检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Delete the plaintext DEK. Parent topic: KMS Related
Write SSHKeyPair * kps:KmsKeyId kps:Algorithm kps:domainKeypairs:create kps:SSHKeyPair:delete Grants permission to delete an SSH key pair. Write SSHKeyPair * - kps:domainKeypairs:delete kps:SSHKeyPair:get Grants permission to query the details about an SSH key pair.
Write secretName * csms:Type csms:KmsKeyId - - g:EnterpriseProjectId g:RequestTag/<tag-key> g:TagKeys csms:secret:delete Grants permission to delete a secret immediately.
You can locate the target failure record and click Delete in the Operation column, or can click Delete All to delete all failure records. Click Learn more to view related documents.
Ensure that the secret is in Enabled or Disabled state. 400 CSMS.0105 Can not delete the system internal stage. Cannot delete the built-in version status of the system. Do not delete the built-in version. 400 CSMS.0106 The secret name not found int the db.
CSMS Related Why Cannot I Delete the Version Status of a Secret? Why Is the Rotation Period Set for RDS Secrets Inconsistent with the Actual Rotation Period?
Will a CMK Be Charged After It Is Scheduled to Delete? How Is Rotation Charged for a CMK? How Is RDS Encryption Billed? How Is It Charged for Replica Keys?
and vpc:subnets:get KMS permissions: kms:dek:create and kms:dek:decrypt APIG permissions: apig:apps:update, apig:instances:get, apig:apps:get, apig:appCodes:create, apig:appCodes:get, and apig:appCodes:delete GaussDB secret Create an agency named CSMSAccessFunctionGraph with account
a dedicated keystore /v1.0/{project_id}/keystores/{keystore_id} kms:keystore:delete √ × Enable a dedicated keystore /v1.0/{project_id}/keystores/{keystore_id}/enable kms:keystore:enable √ × Disable a dedicated keystore /v1.0/{project_id}/keystores/{keystore_id}/disable kms:keystore
Action Access Level Resource Type (*: required) Condition Key Alias Dependencies csms:secret:delete Write secretName * csms:Type g:EnterpriseProjectId g:ResourceTag/<tag-key> - - URI DELETE /v1/{project_id}/secrets/{secret_name} Table 1 Path Parameters Parameter Mandatory Type Description
Action Access Level Resource Type (*: required) Condition Key Alias Dependencies csms:secret:deleteStage Write secretName * csms:Type g:EnterpriseProjectId g:ResourceTag/<tag-key> csms:secretStage:delete - URI DELETE /v1/{project_id}/secrets/{secret_name}/stages/{stage_name} Table
The following method can be used if you need to assign permissions of the KMS Administrator policy to a user but also forbid the user from deleting key tags (kms:cmkTag:delete).
Action Access Level Resource Type (*: required) Condition Key Alias Dependencies csms::deleteEvent Write - - csms:event:delete - URI DELETE /v1/{project_id}/csms/events/{event_name} Table 1 Path Parameters Parameter Mandatory Type Description project_id Yes String Project ID event_name
Deleting the version status In the Manage Status dialog box, click Delete and select a version status. Click OK. SYSCURRENT and SYSPREVIOUS are preconfigured statuses and cannot be deleted.
Write keystore * - - kms:keystore:delete Grants permission to delete the dedicated keystore. Write keystore * - - kms:keystore:enable Grants permission to enable the dedicated keystore.
DELETE: requests the server to delete specified resources, for example, an object. HEAD: same as GET except that the server must return only the response header. PATCH: requests the server to update partial content of a specified resource.
The following method can be used if you need to assign permissions of the KMS Administrator policy to a user but also forbid the user from deleting key tags (kms:cmkTag:delete).
Add or delete the permissions supported by kms:KeyId. Wait until the update is complete, click Next: Grant Access to Principals. On the displayed page, add or delete principals based on your needs. Then, click Next: Confirm in the lower right corner.
Deleting an event: Locate the target event and click Delete in the Operation column. In the displayed dialog box, enter DELETE and click OK. Event notifications can be deleted only after all associated secrets have been canceled.
In this case, an IAM user can only delete keys after the operation is verified by the operator or a specified personnel, reducing risks and losses caused by misoperations.
