</DecryptResponse>","errorExample":""}]', + 'title' => 'Decrypt', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'ReEncrypt' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54598', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + ], + 'parameters' => [ + [ + 'name' => 'CiphertextBlob', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ciphertext that you want to re-encrypt.'."\n" + ."\n" + .'You can set this parameter to the ciphertext that is returned after a symmetric or asymmetric encryption operation.'."\n" + ."\n" + .'* Symmetric encryption: the ciphertext returned after you call the [Encrypt](~~28949~~), [GenerateDataKey](~~28948~~), [GenerateDataKeyWithoutPlaintext](~~134043~~), or [GenerateAndExportDataKey](~~176804~~) operation'."\n" + .'* Asymmetric encryption: the public key-encrypted ciphertext returned after you call the [GenerateAndExportDataKey](~~176804~~) operation, or the ciphertext encrypted by using the public key of an asymmetric key pair outside KMS'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901q********', + ], + ], + [ + 'name' => 'SourceKeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the CMK that is used to decrypt the ciphertext.'."\n" + ."\n" + .'This parameter is the globally unique ID of the CMK.'."\n" + ."\n" + .'> If you set CiphertextBlob to the public key-encrypted ciphertext that is returned after an asymmetric encryption operation, specify this parameter.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', + ], + ], + [ + 'name' => 'SourceKeyVersionId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the CMK version that is used to decrypt the ciphertext.'."\n" + ."\n" + .'> If you set CiphertextBlob to the public key-encrypted ciphertext that is returned after an asymmetric encryption operation, specify this parameter.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + ], + [ + 'name' => 'SourceEncryptionAlgorithm', + 'in' => 'query', + 'schema' => [ + 'description' => 'The encryption algorithm based on which the public key is used to encrypt the ciphertext specified by CiphertextBlob. For more information about encryption algorithms, see [AsymmetricDecrypt](~~148130~~).'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'* RSAES_OAEP_SHA\\_256'."\n" + .'* RSAES_OAEP_SHA\\_1'."\n" + .'* SM2PKE'."\n" + ."\n" + .'> If you set CiphertextBlob to the public key-encrypted ciphertext that is returned after an asymmetric encryption operation, specify this parameter.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'RSAES_OAEP_SHA_256', + ], + ], + [ + 'name' => 'SourceEncryptionContext', + 'in' => 'query', + 'style' => 'json', + 'schema' => [ + 'description' => 'A JSON string that consists of key-value pairs. If you specify EncryptionContext when you call the [Encrypt](~~28949~~), [GenerateDataKey](~~28948~~), [GenerateDataKeyWithoutPlaintext](~~134043~~), or [GenerateAndExportDataKey](~~176804~~) operation to encrypt the data or data key, an equivalent value is required here. For more information, see [EncryptionContext](~~42975~~).'."\n" + ."\n" + .'> If you set CiphertextBlob to the ciphertext that is returned after a symmetric encryption operation, specify this parameter.'."\n", + 'type' => 'object', + 'required' => false, + 'example' => '{"Example":"Example"}', + ], + ], + [ + 'name' => 'DestinationKeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the symmetric CMK that is used to re-encrypt the ciphertext after the ciphertext is decrypted.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + ], + ], + [ + 'name' => 'DestinationEncryptionContext', + 'in' => 'query', + 'style' => 'json', + 'schema' => [ + 'description' => 'A JSON string that consists of key-value pairs. This parameter specifies the EncryptionContext that is used to re-encrypt the decrypted data or data key.'."\n", + 'type' => 'object', + 'required' => false, + 'example' => '{"Example":"Example"}', + ], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => [ + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'KeyId' => [ + 'description' => 'The ID of the CMK that is used to decrypt the original ciphertext.'."\n" + ."\n" + .'This parameter is the globally unique ID of the CMK.'."\n", + 'type' => 'string', + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + 'KeyVersionId' => [ + 'description' => 'The ID of the CMK version that is used to decrypt the original ciphertext.'."\n", + 'type' => 'string', + 'example' => '202b9877-5a25-46e3-a763-e20791b5****', + ], + 'CiphertextBlob' => [ + 'description' => 'The ciphertext re-encrypted.'."\n", + 'type' => 'string', + 'example' => 'DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****', + ], + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => '207596a2-36d3-4840-b1bd-f87044699bd7', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalFailure', + 'errorMessage' => 'Internal Failure.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyVersionId\\": \\"202b9877-5a25-46e3-a763-e20791b5****\\",\\n \\"CiphertextBlob\\": \\"DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****\\",\\n \\"RequestId\\": \\"207596a2-36d3-4840-b1bd-f87044699bd7\\"\\n}","errorExample":""},{"type":"xml","example":"<ReEncryptResponse>\\n <KeyId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyId>\\n <KeyVersionId>202b9877-5a25-46e3-a763-e20791b5****</KeyVersionId>\\n <CiphertextBlob>DZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmaaSl+TztSIMe43nbTH/Z1Wr4XfLftKhAciUmDQXuMRl4WTvKhxjMThjK****</CiphertextBlob>\\n <RequestId>207596a2-36d3-4840-b1bd-f87044699bd7</RequestId>\\n</ReEncryptResponse>","errorExample":""}]', + 'title' => 'ReEncrypt', + 'summary' => 'Re-encrypts ciphertext. When you call this operation, Key Management Service (KMS) decrypts the ciphertext, uses a different key to re-encrypt the generated plaintext or data key, and then returns the new ciphertext.', + 'description' => 'You can call this operation in the following scenarios:'."\n" + ."\n" + .'* After the CMK that was used to encrypt your data is rotated, you can call this operation to use the latest CMK version to re-encrypt the data. For more information about automatic key rotation, see [Configure automatic key rotation](~~134270~~).'."\n" + .'* The CMK that was used to encrypt your data remains unchanged, but EncryptionContext is changed. In this scenario, you can call this operation to re-encrypt the data.'."\n" + .'* You can call this operation to use a CMK in KMS to re-encrypt data or a data key that was previously encrypted by a different CMK.'."\n" + ."\n" + .'To use the ReEncrypt operation, you must have two permissions:'."\n" + ."\n" + .'* kms:ReEncryptFrom on the source CMK'."\n" + .'* kms:ReEncryptTo on the destination CMK'."\n" + .'* For simplicity, you can specify kms:ReEncrypt\\* to allow both of the preceding permissions.'."\n", + 'requestParamsDescription' => ' '."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'ExportDataKey' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54568', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + ], + 'parameters' => [ + [ + 'name' => 'CiphertextBlob', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ciphertext of the data key encrypted by using a CMK.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901q********', + ], + ], + [ + 'name' => 'EncryptionContext', + 'in' => 'query', + 'style' => 'json', + 'schema' => [ + 'description' => 'A JSON string that consists of key-value pairs. If you specify this parameter when you use a CMK to encrypt the data key, an equivalent value is required here. For more information, see [EncryptionContext](~~42975~~).'."\n", + 'type' => 'object', + 'required' => false, + 'example' => '{"Example":"Example"}', + ], + ], + [ + 'name' => 'PublicKeyBlob', + 'in' => 'query', + 'schema' => [ + 'description' => 'A Base64-encoded public key.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndKfC2ReLL2+y8a0+ZBBeAft/uBYo86GZiYJuflqgUzKxpyuvlo3uQkBv6b+nx+0tz8g8v7GhpPWMSW5L9mNHYsvYFsa7jTxsYdt17yj6GlUHPuMIs8hr5qbwl38IHU1iIa7nYWwE2fb3ePOvLDACRJVgGpU0yxioW80d2QD+9aU4jF5dlAahcfgsNzo2CXzCUc1+xbmNuq7Rp+H9VJB9dyYOwqnW3RhOLBo21FzpORapf0UiRlrHRpk1V6ez+aE1dofaYh/9bh0m6ioxj7j5hpZbWccuEZTMBKd+cbuBkRhJzc6Tti6qwZbDiu4fUwbZS0Tqpuo1UadiyxMW********', + ], + ], + [ + 'name' => 'WrappingKeySpec', + 'in' => 'query', + 'schema' => [ + 'description' => 'The key type of the public key specified by PublicKeyBlob. For more information about key types, see [Introduction to asymmetric keys](~~148147~~).'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'* RSA\\_2048'."\n" + .'* EC_SM2'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'RSA_2048', + ], + ], + [ + 'name' => 'WrappingAlgorithm', + 'in' => 'query', + 'schema' => [ + 'description' => 'The encryption algorithm based on which you want to use the public key specified by PublicKeyBlob to encrypt the data key. For more information about encryption algorithms, see [AsymmetricDecrypt](~~148130~~).'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'* RSAES_OAEP_SHA\\_256'."\n" + .'* RSAES_OAEP_SHA\\_1'."\n" + .'* SM2PKE'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'RSAES_OAEP_SHA_256', + ], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => [ + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'KeyVersionId' => [ + 'description' => 'The ID of the CMK version that is used to decrypt the specified ciphertext of the data key.'."\n", + 'type' => 'string', + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + 'KeyId' => [ + 'description' => 'The ID of the CMK that is used to decrypt the specified ciphertext of the data key.'."\n" + ."\n" + .'This parameter is the globally unique ID of the CMK.'."\n", + 'type' => 'string', + 'example' => '202b9877-5a25-46e3-a763-e20791b5****', + ], + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => '4bd560a1-729e-45f1-a3d9-b2a33d61046b', + ], + 'ExportedDataKey' => [ + 'description' => 'The data key encrypted by using the public key and then exported.'."\n", + 'type' => 'string', + 'example' => 'BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVs*******', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalFailure', + 'errorMessage' => 'Internal Failure.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"202b9877-5a25-46e3-a763-e20791b5****\\",\\n \\"RequestId\\": \\"4bd560a1-729e-45f1-a3d9-b2a33d61046b\\",\\n \\"ExportedDataKey\\": \\"BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVs*******\\"\\n}","errorExample":""},{"type":"xml","example":"<ExportDataKeyResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>202b9877-5a25-46e3-a763-e20791b5****</KeyId>\\n <RequestId>4bd560a1-729e-45f1-a3d9-b2a33d61046b</RequestId>\\n <ExportedDataKey>BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVs*******</ExportedDataKey>\\n</ExportDataKeyResponse>","errorExample":""}]', + 'title' => 'ExportDataKey', + 'summary' => 'Encrypts and exports a data key by using a public key.', + 'description' => 'You can call the [GenerateDataKeyWithoutPlaintext](~~134043~~) operation to generate a data key, which is encrypted by a CMK. If you want to distribute the data key to other regions or cryptographic modules, you can call the ExportDataKey operation to use a public key to encrypt the data key.'."\n" + ."\n" + .'Then, you can import the ciphertext of the data key to the cryptographic module where the private key is stored. This way, the data key is securely distributed from KMS to the cryptographic module. After the data key is imported to the cryptographic module, you can use it to encrypt or decrypt data.'."\n", + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'GenerateDataKeyWithoutPlaintext' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54571', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The globally unique ID of the CMK. You can also set this parameter to an alias that is bound to the CMK. For more information, see Use aliases.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + ], + ], + [ + 'name' => 'KeySpec', + 'in' => 'query', + 'schema' => [ + 'description' => 'The length of the data key that you want to generate. Valid values:'."\n" + ."\n" + .'* AES\\_256: 256-bit symmetric key'."\n" + .'* AES\\_128: 128-bit symmetric key'."\n" + ."\n" + .'> We recommend that you use the KeySpec or NumberOfBytes parameter to specify the length of a data key. If both of them are not specified, KMS generates a 256-bit data key. If both of them are specified, KMS ignores the KeySpec parameter.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'AES_256', + 'enum' => [ + 'AES_256', + ' AES_128', + ], + ], + ], + [ + 'name' => 'NumberOfBytes', + 'in' => 'query', + 'schema' => [ + 'description' => 'The length of the data key that you want to generate.'."\n" + ."\n" + .'Valid values: 1 to 1024.'."\n" + ."\n" + .'Unit: bytes.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'maximum' => '1024', + 'minimum' => '0', + 'example' => '256', + ], + ], + [ + 'name' => 'EncryptionContext', + 'in' => 'query', + 'style' => 'json', + 'schema' => [ + 'description' => 'A JSON string that consists of key-value pairs. If you specify this parameter, an equivalent value is required when you call the Decrypt operation. For more information, see [EncryptionContext](~~42975~~).'."\n", + 'type' => 'object', + 'required' => false, + 'example' => '{"Example":"Example"}', + ], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => [ + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'KeyVersionId' => [ + 'description' => 'The ID of the key version that is used to encrypt the plaintext. It is the primary version of the CMK.'."\n", + 'type' => 'string', + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + 'KeyId' => [ + 'description' => 'The globally unique ID of the CMK.'."\n" + ."\n" + .'> If you set the KeyId parameter to an alias, the ID of the CMK to which the alias is bound is returned.'."\n", + 'type' => 'string', + 'example' => '599fa825-17de-417e-9554-bb032cc6****', + ], + 'CiphertextBlob' => [ + 'description' => 'The ciphertext of the data that is encrypted by using the primary CMK version.'."\n", + 'type' => 'string', + 'example' => 'ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****', + ], + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => '7021b6ec-4be7-4d3c-8a68-1e85d4d515a0', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"599fa825-17de-417e-9554-bb032cc6****\\",\\n \\"CiphertextBlob\\": \\"ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****\\",\\n \\"RequestId\\": \\"7021b6ec-4be7-4d3c-8a68-1e85d4d515a0\\"\\n}","errorExample":""},{"type":"xml","example":"<GenerateDataKeyWithoutPlaintextResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>599fa825-17de-417e-9554-bb032cc6****</KeyId>\\n <CiphertextBlob>ODZhOWVmZDktM2QxNi00ODk0LWJkNGYtMWZjNDNmM2YyYWJmS7FmDBBQ0BkKsQrtRnidtPwirmDcS0ZuJCU41xxAAWk4Z8qsADfbV0b+i6kQmlvj79dJdGOvtX69Uycs901qOjop4bTS****</CiphertextBlob>\\n <RequestId>7021b6ec-4be7-4d3c-8a68-1e85d4d515a0</RequestId>\\n</GenerateDataKeyWithoutPlaintextResponse>","errorExample":""}]', + 'title' => 'GenerateDataKeyWithoutPlaintext', + 'summary' => 'Generates a random data key, which can be used to encrypt local data.', + 'description' => 'This operation creates a random data key, encrypts the data key by using a specific symmetric CMK, and returns the ciphertext of the data key. This operation serves the same purpose as the [GenerateDataKey](~~28948~~) operation. The only difference is that this operation does not return the plaintext of the data key.'."\n" + ."\n" + .'The CMK that you specify in the request of this operation is only used to encrypt the data key and is not involved in the generation of the data key. KMS does not record or store the generated data key.'."\n" + ."\n" + .'> * This operation applies to the scenario when you do not need to use the data key to immediately encrypt data. Before you can use the data key to encrypt data, you must call the [Decrypt](~~28950~~) operation to decrypt the ciphertext of the data key.'."\n" + .'> * This operation is also suitable for a distributed system with different trust levels. For example, a system stores data in different partitions based on a preset trust policy. A module creates different partitions and generates different data keys for each partition in advance. This module is not involved in data production and consumption after it completes initialization of the control plane. This module is the key provider. When producing and consuming data, modules on the control plane obtain the ciphertext of the data key for a partition first. After decrypting the ciphertext of the data key, modules on the control plane use the plaintext of the data key to encrypt or decrypt data and then clear the plaintext of the data key from the memory. In such a system, the key provider does not need to obtain the plaintext of the data key. It only needs to have the permissions to call the GenerateDataKeyWithoutPlaintext operation. The data producers or consumers do not need to generate new data keys. They only need to have the permissions to call the Decrypt operation.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'AsymmetricSign' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54536', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The operation that you want to perform. Set the value to **AsymmetricSign**.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', + ], + ], + [ + 'name' => 'KeyVersionId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the customer master key (CMK). The ID must be globally unique.'."\n" + ."\n" + .'> You can also set this parameter to an alias that is bound to the CMK. For more information, see [Alias overview](~~68522~~).'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + ], + [ + 'name' => 'Algorithm', + 'in' => 'query', + 'schema' => [ + 'description' => 'The version ID of the CMK. The ID must be globally unique.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'RSA_PSS_SHA_256', + ], + ], + [ + 'name' => 'Digest', + 'in' => 'query', + 'schema' => [ + 'description' => 'The signature algorithm.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiu****=', + ], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => [ + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'KeyVersionId' => [ + 'description' => 'The digest that is generated for the original message by using a hash algorithm. The hash algorithm is specified by the Algorithm parameter.'."\n" + ."\n" + .'> * The value is encoded in Base64.'."\n" + .'> * For more information about how to calculate message digests, see the **Preprocess signature: compute a message digest** section of the [Generate and verify a signature by using an asymmetric CMK](~~148146~~) topic.', + 'type' => 'string', + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + 'KeyId' => [ + 'description' => 'The version ID of the CMK. The ID must be globally unique.'."\n", + 'type' => 'string', + 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', + ], + 'Value' => [ + 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" + ."\n" + .'> If you set the KeyId parameter in the request to an alias, the ID of the CMK to which the alias is bound is returned.'."\n", + 'type' => 'string', + 'example' => 'M2CceNZH00ZgL9ED/ZHFp21YRAvYeZHknJUc207OCZ0N9wNn9As4z2bON3FF3je+1Nu+2+/8Zj50HpMTpzYpMp2R93cYmACCmhaYoKydxylbyGzJR8y9likZRCrkD38lRoS40aBBvv/6iRKzQuo9EGYVcel36cMNg00VmYNBy3pa1rwg3gA4l3cy6kjayZja1WGPkVhrVKsrJMdbpl0ApLjXKuD8rw1n1XLCwCUEL5eLPljTZaAveqdOFQOiZnZEGI27qIiZe7I1fN8tcz6anS/gTM7xRKE++5egEvRWlTQQTJeApnPSiUPA+8ZykNdelQsOQh5SrGoyI4A5pq****==', + ], + 'RequestId' => [ + 'description' => 'The calculated signature.'."\n" + ."\n" + .'> The value is encoded in Base64.'."\n", + 'type' => 'string', + 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + [ + 'errorCode' => 'Forbidden.AliasNotFound', + 'errorMessage' => 'The specified Alias is not found.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"5c438b18-05be-40ad-b6c2-3be6752c****\\",\\n \\"Value\\": \\"M2CceNZH00ZgL9ED/ZHFp21YRAvYeZHknJUc207OCZ0N9wNn9As4z2bON3FF3je+1Nu+2+/8Zj50HpMTpzYpMp2R93cYmACCmhaYoKydxylbyGzJR8y9likZRCrkD38lRoS40aBBvv/6iRKzQuo9EGYVcel36cMNg00VmYNBy3pa1rwg3gA4l3cy6kjayZja1WGPkVhrVKsrJMdbpl0ApLjXKuD8rw1n1XLCwCUEL5eLPljTZaAveqdOFQOiZnZEGI27qIiZe7I1fN8tcz6anS/gTM7xRKE++5egEvRWlTQQTJeApnPSiUPA+8ZykNdelQsOQh5SrGoyI4A5pq****==\\",\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\"\\n}","errorExample":""},{"type":"xml","example":"<AsymmetricSignResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>5c438b18-05be-40ad-b6c2-3be6752c****</KeyId>\\n <Value>M2CceNZH00ZgL9ED/ZHFp21YRAvYeZHknJUc207OCZ0N9wNn9As4z2bON3FF3je+1Nu+2+/8Zj50HpMTpzYpMp2R93cYmACCmhaYoKydxylbyGzJR8y9likZRCrkD38lRoS40aBBvv/6iRKzQuo9EGYVcel36cMNg00VmYNBy3pa1rwg3gA4l3cy6kjayZja1WGPkVhrVKsrJMdbpl0ApLjXKuD8rw1n1XLCwCUEL5eLPljTZaAveqdOFQOiZnZEGI27qIiZe7I1fN8tcz6anS/gTM7xRKE++5egEvRWlTQQTJeApnPSiUPA+8ZykNdelQsOQh5SrGoyI4A5pq****==</Value>\\n <RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>\\n</AsymmetricSignResponse>","errorExample":""}]', + 'title' => 'AsymmetricSign', + 'summary' => 'AsymmetricSign', + 'description' => 'Generates a signature by using an asymmetric key.', + 'requestParamsDescription' => 'This operation supports only asymmetric keys for which the **Usage** parameter is set to **SIGN/VERIFY**. The following table describes the supported signature algorithms. '."\n" + ."\n" + .'| KeySpec | Algorithm | Description |'."\n" + .'| ------- | --------- | ----------- |'."\n" + .'| RSA_2048 | RSA_PSS_SHA_256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |'."\n" + .'| RSA_2048 | RSA_PKCS1_SHA_256 | RSASSA-PKCS1-v1_5 using SHA-256 |'."\n" + .'| RSA_3072 | RSA_PSS_SHA_256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |'."\n" + .'| RSA_3072 | RSA_PKCS1_SHA_256 | RSASSA-PKCS1-v1_5 using SHA-256 |'."\n" + .'| EC_P256 | ECDSA_SHA_256 | ECDSA on the P-256 Curve(secp256r1) with a SHA-256 digest |'."\n" + .'| EC_P256K | ECDSA_SHA_256 | ECDSA on the P-256K Curve(secp256k1) with a SHA-256 digest |'."\n" + .'| EC_SM2 | SM2DSA | SM2 public key encryption algorithm based on elliptic curves cryptography (ECC) |'."\n" + .'> According to GB/T 32918.2 "Information security technology-Public key cryptographic algorithm SM2 based on elliptic curves-Part 2: Digital signature algorithm", when you calculate the SM2 signature, the **Digest** parameter is used to calculate the digest value of the combination of Z(A) and M, rather than the SM3 digest value. M indicates the original message to be signed. Z(A) indicates the hash value for User A. The hash value is defined in GB/T GB/T 32918.2. In this example, the asymmetric key whose ID is `5c438b18-05be-40ad-b6c2-3be6752c****` and version ID is `2ab1a983-7072-4bbc-a582-584b5bd8****` and the signature algorithm `RSA_PSS_SHA_256` are used to generate a signature for the digest `ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiuy****=`.', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'AsymmetricVerify' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54537', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" + ."\n" + .'> You can also set this parameter to an alias that is bound to the CMK. For more information, see [Overview of aliases](~~68522~~).'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', + ], + ], + [ + 'name' => 'KeyVersionId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The version ID of the CMK. The ID must be globally unique.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + ], + [ + 'name' => 'Algorithm', + 'in' => 'query', + 'schema' => [ + 'description' => 'The signature algorithm.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'RSA_PSS_SHA_256', + ], + ], + [ + 'name' => 'Digest', + 'in' => 'query', + 'schema' => [ + 'description' => 'The digest that is generated for the original message by using a hash algorithm. The hash algorithm is specified by the **Algorithm** parameter.'."\n" + ."\n" + .'> The value is encoded in Base64.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiuy****=', + ], + ], + [ + 'name' => 'Value', + 'in' => 'query', + 'schema' => [ + 'description' => 'The signature value to be verified.'."\n" + ."\n" + .'> The value is encoded in Base64.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'M2CceNZH00ZgL9ED/ZHFp21YRAvYeZHknJUc207OCZ0N9wNn9As4z2bON3FF3je+1Nu+2+/8Zj50HpMTpzYpMp2R93cYmACCmhaYoKydxylbyGzJR8y9likZRCrkD38lRoS40aBBvv/6iRKzQuo9EGYVcel36cMNg00VmYNBy3pa1rwg3gA4l3cy6kjayZja1WGPkVhrVKsrJMdbpl0ApLjXKuD8rw1n1XLCwCUEL5eLPljTZaAveqdOFQOiZnZEGI27qIiZe7I1fN8tcz6anS/gTM7xRKE++5egEvRWlTQQTJeApnPSiUPA+8ZykNdelQsOQh5SrGoyI4A5pq****==', + ], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => [ + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'KeyVersionId' => [ + 'description' => 'The version ID of the CMK that is used to encrypt the plaintext.'."\n", + 'type' => 'string', + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + 'KeyId' => [ + 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" + ."\n" + .'> If you set the KeyId parameter in the request to an alias, the ID of the CMK to which the alias is bound is returned.'."\n", + 'type' => 'string', + 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', + ], + 'Value' => [ + 'description' => 'Indicates whether the signature passed the verification.'."\n", + 'type' => 'boolean', + 'example' => 'true', + ], + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'Forbidden.AliasNotFound', + 'errorMessage' => 'The specified Alias is not found.', + ], + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"5c438b18-05be-40ad-b6c2-3be6752c****\\",\\n \\"Value\\": true,\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\"\\n}","errorExample":""},{"type":"xml","example":"<AsymmetricVerifyResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>5c438b18-05be-40ad-b6c2-3be6752c****</KeyId>\\n <Value>true</Value>\\n <RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>\\n</AsymmetricVerifyResponse>","errorExample":""}]', + 'title' => 'AsymmetricVerify', + 'summary' => 'Verifies a signature by using an asymmetric key.', + 'description' => 'This operation supports only asymmetric keys for which the **Usage** parameter is set to **SIGN/VERIFY**. The following table describes the supported signature algorithms. '."\n" + ."\n" + .'| KeySpec | Algorithm | Description |'."\n" + .'| ------- | --------- | ----------- |'."\n" + .'| RSA_2048 | RSA_PSS_SHA_256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |'."\n" + .'| RSA_2048 | RSA_PKCS1_SHA_256 | RSASSA-PKCS1-v1_5 using SHA-256 |'."\n" + .'| RSA_3072 | RSA_PSS_SHA_256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |'."\n" + .'| RSA_3072 | RSA_PKCS1_SHA_256 | RSASSA-PKCS1-v1_5 using SHA-256 |'."\n" + .'| EC_P256 | ECDSA_SHA_256 | ECDSA on the P-256 Curve(secp256r1) with a SHA-256 digest |'."\n" + .'| EC_P256K | ECDSA_SHA_256 | ECDSA on the P-256K Curve(secp256k1) with a SHA-256 digest |'."\n" + .'| EC_SM2 | SM2DSA | SM2 elliptic curve public key encryption algorithm |'."\n" + .'> When you calculate the SM2 signature based on GB/T 32918, the **Digest** parameter is used to calculate the digest value of the combination of Z(A) and M, rather than the SM3 digest value. M indicates the original message to be signed. Z(A) indicates the hash value for User A. The hash value is defined in GB/T 32918. In this example, the asymmetric key whose ID is `5c438b18-05be-40ad-b6c2-3be6752c****` and version ID is `2ab1a983-7072-4bbc-a582-584b5bd8****` and the signature algorithm RSA_PSS_SHA_256 are used to verify the signature `M2CceNZH00ZgL9ED/ZHFp21YRAvYeZHknJUc207OCZ0N9wNn9As4z2bON3FF3je+1Nu+2+/8Zj50HpMTpzYpMp2R93cYmACCmhaYoKydxylbyGzJR8y9likZRCrkD38lRoS40aBBvv/6iRKzQuo9EGYVcel36cMNg00VmYNBy3pa1rwg3gA4l3cy6kjayZja1WGPkVhrVKsrJMdbpl0ApLjXKuD8rw1n1XLCwCUEL5eLPljTZaAveqdOFQOiZnZEGI27qIiZe7I1fN8tcz6anS/gTM7xRKE++5egEvRWlTQQTJeApnPSiUPA+8ZykNdelQsOQh5SrGoyI4A5pq****==` of the digest `ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiuyjfzw=`.', + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'AsymmetricEncrypt' => [ + 'summary' => 'Encrypts data by using an asymmetric customer master key (CMK).', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54535', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + ], + 'parameters' => [ + [ + 'name' => 'Plaintext', + 'in' => 'query', + 'schema' => [ + 'description' => 'The plaintext that you want to encrypt. The plaintext must be Base64-encoded.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'SGVsbG8gd29ybGQ=', + ], + ], + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" + ."\n" + .'> You can also set this parameter to an alias that is bound to the CMK. For more information, see [Overview of aliases](~~68522~~).'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', + ], + ], + [ + 'name' => 'KeyVersionId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The version ID of the CMK. The ID must be globally unique.'."\n" + ."\n" + .'> You can call the [ListKeyVersions](~~133966~~) operation to query the versions of a CMK. The ID of a version is specified by the KeyVersionId parameter.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + ], + [ + 'name' => 'Algorithm', + 'in' => 'query', + 'schema' => [ + 'description' => 'The encryption algorithm.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'RSAES_OAEP_SHA_1', + ], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => [ + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'KeyVersionId' => [ + 'description' => 'The version ID of the CMK that is used to encrypt the plaintext.'."\n", + 'type' => 'string', + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + 'KeyId' => [ + 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" + ."\n" + .'> If you set the KeyId parameter in the request to an alias, the ID of the CMK to which the alias is bound is returned.'."\n", + 'type' => 'string', + 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', + ], + 'CiphertextBlob' => [ + 'description' => 'The Base64-encoded ciphertext that was generated after encryption.'."\n", + 'type' => 'string', + 'example' => 'BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVsv1Wbjwg==', + ], + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'Rejected.UnsupportedOperation', + 'errorMessage' => 'Unsupported operation.', + ], + ], + 404 => [ + [ + 'errorCode' => 'Forbidden.AliasNotFound', + 'errorMessage' => 'The specified Alias is not found.', + ], + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"CiphertextBlob\\": \\"BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVsv1Wbjwg==\\",\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\"\\n}","errorExample":""},{"type":"xml","example":"<AsymmetricEncryptResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>key-hzz630494463ejqjx****</KeyId>\\n <CiphertextBlob>BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVsv1Wbjwg==</CiphertextBlob>\\n <RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>\\n</AsymmetricEncryptResponse>","errorExample":""}]', + 'title' => 'AsymmetricEncrypt', + 'description' => 'This operation is supported only for asymmetric keys for which the **Usage** parameter is set to **ENCRYPT/DECRYPT**. The following table lists the supported encryption algorithms: '."\n" + ."\n" + .'| KeySpec | Algorithm | Description | Maximum number of bytes that can be encrypted |'."\n" + .'| ------- | --------- | ----------- | --------------------------------------------- |'."\n" + .'| RSA_2048 | RSAES_OAEP_SHA_256 | RSAES-OAEP using SHA-256 and MGF1 with SHA-256 | 190 |'."\n" + .'| RSA_2048 | RSAES_OAEP_SHA_1 | RSAES-OAEP using SHA1 and MGF1 with SHA1 | 214 |'."\n" + .'| RSA_3072 | RSAES_OAEP_SHA_256 | RSAES-OAEP using SHA-256 and MGF1 with SHA-256 | 318 |'."\n" + .'| RSA_3072 | RSAES_OAEP_SHA_1 | RSAES-OAEP using SHA1 and MGF1 with SHA1 | 342 |'."\n" + .'| EC_SM2 | SM2PKE | SM2 public key encryption algorithm based on elliptic curves | 6047 |'."\n" + .'You can use the asymmetric CMK whose ID is `5c438b18-05be-40ad-b6c2-3be6752c****` and version ID is `2ab1a983-7072-4bbc-a582-584b5bd8****` and the algorithm `RSAES_OAEP_SHA_1` to encrypt the plaintext `SGVsbG8gd29ybGQ=` based on the parameter settings provided in this topic.', + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'AsymmetricDecrypt' => [ + 'summary' => 'Decrypts data by using an asymmetric key.', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54534', + 'abilityTreeNodes' => [ + 'FEATUREkmsZ5VV9Q', + ], + ], + 'parameters' => [ + [ + 'name' => 'CiphertextBlob', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ciphertext that you want to decrypt.'."\n" + ."\n" + .'> * The value is encoded in Base64.'."\n" + .'> * You can call the [AsymmetricEncrypt](~~148131~~) operation to generate the ciphertext.', + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVsv1W****==', + ], + ], + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the customer master key (CMK). The ID must be globally unique.'."\n" + ."\n" + .'> You can also set this parameter to an alias that is bound to the CMK. For more information, see [Alias overview](~~68522~~).'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', + ], + ], + [ + 'name' => 'KeyVersionId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The version ID of the CMK. The ID must be globally unique.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + ], + [ + 'name' => 'Algorithm', + 'in' => 'query', + 'schema' => [ + 'description' => 'The decryption algorithm.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'RSAES_OAEP_SHA_1', + ], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => [ + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'KeyVersionId' => [ + 'description' => 'The version ID of the CMK that is used to encrypt the plaintext.'."\n", + 'type' => 'string', + 'example' => '2ab1a983-7072-4bbc-a582-584b5bd8****', + ], + 'KeyId' => [ + 'description' => 'The ID of the CMK. The ID must be globally unique.'."\n" + ."\n" + .'> If you set the KeyId parameter in the request to an alias, the ID of the CMK to which the alias is bound is returned.'."\n", + 'type' => 'string', + 'example' => '5c438b18-05be-40ad-b6c2-3be6752c****', + ], + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '475f1620-b9d3-4d35-b5c6-3fbdd941423d', + ], + 'Plaintext' => [ + 'description' => 'The Base64-encoded plaintext that is generated after decryption.'."\n", + 'type' => 'string', + 'example' => 'SGVsbG8gd29ybGQ=', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'Rejected.UnsupportedOperation', + 'errorMessage' => 'Unsupported operation.', + ], + ], + 404 => [ + [ + 'errorCode' => 'Forbidden.AliasNotFound', + 'errorMessage' => 'The specified Alias is not found.', + ], + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"KeyVersionId\\": \\"2ab1a983-7072-4bbc-a582-584b5bd8****\\",\\n \\"KeyId\\": \\"key-hzz630494463ejqjx****\\",\\n \\"RequestId\\": \\"475f1620-b9d3-4d35-b5c6-3fbdd941423d\\",\\n \\"Plaintext\\": \\"SGVsbG8gd29ybGQ=\\"\\n}","errorExample":""},{"type":"xml","example":"<AsymmetricDecryptResponse>\\n <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>\\n <KeyId>key-hzz630494463ejqjx****</KeyId>\\n <RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>\\n <Plaintext>SGVsbG8gd29ybGQ=</Plaintext>\\n</AsymmetricDecryptResponse>","errorExample":""}]', + 'title' => 'AsymmetricDecrypt', + 'description' => 'This operation supports only asymmetric keys for which the **Usage** parameter is set to **ENCRYPT/DECRYPT**. The following table lists supported encryption algorithms. '."\n" + ."\n" + .'| KeySpec | Algorithm | Description | Maximum length in bytes |'."\n" + .'| ------- | --------- | ----------- | ----------------------- |'."\n" + .'| RSA_2048 | RSAES_OAEP_SHA_256 | RSAES-OAEP using SHA-256 and MGF1 with SHA-256 | 256 |'."\n" + .'| RSA_2048 | RSAES_OAEP_SHA_1 | RSAES-OAEP using SHA1 and MGF1 with SHA1 | 256 |'."\n" + .'| RSA_3072 | RSAES_OAEP_SHA_256 | RSAES-OAEP using SHA-256 and MGF1 with SHA-256 | 384 |'."\n" + .'| RSA_3072 | RSAES_OAEP_SHA_1 | RSAES-OAEP using SHA1 and MGF1 with SHA1 | 384 |'."\n" + .'| EC_SM2 | SM2PKE | SM2 public key encryption algorithm based on elliptic curves | 6144 |'."\n" + ."\n" + .'In this example, the asymmetric key whose ID is `5c438b18-05be-40ad-b6c2-3be6752c****` and version ID is `2ab1a983-7072-4bbc-a582-584b5bd8****` and the decryption algorithm `RSAES_OAEP_SHA_1` are used to decrypt the ciphertext `BQKP+1zK6+ZEMxTP5qaVzcsgXtWplYBKm0NXdSnB5FzliFxE1bSiu4dnEIlca2JpeH7yz1/S6fed630H+hIH6DoM25fTLNcKj+mFB0Xnh9m2+HN59Mn4qyTfcUeadnfCXSWcGBouhXFwcdd2rJ3n337bzTf4jm659gZu3L0i6PLuxM9p7mqdwO0cKJPfGVfhnfMz+f4alMg79WB/NNyE2lyX7/qxvV49ObNrrJbKSFiz8Djocaf0IESNLMbfYI5bXjWkJlX92DQbKhibtQW8ZOJ//ZC6t0AWcUoKL6QDm/dg5koQalcleRinpB+QadFm894sLbVZ9+N4GVsv1W****==`.', + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'CreateSecret' => [ + 'summary' => 'Creates a secret and stores the initial version of the secret.', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'abilityTreeCode' => '54548', + 'abilityTreeNodes' => [ + 'FEATUREkms52EQP9', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [ + [ + 'name' => 'SecretName', + 'in' => 'query', + 'schema' => [ + 'description' => 'The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores the encrypted value in the initial version.'."\n" + ."\n" + .'* If you set the SecretType parameter to Generic that indicates a generic secret, you can customize the secret value.'."\n" + ."\n" + .'* If you set the SecretType parameter to Rds that indicates a managed ApsaraDB RDS secret, the secret value must be in the format of `{"Accounts":[{"AccountName":"","AccountPassword":""}]}`. In the preceding format, `AccountName` indicates the username of the account that is used to connect to your ApsaraDB RDS instance, and `AccountPassword` specifies the password of the account.'."\n" + ."\n" + .'* If you set the SecretType parameter to RAMCredentials that indicates a managed RAM secret, the secret value must be in the format of `{"AccessKeys":[{"AccessKeyId":"","AccessKeySecret":"",}]}`. In the preceding format, `AccessKeyId` indicates the AccessKey ID of the RAM user and `AccessKeySecret` specifies the AccessKey secret of the RAM user. You must specify all the AccessKey pairs of the RAM user.'."\n" + ."\n" + .'* If you set the SecretType parameter to ECS that indicates a managed ECS secret, the secret value must be in one of the following formats:'."\n" + ."\n" + .' * `{"UserName":"","Password": ""}`: In the format, `UserName` specifies the username that is used to log on to the ECS instance, and `Password` specifies the password that is used to log on to the ECS instance.'."\n" + .' * `{"UserName":"","PublicKey": "", "PrivateKey": ""}`: In the format, `PublicKey` indicates the SSH public key that is used to log on to the ECS instance, and `PrivateKey` specifies the SSH private key that is used to log on to the ECS instance.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'mydbconninfo', + ], + ], + [ + 'name' => 'VersionId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The type of the secret value. Valid values:'."\n" + ."\n" + .'* text'."\n" + .'* binary'."\n" + ."\n" + .'> If you set the SecretType parameter to Rds, RAMCredentials, or ECS, the SecretDataType parameter must be set to text.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'v1', + ], + ], + [ + 'name' => 'EncryptionKeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The description of the secret.'."\n", + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => '00aa68af-2c02-4f68-95fe-3435d330****', + 'default' => '', + ], + ], + [ + 'name' => 'SecretData', + 'in' => 'query', + 'schema' => [ + 'description' => 'The tags of the secret.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'The type of the secret. Valid values:'."\n" + ."\n" + .'* Generic: specifies a generic secret.'."\n" + .'* Rds: specifies a managed ApsaraDB RDS secret.'."\n" + .'* RAMCredentials: specifies a managed RAM secret.'."\n" + .'* ECS: specifies a managed ECS secret.'."\n", + ], + ], + [ + 'name' => 'SecretDataType', + 'in' => 'query', + 'schema' => [ + 'description' => 'The extended configuration of the secret. This parameter specifies the properties of the secret of the specific type. The description can be up to 1,024 characters in length.'."\n" + ."\n" + .'* If you set the SecretType parameter to Generic, you do not need to configure this parameter.'."\n" + ."\n" + .'* If you set the SecretType parameter to Rds, configure the following fields for the ExtendedConfig parameter:'."\n" + ."\n" + .' * SecretSubType: required. The subtype of the secret. Valid values:'."\n" + ."\n" + .' * SingleUser: Secrets Manager manages the ApsaraDB RDS secret in single-account mode. When the secret is rotated, the password of the specified account is reset to a new random password.'."\n" + .' * DoubleUsers: Secrets Manager manages the ApsaraDB RDS secret in dual-account mode. One account is referenced by the ACSCurrent version, and the other account is referenced by the ACSPrevious version. When the secret is rotated, the password of the account referenced by the ACSPrevious version is reset to a new random password. Then, Secrets Manager switches the referenced accounts between the ACSCurrent and ACSPrevious versions.'."\n" + ."\n" + .' * DBInstanceId: required. The ApsaraDB RDS instance to which the ApsaraDB RDS account belongs.'."\n" + ."\n" + .' * CustomData: optional. The custom data. The value is a collection of key-value pairs in the JSON format. Up to 10 key-value pairs can be specified. Separate multiple key-value pairs with commas (,). Example: `{"Key1": "v1", "fds":"fdsf"}`. The default value is a pair of empty braces (`{}`).'."\n" + ."\n" + .'* If you set the SecretType parameter to RAMCredentials, configure the following fields for the ExtendedConfig parameter:'."\n" + ."\n" + .' * SecretSubType: required. The subtype of the secret. Set the value to RamUserAccessKey.'."\n" + .' * UserName: required. The name of the RAM user.'."\n" + .' * CustomData: optional. The custom data. The value is a collection of key-value pairs in the JSON format. Up to 10 key-value pairs can be specified. Separate multiple key-value pairs with commas (,). The default value is a pair of empty braces (`{}`).'."\n" + ."\n" + .'* If you set the SecretType parameter to ECS, configure the following fields for the ExtendedConfig parameter:'."\n" + ."\n" + .' * SecretSubType: required. The subtype of the secret. Valid values:'."\n" + ."\n" + .' * Password: the password that is used to log on to the ECS instance.'."\n" + .' * SSHKey: the SSH public key and private key that are used to log on to the ECS instance.'."\n" + ."\n" + .' * RegionId: required. The ID of the region in which the ECS instance resides.'."\n" + ."\n" + .' * InstanceId: required. The ID of the ECS instance.'."\n" + ."\n" + .' * CustomData: optional. The custom data. The value is a collection of key-value pairs in the JSON format. Up to 10 key-value pairs can be specified. Separate multiple key-value pairs with commas (,). The default value is a pair of empty braces (`{}`).'."\n" + ."\n" + .'> This parameter is required if you set the SecretType parameter to Rds, RAMCredentials, or ECS.'."\n", + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => 'text', + 'default' => 'text', + 'enum' => [ + 'text', + 'binary', + ], + ], + ], + [ + 'name' => 'Description', + 'in' => 'query', + 'schema' => [ + 'description' => 'Specifies whether to enable automatic rotation. Valid values:'."\n" + ."\n" + .'* true: specifies to enable automatic rotation.'."\n" + .'* false: specifies to disable automatic rotation. This is the default value.'."\n" + ."\n" + .'> This parameter is valid if you set the SecretType parameter to Rds, RAMCredentials, or ECS.'."\n", + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => 'mydbinfo', + ], + ], + [ + 'name' => 'Tags', + 'in' => 'query', + 'schema' => [ + 'description' => 'The interval for automatic rotation. Valid values: 6 hours to 8,760 hours (365 days).'."\n" + ."\n" + .'The value is in the `integer[unit]` format.'."\n" + ."\n" + .'The unit can be d (day), h (hour), m (minute), or s (second). For example, both 7d and 604800s indicate a seven-day interval.'."\n" + ."\n" + .'> This parameter is required if you set the EnableAutomaticRotation parameter to true. This parameter is ignored if you set the EnableAutomaticRotation parameter to false or if the EnableAutomaticRotation parameter is not configured.'."\n", + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => '[{\\"TagKey\\":\\"key1\\",\\"TagValue\\":\\"val1\\"},{\\"TagKey\\":\\"key2\\",\\"TagValue\\":\\"val2\\"}]', + ], + ], + [ + 'name' => 'SecretType', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the dedicated KMS instance.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'Rds', + ], + ], + [ + 'name' => 'ExtendedConfig', + 'in' => 'query', + 'style' => 'json', + 'schema' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'object', + 'required' => false, + 'example' => '{"SecretSubType":"SingleUser", "DBInstanceId":"rm-bp1b3dd3a506e****" ,"CustomData":{}}', + ], + ], + [ + 'name' => 'EnableAutomaticRotation', + 'in' => 'query', + 'schema' => [ + 'description' => 'Indicates whether automatic rotation is enabled. Valid values:'."\n" + ."\n" + .'* Enabled: indicates that automatic rotation is enabled.'."\n" + .'* Disabled: indicates that automatic rotation is disabled.'."\n" + .'* Invalid: indicates that the status of automatic rotation is abnormal. In this case, Secrets Manager cannot automatically rotate the secret.'."\n" + ."\n" + .'> This parameter is returned if you set the SecretType parameter to Rds, RAMCredentials, or ECS.'."\n", + 'type' => 'boolean', + 'required' => false, + 'example' => 'true', + ], + ], + [ + 'name' => 'RotationInterval', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '30d', + ], + ], + [ + 'name' => 'DKMSInstanceId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The version number of the secret.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'kst-bjj62d8f5e0sgtx8h****', + ], + ], + [ + 'name' => 'Policy', + 'in' => 'query', + 'allowEmptyValue' => true, + 'schema' => [ + 'type' => 'string', + 'required' => false, + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The time when the next rotation will be performed.'."\n" + ."\n" + .'> This parameter is returned if automatic rotation is enabled.'."\n", + 'type' => 'string', + 'example' => '3bf02f7a-015b-4f93-be0f-cc043fda2dd3', + ], + 'AutomaticRotation' => [ + 'description' => 'The type of the secret. Valid values:'."\n" + ."\n" + .'* Generic: indicates a generic secret.'."\n" + .'* Rds: indicates a managed ApsaraDB RDS secret.'."\n" + .'* RAMCredentials: indicates a managed RAM secret.'."\n" + .'* ECS: indicates a managed ECS secret.'."\n", + 'type' => 'string', + 'example' => 'Enabled', + ], + 'SecretName' => [ + 'description' => 'The interval for automatic rotation.'."\n" + ."\n" + .'The value is in the `integer[unit]` format. The value of the `unit` field is fixed as s. For example, if the value is 604800s, automatic rotation is performed at a 7-day interval.'."\n" + ."\n" + .'> This parameter is returned if automatic rotation is enabled.'."\n", + 'type' => 'string', + 'example' => 'mydbconninfo', + ], + 'VersionId' => [ + 'description' => 'The Alibaba Cloud Resource Name (ARN) of the secret.'."\n", + 'type' => 'string', + 'example' => 'v1', + ], + 'NextRotationDate' => [ + 'description' => 'The extended configuration of the secret.'."\n" + ."\n" + .'> This parameter is returned if you set the SecretType parameter to Rds, RAMCredentials, or ECS.'."\n", + 'type' => 'string', + 'example' => '2022-07-06T18:22:03Z', + ], + 'SecretType' => [ + 'description' => 'The ID of the dedicated KMS instance.'."\n", + 'type' => 'string', + 'example' => 'Rds', + ], + 'RotationInterval' => [ + 'description' => '', + 'type' => 'string', + 'example' => '604800s', + ], + 'Arn' => [ + 'description' => '', + 'type' => 'string', + 'example' => 'acs:kms:cn-hangzhou:154035569884****:secret/mydbconninfo', + ], + 'ExtendedConfig' => [ + 'description' => '', + 'type' => 'string', + 'example' => '{\\"SecretSubType\\":\\"SingleUser\\", \\"DBInstanceId\\":\\"rm-uf667446pc955****\\", \\"CustomData\\":{} }', + ], + 'DKMSInstanceId' => [ + 'description' => '', + 'type' => 'string', + 'example' => 'kst-bjj62d8f5e0sgtx8h****', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'UnsupportedOperation', + 'errorMessage' => 'This action is not supported.', + ], + [ + 'errorCode' => 'Rejected.LimitExceeded', + 'errorMessage' => 'The request was rejected because user create resource limit was exceeded', + ], + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + [ + 'errorCode' => 'Rejected.ShareQuotaExceedLimit', + 'errorMessage' => 'Instance Share Quota Exceed Limit.', + ], + ], + 403 => [ + [ + 'errorCode' => 'Forbidden.DKMSInstanceNotFound', + 'errorMessage' => 'The specified DKMS Instance is not found.', + ], + ], + [ + [ + 'errorCode' => 'Forbidden.ResourceNotFound', + 'errorMessage' => 'The resource is not found.', + ], + ], + 409 => [ + [ + 'errorCode' => 'Rejected.ResourceExist', + 'errorMessage' => 'The resource already exists.', + ], + [ + 'errorCode' => 'Rejected.ResourceInDeleteWindow', + 'errorMessage' => 'The secret is planned to be deleted.', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalFailure', + 'errorMessage' => 'Internal Failure', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3bf02f7a-015b-4f93-be0f-cc043fda2dd3\\",\\n \\"AutomaticRotation\\": \\"Enabled\\",\\n \\"SecretName\\": \\"mydbconninfo\\",\\n \\"VersionId\\": \\"v1\\",\\n \\"NextRotationDate\\": \\"2023-07-06T18:22:03Z\\",\\n \\"SecretType\\": \\"Rds\\",\\n \\"RotationInterval\\": \\"604800s\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:154035569884****:secret/mydbconninfo\\",\\n \\"ExtendedConfig\\": \\"{\\\\\\\\\\\\\\"SecretSubType\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"SingleUser\\\\\\\\\\\\\\", \\\\\\\\\\\\\\"DBInstanceId\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"rm-uf667446pc955****\\\\\\\\\\\\\\", \\\\\\\\\\\\\\"CustomData\\\\\\\\\\\\\\":\\\\\\"Key1\\\\\\": \\\\\\"v1\\\\\\", \\\\\\"fds\\\\\\":\\\\\\"fdsf\\\\\\"} }\\",\\n \\"DKMSInstanceId\\": \\"kst-bjj62d8f5e0sgtx8h****\\"\\n}","errorExample":""},{"type":"xml","example":"<CreateSecretResponse>\\n <RequestId>3bf02f7a-015b-4f93-be0f-cc043fda2dd3</RequestId>\\n <AutomaticRotation>Enabled</AutomaticRotation>\\n <SecretName>mydbconninfo</SecretName>\\n <VersionId>v1</VersionId>\\n <NextRotationDate>2023-07-06T18:22:03Z</NextRotationDate>\\n <SecretType>Rds</SecretType>\\n <RotationInterval>604800s</RotationInterval>\\n <Arn>acs:kms:cn-hangzhou:154035569884****:secret/mydbconninfo</Arn>\\n <ExtendedConfig>{\\\\\\"SecretSubType\\\\\\":\\\\\\"SingleUser\\\\\\", \\\\\\"DBInstanceId\\\\\\":\\\\\\"rm-uf667446pc955****\\\\\\", \\\\\\"CustomData\\\\\\":\\"Key1\\": \\"v1\\", \\"fds\\":\\"fdsf\\"} }</ExtendedConfig>\\n <DKMSInstanceId>kst-bjj62d8f5e0sgtx8h****</DKMSInstanceId>\\n</CreateSecretResponse>","errorExample":""}]', + 'title' => 'CreateSecret', + 'description' => 'The name of the secret.'."\n" + ."\n" + .'The value must be 1 to 64 characters in length and can contain letters, digits, underscores (\\_), forward slashes (/), plus signs (+), equal signs (=), periods (.), hyphens (-), and at signs (@). The following list describes the name requirements for different types of secrets:'."\n" + ."\n" + .'* If the SecretType parameter is set to Generic or Rds, the name cannot start with `acs/`.'."\n" + .'* If the SecretType parameter is set to RAMCredentials, set the SecretName parameter to `$Auto`. In this case, KMS automatically generates a secret name that starts with `acs/ram/user/`. The name includes the display name of RAM user.'."\n" + .'* If the SecretType parameter is set to ECS, the name must start with `acs/ecs/`.'."\n", + 'requestParamsDescription' => 'The initial version number. Version numbers are unique in each secret.'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'DeleteSecret' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'delete', + ], + 'parameters' => [ + [ + 'name' => 'SecretName', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'secret001', + ], + ], + [ + 'name' => 'ForceDeleteWithoutRecovery', + 'in' => 'query', + 'schema' => [ + 'description' => 'Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered.'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'* **true**'."\n" + .'* **false** (default value)'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'false', + 'default' => 'false', + 'enum' => [ + 'false', + 'true', + ], + ], + ], + [ + 'name' => 'RecoveryWindowInDays', + 'in' => 'query', + 'schema' => [ + 'description' => 'Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. Unit: Days.'."\n", + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => '10', + 'default' => '30', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'SecretName' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'example' => 'secret001', + ], + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '38bbed2a-15e0-45ad-98d4-816ad2ccf4ea', + ], + 'PlannedDeleteTime' => [ + 'description' => 'The time when the secret is scheduled to be deleted.'."\n", + 'type' => 'string', + 'example' => '2022-09-15T07:02:14Z', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'Forbidden.ResourceNotFound', + 'errorMessage' => 'Resource not found', + ], + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + 409 => [ + [ + 'errorCode' => 'Rejected.ResourceInDeleteWindow', + 'errorMessage' => 'secret in delete peroid', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalFailure', + 'errorMessage' => 'Internal Failure', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretName\\": \\"secret001\\",\\n \\"RequestId\\": \\"38bbed2a-15e0-45ad-98d4-816ad2ccf4ea\\",\\n \\"PlannedDeleteTime\\": \\"2024-04-15T07:02:14Z\\"\\n}","errorExample":""},{"type":"xml","example":"<DeleteSecretResponse>\\n <SecretName>secret001</SecretName>\\n <RequestId>38bbed2a-15e0-45ad-98d4-816ad2ccf4ea</RequestId>\\n <PlannedDeleteTime>2022-09-15T07:02:14Z</PlannedDeleteTime>\\n</DeleteSecretResponse>","errorExample":""}]', + 'title' => 'DeleteSecret', + 'summary' => 'Deletes a secret.', + 'description' => 'If you call this operation without specifying a recovery period, the deleted secret can be recovered within 30 days.'."\n" + ."\n" + .'If you specify a recovery period, the deleted secret can be recovered within the recovery period. You can also forcibly delete a secret. A forcibly deleted secret cannot be recovered.'."\n", + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'UpdateSecret' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + ], + 'parameters' => [ + [ + 'name' => 'SecretName', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'secret001', + ], + ], + [ + 'name' => 'Description', + 'in' => 'query', + 'schema' => [ + 'description' => 'The description of the secret.'."\n", + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => 'datainfo', + ], + ], + [ + 'name' => 'ExtendedConfig.CustomData', + 'in' => 'query', + 'style' => 'json', + 'schema' => [ + 'description' => 'The custom data in the extended configuration of the secret.'."\n" + ."\n" + .'> * If this parameter is specified, the existing extended configuration of the secret is updated.'."\n" + .'> * This parameter is unavailable for generic secrets.', + 'type' => 'object', + 'required' => false, + 'example' => '{"DBName":"app1","Port":"3306"}', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'SecretName' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'example' => 'secret001', + ], + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '5b75d8b1-5b6a-4ec0-8e0c-c08befdfad47', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'some of the specified parameters "\\" is not valid', + ], + ], + 403 => [ + [ + 'errorCode' => 'Forbidden.NoPermission', + 'errorMessage' => 'This operation is forbidden by permission system', + ], + ], + [ + [ + 'errorCode' => 'Forbidden.ResourceNotFound', + 'errorMessage' => 'Resource not found', + ], + ], + 409 => [ + [ + 'errorCode' => 'Rejected.ResourceExist', + 'errorMessage' => 'The request was rejected becasue key already exsit', + ], + [ + 'errorCode' => 'Rejected.ResourceInDeleteWindow', + 'errorMessage' => 'secret in delete peroid', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalFailure', + 'errorMessage' => 'Internal Failure', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretName\\": \\"secret001\\",\\n \\"RequestId\\": \\"5b75d8b1-5b6a-4ec0-8e0c-c08befdfad47\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateSecretResponse>\\n <SecretName>secret001</SecretName>\\n <RequestId>5b75d8b1-5b6a-4ec0-8e0c-c08befdfad47</RequestId>\\n</UpdateSecretResponse>","errorExample":""}]', + 'title' => 'UpdateSecret', + 'summary' => 'Updates the metadata of a secret.', + 'description' => 'In this example, the metadata of the `secret001` secret is updated. The `Description` parameter is set to `datainfo`.'."\n", + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'UpdateSecretVersionStage' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + ], + 'parameters' => [ + [ + 'name' => 'SecretName', + 'in' => 'query', + 'schema' => [ + 'description' => 'The operation that you want to perform. Set the value to **UpdateSecretVersionStage**.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'secret001', + ], + ], + [ + 'name' => 'VersionStage', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'ACSCurrent', + ], + ], + [ + 'name' => 'RemoveFromVersion', + 'in' => 'query', + 'schema' => [ + 'description' => 'The specified stage label. Valid values:'."\n" + ."\n" + .'* ACSCurrent'."\n" + .'* ACSPrevious'."\n" + .'* Custom stage label'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '001', + ], + ], + [ + 'name' => 'MoveToVersion', + 'in' => 'query', + 'schema' => [ + 'description' => 'The version from which you want to remove the specified stage label.'."\n" + ."\n" + .'> You must specify at least one of the RemoveFromVersion and MoveToVersion parameters.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '002', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'SecretName' => [ + 'description' => 'The version to which you want to apply the specified stage label.'."\n" + ."\n" + .'> * You must specify at least one of the RemoveFromVersion and MoveToVersion parameters.'."\n" + .'> * If the VersionStage parameter is set to ACSCurrent or ACSPrevious, this parameter is required.', + 'type' => 'string', + 'example' => 'secret001', + ], + 'RequestId' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'example' => '8cad259f-4d77-40ec-bbd7-b9c47a423bb9', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'some of the specified parameters "\\" is not valid', + ], + [ + 'errorCode' => 'Rejected.LimitExceeded', + 'errorMessage' => 'exceed secret limits error', + ], + [ + 'errorCode' => 'Rejected.InvalidRequest', + 'errorMessage' => 'param mismatch', + ], + [ + 'errorCode' => 'Rejected.UnsupportedOperation', + 'errorMessage' => 'secret stages in unnormal status', + ], + ], + 403 => [ + [ + 'errorCode' => 'Forbidden.NoPermission', + 'errorMessage' => 'This operation is forbidden by permission system', + ], + ], + [ + [ + 'errorCode' => 'Forbidden.ResourceNotFound', + 'errorMessage' => 'Resource not found', + ], + ], + 409 => [ + [ + 'errorCode' => 'Rejected.ResourceInDeleteWindow', + 'errorMessage' => 'secret in delete peroid', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalFailure', + 'errorMessage' => 'Internal Failure', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretName\\": \\"secret001\\",\\n \\"RequestId\\": \\"8cad259f-4d77-40ec-bbd7-b9c47a423bb9\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateSecretVersionStageResponse>\\n <SecretName>secret001</SecretName>\\n <RequestId>8cad259f-4d77-40ec-bbd7-b9c47a423bb9</RequestId>\\n</UpdateSecretVersionStageResponse>","errorExample":""}]', + 'title' => 'UpdateSecretVersionStage', + 'summary' => 'Updates the stage label that marks a secret version.', + 'description' => 'Updates the stage label that marks a secret version.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'UpdateSecretRotationPolicy' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + ], + 'parameters' => [ + [ + 'name' => 'SecretName', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'RdsSecret/Mysql5.4/MyCred', + ], + ], + [ + 'name' => 'EnableAutomaticRotation', + 'in' => 'query', + 'schema' => [ + 'description' => 'Specifies whether to enable automatic rotation. Valid values:'."\n" + ."\n" + .'* true: enables automatic rotation.'."\n" + .'* false: does not enable automatic rotation. This is the default value.'."\n", + 'type' => 'boolean', + 'required' => true, + 'docRequired' => true, + 'example' => 'true', + ], + ], + [ + 'name' => 'RotationInterval', + 'in' => 'query', + 'schema' => [ + 'description' => 'The interval for automatic rotation. Valid values: 6 hours to 8,760 hours (365 days).'."\n" + ."\n" + .'The value is in the `integer[unit]` format.````'."\n" + ."\n" + .'The unit can be d (day), h (hour), m (minute), or s (second). For example, both 7d and 604800s indicate a seven-day interval.'."\n" + ."\n" + .'> This parameter is required if you set the EnableAutomaticRotation parameter to true. This parameter is ignored if you set the EnableAutomaticRotation parameter to false or does not specify the EnableAutomaticRotation parameter.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '30d', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'SecretName' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'example' => 'RdsSecret/Mysql5.4/MyCred', + ], + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '2c124f6f-4210-499f-b88a-69f54004d2d8', + ], + ], + ], + ], + ], + 'errorCodes' => [], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretName\\": \\"RdsSecret/Mysql5.4/MyCred\\",\\n \\"RequestId\\": \\"2c124f6f-4210-499f-b88a-69f54004d2d8\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateSecretRotationPolicyResponse>\\n <SecretName>RdsSecret/Mysql5.4/MyCred</SecretName>\\n <RequestId>2c124f6f-4210-499f-b88a-69f54004d2d8</RequestId>\\n</UpdateSecretRotationPolicyResponse>","errorExample":""}]', + 'title' => 'UpdateSecretRotationPolicy', + 'summary' => 'Updates the rotation policy of a secret.', + 'description' => 'After automatic rotation is enabled, Secrets Manager schedules the first automatic rotation by adding the preset rotation interval to the timestamp of the last rotation.'."\n" + ."\n" + .'Limits: The UpdateSecretRotationPolicy operation cannot be used to update the rotation policy of generic secrets.'."\n" + ."\n" + .'In this example, the rotation policy of the `RdsSecret/Mysql5.4/MyCred` secret is updated. The following settings are modified:'."\n" + ."\n" + .'* The `EnableAutomaticRotation` parameter is set to `true`, which indicates that automatic rotation is enabled.'."\n" + .'* The `RotationInterval` parameter is set to `30d`, which indicates that the interval for automatic rotation is 30 days.'."\n", + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'ListSecrets' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54594', + 'abilityTreeNodes' => [ + 'FEATUREkms52EQP9', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [ + [ + 'name' => 'FetchTags', + 'in' => 'query', + 'schema' => [ + 'description' => 'The number of entries to return on each page.'."\n" + ."\n" + .'Valid values: 1 to 100.'."\n" + ."\n" + .'Default value: 10.'."\n", + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => 'false', + ], + ], + [ + 'name' => 'PageNumber', + 'in' => 'query', + 'schema' => [ + 'description' => 'The secret filter. The filter consists of one or more key-value pairs. You can specify one key-value pair or leave this parameter empty. If you use one tag key or tag value to filter resources, up to 4,000 resources can be queried. If you want to query more than 4,000 resources, call the [ListResourceTags](~~120090~~) operation.'."\n" + ."\n" + .'* Key'."\n" + ."\n" + .' * Description: the property that you want to filter.'."\n" + ."\n" + .' * Type: string.'."\n" + ."\n" + .' * Valid values:'."\n" + ."\n" + .' * SecretName: the secret name.'."\n" + .' * Description: the description of the secret.'."\n" + .' * TagKey: the tag key.'."\n" + .' * TagValue: the tag value.'."\n" + ."\n" + .'* Values'."\n" + ."\n" + .' * Description: the value to be included after filtering.'."\n" + ."\n" + .' * Type: string.'."\n" + ."\n" + .' * Length: 0 to 10.'."\n" + ."\n" + .' * Valid values:'."\n" + ."\n" + .' * If the Key field is set to SecretName, the value must be 1 to 192 characters in length and can contain letters, digits, and special characters `_ / + = . @ -`.'."\n" + .' * If the Key field is set to Description, the value must be 1 to 256 characters in length.'."\n" + .' * If the Key field is set to TagKey, the value must be 1 to 256 characters in length and can contain letters, digits, and special characters `/ _ - . + = @ :`.'."\n" + .' * If the Key field is set to TagValue, the value must be 1 to 256 characters in length and can contain letters, numbers, and special characters `/ _ - . + = @ :`.'."\n" + ."\n" + .'The logical relationship between values of the Values field in a key-value pair is OR. Example: `[ {"Key":"SecretName", "Values":["sec1","sec2"]}]`. In this example, the semantics are `SecretName=sec 1 OR SecretName=sec 2`.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'docRequired' => false, + 'example' => '1', + 'default' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'query', + 'schema' => [ + 'description' => 'The page number of the returned page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'docRequired' => false, + 'maximum' => '100', + 'minimum' => '1', + 'example' => '2', + 'default' => '10', + ], + ], + [ + 'name' => 'Filters', + 'in' => 'query', + 'schema' => [ + 'description' => 'The number of entries returned per page.'."\n", + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => '[{"Key":"SecretName", "Values":["Val1","Val2"]}]', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'PageNumber' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'description' => 'The number of returned secrets.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '2', + ], + 'RequestId' => [ + 'description' => 'The list of secrets.'."\n", + 'type' => 'string', + 'example' => '6a6287a0-ff34-4780-a790-fdfca900557f', + ], + 'TotalCount' => [ + 'description' => 'The secret name.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '55', + ], + 'SecretList' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'Secret' => [ + 'description' => 'The time when the secret was updated.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'SecretName' => [ + 'description' => 'The type of the secret. Valid values:'."\n" + ."\n" + .'* Generic: indicates a generic secret.'."\n" + .'* Rds: indicates a managed ApsaraDB RDS secret.'."\n", + 'type' => 'string', + 'example' => 'secret001', + ], + 'UpdateTime' => [ + 'description' => 'The time when the secret is scheduled to be deleted.'."\n", + 'type' => 'string', + 'example' => '2022-07-17T07:59:05Z', + ], + 'SecretType' => [ + 'description' => 'The time when the secret was created.'."\n", + 'type' => 'string', + 'example' => 'Generic', + ], + 'PlannedDeleteTime' => [ + 'description' => 'The resource tags of the secret.'."\n" + ."\n" + .'This parameter is not returned if you set the FetchTags parameter to false or do not specify the FetchTags parameter.'."\n", + 'type' => 'string', + 'example' => '2022-08-17T07:59:05Z', + ], + 'CreateTime' => [ + 'description' => 'The tag value.'."\n", + 'type' => 'string', + 'example' => '2022-07-17T07:59:05Z', + ], + 'Tags' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'Tag' => [ + 'description' => 'The tag key.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'TagValue' => [ + 'description' => '', + 'type' => 'string', + 'example' => 'val1', + ], + 'TagKey' => [ + 'description' => '', + 'type' => 'string', + 'example' => 'key1', + ], + ], + ], + ], + ], + ], + 'OwingService' => [ + 'type' => 'string', + ], + ], + ], + ], + ], + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'some of the specified parameters "\\" is not valid', + ], + ], + 403 => [ + [ + 'errorCode' => 'Forbidden.NoPermission', + 'errorMessage' => 'This operation is forbidden by permission system', + ], + ], + [ + [ + 'errorCode' => 'Forbidden.ResourceNotFound', + 'errorMessage' => 'Resource not found', + ], + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalFailure', + 'errorMessage' => 'Internal Failure', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 2,\\n \\"RequestId\\": \\"6a6287a0-ff34-4780-a790-fdfca900557f\\",\\n \\"TotalCount\\": 55,\\n \\"SecretList\\": {\\n \\"Secret\\": [\\n {\\n \\"SecretName\\": \\"secret001\\",\\n \\"UpdateTime\\": \\"2024-07-17T07:59:05Z\\",\\n \\"SecretType\\": \\"Generic\\",\\n \\"PlannedDeleteTime\\": \\"2024-08-17T07:59:05Z\\",\\n \\"CreateTime\\": \\"2024-07-17T07:59:05Z\\",\\n \\"Tags\\": {\\n \\"Tag\\": [\\n {\\n \\"TagValue\\": \\"val1\\",\\n \\"TagKey\\": \\"key1\\"\\n }\\n ]\\n },\\n \\"OwingService\\": \\"\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListSecretsResponse>\\n <PageNumber>1</PageNumber>\\n <PageSize>2</PageSize>\\n <RequestId>6a6287a0-ff34-4780-a790-fdfca900557f</RequestId>\\n <TotalCount>55</TotalCount>\\n <SecretList>\\n <SecretName>secret001</SecretName>\\n <UpdateTime>2024-07-17T07:59:05Z</UpdateTime>\\n <SecretType>Generic</SecretType>\\n <PlannedDeleteTime>2024-08-17T07:59:05Z</PlannedDeleteTime>\\n <CreateTime>2024-07-17T07:59:05Z</CreateTime>\\n <Tags>\\n <TagValue>val1</TagValue>\\n <TagKey>key1</TagKey>\\n </Tags>\\n </SecretList>\\n</ListSecretsResponse>","errorExample":""}]', + 'title' => 'ListSecrets', + 'summary' => 'Queries all secrets created by the current Alibaba Cloud account in the current region.', + 'description' => 'Specifies whether to return the resource tags of the secret. Valid values:'."\n" + ."\n" + .'* true: returns the resource tags.'."\n" + .'* false: does not return the resource tags. This is the default value.'."\n", + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'DescribeSecret' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'readAndWrite', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54562', + 'abilityTreeNodes' => [ + 'FEATUREkms52EQP9', + ], + ], + 'parameters' => [ + [ + 'name' => 'SecretName', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'secret001', + ], + ], + [ + 'name' => 'FetchTags', + 'in' => 'query', + 'schema' => [ + 'description' => 'Specifies whether to return the resource tags of the secret. Valid values:'."\n" + ."\n" + .'* true: The resource tags are returned.'."\n" + .'* false: The resource tags are not returned. This is the default value.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'true', + 'default' => 'false', + 'enum' => [ + 'false', + 'true', + ], + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'UpdateTime' => [ + 'description' => 'The time when the secret was updated.'."\n", + 'type' => 'string', + 'example' => '2022-02-21T15:39:26Z', + ], + 'CreateTime' => [ + 'description' => 'The time when the secret was created.'."\n", + 'type' => 'string', + 'example' => '2022-02-21T15:39:26Z', + ], + 'NextRotationDate' => [ + 'description' => 'The time when the next rotation will be performed.'."\n" + ."\n" + .'> This parameter is returned when automatic rotation is enabled.'."\n", + 'type' => 'string', + 'example' => '2022-07-06T18:22:03Z', + ], + 'EncryptionKeyId' => [ + 'description' => 'The ID of the customer master key (CMK) that is used to encrypt the secret value.'."\n", + 'type' => 'string', + 'example' => '00aa68af-2c02-4f68-95fe-3435d330****', + ], + 'RotationInterval' => [ + 'description' => 'The interval for automatic rotation.'."\n" + ."\n" + .'The value is in the `integer[unit]` format. `integer` indicates the length of time. `unit`: indicates the time unit. The value of `unit` is fixed as s. For example, if the value is 604800s, automatic rotation is performed at a 7-day interval.'."\n" + ."\n" + .'> This parameter is returned when automatic rotation is enabled.'."\n", + 'type' => 'string', + 'example' => '3153600s', + ], + 'Arn' => [ + 'description' => 'The Alibaba Cloud Resource Name (ARN) of the secret.'."\n", + 'type' => 'string', + 'example' => 'acs:kms:cn-hangzhou:154035569884****:secret/secret001', + ], + 'ExtendedConfig' => [ + 'description' => 'The extended configuration of the secret.'."\n" + ."\n" + .'> This parameter is returned only for a managed ApsaraDB RDS secret, a managed Resource Access Management (RAM) secret, or a managed Elastic Compute Service (ECS) secret.'."\n", + 'type' => 'string', + 'example' => '{\\"SecretSubType\\":\\"SingleUser\\", \\"DBInstanceId\\":\\"rm-uf667446pc955****\\", \\"CustomData\\":{} }', + ], + 'LastRotationDate' => [ + 'description' => 'The time when the last rotation was performed.'."\n" + ."\n" + .'> This parameter is returned if the secret was rotated.'."\n", + 'type' => 'string', + 'example' => '2022-07-05T08:22:03Z', + ], + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '93348dfb-3627-4417-8d90-487a76a909c9', + ], + 'Description' => [ + 'description' => 'The description of the secret.'."\n", + 'type' => 'string', + 'example' => 'userinfo', + ], + 'SecretName' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'example' => 'secret001', + ], + 'AutomaticRotation' => [ + 'description' => 'Indicates whether automatic rotation is enabled. Valid values:'."\n" + ."\n" + .'* Enabled: indicates that automatic rotation is enabled.'."\n" + .'* Disabled: indicates that automatic rotation is disabled.'."\n" + .'* Invalid: indicates that the status of automatic rotation is abnormal. In this case, Secrets Manager cannot automatically rotate the secret.'."\n" + ."\n" + .'> This parameter is returned only for a managed ApsaraDB RDS secret, a managed RAM secret, or a managed ECS secret.'."\n", + 'type' => 'string', + 'example' => 'Enabled', + ], + 'SecretType' => [ + 'description' => 'The type of the secret. Valid values:'."\n" + ."\n" + .'* Generic: indicates a generic secret.'."\n" + .'* Rds: indicates a managed ApsaraDB RDS secret.'."\n" + .'* RAMCredentials: indicates a managed RAM secret.'."\n" + .'* ECS: indicates a managed ECS secret.'."\n", + 'type' => 'string', + 'example' => 'Rds', + ], + 'PlannedDeleteTime' => [ + 'description' => 'The time when the secret is scheduled to be deleted.'."\n", + 'type' => 'string', + 'example' => '2022-03-21T15:45:12Z', + ], + 'DKMSInstanceId' => [ + 'description' => 'The ID of the dedicated KMS instance.'."\n", + 'type' => 'string', + 'example' => 'kst-bjj62d8f5e0sgtx8h****', + ], + 'Tags' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'Tag' => [ + 'description' => 'The resource tags of the secret.'."\n" + ."\n" + .'This parameter is not returned if you set the FetchTags parameter to false or you do not specify the FetchTags parameter.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'TagValue' => [ + 'description' => 'The tag value.'."\n", + 'type' => 'string', + 'example' => 'val1', + ], + 'TagKey' => [ + 'description' => 'The tag key.'."\n", + 'type' => 'string', + 'example' => 'key1', + ], + ], + ], + ], + ], + ], + 'OwingService' => [ + 'type' => 'string', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'IllegalTimestamp', + 'errorMessage' => 'The input parameter Timestamp that is mandatory for processing this request is not supplied.', + ], + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 403 => [ + [ + 'errorCode' => 'Forbidden.NoPermission', + 'errorMessage' => 'You are not authorized to perform the operation.', + ], + ], + [ + [ + 'errorCode' => 'Forbidden.ResourceNotFound', + 'errorMessage' => 'Resource not found', + ], + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"UpdateTime\\": \\"2024-02-21T15:39:26Z\\",\\n \\"CreateTime\\": \\"2024-02-21T15:39:26Z\\",\\n \\"NextRotationDate\\": \\"2024-07-06T18:22:03Z\\",\\n \\"EncryptionKeyId\\": \\"key-hzz63ca8cbe3hefht****\\",\\n \\"RotationInterval\\": \\"3153600s\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:154035569884****:secret/secret001\\",\\n \\"ExtendedConfig\\": \\"{\\\\\\\\\\\\\\"AccountName\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"kms\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"Database\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"kmsdata\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"AccountPrivilege\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"RoleReadOnly\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"CloneAccountName\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"kms_clone\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"CustomData\\\\\\\\\\\\\\":{},\\\\\\\\\\\\\\"InstanceId\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"pc-bp134f7hnijoey****\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"RegionId\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"cn-hangzhou\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"SecretSubType\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"DoubleUsers\\\\\\\\\\\\\\"}\\\\\\"\\",\\n \\"LastRotationDate\\": \\"2022-07-05T08:22:03Z\\",\\n \\"RequestId\\": \\"93348dfb-3627-4417-8d90-487a76a909c9\\",\\n \\"Description\\": \\"userinfo\\",\\n \\"SecretName\\": \\"secret001\\",\\n \\"AutomaticRotation\\": \\"Enabled\\",\\n \\"SecretType\\": \\"Rds\\",\\n \\"PlannedDeleteTime\\": \\"2025-03-21T15:45:12Z\\",\\n \\"DKMSInstanceId\\": \\"kst-bjj62d8f5e0sgtx8h****\\",\\n \\"Tags\\": {\\n \\"Tag\\": [\\n {\\n \\"TagValue\\": \\"val1\\",\\n \\"TagKey\\": \\"key1\\"\\n }\\n ]\\n },\\n \\"OwingService\\": \\"\\"\\n}","errorExample":""},{"type":"xml","example":"<DescribeSecretResponse>\\n <UpdateTime>2024-02-21T15:39:26Z</UpdateTime>\\n <CreateTime>2024-02-21T15:39:26Z</CreateTime>\\n <NextRotationDate>2024-07-06T18:22:03Z</NextRotationDate>\\n <EncryptionKeyId>key-hzz63ca8cbe3hefht****</EncryptionKeyId>\\n <RotationInterval>3153600s</RotationInterval>\\n <Arn>acs:kms:cn-hangzhou:154035569884****:secret/secret001</Arn>\\n <ExtendedConfig>{\\\\\\"SecretSubType\\\\\\":\\\\\\"SingleUser\\\\\\", \\\\\\"DBInstanceId\\\\\\":\\\\\\"rm-uf667446pc955****\\\\\\", \\\\\\"CustomData\\\\\\":{} }</ExtendedConfig>\\n <LastRotationDate>2022-07-05T08:22:03Z</LastRotationDate>\\n <RequestId>93348dfb-3627-4417-8d90-487a76a909c9</RequestId>\\n <Description>userinfo</Description>\\n <SecretName>secret001</SecretName>\\n <AutomaticRotation>Enabled</AutomaticRotation>\\n <SecretType>Rds</SecretType>\\n <PlannedDeleteTime>2025-03-21T15:45:12Z</PlannedDeleteTime>\\n <DKMSInstanceId>kst-bjj62d8f5e0sgtx8h****</DKMSInstanceId>\\n <Tags>\\n <TagValue>val1</TagValue>\\n <TagKey>key1</TagKey>\\n </Tags>\\n</DescribeSecretResponse>","errorExample":""}]', + 'title' => 'DescribeSecret', + 'summary' => 'Queries the metadata of a secret.', + 'description' => 'This operation returns the metadata of a secret. This operation does not return the secret value.'."\n" + ."\n" + .'In this example, the metadata of the secret named `secret001` is queried.'."\n", + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'GetSecretValue' => [ + 'summary' => 'Queries a secret value.', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54580', + 'abilityTreeNodes' => [ + 'FEATUREkms52EQP9', + ], + 'tenantRelevance' => 'tenant', + ], + 'parameters' => [ + [ + 'name' => 'SecretName', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'secret001', + ], + ], + [ + 'name' => 'VersionStage', + 'in' => 'query', + 'schema' => [ + 'description' => 'The stage label that marks the secret version. If you specify this parameter, Secrets Manager returns the secret value of the version that is marked with the specified stage label.'."\n" + ."\n" + .'Default value: ACSCurrent.'."\n" + ."\n" + .'> For a managed ApsaraDB RDS secret, a managed RAM secret, or a managed ECS secret, Secrets Manager can return only the secret value of the version marked with ACSPrevious or ACSCurrent.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'ACSCurrent', + ], + ], + [ + 'name' => 'VersionId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The version number of the secret value. If you specify this parameter, Secrets Manager returns the secret value of the specified version.'."\n" + ."\n" + .'> This parameter is ignored for a managed ApsaraDB RDS secret, a managed RAM secret, or a managed ECS secret.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '00000000000000000000000000000001', + ], + ], + [ + 'name' => 'FetchExtendedConfig', + 'in' => 'query', + 'schema' => [ + 'description' => 'Specifies whether to obtain the extended configuration of the secret. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false: This is the default value.'."\n" + ."\n" + .'> This parameter is ignored for a generic secret.'."\n", + 'type' => 'boolean', + 'required' => false, + 'example' => 'true', + ], + ], + [ + 'name' => 'DryRun', + 'in' => 'query', + 'schema' => [ + 'type' => 'string', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'SecretDataType' => [ + 'description' => 'The type of the secret value. Valid values:'."\n" + ."\n" + .'* text'."\n" + .'* binary'."\n", + 'type' => 'string', + 'example' => 'binary', + ], + 'CreateTime' => [ + 'description' => 'The time when the secret was created.'."\n", + 'type' => 'string', + 'example' => '2020-02-21T15:39:26Z', + ], + 'VersionId' => [ + 'description' => 'The version number of the secret value.'."\n", + 'type' => 'string', + 'example' => '00000000000000000000000000000001', + ], + 'NextRotationDate' => [ + 'description' => 'The time when the next rotation will be performed.'."\n" + ."\n" + .'> This parameter is returned if automatic rotation is enabled.'."\n", + 'type' => 'string', + 'example' => '2020-07-06T18:22:03Z', + ], + 'SecretData' => [ + 'description' => 'The secret value. Secrets Manager decrypts the ciphertext of the secret value and returns the plaintext of the secret value in this parameter.'."\n" + ."\n" + .'* For a generic secret, the secret value of the specified version is returned.'."\n" + ."\n" + .'* For a managed ApsaraDB RDS secret, the value is returned in the following format:`{"AccountName":"","AccountPassword":""}` .'."\n" + ."\n" + .'* For a managed RAM secret, the secret value is returned in the following format: `{"AccessKeyId":"Adfdsfd","AccessKeySecret":"fdsfdsf","GenerateTimestamp": "2016-03-25T10:42:40Z"}`.'."\n" + ."\n" + .'* For a managed ECS secret, the secret value is returned in one of the following formats:'."\n" + ."\n" + .' * `{"UserName":"root","Password":"H5asdasdsads****"}`: The secret value is returned in this format if the ECS secret is a password.'."\n" + .' * `{"UserName":"root","PublicKey":"ssh-rsa ****mKwnVix9YTFY9Rs= imported-openssh-key","PrivateKey": "d6bee1cb-2e14-4277-ba6b-73786b21****"}`: The secret value is returned in this format is the ECS secret is a pair of SSH keys. The private key is in the Privacy Enhanced Mail (PEM) format.'."\n", + 'type' => 'string', + 'example' => 'testdata1', + ], + 'RotationInterval' => [ + 'description' => 'The interval for automatic rotation.'."\n" + ."\n" + .'The value is in the `integer[unit]` format. The `unit` field has a fixed value of s. For example, if the value is 604800s, automatic rotation is performed at a 7-day interval.'."\n" + ."\n" + .'> This parameter is returned if automatic rotation is enabled.'."\n", + 'type' => 'string', + 'example' => '604800s', + ], + 'ExtendedConfig' => [ + 'description' => 'The extended configuration of the secret.'."\n" + ."\n" + .'> This parameter is returned if you set the FetchExtendedConfig parameter to true. This parameter is returned only for a managed ApsaraDB RDS secret, a managed RAM secret, or a managed ECS secret.'."\n", + 'type' => 'string', + 'example' => '{\\"SecretSubType\\":\\"SingleUser\\", \\"DBInstanceId\\":\\"rm-uf667446pc955****\\", \\"CustomData\\":{} }', + ], + 'LastRotationDate' => [ + 'description' => 'The time when the last rotation was performed.'."\n" + ."\n" + .'> This parameter is returned if the secret was rotated.'."\n", + 'type' => 'string', + 'example' => '2020-07-05T08:22:03Z', + ], + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => '6a3e9c36-1150-4881-84d3-eb8672fcafad', + ], + 'SecretName' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'example' => 'secret001', + ], + 'AutomaticRotation' => [ + 'description' => 'Indicates whether automatic rotation is enabled. Valid values:'."\n" + ."\n" + .'* Enabled: indicates that automatic rotation is enabled.'."\n" + .'* Disabled: indicates that automatic rotation is disabled.'."\n" + .'* Invalid: indicates that the status of automatic rotation is abnormal. In this case, Secrets Manager cannot automatically rotate the secret.'."\n" + ."\n" + .'> This parameter is returned only for a managed ApsaraDB RDS secret, a managed RAM secret, or a managed ECS secret.'."\n", + 'type' => 'string', + 'example' => 'Enabled', + ], + 'SecretType' => [ + 'description' => 'The type of the secret. Valid values:'."\n" + ."\n" + .'* Generic: indicates a generic secret.'."\n" + .'* Rds: indicates a managed ApsaraDB RDS secret.'."\n" + .'* RAMCredentials: indicates a managed RAM secret.'."\n" + .'* ECS: indicates a managed ECS secret.'."\n", + 'type' => 'string', + 'example' => 'Generic', + ], + 'VersionStages' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'VersionStage' => [ + 'description' => 'The stage labels that mark the secret versions.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'string', + 'example' => '{ "VersionStage": [ "ACSCurrent" ] }', + ], + ], + ], + ], + ], + ], + ], + ], + 'errorCodes' => [ + 403 => [ + [ + 'errorCode' => 'Forbidden.DKMSInstanceStateInvalid', + 'errorMessage' => 'The DKMS instance state is invalid.', + ], + [ + 'errorCode' => 'Forbidden.DKMSInstanceNotFound', + 'errorMessage' => 'The specified DKMS Instance is not found.', + ], + ], + [ + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + [ + 'errorCode' => 'Forbidden.ResourceNotFound', + 'errorMessage' => 'Resource not found.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretDataType\\": \\"binary\\",\\n \\"CreateTime\\": \\"2024-02-21T15:39:26Z\\",\\n \\"VersionId\\": \\"v1\\",\\n \\"NextRotationDate\\": \\"2024-07-06T18:22:03Z\\",\\n \\"SecretData\\": \\"testdata1\\",\\n \\"RotationInterval\\": \\"604800s\\",\\n \\"ExtendedConfig\\": \\"{\\\\\\\\\\\\\\"SecretSubType\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"SingleUser\\\\\\\\\\\\\\", \\\\\\\\\\\\\\"DBInstanceId\\\\\\\\\\\\\\":\\\\\\\\\\\\\\"rm-uf667446pc955****\\\\\\\\\\\\\\", \\\\\\\\\\\\\\"CustomData\\\\\\\\\\\\\\":{} }\\",\\n \\"LastRotationDate\\": \\"2023-07-05T08:22:03Z\\",\\n \\"RequestId\\": \\"6a3e9c36-1150-4881-84d3-eb8672fcafad\\",\\n \\"SecretName\\": \\"secret001\\",\\n \\"AutomaticRotation\\": \\"Enabled\\",\\n \\"SecretType\\": \\"Generic\\",\\n \\"VersionStages\\": {\\n \\"VersionStage\\": [\\n \\"{ \\\\\\"VersionStage\\\\\\": [ \\\\t\\\\\\"ACSCurrent\\\\\\" \\\\t] }\\"\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<GetSecretValueResponse>\\n <SecretDataType>binary</SecretDataType>\\n <CreateTime>2024-02-21T15:39:26Z</CreateTime>\\n <VersionId>v1</VersionId>\\n <NextRotationDate>2024-07-06T18:22:03Z</NextRotationDate>\\n <SecretData>testdata1</SecretData>\\n <RotationInterval>604800s</RotationInterval>\\n <ExtendedConfig>{\\\\\\"SecretSubType\\\\\\":\\\\\\"SingleUser\\\\\\", \\\\\\"DBInstanceId\\\\\\":\\\\\\"rm-uf667446pc955****\\\\\\", \\\\\\"CustomData\\\\\\":{} }</ExtendedConfig>\\n <LastRotationDate>2023-07-05T08:22:03Z</LastRotationDate>\\n <RequestId>6a3e9c36-1150-4881-84d3-eb8672fcafad</RequestId>\\n <SecretName>secret001</SecretName>\\n <AutomaticRotation>Enabled</AutomaticRotation>\\n <SecretType>Generic</SecretType>\\n <VersionStages>{ \\"VersionStage\\": [ \\t\\"ACSCurrent\\" \\t] }</VersionStages>\\n</GetSecretValueResponse>","errorExample":""}]', + 'title' => 'GetSecretValue', + 'description' => 'If you do not specify a version number or stage label, Secrets Manager returns the secret value of the version marked with ACSCurrent.'."\n" + ."\n" + .'If a customer master key (CMK) is specified to encrypt the secret value, you must also have the `kms:Decrypt` permission on the CMK to call the GetSecretValue operation.'."\n" + ."\n" + .'In this example, the value of the secret named `secret001` is obtained. The secret value is returned in the `SecretData` parameter. The secret value is `testdata1`.'."\n", + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'ListSecretVersionIds' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + ], + 'parameters' => [ + [ + 'name' => 'SecretName', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'secret001', + ], + ], + [ + 'name' => 'IncludeDeprecated', + 'in' => 'query', + 'schema' => [ + 'description' => 'Specifies whether to return deprecated secret versions.'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'* false: no'."\n" + .'* true: yes'."\n" + ."\n" + .'Default value: false.'."\n", + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => 'false', + ], + ], + [ + 'name' => 'PageNumber', + 'in' => 'query', + 'schema' => [ + 'description' => 'The number of the page to return. Default value: 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'docRequired' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'query', + 'schema' => [ + 'description' => 'The number of entries to return on each page. Default value: 10.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'docRequired' => false, + 'example' => '10', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'SecretName' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'example' => 'secret001', + ], + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '5b75d8b1-5b6a-4ec0-8e0c-c08befdfad47', + ], + 'PageSize' => [ + 'description' => 'The number of entries returned per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'PageNumber' => [ + 'description' => 'The page number of the returned page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'TotalCount' => [ + 'description' => 'The number of entries returned on the current page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '4', + ], + 'VersionIds' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'VersionId' => [ + 'description' => 'The list of secret versions.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'VersionId' => [ + 'description' => 'The version number.'."\n", + 'type' => 'string', + 'example' => '00000000000000000000000000000000203', + ], + 'CreateTime' => [ + 'description' => 'The time when the secret version was created.'."\n", + 'type' => 'string', + 'example' => '2020-02-21T15:39:26Z', + ], + 'VersionStages' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'VersionStage' => [ + 'description' => 'The stage labels that mark the secret version.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'string', + 'example' => '{ "VersionStage": [ "ACSCurrent", "UStage1", "Ustage2" ] }', + ], + ], + ], + ], + ], + ], + ], + ], + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'some of the specified parameters "\\" is not valid', + ], + ], + 403 => [ + [ + 'errorCode' => 'Forbidden.NoPermission', + 'errorMessage' => 'This operation is forbidden by permission system', + ], + ], + [ + [ + 'errorCode' => 'Forbidden.ResourceNotFound', + 'errorMessage' => 'Resource not found', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalFailure', + 'errorMessage' => 'Internal Failure', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretName\\": \\"secret001\\",\\n \\"RequestId\\": \\"5b75d8b1-5b6a-4ec0-8e0c-c08befdfad47\\",\\n \\"PageSize\\": 10,\\n \\"PageNumber\\": 1,\\n \\"TotalCount\\": 1,\\n \\"VersionIds\\": {\\n \\"VersionId\\": [\\n {\\n \\"VersionId\\": \\"v1\\",\\n \\"CreateTime\\": \\"2024-02-21T15:39:26Z\\",\\n \\"VersionStages\\": {\\n \\"VersionStage\\": [\\n \\"{\\\\\\"VersionStage\\\\\\": [\\\\\\"ACSCurrent\\\\\\",\\\\\\"uStage1\\\\\\"]}\\"\\n ]\\n }\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListSecretVersionIdsResponse>\\n <SecretName>secret001</SecretName>\\n <RequestId>5b75d8b1-5b6a-4ec0-8e0c-c08befdfad47</RequestId>\\n <PageSize>10</PageSize>\\n <PageNumber>1</PageNumber>\\n <TotalCount>1</TotalCount>\\n <VersionIds>\\n <VersionId>v1</VersionId>\\n <CreateTime>2024-02-21T15:39:26Z</CreateTime>\\n <VersionStages>{\\"VersionStage\\": [\\"ACSCurrent\\",\\"uStage1\\"]}</VersionStages>\\n </VersionIds>\\n</ListSecretVersionIdsResponse>","errorExample":""}]', + 'title' => 'ListSecretVersionIds', + 'summary' => 'Queries all versions of a secret.', + 'description' => 'The secret value is not included in the returned version information. By default, deprecated secret versions are not returned.'."\n", + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'GetRandomPassword' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54579', + 'abilityTreeNodes' => [ + 'FEATUREkms52EQP9', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [ + [ + 'name' => 'PasswordLength', + 'in' => 'query', + 'schema' => [ + 'description' => 'The number of bytes that the password to be generated contains.'."\n" + ."\n" + .'Valid values: 8 to 128.'."\n" + ."\n" + .'Default value: 32'."\n", + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => '32', + 'default' => '32', + ], + ], + [ + 'name' => 'ExcludeCharacters', + 'in' => 'query', + 'schema' => [ + 'description' => 'The characters that are not included in the password to be generated.'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'` Valid characters: 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ! \\"#$%&\'()*+,-. /:;<=>? @[\\] your_project_id} ~ `.'."\n" + ."\n" + .'This parameter is empty by default.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'ABCabc', + ], + ], + [ + 'name' => 'ExcludeLowercase', + 'in' => 'query', + 'schema' => [ + 'description' => 'Specifies whether to exclude lowercase letters.'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'false', + 'default' => 'false', + 'enum' => [ + 'false', + 'true', + ], + ], + ], + [ + 'name' => 'ExcludeUppercase', + 'in' => 'query', + 'schema' => [ + 'description' => 'Specifies whether to exclude uppercase letters.'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'false', + 'default' => 'false', + 'enum' => [ + 'false', + 'true', + ], + ], + ], + [ + 'name' => 'ExcludeNumbers', + 'in' => 'query', + 'schema' => [ + 'description' => 'Specifies whether to exclude digits.'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'false', + 'default' => 'false', + 'enum' => [ + 'false', + 'true', + ], + ], + ], + [ + 'name' => 'ExcludePunctuation', + 'in' => 'query', + 'schema' => [ + 'description' => 'Specifies whether to exclude special characters.'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'false', + 'default' => 'false', + 'enum' => [ + 'false', + 'true', + ], + ], + ], + [ + 'name' => 'RequireEachIncludedType', + 'in' => 'query', + 'schema' => [ + 'description' => 'Specifies whether to include all the preceding character types.'."\n" + ."\n" + .'Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false'."\n", + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => 'true', + 'default' => 'true', + 'enum' => [ + 'false', + 'true', + ], + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RandomPassword' => [ + 'description' => 'The generated random password.'."\n", + 'type' => 'string', + 'example' => 'IxGn>NMmNB(y?iZ<Yc,_H/{2GC\'U****', + ], + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => '6b0cbe25-5e33-467e-972e-7a83c6c97604', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'some of the specified parameters "\\" is not valid', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalFailure', + 'errorMessage' => 'Internal Failure', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RandomPassword\\": \\"IxGn>NMmNB(y?iZ<Yc,_H/{2GC\'U****\\",\\n \\"RequestId\\": \\"6b0cbe25-5e33-467e-972e-7a83c6c97604\\"\\n}","errorExample":""},{"type":"xml","example":"<RequestId>6b0cbe25-5e33-467e-972e-7a83c6c97604</RequestId>\\n<RandomPassword>IxGn>NMmNB(y?iZ<Yc,_H/{2GC\'U****</RandomPassword>","errorExample":""}]', + 'title' => 'GetRandomPassword', + 'summary' => 'Obtains a random password string.', + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'PutSecretValue' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + 'abilityTreeCode' => '54597', + 'abilityTreeNodes' => [ + 'FEATUREkms52EQP9', + ], + 'tenantRelevance' => 'tenant', + ], + 'parameters' => [ + [ + 'name' => 'VersionId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The new version of the secret value. Version numbers must be unique in each secret.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '00000000000000000000000000000000203', + ], + ], + [ + 'name' => 'SecretName', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'secret001', + ], + ], + [ + 'name' => 'SecretData', + 'in' => 'query', + 'schema' => [ + 'description' => 'The secret value. The value is encrypted and then stored in the new version.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'importantdata', + ], + ], + [ + 'name' => 'SecretDataType', + 'in' => 'query', + 'schema' => [ + 'description' => 'The type of the secret value. Valid values:'."\n" + ."\n" + .'* text: This is the default value.'."\n" + .'* binary'."\n", + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => 'text', + 'default' => 'text', + 'enum' => [ + 'text', + 'binary', + ], + ], + ], + [ + 'name' => 'VersionStages', + 'in' => 'query', + 'schema' => [ + 'description' => 'The stage labels that are used to mark the new version. If you do not specify this parameter, Secrets Manager marks the new version with ACSCurrent.'."\n", + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => '["ACSCurrent","ACSNext"]', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'SecretName' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'example' => 'secret001', + ], + 'VersionId' => [ + 'description' => 'The new version of the secret value.'."\n", + 'type' => 'string', + 'example' => '00000000000000000000000000000000203', + ], + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => 'f94ec9d3-2d10-4922-9a5c-5dcd5ebcb5e8', + ], + 'VersionStages' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'VersionStage' => [ + 'description' => 'The stage labels that are used to mark the new version.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'string', + 'example' => '{ "VersionStage": [ "ACSCurrent", "ACSNext" ] }', + ], + ], + ], + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'some of the specified parameters "\\" is not valid', + ], + [ + 'errorCode' => 'Rejected.LimitExceeded', + 'errorMessage' => 'exceed secret limits error', + ], + ], + 403 => [ + [ + 'errorCode' => 'Forbidden.NoPermission', + 'errorMessage' => 'This operation is forbidden by permission system', + ], + ], + [ + [ + 'errorCode' => 'Forbidden.ResourceNotFound', + 'errorMessage' => 'Resource not found', + ], + ], + 409 => [ + [ + 'errorCode' => 'Rejected.ResourceExist', + 'errorMessage' => 'The request was rejected becasue key already exsit', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalFailure', + 'errorMessage' => 'Internal Failure', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretName\\": \\"secret001\\",\\n \\"VersionId\\": \\"v3\\",\\n \\"RequestId\\": \\"f94ec9d3-2d10-4922-9a5c-5dcd5ebcb5e8\\",\\n \\"VersionStages\\": {\\n \\"VersionStage\\": [\\n \\"{ \\\\\\"VersionStage\\\\\\": [ \\\\\\"ACSCurrent\\\\\\", \\\\\\"ACSNext\\\\\\" ] }\\"\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<PutSecretValueResponse>\\n <SecretName>secret001</SecretName>\\n <VersionId>v3</VersionId>\\n <RequestId>f94ec9d3-2d10-4922-9a5c-5dcd5ebcb5e8</RequestId>\\n <VersionStages>{ \\"VersionStage\\": [ \\"ACSCurrent\\", \\"ACSNext\\" ] }</VersionStages>\\n</PutSecretValueResponse>","errorExample":""}]', + 'title' => 'PutSecretValue', + 'summary' => 'Stores the secret value of a new version into a secret.', + 'description' => 'This operation is used to store the secret values of new versions. It cannot be used to modify the secret value of an existing version.'."\n" + ."\n" + .'By default, the newly stored secret value is marked with ACSCurrent, and the mark for the previous version of the secret value is changed from ACSCurrent to ACSPrevious. If you specify the VersionStage parameter, the newly stored secret value is marked with the stage label that you specify.'."\n" + ."\n" + .'You must specify a version number when you call the operation. Secrets Manager performs operations based on the following rules:'."\n" + ."\n" + .'* If the specified version number does not exist in the secret, Secrets Manager creates the version and stores the secret value.'."\n" + .'* If the specified version number already exists in the secret and the secret value of the existing version is the same as the secret value that you specify, Secrets Manager ignores the request and returns a success message. The request is idempotent.'."\n" + .'* If the specified version number already exists in the secret but the secret value of the existing version is different from the secret value that you specify, Secrets Manager rejects the request and returns a failure message.'."\n" + ."\n" + .'Limits: This operation is available only for standard secrets.'."\n" + ."\n" + .'In this example, the secret value of a new version is stored into the `secret001` secret. The `VersionId` parameter is set to `00000000000000000000000000000000203` as the new version, and the `SecretData` parameter is set to `importantdata`.'."\n", + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'RestoreSecret' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + ], + 'parameters' => [ + [ + 'name' => 'SecretName', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the secret you want to restore.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'secret001', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'SecretName' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'example' => 'secret001', + ], + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => 'e4885adf-548f-4ca5-8075-f540bbd3a55f', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'some of the specified parameters "\\" is not valid', + ], + ], + 403 => [ + [ + 'errorCode' => 'Forbidden.NoPermission', + 'errorMessage' => 'This operation is forbidden by permission system', + ], + ], + [ + [ + 'errorCode' => 'Forbidden.ResourceNotFound', + 'errorMessage' => 'Resource not found', + ], + ], + 409 => [ + [ + 'errorCode' => 'Rejected.ResourceInUse', + 'errorMessage' => 'restore normal secret', + ], + ], + 500 => [ + [ + 'errorCode' => 'InternalFailure', + 'errorMessage' => 'Internal Failure', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"SecretName\\": \\"secret001\\",\\n \\"RequestId\\": \\"e4885adf-548f-4ca5-8075-f540bbd3a55f\\"\\n}","errorExample":""},{"type":"xml","example":"<RestoreSecretResponse>\\n <SecretName>secret001</SecretName>\\n <RequestId>e4885adf-548f-4ca5-8075-f540bbd3a55f</RequestId>\\n</RestoreSecretResponse>","errorExample":""}]', + 'title' => 'RestoreSecret', + 'summary' => 'Restores a deleted secret.', + 'description' => 'You can only use this operation to restore a deleted secret that is within its recovery period. If you set **ForceDeleteWithoutRecovery** to **true** when you delete the secret, you cannot restore it.'."\n", + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'RotateSecret' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'readAndWrite', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + ], + 'parameters' => [ + [ + 'name' => 'SecretName', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'RdsSecret/Mysql5.4/MyCred', + ], + ], + [ + 'name' => 'VersionId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The version number of the secret after the secret is rotated.'."\n" + ."\n" + .'> The version number is used to ensure the idempotence of the request. Secrets Manager uses this version number to prevent your application from creating the same version of the secret when the application retries a request. If a version number already exists, Secrets Manager ignores the request for rotation and returns a success message.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '000000123', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'VersionId' => [ + 'description' => 'The version number of the secret after the secret is rotated.'."\n", + 'type' => 'string', + 'example' => '000000123', + ], + 'SecretName' => [ + 'description' => 'The name of the secret.'."\n", + 'type' => 'string', + 'example' => 'RdsSecret/Mysql5.4/MyCred', + ], + 'RequestId' => [ + 'description' => 'The ID of the request.'."\n", + 'type' => 'string', + 'example' => '10257c86-269d-43aa-aaf3-90ed4144bb7c', + ], + 'Arn' => [ + 'description' => 'The Alibaba Cloud Resource Name (ARN) of the secret.'."\n", + 'type' => 'string', + 'example' => 'acs:kms:cn-hangzhou:154035569884****:secret/RdsSecret/Mysql5.4/MyCred', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"VersionId\\": \\"000000123\\",\\n \\"SecretName\\": \\"RdsSecret/Mysql5.4/MyCred\\",\\n \\"RequestId\\": \\"10257c86-269d-43aa-aaf3-90ed4144bb7c\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:154035569884****:secret/RdsSecret/Mysql5.4/MyCred\\"\\n}","errorExample":""},{"type":"xml","example":"<RotateSecretResponse>\\n <VersionId>000000123</VersionId>\\n <SecretName>RdsSecret/Mysql5.4/MyCred</SecretName>\\n <RequestId>10257c86-269d-43aa-aaf3-90ed4144bb7c</RequestId>\\n <Arn>acs:kms:cn-hangzhou:154035569884****:secret/RdsSecret/Mysql5.4/MyCred</Arn>\\n</RotateSecretResponse>","errorExample":""}]', + 'title' => 'RotateSecret', + 'summary' => 'Manually rotates a secret.', + 'description' => 'Limits:'."\n" + ."\n" + .'• A secret of each Alibaba Cloud account can be rotated for a maximum of 50 times per hour.'."\n" + ."\n" + .'• The RotateSecret operation is unavailable for standard secrets.'."\n" + ."\n" + .'In this example, the `RdsSecret/Mysql5.4/MyCred` secret is manually rotated, and the version number of the secret is set to `000000123` after the secret is rotated.'."\n", + 'requestParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'SetSecretPolicy' => [ + 'summary' => 'Configures a policy for a secret in a Key Management Service (KMS) instance.', + 'methods' => [ + 'post', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + 'abilityTreeCode' => '206088', + 'abilityTreeNodes' => [ + 'FEATUREkms52EQP9', + ], + ], + 'parameters' => [ + [ + 'name' => 'SecretName', + 'in' => 'query', + 'schema' => [ + 'title' => '', + 'description' => '', + 'type' => 'string', + 'required' => true, + 'example' => 'secret_test', + ], + ], + [ + 'name' => 'PolicyName', + 'in' => 'query', + 'schema' => [ + 'description' => '', + 'type' => 'string', + 'required' => false, + 'example' => 'default', + ], + ], + [ + 'name' => 'Policy', + 'in' => 'query', + 'schema' => [ + 'description' => '', + 'type' => 'string', + 'required' => true, + 'example' => '{"Version":"1","Statement": [{"Sid":"kms default secret policy","Effect":"Allow","Principal":{"RAM": ["acs:ram::119285303511****:*"]},"Action":["kms:*"],"Resource": ["*"] }] }', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => '', + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'title' => '', + 'description' => '', + 'type' => 'string', + 'example' => '381D5D33-BB8F-395F-8EE4-AE3BB4B523C8', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'MissingParameter', + 'errorMessage' => 'The parameter needed but no provided.', + ], + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + [ + 'errorCode' => 'Forbidden.NoPermission', + 'errorMessage' => 'This operation is forbidden by permission system.', + ], + [ + 'errorCode' => 'Forbidden.KeyPolicyUnSupported', + 'errorMessage' => 'The specified key does not support key policy.', + ], + [ + 'errorCode' => 'Rejected.ShareQuotaExceedLimit', + 'errorMessage' => 'Instance Share Quota Exceed Limit.', + ], + ], + 403 => [ + [ + 'errorCode' => 'Forbidden.DKMSInstanceStateInvalid', + 'errorMessage' => 'The DKMS instance state is invalid.', + ], + ], + [ + [ + 'errorCode' => 'Forbidden.ResourceNotFound', + 'errorMessage' => 'Resource not found.', + ], + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + ], + 503 => [ + [ + 'errorCode' => 'SerivceUnvailableTemporary', + 'errorMessage' => 'Service Unvailable Temporary', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"381D5D33-BB8F-395F-8EE4-AE3BB4B523C8\\"\\n}","errorExample":""},{"type":"xml","example":"<SetSecretPolicyResponse>\\n <RequestId>381D5D33-BB8F-395F-8EE4-AE3BB4B523C8</RequestId>\\n</SetSecretPolicyResponse>","errorExample":""}]', + 'title' => 'SetSecretPolicy', + ], + 'GetSecretPolicy' => [ + 'summary' => '仅可查询名称为 default 的 Secret Policy,否则提示 Not Found。', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'readAndWrite', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '206109', + 'abilityTreeNodes' => [ + 'FEATUREkms52EQP9', + ], + ], + 'parameters' => [ + [ + 'name' => 'SecretName', + 'in' => 'query', + 'schema' => [ + 'description' => '', + 'type' => 'string', + 'required' => true, + 'example' => 'secret_test', + ], + ], + [ + 'name' => 'PolicyName', + 'in' => 'query', + 'schema' => [ + 'description' => '', + 'type' => 'string', + 'required' => false, + 'example' => 'default', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => '', + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'title' => '', + 'description' => '', + 'type' => 'string', + 'example' => '381D5D33-BB8F-395F-8EE4-AE3BB4B523C8', + ], + 'Policy' => [ + 'description' => '', + 'type' => 'string', + 'example' => '{"Version":"1","Statement": [{"Sid":"kms default secret policy","Effect":"Allow","Principal":{"RAM": ["acs:ram::119285303511****:*"]},"Action":["kms:*"],"Resource": ["*"] }] }', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + [ + 'errorCode' => 'MissingParameter', + 'errorMessage' => 'The parameter needed but no provided.', + ], + [ + 'errorCode' => 'Forbidden.NoPermission', + 'errorMessage' => 'This operation is forbidden by permission system.', + ], + [ + 'errorCode' => 'Forbidden.KeyPolicyUnSupported', + 'errorMessage' => 'The specified key does not support key policy.', + ], + ], + 403 => [ + [ + 'errorCode' => 'Forbidden.DKMSInstanceStateInvalid', + 'errorMessage' => 'The DKMS instance state is invalid.', + ], + ], + [ + [ + 'errorCode' => 'Forbidden.ResourceNotFound', + 'errorMessage' => 'Resource not found.', + ], + [ + 'errorCode' => 'Forbidden.KeyNotFound', + 'errorMessage' => 'The specified Key is not found.', + ], + ], + 503 => [ + [ + 'errorCode' => 'SerivceUnvailableTemporary', + 'errorMessage' => 'Service Unvailable Temporary', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"381D5D33-BB8F-395F-8EE4-AE3BB4B523C8\\",\\n \\"Policy\\": \\"{\\\\\\"Version\\\\\\":\\\\\\"1\\\\\\",\\\\\\"Statement\\\\\\": [{\\\\\\"Sid\\\\\\":\\\\\\"kms default secret policy\\\\\\",\\\\\\"Effect\\\\\\":\\\\\\"Allow\\\\\\",\\\\\\"Principal\\\\\\":{\\\\\\"RAM\\\\\\": [\\\\\\"acs:ram::119285303511****:*\\\\\\"]},\\\\\\"Action\\\\\\":[\\\\\\"kms:*\\\\\\"],\\\\\\"Resource\\\\\\": [\\\\\\"*\\\\\\"] }] }\\"\\n}","errorExample":""},{"type":"xml","example":"<GetSecretPolicyResponse>\\n <RequestId>381D5D33-BB8F-395F-8EE4-AE3BB4B523C8</RequestId>\\n <Policy>{\\"Version\\":\\"1\\",\\"Statement\\": [{\\"Sid\\":\\"kms default secret policy\\",\\"Effect\\":\\"Allow\\",\\"Principal\\":{\\"RAM\\": [\\"acs:ram::119285303511****:*\\"]},\\"Action\\":[\\"kms:*\\"],\\"Resource\\": [\\"*\\"] }] }</Policy>\\n</GetSecretPolicyResponse>","errorExample":""}]', + 'title' => 'GetSecretPolicy', + ], + 'UntagResources' => [ + 'summary' => 'Removes tags from keys or secrets.', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'readAndWrite', + 'systemTags' => [ + 'operationType' => 'none', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '177229', + 'abilityTreeNodes' => [ + 'FEATUREkms5QHERY', + ], + ], + 'parameters' => [ + [ + 'name' => 'RegionId', + 'in' => 'query', + 'schema' => [ + 'title' => '地域', + 'description' => 'The region ID of the resource.'."\n" + ."\n" + .'> You can call the [DescribeRegions](~~601478~~) operation to query the most recent region list.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'cn-hangzhou', + ], + ], + [ + 'name' => 'ResourceType', + 'in' => 'query', + 'schema' => [ + 'title' => '资源类型', + 'description' => 'The type of the resource from which you want to remove tags. Valid values:'."\n" + ."\n" + .'* key'."\n" + .'* secret'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'key', + ], + ], + [ + 'name' => 'All', + 'in' => 'query', + 'schema' => [ + 'title' => '是否全部删除,只针对TagKey.N为空时有效。 取值范围: true false True False 默认是 false', + 'description' => 'Specifies whether to remove all tags from resources. Valid values:'."\n" + ."\n" + .'* true'."\n" + .'* false (default)'."\n" + ."\n" + .'> This parameter takes effect only when you specify an empty tag key.'."\n", + 'type' => 'boolean', + 'required' => false, + 'example' => 'false', + ], + ], + [ + 'name' => 'ResourceId', + 'in' => 'query', + 'style' => 'repeatList', + 'schema' => [ + 'title' => '资源ID,最多50个子项', + 'description' => 'The IDs of the resources from which you want to remove tags. You can enter up to 50 resource IDs.'."\n" + ."\n" + .'Enter multiple resource IDs in the `["ResourceId.1","ResourceId.2",...]` format.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The IDs of the resources from which you want to remove tags. You can enter up to 50 resource IDs.'."\n" + ."\n" + .'Enter multiple resource IDs in the `["ResourceId.1","ResourceId.2",...]` format.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'key-hzz62f1cb66fa42qo****', + ], + 'required' => true, + 'maxItems' => 51, + ], + ], + [ + 'name' => 'TagKey', + 'in' => 'query', + 'style' => 'repeatList', + 'schema' => [ + 'title' => '标签键,最多20个子项', + 'description' => 'The keys of the tags that you want to remove. You can enter up to 20 tag keys.'."\n" + ."\n" + .'Enter multiple tag keys in the `["key.1","key.2",...]` format.'."\n" + ."\n" + .'> The tag key cannot start with aliyun or acs:.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The keys of the tags that you want to remove. You can enter up to 20 tag keys.'."\n" + ."\n" + .'Enter multiple tag keys in the `["key.1","key.2",...]` format.'."\n" + ."\n" + .'> The tag key cannot start with aliyun or acs:.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'disk-encryption', + ], + 'required' => false, + 'maxItems' => 21, + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => 'b1f210dc-e52c-4a86-b9dd-7492343d46c7', + ], + ], + 'description' => '', + ], + ], + ], + 'errorCodes' => [ + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + [ + 'errorCode' => 'InvalidResourceId.NotFound', + 'errorMessage' => 'The specified ResourceId is not found.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"b1f210dc-e52c-4a86-b9dd-7492343d46c7\\"\\n}","errorExample":""},{"type":"xml","example":"<UntagResourcesResponse>\\n <RequestId>b1f210dc-e52c-4a86-b9dd-7492343d46c7</RequestId>\\n</UntagResourcesResponse>","errorExample":""}]', + 'title' => 'UntagResources', + 'description' => 'You can remove multiple tags from multiple keys or multiple secrets at a time. You cannot remove tags that start with aliyun or acs:.'."\n" + ."\n" + .'If you enter multiple tag keys in the request parameters and only some of the tag keys are associated with resources, the operation can be called and the tags whose keys are associated with resources are removed from the resources.'."\n", + ], + 'ListTagResources' => [ + 'summary' => 'Queries the tags of a key or a secret.', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'readAndWrite', + 'systemTags' => [ + 'operationType' => 'none', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '177230', + 'abilityTreeNodes' => [ + 'FEATUREkms5QHERY', + ], + 'tenantRelevance' => 'tenant', + ], + 'parameters' => [ + [ + 'name' => 'RegionId', + 'in' => 'query', + 'schema' => [ + 'title' => '地域', + 'description' => 'The region ID of the resource.'."\n" + ."\n" + .'> You can call the [DescribeRegions](~~601478~~) to query the most recent region list.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'cn-hangzhou', + ], + ], + [ + 'name' => 'NextToken', + 'in' => 'query', + 'schema' => [ + 'title' => '下一个查询开始Token', + 'description' => 'The pagination token that is used in the next request to retrieve a new page of results.'."\n" + ."\n" + .'> If the call does not return all result entries, the value of the NextToken parameter is returned. By default, 200 rows are returned. You can call this operation again and set the value of the parameter to the value of the parameter that is returned in the last call to implement paged query.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'caeba0bbb2be03f84eb48b699f0a4883', + ], + ], + [ + 'name' => 'ResourceType', + 'in' => 'query', + 'schema' => [ + 'title' => '资源类型', + 'description' => 'The type of resource whose tags you want to query. Valid value:'."\n" + ."\n" + .'* key'."\n" + .'* secret'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'key', + ], + ], + [ + 'name' => 'ResourceId', + 'in' => 'query', + 'style' => 'repeatList', + 'schema' => [ + 'title' => '资源ID,最多 50个子项', + 'description' => 'A list of resource IDs for which you want to query tags. You can enter a maximum of 50 resource IDs.'."\n" + ."\n" + .'Enter multiple resource IDs in the `["ResourceId. 1","ResourceId. 2",...]` format.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The resource IDs for which you want to query tags. You can enter a maximum of 50 resource IDs.'."\n" + ."\n" + .'Enter multiple resource IDs in the `["ResourceId. 1","ResourceId. 2",...]` format.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'key-hzz62f1cb66fa42qo****', + ], + 'required' => false, + 'maxItems' => 51, + ], + ], + [ + 'name' => 'Tag', + 'in' => 'query', + 'style' => 'repeatList', + 'schema' => [ + 'title' => '标签列表,最多包含20个子项', + 'description' => 'A list of tags that you want to query. Valid values of N: 1 to 20.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'Key' => [ + 'title' => '标签键', + 'description' => 'The key of the tag. A tag consists of a key-value pair.'."\n" + ."\n" + .'You can enter up to 20 tags. Enter multiple tags in the `[{"Key":"key1","Value":"value1"},{"Key":"key2","Value":"value2"},..]` format.'."\n" + ."\n" + .'> The key cannot start with aliyun or acs:.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'disk-encryption', + ], + 'Value' => [ + 'title' => '标签值', + 'description' => 'The value of the tag. A tag consists of a key-value pair.'."\n" + ."\n" + .'You can enter up to 20 tags. Enter multiple tags in the `[{"Key":"key1","Value":"value1"},{"Key":"key2","Value":"value2"},..]` format.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'true', + ], + ], + 'required' => false, + ], + 'required' => false, + 'maxItems' => 21, + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'NextToken' => [ + 'title' => '下一个查询开始Token,NextToken为空说明没有下一个', + 'description' => 'A pagination token. It can be used in the next request to retrieve a new page of results.'."\n" + ."\n" + .'* If NextToken is empty ("NextToken": ""), no next page exists.'."\n" + .'* If NextToken is not empty, the next query is required, and the value is the token used to start the next query.'."\n", + 'type' => 'string', + 'example' => 'e71d8a535bd9cc11', + ], + 'RequestId' => [ + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '00827261-20B7-4562-83F2-4DF39876A45A', + ], + 'TagResources' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'TagResource' => [ + 'title' => '资源列表', + 'description' => 'A list of tags.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'ResourceType' => [ + 'title' => '资源类型', + 'description' => 'The type of the resource.'."\n", + 'type' => 'string', + 'example' => 'key', + ], + 'TagValue' => [ + 'title' => '标签值', + 'description' => 'The value of the tag.'."\n", + 'type' => 'string', + 'example' => 'true', + ], + 'ResourceId' => [ + 'title' => '资源ID', + 'description' => 'The resource ID.'."\n", + 'type' => 'string', + 'example' => 'key-hzz62f1cb66fa42qo****', + ], + 'TagKey' => [ + 'title' => '标签键', + 'description' => 'The key of the tag.'."\n", + 'type' => 'string', + 'example' => 'disk-encryption', + ], + ], + ], + ], + ], + ], + ], + 'description' => '', + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'Duplicate.TagKey', + 'errorMessage' => 'The specified tagKey is duplicate.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + [ + 'errorCode' => 'InvalidResourceId.NotFound', + 'errorMessage' => 'The specified ResourceId is not found.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"NextToken\\": \\"e71d8a535bd9cc11\\",\\n \\"RequestId\\": \\"00827261-20B7-4562-83F2-4DF39876A45A\\",\\n \\"TagResources\\": {\\n \\"TagResource\\": [\\n {\\n \\"ResourceType\\": \\"key\\",\\n \\"TagValue\\": \\"true\\",\\n \\"ResourceId\\": \\"key-hzz62f1cb66fa42qo****\\",\\n \\"TagKey\\": \\"disk-encryption\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListTagResourcesResponse>\\n <NextToken>e71d8a535bd9cc11</NextToken>\\n <RequestId>00827261-20B7-4562-83F2-4DF39876A45A</RequestId>\\n <TagResources>\\n <ResourceType>key</ResourceType>\\n <TagValue>true</TagValue>\\n <ResourceId>key-hzz62f1cb66fa42qo****</ResourceId>\\n <TagKey>disk-encryption</TagKey>\\n </TagResources>\\n</ListTagResourcesResponse>","errorExample":""}]', + 'title' => 'ListTagResources', + ], + 'TagResources' => [ + 'summary' => 'Adds tags to keys or secrets.', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'readAndWrite', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'none', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '177226', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + ], + 'parameters' => [ + [ + 'name' => 'RegionId', + 'in' => 'query', + 'schema' => [ + 'title' => '地域', + 'description' => 'The region ID of the resource.'."\n" + ."\n" + .'> You can call the [DescribeRegions](~~601478~~) to query the most recent region list.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'cn-hangzhou', + ], + ], + [ + 'name' => 'ResourceType', + 'in' => 'query', + 'schema' => [ + 'title' => '资源类型', + 'description' => 'The type of the resource to which you want to add tags. Valid values:'."\n" + ."\n" + .'* key'."\n" + .'* secret'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'key', + ], + ], + [ + 'name' => 'ResourceId', + 'in' => 'query', + 'style' => 'repeatList', + 'schema' => [ + 'title' => '资源ID,最多 50个子项', + 'description' => 'The IDs of the resources to which you want to add tags. You can enter a maximum of 50 resource IDs.'."\n" + ."\n" + .'Enter multiple resource IDs in the `["ResourceId. 1","ResourceId. 2",...]` format.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The IDs of the resources to which you want to add tags. You can enter a maximum of 50 resource IDs.'."\n" + ."\n" + .'Enter multiple resource IDs in the `["ResourceId. 1","ResourceId. 2",...]` format.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'key-hzz62f1cb66fa42qo****', + ], + 'required' => true, + 'maxItems' => 51, + ], + ], + [ + 'name' => 'Tag', + 'in' => 'query', + 'style' => 'repeatList', + 'schema' => [ + 'title' => '标签列表,最多包含20个子项', + 'description' => 'A list of tags. You can enter up to 20 tags.'."\n" + ."\n" + .'A tag consists of a key-value pair. Enter multiple tags in the `[{"Key":"key1","Value":"value1"},{"Key":"key2","Value":"value2"},..]` format.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'Key' => [ + 'title' => '标签键', + 'description' => 'The key of the tag. A tag consists of a key-value pair.'."\n" + ."\n" + .'You can enter up to 20 tags. Enter multiple tags in the `[{"Key":"key1","Value":"value1"},{"Key":"key2","Value":"value2"},..]` format.'."\n" + ."\n" + .'Each key can be up to 128 characters in length and can contain letters, digits, forward slashes (/), backslashes (\\\\), underscores (\\_), hyphens (-), periods (.), plus signs (+), equal signs (=), colons (:), and at signs (@).'."\n" + ."\n" + .'> The key cannot start with aliyun or acs:.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'disk-encryption', + ], + 'Value' => [ + 'title' => '标签值', + 'description' => 'The value of the tag. A tag consists of a key-value pair.'."\n" + ."\n" + .'You can enter up to 20 tags. Enter multiple tags in the `[{"Key":"key1","Value":"value1"},{"Key":"key2","Value":"value2"},..]` format.'."\n" + ."\n" + .'Each value can be up to 128 characters in length and can contain letters, digits, forward slashes (/), backslashes (\\\\), underscores (\\_), hyphens (-), periods (.), plus signs (+), equal signs (=), colons (:), and at signs (@).'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'true', + ], + ], + 'required' => false, + ], + 'required' => true, + 'maxItems' => 21, + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'Schema of Response', + 'description' => 'Schema of Response'."\n", + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'title' => 'Id of the request', + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '598d0219-45cd-4477-84ad-85a52d9debcf', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter.TagValue', + 'errorMessage' => 'The specified parameter is not valid.', + ], + [ + 'errorCode' => 'InvalidParameter.TagKey', + 'errorMessage' => 'The specified parameter is not valid.', + ], + [ + 'errorCode' => 'Duplicate.TagKey', + 'errorMessage' => 'The specified tagKey is duplicate.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + [ + 'errorCode' => 'InvalidResourceId.NotFound', + 'errorMessage' => 'The specified ResourceId is not found.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"598d0219-45cd-4477-84ad-85a52d9debcf\\"\\n}","errorExample":""},{"type":"xml","example":"<TagResourcesResponse>\\n <RequestId>598d0219-45cd-4477-84ad-85a52d9debcf</RequestId>\\n</TagResourcesResponse>","errorExample":""}]', + 'title' => 'TagResources', + 'description' => 'You can add multiple tags to multiple keys or multiple secrets at a time.'."\n", + ], + 'ListResourceTags' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The globally unique ID of the CMK.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '1234abcd-12ab-34cd-56ef-12345678****', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '4162a6af-bc99-40b3-a552-89dcc8aaf7c8', + ], + 'Tags' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'Tag' => [ + 'description' => 'The tags of the CMK.'."\n", + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'KeyId' => [ + 'description' => 'The globally unique ID of the CMK.'."\n", + 'type' => 'string', + 'example' => '33caea95-c3e5-4b3e-a9c6-cec76e4e****', + ], + 'TagValue' => [ + 'description' => 'The tag value.'."\n", + 'type' => 'string', + 'example' => 'Test', + ], + 'TagKey' => [ + 'description' => 'The tag key.'."\n", + 'type' => 'string', + 'example' => 'Project', + ], + ], + ], + ], + ], + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"4162a6af-bc99-40b3-a552-89dcc8aaf7c8\\",\\n \\"Tags\\": {\\n \\"Tag\\": [\\n {\\n \\"KeyId\\": \\"33caea95-c3e5-4b3e-a9c6-cec76e4e****\\",\\n \\"TagValue\\": \\"Test\\",\\n \\"TagKey\\": \\"Project\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListResourceTagsResponse>\\n <RequestId>4162a6af-bc99-40b3-a552-89dcc8aaf7c8</RequestId>\\n <Tags>\\n <KeyId>33caea95-c3e5-4b3e-a9c6-cec76e4e****</KeyId>\\n <TagValue>Test</TagValue>\\n <TagKey>Project</TagKey>\\n </Tags>\\n</ListResourceTagsResponse>","errorExample":""}]', + 'title' => 'ListResourceTags', + 'summary' => 'Queries the tags of a customer master key (CMK).', + 'description' => 'Request format: KeyId="string"'."\n", + 'requestParamsDescription' => ' ', + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'TagResource' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the customer master key (CMK). The ID must be globally unique.'."\n" + ."\n" + .'> You can configure only one of the KeyId, SecretName, and CertificateId parameters.'."\n", + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => '08c33a6f-4e0a-4a1b-a3fa-7ddf****', + ], + ], + [ + 'name' => 'Tags', + 'in' => 'query', + 'schema' => [ + 'description' => 'One or more tags that you want to add. The value is in the array format.'."\n" + ."\n" + .'Tag attributes:'."\n" + ."\n" + .'* TagKey: the tag key.'."\n" + .'* TagValue: the tag value.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '[{"TagKey":"S1key1","TagValue":"S1val1"},{"TagKey":"S1key2","TagValue":"S2val2"}]', + ], + ], + [ + 'name' => 'SecretName', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the secret.'."\n" + ."\n" + .'> You can configure only one of the KeyId, SecretName, and CertificateId parameters.'."\n", + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => 'MyDbC****', + ], + ], + [ + 'name' => 'CertificateId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the certificate.'."\n" + ."\n" + .'> You can configure only one of the KeyId, SecretName, and CertificateId parameters.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '770dbe42-e146-43d1-a55a-1355db86****', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '4162a6af-bc99-40b3-a552-89dcc8aaf7c8', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"4162a6af-bc99-40b3-a552-89dcc8aaf7c8\\"\\n}","errorExample":""},{"type":"xml","example":"<TagResourceResponse>\\n <RequestId>4162a6af-bc99-40b3-a552-89dcc8aaf7c8</RequestId>\\n</TagResourceResponse>","errorExample":""}]', + 'title' => 'TagResource', + 'summary' => 'Adds tags to a customer master key (CMK), secret, or certificate.', + 'description' => 'You can add up to 10 tags to a CMK, secret, or certificate.'."\n" + ."\n" + .'In this example, the tags `[{"TagKey":"S1key1","TagValue":"S1val1"},{"TagKey":"S1key2","TagValue":"S2val2"}]` are added to the CMK whose ID is `08c33a6f-4e0a-4a1b-a3fa-7ddf****`.'."\n", + 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~69007~~).'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'UntagResource' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + ], + 'parameters' => [ + [ + 'name' => 'KeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => '08c33a6f-4e0a-4a1b-a3fa-7ddf****', + ], + ], + [ + 'name' => 'TagKeys', + 'in' => 'query', + 'schema' => [ + 'description' => '', + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '["tagkey1","tagkey2"]', + ], + ], + [ + 'name' => 'SecretName', + 'in' => 'query', + 'schema' => [ + 'description' => '', + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => 'MyDbC****', + ], + ], + [ + 'name' => 'CertificateId', + 'in' => 'query', + 'schema' => [ + 'description' => '', + 'type' => 'string', + 'required' => false, + 'example' => '770dbe42-e146-43d1-a55a-1355db86****', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => '', + 'type' => 'string', + 'example' => '4162a6af-bc99-40b3-a552-89dcc8aaf7c8', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"4162a6af-bc99-40b3-a552-89dcc8aaf7c8\\"\\n}","errorExample":""},{"type":"xml","example":"<UntagResourceResponse>\\n <RequestId>4162a6af-bc99-40b3-a552-89dcc8aaf7c8</RequestId>\\n</UntagResourceResponse>","errorExample":""}]', + 'title' => 'UntagResource', + 'summary' => 'Removes tags from a customer master key (CMK), secret, or certificate.', + 'description' => 'One or more tag keys. Separate multiple tag keys with commas (,).'."\n" + ."\n" + .'You need to specify only the tag keys, not the tag values.'."\n" + ."\n" + .'Each tag key must be 1 to 128 bytes in length.'."\n", + 'requestParamsDescription' => 'The name of the secret.'."\n" + ."\n" + .'> You can configure only one of the KeyId, SecretName, and CertificateId parameters.'."\n", + 'responseParamsDescription' => ' ', + 'extraInfo' => ' ', + ], + 'CreateNetworkRule' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'abilityTreeCode' => '54653', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [ + [ + 'name' => 'Name', + 'in' => 'query', + 'schema' => [ + 'title' => '', + 'description' => 'The name of the access control rule.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'networkrule_test', + ], + ], + [ + 'name' => 'Type', + 'in' => 'query', + 'schema' => [ + 'title' => '', + 'description' => 'The network type.'."\n" + ."\n" + .'Only private IP addresses are supported. Set the value to Private.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'Private', + ], + ], + [ + 'name' => 'Description', + 'in' => 'query', + 'schema' => [ + 'description' => 'The description.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'networkrule description', + ], + ], + [ + 'name' => 'SourcePrivateIp', + 'in' => 'query', + 'schema' => [ + 'description' => 'The private IP address or private CIDR block. Separate multiple items with commas (,).'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '["192.10.XX.XX","192.168.XX.XX/24"]', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'Type' => [ + 'description' => 'The network type.'."\n", + 'type' => 'string', + 'example' => 'Private', + ], + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '3bf02f7a-015b-4f93-be0f-cc043fda2dd3', + ], + 'Description' => [ + 'description' => 'The description.'."\n", + 'type' => 'string', + 'example' => 'networkrule description', + ], + 'SourcePrivateIp' => [ + 'description' => 'The private IP address or private CIDR block.'."\n", + 'type' => 'string', + 'example' => '["192.10.XX.XX","192.168.XX.XX/24"]', + ], + 'Name' => [ + 'description' => 'The name of the access control rule.'."\n", + 'type' => 'string', + 'example' => 'networkrule_test', + ], + 'Arn' => [ + 'description' => 'The ARN of the access control rule.'."\n", + 'type' => 'string', + 'example' => 'acs:kms:cn-hangzhou:119285303511****:network/networkrule_test', + ], + ], + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"Type\\": \\"Private\\",\\n \\"RequestId\\": \\"3bf02f7a-015b-4f93-be0f-cc043fda2dd3\\",\\n \\"Description\\": \\"networkrule description\\",\\n \\"SourcePrivateIp\\": \\"[\\\\\\"192.10.XX.XX\\\\\\",\\\\\\"192.168.XX.XX/24\\\\\\"]\\",\\n \\"Name\\": \\"networkrule_test\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:119285303511****:network/networkrule_test\\"\\n}","errorExample":""},{"type":"xml","example":"<CreateNetworkRuleResponse>\\n <Type>Private</Type>\\n <RequestId>3bf02f7a-015b-4f93-be0f-cc043fda2dd3</RequestId>\\n <Description>networkrule description</Description>\\n <SourcePrivateIp>[\\"192.10.XX.XX\\",\\"192.168.XX.XX/24\\"]</SourcePrivateIp>\\n <Name>networkrule_test</Name>\\n <Arn>acs:kms:cn-hangzhou:119285303511****:network/networkrule_test</Arn>\\n</CreateNetworkRuleResponse>","errorExample":""}]', + 'title' => 'CreateNetworkRule', + 'summary' => 'Creates a network access rule to configure the private IP addresses or private CIDR blocks that are allowed to access a Key Management Service (KMS) instance.', + 'description' => 'To perform cryptographic operations and retrieve secret values, self-managed applications must use a client key to access a KMS instance. The following process shows how to create a client key-based application access point (AAP):'."\n" + ."\n" + .'1.Create an access control rule: You can configure the private IP addresses or private CIDR blocks that are allowed to access a KMS instance.'."\n" + ."\n" + .'2.Create a permission policy: You can configure the keys and secrets that are allowed to access and bind access control rules to the keys and secrets. For more information, see [CreatePolicy](~~2539454~~).'."\n" + ."\n" + .'3.Create an AAP: You can configure an authentication method and bind a permission policy to an AAP. For more information, see [CreateApplicationAccessPoint](~~2539467~~).'."\n" + ."\n" + .'4.Create a client key: You can configure the encryption password and validity period of a client key and bind the client key to an AAP. For more information, see [CreateClientKey](~~2539509~~).', + ], + 'ListNetworkRules' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'abilityTreeCode' => '54654', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [ + [ + 'name' => 'PageNumber', + 'in' => 'query', + 'schema' => [ + 'description' => 'The page number. Default value: 1.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'query', + 'schema' => [ + 'description' => 'The number of entries per page. Valid values: 1 to 100. Default value: 20.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '10', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '3bf02f7a-015b-4f34-be0f-cc043fda2d33', + ], + 'PageNumber' => [ + 'description' => 'The page number.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'description' => 'The number of entries per page.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'TotalCount' => [ + 'description' => 'The total number of entries returned.'."\n", + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'NetworkRules' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'NetworkRule' => [ + 'description' => 'A list of access control rules.', + 'type' => 'array', + 'items' => [ + 'description' => 'A list of access control rules.', + 'type' => 'object', + 'properties' => [ + 'Type' => [ + 'description' => 'The network type. The value is fixed as Private. Self-managed applications can access KMS instances only over a private virtual private cloud (VPC).'."\n", + 'type' => 'string', + 'example' => 'Private', + ], + 'Name' => [ + 'description' => 'The name of the access control rule.'."\n", + 'type' => 'string', + 'example' => 'networkrule_test', + ], + ], + ], + ], + ], + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is invalid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3bf02f7a-015b-4f34-be0f-cc043fda2d33\\",\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 1,\\n \\"NetworkRules\\": {\\n \\"NetworkRule\\": [\\n {\\n \\"Type\\": \\"Private\\",\\n \\"Name\\": \\"networkrule_test\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListNetworkRulesResponse>\\n <RequestId>3bf02f7a-015b-4f34-be0f-cc043fda2d33</RequestId>\\n <PageNumber>1</PageNumber>\\n <PageSize>10</PageSize>\\n <TotalCount>1</TotalCount>\\n <NetworkRules>\\n <Type>Private</Type>\\n <Name>networkrule_test</Name>\\n </NetworkRules>\\n</ListNetworkRulesResponse>","errorExample":""}]', + 'title' => 'ListNetworkRules', + 'summary' => 'Queries a list of network access rules.', + ], + 'DescribeNetworkRule' => [ + 'summary' => 'Queries the details of a network access rule.', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '189660', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + ], + 'parameters' => [ + [ + 'name' => 'Name', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the access control rule that you want to query.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'networkrule_test', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '3bf02f7a-015b-4f93-be0f-cc043fda2d33', + ], + 'Arn' => [ + 'description' => 'The ARN of the access control rule.'."\n", + 'type' => 'string', + 'example' => 'acs:kms:cn-hangzhou:119285303511****:network/networkrule_test', + ], + 'Type' => [ + 'description' => 'The network type. Only private IP addresses are supported. The value is fixed as Private.'."\n", + 'type' => 'string', + 'example' => 'Private', + ], + 'Description' => [ + 'description' => 'The description.'."\n", + 'type' => 'string', + 'example' => 'Creat by kst-hzz62ee817bvyyr5****', + ], + 'SourcePrivateIp' => [ + 'description' => 'The private IP address or private CIDR block.'."\n", + 'type' => 'string', + 'example' => '["192.10.XX.XX","192.168.XX.XX/24"]', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3bf02f7a-015b-4f93-be0f-cc043fda2d33\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:119285303511****:network/networkrule_test\\",\\n \\"Type\\": \\"Private\\",\\n \\"Description\\": \\"Create by kst-hzz62ee817bvyyr5****\\",\\n \\"SourcePrivateIp\\": \\"[\\\\\\"192.10.XX.XX\\\\\\",\\\\\\"192.168.XX.XX/24\\\\\\"]\\"\\n}","errorExample":""},{"type":"xml","example":"<DescribeNetworkRuleResponse>\\n <RequestId>3bf02f7a-015b-4f93-be0f-cc043fda2d33</RequestId>\\n <Arn>acs:kms:cn-hangzhou:119285303511****:network/networkrule_test</Arn>\\n <Type>Private</Type>\\n <Description>Create by kst-hzz62ee817bvyyr5****</Description>\\n <SourcePrivateIp>[\\"192.10.XX.XX\\",\\"192.168.XX.XX/24\\"]</SourcePrivateIp>\\n</DescribeNetworkRuleResponse>","errorExample":""}]', + 'title' => 'DescribeNetworkRule', + ], + 'UpdateNetworkRule' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + 'abilityTreeCode' => '54644', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + ], + 'parameters' => [ + [ + 'name' => 'Name', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the access control rule that you want to update.', + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'networkrule_test', + ], + ], + [ + 'name' => 'Description', + 'in' => 'query', + 'schema' => [ + 'description' => 'The description after the update.', + 'type' => 'string', + 'required' => false, + 'example' => 'Creat by kst-hzz62ee817bvyyr5****', + ], + ], + [ + 'name' => 'SourcePrivateIp', + 'in' => 'query', + 'schema' => [ + 'description' => 'The private IP address or CIDR block after the update. Separate multiple items with commas (,).', + 'type' => 'string', + 'required' => false, + 'example' => '["192.10.XX.XX","192.168.XX.XX/24"]', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.', + 'type' => 'string', + 'example' => '3bf02f7a-015b-4f34-be0f-cc043fda2d85', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3bf02f7a-015b-4f34-be0f-cc043fda2d85\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateNetworkRuleResponse>\\n <RequestId>3bf02f7a-015b-4f34-be0f-cc043fda2d85</RequestId>\\n</UpdateNetworkRuleResponse>","errorExample":""}]', + 'title' => 'UpdateNetworkRule', + 'summary' => 'Updates a network access rule.', + 'description' => '- You can update only private IP addresses and description of an access control rule. You cannot update the name and network type of an access control rule.'."\n" + .'- Updating an access control rule affects all permission policies that are bound to the access control rule. Exercise caution when you perform this operation.', + ], + 'DeleteNetworkRule' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'delete', + 'abilityTreeCode' => '54647', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + 'tenantRelevance' => 'tenant', + ], + 'parameters' => [ + [ + 'name' => 'Name', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the network access rule that you want to delete.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'networkrule_test', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '3bf02f7a-015b-4f93-be0f-cc043fda2d4', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3bf02f7a-015b-4f93-be0f-cc043fda2d4\\"\\n}","errorExample":""},{"type":"xml","example":"<DeleteNetworkRuleResponse>\\n <RequestId>3bf02f7a-015b-4f93-be0f-cc043fda2d4</RequestId>\\n</DeleteNetworkRuleResponse>","errorExample":""}]', + 'title' => 'DeleteNetworkRule', + 'summary' => 'Deletes a network access rule.', + 'description' => 'Before you delete a network access rule, make sure that the network access rule is not bound to permission policies. Otherwise, related applications cannot access Key Management Service (KMS).', + ], + 'CreatePolicy' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'abilityTreeCode' => '54642', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [ + [ + 'name' => 'Name', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the permission policy.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'policy_test', + ], + ], + [ + 'name' => 'Description', + 'in' => 'query', + 'schema' => [ + 'description' => 'The description.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'policy description', + ], + ], + [ + 'name' => 'KmsInstance', + 'in' => 'query', + 'schema' => [ + 'description' => 'The scope of the permission policy. You need to specify the KMS instance that you want to access.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'kst-hzz634e67d126u9p9****', + ], + ], + [ + 'name' => 'Permissions', + 'in' => 'query', + 'schema' => [ + 'description' => 'The operations that can be performed. Valid values:'."\n" + ."\n" + .'* RbacPermission/Template/CryptoServiceKeyUser: allows you to perform cryptographic operations.'."\n" + .'* RbacPermission/Template/CryptoServiceSecretUser: allows you to perform secret-related operations.'."\n" + ."\n" + .'You can select both.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]', + ], + ], + [ + 'name' => 'Resources', + 'in' => 'query', + 'schema' => [ + 'description' => 'The key and secret that are allowed to access.'."\n" + ."\n" + .'* Key: Enter a key in the `key/${KeyId}` format. To allow access to all keys of a KMS instance, enter key/\\*.'."\n" + .'* Secret: Enter a secret in the `secret/${SecretName}` format. To allow access to all secrets of a KMS instance, enter secret/\\*.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]', + ], + ], + [ + 'name' => 'AccessControlRules', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the access control rule.'."\n" + ."\n" + .'> For more information about how to query created access control rules, see [ListNetworkRules](~~2539433~~).'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '{"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '3bf02f7a-015b-4f34-be0f-c4543fda2d33', + ], + 'Arn' => [ + 'description' => 'The ARN of the permission policy.'."\n", + 'type' => 'string', + 'example' => 'acs:kms:cn-hangzhou:119285303511****:policy/policy_test', + ], + 'Name' => [ + 'description' => 'The name of the permission policy.'."\n", + 'type' => 'string', + 'example' => 'policy_test', + ], + 'Description' => [ + 'description' => 'The description.'."\n", + 'type' => 'string', + 'example' => 'policy description', + ], + 'KmsInstance' => [ + 'description' => 'The scope of the permission policy.'."\n", + 'type' => 'string', + 'example' => 'kst-hzz634e67d126u9p9****', + ], + 'Permissions' => [ + 'description' => 'The operations that can be performed.'."\n", + 'type' => 'string', + 'example' => '["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]', + ], + 'Resources' => [ + 'description' => 'The key and secret that are allowed to access.'."\n" + ."\n" + .'* `key/*` indicates that all keys of the KMS instance can be accessed.'."\n" + .'* `secret/*` indicates all secrets of the KMS instance can be accessed.'."\n", + 'type' => 'string', + 'example' => '["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]', + ], + 'AccessControlRules' => [ + 'description' => 'The name of the access control rule.'."\n", + 'type' => 'string', + 'example' => '{"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3bf02f7a-015b-4f34-be0f-c4543fda2d33\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:119285303511****:policy/policy_test\\",\\n \\"Name\\": \\"policy_test\\",\\n \\"Description\\": \\"policy description\\",\\n \\"KmsInstance\\": \\"kst-hzz634e67d126u9p9****\\",\\n \\"Permissions\\": \\"[\\\\\\"RbacPermission/Template/CryptoServiceKeyUser\\\\\\", \\\\\\"RbacPermission/Template/CryptoServiceSecretUser\\\\\\"]\\",\\n \\"Resources\\": \\"[\\\\\\"secret/acs/ram/user/ram-secret\\\\\\", \\\\\\"secret/acs/ram/user/acr-master\\\\\\", \\\\\\"key/key-hzz63d9c8d3dfv8cv****\\\\\\"]\\",\\n \\"AccessControlRules\\": \\"{\\\\\\"NetworkRules\\\\\\":[\\\\\\"kst-hzz62ee817bvyyr5x****.efkd\\\\\\",\\\\\\"kst-hzz62ee817bvyyr5x****.eyyp\\\\\\"]}\\"\\n}","errorExample":""},{"type":"xml","example":"<CreatePolicyResponse>\\n <RequestId>3bf02f7a-015b-4f34-be0f-c4543fda2d33</RequestId>\\n <Arn>acs:kms:cn-hangzhou:119285303511****:policy/policy_test</Arn>\\n <Name>policy_test</Name>\\n <Description>policy description</Description>\\n <KmsInstance>kst-hzz634e67d126u9p9****</KmsInstance>\\n <Permissions>[\\"RbacPermission/Template/CryptoServiceKeyUser\\", \\"RbacPermission/Template/CryptoServiceSecretUser\\"]</Permissions>\\n <Resources>[\\"secret/acs/ram/user/ram-secret\\", \\"secret/acs/ram/user/acr-master\\", \\"key/key-hzz63d9c8d3dfv8cv****\\"]</Resources>\\n <AccessControlRules>{\\"NetworkRules\\":[\\"kst-hzz62ee817bvyyr5x****.efkd\\",\\"kst-hzz62ee817bvyyr5x****.eyyp\\"]}</AccessControlRules>\\n</CreatePolicyResponse>","errorExample":""}]', + 'title' => 'CreatePolicy', + 'summary' => 'Creates a permission policy to configure the keys and secrets that are allowed to access.', + 'description' => 'To perform cryptographic operations and retrieve secret values, self-managed applications must use a client key to access a Key Management Service (KMS) instance. The following process shows how to create a client key-based application access point (AAP):'."\n" + ."\n" + .'1.Create an access control rule: You can configure the private IP addresses or private CIDR blocks that are allowed to access a KMS instance. For more information, see [CreateNetworkRule](~~2539407~~).'."\n" + ."\n" + .'2.Create a permission policy: You can configure the keys and secrets that are allowed to access and bind access control rules to the keys and secrets.'."\n" + ."\n" + .'3.Create an AAP: You can configure an authentication method and bind a permission policy to an AAP. For more information, see [CreateApplicationAccessPoint](~~2539467~~).'."\n" + ."\n" + .'4.Create a client key: You can configure the encryption password and validity period of a client key and bind the client key to an AAP. For more information, see [CreateClientKey](~~2539509~~).', + ], + 'ListPolicies' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'abilityTreeCode' => '54648', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [ + [ + 'name' => 'PageNumber', + 'in' => 'query', + 'schema' => [ + 'description' => 'The page number. Default value: 1.', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'query', + 'schema' => [ + 'description' => 'The number of entries per page. Valid values: 1 to 100. Default value: 20.', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '10', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.', + 'type' => 'string', + 'example' => 'b66ad557-9c00-4064-9c8d-b621c3263308', + ], + 'PageNumber' => [ + 'description' => 'The page number.', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'description' => 'The number of entries per page.', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'TotalCount' => [ + 'description' => 'The total number of entries returned.', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'Policies' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'Policy' => [ + 'description' => 'A list of permission policies.', + 'type' => 'array', + 'items' => [ + 'description' => 'A list of permission policies.', + 'type' => 'object', + 'properties' => [ + 'Name' => [ + 'description' => 'The name of the permission policy.', + 'type' => 'string', + 'example' => 'policy_test', + ], + ], + ], + ], + ], + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"b66ad557-9c00-4064-9c8d-b621c3263308\\",\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 1,\\n \\"Policies\\": {\\n \\"Policy\\": [\\n {\\n \\"Name\\": \\"policy_test\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListPoliciesResponse>\\n <RequestId>b66ad557-9c00-4064-9c8d-b621c3263308</RequestId>\\n <PageNumber>1</PageNumber>\\n <PageSize>10</PageSize>\\n <TotalCount>1</TotalCount>\\n <Policies>\\n <Name>policy_test</Name>\\n </Policies>\\n</ListPoliciesResponse>","errorExample":""}]', + 'title' => 'ListPolicies', + 'summary' => 'Queries a list of permission policies.', + ], + 'DescribePolicy' => [ + 'summary' => 'Queries the details of a permission policy.', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54643', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + ], + 'parameters' => [ + [ + 'name' => 'Name', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the permission policy that you want to query.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'policy_test', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => 'f455324b-e229-4066-9f58-9c1cf3fe83a9', + ], + 'Arn' => [ + 'description' => 'The Alibaba Cloud Resource Name (ARN) of the permission policy.'."\n", + 'type' => 'string', + 'example' => 'acs:kms:cn-hangzhou:119285303511****:policy/policy_test', + ], + 'Name' => [ + 'description' => 'The name of the permission policy.'."\n", + 'type' => 'string', + 'example' => 'policy_test', + ], + 'Description' => [ + 'description' => 'The description.'."\n", + 'type' => 'string', + 'example' => 'policy description', + ], + 'KmsInstance' => [ + 'description' => 'The scope of the permission policy.'."\n", + 'type' => 'string', + 'example' => 'kst-hzz634e67d126u9p9****', + ], + 'Permissions' => [ + 'description' => 'A list of operations that can be performed.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The operations that can be performed.'."\n", + 'type' => 'string', + 'example' => '["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]', + ], + 'example' => '["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]', + ], + 'Resources' => [ + 'description' => 'A list of keys and secrets that are allowed to access.'."\n", + 'type' => 'array', + 'items' => [ + 'description' => 'The keys and secrets that are allowed to access.'."\n", + 'type' => 'string', + 'example' => '["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]', + ], + 'example' => '["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]', + ], + 'AccessControlRules' => [ + 'description' => 'The network access rule that is associated with the permission policy.'."\n", + 'type' => 'string', + 'example' => '{"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}', + ], + ], + 'description' => '', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"f455324b-e229-4066-9f58-9c1cf3fe83a9\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:119285303511****:policy/policy_test\\",\\n \\"Name\\": \\"policy_test\\",\\n \\"Description\\": \\"policy description\\",\\n \\"KmsInstance\\": \\"kst-hzz634e67d126u9p9****\\",\\n \\"Permissions\\": [\\n \\"[\\\\\\"RbacPermission/Template/CryptoServiceKeyUser\\\\\\", \\\\\\"RbacPermission/Template/CryptoServiceSecretUser\\\\\\"]\\"\\n ],\\n \\"Resources\\": [\\n \\"[\\\\\\"secret/acs/ram/user/ram-secret\\\\\\", \\\\\\"secret/acs/ram/user/acr-master\\\\\\", \\\\\\"key/key-hzz63d9c8d3dfv8cv****\\\\\\"]\\"\\n ],\\n \\"AccessControlRules\\": \\"{\\\\\\"NetworkRules\\\\\\":[\\\\\\"kst-hzz62ee817bvyyr5x****.efkd\\\\\\",\\\\\\"kst-hzz62ee817bvyyr5x****.eyyp\\\\\\"]}\\"\\n}","errorExample":""},{"type":"xml","example":"<DescribePolicyResponse>\\n <RequestId>f455324b-e229-4066-9f58-9c1cf3fe83a9</RequestId>\\n <Arn>acs:kms:cn-hangzhou:119285303511****:policy/policy_test</Arn>\\n <Name>policy_test</Name>\\n <Description>policy description</Description>\\n <KmsInstance>kst-hzz634e67d126u9p9****</KmsInstance>\\n <Permissions>[\\"RbacPermission/Template/CryptoServiceKeyUser\\", \\"RbacPermission/Template/CryptoServiceSecretUser\\"]</Permissions>\\n <Resources>[\\"secret/acs/ram/user/ram-secret\\", \\"secret/acs/ram/user/acr-master\\", \\"key/key-hzz63d9c8d3dfv8cv****\\"]</Resources>\\n <AccessControlRules>{\\"NetworkRules\\":[\\"kst-hzz62ee817bvyyr5x****.efkd\\",\\"kst-hzz62ee817bvyyr5x****.eyyp\\"]}</AccessControlRules>\\n</DescribePolicyResponse>","errorExample":""}]', + 'title' => 'DescribePolicy', + ], + 'UpdatePolicy' => [ + 'summary' => 'Updates a permission policy.', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + 'abilityTreeCode' => '54641', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + ], + 'parameters' => [ + [ + 'name' => 'Name', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the permission policy that you want to update.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'policy_test', + ], + ], + [ + 'name' => 'Permissions', + 'in' => 'query', + 'schema' => [ + 'description' => 'The operations that are supported by the updated policy. Valid values:'."\n" + ."\n" + .'* RbacPermission/Template/CryptoServiceKeyUser: allows you to perform cryptographic operations.'."\n" + .'* RbacPermission/Template/CryptoServiceSecretUser: allows you to perform secret-related operations.'."\n" + ."\n" + .'You can select both.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]', + ], + ], + [ + 'name' => 'Resources', + 'in' => 'query', + 'schema' => [ + 'description' => 'The key and secret that are allowed to access after the update.'."\n" + ."\n" + .'* Key: Enter a key in the `key/${KeyId}` format. To allow access to all keys of a KMS instance, enter key/\\*.'."\n" + .'* Secret: Enter a secret in the `secret/${SecretName}` format. To allow access to all secrets of a KMS instance, enter secret/\\*.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]', + ], + ], + [ + 'name' => 'AccessControlRules', + 'in' => 'query', + 'schema' => [ + 'description' => 'The access control rule.'."\n" + ."\n" + .'> For more information about how to query created access control rules, see [ListNetworkRules](~~2539433~~).'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '{"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}', + ], + ], + [ + 'name' => 'Description', + 'in' => 'query', + 'schema' => [ + 'description' => 'The description.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'policy description', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => 'f455324b-e229-4066-9f58-9c1cf3fe83a8', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"f455324b-e229-4066-9f58-9c1cf3fe83a8\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdatePolicyResponse>\\n <RequestId>f455324b-e229-4066-9f58-9c1cf3fe83a8</RequestId>\\n</UpdatePolicyResponse>","errorExample":""}]', + 'title' => 'UpdatePolicy', + 'description' => '- You can update the role-based access control (RBAC) permissions, accessible resources, access control rules, and description of a permission policy. You cannot update the name or scope of a permission policy.'."\n" + .'- Updating a permission policy affects all application access points (AAPs) that are bound to the permission policy. Exercise caution when you perform this operation.', + ], + 'DeletePolicy' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'delete', + 'abilityTreeCode' => '54645', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + ], + 'parameters' => [ + [ + 'name' => 'Name', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the permission policy that you want to delete.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'policy_test', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The request ID.'."\n", + 'type' => 'string', + 'example' => '00a26a33-d992-42f3-9012-5fd12764430f', + ], + ], + 'description' => '', + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"00a26a33-d992-42f3-9012-5fd12764430f\\"\\n}","errorExample":""},{"type":"xml","example":"<DeletePolicyResponse>\\n <RequestId>00a26a33-d992-42f3-9012-5fd12764430f</RequestId>\\n</DeletePolicyResponse>","errorExample":""}]', + 'title' => 'DeletePolicy', + 'summary' => 'Deletes a permission policy.', + 'description' => 'Before you delete a permission policy, make sure that the permission policy is not associated with application access points (AAPs). Otherwise, related applications cannot access Key Management Service (KMS).'."\n", + ], + 'CreateApplicationAccessPoint' => [ + 'summary' => 'Creates an application access point (AAP)', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'abilityTreeCode' => '54651', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [ + [ + 'name' => 'Name', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the AAP.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'aap_test', + ], + ], + [ + 'name' => 'Description', + 'in' => 'query', + 'schema' => [ + 'description' => 'The description of the AAP.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'aap description', + ], + ], + [ + 'name' => 'AuthenticationMethod', + 'in' => 'query', + 'schema' => [ + 'title' => '新版认证字段'."\n", + 'description' => 'The authentication method. Currently, only ClientKey is supported.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => 'ClientKey', + ], + ], + [ + 'name' => 'Policies', + 'in' => 'query', + 'schema' => [ + 'description' => 'The permission policy.'."\n" + ."\n" + .'> You can bind up to three permission policies to each AAP.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => '["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => 'bcfefe15-46f0-44a3-bd96-3d422474b71a', + ], + 'Description' => [ + 'description' => 'The description of the AAP.'."\n", + 'type' => 'string', + 'example' => 'aap description', + ], + 'Policies' => [ + 'description' => 'The permission policy.'."\n", + 'type' => 'string', + 'example' => '["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]', + ], + 'Name' => [ + 'description' => 'The name of the AAP.'."\n", + 'type' => 'string', + 'example' => 'aap_test', + ], + 'Arn' => [ + 'description' => 'The Alibaba Cloud Resource Name (ARN) of the AAP.'."\n", + 'type' => 'string', + 'example' => 'acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test', + ], + 'AuthenticationMethod' => [ + 'description' => 'The authentication method.'."\n", + 'type' => 'string', + 'example' => 'ClientKey', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 409 => [ + [ + 'errorCode' => 'Rejected.ResourceExist', + 'errorMessage' => 'The request was rejected because the resource already exists.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"bcfefe15-46f0-44a3-bd96-3d422474b71a\\",\\n \\"Description\\": \\"aap description\\",\\n \\"Policies\\": \\"[\\\\\\"kst-hzz62ee817bvyyr5x****.efkd\\\\\\",\\\\\\"kst-hzz62ee817bvyyr5x****.eyyp\\\\\\"]\\",\\n \\"Name\\": \\"aap_test\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test\\",\\n \\"AuthenticationMethod\\": \\"ClientKey\\"\\n}","errorExample":""},{"type":"xml","example":"<CreateApplicationAccessPointResponse>\\n <RequestId>bcfefe15-46f0-44a3-bd96-3d422474b71a</RequestId>\\n <Description>aap description</Description>\\n <Policies>[\\"kst-hzz62ee817bvyyr5x****.efkd\\",\\"kst-hzz62ee817bvyyr5x****.eyyp\\"]</Policies>\\n <Name>aap_test</Name>\\n <Arn>acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test</Arn>\\n <AuthenticationMethod>ClientKey</AuthenticationMethod>\\n</CreateApplicationAccessPointResponse>","errorExample":""}]', + 'title' => 'CreateApplicationAccessPoint', + 'description' => 'To perform cryptographic operations and retrieve secret values, self-managed applications must use a client key to access a Key Management Service (KMS) instance. The following process shows how to create a client key-based AAP:'."\n" + ."\n" + .'1.Create a network access rule: You can configure the private IP addresses or private CIDR blocks that are allowed to access KMS. For more information, see [CreateNetworkRule](~~2539407~~).'."\n" + ."\n" + .'2.Create a permission policy: You can configure the keys and secrets that are allowed to access and bind network access rules to the keys and secrets. For more information, see [CreatePolicy](~~2539454~~).'."\n" + ."\n" + .'3.Create an AAP: You can configure an authentication method and bind a permission policy to an AAP. This topic describes how to create an AAP.'."\n" + ."\n" + .'4.Create a client key: You can configure the encryption password and validity period of a client key and bind the client key to an AAP. For more information, see [CreateClientKey](~~2539509~~).', + ], + 'ListApplicationAccessPoints' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'abilityTreeCode' => '54646', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [ + [ + 'name' => 'PageNumber', + 'in' => 'query', + 'schema' => [ + 'description' => 'The page number. Default value: 1.', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '1', + ], + ], + [ + 'name' => 'PageSize', + 'in' => 'query', + 'schema' => [ + 'description' => 'The number of entries per page. Valid values: 1 to 100. Default value: 20.', + 'type' => 'integer', + 'format' => 'int32', + 'required' => false, + 'example' => '10', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.', + 'type' => 'string', + 'example' => 'bcfefe15-46f0-44a3-bd96-3d422474b71a', + ], + 'PageNumber' => [ + 'description' => 'The page number.', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'PageSize' => [ + 'description' => 'The number of entries per page.', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '10', + ], + 'TotalCount' => [ + 'description' => 'The total number of entries returned.', + 'type' => 'integer', + 'format' => 'int32', + 'example' => '1', + ], + 'ApplicationAccessPoints' => [ + 'type' => 'object', + 'itemNode' => true, + 'properties' => [ + 'ApplicationAccessPoint' => [ + 'description' => 'A list of AAPs.', + 'type' => 'array', + 'items' => [ + 'description' => 'A list of AAPs.', + 'type' => 'object', + 'properties' => [ + 'Name' => [ + 'description' => 'The name of the AAP.', + 'type' => 'string', + 'example' => 'aap_test', + ], + 'AuthenticationMethod' => [ + 'description' => 'The authentication method.', + 'type' => 'string', + 'example' => 'ClientKey', + ], + ], + ], + ], + ], + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"bcfefe15-46f0-44a3-bd96-3d422474b71a\\",\\n \\"PageNumber\\": 1,\\n \\"PageSize\\": 10,\\n \\"TotalCount\\": 1,\\n \\"ApplicationAccessPoints\\": {\\n \\"ApplicationAccessPoint\\": [\\n {\\n \\"Name\\": \\"aap_test\\",\\n \\"AuthenticationMethod\\": \\"ClientKey\\"\\n }\\n ]\\n }\\n}","errorExample":""},{"type":"xml","example":"<ListApplicationAccessPointsResponse>\\n <RequestId>bcfefe15-46f0-44a3-bd96-3d422474b71a</RequestId>\\n <PageNumber>1</PageNumber>\\n <PageSize>10</PageSize>\\n <TotalCount>1</TotalCount>\\n <ApplicationAccessPoints>\\n <Name>aap_test</Name>\\n <AuthenticationMethod>ClientKey</AuthenticationMethod>\\n </ApplicationAccessPoints>\\n</ListApplicationAccessPointsResponse>","errorExample":""}]', + 'title' => 'ListApplicationAccessPoints', + 'summary' => 'Queries a list of application access points (AAPs).', + ], + 'DescribeApplicationAccessPoint' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'abilityTreeCode' => '54652', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + 'tenantRelevance' => 'tenant', + ], + 'parameters' => [ + [ + 'name' => 'Name', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the AAP that you want to query.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'aap_test', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => 'bcfefe15-46f0-44a3-bd96-3d422474b71a', + ], + 'Arn' => [ + 'description' => 'The ARN of the AAP.'."\n", + 'type' => 'string', + 'example' => 'acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test', + ], + 'Name' => [ + 'description' => 'The name of the AAP.'."\n", + 'type' => 'string', + 'example' => 'aap_test', + ], + 'Description' => [ + 'description' => 'The description.'."\n", + 'type' => 'string', + 'example' => 'aap description', + ], + 'AuthenticationMethod' => [ + 'description' => 'The authentication method.'."\n", + 'type' => 'string', + 'example' => 'ClientKey', + ], + 'Policies' => [ + 'description' => 'The permission policy that is bound to the AAP.'."\n", + 'type' => 'string', + 'example' => '["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"bcfefe15-46f0-44a3-bd96-3d422474b71a\\",\\n \\"Arn\\": \\"acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test\\",\\n \\"Name\\": \\"aap_test\\",\\n \\"Description\\": \\"aap description\\",\\n \\"AuthenticationMethod\\": \\"ClientKey\\",\\n \\"Policies\\": \\"[\\\\\\"kst-hzz62ee817bvyyr5x****.efkd\\\\\\",\\\\\\"kst-hzz62ee817bvyyr5x****.eyyp\\\\\\"]\\"\\n}","errorExample":""},{"type":"xml","example":"<DescribeApplicationAccessPointResponse>\\n <RequestId>bcfefe15-46f0-44a3-bd96-3d422474b71a</RequestId>\\n <Arn>acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test</Arn>\\n <Name>aap_test</Name>\\n <Description>aap description</Description>\\n <AuthenticationMethod>ClientKey</AuthenticationMethod>\\n <Policies>[\\"kst-hzz62ee817bvyyr5x****.efkd\\",\\"kst-hzz62ee817bvyyr5x****.eyyp\\"]</Policies>\\n</DescribeApplicationAccessPointResponse>","errorExample":""}]', + 'title' => 'DescribeApplicationAccessPoint', + 'summary' => 'Queries the details of an application access point (AAP).', + ], + 'UpdateApplicationAccessPoint' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'update', + 'abilityTreeCode' => '54640', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + ], + 'parameters' => [ + [ + 'name' => 'Name', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the AAP that you want to update.', + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'aap_test', + ], + ], + [ + 'name' => 'Description', + 'in' => 'query', + 'schema' => [ + 'description' => 'The description.', + 'type' => 'string', + 'required' => false, + 'example' => 'aap description', + ], + ], + [ + 'name' => 'Policies', + 'in' => 'query', + 'schema' => [ + 'description' => 'The permission policy that you want to update.'."\n" + .'> You can associate up to three permission policies with each AAP.', + 'type' => 'string', + 'required' => false, + 'example' => '["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.', + 'type' => 'string', + 'example' => 'bcfefe15-46f0-44a3-bd96-3d422474b71a', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is invalid.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"bcfefe15-46f0-44a3-bd96-3d422474b71a\\"\\n}","errorExample":""},{"type":"xml","example":"<UpdateApplicationAccessPointResponse>\\n <RequestId>bcfefe15-46f0-44a3-bd96-3d422474b71a</RequestId>\\n</UpdateApplicationAccessPointResponse>","errorExample":""}]', + 'title' => 'UpdateApplicationAccessPoint', + 'description' => 'The update takes effect immediately after an AAP information is updated. Exercise caution when you perform this operation. You can update the description of an AAP and the permission policies that are associated with the AAP. You cannot update the name of the AAP.', + 'summary' => 'Updates the information about an application access point (AAP).', + ], + 'DeleteApplicationAccessPoint' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'delete', + 'abilityTreeCode' => '54649', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + ], + 'parameters' => [ + [ + 'name' => 'Name', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the AAP that you want to delete.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'aap_test', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => 'bcfefe15-46f0-44a3-bd96-3d422474b71a', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"bcfefe15-46f0-44a3-bd96-3d422474b71a\\"\\n}","errorExample":""},{"type":"xml","example":"<DeleteApplicationAccessPointResponse>\\n <RequestId>bcfefe15-46f0-44a3-bd96-3d422474b71a</RequestId>\\n</DeleteApplicationAccessPointResponse>","errorExample":""}]', + 'title' => 'DeleteApplicationAccessPoint', + 'summary' => 'Deletes an application access point (AAP).', + 'description' => 'Before you delete an AAP, make sure that the AAP is no longer in use. If you delete an AAP that is in use, applications that use the AAP cannot access Key Management Service (KMS). Exercise caution when you delete an AAP.', + ], + 'CreateClientKey' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'create', + 'abilityTreeCode' => '54635', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [ + [ + 'name' => 'AapName', + 'in' => 'query', + 'schema' => [ + 'description' => 'The operation that you want to perform. Set the value to **CreateClientKey**.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'aap_test', + ], + ], + [ + 'name' => 'Password', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the AAP.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'bcfefe15-46f0****', + ], + ], + [ + 'name' => 'NotAfter', + 'in' => 'query', + 'schema' => [ + 'description' => 'The encryption password of the client key.'."\n" + ."\n" + .'The password must be 8 to 64 characters in length and must contain at least two of the following types: digits, letters, and special characters. Special characters include `~ ! @ # $ % ^ & * ? _ -`.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '2028-08-31T17:14:33Z', + ], + ], + [ + 'name' => 'NotBefore', + 'in' => 'query', + 'schema' => [ + 'description' => 'The end of the validity period of the client key.'."\n" + ."\n" + .'Specify the time in the ISO 8601 standard. The time must be in UTC. The time must be in the yyyy-MM-ddTHH:mm:ssZ format.'."\n" + ."\n" + .'> '."\n" + ."\n" + .'* If you do not configure NotAfter, the default value is the time when the client key was created plus five years.'."\n" + .'* If you configure NotAfter, you must configure NotBefore.'."\n", + 'type' => 'string', + 'required' => false, + 'example' => '2023-08-31T17:14:33Z', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The beginning of the validity period of the client key.'."\n" + ."\n" + .'Specify the time in the ISO 8601 standard. The time must be in UTC. The time must be in the yyyy-MM-ddTHH:mm:ssZ format.'."\n" + ."\n" + .'> '."\n" + ."\n" + .'* If you do not configure NotBefore, the default value is the time when the client key was created.'."\n" + .'* If you configure NotBefore, you must configure NotAfter.'."\n", + 'type' => 'string', + 'example' => '2312e45f-b2fa-4c34-ad94-3eca50932916', + ], + 'ClientKeyId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => 'KAAP.66abf237-63f6-4625-b8cf-47e1086e****', + ], + 'KeyAlgorithm' => [ + 'description' => 'The ID of the client key.'."\n", + 'type' => 'string', + 'example' => 'RSA_2048', + ], + 'PrivateKeyData' => [ + 'description' => 'The algorithm that is used to encrypt the private key of the client key. Currently, only RSA\\_2048 is supported.'."\n", + 'type' => 'string', + 'example' => 'MIIJqwIBAzCCCXcGCSqGSIb3DQEHAaCCCWgEgglkMIIJYDCCBBcGCSqGSIb3DQEHBqCCBAgwgg******', + ], + 'NotBefore' => [ + 'description' => 'The private key of the client key.'."\n", + 'type' => 'string', + 'example' => '2023-08-31T17:14:33Z', + ], + 'NotAfter' => [ + 'description' => 'The beginning of the validity period of the client key.'."\n", + 'type' => 'string', + 'example' => '2028-08-31T17:14:33Z', + ], + ], + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"2312e45f-b2fa-4c34-ad94-3eca50932916\\",\\n \\"ClientKeyId\\": \\"KAAP.66abf237-63f6-4625-b8cf-47e1086e****\\",\\n \\"KeyAlgorithm\\": \\"RSA_2048\\",\\n \\"PrivateKeyData\\": \\"MIIJqwIBAzCCCXcGCSqGSIb3DQEHAaCCCWgEgglkMIIJYDCCBBcGCSqGSIb3DQEHBqCCBAgwgg******\\",\\n \\"NotBefore\\": \\"2023-08-31T17:14:33Z\\",\\n \\"NotAfter\\": \\"2028-08-31T17:14:33Z\\"\\n}","errorExample":""},{"type":"xml","example":"<CreateClientKeyResponse>\\n <RequestId>2312e45f-b2fa-4c34-ad94-3eca50932916</RequestId>\\n <ClientKeyId>KAAP.66abf237-63f6-4625-b8cf-47e1086e****</ClientKeyId>\\n <KeyAlgorithm>RSA_2048</KeyAlgorithm>\\n <PrivateKeyData>MIIJqwIBAzCCCXcGCSqGSIb3DQEHAaCCCWgEgglkMIIJYDCCBBcGCSqGSIb3DQEHBqCCBAgwgg******</PrivateKeyData>\\n <NotBefore>2023-08-31T17:14:33Z</NotBefore>\\n <NotAfter>2028-08-31T17:14:33Z</NotAfter>\\n</CreateClientKeyResponse>","errorExample":""}]', + 'title' => 'CreateClientKey', + 'summary' => 'Creates a client key.', + 'description' => 'To perform cryptographic operations and retrieve secret values, self-managed applications must use a client key to access a Key Management Service (KMS) instance. The following process shows how to create a client key-based application access point (AAP):'."\n" + ."\n" + .'1.Create an access control rule: You can configure the private IP addresses or private CIDR blocks that are allowed to access a KMS instance. For more information, see [CreateNetworkRule](~~2539407~~).'."\n" + ."\n" + .'2.Create a permission policy: You can configure the keys and secrets that are allowed to access and bind access control rules to the keys and secrets. For more information, see [CreatePolicy](~~2539454~~).'."\n" + ."\n" + .'3.Create an AAP: You can configure an authentication method and bind a permission policy to an AAP. For more information, see [CreateApplicationAccessPoint](~~2539467~~).'."\n" + ."\n" + .'4.Create a client key: You can configure the encryption password and validity period of a client key and bind the client key to an AAP.'."\n" + .'### Precautions'."\n" + .'A client key has a validity period. After a client key expires, applications into which the client key is integrated cannot access the required KMS instance. You must replace the client key before the client key expires. We recommend that you delete the expired client key in KMS after the new client key is used.', + ], + 'ListClientKeys' => [ + 'methods' => [ + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'list', + 'abilityTreeCode' => '54637', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [ + [ + 'name' => 'AapName', + 'in' => 'query', + 'schema' => [ + 'description' => 'The name of the application access point (AAP).', + 'type' => 'string', + 'required' => false, + 'docRequired' => false, + 'example' => 'aap_test', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.', + 'type' => 'string', + 'example' => '2312e45f-b2fa-4c34-ad94-3eca50932916', + ], + 'ClientKeys' => [ + 'description' => 'A list of client keys.', + 'type' => 'array', + 'items' => [ + 'description' => 'A list of client keys.', + 'type' => 'object', + 'properties' => [ + 'ClientKeyId' => [ + 'description' => 'The ID of the client key.', + 'type' => 'string', + 'example' => 'KAAP.66abf237-63f6-4625-b8cf-47e1086e****', + ], + 'CreateTime' => [ + 'description' => 'The time when the client key was created.', + 'type' => 'string', + 'example' => '2023-08-31T09:14:38Z', + ], + 'PublicKeyData' => [ + 'description' => 'The public key of the client key.', + 'type' => 'string', + 'example' => '-----BEGIN CERTIFICATE-----\\nMIIDcjCCAlqgAwIBAgIQT/sAVRxwYp54mrw****-----END CERTIFICATE-----', + ], + 'KeyAlgorithm' => [ + 'description' => 'The private key algorithm of the client key.', + 'type' => 'string', + 'example' => 'RSA_2048', + ], + 'NotBefore' => [ + 'description' => 'The beginning of the validity period of the client key.', + 'type' => 'string', + 'example' => '2023-08-31T17:14:33Z', + ], + 'NotAfter' => [ + 'description' => 'The end of the validity period of the client key.', + 'type' => 'string', + 'example' => '2028-08-31T17:14:33Z', + ], + 'KeyOrigin' => [ + 'description' => 'The provider of the client key.'."\n" + ."\n" + .'Currently, only KMS is supported. The value is fixed as KMS_PROVIDED.', + 'type' => 'string', + 'example' => 'KMS_PROVIDED', + ], + 'AapName' => [ + 'description' => 'The name of the AAP.', + 'type' => 'string', + 'example' => 'aap_test', + ], + ], + ], + ], + ], + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"2312e45f-b2fa-4c34-ad94-3eca50932916\\",\\n \\"ClientKeys\\": [\\n {\\n \\"ClientKeyId\\": \\"KAAP.66abf237-63f6-4625-b8cf-47e1086e****\\",\\n \\"CreateTime\\": \\"2023-08-31T09:14:38Z\\",\\n \\"PublicKeyData\\": \\"-----BEGIN CERTIFICATE-----\\\\\\\\nMIIDcjCCAlqgAwIBAgIQT/sAVRxwYp54mrw****-----END CERTIFICATE-----\\",\\n \\"KeyAlgorithm\\": \\"RSA_2048\\",\\n \\"NotBefore\\": \\"2023-08-31T17:14:33Z\\",\\n \\"NotAfter\\": \\"2028-08-31T17:14:33Z\\",\\n \\"KeyOrigin\\": \\"KMS_PROVIDED\\",\\n \\"AapName\\": \\"aap_test\\"\\n }\\n ]\\n}","errorExample":""},{"type":"xml","example":"<ListClientKeysResponse>\\n <RequestId>2312e45f-b2fa-4c34-ad94-3eca50932916</RequestId>\\n <ClientKeys>\\n <KeyOrigin>KMS_PROVIDED</KeyOrigin>\\n <PublicKeyData>-----BEGIN CERTIFICATE-----\\\\nMIIDcjCCAlqgAwIBAgIQT/sAVRxwYp54mrw****-----END CERTIFICATE-----</PublicKeyData>\\n <CreateTime>2023-08-31T09:14:38Z</CreateTime>\\n <KeyAlgorithm>RSA_2048</KeyAlgorithm>\\n <NotBefore>2023-08-31T17:14:33Z</NotBefore>\\n <NotAfter>2028-08-31T17:14:33Z</NotAfter>\\n <AapName>aap_test</AapName>\\n <ClientKeyId>KAAP.66abf237-63f6-4625-b8cf-47e1086e****</ClientKeyId>\\n </ClientKeys>\\n</ListClientKeysResponse>","errorExample":""}]', + 'title' => 'ListClientKeys', + 'summary' => 'Queries a list of client keys', + ], + 'GetClientKey' => [ + 'summary' => 'Queries the information about a client key.', + 'methods' => [ + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'none', + 'abilityTreeCode' => '190829', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + 'tenantRelevance' => 'publicInformation', + ], + 'parameters' => [ + [ + 'name' => 'ClientKeyId', + 'in' => 'query', + 'schema' => [ + 'title' => '新版keyId', + 'description' => 'The ID of the client key.'."\n", + 'type' => 'string', + 'required' => true, + 'example' => 'KAAP.66abf237-63f6-4625-b8cf-47e1086e****', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'Schema of Response', + 'description' => '', + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'title' => 'Id of the request', + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '63d849a6-045b-4a57-ad9f-c5f756cea9e9', + ], + 'ClientKeyId' => [ + 'description' => 'The ID of the client key.'."\n", + 'type' => 'string', + 'example' => 'KAAP.66abf237-63f6-4625-b8cf-47e1086e****', + ], + 'CreateTime' => [ + 'description' => 'The time when the client key was created.'."\n", + 'type' => 'string', + 'example' => '2023-08-31T09:14:38Z', + ], + 'KeyAlgorithm' => [ + 'description' => 'The private key algorithm of the client key.'."\n", + 'type' => 'string', + 'example' => 'RSA_2048', + ], + 'KeyOrigin' => [ + 'description' => 'The provider of the client key.'."\n" + ."\n" + .'Currently, only Key Management Service (KMS) is supported. The value is fixed as KMS_PROVIDED.'."\n", + 'type' => 'string', + 'example' => 'KMS_PROVIDED', + ], + 'PublicKeyData' => [ + 'description' => 'The content of the public key of the client key.'."\n", + 'type' => 'string', + 'example' => '-----BEGIN CERTIFICATE-----\\nMIIDcjCCAlqgAwIBAgIQT/sAVRxwYp54mrw****-----END CERTIFICATE-----', + ], + 'NotAfter' => [ + 'description' => 'The end of the validity period of the client key.'."\n", + 'type' => 'string', + 'example' => '2028-08-31T17:14:33Z', + ], + 'NotBefore' => [ + 'description' => 'The beginning of the validity period of the client key.'."\n", + 'type' => 'string', + 'example' => '2023-08-31T17:14:33Z', + ], + 'AapName' => [ + 'description' => 'The name of the application access point (AAP).'."\n", + 'type' => 'string', + 'example' => 'aap_test', + ], + ], + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"63d849a6-045b-4a57-ad9f-c5f756cea9e9\\",\\n \\"ClientKeyId\\": \\"KAAP.66abf237-63f6-4625-b8cf-47e1086e****\\",\\n \\"CreateTime\\": \\"2023-08-31T09:14:38Z\\",\\n \\"KeyAlgorithm\\": \\"RSA_2048\\",\\n \\"KeyOrigin\\": \\"KMS_PROVIDED\\",\\n \\"PublicKeyData\\": \\"-----BEGIN CERTIFICATE-----\\\\\\\\nMIIDcjCCAlqgAwIBAgIQT/sAVRxwYp54mrw****-----END CERTIFICATE-----\\",\\n \\"NotAfter\\": \\"2028-08-31T17:14:33Z\\",\\n \\"NotBefore\\": \\"2023-08-31T17:14:33Z\\",\\n \\"AapName\\": \\"aap_test\\"\\n}","errorExample":""},{"type":"xml","example":"<GetClientKeyResponse>\\n <RequestId>63d849a6-045b-4a57-ad9f-c5f756cea9e9</RequestId>\\n <ClientKeyId>KAAP.66abf237-63f6-4625-b8cf-47e1086e****</ClientKeyId>\\n <CreateTime>2023-08-31T09:14:38Z</CreateTime>\\n <KeyAlgorithm>RSA_2048</KeyAlgorithm>\\n <KeyOrigin>KMS_PROVIDED</KeyOrigin>\\n <PublicKeyData>-----BEGIN CERTIFICATE-----\\\\nMIIDcjCCAlqgAwIBAgIQT/sAVRxwYp54mrw****-----END CERTIFICATE-----</PublicKeyData>\\n <NotAfter>2028-08-31T17:14:33Z</NotAfter>\\n <NotBefore>2023-08-31T17:14:33Z</NotBefore>\\n <AapName>aap_test</AapName>\\n</GetClientKeyResponse>","errorExample":""}]', + 'title' => 'GetClientKey', + ], + 'DeleteClientKey' => [ + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'write', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'delete', + 'abilityTreeCode' => '54636', + 'abilityTreeNodes' => [ + 'FEATUREkms9F3ZXA', + ], + ], + 'parameters' => [ + [ + 'name' => 'ClientKeyId', + 'in' => 'query', + 'schema' => [ + 'description' => 'The ID of the client key.'."\n", + 'type' => 'string', + 'required' => true, + 'docRequired' => true, + 'example' => 'KAAP.66abf237-63f6-4625-b8cf-47e1086e****', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'description' => 'The ID of the request, which is used to locate and troubleshoot issues.'."\n", + 'type' => 'string', + 'example' => '2312e45f-b2fa-4c34-ad94-3eca50932916', + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 404 => [ + [ + 'errorCode' => 'InvalidAccessKeyId.NotFound', + 'errorMessage' => 'The Access Key ID provided does not exist in our records.', + ], + ], + ], + 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"2312e45f-b2fa-4c34-ad94-3eca50932916\\"\\n}","errorExample":""},{"type":"xml","example":"<DeleteClientKeyResponse>\\n <RequestId>2312e45f-b2fa-4c34-ad94-3eca50932916</RequestId>\\n</DeleteClientKeyResponse>","errorExample":""}]', + 'title' => 'DeleteClientKey', + 'description' => 'Before you delete a client key, make sure that the client key is no longer in use. If you delete a client key that is in use, applications that use the client key cannot access Key Management Service (KMS). Exercise caution when you delete a client key.', + 'summary' => 'Deletes a client key.', + ], + 'GetKmsInstanceQuotaInfos' => [ + 'summary' => '获取实例配额信息', + 'methods' => [ + 'post', + 'get', + ], + 'schemes' => [ + 'https', + ], + 'security' => [ + [ + 'AK' => [], + ], + ], + 'operationType' => 'read', + 'deprecated' => false, + 'systemTags' => [ + 'operationType' => 'get', + 'riskType' => 'none', + 'chargeType' => 'free', + 'abilityTreeCode' => '290515', + 'abilityTreeNodes' => [ + 'FEATUREkms586TOR', + ], + 'autoTest' => true, + 'tenantRelevance' => 'tenant', + ], + 'parameters' => [ + [ + 'name' => 'KmsInstanceId', + 'in' => 'query', + 'schema' => [ + 'description' => '', + 'type' => 'string', + 'required' => false, + 'example' => 'kst-bjj62f5ba3dnpb6v8****', + ], + ], + [ + 'name' => 'ResourceType', + 'in' => 'query', + 'schema' => [ + 'description' => '', + 'type' => 'string', + 'required' => false, + 'enumValueTitles' => [ + 'qps' => 'qps', + 'vpc' => 'vpc', + 'secret' => 'secret', + 'key' => 'key', + ], + 'example' => 'key', + ], + ], + ], + 'responses' => [ + 200 => [ + 'schema' => [ + 'title' => 'Schema of Response', + 'description' => 'Schema of Response', + 'type' => 'object', + 'properties' => [ + 'RequestId' => [ + 'title' => 'Id of the request', + 'description' => 'Id of the request', + 'type' => 'string', + 'example' => 'f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f', + ], + 'KmsInstanceId' => [ + 'description' => '', + 'type' => 'string', + 'example' => 'kst-hzz6****', + ], + 'KmsInstanceQuotaInfos' => [ + 'description' => '', + 'type' => 'array', + 'items' => [ + 'type' => 'object', + 'properties' => [ + 'ResourceQuota' => [ + 'description' => '', + 'type' => 'integer', + 'format' => 'int64', + 'example' => '12', + ], + 'ResourceType' => [ + 'description' => '', + 'type' => 'string', + 'example' => 'key', + ], + 'UsedQuantity' => [ + 'description' => '', + 'type' => 'integer', + 'format' => 'int64', + 'example' => '10', + ], + ], + ], + ], + ], + ], + ], + ], + 'errorCodes' => [ + 400 => [ + [ + 'errorCode' => 'InvalidParameter', + 'errorMessage' => 'The specified parameter is not valid.', + ], + ], + 403 => [ + [ + 'errorCode' => 'Forbidden.DKMSInstanceStateInvalid', + 'errorMessage' => 'The DKMS instance state is invalid.', + ], + [ + 'errorCode' => 'Forbidden.DKMSInstanceNotFound', + 'errorMessage' => 'The specified DKMS Instance is not found.', + ], + ], + ], + 'staticInfo' => [ + 'returnType' => 'synchronous', + ], + 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"f1fdfa9d-bd49-418b-942f-8f3e3ec00a4f\\",\\n \\"KmsInstanceId\\": \\"kst-hzz6****\\",\\n \\"KmsInstanceQuotaInfos\\": [\\n {\\n \\"ResourceQuota\\": 12,\\n \\"ResourceType\\": \\"key\\",\\n \\"UsedQuantity\\": 10\\n }\\n ]\\n}","type":"json"}]', + ], + ], + 'endpoints' => [ + [ + 'regionId' => 'cn-qingdao', + 'endpoint' => 'kms.cn-qingdao.aliyuncs.com', + ], + [ + 'regionId' => 'cn-beijing', + 'endpoint' => 'kms.cn-beijing.aliyuncs.com', + ], + [ + 'regionId' => 'cn-zhangjiakou', + 'endpoint' => 'kms.cn-zhangjiakou.aliyuncs.com', + ], + [ + 'regionId' => 'cn-zhengzhou-jva', + 'endpoint' => 'kms.cn-zhengzhou-jva.aliyuncs.com', + ], + [ + 'regionId' => 'cn-huhehaote', + 'endpoint' => 'kms.cn-huhehaote.aliyuncs.com', + ], + [ + 'regionId' => 'cn-wulanchabu', + 'endpoint' => 'kms.cn-wulanchabu.aliyuncs.com', + ], + [ + 'regionId' => 'cn-hangzhou', + 'endpoint' => 'kms.cn-hangzhou.aliyuncs.com', + ], + [ + 'regionId' => 'cn-shanghai', + 'endpoint' => 'kms.cn-shanghai.aliyuncs.com', + ], + [ + 'regionId' => 'cn-fuzhou', + 'endpoint' => 'kms.cn-fuzhou.aliyuncs.com', + ], + [ + 'regionId' => 'cn-shenzhen', + 'endpoint' => 'kms.cn-shenzhen.aliyuncs.com', + ], + [ + 'regionId' => 'cn-heyuan', + 'endpoint' => 'kms.cn-heyuan.aliyuncs.com', + ], + [ + 'regionId' => 'cn-guangzhou', + 'endpoint' => 'kms.cn-guangzhou.aliyuncs.com', + ], + [ + 'regionId' => 'cn-chengdu', + 'endpoint' => 'kms.cn-chengdu.aliyuncs.com', + ], + [ + 'regionId' => 'cn-hongkong', + 'endpoint' => 'kms.cn-hongkong.aliyuncs.com', + ], + [ + 'regionId' => 'ap-northeast-1', + 'endpoint' => 'kms.ap-northeast-1.aliyuncs.com', + ], + [ + 'regionId' => 'ap-northeast-2', + 'endpoint' => 'kms.ap-northeast-2.aliyuncs.com', + ], + [ + 'regionId' => 'ap-southeast-1', + 'endpoint' => 'kms.ap-southeast-1.aliyuncs.com', + ], + [ + 'regionId' => 'ap-southeast-2', + 'endpoint' => 'kms.ap-southeast-2.aliyuncs.com', + ], + [ + 'regionId' => 'ap-southeast-3', + 'endpoint' => 'kms.ap-southeast-3.aliyuncs.com', + ], + [ + 'regionId' => 'ap-southeast-5', + 'endpoint' => 'kms.ap-southeast-5.aliyuncs.com', + ], + [ + 'regionId' => 'ap-southeast-6', + 'endpoint' => 'kms.ap-southeast-6.aliyuncs.com', + ], + [ + 'regionId' => 'us-east-1', + 'endpoint' => 'kms.us-east-1.aliyuncs.com', + ], + [ + 'regionId' => 'us-west-1', + 'endpoint' => 'kms.us-west-1.aliyuncs.com', + ], + [ + 'regionId' => 'eu-west-1', + 'endpoint' => 'kms.eu-west-1.aliyuncs.com', + ], + [ + 'regionId' => 'eu-central-1', + 'endpoint' => 'kms.eu-central-1.aliyuncs.com', + ], + [ + 'regionId' => 'ap-south-1', + 'endpoint' => 'kms.ap-south-1.aliyuncs.com', + ], + [ + 'regionId' => 'me-east-1', + 'endpoint' => 'kms.me-east-1.aliyuncs.com', + ], + [ + 'regionId' => 'cn-hangzhou-finance', + 'endpoint' => 'kms.cn-hangzhou-finance.aliyuncs.com', + ], + [ + 'regionId' => 'cn-shanghai-finance-1', + 'endpoint' => 'kms.cn-shanghai-finance-1.aliyuncs.com', + ], + [ + 'regionId' => 'cn-shenzhen-finance-1', + 'endpoint' => 'kms.cn-shenzhen-finance-1.aliyuncs.com', + ], + [ + 'regionId' => 'ap-southeast-7', + 'endpoint' => 'kms.ap-southeast-7.aliyuncs.com', + ], + [ + 'regionId' => 'cn-beijing-finance-1', + 'endpoint' => 'kms.cn-beijing-finance-1.aliyuncs.com', + ], + [ + 'regionId' => 'me-central-1', + 'endpoint' => 'kms.me-central-1.aliyuncs.com', + ], + [ + 'regionId' => 'cn-wuhan-lr', + 'endpoint' => 'kms.cn-wuhan-lr.aliyuncs.com', + ], + ], +]; |