Create Key

Article summary

Did you find this summary helpful?

Thank you for your feedback

Available in Classic and VPC

Create a new key.

Request

This section describes the request format. The method and URI are as follows:

Method	URI
POST	/keys

Request headers

For information about the headers common to all Key Management Service APIs, see the account authentication method in Key Management Service request headers.

Request body

You can include the following data in the body of your request:

Field	Type	Required	Description
`keyName`	String	Required	Key name 3 to 15 characters, including English letters, numbers, and special characters "-" and "_" The first character must be an English letter, and the name can't be duplicated with other key names in the user's keystore
`keyType`	String	Required	Key type `AES256` \| `RSA2048` \| `ECDSA` `AES256`: 256-bit key with symmetric-key AES cipher (AES 256-GCM96) Up to 32 KB of data can be encrypted `RSA2048`: 2048-bit key using asymmetric-key RSA cipher (RSA 2048) Able to encrypt/decrypt and sign/verify, but slowest to process Can encrypt up to 190 bytes of data or sign up to 8 KB of data `ECDSA`: 256-bit key with asymmetric-keyed ECDSA cipher (ECDSA-P256) Up to 8 KB of data can be signed
`memo`	String	Optional	Key notes Additional information and descriptions of the key 0-100 characters
`isConvergent`	Boolean	Optional	Whether to set convergent encryption `true` \| `false` (default) `true`: set `false`: not set Can be set only if `keyType` is `AES256`
`isAutoRotation`	Boolean	Required	Whether to enable key auto-rotation `true` \| `false` (default) `true`: enable `false`: disable
`rotationPeriod`	Integer	Optional	Set automatic key rotation cycle (day) 1-730 (default: 90) Can be entered if `isAutoRotation` is `true`
`protectionType`	String	Required	Key storage method `BASIC` \| `COMMON_HSM` `BASIC`: Store encrypted on internal storage `COMMON_HSM`: Store on HSM (Hardware Security Module)

Request example

The request example is as follows:

curl --location --request POST 'https://ocapi.ncloud.com/kms/v1/keys' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--data '{
  "keyName": "{KEY_NAME}",
  "keyType": "AES256",
  "memo": "{KEY_DESCRIPTION}",
  "isConvergent": true,
  "isAutoRotation": true,
  "rotationPeriod": 90,
  "protectionType": "BASIC"
}'

Response

This section describes the response format.

Response body

The response body includes the following data:

Field	Type	Required	Description
`code`	String	-	Success or Failure
`data`	Object	-	Response result
`data.keyId`	Integer	-	Key identifier
`data.keyTag`	String	-	Key tag Unique identifier for the key derived from the key name Use to request encryption or decryption with REST APIs Key tags are not treated as confidential information
`data.keyName`	String	-	Key name Key names are not treated as confidential information
`data.keyType`	String	-	Key type See `keyType` of Response body
`data.status`	String	-	Key status `ENABLE` \| `DISABLE` \| `REVOKE` `ENABLE`: available `DISABLE`: disabled `REVOKE`: pending deletion See Manage key status for more information on the key status
`data.keystoreId`	Integer	-	Logical keystore identifier assigned to the user
`data.protectionType`	String	-	Key storage method `BASIC` \| `COMMON_HSM` `BASIC`: Store encrypted on internal storage `COMMON_HSM`: Store on HSM (Hardware Security Module)
`data.memo`	String	-	Key notes Additional information and descriptions of the key entered upon creation
`data.isConvergent`	Boolean	-	Whether to set convergent encryption `true` \| `false` `true`: set `false`: not set
`data.isAutoRotation`	Boolean	-	Whether to enable key auto-rotation `true` \| `false` `true`: enable `false`: disable
`data.rotationPeriod`	Integer	-	Automatic key rotation cycle (day)
`data.nextRotationDate`	Long	-	Next scheduled rotation date and time (millisecond) Unix timestamp format
`data.registerDate`	Long	-	Key creation date and time (millisecond) Unix timestamp format

Response status codes

For response status codes common to all Key Management Service APIs, see Key Management Service response status codes.

Response example

The response example is as follows:

{
    "code": "SUCCESS",
    "data": {
        "keyId": 12345,
        "keyTag": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6"
        "keyName": "{KEY_NAME}",
        "keyType": "AES256",
        "status": "ENABLE",
        "keystoreId": 1234,
        "protectionType": "BASIC",
        "memo": "{KEY_DESCRIPTION}",
        "isConvergent": true,
        "isAutoRotation": true,
        "rotationPeriod": 90,
        "nextRotationDate": 1741156631314,
        "registerDate": 1733380631000
    }
}

Was this article helpful?

What's Next

Get Key Info

Table of contents

Request
Response