Yandex Cloud
  • Services
  • Solutions
  • Why Yandex Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Language / Region
© 2022 Yandex.Cloud LLC
Yandex Key Management Service
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Key
    • Key version
    • Data encryption
  • Concepts
    • Overview
    • Key
    • Key version
    • Encryption
    • Envelope encryption
    • Key consistency
    • Hardware Security Module (HSM)
    • Quotas and limits
  • Practical guidelines
    • All tutorials
    • Data encryption
      • Which encryption method should I choose?
      • Encrypting data using the Yandex Cloud CLI and API
      • Encrypting data using the Yandex Cloud SDK
      • Encrypting data using the AWS Encryption SDK
      • Encrypting data using Google Tink
    • Encrypting secrets in Managed Service for Kubernetes
    • KMS key management with Hashicorp Terraform
    • Encrypting secrets in Hashicorp Terraform
    • Auto Unseal in Hashicorp Vault
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • SymmetricCryptoService
      • SymmetricKeyService
      • OperationService
    • REST
      • Overview
      • SymmetricCrypto
        • Overview
        • decrypt
        • encrypt
        • generateDataKey
        • reEncrypt
      • SymmetricKey
        • Overview
        • cancelVersionDestruction
        • create
        • delete
        • get
        • list
        • listAccessBindings
        • listOperations
        • listVersions
        • rotate
        • scheduleVersionDestruction
        • setAccessBindings
        • setPrimaryVersion
        • update
        • updateAccessBindings
  • Questions and answers
  1. API reference
  2. REST
  3. SymmetricKey
  4. update

Method update

Written by
Yandex Cloud
  • HTTP request
  • Path parameters
  • Body parameters
  • Response

Updates the specified symmetric KMS key.

HTTP request

PATCH https://kms.api.cloud.yandex.net/kms/v1/keys/{keyId}

Path parameters

Parameter Description
keyId Required. ID of the symmetric KMS key to update. To get the ID of a symmetric KMS key use a list request. The maximum string length in characters is 50.

Body parameters

{
  "updateMask": "string",
  "name": "string",
  "description": "string",
  "status": "string",
  "labels": "object",
  "defaultAlgorithm": "string",
  "rotationPeriod": "string",
  "deletionProtection": true
}
Field Description
updateMask string

Required. Field mask that specifies which attributes of the symmetric KMS key are going to be updated.

A comma-separated names off ALL fields to be updated. Оnly the specified fields will be changed. The others will be left untouched. If the field is specified in updateMask and no value for that field was sent in the request, the field's value will be reset to the default. The default value for most fields is null or 0.

If updateMask is not sent in the request, all fields' values will be updated. Fields specified in the request will be updated to provided values. The rest of the fields will be reset to the default.

name string

New name for the symmetric KMS key.

The maximum string length in characters is 100.

description string

New description for the symmetric KMS key.

The maximum string length in characters is 1024.

status string

New status for the symmetric KMS key. Using the update method you can only set ACTIVE or INACTIVE status.

  • CREATING: The key is being created.
  • ACTIVE: The key is active and can be used for encryption and decryption. Can be set to INACTIVE using the update method.
  • INACTIVE: The key is inactive and unusable. Can be set to ACTIVE using the update method.
labels object

Custom labels for the symmetric KMS key as key:value pairs. Maximum 64 per key.

No more than 64 per resource. The maximum string length in characters for each key is 63. Each key must match the regular expression [a-z][-_0-9a-z]*. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]*.

defaultAlgorithm string

Default encryption algorithm to be used with new versions of the symmetric KMS key.

Supported symmetric encryption algorithms.

  • AES_128: AES algorithm with 128-bit keys.
  • AES_192: AES algorithm with 192-bit keys.
  • AES_256: AES algorithm with 256-bit keys.
  • AES_256_HSM: AES algorithm with 256-bit keys hosted by HSM
rotationPeriod string

Time period between automatic symmetric KMS key rotations.

deletionProtection boolean (boolean)

Flag that inhibits deletion of the symmetric KMS key

Response

HTTP Code: 200 - OK

{
  "id": "string",
  "description": "string",
  "createdAt": "string",
  "createdBy": "string",
  "modifiedAt": "string",
  "done": true,
  "metadata": "object",

  //  includes only one of the fields `error`, `response`
  "error": {
    "code": "integer",
    "message": "string",
    "details": [
      "object"
    ]
  },
  "response": "object",
  // end of the list of possible fields

}

An Operation resource. For more information, see Operation.

Field Description
id string

ID of the operation.

description string

Description of the operation. 0-256 characters long.

createdAt string (date-time)

Creation timestamp.

String in RFC3339 text format.

createdBy string

ID of the user or service account who initiated the operation.

modifiedAt string (date-time)

The time when the Operation resource was last modified.

String in RFC3339 text format.

done boolean (boolean)

If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.

metadata object

Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.

error object
The error result of the operation in case of failure or cancellation.
includes only one of the fields error, response

The error result of the operation in case of failure or cancellation.

error.
code
integer (int32)

Error code. An enum value of google.rpc.Code.

error.
message
string

An error message.

error.
details[]
object

A list of messages that carry the error details.

response object
includes only one of the fields error, response

The normal response of the operation in case of success. If the original method returns no data on success, such as Delete, the response is google.protobuf.Empty. If the original method is the standard Create/Update, the response should be the target resource of the operation. Any method that returns a long-running operation should document the response type, if any.

Was the article helpful?

Language / Region
© 2022 Yandex.Cloud LLC
In this article:
  • HTTP request
  • Path parameters
  • Body parameters
  • Response