Skip to main content
POST
/
api
/
v1
/
kms
/
keys
cURL
curl --request POST \
  --url https://us.infisical.com/api/v1/kms/keys \
  --header 'Content-Type: application/json' \
  --data '
{
  "projectId": "<string>",
  "name": "<string>",
  "description": "<string>",
  "keyUsage": "encrypt-decrypt",
  "encryptionAlgorithm": "aes-256-gcm"
}
'
{
  "key": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "orgId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "name": "<string>",
    "createdAt": "2023-11-07T05:31:56Z",
    "updatedAt": "2023-11-07T05:31:56Z",
    "encryptionAlgorithm": "<string>",
    "description": "<string>",
    "isDisabled": false,
    "projectId": "<string>",
    "keyUsage": "encrypt-decrypt",
    "kmipMetadata": "<unknown>",
    "version": 1
  }
}

Body

application/json
projectId
string
required

The ID of the project to create the key in.

name
string
required

The name of the key to be created. Must be slug-friendly.

Required string length: 1 - 32
description
string

An optional description of the key.

Maximum string length: 500
keyUsage
enum<string>
default:encrypt-decrypt

The type of key to be created, either encrypt-decrypt or sign-verify, based on your intended use for the key.

Available options:
encrypt-decrypt,
sign-verify
encryptionAlgorithm
enum<string>
default:aes-256-gcm

The algorithm to use when performing cryptographic operations with the key.

Available options:
aes-256-gcm,
aes-128-gcm,
RSA_4096,
ECC_NIST_P256

Response

Default Response

key
object
required