类别:

系统函数 (系统信息)

SYSTEM$GET_CMK_INFO

返回您的客户管理密钥 (CMK) 的状态以搭配 Tri-Secret Secure 使用。

另请参阅:

Understanding CMK self-registration with support activation of Tri-Secret Secure

语法

SYSTEM$GET_CMK_INFO( [ '<ssa_account_name>' ] )
Copy

Arguments

Required:

None.

Optional:

ssa_account_name

A string that specifies the name of SSA account name for which you want to retrieve the CMK status.

返回

Returns a status message indicating the state of your CMK. The output includes the values that you specified when calling SYSTEM$REGISTER_CMK_INFO. If you have enabled private connectivity, the status message returned by SYSTEM$GET_CMK_INFO includes whether your CMK is privately connected.

以 Amazon Web Services 上的 CMKs 作为代表性示例,可能会出现以下消息:

  • 您的 CMK 已注册,但尚未启用以使用 Tri-Secret Secure:

    CMK with ARN: arn:aws:kms:us-west-2:736112632310:key/ceab36e4-f0e5-4b46-9a78-86e8f17a0f59
is pre-registered for Tri-Secret Secure.

  • 您的 CMK 已激活,正在与 Tri-Secret Secure 一起使用:

    CMK with ARN: arn:aws:kms:us-west-2:736112632310:key/ceab36e4-f0e5-4b46-9a78-86e8f17a0f59
is activated for Tri-Secret Secure.

  • 您有一个活动 CMK,但您刚刚预注册了一个新密钥:

    CMK with ARN: arn:aws:kms:us-west-2:736112632310:key/ceab36e4-f0e5-4b46-9a78-86e8f17a0f59
is activated with Tri-Secret Secure, but
CMK with ARN: arn:aws:kms:us-west-2:481048248138:key/e08cb6c0-7c09-4f37-8e55-e395a12fe965
is pre-registered for Tri-Secret Secure.

  • 您有一个活动密钥,但尚未注册任何 CMK 以使用 Tri-Secret Secure:

    CMK info has not been pre-registered in this account yet, but
CMK arn:aws:kms:us-west-2:736112632310:key/ceab36e4-f0e5-4b46-9a78-86e8f17a0f59
is activated with Tri-Secret Secure.

  • 您尚未注册任何 CMK 以使用 Tri-Secret Secure:

    CMK info has not been pre-registered in this account yet.

  • 您当前的 CMK 已注册,私有连接 已启用

    CMK with ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
with PrivateLink enabled is activated for Tri-Secret Secure.

  • 您当前的 CMK 已注册,私有连接 未启用

    CMK with ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
is activated for Tri-Secret Secure.

访问控制要求

  • Only users with the ACCOUNTADMIN role or with a role that is granted the MONITOR SECURITY privilege can call this function.

  • Only users with the GLOBALORGADMIN role or ORGADMIN role can specify an SSA account name.

示例

Obtain the status of the CMK for your Snowflake account:

SELECT SYSTEM$GET_CMK_INFO();
Copy

Obtain the status of the CMK for a specific SSA account:

SELECT SYSTEM$GET_CMK_INFO('AUTO_FULFILLMENT_AREA$PUBLIC_AZURE_EASTUS2');
Copy