Get Key Info

Prev Next

The latest service changes have not yet been reflected in this content. We will update the content as soon as possible. Please refer to the Korean version for information on the latest updates.

Available in Classic and VPC

Get key details.

Request

This section describes the request format. The method and URI are as follows:

Method URI
GET /keys/{keyTag}

Request headers

For information about the headers common to all Key Management Service APIs, see the account authentication method in Key Management Service request headers.

Request path parameters

You can use the following path parameters with your request:

Field Type Required Description
keyTag String Required Key tag
  • Unique identifier for the key derived from the key name
  • Check through Get key list.
  • Use to request encryption or decryption with REST APIs.
  • Key tags are not treated as confidential information.

Request example

The request example is as follows:

curl --location --request GET 'https://ocapi.ncloud.com/kms/v1/keys/a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}'

Response

This section describes the response format.

Response body

The response body includes the following data:

Field Type Required Description
code String - Success or Failure
data Object - Response result
data.keyId Integer - Key identifier
data.keyTag String - Key tag
  • Unique identifier for the key derived from the key name
  • Use to request encryption or decryption with REST APIs.
  • Key tags are not treated as confidential information.
data.keyName String - A unique name for the key specified upon creation
  • Key names are not treated as confidential information.
data.nrn String - Resource identifier used by NAVER Cloud Platform
  • NRNs are not treated as confidential information.
data.baseUrl String - API call domain (endpoint) by key boundary
data.keyType String - Key type
data.status String - Key status
  • ENABLE | DISABLE | REVOKE
    • ENABLE: available
    • DISABLE: disabled
    • REVOKE: pending deletion
    • See Manage key status for more information on the key status.
data.keystoreId Integer - Logical keystore identifier assigned to the user
data.currentVersion Integer - Current key version
  • The latest version of the key is displayed.
data.protectionType String - Key storage method
  • BASIC | COMMON_HSM
    • BASIC: Store encrypted on internal storage.
    • COMMON_HSM: Store on HSM (Hardware Security Module).
data.memo String - Key notes
  • Additional information and descriptions of the key entered upon creation
data.isConvergent Boolean - Whether to set convergent encryption
  • true | false
    • true: set
    • false: not set
data.isAutoRotation Boolean - Whether to enable key auto-rotation
  • true | false
    • true: set (enable)
    • false: not set (disable)
data.rotationPeriod Integer - Automatic key rotation cycle (day)
data.nextRotationDate Long - Next scheduled rotation date and time (millisecond)
  • Unix timestamp format
data.registerDate Long - Key creation date and time (millisecond)
  • Unix timestamp format
data.destroyDate Long - Scheduled key deletion date and time (millisecond)
  • Unix timestamp format
  • Included only in keys in the Pending deletion status
data.migrationInfo.migrationId String - Migration identifier
  • Included only in keys that failed migration
data.migrationInfo.status String - Migration status
  • Included only in keys that failed migration
data.migrationInfo.targetBoundary String - Target boundary for migration
  • Supports KR and JPN only
  • Included only in keys that failed migration
data.migrationInfo.startDate Long - Migration start timestamp (milliseconds)
  • Unix timestamp format
  • Included only in keys that failed migration
data.migrationInfo.errorMessage String - Reason for migration failure
  • Included only in keys that failed migration

Response status codes

For information about the HTTP status codes common to all Key Management Service APIs, see Key Management Service response status codes.

Response example

The response example is as follows:

{
    "code": "SUCCESS",
    "data": {
        "keyId": 12345,
        "keyTag": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5r6",
        "keyName": "{KEY_NAME}",
        "nrn": "nrn:PUB:KMS::7891:Key/000-12345",
        "keyType": "AES256",
        "status": "ENABLE",
        "keystoreId": 1234,
        "currentVersion": 1,
        "protectionType": "BASIC",
        "memo": "{KEY_DESCRIPTION}",
        "isConvergent": true,
        "isAutoRotation": true,
        "rotationPeriod": 90,
        "nextRotationDate": 1741156631314,
        "registerDate": 1733380631000,
        "baseUrl": "https://ocapi.ncloud.com",
        "migrationInfo": {
            "migrationId": "334ddd32-1008-4262-a8a6-eeb83a4e4640",
            "status": "FAILED",
            "targetBoundary": "JPN",
            "startDate": 1763347406000,
            "errorMessage": "{MIGRATION_ERROR_MESSAGE}"
        }
    }
}