Menu
AWS Key Management Service
API Reference (API Version 2014-11-01)

DescribeKey

Provides detailed information about the specified customer master key.

Request Syntax

Copy
{ "GrantTokens": [ "string" ], "KeyId": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

Note

In the following list, the required parameters are described first.

KeyId

A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".

  • Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012

  • Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName

  • Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012

  • Alias Name Example - alias/MyAliasName

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: Yes

GrantTokens

A list of grant tokens.

For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 10 items.

Length Constraints: Minimum length of 1. Maximum length of 8192.

Required: No

Response Syntax

Copy
{ "KeyMetadata": { "Arn": "string", "AWSAccountId": "string", "CreationDate": number, "DeletionDate": number, "Description": "string", "Enabled": boolean, "ExpirationModel": "string", "KeyId": "string", "KeyState": "string", "KeyUsage": "string", "Origin": "string", "ValidTo": number } }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

KeyMetadata

Metadata associated with the key.

Type: KeyMetadata object

Errors

For information about the errors that are common to all actions, see Common Errors.

DependencyTimeoutException

The system timed out while trying to fulfill the request. The request can be retried.

HTTP Status Code: 500

InvalidArnException

The request was rejected because a specified ARN was not valid.

HTTP Status Code: 400

KMSInternalException

The request was rejected because an internal exception occurred. The request can be retried.

HTTP Status Code: 400

NotFoundException

The request was rejected because the specified entity or resource could not be found.

HTTP Status Code: 400

Examples

The following examples are formatted for legibility.

Example Request

Copy
POST / HTTP/1.1 Host: kms.us-west-2.amazonaws.com Content-Length: 48 X-Amz-Target: TrentService.DescribeKey X-Amz-Date: 20161107T220837Z Content-Type: application/x-amz-json-1.1 Authorization: AWS4-HMAC-SHA256\ Credential=AKIAI44QH8DHBEXAMPLE/20161107/us-west-2/kms/aws4_request,\ SignedHeaders=content-type;host;x-amz-date;x-amz-target,\ Signature=153ffe57d38b83745cb3d3c6a2ca67835747ed64ed99c07481e464ab0f77f22c {"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"}

Example Response

Copy
HTTP/1.1 200 OK Server: Server Date: Mon, 07 Nov 2016 22:08:38 GMT Content-Type: application/x-amz-json-1.1 Content-Length: 311 Connection: keep-alive x-amzn-RequestId: bc0c2c4d-a536-11e6-a265-d3aef78e1a90 { "KeyMetadata": { "AWSAccountId": "111122223333", "Arn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "CreationDate": 1.444675507571E9, "Description": "", "Enabled": true, "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "KeyState": "Enabled", "KeyUsage": "ENCRYPT_DECRYPT", "Origin": "AWS_KMS" } }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: