MANAGEMENT_API_SERVER_ENDPOINT 변수는 Management API 서버의 엔드포인트입니다.
kubectl proxy 명령어를 사용하여 브라우저에서 URL에 액세스하여 KMS API의 검색 문서를 가져옵니다. kubectl proxy 명령어는 로컬 머신의 Kubernetes API 서버에 127.0.0.1:8001의 프록시를 엽니다. 명령어가 실행된 후 다음 URL에서 문서에 액세스합니다.
http://127.0.0.1:8001/apis/kms.gdc.goog/v1
http://127.0.0.1:8001/apis/kms.global.gdc.goog/v1
리소스 예시
다음은 샘플 리소스입니다. 네임스페이스가 프로젝트 네임스페이스입니다. 키 만들기에 관한 자세한 내용은 키 만들기 및 삭제 페이지의 키 만들기 섹션을 참고하세요.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-09-05(UTC)"],[[["\u003cp\u003eThe Key Management Service (KMS) API utilizes Kubernetes custom resources to manage the entire lifecycle of cryptographic keys.\u003c/p\u003e\n"],["\u003cp\u003eKMS APIs are available in both zonal and global deployment packages, with distinct API endpoints for each type, identifiable by the \u003ccode\u003ekms.gdc.goog\u003c/code\u003e and \u003ccode\u003ekms.global.gdc.goog\u003c/code\u003e domains respectively.\u003c/p\u003e\n"],["\u003cp\u003eTo access the KMS API, users can either leverage the GDC console or use their own libraries, directing API requests to the provided service endpoints.\u003c/p\u003e\n"],["\u003cp\u003eDiscovery documents for both zonal and global KMS APIs can be accessed locally via a \u003ccode\u003ekubectl proxy\u003c/code\u003e, opening a proxy on \u003ccode\u003e127.0.0.1:8001\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe content also includes several example resources, namely AEADKey, SigningKey, KeyImport, KeyExport, RotationJob, and MZAEADKey, illustrating different key types and operations within the KMS API framework.\u003c/p\u003e\n"]]],[],null,["# Key Management Service API overview\n\nThe Key Management Service (KMS) API uses Kubernetes custom resources to manage\nthe lifecycle of the crypto keys.\n\nTo use the KMS API, use the GDC console. If\nyour application uses your own libraries to call the API, adopt the example\nservice endpoint in the following section, and the full API definitions to build\nyour requests:\n\n- [kms.gdc.goog](/distributed-cloud/hosted/docs/latest/gdch/apis/service/kms/v1/kms-v1)\n- [kms.global.gdc.goog](/distributed-cloud/hosted/docs/latest/gdch/apis/service/kms/v1/global-kms-v1)\n\nService endpoint and discovery document\n---------------------------------------\n\nThe KMS APIs are provided in two packages depending on zonal deployment or\nglobal deployment.\n\nThe API endpoints for the zonal and global KMS APIs are the following,\nrespectively:\n\n- `https://`\u003cvar translate=\"no\"\u003eMANAGEMENT_API_SERVER_ENDPOINT\u003c/var\u003e`/apis/kms.gdc.goog/v1`\n- `https://`\u003cvar translate=\"no\"\u003eMANAGEMENT_API_SERVER_ENDPOINT\u003c/var\u003e`/apis/kms.global.gdc.goog/v1`\n\nThe \u003cvar translate=\"no\"\u003eMANAGEMENT_API_SERVER_ENDPOINT\u003c/var\u003e variable is the\nendpoint of the Management API server.\n\nUsing the `kubectl proxy` command, access the URL in your browser to\nobtain the discovery document for the KMS API. The `kubectl proxy` command opens\nup a proxy on `127.0.0.1:8001` to the Kubernetes API server on your local\nmachine. After that command is running, access the documents at the\nfollowing URLs:\n\n- `http://127.0.0.1:8001/apis/kms.gdc.goog/v1`\n- `http://127.0.0.1:8001/apis/kms.global.gdc.goog/v1`\n\nExample resources\n-----------------\n\nThe following are sample resources. The namespace is\na project namespace. View the\n[Create a key](/distributed-cloud/hosted/docs/latest/gdch/application/ao-user/kms/create-delete-keys#create)\nsection in the *Create and delete keys* page for more information on creating\nkeys.\n\n### AEADKey resource\n\n apiVersion: \"kms.gdc.goog/v1\"\n kind: AEADKey\n metadata:\n name: my-test-key\n namespace: user-kms-project\n spec:\n algorithm: AES_256_GCM\n\n### SigningKey resource\n\n apiVersion: \"kms.gdc.goog/v1\"\n kind: SigningKey\n metadata:\n name: my-test-key\n namespace: user-kms-project\n spec:\n algorithm: EC_SIGN_P384_SHA384\n\n### KeyImport resource\n\n apiVersion: \"kms.gdc.goog/v1\"\n kind: KeyImport\n metadata:\n name: my-test-key-import\n namespace: user-kms-project\n spec:\n context:\n mechanism: ECDH_P521_AES256\n\n### KeyExport resource\n\n apiVersion: \"kms.gdc.goog/v1\"\n kind: KeyExport\n metadata:\n name: my-test-key-export\n namespace: user-kms-project\n spec:\n context:\n mechanism: ECDH_P521_AES256\n publicKey: pub_key_from_import\n keyToExport:\n kind: AEADKey\n name: key_name_to_export\n\n### RotationJob resource\n\n apiVersion: \"kms.gdc.goog/v1\"\n kind: RotationJob\n metadata:\n name: my-test-rotate-job\n spec:\n rootKeyResourceName: namespaces/kms-system/secrets/kms-key-ctm-root\n\n### MZAEADKey resource\n\n apiVersion: \"kms.global.gdc.goog/v1\"\n kind: MZAEADKey\n metadata:\n name: my-test-mz-key\n namespace: user-kms-project\n spec:\n algorithm: AES_256_GCM"]]