MENU
      Create Key
        • PDF

        Create Key

        • PDF

        Article summary

        Available in Classic and VPC

        Create a new key.

        Request

        This section describes the request format. The method and URI are as follows:

        MethodURI
        POST/keys

        Request headers

        For information about the headers common to all Key Management Service APIs, see the account authentication method in Key Management Service request headers.

        Request body

        You can include the following data in the body of your request:

        FieldTypeRequiredDescription
        keyNameStringRequiredKey name
        • 3 to 15 characters, including English letters, numbers, and special characters "-" and "_"
        • The first character must be an English letter, and the name can't be duplicated with other key names in the user's keystore
        keyTypeStringRequiredKey type
        • AES256 | RSA2048 | ECDSA
          • AES256: 256-bit key with symmetric-key AES cipher (AES 256-GCM96)
            • Up to 32 KB of data can be encrypted
          • RSA2048: 2048-bit key using asymmetric-key RSA cipher (RSA 2048)
            • Able to encrypt/decrypt and sign/verify, but slowest to process
            • Can encrypt up to 190 bytes of data or sign up to 8 KB of data
          • ECDSA: 256-bit key with asymmetric-keyed ECDSA cipher (ECDSA-P256)
            • Up to 8 KB of data can be signed
        memoStringOptionalKey notes
        • Additional information and descriptions of the key
        • 0-100 characters
        isConvergentBooleanOptionalWhether to set convergent encryption
        • true | false (default)
          • true: set
          • false: not set
        • Can be set only if keyType is AES256
        isAutoRotationBooleanRequiredWhether to enable key auto-rotation
        • true | false (default)
          • true: enable
          • false: disable
        rotationPeriodIntegerOptionalSet automatic key rotation cycle (day)
        • 1-730 (default: 90)
        • Can be entered if isAutoRotation is true
        protectionTypeStringRequiredKey storage method
        • BASIC | COMMON_HSM
          • BASIC: Store encrypted on internal storage
          • COMMON_HSM: Store on HSM (Hardware Security Module)

        Request example

        The request example is as follows:

        curl --location --request POST 'https://ocapi.ncloud.com/kms/v1/keys' \
        --header 'x-ncp-apigw-timestamp: {Timestamp}' \
        --header 'x-ncp-iam-access-key: {Access Key}' \
        --header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
        --data '{
          "keyName": "{KEY_NAME}",
          "keyType": "AES256",
          "memo": "{KEY_DESCRIPTION}",
          "isConvergent": true,
          "isAutoRotation": true,
          "rotationPeriod": 90,
          "protectionType": "BASIC"
        }'
        Shell

        Response

        This section describes the response format.

        Response body

        The response body includes the following data:

        FieldTypeRequiredDescription
        codeString-Success or Failure
        dataObject-Response result
        data.keyIdInteger-Key identifier
        data.keyTagString-Key tag
        • Unique identifier for the key derived from the key name
        • Use to request encryption or decryption with REST APIs
        • Key tags are not treated as confidential information
        data.keyNameString-Key name
        • Key names are not treated as confidential information
        data.keyTypeString-Key type
        data.statusString-Key status
        • ENABLE | DISABLE | REVOKE
          • ENABLE: available
          • DISABLE: disabled
          • REVOKE: pending deletion
          • See Manage key status for more information on the key status
        data.keystoreIdInteger-Logical keystore identifier assigned to the user
        data.protectionTypeString-Key storage method
        • BASIC | COMMON_HSM
          • BASIC: Store encrypted on internal storage
          • COMMON_HSM: Store on HSM (Hardware Security Module)
        data.memoString-Key notes
        • Additional information and descriptions of the key entered upon creation
        data.isConvergentBoolean-Whether to set convergent encryption
        • true | false
          • true: set
          • false: not set
        data.isAutoRotationBoolean-Whether to enable key auto-rotation
        • true | false
          • true: enable
          • false: disable
        data.rotationPeriodInteger-Automatic key rotation cycle (day)
        data.nextRotationDateLong-Next scheduled rotation date and time (millisecond)
        • Unix timestamp format
        data.registerDateLong-Key creation date and time (millisecond)
        • Unix timestamp format

        Response status codes

        For response status codes common to all Key Management Service APIs, see Key Management Service response status codes.

        Response example

        The response example is as follows:

        {
            "code": "SUCCESS",
            "data": {
                "keyId": 12345,
                "keyTag": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6"
                "keyName": "{KEY_NAME}",
                "keyType": "AES256",
                "status": "ENABLE",
                "keystoreId": 1234,
                "protectionType": "BASIC",
                "memo": "{KEY_DESCRIPTION}",
                "isConvergent": true,
                "isAutoRotation": true,
                "rotationPeriod": 90,
                "nextRotationDate": 1741156631314,
                "registerDate": 1733380631000
            }
        }
        JSON

        Was this article helpful?

        What's Next
        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.