You can create a customer master key (CMK) at any time. By default, each 3DS OUTSCALE account also has a default CMK, which cannot be deleted.

CMKs enable you to encrypt and decrypt up to 4096 bytes of data at a time. For more information, see About Outscale Key Management Service (OKMS).

The following procedures are available:

Creating a CMK Using Cockpit

  1. Click Services > Customer Master Keys.


  2. Click Create .
    The CREATE CMK dialog box appears.

  3. In the Description field, type a description for the CMK.

    This description must contain between 1 and 8192 Unicode characters.

  4. Click Create to validate.
    The CMK is created.


Creating a CMK Using OSC CLI

Before you begin: See Installing and Configuring OSC CLI to set up OSC CLI.


  • To create a CMK, use the CreateKey command following this syntax:

    Request sample
    $> osc-cli okms CreateKey \
        --Description DESCRIPTION \
        --Tags '[{"TagKey": "AAAA", "TagValue": "BBBB"}]'

    This command contains the following attributes that you need to specify:

    • (optional) Description: A description for the CMK, between 0 and 8192 Unicode characters.
    • (optional) Tags: One or more tags you want to associate with the CMK.


  • The CreateKey command returns the following elements:

    • KeyMetadata: Information about the CMK.

      • Origin: The source of the key material for the CMK (always OKMS).
      • KeyId: The ID of the CMK.

      • Description: A description for the CMK.
      • DeletionDate: The date and time when the CMK will be deleted (always null on creation).
      • KeyManager: The manager of the CMK (always CUSTOMER).
      • Enabled: Whether the CMK is enabled (always true on creation).
      • KeyUsage: The intended use of the CMK (always ENCRYPT_DECRYPT).
      • KeyState: The state of the CMK (always Enabled on creation).
      • CreationDate: The date and time when the CMK was created.
      • Arn: The Outscale Resource Name (ORN) of the CMK.
      • AWSAccountId: The account ID of the owner of the CMK.
    Result sample
    {
        "KeyMetadata": {
            "Origin": "OKMS",
            "KeyId": "cmk-12345678",
            "Description": null,
            "DeletionDate": null,
            "KeyManager": "CUSTOMER",
            "Enabled": true,
            "KeyUsage": "ENCRYPT_DECRYPT",
            "KeyState": "Enabled",
            "CreationDate": "2019-11-22T13:00:00.000000+00:00",
            "Arn": "arn:aws:kms:eu-west-2:987654321234:key/cmk-12345678",
            "AWSAccountId": "987654321234"
        }
    }

    The CMK is created.


Corresponding API Method


AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.