Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Key Management Service (KMS) API menggunakan resource kustom Kubernetes untuk mengelola siklus proses kunci kripto.
Untuk menggunakan KMS API, gunakan konsol GDC. Jika
aplikasi Anda menggunakan library Anda sendiri untuk memanggil API, gunakan contoh
endpoint layanan di bagian berikut, dan definisi API lengkap untuk membuat
permintaan Anda:
Variabel MANAGEMENT_API_SERVER_ENDPOINT adalah
endpoint server Management API.
Dengan menggunakan perintah kubectl proxy, akses URL di browser Anda untuk
mendapatkan dokumen penemuan untuk KMS API. Perintah kubectl proxy membuka
proxy di 127.0.0.1:8001 ke server Kubernetes API di komputer
lokal Anda. Setelah perintah tersebut berjalan, akses dokumen di URL berikut:
http://127.0.0.1:8001/apis/kms.gdc.goog/v1
http://127.0.0.1:8001/apis/kms.global.gdc.goog/v1
Contoh resource
Berikut adalah contoh resource. Namespace adalah
namespace project. Lihat bagian
Membuat kunci
di halaman Membuat dan menghapus kunci untuk mengetahui informasi selengkapnya tentang cara membuat
kunci.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-09-05 UTC."],[[["\u003cp\u003eThe Key Management Service (KMS) API utilizes Kubernetes custom resources to manage the entire lifecycle of cryptographic keys.\u003c/p\u003e\n"],["\u003cp\u003eKMS APIs are available in both zonal and global deployment packages, with distinct API endpoints for each type, identifiable by the \u003ccode\u003ekms.gdc.goog\u003c/code\u003e and \u003ccode\u003ekms.global.gdc.goog\u003c/code\u003e domains respectively.\u003c/p\u003e\n"],["\u003cp\u003eTo access the KMS API, users can either leverage the GDC console or use their own libraries, directing API requests to the provided service endpoints.\u003c/p\u003e\n"],["\u003cp\u003eDiscovery documents for both zonal and global KMS APIs can be accessed locally via a \u003ccode\u003ekubectl proxy\u003c/code\u003e, opening a proxy on \u003ccode\u003e127.0.0.1:8001\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe content also includes several example resources, namely AEADKey, SigningKey, KeyImport, KeyExport, RotationJob, and MZAEADKey, illustrating different key types and operations within the KMS API framework.\u003c/p\u003e\n"]]],[],null,["# Key Management Service API overview\n\nThe Key Management Service (KMS) API uses Kubernetes custom resources to manage\nthe lifecycle of the crypto keys.\n\nTo use the KMS API, use the GDC console. If\nyour application uses your own libraries to call the API, adopt the example\nservice endpoint in the following section, and the full API definitions to build\nyour requests:\n\n- [kms.gdc.goog](/distributed-cloud/hosted/docs/latest/gdch/apis/service/kms/v1/kms-v1)\n- [kms.global.gdc.goog](/distributed-cloud/hosted/docs/latest/gdch/apis/service/kms/v1/global-kms-v1)\n\nService endpoint and discovery document\n---------------------------------------\n\nThe KMS APIs are provided in two packages depending on zonal deployment or\nglobal deployment.\n\nThe API endpoints for the zonal and global KMS APIs are the following,\nrespectively:\n\n- `https://`\u003cvar translate=\"no\"\u003eMANAGEMENT_API_SERVER_ENDPOINT\u003c/var\u003e`/apis/kms.gdc.goog/v1`\n- `https://`\u003cvar translate=\"no\"\u003eMANAGEMENT_API_SERVER_ENDPOINT\u003c/var\u003e`/apis/kms.global.gdc.goog/v1`\n\nThe \u003cvar translate=\"no\"\u003eMANAGEMENT_API_SERVER_ENDPOINT\u003c/var\u003e variable is the\nendpoint of the Management API server.\n\nUsing the `kubectl proxy` command, access the URL in your browser to\nobtain the discovery document for the KMS API. The `kubectl proxy` command opens\nup a proxy on `127.0.0.1:8001` to the Kubernetes API server on your local\nmachine. After that command is running, access the documents at the\nfollowing URLs:\n\n- `http://127.0.0.1:8001/apis/kms.gdc.goog/v1`\n- `http://127.0.0.1:8001/apis/kms.global.gdc.goog/v1`\n\nExample resources\n-----------------\n\nThe following are sample resources. The namespace is\na project namespace. View the\n[Create a key](/distributed-cloud/hosted/docs/latest/gdch/application/ao-user/kms/create-delete-keys#create)\nsection in the *Create and delete keys* page for more information on creating\nkeys.\n\n### AEADKey resource\n\n apiVersion: \"kms.gdc.goog/v1\"\n kind: AEADKey\n metadata:\n name: my-test-key\n namespace: user-kms-project\n spec:\n algorithm: AES_256_GCM\n\n### SigningKey resource\n\n apiVersion: \"kms.gdc.goog/v1\"\n kind: SigningKey\n metadata:\n name: my-test-key\n namespace: user-kms-project\n spec:\n algorithm: EC_SIGN_P384_SHA384\n\n### KeyImport resource\n\n apiVersion: \"kms.gdc.goog/v1\"\n kind: KeyImport\n metadata:\n name: my-test-key-import\n namespace: user-kms-project\n spec:\n context:\n mechanism: ECDH_P521_AES256\n\n### KeyExport resource\n\n apiVersion: \"kms.gdc.goog/v1\"\n kind: KeyExport\n metadata:\n name: my-test-key-export\n namespace: user-kms-project\n spec:\n context:\n mechanism: ECDH_P521_AES256\n publicKey: pub_key_from_import\n keyToExport:\n kind: AEADKey\n name: key_name_to_export\n\n### RotationJob resource\n\n apiVersion: \"kms.gdc.goog/v1\"\n kind: RotationJob\n metadata:\n name: my-test-rotate-job\n spec:\n rootKeyResourceName: namespaces/kms-system/secrets/kms-key-ctm-root\n\n### MZAEADKey resource\n\n apiVersion: \"kms.global.gdc.goog/v1\"\n kind: MZAEADKey\n metadata:\n name: my-test-mz-key\n namespace: user-kms-project\n spec:\n algorithm: AES_256_GCM"]]